[kqp]

> what do you actually want?

Give me the ability to choose what I trust. “You can either trust Apple and nobody else, even yourself, or you can trust literally everybody” is obviously not a good faith implementation of this. Apple excels at steering the narrative with false conflation and false dichotomy, I’d also remind you of the came-and-went secure boot debate, which Apple successfully steered into Apple owns the encryption keys vs no encryption, and people just kind of forgot to ask, wait, why can’t I have the keys to my device?

[wolvoleo]

Exactly, Apple is making this a black and white choice on purpose. To make it unattractive to bypass them, and introduce legitimate security concerns if you do so. But those don't have to exist if the options were more fine-grained.

The same with SIP (system integrity protection). You can turn it off but then you have to turn it all off.

There's no way to keep secure boot but bless your own changes and sign them in some way, that you have approved. You know, as the owner and admin of your own computer. It's either leave it to Apple or be completely on your own. And to make the choice even more uncomfortable they also disable some features like running iOS apps.

[dangus]

I think you should read up on how secure boot works with macOS and alternate operating systems before speaking this negatively about the implementation. Apple is already giving you exactly what you’re asking for.

It’s not really even that different than a PC motherboard that gives you “Windows UEFI” and “enroll my own keys” as options.

https://asahilinux.org/docs/platform/security/

As far as code signing, again, what do you want Apple to do here? They already gave you a master switch to turn it off. You are free to turn it off then implement your own third party code signing solution if you’d rather choose who you trust. It’s not Apple’s fault if nobody else decided to make their own trust repositories and the only alternative on the market is to have no safeguard at all.

And let’s not forget who Apple markets their computers to. These features aren’t for you and me, they’re for the non-technical customers who will absolutely get pwned by unsigned code. Go to the MacBook Neo marketing page and try to find a single image of someone writing code or even being gainfully employed.

[Nevermark]

This is that false dichotomy.

You can turn off all protection, as you point out. So who Apple markets Neo's to isn't a factor.

> Apple’s fault if nobody else decided to make their own trust repositories and the only alternative on the market is to have no safeguard at all.

Does Apple provide a means for enabling third party trust systems, without disabling Apple's protections in general? If not, that is a serious problem of Apple's choosing. Nobody (to a first order approximation) want's to dispense with Apple's protection, or re-implement it, but to be able to carve out exceptions for specific classes of software.

[F7F7F7]

Sounds like you should pick something other than MacOS.

[wlesieutre]

Right, all they need to do is convince every end user they’re trying to distribute software to that they’re using the wrong OS and should replace their MacBook with something running Linux. No problem at all.

[dangus]

Or Windows, the OS that is already vastly more popular than macOS.

[dangus]

I decided to get into this subject in my comment before I edited it out because I thought it would be too much of a tangent/ruffle too many feathers.

But, yeah, macOS power users these days seem to spend a lot of time criticizing the OS and the company and never seem to just switch to something else.

Apple is the 4th most popular PC manufacturer on the market. You can use something else. It's not a monopoly, nor a duopoly like with iOS.

I switched to Linux, and I've been beyond shocked at how smooth it's been. It's been better than both Mac and Windows in more ways than I expected. And sure, not perfect, but still.

[theonemind]

I can charitably believe this comment is not disingenuous, however, there are effectively two options, which are Windows and macOS, regardless of three manufacturers making more Windows machines than Apple at number four with Mac. I would call it an effective duopoly

[rmunn]

There are effectively two options if you dismiss Linux a priori.

Which yes, many people do. There are plenty of people who have no desire to try Linux. And if you're a developer then you have to consider those people, because many of the people who use your software are the type with no desire to try Linux.

But there are fewer and fewer reasons not to try Linux, and that group of "I'd never use Linux", while still large, is slowly shrinking. I'd argue that Microsoft is doing more than Apple is to push people into reconsidering Linux (and, often, discovering that it's actually pretty good these days, and that your techie friend whom you call all the time to help you with Windows is actually happy to help you with your Linux questions instead).

But slowly, over time, it's making less and less sense to dismiss Linux a priori.

[dangus]

I’m not sure we can say it’s an effective duopoly when the desktop gaming market has more Linux users than Mac users.

Think about it this way: for every four Mac users there is one Linux user. That sounds quite significant if you ask me, and that’s what the marketshare statistics say.

[Nevermark]

Unfortunately, your tone deaf comment is in an HN cliche.

1) People complain about the imperfections of what they love.

2) Imperfections are highly unlikely to tilt the benefits from one device to another, given there are few device choices, devices have hundreds of other pros/cons, and people accrue years of familiarity and functional investment.

[wpm]

If you can enable a third party trust system you completely open it up for abuse. If I put my threat actor hat on, I love your idea because now I have an alternative codepath to try and exploit (where you do store third-party trusted roots for code-signing/notarization evaluations that cannot be tampered with, how do you load them, verify them, etc), but now instead of having to dance around bypassing Gatekeeper, I can just try and convince the user to install my certificates and voila, my malware behaves like a legitimate app.

Apple's root of trust for the OS and thus anything that passes AMFI/Gatekeeper scans is built into the hardware. There is no safe mechanism for introducing other roots of trust that is worth the effort.

If you don't trust Apple, why the hell are you buying their computers at all?

[saghm]

> If you don't trust Apple, why the hell are you buying their computers at all?

This is the exact same false dichotomy they mentioned; it's perfectly reasonable to have a set of trusted software vendors that includes Apple but also some others, while the only choices that they support are either just Apple or literally anyone in the universe. You're conflating "trusting Apple" with "trusting no one but Apple to make it sound like the opposite of the latter is somehow also contradictory with the former.

Claiming it's "not worth the effort" is a lot easier when you've already muddied the waters like this.

[saagarjha]

> There is no safe mechanism for introducing other roots of trust that is worth the effort.

Gee, if only Apple had a reason for implementing this entire feature for themselves…

[Fnoord]

> If you don't trust Apple, why the hell are you buying their computers at all?

Well, you see, I quit buying Apple hardware. But I did buy this MBP M1 back in the days. It still serves me well, but now there is an insane US president who'd have no shame whatsoever to pressure Apple into pushing nefarious software (or, say, not fix a security bug or two).

Also, another example. I got a second hand iPad Pro for my pre-teen daughter a couple of years ago. It is still on the original battery. Device still works though. It does not get iOS updates anymore though.

Do you see where this is going? Regarding the latter: I should have root on an EOL product.

[Wowfunhappy]

> I’d also remind you of the came-and-went secure boot debate, which Apple successfully steered into Apple owns the encryption keys vs no encryption, and people just kind of forgot to ask, wait, why can’t I have the keys to my device?

The Asahi Linux folks are building their own SecureBoot chain[1].

I guess you could argue they shouldn't have to do that. But it feels reasonable to me that that the party you're trusting should be the one who builds the trust chain.

1: https://asahilinux.org/docs/platform/open-os-interop/#m1n1

[jaredklewis]

I don’t disagree with your post but I’m still unclear on how you envision gatekeeper should work.

You want the ability to choose a different “authorities” that verify and sign binaries? That makes sense to me but is unlikely to relieve any of the issues in the post.

Also what do you mean by “even yourself?” What would that option look like?

[saagarjha]

Right next to where Apple's root CA is, you add your own.

[jaredklewis]

Yea, that makes sense to me. But again, would not address most (any?) of the complaints in this post.

[IsTom]

You could like, just trust a single binary. Have a button right there in the popup that already shows up.

[Barbing]

Maybe “Gatekeeper Light” hidden under advanced settings would satisfy everyday users + the technical crowd

For plenty of users, a button right there in the popup is almost the same as no Gatekeeper for most scenarios, but if we can handle it why not let us

[zarzavat]

Isn't that what right clicking and selecting Open does?

[odo1242]

They disabled the right-click-and-select-open feature; you now have to go to Settings to run the app.

[zarzavat]

Oh, that sucks.

In any case, Gatekeeper is mostly intended to save grandmas who are at risk of downloading random malware from the internet.

If you're a developer who is reasonably aware of how computers work you might as well disable Gatekeeper entirely. You're taking many times more risk every time you use Terminal.

[MrDOS]

Nowadays (as of Sequoia, I think), I find that I need to run `xattr -c Foo.app` to clear the “this was downloaded from the Internet” bit on the application bundle before I can right-click, “Open” it. Used to be that you only needed to do that with .apps extracted from zip archives, but it seems to apply to .apps copied out of disk images (DMGs) now, too.

[ActorNightly]

I want the ability to run any linux distro on my macbook, like I can with any other computer that is not a macbook.

[tuna74]

Macs have enough open firmware to allow you to run any OS that you want. Linux Asahi only supports a certain subset of modern Mac HW, if you want to speed up development you should probably contribute to that project.

[isityettime]

The Asahi team does upstream their work, so eventually this will be possible with the M1 Macs. But it's an uphill battle because it's a reverse engineering effort on undocumented hardware that has a different separation of duties between firmware, hardware, and operating system than other systems that Linux already supports. It's a wonderful project, but if you want timely Linux support, you have to buy from a vendor whose chipset makers more proactively cooperate with Linux kernel developers.

It would be wonderful if Apple shipped the Asahi team a bunch of docs hardware, and commissioned them to complete+productionize support for every single Apple Silicon Mac released up until now plus the upcoming gen. If they did that, maybe in one year support would be great and in two or three years, you coule use any distro you liked and get full support.

But that's not really who Apple is or how they position themselves in the market afaict. This wish is sadly barking up the wrong tree.

[pjmlp]

Easy, don't buy Apple, I don't.

Apple computers that I use are project assignments.