[Nevermark]

This is that false dichotomy.

You can turn off all protection, as you point out. So who Apple markets Neo's to isn't a factor.

> Apple’s fault if nobody else decided to make their own trust repositories and the only alternative on the market is to have no safeguard at all.

Does Apple provide a means for enabling third party trust systems, without disabling Apple's protections in general? If not, that is a serious problem of Apple's choosing. Nobody (to a first order approximation) want's to dispense with Apple's protection, or re-implement it, but to be able to carve out exceptions for specific classes of software.

[F7F7F7]

Sounds like you should pick something other than MacOS.

[wlesieutre]

Right, all they need to do is convince every end user they’re trying to distribute software to that they’re using the wrong OS and should replace their MacBook with something running Linux. No problem at all.

[dangus]

Or Windows, the OS that is already vastly more popular than macOS.

[dangus]

I decided to get into this subject in my comment before I edited it out because I thought it would be too much of a tangent/ruffle too many feathers.

But, yeah, macOS power users these days seem to spend a lot of time criticizing the OS and the company and never seem to just switch to something else.

Apple is the 4th most popular PC manufacturer on the market. You can use something else. It's not a monopoly, nor a duopoly like with iOS.

I switched to Linux, and I've been beyond shocked at how smooth it's been. It's been better than both Mac and Windows in more ways than I expected. And sure, not perfect, but still.

[theonemind]

I can charitably believe this comment is not disingenuous, however, there are effectively two options, which are Windows and macOS, regardless of three manufacturers making more Windows machines than Apple at number four with Mac. I would call it an effective duopoly

[rmunn]

There are effectively two options if you dismiss Linux a priori.

Which yes, many people do. There are plenty of people who have no desire to try Linux. And if you're a developer then you have to consider those people, because many of the people who use your software are the type with no desire to try Linux.

But there are fewer and fewer reasons not to try Linux, and that group of "I'd never use Linux", while still large, is slowly shrinking. I'd argue that Microsoft is doing more than Apple is to push people into reconsidering Linux (and, often, discovering that it's actually pretty good these days, and that your techie friend whom you call all the time to help you with Windows is actually happy to help you with your Linux questions instead).

But slowly, over time, it's making less and less sense to dismiss Linux a priori.

[maccard]

> But there are fewer and fewer reasons not to try Linux

Does my existing hardware connect to the internet and go to sleep when I close the lid? Does the hardware I can buy from major retailers do the same thing?

I know these are _technically_ vendor problems and not Linux problems, but I’ve got enough things to figure out without adding “what chipset does this high end laptop use” to the mix

[Wowfunhappy]

The problem is that you're buying hardware designed for Windows, putting Linux on it instead, and expecting to have no issues whatsoever. I don't think that's practical.

When you try to run Windows on hardware designed for Linux, you run into similar fiddly problems. Exhibit A, the Steam Deck.

If you want a laptop that the manufacturer explicitly designed to be Linux compatible, the recent Frameworks are worth a look. Or System76.

[dangus]

The answer to your questions are yes. These are generally solved problems.

[dangus]

I’m not sure we can say it’s an effective duopoly when the desktop gaming market has more Linux users than Mac users.

Think about it this way: for every four Mac users there is one Linux user. That sounds quite significant if you ask me, and that’s what the marketshare statistics say.

[Nevermark]

Unfortunately, your tone deaf comment is in an HN cliche.

1) People complain about the imperfections of what they love.

2) Imperfections are highly unlikely to tilt the benefits from one device to another, given there are few device choices, devices have hundreds of other pros/cons, and people accrue years of familiarity and functional investment.

[wpm]

If you can enable a third party trust system you completely open it up for abuse. If I put my threat actor hat on, I love your idea because now I have an alternative codepath to try and exploit (where you do store third-party trusted roots for code-signing/notarization evaluations that cannot be tampered with, how do you load them, verify them, etc), but now instead of having to dance around bypassing Gatekeeper, I can just try and convince the user to install my certificates and voila, my malware behaves like a legitimate app.

Apple's root of trust for the OS and thus anything that passes AMFI/Gatekeeper scans is built into the hardware. There is no safe mechanism for introducing other roots of trust that is worth the effort.

If you don't trust Apple, why the hell are you buying their computers at all?

[saghm]

> If you don't trust Apple, why the hell are you buying their computers at all?

This is the exact same false dichotomy they mentioned; it's perfectly reasonable to have a set of trusted software vendors that includes Apple but also some others, while the only choices that they support are either just Apple or literally anyone in the universe. You're conflating "trusting Apple" with "trusting no one but Apple to make it sound like the opposite of the latter is somehow also contradictory with the former.

Claiming it's "not worth the effort" is a lot easier when you've already muddied the waters like this.

[saagarjha]

> There is no safe mechanism for introducing other roots of trust that is worth the effort.

Gee, if only Apple had a reason for implementing this entire feature for themselves…

[Fnoord]

> If you don't trust Apple, why the hell are you buying their computers at all?

Well, you see, I quit buying Apple hardware. But I did buy this MBP M1 back in the days. It still serves me well, but now there is an insane US president who'd have no shame whatsoever to pressure Apple into pushing nefarious software (or, say, not fix a security bug or two).

Also, another example. I got a second hand iPad Pro for my pre-teen daughter a couple of years ago. It is still on the original battery. Device still works though. It does not get iOS updates anymore though.

Do you see where this is going? Regarding the latter: I should have root on an EOL product.