Here's a description of Gatekeeper, from the link Gatekeeper link:

Instead of just asking you for permission to launch an app for the first time, Mountain Lion will check its security settings to see what sorts of apps are allowed to launch. Located in the General tab of the Security & Privacy preference pane is a setting called “Allow applications downloaded from,” with three options:

Anywhere: This choice uses the same set of rules as every previous version of Mac OS X. If an app isn’t known malware and you approve it, it opens.

Mac App Store: When this choice is selected, any apps not downloaded from the Mac App Store will be rejected when you try to launch them.

Mac App Store and identified developers: This is the new default setting in Mountain Lion. In addition to Mac App Store apps, it also allows any third-party apps that have been signed by an identified developer to run.

posted by Brandon Blatcher at 4:18 AM on February 17, 2012

The most intriguing thing, to me, is the last option and if and when it'll appear in iOS. Check out the Daring Fireball link also, where it's subtly hinted that a few things are going to different at Apple, now that Jobs has passed.
posted by Brandon Blatcher at 4:20 AM on February 17, 2012

My natural inclination is to buy into the skepticism of finding ways to encourage people to use the App Store. Of course, I decided the App Store was an affront to all that is good and removed it from the dock and have never thought twice about it. But I'd be curious to what extent the 'average' Mac user is getting their software from the App Store already.

the biggest change to Open and Save dialog boxes in the 28-year history of the Mac.

This makes me cry a little.
posted by hoyland at 4:28 AM on February 17, 2012

Gatekeeper, a security system that will allow users to decide what type of applications can be installed or launched on their personal computers.

Gee Apple, thanks for Gatekeeper! Before this invention I would mindlessly install and launch completely random apps without any discrimination BECAUSE I'M A TOTAL FUCKING MORON.
posted by TheAlarminglySwollenFinger at 4:34 AM on February 17, 2012 [7 favorites]

.
posted by lalochezia at 4:35 AM on February 17, 2012 [8 favorites]

But I'd be curious to what extent the 'average' Mac user is getting their software from the App Store already.

I removed the App Store from the dock as a reflex action. I'd forgotten it existed.
posted by permafrost at 4:37 AM on February 17, 2012 [8 favorites]

When Lion came out, I expressed some worry that Apple was moving towards making OSX itself into a closed, App Store-only system like iOS. Some (well, one) rushed to reassure me that that wouldn't happen. I view this development with rather some concern all the same. It doesn't technically prevent non-App Store software from being installed, but it isn't exactly welcoming to non-licensed developers either, and it could be taken as a step along the road.

Malware is a real problem, but it is best to ensure that cures don't end up being, in the long run, worse than the sickness.
posted by JHarris at 4:38 AM on February 17, 2012 [4 favorites]

In related news: Apple sold more iOS devices in 2011 than all the Macs it sold in 28 years
posted by fairmettle at 4:40 AM on February 17, 2012 [3 favorites]

So I guess Siri will be the killer app for the next OS X version.
posted by reductiondesign at 4:41 AM on February 17, 2012

Gee Apple, thanks for Gatekeeper! Before this invention I would mindlessly install and launch completely random apps without any discrimination BECAUSE I'M A TOTAL FUCKING MORON.

You might be surprised at how many people we all love and consider otherwise very smart people install and launch completely random apps.

This seems like it might be a good thing if they can scale back the scare mongering language in that warning dialogue box.
posted by splatta at 4:47 AM on February 17, 2012 [5 favorites]

Gee Apple, thanks for Gatekeeper! Before this invention I would mindlessly install and launch completely random apps without any discrimination BECAUSE I'M A TOTAL FUCKING MORON.

Now that more and more grandmas, dads and jocks are buying macs, that's EXACTLY what happens.

They gave you a simple and global way around it. Everyone wins.

You are not the target audience for consumer software, get over yourself.
posted by DigDoug at 4:49 AM on February 17, 2012 [50 favorites]

I am a professional developer and I have bought apps from the App Store. Am I crazy?

No. Low-end sing-use apps from the app store are cheaper, directly, simple, and work. The app store has allowed developers to actually sell their apps in enough volume to make a low price point possible. Before there were really only two options for this kind of tool: A freeware or shareware utility, which inevitably no one really buys and doesn't quite work right; or a swiss army knife utility that does tons more than you need, costs $30, and also may not be so easy to use.

The difference is that these previously freeware tools now have access to an income stream, so long as they can maintain a minimum rating in the store. Developers put in the effort in testing and in making the tools simple to use.

Overall, this is a good trend -- so long as the ability to run unsigned code isn't barred, like it is on iOS. However, given the BSD engine of OSX, and how paranoid everyone is about being locked out of their own computers, I seriously doubt this will ever happen.
posted by cotterpin at 4:49 AM on February 17, 2012 [18 favorites]

Gee Apple, thanks for Gatekeeper! Before this invention I would mindlessly install and launch completely random apps without any discrimination BECAUSE I'M A TOTAL FUCKING MORON.

Haha! No. Welcome to 2012, and APT. Custom-crafted trojans, paid for with Chinese or Russian or Iranian or German tax money, all for you. It will look like a real app, say, "Adium." It will function like a real app. It will be completely counterfeit and raid your Address Book and Mail applications, keep an eye out for passwords, and open a back door into the system where someone can peek in remotely anytime they like. You downloaded it from a hostile server, and weren't aware of it, because you clicked a link that looked like a real link to Adium.im in what looked like a very real email from them, or a link on a Mac lifestyle site you found that seemed legit.

While Adium may not (yet) have found their users victims of phishing, or worse, spearphishing... other manufacturers in the very near future will not be so lucky.

The only in-the-wild exploit Mac users are suffering from are trojans. If Apple can nail that door shut, then god bless. Gatekeeper will make users very, very, very aware when they're running code that hasn't been vetted by anyone, and to be insanely paranoid where they download it from.

This is a Good Thing.

The "Blame the User" bullshit of devs and admins no longer flies. Real solutions to the trojan problem need to be found and implemented, and soon.
posted by Slap*Happy at 4:52 AM on February 17, 2012 [38 favorites]

Before this invention I would mindlessly install and launch completely random apps without any discrimination BECAUSE I'M A TOTAL FUCKING MORON.

Dad?
posted by His thoughts were red thoughts at 4:53 AM on February 17, 2012 [30 favorites]

You are not the target audience for consumer software, get over yourself.

Fair points actually. I was hasty. Apple brings out the worst in me.
posted by TheAlarminglySwollenFinger at 4:54 AM on February 17, 2012 [1 favorite]

Gee Apple, thanks for Gatekeeper! Before this invention I would mindlessly install and launch completely random apps without any discrimination BECAUSE I'M A TOTAL FUCKING MORON.

Apple is successful because it designs devices for TOTAL FUCKING MORONS, like me. Apple has always built machines for those who were more interested in what they could do on computers than how computers worked. I'm old enough to remember the 80's and 90's when the MS-DOS geeks hated Apple and when Microsoft-operated computers were such a pain in the ass for 95 percent of the population.

Maybe it is a scam to push people into buying from the app store, or maybe it's just another example of "if it's Apple it must be bad" and MS DOS geeks will never die.
posted by tommyD at 4:55 AM on February 17, 2012 [2 favorites]

Gee Apple, thanks for Gatekeeper! Before this invention I would mindlessly install and launch completely random apps without any discrimination BECAUSE I'M A TOTAL FUCKING MORON.

Why do I have the suspicion you're not the resident "IT Guy" in your extended family...
posted by PenDevil at 5:00 AM on February 17, 2012 [5 favorites]

In hindsight think I could do with a Gatekeeper system for internet discussion posts.
posted by TheAlarminglySwollenFinger at 5:00 AM on February 17, 2012 [6 favorites]

Sincere apologies for shitting on this thread. Lesson learnt.
posted by TheAlarminglySwollenFinger at 5:04 AM on February 17, 2012 [21 favorites]

You weren't shitting on the thread. You didn't say "why should anyone be interested in this/ discuss this?" you said something more like "I disagree with this" which is or should be pretty much always allowed.
posted by a snickering nuthatch at 5:11 AM on February 17, 2012 [8 favorites]

I was about to have fun with the pile-on, being one half of the resident only-children duo responsible for four parents over 60's i-devices but that was just too easy.

My husband and I are Mac People. We long ago decided (and have said out loud, frequently and vehemently), that if any of our parents buy any non-Apple device, they're on their own. After seeing what they've managed to do *with* Apples (clearly our parents are a better class of idiot than the idiot proofing was designed for), and having already served my time in the mall POS software support trenches, HELL NO am I supporting a Dell or whatever. Especially since my mom the tightwad will be completely miserable when the damn thing stops working 17 months from now or the second it's out of warranty.

My husband? He's an IT guy. He had a Google Android phone, and he spent more time on it updating the ROM and just generally having to fuck around to make it work properly that it was a complete bummer.

We both switched to iPhones in November at long last and now he's gotten back into an old passion of his, photography, because the phone makes it easy and fun.

Easy. Fun. (Mostly) idiot proof and about to become more so? Yes PLEASE.

(Now, can someone please tutor my dad on touching his iPad screen?either he is a cold-fingered zombie or he's the only person on earth to lack intuitive iPad touchingness!)
posted by bitter-girl.com at 5:18 AM on February 17, 2012 [4 favorites]

I too would be curious to know if people are actually using the app store on OS X as much as they use it on iOS. Personally, I use it all the time to pick up apps and games on iOS, but they are often mobile apps for websites, so there is no real reason to get them on the Mac.
posted by smackfu at 5:19 AM on February 17, 2012

Gatekeeper strikes me as the best of both worlds, actually. The non tech savvy can use the app store, the hardcore nerds can disable gatekeeper altogether, and the middle road is available for nerds who don't use the app store. That third party developers can get their non app store apps certified for that middle way for free is a good sign. And no doubt a deliberate decision, to avoid further complaints about herding developers into their walled garden. (Presumably there's no code review as on app store apps; they just revoke the cert if a problem comes up?)
posted by ook at 5:19 AM on February 17, 2012 [3 favorites]

> will allow users to decide what type of applications can be installed or launched on their personal computers

WOAH, first the wheel, now this!
posted by Sutekh at 5:21 AM on February 17, 2012 [1 favorite]

I'm in two minds on this; having a central app store that makes good apps easily findable, simple to install - and automatically updated once installed - is actually a good thing for most users. One of the best things about linux is the central repositories so that it makes it much easier to keep everything up to date, a feature that windows sorely lacks. That the default option still allows developers to distribute their apps directly as long as they've signed up to the developer program does give an out to get software via websites/payment methods directly isn't that bad, and does theoretically reduce the odds that someone will install a random trojan masquerading as something else.

I do actually have a few free apps loaded via the app store on my macs so I don't have to update them manually. As said, I'm sure it gives smaller 3rd parties a visibility and revenue stream they'd never have if it wasn't for the app store.


On the other hand, I trust apple very little on this front. the iOS store is the only way onto that platform, and I'm deeply suspicious of that encroachment onto OSX. It seems targeted very much at developers - pay up for the developer program to get a signed key, or we'll put really nasty warnings up when people try to install your software. For an open-source dev, that $99 barrier is actually quite a big out of pocket expense if you code for the love of it, not income. It's also a slippery slope to encouraging devs to also use the app store and give apple their 30% cut of revenue; if users become accustomed to only looking in the app store for apps, then you're at an active disadvantage by being outside it. Which would give apple an alarming amount of control over 3rd party devs. One of the things I like least about the iOS store is the delays it puts on devs releasing updates as they're no longer in control of the distribution channel; I really don't like the idea of that closed eco-system becoming a defacto standard on what has been a pretty open platform.
posted by ArkhanJG at 5:22 AM on February 17, 2012 [5 favorites]

I believe Microsoft will go down a very similar route with Windows 8.
posted by GallonOfAlan at 5:23 AM on February 17, 2012

I've used the Mac App Store for a few bits and bobs. Little utilities, etc. As well as some bigger things. I still don't like the fact that there's no trial period of maybe 24 hours to say, "no, that sucks, revoke my license and give me my dough"; that's kept me from buying more apps than any thing else by a long shot. I know my money's good, you should have to prove your app is good BEFORE I give you my money or at least make returning it as easy as buying it.
posted by seanmpuckett at 5:24 AM on February 17, 2012 [14 favorites]

I agree with Slap*Happy on the overall risk. I also sympathize with the folks that are saying that building a moat around the consumer for their own good is false security, or at least not complete security.

I've been a Mac fanboy since '87 or so. When OSX came out I instantly forgot what it was like not to have a Unix variant on my lap. I'd hate to go into an all iOS universe, but I did thrive in System 7 for quite a while. If Apple does go all iOS, I doubt I'd switch - I'd probably just follow Gatekeeper, install a text editor and ssh client, and rely on Linux a little more than I do now, which is totally for any computer not in my pocket or on my lap.
posted by drowsy at 5:25 AM on February 17, 2012

I disagree with Apple on principal and I'm too cool to ever walk in the walled garden/have a reputation to maintain (I'm a white person in New York City if I use a Mac I would be a 'hipster') but after my initial knee-jerk reaction (ow! it hurts when I bend my knee!) I've realized this isn't so bad. It is, of course, heading down that slippery slope toward destroying freedom and what have you, but even Linux has a system like this when selecting repositories. It reminds me of when I set up an Xubuntu box for a family living in the projects with no computer knowledge. One evening they called me up and said "I can't install this program! I was going to a website and a page popped up that said I needed to install this ____.exe but it doesn't work. It looked like an official window!" Well don't download that, I said, that's a virus, or malware, or what have you. Good thing the OS didn't just run that program. So, I can't be upset over a good idea, for now. Obviously I hate where Apple is going in the long term.

if any of our parents buy any non-Apple device, they're on their own.

I know you don't mean this, but I'm imagining a Portlandia (or what have you) sketch where children cut off communication with their parents because their parents got an Android instead of an iPhone and they were Mac people. "Mom, Dad, I'm sorry, but I can't talk to you ever again... I just... [sobbing] hate what you've become!!!"
posted by fuq at 5:26 AM on February 17, 2012 [1 favorite]

On the other hand, I trust apple very little on this front. the iOS store is the only way onto that platform, and I'm deeply suspicious of that encroachment onto OSX. It seems targeted very much at developers - pay up for the developer program to get a signed key, or we'll put really nasty warnings up when people try to install your software.

As I understand it, Apple Developer IDs are separate from the $99 buy-in to iOS development and free. (Certainly I've had a Developer ID since high school, long before iOS.) This matches the impression I got from the Daring Fireball link.

I started this comment ready to point out that the fact OS X is sitting on a unix kernel presumably means it's not in Apple's interest to barricade development entirely. But then I remembered that those of us who take advantage of that fact probably are only a drop in the bucket.
posted by hoyland at 5:30 AM on February 17, 2012 [1 favorite]

Custom-crafted trojans, paid for with Chinese or Russian or Iranian or German tax money, all for you

Wow, paranoid, much? Do you really think the Iranians have a program of cyber-terrorism going on? And what have you got against Germany? That seems like an odd addition to the usual roll-call of convenient enemies.
posted by iotic at 5:35 AM on February 17, 2012

The screenshot that was linked in the deleted post is interesting.

It seems a little over-the-top for something that would show for every non-app-store app today. "You should move it to the Trash." Does Apple think every app is going to be updated in time for Mountain Lion? There's no override button, so won't people just go find the setting and turn it off so they can run the legit app they downloaded ... and now they won't be protected?
posted by smackfu at 5:36 AM on February 17, 2012

As I understand it, Apple Developer IDs are separate from the $99 buy-in to iOS development and free. (Certainly I've had a Developer ID since high school, long before iOS.) This matches the impression I got from the Daring Fireball link.

To make this effective security, wouldn't it need to be difficult to sign up for multiple Apple Developer IDs? Otherwise you could just sign different batches of your malware with different IDs, and Apple would have to play wack-a-mole.
posted by smackfu at 5:39 AM on February 17, 2012 [2 favorites]

On a somewhat unrelated note; is there anything much in mountain lion for someone who doesn't also have iOS devices? I'm perfectly happy with my android devices, so have no interest in more icloud or imessage; skype works just fine given most people I know are on windows. iMessage, Reminders, Notes, Notification Center, Twitter integration, Game Center, and AirPlay Mirroring.

The notes thing is more of the cute 'make it look like a real thing' with ripped paper like the calendar (I'm sticking with my cross-patform evernote, thanks) and I couldn't care less about twitter integration.

Lion was a pretty big improvement for me - I'd tried to like leopard, and snow leopard, but never really got on with them; but lion plus magicpad was the first OSX I actually rather liked, finder excepted. Obviously, I still use multi OSes for different purposes, but I'm currently using Lion as my primary at home and work. But I'm struggling to find anything in the dev preview that actually seems worth it given I'm not also an iOS user. Anybody spot something good I've missed?
posted by ArkhanJG at 5:39 AM on February 17, 2012

The screenshot that was linked in the deleted post is interesting.

It seems a little over-the-top for something that would show for every non-app-store app today. "You should move it to the Trash." Does Apple think every app is going to be updated in time for Mountain Lion? There's no override button, so won't people just go find the setting and turn it off so they can run the legit app they downloaded ... and now they won't be protected?

My main question was: what does the "Cancel" in that dialog do?
posted by kmz at 5:40 AM on February 17, 2012

Wow, paranoid, much? Do you really think the Iranians have a program of cyber-terrorism going on? And what have you got against Germany? That seems like an odd addition to the usual roll-call of convenient enemies.

Commercial espionage is a real thing. Governments really do devote significant resources to it, even if they're not part of the Axis of Convenient Enemies.
posted by Zonker at 5:40 AM on February 17, 2012 [3 favorites]

Do you really think the Iranians have a program of cyber-terrorism going on?

Yes. Tho not terrorism as much as intelligence gathering and the occasional bit of cyberwarfare tit-for-tat.

And what have you got against Germany?

Nothing, but I'm not an Iranian nuclear engineer.
posted by Slap*Happy at 5:41 AM on February 17, 2012 [4 favorites]

I too would be curious to know if people are actually using the app store on OS X as much as they use it on iOS.

Slowly starting to do so, yes. It's neat and simple with finding Apps, installing them and keeping them update. Seems like the way it should've been years ago.

My main question was: what does the "Cancel" in that dialog do?

Probably launches the application.
posted by Brandon Blatcher at 5:44 AM on February 17, 2012

There are a number of unresolved questions about iCloud for me. For a start, iCloud isn't a file system that you can browse like you can using the Finder. Documents belong to apps, and apps can't see documents they don't own. Pages owns .pages documents. But which app owns a PDF or JPEG? Sometimes I want to open JPEGs in Preview, sometimes in Photoshop, sometimes in other apps.

Secondly, making the cloud version of a document authoritative is fine for dinky little text files and the like, but I typically work on images 500mb-2Gb in size and on video projects which are in the hundreds of gigabytes. Clearly there now has to be some granularity about what goes to the cloud and what doesn't.

Even with smaller documents, the new 'saveless' model that Apple uses for its apps means that every change you make to a (say) Pages document is written to the file. So, for example, if you're editing a Pages document which resides in Dropbox, Dropbox has to continually refresh the remote file because the changes are being written with every keystroke. Imagine that you have a 100 Mb Pages document with a bunch of images etc. Now you can see the amount of network traffic that could generate. Of course there are ways around this by using diffs but I've seen no evidence that Apple is using anything like this.
posted by unSane at 5:44 AM on February 17, 2012

I too would be curious to know if people are actually using the app store on OS X as much as they use it on iOS.

I have several friends that uses the App Store as their only source for apps and (before I showed a few of them Quicksilver) used Launchpad to Launch their apps. LAUNCHPAD for chrissakes.
posted by azarbayejani at 5:46 AM on February 17, 2012 [1 favorite]

My main question was: what does the "Cancel" in that dialog do?

Probably launches the application.

That would be a huge design flaw. The correct behaviour is for 'Cancel' to abort the launch, then you go into your sandbox preferences and change what kinds of apps are allowed to run (assuming you're an administrator). The dialog should indicate that as a possible course of action instead of telling you to bin the file.
posted by unSane at 5:46 AM on February 17, 2012

As I understand it, Apple Developer IDs are separate from the $99 buy-in to iOS development and free. (Certainly I've had a Developer ID since high school, long before iOS.) This matches the impression I got from the Daring Fireball link.

Cheers for that hoyland, that does quite a difference with regards open-source devs (of which I have several apps on OSX). Just looked, and yup, dev signup is free, though you still need to pay up the $99 yearly to distribute via the mac app store. I wonder if signing keys will be free if you're not a mac or ios store dev (looks like separate programs, too on here)
posted by ArkhanJG at 5:49 AM on February 17, 2012

Question, re: gatekeeper... If I download a cracked app, will it still have a gatekeeper signature?

Strictly hypothetically, of course.
posted by empath at 5:49 AM on February 17, 2012

It's tricky, because quite a few people will want to override the setting, since every app out there today is going to prompt this dialog if it's not updated in the next few months. But you don't want to make it too easy to override the setting, and you also don't want people to just turn it off and lose all the security. I don't really see Apple solving the problem in that dialog, to be honest.
posted by smackfu at 5:49 AM on February 17, 2012 [1 favorite]

That third party developers can get their non app store apps certified for that middle way for free is a good sign. And no doubt a deliberate decision, to avoid further complaints about herding developers into their walled garden.


Not herding -- they're too clever for that -- but perhaps gradually stigmatising developers into a walled garden. Any piece of software that doesn't meet Apple's criteria will be cheerily suggested by the OS as something to send to the Trash bin, effectively (as that Gizmodo piece states).

The security implications are positive. It's a good thing for grandpa who doesn't know about online safety so much. That's the dastardly genius of it.

I'm glad Apple aren't in healthcare.
posted by TheAlarminglySwollenFinger at 5:51 AM on February 17, 2012

Of course there are ways around this by using diffs but I've seen no evidence that Apple is using anything like this.

I imagine it'll do timed backups to the cloud, and use local storage for key-stroke by key-stroke changes.
posted by empath at 5:51 AM on February 17, 2012

One of the most annoying things about iOS is that one is relentlessly nickle-and-dimed for even the simplest tools, and it really looks like OSX is going that way as well. As I understand it, you even have to get the basic code compilation and development package (xcode) from the app store now. It makes working with the platforms incredibly annoying for me - I could either go track down my boss, explain why we need a couple of pieces of picayune software for whatever job I have to do, get the pcard, set up a itunes account for the lab, etc. Or I could just use Windows with its massive freeware libraries, or Linux with its many high-quality open-source tools, and not have to deal with that bullshit.

It's even worse with my phone. I simply do not want to experience the byzantine hell that would be trying to figure out how to get the university to pay for, say, a SSH client so I can monitor servers remotely. I mean, sure, it's $5 or whatever, but it's MY $5, and I hate using my own money for work stuff. But it's either that or joust the bureaucracy... at the end of it all I tend to just always find myself deciding it's more trouble than it's worth and not doing whatever it was I thought I was doing.
posted by Mitrovarr at 5:51 AM on February 17, 2012 [6 favorites]

GUYS how SHOCKING that people aren't still using the COMMAND-LINE INTERFACE for FILE MANAGEMENT and KEYBOARD SHORTCUTS for EVERY IMAGINABLE THING

This is seriously such a best-of-both-worlds situation that it's insane. It allows power users the right to drive without a seat belt, but for normal people it's set by default to basically allow retroactive revoking of turned-out-to-be-malware apps' certificates. It's not like Apple's charging anything for the certificates or anything that would prevent anyone at all who writes Mac OS software from using them trivially.

And given that Apple's the only computer company whose actual computer-computer business has been growing at all for like the last few years, it seems like at least attempted malware is just a matter of time. Good on them for heading it off intelligently.
posted by DoctorFedora at 5:53 AM on February 17, 2012 [9 favorites]

There are free versions of most of the basic networking tools for ios, so I don't know what you're talking about.
posted by empath at 5:54 AM on February 17, 2012

Seriously, SwollenFinger, read the article, or at least talk to someone who's actually read the thing. You're jumping beyond conclusions and into Black Helicopters with Time Cubes territory.
posted by DoctorFedora at 5:54 AM on February 17, 2012

It just seems like "Cancel" would either duplicate the other button's functionality (abort launch) or cause completely unexpected behavior (override the security setting and launch the program anyway). Modern UX principles generally eschew generic buttons like "Cancel" (or "OK", etc), and this seems like a particularly egregious example.
posted by kmz at 5:54 AM on February 17, 2012

One of the most annoying things about iOS is that one is relentlessly nickle-and-dimed for even the simplest tools, and it really looks like OSX is going that way as well.

Eh, OS X has always had tons of shareware / pay software for stuff that would be free on other platforms.
posted by smackfu at 5:55 AM on February 17, 2012 [3 favorites]

you even have to get the basic code compilation and development package (xcode) from the app store now

You can get earlier versions of XCode on everyone's favorite torrent site. Also, I'm pretty sure that you can run gcc from the command line. I know gcc isn't a development environment in itself, but it seems to me that you could do development without XCode if you really wanted to.
posted by gauche at 5:55 AM on February 17, 2012

if any of our parents buy any non-Apple device, they're on their own.

That's nothing! In Canada if our parents get non-Apple computers we set them adrift on ice flows.
posted by mazola at 5:57 AM on February 17, 2012 [4 favorites]

XCode is still free in the app store, though, isn't it?
posted by empath at 5:58 AM on February 17, 2012 [2 favorites]

but empath, won't SOMEBODY think of the OUTRAGE
posted by DoctorFedora at 5:58 AM on February 17, 2012 [4 favorites]

To make this effective security, wouldn't it need to be difficult to sign up for multiple Apple Developer IDs? Otherwise you could just sign different batches of your malware with different IDs, and Apple would have to play wack-a-mole.

I would imagine you can't just sign up for an ID willy-nilly with a gmail account. Maybe some kind of verification tied to your phone number or physical address?
posted by kmz at 6:00 AM on February 17, 2012

I'm glad Apple aren't in healthcare.

What might have been:

Steve Jobs, staring down death, had just received a new liver. He lay in a Memphis hospital bed in 2009, floating in and out of consciousness, but he was alert enough — and acting like Steve Jobs, authoritarian design sage — that he pronounced an oxygen mask totally unacceptable. He disapproved of the design.

posted by mazola at 6:01 AM on February 17, 2012 [1 favorite]

kmz: "To make this effective security, wouldn't it need to be difficult to sign up for multiple Apple Developer IDs? Otherwise you could just sign different batches of your malware with different IDs, and Apple would have to play wack-a-mole.

I would imagine you can't just sign up for an ID willy-nilly with a gmail account. Maybe some kind of verification tied to your phone number or physical address"

Or, presumably, it's linked to an Apple ID?
posted by DoctorFedora at 6:09 AM on February 17, 2012

Question, re: gatekeeper... If I download a cracked app, will it still have a gatekeeper signature?

A good question! The answer is no.

(Well, sort of. It depends on how solid Apple's signature process is, and how secure Gatekeeper itself is. Apple can't sit back and rest easy, they have to keep right on top of any bugs or inconsistencies in process.)
posted by Slap*Happy at 6:11 AM on February 17, 2012

It seems targeted very much at developers - pay up for the developer program to get a signed key, or we'll put really nasty warnings up when people try to install your software.

Actually, that's not the way it's going to work, from what I've read. From Gruber's writeup: "It’s a system whereby developers can sign up for free-of-charge Apple developer IDs which they can then use to cryptographically sign their applications."

The middle option -- signed apps -- really does appear to be about protecting users from malware rather than squeezing out more profits from Apple. Developer Wil Shipley, who wrote Delicious Library and a number of other nice apps, actually outlined a system much like this one as what he wanted to see a year or so ago as an alternative to hyper-agressive app sandboxing, which can easily interfere with legitimate applications.
posted by verb at 6:11 AM on February 17, 2012

Question, re: gatekeeper... If I download a cracked app, will it still have a gatekeeper signature?

Strictly hypothetically, of course.

Seems like you're going to have to turn off gatekeeper either way. If it's a keygen that works with otherwise legit copies of the software, you'll have to turn gatekeeper at least temporarily off to run that; if the app itself is modified (cracked) you're going to have to turn gatekeeper off permanently in order to run it, as changing the app will mean the signature no longer matches the code. Unless the cracker signs the new version with their own dev key, which seems unlikely!
posted by ArkhanJG at 6:13 AM on February 17, 2012

you even have to get the basic code compilation and development package (xcode) from the app store now

Also, that's no longer true. XCode is still available as a basic disk image download, and they've even heard the cries of nerds and released an officially-supported command-line-tools-only package with gcc, make, and other niceties but no OSX-specific IDE.
posted by verb at 6:14 AM on February 17, 2012 [2 favorites]

I can see this having ramifications in the Entrprise environment. IT Weenies like to lock things down, so their knee-jerk reaction would be maximum security. Now anyone developing an app or testing apps in their environment would have to have an exception. This is usually a no brainer, but now the developer will have to have an Apple authorized certificate. Oh the complications. BTW This is some serious shit. Most IT departments don't know what to do with Macs as they stand.
posted by Gungho at 6:18 AM on February 17, 2012

Mac App Store and identified developers:

This is actually the setting that worries me the most. The question I have is this: will I have control over the keys? Can I add a new key to the root store, and sign my own executables, even ones that run as root? Can I add other people's keys as well, trusting them to write code for my computer?

If I can, then Gatekeeper will be a powerful security feature, a wonderful tool. If I can't, then Gatekeeper is already partially a weapon against me, not in my favor -- it's a big step toward Trusted Computing, which is where content companies can trust my computer, not me.

And Apple would then be one step away from removing the 'Any' radio button, and thus removing my ownership of the machine. I then have all the downsides of ownership, like risk of loss or damage, with all the downsides of a rental. "Mother, may I?" And at that point, they could impose any arbitrary restriction they wanted, like "no competitors for iTunes" or "no interpreters", as they already do on the Phone.

So it could be a great feature, or it could be another huge shell in the War on General Purpose Computing. Given Apple's history in this area, I am not sanguine that this is benign.
posted by Malor at 6:20 AM on February 17, 2012 [17 favorites]

I would imagine you can't just sign up for an ID willy-nilly with a gmail account. Maybe some kind of verification tied to your phone number or physical address?

Real bad guys aren't going to have any trouble getting additional developer accounts.
posted by smackfu at 6:24 AM on February 17, 2012

If I can, then Gatekeeper will be a powerful security feature, a wonderful tool.

You can just disable Gatekeeper to run your own code.
posted by empath at 6:25 AM on February 17, 2012

Signing software is not new, Linux repositories depend on it. I don't have issue with what Apple is doing, because my Ubuntu desktop and servers have done it for years. If they had blocked you from installing unsigned software at all, then there would be more outcry I think. Now yes, please do the same thing on IOS so I can install apps that are otherwise only available via jailbreak.

If I download a cracked app, will it still have a gatekeeper signature?

No, but you can shut-off Gatekeeper for your cracked app. Even more important though is the inevitable price lowering through spreading out purchases to a larger base. IOS Apps don't cost near what my Nintendo DS games cost. Steam has also pushed prices down through its signed and easy delivery. Cost and thus adaptation is reduced through convenience. Something the idiots over at MPAA/RIAA need to learn.
posted by pashdown at 6:26 AM on February 17, 2012

There aren't many scenarios in which I foresee this providing additional security, bad guys get their code signed trivially, good guys get chased off, etc. Witness :

Unauthorized iPhone/iPad apps leak private data less often (4%) than Apple approved ones (21%)
posted by jeffburdges at 6:28 AM on February 17, 2012 [1 favorite]

Right, but it would be much better if I could use Gatekeeper to verify that my code is really mine, and hasn't been hijacked by any outside entity. That would be an awesome feature, in fact, better than any other shipping OS.

Trusted Computing can be a powerful security tool if I have control of the keys. If I don't, it is almost purely a weapon against me.
posted by Malor at 6:28 AM on February 17, 2012

Malor, there's nothing preventing any closed-source company from removing that option. Intel even tried to remove it at the hardware level years back, if you remember. At the end of the day if you're paranoid about that kind of stuff, you should run Free Software, because anything that you can't recompile yourself is on the slippery slope.
posted by verb at 6:29 AM on February 17, 2012

The car won't start unless you wear a seatbelt. Or the car will alert you if you're not wearing a seatbelt. Or the car doesn't give a shit about seatbelt use. Whatever you want. People are pissed off about now having the choice of cars that say, "hey, maybe you should rethink that?" with a check box "GO-ON FACK ORFF I KNOW WHAT IM DOAIN." Sheesh. Down a slippery slope into not having the only platform with expanding market share turn into a shit-tastic pile on of malware HEY YEAH ROCK THAT. GO APPLE WOOT.
posted by seanmpuckett at 6:33 AM on February 17, 2012 [1 favorite]

Goddamm, did you guys take a knock to the head today or something?

What I'm saying is this: it could be A GREAT SECURITY TOOL if it's done right, if I have control over the keys.

What is up with reading comprehension today?
posted by Malor at 6:35 AM on February 17, 2012

What I'm saying is this: it could be A GREAT SECURITY TOOL if it's done right, if I have control over the keys.

No, I'm just saying that if you have control of the keys, they can take that away with the next rev of the OS just as easily as they can take away the 'Any' button.
posted by verb at 6:36 AM on February 17, 2012

To the people asking: yes, Xcode is still free on the App Store. I just finished installing the latest version. (It also now installs directly rather than downloading an installer and then running that, which is handy.)

Trusted Computing can be a powerful security tool if I have control of the keys. If I don't, it is almost purely a weapon against me.

You DO have control of the keys though, right? I know people are saying that Apple could take away that control, but for now it doesn't look like they're going to. (And to be honest, I can't imagine them ever doing that. They clearly want to make their iOS/Mac stuff converge, which is a smart move, but I don't think they're quite naive enough to think that people want an iOS laptop.)
posted by anaximander at 6:38 AM on February 17, 2012

As this site points out, Gatekeeper is a direct assault on Steam for the Mac.
posted by Malor at 6:51 AM on February 17, 2012

Presumably steam game devs could push an update that includes a dev signing key for their game, same as any other 3rd party dev? Valve will presumably also do the same for steam itself. Pain in the arse for them, but then it's going to be for every 3rd party dev that isn't already using the mac app store.
posted by ArkhanJG at 6:54 AM on February 17, 2012

sorry, dev signed certificate.
posted by ArkhanJG at 6:54 AM on February 17, 2012

I have two concerns with this:

1. I really, really don't like the idea that Apple wants to control whether or not software I write can, by default, run on the majority of computers. These fears may abate if Apple outlines its governance practices around issuing signing keys, as well as the circumstances that it considers sufficient to merit revocation. True ownership over the keystore, as alluded to by Malor, would also be relieving.
2. Apple is artificially erecting barriers around fundamental APIs, and creating a gulf between applications delivered through the Mac App Store, and signed apps installed through traditional means. Only applications installed through the Mac App Store can make use of Notification Center or iCloud.

I understand that this is a huge boon for the majority of Apple's users, but I can't get past the fact that I, fundamentally, do not trust Apple. Walling off iCloud may be excusable to avoid "exploitation" of Apple-hosted services, but Notification Center? If only Apple didn't have a profit motive to move everything it can to the App Store...
posted by SemiSophos at 6:57 AM on February 17, 2012 [9 favorites]

As this site points out, Gatekeeper is a direct assault on Steam for the Mac.

I'd like to hear Steam's point of view on that rather than Seth Tipps @ develop-online.net. There is no indication that Steam or any other developer won't be able to sign software on their own. They just need to get an authorized key from Apple.
posted by pashdown at 7:00 AM on February 17, 2012 [2 favorites]

It's also not clear that Steam software counts as downloaded software. OS X tags stuff as being downloaded from the internet, and I think that is what triggers this new feature.
posted by smackfu at 7:02 AM on February 17, 2012 [1 favorite]

So, um, with these pop-ups are they not going out of their way to replicate Vista's least popular feature?
posted by Artw at 7:04 AM on February 17, 2012 [2 favorites]

I have several friends that uses the App Store as their only source for apps and (before I showed a few of them Quicksilver) used Launchpad to Launch their apps.

Just as an aside azarbayejani, I don't know when Quicksilver was last rev'd but you might want to check out Alfred (in the app store, I'm afraid). I was a huge fan of Quicksilver but it eventually seemed to be abandon-ware and Alfred has picked up the gauntlet. Check it out -- it's free unless you want the fancy bits.
posted by The Bellman at 7:14 AM on February 17, 2012

RE: the Cancel/Trash buttons in that warning dialog -- this is a dev preview. Log into your Apple Developer accounts and give 'em your two cents. That is bad UI, and should change before the general release, and they'll probably respond to a groundswell, if there is one. Speak up.
posted by Devils Rancher at 7:17 AM on February 17, 2012 [1 favorite]

Didn't take long for the "grandma" and the "if someone gets a non-Mac I'm not helping" arguments to come out.

Just as anecdotally as those examples, I have the opposite experience. Whenever I have clients or friends who are Mac users I spend way more time setting up their email for them (again and again), setting up filters in their email programs, installing software for them (Dropbox is apparently especially confusing to install) and generally fighting the attitude that they shouldn't have to learn how to use applications, they should just work and be easy the way they want them to be. What astounds me most is some of the professionals who have been using Photoshop and Illustrator for years. They often lack some very sound fundamentals. When I explained that I added a corporate pantone colour to the palette they didn't even know that you could do that and had no idea where the colour would show up. And keyboard shortcuts are often regarded as the way Hitler would do things.

I had to teach both my sister and my father how to get free eBooks into iTunes on their Macs and then onto their iPads. Why? Because I know computers apparently... I'd love to meet the grandmas people are talking about who know all these things. I had to inform all of them that there was new version of the OS and how to install it. I still can't solve the problem one Mac has where the keyboard works in games but in nothing else.

Now this is not true of everyone of course, just as it's not true that all grandmas need protection, all Windows users are the same and getting viruses and have problems, etc. It's just that I've come to expect that where the Mac is involved, I'll become a little more involved as well in solving their problems. But it's a small group and I understand that just like every other diverse group of people, this is not the absolute norm.

Thankfully a business partner I work with who is all things must be Mac is not at all like this.

Apple hasn't released what Mountain Lion will run on yet but a developer is claiming:

iMac (mid 2007 or later)
MacBook (13-inch Aluminum, 2008), (13-inch, Early 2009 or later)
MacBook Pro (13-inch, Mid-2009 or later), (15-inch, 2.4/2.2 GHz), (17-inch, Late 2007 or later)
MacBook Air (Late 2008 or later)
Mac Mini (Early 2009 or later)
Mac Pro (Early 2008 or later)
Xserve (Early 2009)

Will run. Anything Mac models before that will not.

Source.

I think such things are inevitable and don't mind that though. It happens in all kinds of markets where older hardware is not suitable for newer software.
posted by juiceCake at 7:20 AM on February 17, 2012

The Bellman, Quicksilver was abandonware, but it got open-sourced and is now being updated again as freeware. I haven't downloaded it in a while, but it looks like it's back on track, to some extent.
posted by Devils Rancher at 7:23 AM on February 17, 2012

Also relevant to this discussion: Our decision to abandon the Mac App Store, in which the makers of a Git/Mercurial client give up trying to work in the app store. App Store apps have to abide by a very restrictive sandbox and they feel it's not possible for their tool to work the way Apple demands apps work in the App Store. This jibes with my experience with the Mac App Store; about half the apps I've wanted to buy there have been crippled versions compared to the real thing from the developer.

The "signature required" middle setting that's the default in Gatekeeper looks interesting and useful to me. It depends entirely on how Apple administers the program; as long as the only purpose of the signatures is to be able to shut down malware, it's OK. But Apple can't be entirely trusted not to use these controls for business purposes, as the history of the iPhone app store and debacles like Google Voice show.
posted by Nelson at 7:24 AM on February 17, 2012 [3 favorites]

Oh and Alfred is an absolutely fantastic replacement for Quicksilver, plus it does a whole lot more. The free version is fine but the Powerpack (for €20) adds a lot of nice capabilities.

Alfred is a great example of why the Mac app store is confusing. You can get the free app from Alfred, or you can get it from the app store. If you want the Powerpack version you have to get it direct from Alfred, though, because it does a bunch of things the sandbox won't allow. They counsel the user

Just remember, the Mac App Store is one of many ways to buy software for your Mac, and the sandbox restrictions only affect software sold / bought through the Mac App Store. Your freedom as a consumer still remains!

Which is all reassuring as long as the non-app store channel exists.
posted by Nelson at 7:27 AM on February 17, 2012

Sandboxes and silos seem to be a consistent theme with Apple; from the secrecy between groups at Apple, even those working on the same product; to current and upcoming App Store restrictions on apps; to product design emphasizing single users and not allowing for shared use (shared use of iPads to check different emails must be fun).
posted by ZeusHumms at 7:36 AM on February 17, 2012

So, um, with these pop-ups are they not going out of their way to replicate Vista's least popular feature?

Apple has had popups warning you about downloading stuff from the internet for a long time, and you've also had to type in your password to install most apps.
posted by empath at 7:37 AM on February 17, 2012

Didn't take long for the "grandma" and the "if someone gets a non-Mac I'm not helping" arguments to come out.

"Grandma" is of course a cliche, but I don't think it's unreasonable to place restrictions on your free help. One could just as reasonably say "if someone is running anything other than Windows 7, and if they turn off the built in malware protection, I'm not helping"

For some reason people seem to think that if you enjoy something and are adept at it (computers, art, music, whatever) that you must want to do it all the time for free.
posted by device55 at 7:38 AM on February 17, 2012

On a somewhat unrelated note; is there anything much in mountain lion for someone who doesn't also have iOS devices?
posted by ArkhanJG at 7:39 on February 17

Don't know, but Apple's new modus operandi is make killer iOS devices, then market the Macs to iDevice owners.
posted by ZeusHumms at 7:40 AM on February 17, 2012

Apple sold more IOS devices in 2011 then they have sold Macs in the past 28 years.
posted by empath at 7:43 AM on February 17, 2012

Or, presumably, it's linked to an Apple ID?

Which is pretty easily obtainable with just a valid email, no?
posted by kmz at 7:47 AM on February 17, 2012

Which is the only reason they might not take the step of removing the "off" switch on Gatekeeper - the Mac app store is too small to bother with.
posted by Holy Zarquon's Singing Fish at 7:47 AM on February 17, 2012

A whole OS update for a improved app store interface and a new chat client ? And they still use that POS HFS+ ?

And this is an update that excludes macs as young as 2009 ?

I guess I don't get it.
posted by Pogo_Fuzzybutt at 7:51 AM on February 17, 2012 [2 favorites]

The "signature required" middle setting that's the default in Gatekeeper looks interesting and useful to me. It depends entirely on how Apple administers the program; as long as the only purpose of the signatures is to be able to shut down malware, it's OK. But Apple can't be entirely trusted not to use these controls for business purposes, as the history of the iPhone app store and debacles like Google Voice show.

As best as I can tell, the only requirement for the signature stuff boils down to "Have an Apple Developer account," which is free and already required to download their SDKs. It's about as much of a hassle as signing up for a Microsoft ID before you can download their tools, or signing up for an account on any web site. The apparent goal of Gatekeeper is not to prevent people from getting accounts if they are likely to do bad things. Preventative filtering is pretty much what the 'App Store review' process is supposed to accomplish.

The signed code thing is basically a installation killswitch for malware. Anyone whose system is in the middle-ground of 'Only run signed stuff' can still be bitten by signed malware. Anyone who has already installed and run signed malware will also still have it installed and running. But Gatekeeper allows Apple to instantly "recategorize" software, moving it from "Signed" to "Unsigned," at will. That doesn't give them the ability to retroactively disable apps that are already in place and running on peoples' machines, but it does give them the ability to kick off 'Hey, this isn't signed software!' warnings when a user who has left their machine in its default state first runs a piece of software whose signature has been revoked.

This whole "I don't trust Apple" thing, honestly, strikes me as missing the point. I don't implicitly trust anyone. Not Google, not Apple, not Facebook, not Instapaper's Marco Ament, not Linus Torvalds, not Jane Silber, not Richard Stallman. None of them have demonstrated they they have my best interests in mind. They all have demonstrated different specific, isolated areas that they can be trusted to do good work on, but that's different than trusting them to not screw me over in some fashion by pursuing their ideals/business interests with a ridiculous monofocus.

Gatekeeper, by all descriptions, is an attempt to provide a middle path between the locked-down world of App Stores and the wild west of "Here's an executable, run it and hope it isn't siphoning all your .xls files to a server in Romania." If Apple abuses Gatekeeper to killswitch competing products, developers will revolt. Apple was able to implement full lockdown on its iOS platform, because it was offering access to a new and previously inaccessible platform. Locking down a previously open platform is definitely not as easy, at least not without burning your existing userbase and software ecosystem to the ground.

I don't trust apple to keep OSX open out of the goodness of their hearts, but I trust them to not be quite that stupid.
posted by verb at 7:56 AM on February 17, 2012 [4 favorites]

I hope you're right, verb.

The technical implementation of signature checking will be a challenge for Apple. Running an app the first time apparently will do an online check of the certificate. But then they need revocation, too, and revocation that works offline and with hostile code running on the target machine. The history of SSL revocation doesn't give me a lot of hope that anyone can build a revocation mechanism that actually works.
posted by Nelson at 8:02 AM on February 17, 2012

I've got a stereotypical grandma (well, grandpa in my case). I would love to move him to a Mac. The problem is he actually has used windows for ages and ages, and i think that at almost 80 the switch to a mac would be confusing and frustrating for him. I wish I had gotten to him 10 years ago.

A switch to the iPad, though, might work. I wish they had a bigger version, though, for people with old eyes.
posted by dpx.mfx at 8:08 AM on February 17, 2012

TheAlarminglySwollenFinger: "Gee Apple, thanks for Gatekeeper! Before this invention I would mindlessly install and launch completely random apps without any discrimination BECAUSE I'M A TOTAL FUCKING MORON."

Hey don't put yourself down that way just cuz you use a mac.

But seriously - I don't have much of an opinion on this one. On the one hand, I can see it being the same sort of attempt at monopoly control over the whole mac platform/ecosystem, which is their standard MO, only now it could lead to an assault on general purpose computing.

But more realistically I see this more as a combination of a "guarantee" of security if one wants to go that route (ha, yeah right, nothing is secure -- but "more secure" perhaps). Similar to a central software repo like apt-get/synaptic or other sorts of things, only with a payment mechanism built in. Ease of finding software with such a thing is kind of nice.

Will they keep the ability to turn it off? I don't know. I hope so. They'd lose some love if they took away some of the rights of users to install shit they want on their systems. But then again - it's Apple who loves locked down shit.

Only time will tell.

Mostly I wonder what the vision is that Tim Cook has for Apple compared to Steve Jobs.
posted by symbioid at 8:09 AM on February 17, 2012

Also -- and i'll try to stop spamming nerdstuff -- Malor's point about "owning the keys" wasn't metaphorical, unless I misunderstood him. He wasn't talking about the ability to turn the feature on and off. He was talking about actually controlling the information about cryptographic keys used to validate applications as "signed."

I doubt Apple would ever do that. Odds are, anyone who would be interested in adding their own signature authorities is just going to run in 'Allow unsigned code' mode or compiling everything themselves.


The technical implementation of signature checking will be a challenge for Apple. Running an app the first time apparently will do an online check of the certificate. But then they need revocation, too, and revocation that works offline and with hostile code running on the target machine.

Yeah, it's unlikely to be perfect. The revocation part is easy if they're the signature authority; and honestly, I don't think offline operation is as important. The olden days, where virii spread from floppy disk to floppy disk, have been gone for a while. The biggest risks these days revolve around people with always-on-connections being tricked into downloading and running binaries that turn their machines into botnet nodes, or phone home. There's a herd immunity mechanism that can help reduce the impact of malware outbreaks: you don't have to protect everyone, just most people.

So, yeah. Not saying it'll work perfectly, but it's definitely promising. The easy path for Apple would've been designating the App Store 'Safe' and the outside world 'Dangerous.' Instead they've built a mechanism that at least attempts to carve out a middle way, and I hope that the results are positive.
posted by verb at 8:10 AM on February 17, 2012 [2 favorites]

The most interesting question to me is: will Apple license Gatekeeper servers? Will Apple allow big orgs to run their own authentication server? My IT group, for certain, would not allow it. They run their own windows domains and their own bb servers. Any online software service provider is blocked as a security hole. This is very common practice as well with peer organizations.

For instance, our IT is now allowing iPads for select people, but they've blocked access to the App store, as a security risk. Users have to get per-app approval for use and let IT manage the install. I can't say I blame them either.
posted by bonehead at 8:18 AM on February 17, 2012 [1 favorite]

And this is an update that excludes macs as young as 2009 ?

No, that list supported hardware, some of which goes back to 2007.

Your link links to a link which has a list of unsupported hardware:

This means the following Macs which are supported under OS X Lion will not be able to run Mountain Lion (model identifiers in parentheses):

Late 2006 iMacs (iMac5,1, iMac5,2, iMac6,1)
All plastic MacBooks that pre-date the aluminum unibody redesign (MacBook2,1, MacBook3,1, MacBook4,1)
MacBook Pros released prior to June 2007 (MacBookPro2,1, MacBookPro2,2)
The original MacBook Air (MacBookAir1,1)
The Mid-2007 Mac mini (Macmini2,1)
The original Mac Pro and its 8-core 2007 refresh (MacPro1,1, MacPro2,1)
Late 2006 and Early 2008 Xserves (Xserve1,1, Xserve2,1)

Update: It slipped my mind that there were two pre-unibody plastic MacBooks introduced between the aluminum MacBook and the plastic unibody redesign, both of them with the model identifier MacBook5,2. Those MacBooks, which still feature the legacy pre-unibody case design and were manufactured in early- to mid-2009, are supported in Mountain Lion because they feature an NVIDIA GeForce 9400M graphics card instead of the integrated Intel GPUs in their predecessors.

5 and 6 year old hardware is an acceptable cut-off point, considering that all of that unsupported hardware runs the current version of the OS which supports the App Store and has basic iCloud support.
posted by device55 at 8:31 AM on February 17, 2012

No. Low-end sing-use apps from the app store are cheaper, directly, simple, and work.

Sometimes. Sometimes they have surprising feature deficiencies, or strange implementations, or just don't do things you were relying on because the developer had a strange idea of what users wanted, or purposely withheld important functionalty because they wanted to sell an in-app purchase, or WERE OUTRIGHT PREVENTED FROM SUPPLYING IT BECAUSE IT LOOKED IN SOME VAGUE WAY LIKE A SCRIPTING FUNCTION AND APPLE OUTRIGHT PREVENTED PEOPLE FROM OFFERING IT RARRGH.

When I say "sometimes," I actually mean "often." And nine times out of ten you won't have had the chance to discover this without ponying up $1-5, which adds up after awhile. Presumably app reviews would be the answer to this, although frequently they remind one of YouTube comments.

And it's weird how there's hundreds of thousands of programs in the App Store and there's like three good roguelike games, and two of those are Rogue and Nethack, but there are dozens of games that want to convince you they're Angry Birds or Tiny Wings or Temple Run or Annoying Time Wasting Social Game In-App Purchase Unlock Deluxe XVII. And there are entire categories of program you hardly ever find on the App Store that have multiple good, free implementations on PC, all because of that antipathy to open source development.
posted by JHarris at 8:31 AM on February 17, 2012 [2 favorites]

Apple has always built machines for those who were more interested in what they could do on computers than how computers worked.

The friend of mine whose machines go down more often than any other? Complete mac shop. Mind you, he tries to do things like host his own website on his DSL connection using some godawful apple solution, but, still...this "I just want to work" thing is one of the single most annoying things about Apple users, because I'm the same way, except I use nothing but windows stuff. I haven't had a windows software failure in more than a decade.
posted by maxwelton at 8:35 AM on February 17, 2012

The friend of mine whose machines go down more often than any other? Complete mac shop. Mind you, he tries to do things like host his own website on his DSL connection using some godawful apple solution...

FYI, that godawful Apple solution is a copy of Apache.
posted by verb at 8:42 AM on February 17, 2012 [2 favorites]

Gatekeeper isn't a very good name. It just sounds like something you don't want. They should rebrand it as something that enables you to do something, not something that prevents things. Maybe "App Assistant" or "Cloud Enabler". I think they dropped the ball here.
posted by Ad hominem at 8:44 AM on February 17, 2012 [2 favorites]

I haven't had a windows software failure in more than a decade.

A persuasive argument! Would you happen to have some swampland in Florida I could invest in, or a bridge I could buy a share of? Some snake-oil to cure hysteria, perhaps?
posted by Slap*Happy at 8:45 AM on February 17, 2012 [2 favorites]

"I just want to work" thing is one of the single most annoying things about Apple users, because I'm the same way, except I use nothing but windows stuff. I haven't had a windows software failure in more than a decade.

I use "I just want it to work" as an explanation for why I don't use Linux. Because, well, I don't want to arse around to get the wireless working. I don't really doubt that Windows might work reasonably well by now.

And, uh, all this free software that Windows supposedly has? I've not bought software in years (seriously, I don't remember the last piece of software I bought--I suppose we can argue it's OS X from the last computer I bought). All the stuff installed on my computer was legally obtained. Some of it doesn't run on Windows without cygwin or Virtual Box and I don't know of an alternative.
posted by hoyland at 8:45 AM on February 17, 2012

Actually, let me back that up. I said App Store programs sometimes have "strange implementations," but what do I mean by that?

The example I have in mind specifically is note taking software. This is a fairly substantial category of program on the App Store. I personally have on my iPad: Draw Pad, Notes Plus, Penultimate, Paper Desk, Notability, TWEdit, and (of course) Notes.

The first five programs in this list all supposedly have strong handwritten notetaking support. Supposedly this means you can sketch with them, and edit what you sketch. It's weird how many of them, however, instead of storing raster images of what you draw, actually just store the stroke paths, which makes it difficult to block out areas, and when you erase they just delete those parts of strokes the finger crosses over, frequently creating unclean breaks. That's if the program doesn't just delete the entire stroke. Several of the programs offer graph paper as a paper style (one of them, if I remember correctly, as an in-app purchase), but none of them offer the resolution to make meaningful use of it without zooming, which only one of them will let you do for some reason, and that one happens to be the one where the eraser deletes whole strokes!

For actual taking of notes the only great ones are Notability (which is so much better than Notes.app it's not funny) and TWiki, which is, no lie, a $1.99 browser shell around Safari that implements filesaving features so you can use TiddlyWiki with it.

I have had no end of frustration trying to find basically useable apps in the App Store. Repeat this experience across most categories of software. The App Store is a never ending source of annoyance for me. And I kind of hope one of you tries to prove me wrong, because at the very least I might get a useable handwritten sketching program suggested to me in the process.
posted by JHarris at 8:47 AM on February 17, 2012 [2 favorites]

The App Store is a never ending source of annoyance for me.

The app store has grown so fast that it's un-navigable. There's just too much there, and the interface is not adequate for search or discovery.

I only use the app store for purchase...I find apps via the web, word or mouth, etc...and find a link directly to the app store page.

It needs a serious overhaul to be useful again.
posted by device55 at 8:51 AM on February 17, 2012 [2 favorites]

Mountain Lion and sandboxes. Hmm.

Do you know what cats like to do in sandboxes?

Poop in them.

Thank you for letting me contribute to this discussion. I'll see myself out.
posted by mazola at 8:54 AM on February 17, 2012 [2 favorites]

A persuasive argument!

Sorry to hit a sore spot.

I have not seen a blue screen or whatever its winXP/7 equivalent is since the late 1990s. I'm not trying to convert anyone, just relaying the info that windows these days is about as painless as the mac is said to be. I abandoned Apple after being a staunch advocate and purchaser of tens of thousands of dollars worth of Apple equipment, through 1996 (I started on a Lisa)--and after my wife's two expensive, dead early iMacs...anyway, not likely to go back anytime soon. Whatever.

I love Apple's industrial design, it's without peer in the spaces they occupy. I just hate the fanboy stuff, their evolution into a company that seems to want to be what Gate's MS was in the 1990s--and the OS doesn't do punch any buttons for me.
posted by maxwelton at 8:57 AM on February 17, 2012

empath: Apple sold more IOS devices in 2011 then they have sold Macs in the past 28 years.

I'm not necessarily denying this, but cite?

Also, SemiSophos's comment above, about Apple restricting use of some features on Mountain Lion ONLY to apps sold in the Mac App Store. Blazecock Pileon, defend that. I would paste the relevent part of the comment here, but iOS Safari doesn't let me select text in a thread if I've already activated the text entry box on that page, hyuck!
posted by JHarris at 9:04 AM on February 17, 2012

All these coy little meetings with Apple partisans are kind of funny. Shipping an OS that, by default, will not run unsigned code is a big step. They need people to go out and soft sell this. Start wispering that this is great for security despite the fact that Macs have always been held up as totally secure!

Microsoft, in its wildest fever dreams, may have wished they could ship an OS where they had final say over what was run. If only windows could have popped up a big red NO! whenever someone double clicked an outlook attachment.

I think we will see unsigned apps go the way of the dodo on OS X and probably Windows after not too long. Microsoft will never be able to lock peopel into an App store only model, there are too many legacy apps on windows, but Apple will probably succeed at moving to that model within 10 years.
posted by Ad hominem at 9:15 AM on February 17, 2012

Ad hominem - Microsoft did try UAC in Vista, which screamed at you whenever you tried to do ANYTHING. People hated it and turned it off.
posted by Artw at 9:21 AM on February 17, 2012

I'm not necessarily denying this, but cite?

here you go
posted by empath at 9:22 AM on February 17, 2012

Burhanistan: Yeah, you're probably right. But I think he wouldn't approve of it either. It seems a definite step down a bad path for Apple.
posted by JHarris at 9:23 AM on February 17, 2012

(And by "turned it off" I probably should say "Uninstalled or fled to XP or Mac" - that one popup more than anything else secured Vista's reputation for terribleness. And there were a lot of anything elses)
posted by Artw at 9:24 AM on February 17, 2012

empath: Ah, that's useful thanks. Apple only sold 55M Macs over 22 years? That's an average of 2.5M a year. Game consoles sell much better than that, wow.
posted by JHarris at 9:26 AM on February 17, 2012

For reference, the Sega Master System sold something over 21M units in its lifespan. (Wikipedia link, sales figures in sidebar.)
posted by JHarris at 9:28 AM on February 17, 2012

"Apps have been renamed for cross-OS consistency. ... Now that these apps exist for the Mac, to-dos have been removed from Calendar and notes have been removed from Mail, leaving Calendar to simply handle calendaring and Mail to handle email."

Yes.
posted by clvrmnky at 9:30 AM on February 17, 2012

what is after mountain lion... OSX Cougar?
posted by khappucino at 9:30 AM on February 17, 2012

Yeah, .NET also has code signing and an entire permissions framework and nobody uses that either.
posted by Ad hominem at 9:34 AM on February 17, 2012

I would feel much better about this if they'd port it to iOS and allow third-party signed apps that bypass the app store. Without that, it really feels like they're trying to slowly herd all of their users into the app store for both platforms, eventually to lock out non-app-store apps entirely. It's not paranoia if they designed their last operating system to do that from the start!
posted by Mitrovarr at 9:39 AM on February 17, 2012 [2 favorites]

Code signing has historically done very little to reduce malware and piracy. Adding a code signing framework only serves the vendors. Yes, you can turn it off, but our history with Firefox/Android/etc. has shown us that the vast majority of uses can't be assed to do it.

DRM here isn't a feature for the user, it's a feature for the shareholders.
posted by introp at 9:39 AM on February 17, 2012 [1 favorite]

When Lion came out, I expressed some worry that Apple was moving towards making OSX itself into a closed, App Store-only system like iOS. Some (well, one) rushed to reassure me that that wouldn't happen. I view this development with rather some concern all the same. It doesn't technically prevent non-App Store software from being installed, but it isn't exactly welcoming to non-licensed developers either, and it could be taken as a step along the road.
posted by JHarriso

Most of the pushback I've read are from tech fans that aren't mac developers. The developers are the ones that have to deal with apple policies, and they're the ones that have the most to worry about. They're the ones that careers depend on this stuff. I'd put there opinions (long time mac developers) above most others. After all, they're the creators of some of my most loved software. And they, though cautious, seem to be overwhelmingly optimistic. So I'm optimistic.

Wil Shipley, who has been pessimistic before:

To summarize: What Apple has announced today is a very clear, “We support developers creating whatever they want to create.” I salute them.

(More from Shipley.)

Ken Case of Omnifocus:

We at Omni think Gatekeeper is great! Apple went out of their way to support non-Mac App Store distribution.

Could this be just a bridge and the next step is requiring all mac apps to be sold through their store? Maybe. And that'd be a mistake. But right now, seems like a good decision. I don't think you call it a bad one because of where they COULD be going.

Apple's in a tough spot here trying to please everyone. Read Dave Winer's angry rant yesterday:

The only malware that we know of in the Apple ecosystem is software that Apple blessed through its review process.

Here's Dave Winer less than a year ago:

It struck me as parallel to another situation where Apple is making the wrong call.

All of a sudden Macs have malware. I've seen the attack that's rampant, and it gave me a sick feeling, because it reminded me of the reason I switched back to the Mac in 2005. Windows had become a horrible mess of malware. Microsoft's position was the same one that Apple is now adopting. Leave the users, most of whom think they're immune to malware (Apple told them so!), to fend for themselves.

---

On a somewhat unrelated note; is there anything much in mountain lion for someone who doesn't also have iOS devices? I'm perfectly happy with my android devices, so have no interest in more icloud or imessage; skype works just fine given most people I know are on windows. iMessage, Reminders, Notes, Notification Center, Twitter integration, Game Center, and AirPlay Mirroring.
posted by ArkhanJG

Probably not. And I hope things continue that way. As someone that uses OS X and iOS, this is an incredible update. Basically, Christmas came early. That's the advantage of having one company in charge of everything. In fact, it's the biggest advantage. I want Apple to continue making the experience whether I'm on an iPhone, iPad, or Mac to be seamless and wonderful. It's your choice to use Android. With that comes the good and the bad. But I don't think Apple should in any way consider what Android users want/need when dealing with OS X. They might eventually use you, but I think they'll gain more users with a seamless experience than lose because of reasons such as yours.

I have several friends that uses the App Store as their only source for apps and (before I showed a few of them Quicksilver) used Launchpad to Launch their apps. LAUNCHPAD for chrissakes.
posted by azarbayejani

OMG! Elitist much? If it works for them, without downloading a 3rd party app, they're better off. Dan Benjamin of 5 by 5 fame recently said he uses Launchpad, and he's probably as technically advanced as anyone in this thread.

Quicksilver is awesome (at least back when I used it), but downloading it to simply and only launch apps is much more head shaking than using launchpad.

The friend of mine whose machines go down more often than any other? Complete mac shop. Mind you, he tries to do things like host his own website on his DSL connection using some godawful apple solution, but, still...this "I just want to work" thing is one of the single most annoying things about Apple users, because I'm the same way, except I use nothing but windows stuff. I haven't had a windows software failure in more than a decade.
posted by maxwelton

So you're a designer and programmer, and you're comparing your experience to Joe Average. In my Facebook feed I still periodically read someone that's taking their PC to the 'geek squad' to get their HD cleaned of viruses. My girlfriend's father runs a business on the side that deals with windows computers. Half of his business is dealing with unusable PCs infected with viruses (the other half is people that forget to plug their computer in).

Its not surprising that you have no problem using windows. But for someone new, or not technically inclined, I think you're crazy if you think you should give them a PC instead of a mac. Of course, I guess you'd call me a fanboy (and that ends the discussion!).

Start wispering that this is great for security despite the fact that Macs have always been held up as totally secure!
posted by Ad hominem

Right, as the Mac becomes more popular they should wait until they're actually insecure before doing anything. Brilliant plan you have there. If malware suddenly because a problem 2 years from now, critics would be lambasting Apple for not being prepared.

What's that Gretzky quote? Skate where the puck is going, not where it is? Yeah, that.
posted by justgary at 9:45 AM on February 17, 2012 [2 favorites]

I doubt Apple would ever do that. Odds are, anyone who would be interested in adding their own signature authorities is just going to run in 'Allow unsigned code' mode or compiling everything themselves.

Which would be stupid. If you have the Gatekeeper functionality, and you can install new root keys as you SHOULD be able to, since you DO own the hardware, right? So... then you sign any app you compile or write yourself. Your own custom version of Apache? Sign that sucker. Download and compile Dungeon Crawl? Sign it.

Then, if malware hijacks one of your binaries, you have an immediate layer of defense that All Is Not Right, especially if you keep your signing key offline. It would be very difficult for any hostile entity to replace any of your binaries, whether system-level or user-created, without your immediate notice.

This could be very important for people dealing with repressive regimes, like Iran and China. You have to protect that keystore, but having that keystore, and enforcing checking of app signatures, will make it much harder for the keystore to be infiltrated by something nasty.
posted by Malor at 9:47 AM on February 17, 2012

Right, as the Mac becomes more popular they should wait until they're actually insecure before doing anything. Brilliant plan you have there. If malware suddenly because a problem 2 years from now

haha. I thought OS X was supposed to be secure because it was based on BSD via NextSTEP, not because nobody used it.

Is Apple trying to claim they have been flying under the radar of hackers all this time and they are just getting around to doing something about it now?

That is funny, I bet 2/3 of malware writers own a macbook.
posted by Ad hominem at 9:58 AM on February 17, 2012

If you have the Gatekeeper functionality...

I don't think you really understand what Gatekeeper is or does, what code signing is or does, or what a certificate authority is or does. Think more along the lines of SSL certificates. You may want to back away from the discussion until you do a little research... you're confused, and confusing people who may be interested in the topic.
posted by Slap*Happy at 10:09 AM on February 17, 2012 [2 favorites]

More news on the Apple front...
FoxConn raises Chinese workers wages as much as 25% and the Fair Labor Associates's initial impressions on the factories is good.
(In before FLA is called a shill organization.)
posted by entropicamericana at 10:10 AM on February 17, 2012 [3 favorites]

haha. I thought OS X was supposed to be secure because it was based on BSD via NextSTEP, not because nobody used it.

Is Apple trying to claim they have been flying under the radar of hackers all this time and they are just getting around to doing something about it now?

That is funny, I bet 2/3 of malware writers own a macbook.


Statistics and general population stupidity ensures that there are probably people out there who argued that OSX was more secure because of magic, or because NextSTEP was protected by fairies. If you'd like to argue with stupid people, please go find some. If you'd like to stay here and have straw man arguments with yourself, at least admit that you're doing so.

Anyone who wasn't an idiot realized that the better record for Mac security was a combination of smaller install footprint, and better default security model than Win95/98/XP. Windows has improved considerably over the years, but the larger footprint means that it's a much juicier target for malware developers. During the darkest WinXP days, it was literally impossible to safely set up a machine. The average time that it took for an Internet-accessible box to be found and compromised by automated scanning tools was less than the amount of time it took to download and install the patches for the security holes that allowed the scanners to compromise them. IE security holes made simply browsing the Internet without having virus protection software installed a fundamentally unsafe activity.

It's gotten much better on the Windows side since that time, but the situation has never been that bad on OSX, and Apple appears to be working to ensure that it never gets there.

For a couple of major OS releases, Apple has been twiddling the security dial, trying to prevent more growth in Mac malware without annoying its userbase. "You downloaded this from the internet, are you sure you want to run it?" warnings when first launching an app have been there for a while. Prompts for admin passwords when an app wants to install or modify system files have been there for a while. More recently, the entitlements system has been put in place -- and it's a requirement for Mac Store apps. It's a lot like the super-restrictive stuff that .Net allows you to do, where specific APIs and actions can be locked down, and Apps must explicitly request the right to do certain kinds of things. That has caused problems for apps that legitimately need to do things that don't have decent entitlement definitions, though. Gatekeeper is another adjustment to the knob, and appears to be driven almost entirely by direct requests from third-party OSX developers who wanted a system like this.
posted by verb at 10:19 AM on February 17, 2012 [5 favorites]

>> I doubt Apple would ever do that. Odds are, anyone who would be interested in adding their own signature authorities is just going to run in 'Allow unsigned code' mode or compiling everything themselves.


Which would be stupid. If you have the Gatekeeper functionality, and you can install new root keys as you SHOULD be able to, since you DO own the hardware, right? So... then you sign any app you compile or write yourself. Your own custom version of Apache? Sign that sucker. Download and compile Dungeon Crawl? Sign it.

Then, if malware hijacks one of your binaries, you have an immediate layer of defense that All Is Not Right, especially if you keep your signing key offline. It would be very difficult for any hostile entity to replace any of your binaries, whether system-level or user-created, without your immediate notice.

This could be very important for people dealing with repressive regimes, like Iran and China. You have to protect that keystore, but having that keystore, and enforcing checking of app signatures, will make it much harder for the keystore to be infiltrated by something nasty.


I think you're missing the point of Gatekeeper. If you download source and compile it, it will never be affected by Gatekeeper. It will only affect binaries that you downloaded from the Internet, then ran. If an already-installed, already-run binary is altered by another application, it won't be affected by Gatekeeper. All it does is look at apps you're running for the first time, checks if they're downloaded from the Internet, then (if you've left the machine at its default settings) warns you if they're unsigned.

The sort of multiple-authority system you're talking about the kind of system that Apple has never shown much interest in building. I'd prefer that OSS developers build and maintain a cross-platform mechanism for key-based binary signing. Then I could just turn off Gatekeeper and run it, instead.
posted by verb at 10:24 AM on February 17, 2012 [2 favorites]

I don't think you really understand what Gatekeeper is or does, what code signing is or does, or what a certificate authority is or does. Think more along the lines of SSL certificates. You may want to back away from the discussion until you do a little research... you're confused, and confusing people who may be interested in the topic.

No, actually, I understand exactly what code signing is. Precisely. You're the confused one, not me.

Gatekeeper is a method by which the Trusted Execution engine in the kernel checks that an application has been signed by a trusted key. If it was modified after being signed, or if it wasn't signed at all, the kernel will refuse to launch the program, if it is configured in either of its secure modes. It's really very simple.

What I am arguing is that as long as I can add trusted keys to the store, then Gatekeeper is a very potent security tool for me, because I can write and compile my own software, and sign it myself. Or I can trust other people's keys, and let them sign their own code. This ensures that programs on my drive have not been tampered with after signing. If, say, a Safari exploit overwrites one of my custom binaries with malware, I will be notified that the file has been compromised the next time I try to start it. It's a bit like Tripwire, except it's running all the time, not just when I start a scan.

This is a really potent security tool, particularly for people who are being directly targeted by governments. If you have full control over your Trusted Execution keystore, you can remove all keys but yours and the one that signed the system binaries, so that no outside entity can run code directly on your machine without you knowing about it.

There are other kinds of exploits, of course, so it wouldn't be perfect security by any means, but it would be far better than no checking at all.

If I can't modify the keystore, then this is a tool for Apple to exert control over my computer, without my permission. I can disable it, but I can't use it for my own benefit.
posted by Malor at 10:31 AM on February 17, 2012 [1 favorite]

(and, yes, to forestall objections, I do understand the difference between public and private keys, but that's not really relevant to what I'm talking about, so I just glossed past it with 'keys'.)
posted by Malor at 10:34 AM on February 17, 2012

What I am arguing is that as long as I can add trusted keys to the store...

...you've opened a giant hole for malware to sneak in. You're really, really not thinking this through.
posted by Slap*Happy at 10:39 AM on February 17, 2012 [3 favorites]

I hope Apple's got better security than DigiNotar.
posted by symbioid at 10:41 AM on February 17, 2012

...you've opened a giant hole for malware to sneak in. You're really, really not thinking this through.

Once malware has gotten infected your system to the point where it can be adding keys to your system, you're already infected. It's not a giant hole if you can only be infected after you've already been infected.
posted by zixyer at 10:43 AM on February 17, 2012

No, actually, I understand exactly what code signing is. Precisely. You're the confused one, not me.

The question isn't what code signing is, but what it's being used for.

Apple is using it as a mechanism for optionally blocking the "first run" of unsigned apps, or apps whose keys have been revoked. It isn't a mechanism for ensuring that your machine doesn't run trusted code, it's a mechanism for ensuring that a downloaded binary you are running for the first time hasn't already been blacklisted by Apple.

If I've misunderstood Gatekeeper (not 'The product you want Apple to build,' but Gatekeeper itself), I apologize and would really love to understand where I've missed something.



If I can't modify the keystore, then this is a tool for Apple to exert control over my computer, without my permission. I can disable it, but I can't use it for my own benefit.

You can compile your own security system and run it if you like. If that becomes impossible, well, yes, it's a terrible thing. But you seem to be complaining that Apple has built a product you don't want, rather than a product you do want. I think that Apple shouldn't be the one who builds the kind of thing you're describing -- it should be in the hands of open source developers, compile-able and installable on any platform.

People who are worried about government crackdown and control of their binaries should not trust Apple. They should not trust any business. They should trust source. I wish it were otherwise, but that's the nature of the world we inhabit at this point. If you don't trust Apple to act as the signing authority for software, you shouldn't trust them to manage the closed-source software that handles the key authentication process.

I use lots of Apple hardware and software, but I develop open source software. I don't think one or the other is 'right' or 'wrong', but I think certain models can be trusted for certain kinds of tasks. Apple? I trust them to come up with a low-user-impact way of limiting the spread of Malware for the average Mac user. Open Source developer communities? I trust them to come up with and implement a robust mechanism for distributed, decentralized code signing.
posted by verb at 10:48 AM on February 17, 2012 [1 favorite]

is another adjustment to the knob

Still not buying it. All it does is give Apple an off switch for my app. It is almost entirely useless for malware authors who can just keep cranking out software signed with different keys, they can use fake identities to sign up with Apple all day long. It is however usefull for holding legit companies hostage.
posted by Ad hominem at 10:58 AM on February 17, 2012

You have to pay a sizeable amount to get a key for signing iOS code - I imagine it'll be the same for Gatekeeper keys.
The system might not be perfect but I doubt malware authors will have an endless supply of keys from Apple. They can't keep signing up for accounts all day long because they're not free.
posted by edd at 11:02 AM on February 17, 2012

You have to pay a sizeable amount to get a key for signing iOS code - I imagine it'll be the same for Gatekeeper keys.

No, the article specifically says that these keys will be free, and will only require an Apple developer account. The $99 fee for app store distribution (what applies to iOS developers, since the App Store is the only distribution channel) is a different beast.


Still not buying it. All it does is give Apple an off switch for my app. It is almost entirely useless for malware authors who can just keep cranking out software signed with different keys, they can use fake identities to sign up with Apple all day long. It is however usefull for holding legit companies hostage.

If you don't trust Apple with the Gatekeeper blacklist, you don't trust them with the OS. It's that simple.
posted by verb at 11:05 AM on February 17, 2012 [1 favorite]

No, the article specifically says that these keys will be free

Can you point to which article says this? I'm trying to find this out too -- Gruber is saying they'll be free but Ars Technica says it will require the $99 account.
posted by zixyer at 11:09 AM on February 17, 2012

I just think criminals will be criminals. They will obtain as many keys through whatever means and push out apps faster than Apple can turn them off. Even if they cost 99$ they can use stolen credit cards. Install one signed app, have it pull down 20 others, patch the system in all kinds of malicious ways.

I just think the limited usefulness of an off switch against actual criminals makes me think it isn't really about malware.

If it is for smacking around companies like Path and Hipster that violate the TOS then sure, it will work great. Revoke path, make them push out a version that doesn't copy your contacts.
posted by Ad hominem at 11:15 AM on February 17, 2012 [1 favorite]

(Also, for clarity: I'm not saying that to imply that you should like Apple, just pointing out that the kinds of problems you're describing basically boil down to "Closed Source Software Is Not Trustworthy When You Care About Government Intervention." See the whole Microsoft encryption backdoor from a couple of years back, for example.


Can you point to which article says this? I'm trying to find this out too -- Gruber is saying they'll be free but Ars Technica says it will require the $99 account.

I just re-read the Ars article and can't find where they say that. Can you point me to the location? They say that you'll need an "Apple Developer ID", but I already have one of those and I've never paid Apple the $99 fee. I'm not a member of the $99/year "Developer Program" that gives people free access to Developer builds of future OS releases, lets them ship App Store apps, and so on.

Given that Ars' article is imprecise on this count, and Gruber's is very explicit, I'd tend to trust Gruber's. He's not arguing about the relative merits of an Apple decision, he's relaying a very specific policy decision that was communicated to him. If I'm incorrect, I'll certainly agree with you -- a $99/year fee to create software that 'default' Macs can run is very bad. But it doesn't sound like that is what's being discussed.
posted by verb at 11:18 AM on February 17, 2012 [1 favorite]

If stolen cards are an issue (if the accounts are paid for) Apple can just put in a cooling off period before providing a key. No one writes software that both can be written overnight and needs to be published overnight.
posted by edd at 11:18 AM on February 17, 2012

I just think criminals will be criminals. They will obtain as many keys through whatever means and push out apps faster than Apple can turn them off. Even if they cost 99$ they can use stolen credit cards. Install one signed app, have it pull down 20 others, patch the system in all kinds of malicious ways.

This is why having multiple levels and types of security are important. Even with Gatekeeper turned off, apps can't actually modify your system without you giving them root credentials at the time they try to make the modification. That's what I meant by 'adjusting the knob' -- there isn't really a magic bullet for any of this stuff other than building your own OS and apps from source and doing a thorough code review on everything.
posted by verb at 11:21 AM on February 17, 2012

Verb: I assumed it mainly as although I've not put software in the app store (yet?) in order to run signed software on my iOS device I had to pay the $99 for the ability to get a key. It'd be logical for Apple to take the same approach here.
posted by edd at 11:22 AM on February 17, 2012

Sorry, should have quoted what I was seeing.

Currently, any developer who signs up for Apple's Mac Developer Program and pays the $99 per year fee will get a code signing certificate.

From the Ars Technica article on the subject.
posted by zixyer at 11:22 AM on February 17, 2012 [1 favorite]

Probably not. And I hope things continue that way. As someone that uses OS X and iOS, this is an incredible update. Basically, Christmas came early. That's the advantage of having one company in charge of everything. In fact, it's the biggest advantage. I want Apple to continue making the experience whether I'm on an iPhone, iPad, or Mac to be seamless and wonderful. It's your choice to use Android. With that comes the good and the bad. But I don't think Apple should in any way consider what Android users want/need when dealing with OS X. They might eventually use you, but I think they'll gain more users with a seamless experience than lose because of reasons such as yours.

Ehh?I don't want more integration between android and OSX. I'm not even sure what you'd actually integrate. Google have their own perfectly good sync stack via gmail/contacts, gdocs, calendar etc, and have for years. You can already integrate google services such as gchat into imessenger, webdav calendars into iCal, gmail into Mail etc, which is the right way to do it. Sugarsync or dropbox fill the missing gap of random file sync nicely enough.

No, I mean is there anything in there for you know, MAC users. Lion had quite a few feature upgrades for OSX itself; resizing windows anywhere, mission control, app store, launchpad, full screen apps etc etc. I'm sure further integration of iOS apps/ icloud etc is needed given that iCloud is so new, but there doesn't appear to be anything particularly interesting for OSX users to be worth the upgrade if they're not also iOS users. We have a whole ton of macs at work, but we don't need iOS sync there for most of them either as they're multi-user machines for general use. I'm not criticising that Apple are doing that, I'm just wondering if there was something swanky I'd missed. But then my aging core 2 duo mac mini tv plex box doesn't look like it'll be allowed to upgrade anyway, so I guess that's a good thing from my point of view.

The only thing vaguely interesting is the notification centre, but growl pretty much has that covered and won't be going anywhere since the notification centre is only for App Store apps.
posted by ArkhanJG at 11:31 AM on February 17, 2012

This change has zero impact on malware, and 100% impact on software development.

Signing applications only verifies that a particular name is associated with the binary. It doesn't make the binary more or less safe to run. Apple, and everyone else, will continue to fail to be able to detect cunningly deployed trojans and viruses. Trojan makers will continue to submit trojans to the new app store, get their applications signed, and distribute their trojans.

However, software developers will now have to either (a) be in direct conflict with a forced dialog box on Apple computers which tells the users that their code is dangerous and may cause harm to their computers and should be dragged to the trash, or (b) pony up the 30% and go through Apple. Apple knows full well that 99% of their users will obey Apple and not the software developer if presented with a scary dialog box; even if a 'ok, I will take this risk' dialog option is presented.

This is quite simply blackmail.
posted by felix at 11:32 AM on February 17, 2012

growl pretty much has that covered

Growl has been beyond horrible for quite some time. And it has no notifications for basically everything you'd want to be notified about.
posted by Threeway Handshake at 11:39 AM on February 17, 2012

...you've opened a giant hole for malware to sneak in. You're really, really not thinking this through.

You're really, really overemphasizing. Malor's idea of letting users add their own keys seems reasonable to me.

There is a solution that would appease both Apple's (stated) purpose of malware control and users afraid this is just another step towards locked-down Macs: hand the signing of apps to a trustworthy third-party.
posted by JHarris at 11:41 AM on February 17, 2012

Growl has been beyond horrible for quite some time

I dunno, I kind of like it. What you got against Growl?
posted by JHarris at 11:42 AM on February 17, 2012

letting users add their own keys seems reasonable to me.

They already have the same functionality in a much easier way: under any setting of Gatekeeper, you can exempt individual downloaded binaries.
posted by Threeway Handshake at 11:44 AM on February 17, 2012

Currently, any developer who signs up for Apple's Mac Developer Program and pays the $99 per year fee will get a code signing certificate.

From the Ars Technica article on the subject


The Ars article is describing the current status of code signing on OSX, Gruber's article was describing how things will work as of Mountain Lion's release. If I'm misreading things, and code signing requires a $99/year, per-app, or any type of charge, I'll happily reverse my position and agree that it's a terrible cash-grab. Given the explicit, unambiguous statement by several developers who were brief by Apple about the system before Apple's announcement (Gruber, the folks from Panic Software, Wil Shipley, etc.) I'm hoping that I'm correct.


However, software developers will now have to either (a) be in direct conflict with a forced dialog box on Apple computers which tells the users that their code is dangerous and may cause harm to their computers and should be dragged to the trash, or (b) pony up the 30% and go through Apple. Apple knows full well that 99% of their users will obey Apple and not the software developer if presented with a scary dialog box; even if a 'ok, I will take this risk' dialog option is presented.

Please read the article. 30% applies to software distributed through the App Store. Gatekeeper's changes affect software not distributed through the App store.
posted by verb at 11:44 AM on February 17, 2012

Yep, I can install trusted root CAs on windows. I have to do so from time to time when I am forced to develop with self singned certs.

It is also pretty common for companies to roll out a corporate trusted root CA enterprise wide as well.
posted by Ad hominem at 11:45 AM on February 17, 2012

Well, it's my chance to reverse position. According to Wil Shipley, certificate signing will require a $99 developer account, although individual certificates will not cost any money beyond that. Now it looks like Gruber was categorizing the signing process itself as zero-cost for people who are already Apple Developers.

As promised, I'm reversing my position and saying that I think it's a bad move.
posted by verb at 11:48 AM on February 17, 2012

If you don't trust Apple with the Gatekeeper blacklist, you don't trust them with the OS. It's that simple.

90% of the time when someone says "It's that simple" it's actually not that simple.

They already have the same functionality in a much easier way: under any setting of Gatekeeper, you can exempt individual downloaded binaries.

You missed Malor's point, which was, Gatekeeper could actually be a useful feature generally if you let the user install his own keys, so it protects from the combined set of software Apple doesn't trust and the user specifically doesn't trust. It doesn't allow this, so what could be a useful tool will just be turned off by knowledgable users.
posted by JHarris at 11:49 AM on February 17, 2012

Also, SemiSophos's comment above, about Apple restricting use of some features on Mountain Lion ONLY to apps sold in the Mac App Store. Blazecock Pileon, defend that.

I can't defend it, because as of now, there is no clear policy on how that will play out (at least, after having read the article). It's possible Apple will lock down certain APIs, but maybe they won't. Locking down iCloud makes sense from a security standpoint – iCloud is very important to Apple, and so protecting data from malicious apps is important.

I'll defend locking away that particular API so that apps that access cloud data get audited. Other APIs, as Panic notes, I am more concerned about and would agree with them on the level of a fellow developer that those parts of this policy, if enacted, would be troublesome. But like Panic, I don't see the API issue as black and white, at least not until we see a final policy and list of affected libraries.

So I won't defend that, but the Panic article is something everyone, including and especially Malor should read, because while it spends two short paragraphs on what might happen with the API issue, it goes into a very long and technical explanation of Gatekeeper itself, written for laypersons who do not understand code signing and how this process will work. So I won't defend the article, but instead laud it, as something a few people in this thread should probably read before commenting.
posted by Blazecock Pileon at 11:52 AM on February 17, 2012

Well, it's my chance to reverse position. According to Wil Shipley, certificate signing will require a $99 developer account, although individual certificates will not cost any money beyond that. Now it looks like Gruber was categorizing the signing process itself as zero-cost for people who are already Apple Developers.

You really can't expect unspun information or an honest interpretation of facts out of Gruber. This should be known by now.
posted by kafziel at 11:52 AM on February 17, 2012

You really can't expect unspun information or an honest interpretation of facts out of Gruber. This should be known by now.

Gruber's statement -- that signing keys will be free -- appears to be an accurate statement about the key signing process itself. The issue here is lack of clarity in several articles around the precise workflow of the signing process, not Gruber "spinning' things.

Gruber's history of accurately reporting facts about Apple is pretty stellar. Gruber's history of thinking that everything Apple does is a good thing is also well-established. I don't trust him as an unbiased source of information about the benefits of or the desirability of any given Apple decision, but he's consistently gotten his facts straight.
posted by verb at 12:02 PM on February 17, 2012 [1 favorite]

Huh, yeah; Apple's page describing gatekeeper also implies that the $99 developer accounts would be required for code signing.

If that's really the case, that does come off as an unreasonable cash grab -- and seems a poor strategy in any case given that it would at least to some extent limit the number of developers willing to bother signing their code.
posted by ook at 12:02 PM on February 17, 2012 [1 favorite]

Actually, that reminds me of my favourite feature of Lion as a sysadmin; the bare metal recovery added via firmware update. Even if the hard-drive partition table is total trashed, or you put a new drive in, you can 'net-boot the recovery environment, then it auth's the serial code or your app store account and you do a disk utility partition and do a 'net install of lion directly. That's really pretty impressive for system recovery.
posted by ArkhanJG at 12:05 PM on February 17, 2012

iCloud isn't just part of the OS, it's an online service, for which Apple is not charging money. I don't have any problem with them limiting access to it to apps which are sold through the App Store. Apple gets a piece of those sales, and that goes to maintaining the service. I have no problem with that.
posted by empath at 12:06 PM on February 17, 2012

I wouldn't characterize it as a cash grab. I doubt Apple is making tons of money off of developer accounts. The thing that bugs me about it is that while $99 isn't a problem for commercial software developers, it places an unnecessary burden on authors of free or open source software.
posted by zixyer at 12:06 PM on February 17, 2012

You really can't expect unspun information or an honest interpretation of facts out of Gruber.

He spins like hell, but he doesn't generally lie.
posted by empath at 12:07 PM on February 17, 2012 [2 favorites]

If that's really the case, that does come off as an unreasonable cash grab -- and seems a poor strategy in any case given that it would at least to some extent limit the number of developers willing to bother signing their code.

It's counter-productive. A system like Gatekeeper relies on the fact that the vast majority of apps will be signed -- even random free stuff you download on the Internet.
posted by verb at 12:07 PM on February 17, 2012

Hmm, going by the the gatekeeper page ook links to, it does seem that the $99 membership of the mac developer program is necessary to be able to sign your apps with a developer id; same as you need to be able to put apps in the app store. If so, that's a massive roadblock for open source apps and smaller devs doing their own distribution. I'll wait and see, but looks like my original thoughts were right about that.
posted by ArkhanJG at 12:08 PM on February 17, 2012

It's counter-productive. A system like Gatekeeper relies on the fact that the vast majority of apps will be signed -- even random free stuff you download on the Internet.

If you want to get into conspiracy theories, perhaps that's Apple's intent. Apple wants to frame applications from the App Store as more desirable because they're more secure. If half the time when you download a program from the internet you get a scary dialog, that kind of foments the perception in users' minds that everything not from the App Store is a virus.
posted by zixyer at 12:12 PM on February 17, 2012

I've always figured Apple really only wants one app per type. They want the single best app that fits the experiences. Not 50 apps that look like a dog gnawed on them like you have on Windows.
posted by Ad hominem at 12:15 PM on February 17, 2012 [1 favorite]

I wouldn't characterize it as a cash grab. I doubt Apple is making tons of money off of developer accounts. The thing that bugs me about it is that while $99 isn't a problem for commercial software developers, it places an unnecessary burden on authors of free or open source software.

Also, keep in mind that anything that comes in source form is unaffected by this. The problem is for people who distribute binaries. Most of the software I own is either commercial tools that I purchased, or stuff that I built myself. For folks like me, Gatekeeper will actually have minimal impact.

For people making free software who don't want to pay the fee, it's a simple matter of saying, 'Hold down the option key when you install this for the first time,' to bypass Gatekeeper.

For people who don't trust things they download from the Internet (my mom, for example), there's not going to be much change. She calls me on the phone when she downloads .zip files, because they are "suspicious."

The real problem is for indie devs who are tinkering and experimenting with software, releasing it online and asking people to pay for it, but not actually making enough money to pay for a developer account. Gatekeeper will increase their support time (explaining to people why it's okay to run their software, despite Gatekeeper's warning), and it will reduce the number of neophyte/paranoid users willing to "just give their app a try" without reading the instructions, etc.


If you want to get into conspiracy theories, perhaps that's Apple's intent. Apple wants to frame applications from the App Store as more desirable because they're more secure. If half the time when you download a program from the internet you get a scary dialog, that kind of foments the perception in users' minds that everything not from the App Store is a virus.

To reiterate, GATEKEEPER IS NOT ABOUT SOFTWARE IN THE APP STORE. It is about non-app-store software downloaded from the Internet by a web browser.

One of the reasons that tons of Apple developers are applauding Gatekeeper is that they have already paid $99 for access to pre-release OS builds for testing, bug tracking systems for macOS, and so on. Everyone I've read in that crowd is pretty happy about Gatekeeper this because it offers them an alternative to 'Put it in the App Store', while still doing something about malware.
posted by verb at 12:22 PM on February 17, 2012 [2 favorites]

In related news: Apple sold more iOS devices in 2011 than all the Macs it sold in 28 years

This has been written about on every tech website on earth today, but I'm not sure why.

iOS = very popular handheld device OS for $200 + contract.
Apple desktops = OS also-ran for $1000 that only recently cracked the 5-million units per quarter mark.

I would have assumed iOS outsold all Mac desktops 2 years ago.
posted by coolguymichael at 12:36 PM on February 17, 2012

OS X Mountain Lion will be Mac Store only, Apple tells us USB key will not be available

Between Lion Recovery, Lion Recovery Disc Assistant and DIY USB keys this was a pointless product from the beginning.

Interesting. I wonder if future MacBooks will even ship with restore media. These things are kind of becoming hybrid cloud/traditional computers.

The already don't.
posted by Talez at 12:38 PM on February 17, 2012

I wonder if future MacBooks will even ship with restore media.

Unneeded, you can boot directly into a recovery mode, and reinstall the OS by downloading it.
posted by Threeway Handshake at 12:38 PM on February 17, 2012

GateKeeper gives developers an option to sign their apps without having to sell them through the Mac App store, this is a good thing. So Valve, steam, and so on, who already have Apple Developer accounts, just need to generate a certificate for Steam and sign their code as well.

What more people should be up in arms about, and what is really going to be disruptive is services such as iCloud sync and Notifications are only available to apps sold through the App Store. Apple's justification of course being that you are using their services they provide to end users (notification systems are all routed through apple, and iCloud), so they want to inspect your code first.

> Interesting. I wonder if future MacBooks will even ship with restore media. These things are kind of becoming hybrid cloud/traditional computers.

They already don't ship with restore media. They have firmware boot partitions that can do net boot over the internet.

And they said that the Lion wouldn't have media either, until all the higher ed accounts and schools and enterprise groups mentioned their their 1-1 laptop initiatives.
posted by mrzarquon at 12:39 PM on February 17, 2012 [1 favorite]

GateKeeper gives developers an option to sign their apps without having to sell them through the Mac App store, this is a good thing. So Valve, steam, and so on, who already have Apple Developer accounts, just need to generate a certificate for Steam and sign their code as well.

And so does every single person who wants to sell their game through Mac Steam. That's the problem.
posted by kafziel at 12:42 PM on February 17, 2012

what is really going to be disruptive is services such as iCloud sync and Notifications are only available to apps sold through the App Store

Zero apps currently do this that you already didn't get from the App Store. And App Store apps can be "sold" for free. How is that disruptive?
posted by Threeway Handshake at 12:42 PM on February 17, 2012

I would have assumed iOS outsold all Mac desktops 2 years ago.


They already did years ago. This is only counting the number of IOS devices sold last year
posted by empath at 12:43 PM on February 17, 2012

And so does every single person who wants to sell their game through Mac Steam. That's the problem.

This is incorrect. The sandbox flag set on downloaded binaries isn't enforced at the OS level, it's enforced at the browser level. If Valve decides that the Steam App itself should set that sandbox flag, then devs distributing their work through Steam will need to pay apple to sign their binaries.

The decision to sandbox or not sandbox a downloaded binary is made by the application downloading the binary, not by the OS.
posted by verb at 12:44 PM on February 17, 2012

It's counter-productive. A system like Gatekeeper relies on the fact that the vast majority of apps will be signed

Exactly. I'm having a hard time figuring out why they would require... oh, hell, duh, just figured it out: without the fee, malware developers could just register a new account and rerelease a newly-signed version of their application every time their cert gets revoked. (Or sign up for a bunch on day one, release a hundred differently-signed versions of the same trojan, and count on only a percentage of them getting revoked.) Which would make the whole signed-code exercise kind of pointless.

The fee's still going to rankle a lot of small-time / indie developers, of course.
posted by ook at 12:44 PM on February 17, 2012 [1 favorite]

Okay, I haven't gotten through all of this thread yet but I just gotta say it loud and right now:

The day Apple locks down OS X completely is the minute that all the nerds switch to Windows or, more likely, some Linux distro. It's just not going to happen.

They won't do anything to lose the nerds.

I will eat twenty hats if that day comes. Twenty!
posted by wemayfreeze at 12:50 PM on February 17, 2012 [2 favorites]

From an admin perspective, what Apple better fix is deploying and managing App Store Apps.

They have the tools and information handy, but their AppleID backend is still seriously crippled. In a session on mobile device management I was at yesterday, it was a group of admins trying to work out the best way to manage the AppleID's required for the purchased apps (you can have 5 AppleIDs on each iOS device) and it is frankly a nightmare for an organization to buy / deploy apps for a group.

What they need is a "My Devices" tab for AppleIDs, that lets you see all the authorized devices that are logging in with that AppleID, and then also let you revoke that access (this would also fix the leaking iMessage issue). Then as a lab administrator for an organization, I can apply for an additional "My Organization" AppleID, which requires me to fill out forms or something, and then I can upload the UDID of my iPhones / Macs, whatever, and get a client side certificate. Then with an Organization AppleID, I could push silent installs / updates to any client or device that has the client certificate on it already, is listed with apple as a device that my organization owns or manages, and that I have the password for that org id.

Why Apple still has yet to provide the simplest "let me review my AppleID Devices" tab in iCloud. You sill have to have access to each device if you want to disable iCloud services (or you have to change your iCloud password), but you also don't have a way of seeing if someone else who has gotten your iCloud password is using it since you can't review what computers have accessed it recently.

Other things as a Mac Administrator I get to deal with: Apple has moved software updates for the whole system to the Mac Store, which means that being able to manage and redirect updates through my own campus server isn't an option until they have released what they are doing in Mountain Lion Server (which the PR doesn't have any swupd service at all from what I've seen discussed). Now if ML Server actually let me enter in my above mentioned org ID, and then automatically mirrored the software that the Org purchased, and let me do change control/management on that software for my clients, that would be great.

Maybe with all this programming bravado they are showing off by managing to release two operating systems a year, they can implement some of those above features.
posted by mrzarquon at 12:50 PM on February 17, 2012 [3 favorites]

Ok, so it's a cloud-OS then?

Yes, just like how FreeBSD, NetBSD, most Linuxes and god knows what else since at least the mid-90s are all a "Cloud OS."
posted by Threeway Handshake at 12:50 PM on February 17, 2012

> The fee's still going to rankle a lot of small-time / indie developers, of course.

It's $99/year for an Apple Developer account that gives you access to the latest software updates (i.e., this preview release). This account also lets you sign your Apps you are distributing, and access to a NDA covered forum to talk to other developers about your problems working on the Mountain Lion software.

If you are an independent application developer and don't want to pay $99/year to sign your own apps on your own time (considering that this also gives you huge access to apples developers library) then what are you doing wasting your time writing these Apple apps?

And guess what, if you are a company, it is STILL $99 A YEAR.
posted by mrzarquon at 12:54 PM on February 17, 2012 [1 favorite]

(You can also make your own recover USB thing very easily if you can't download it, even from a different computer.)
posted by Threeway Handshake at 12:55 PM on February 17, 2012

Fair point.

Sorry if that sounded harsh. It is just that I'm allergic to "inappropriate cloud" and I'm having a bad flare-up since I just sat through an engineering call to go over our newly bought "Cloud Email Service" from Microsoft: That we will host within our datacenters probably on the exact same hardware that currently hosts our "not cloud" email.

Cloud. Cloud. Cloud.

I do realize that iCloud is also called cloud, but the fact that I have no idea what even the server names are for it, and despite being a security engineer, I haven't honestly thought one time about exactly where or in what ways my iCloud files are stored. It is all pretty seamless, and just sort of magically all happens in the background. So it kind of is a "cloud."

Our Microsoft cloud mail thing, on the other hand, will have the same URL to log into it as our prior mail system.
posted by Threeway Handshake at 1:02 PM on February 17, 2012

If you are an independent application developer and don't want to pay $99/year to sign your own apps on your own time (considering that this also gives you huge access to apples developers library) then what are you doing wasting your time writing these Apple apps?

Because you're an open source developer supporting multiple platforms, but don't have much if any revenue stream to pay the $99 except out of pocket? You don't have to pay to not get the 'watch out, this stuff is dangerous' warning in addition to the 'you've downloaded this from the internet, are you sure?' on linux or windows.

More evidence that it does look like you're going to have to be a member of the mac developer program, not just have a developer account, to sign apps.
posted by ArkhanJG at 1:03 PM on February 17, 2012

Checking in my Applications directory now (codesign -dvvv /Path/to/app) looks like the following apps are already signed (and not from the mac app store):
Adium
Dropbox
Cyberduck
Google Chrome
Adobe CS5.5 suite
TextWrangler (apple signed)
VM Ware Fusion (apple signed)
Evernote (Apple Signed)
MS Remote Desktop Connection (last updated in 7/2011)

Some of the open source projects, such as Firefox and VLC currently aren't signed, but there is nothing stopping those orgs from using their company license (I mean, FireFox has the cash), to sign their official builds of their apps either.

Apple has supported Application Signing for a while, so folks knew some sort of enforcement around this was coming. And again, you can turn it off if you want.
posted by mrzarquon at 1:07 PM on February 17, 2012 [1 favorite]

Because you're an open source developer supporting multiple platforms, but don't have much if any revenue stream to pay the $99 except out of pocket? You don't have to pay to not get the 'watch out, this stuff is dangerous' warning in addition to the 'you've downloaded this from the internet, are you sure?' on linux or windows.

I'm trying to figure out if I know any open source developers who care about user experience enough to view the warning dialog as problematic. I know developers who yell at users for not having rooted iPhones; I doubt they will mourn the loss of users who don't realize they can turn off Gatekeeper's warning.
posted by verb at 1:09 PM on February 17, 2012 [1 favorite]

Yeah the $99 fee is a significant barrier for open source stuff, particularly for free Linux and Windows apps that are only begrudgingly ported to MacOS. Apple may not care about some funky scientific program that requires X11.app to run, but I do. But maybe a single-time override of Gatekeeper for that binary will be sufficient, I dunno. In general "you can turn Gatekeeper off" is no excuse; the system needs to work.

It'd be a significant gesture of goodwill for Apple to have an open source developer program that gave Gatekeeper to good developers for free. It's not like the $99 fee is a big revenue generator for Apple, it's just to cover the cost of administering the program.

I'm still confused on whether the certificate requires paying $99. I would assume so, but Gruber says explicitly "It’s a system whereby developers can sign up for free-of-charge Apple developer IDs which they can then use to cryptographically sign their applications." He's pretty careful about stuff like this but maybe was just mistaken.
posted by Nelson at 1:09 PM on February 17, 2012

Code signing is part of xcode; you need a developer ID though. It was added, along with sandboxing, as part of Lion. Devs can - and already been - signing apps that aren't distributed through the app store; often they just put the same build up that they also make available in the app store (most of the apps you list are also available in the app store)
posted by ArkhanJG at 1:12 PM on February 17, 2012

But maybe a single-time override of Gatekeeper for that binary will be sufficient, I dunno. In general "you can turn Gatekeeper off" is no excuse; the system needs to work.

At least in developer builds of Mountain Lion, you have to hold down the option key when launching an unsigned binary to override Gatekeeper on a one-time-basis. You can "leave it on" but option-launch apps that you know you want to run.

Again, the impact on people like you and I will be minimal. The issue will be for neophyte users who don't have the understanding or confidence necessary to make decisions about trustworthiness, and/or don't realize they can change the default setting, and are the target audience for developers who don't want to pay for a Developer account.

The actual impact of this particular policy on devs will be negligible, IMO, but I still think it's a bad idea for the reasons I've outlined above. Gatekeeper's effectiveness will depend on everything -- Everything! -- being signed. If normal users become accustomed to overriding Gatekeeper, it will be easy to game them into overriding it when malware attempts to install itself.
posted by verb at 1:13 PM on February 17, 2012

As an administrator, I would want to be able to manage fourth option on the gatekeeper side of things, which would allow me to whitelist applications that don't have signatures. Of course, making it possible to programmatically alter the whitelist is great for me when I need to push out changes to a hundred computers, but in the past, apple has made doing such things difficult because it could also be a security hole. It wasn't until 10.6/10.7 you could easily install root certificates without user interaction, there just weren't tools available that could do it from the command line without resorting to a bunch of loops to jump through.
posted by mrzarquon at 1:13 PM on February 17, 2012

Nelson: Developer ID's are free - if you're already a member of an appropriate developer program. They're optional. AFAICT though, you can't get a developer ID unless you're also a member of the mac or ios developer programs, both of which cost $99.
posted by ArkhanJG at 1:15 PM on February 17, 2012

He spins like hell, but he doesn't generally lie.

I'm still confused on whether the certificate requires paying $99. I would assume so, but Gruber says explicitly "It’s a system whereby developers can sign up for free-of-charge Apple developer IDs which they can then use to cryptographically sign their applications." He's pretty careful about stuff like this but maybe was just mistaken.

This is what I'm talking about. Gruber says "My favorite Mountain Lion feature, though, is one that hardly even has a visible interface. Apple is calling it “Gatekeeper”. It’s a system whereby developers can sign up for free-of-charge Apple developer IDs which they can then use to cryptographically sign their applications." And I'm sure this was written very carefully to be as misleading and deceptive as possible without technically being untrue. Because it defines "developer" as "Paid member of an Apple Developer program" rather than, you know, "developer".
posted by kafziel at 1:22 PM on February 17, 2012 [2 favorites]

You can register for a developer account free here, and gives you a developer id.

And I just remember, the safari extensions that Apple introduced in 5.1 need to be signed, but you can enroll and do that in their free Safari developer program.

So Apple not charging for this program is entirely possibly likely.
posted by mrzarquon at 1:24 PM on February 17, 2012 [1 favorite]

Screw it, I decided to check for myself. Signed up a (free) developer account. When you get to the developer ID section:

Developer ID
Developer ID is a new way to help prevent users from installing malware on their Mac. Signing applications with your Developer ID certificate provides users with the confidence that your application is not known malware and has not been tampered with.

and try to click through, I get this:

You do not have access to this resource based on your membership.

Access to technical resources such as pre-release software and associated documentation, and information related to distributing iOS or Mac apps on the App Store are benefits offered to Apple Developer Program members.

Either the Apple ID and password you entered is not associated with an Apple Developer Program, or the Program that you are enrolled in does not have access to this resource.

So yes, to sign apps, you need a developer ID, associated with a developer program; mac developer, which also lets you distribute via the mac app store, or ios developer, which lets you distribute via the iOS app store. I'm not sure if an iOS dev ID can also be used for non mac app store code signing , but either way, you're not going to sign apps so they don't get flagged by gatekeeper without coughing up the $99 for the mac developer program.
posted by ArkhanJG at 1:24 PM on February 17, 2012 [2 favorites]

You can register for a developer account free here, and gives you a developer id.

AFAICT, that's not true. It looks like you can only create a developer ID if you're already a member of the (paid) Mac or iOS developer programs; or if you can, I can't see how.
posted by ArkhanJG at 1:26 PM on February 17, 2012

> or if you can, I can't see how.

I have a paid account, so I can't see the screens you have. So Apple may not have the code ready yet to offer developer ID's for free accounts because of this (and they aren't worrying about it because free developers shouldn't have access to preview release software), or they are going to charge.

The program has only been public for 24 hours, from my experience dealing with Apple, there will be clarification about it one way or the other.
posted by mrzarquon at 1:31 PM on February 17, 2012

Ah, here we are:

What is the Developer Certificate Utility?

The Developer Certificate Utility allows Mac Developer Program members to request and download signing certificates for Mac apps. It also provides the ability for Mac Developer Program agents to register Mac App IDs.

Where can I access the Developer Certificate Utility?

The Developer Certificate Utility may be accessed by Mac Developer Program Members by signing in to Member Center or the Mac Dev Center.

----

So Mac Developer Program membership required; if you already have it, code signing is free. So gruber wasn't wrong, so much as misleading.
posted by ArkhanJG at 1:31 PM on February 17, 2012

As in, until yesterday, the only reason Apple was publicly acknowledging they had developer ID's at all was only for Mac App Store and iOS App signing (and the free Safari extension program).

For all they do, they are sometimes extremely slow at getting things like portals changed / updated on time.
posted by mrzarquon at 1:33 PM on February 17, 2012

How many OSX developers are there that aren't "Developers?" Is this a real issue?
posted by Threeway Handshake at 1:37 PM on February 17, 2012 [1 favorite]

Oh, I'm sure it may well change - not least due to developer pressure. I'm just trying to clarify where we're at, as there's been a lot of confusion over what gruber said vs ars technica etc said. As it stands today, you need a Mac Developer account to get a dev id for code signing. That may of course change well before mountain lion launches; the only people testing on it right now of course already have Mac Dev accounts in order to get the preview code in the first place, and as you say, nobody has actually *needed* a Dev ID unless they were also distributing via the Mac App Store or iOS store. With gatekeeper, that does change, so hopefully Apple will make Dev IDs available for those who don't sign up for the full Mac Dev experience, but still want to distribute OSX apps without their users getting additional warning notices.
posted by ArkhanJG at 1:38 PM on February 17, 2012

Here is the section about Safari Extensions, which should be accessible without having to pay for a Mac Developer account. There may be something similar coming out for none App Store certificates.
posted by mrzarquon at 1:38 PM on February 17, 2012

> How many OSX developers are there that aren't "Developers?" Is this a real issue?

Yeah, that is my other question.

I mean, if Adium is signing their code, then that is a pretty low bar in terms of small slowly updated OS X apps.

I guess a lot of this is conjecture, as I haven't seen statements from open source groups yet about if they plan to sign their code. I mean, I'm assuming the ones that are large enough to have donate buttons and collection some sort of money can create a company and get a developer ID that is owned by the project.
posted by mrzarquon at 1:50 PM on February 17, 2012 [1 favorite]

(You can also make your own recover USB thing very easily if you can't download it, even from a different computer.)

Most people aren't aware, but 10.7.2 also introduced another safety net for you here. If you use Time Machine to back up to a directly attached disk (i.e., not a network backup), your Time Machine backup disk is bootable. It'll show up when you hold option and boot, and you will boot into the Lion recovery system.
posted by secret about box at 1:56 PM on February 17, 2012 [1 favorite]

Real Security in Mac OS X Requires Apple-Signed Certificates, by the developer of Delicious Library.
posted by Blazecock Pileon at 2:09 PM on February 17, 2012

Yes, I've been able to sign up for the safari dev program, and now can generate a CSR to create a cert for signing safari extensions with. I was thinking about whipping up a 'hello world' app in xcode and see if I can sign it with a safari cert (none of my existing code is worth porting over), but given I don't have access to gatekeeper to test it on, it's a moot point - looks like Mac Developer certs for apps themselves, safari extensions and installers through the App store all use different root certs, so it's entirely possible gatekeeper will still flag safari certs. Or not. And since it could all change next week with a free gatekeeper cert program, kinda meaningless for now anyway.
posted by ArkhanJG at 2:13 PM on February 17, 2012

.
posted by finite at 2:49 PM on February 17, 2012

My guess is that the strategy goes something like this:

1) Initial period of free developer accounts for signing code (but no access to app store) to build up base of signed apps
2) No more free accounts; can only sign code through paid developer accounts
3) Option to turn gatekeeper off made very inconvenient (e.g., requiring command line hackery)
4) Developers (who already get access to app store through their fee, so it seems 'free' to them) strongly encouraged to move to app store
5) Gatekeeper retired; ability to (officially) install non-app store apps removed, although still possible through command line hackery
posted by Pyry at 2:53 PM on February 17, 2012

Pyry, you forgot step six, where an army of robots enslaves humanity until freed by Keanu Reeves
posted by DoctorFedora at 4:23 PM on February 17, 2012 [2 favorites]

I thought that was step 7.

The list I have says step six involves a blood sacrifice and the raising of a Jobsian GodHead AI.
posted by mrzarquon at 5:46 PM on February 17, 2012 [1 favorite]

Pyry, you forgot step six, where an army of robots enslaves humanity until freed by Keanu Reeves

If Matrix: Reloaded had ended with a Jobsian presentation instead of a long, flowery rant by a guy that looks like Col. Sanders... I think people would look back on that franchise far more favorably.
posted by sparkletone at 8:22 PM on February 17, 2012

I find this technology to be somewhat akin to the the banking industry. Credit and debit cards are now ubiquitous. They have many benefits: loss prevention, insurance, flexibility, paper trail, etc… but I still don't trust the issuers. And I still think that they think that they deserve to be in the middle of every transaction I ever make. Yes, the app stores help makes things more "secure" and yes, it is kind of nice looking for apps in one place and not having to bop around the web at places like macupdate, versiontracker (are they even still around?), etc. And Apple does provide another sort of service that many don't recognize: a filter. (badly needed… if you were ever familiar with versiontracker, you'd agree). But that still doesn't mean that I'm not suspicious. Sometimes I *want* to spend my money anonymously. Sometimes I want to shop someplace that doesn't take credit cards. And most of all, sometimes I don't want to GIVE MORE MONEY to the middle man for his "conveniences". I realize this announcement doesn't mean the end for third party installations, but it's getting closer by the day.

To those people lauding the store for giving small developers a way to make an income stream from small apps, I say HOOEY! That's just feel-good nonsense. How do I know? I'm a small developer. And I can say without question that I made more money selling product outside of the store than in it. Easily. And that's before I even count the annual entrance fee to the store, the pain in the ass amount of time I've spent screwing around with their certificates, and other distractions that take up time I could use to, oh, I don't know, write software.
posted by readyfreddy at 8:37 PM on February 17, 2012

The list I have says step six involves a blood sacrifice and the raising of a Jobsian GodHead AI.

I thought his undead corpse was already up and about, eating blogosphere babies.
posted by Blazecock Pileon at 10:15 PM on February 17, 2012

$99 a year is too much for developers? How can that be so? That's eight and quarter a month, is that sum really impossible, is it truly a barrier to entry?
posted by Brandon Blatcher at 7:35 AM on February 18, 2012

Or put another way: can someone cite an instance of a developer who truly said, "I can't develop for Apple because $99 a year is truly too expensive and I can not afford that"?
posted by Brandon Blatcher at 7:37 AM on February 18, 2012 [2 favorites]

Also more interesting, Apple is giving X11 the Java treatment: not part of the official OS support package anymore. Again, nothing too dramatic, and just about every instance I've seen use of X11 in professional or academic settings have been by people who know enough to install it on their own (and will be prompted to download/install it if they try to run a X11 app). And in instances where the user isn't expected to be in the know, such as a managed technical environment (ie, college campus, school, business office), their administrator will be able to install X11, just as we pre-install Java on machines now as well.
posted by mrzarquon at 3:02 PM on February 18, 2012 [1 favorite]

Or put another way: can someone cite an instance of a developer who truly said, "I can't develop for Apple because $99 a year is truly too expensive and I can not afford that"?

Frankly, the issue is less about professional developers who can treat that kind of expense as, well, a business expense. The issue is the ecosystem of experimental and "accidental" developers who fill lots of niches below the profitability line. There's a lot of research demonstrating that these kinds of user-innovators are the source of a lot of really important new developments, just as much as corporate R&D labs.

The idea that they won't be able to participate as equals unless they see themselves as "professionals," even if it's just a symbolic difference, is a fundamental shift. It won't have much impact on the software ecosystem, at least not for a few generations IMO. But it could be a tipping point as important as the elimination of Hypercard, in discouraging nonprofessional experimenters.
posted by verb at 4:23 PM on February 18, 2012 [3 favorites]

Those accidental devs can release as source code. OSX still comes with compilers.
posted by Threeway Handshake at 8:46 PM on February 18, 2012 [1 favorite]

Or put another way: can someone cite an instance of a developer who truly said, "I can't develop for Apple because $99 a year is truly too expensive and I can not afford that"?

Yes. ME.
posted by JHarris at 10:23 PM on February 18, 2012 [3 favorites]

You can afford a Mac to write/test your code on, but not the $99 to get the Apple Dev membership? Also we don't know if Apple has announced there will be a free dev certificate signing program yet (since currently only paying Mac Developers can see / use Mountain Lion to begin with).
posted by mrzarquon at 11:11 PM on February 18, 2012 [1 favorite]

You can afford the expense of drinking coffee every day but not the coffee drinkers license?
posted by jeffburdges at 3:49 AM on February 19, 2012 [1 favorite]

It's closer to "You can afford a $1500 espresso machine, but you can't afford a $100 coffee thermos?"
posted by empath at 7:08 AM on February 19, 2012

Maybe developers will decide to start making do with the $800 espresso maker that's not quite as beautifully designed but has lots of customizability. And no tax on the people who roast the coffee.
posted by Nelson at 9:16 AM on February 19, 2012

Which is why nobody develops for Xbox or Playstation or Wii.
posted by empath at 9:25 AM on February 19, 2012

No, it's why no one without financial motive develops for Xbox, Playstation, Wii.

I think you're being willfully obtuse, so there's not much point in restating what's already been said, but... $99 is no big deal to a company or commercial individual. It's a bigger deal for a small independent developer who's scratching by a spare time project. Why there's one right here, in this thread, saying so; it's terribly arrogant to dismiss him. It's also a significant barrier to projects that see the Mac as a sideline, a release they happen to make of their Linux project because hey, it happens to build on MacOS too so why not? I'll tell you why not, because making a legitimate release requires a registration and costs $99 and is a PITA.

It's not the end of the world, plenty of people will keep building software for the Mac. But it's gotten a little harder, and a little more expensive, and I wonder if Apple has fully thought through the benefit of funding their identification scheme vs. putting a new barrier in place for distributing programs for the Mac. I suspect they have and they just don't much care about the kinds of developers for whom $99 is a burden.
posted by Nelson at 9:32 AM on February 19, 2012

I'll tell you why not, because making a legitimate release requires a registration and costs $99 and is a PITA.

You can just disable gatekeeper, so I don't see what the problem is.
posted by empath at 9:36 AM on February 19, 2012

We still haven't gotten confirmation that there wont be a free certificate program at some point in the future. Again, the only people who currently have access to gatekeeper are members of the developer community who are paying for access to it. They also get XCode 4.4, while the free version available to non paid devs is 4.3.

Apple may in fact be working on trying to navigate some sort of way to verify an identity without charging $99, to keep the malware authors out in a way.

And none of this gatekeeper stuff keeps someone from distributing their application with a warning that yes, it requires you to disable gatekeeper to run, sorry, I can't afford to get signing certificate license (if it becomes a required paid program). Apple isn't charging them for access to the non pre-release IDE, or the SDK, or any of their tools.

I mean, what I don't get is this: What is the program being made by a linux coder that will compile and run under OS X without that coder having access to OS X/XCode? Either a java library using swing, a something compiled (or non compiled like ruby or python) that runs in the command line. Maybe something using QT or XWindows, and as I mentioned up thread, X11 isn't installed in Mountain Lion either, so the users of these applications, who from my experience are already knowledgeable and skilled in getting these apps to work, will have to do two additional steps in mountain lion: disable gatekeeper and/or install x11.

Those are the projects / programs I can imagine someone being able to build and compile for OS X without actually needing an OS X machine, and in fact, their instructions to the end user may already be "install XCode or this gcc .pkg, make / install this application on your own." MatLab is pretty damn close to that as part of it's instruction guidelines.

So I guess the pushback is this: what is this program or circumstances where an independent programmer can make an application the is compelling enough to draw in non technical users to want to use, but not compelling enough for them to turn off gatekeeper to run it? And also be such that the developer is able to accomplish this without using OS X, or if they are using OS X to code in, they could get the Mini and nothing else.

The three spaces I can think of that would require this would be indie game developers, k-12 educational programs where kids want to write their own programs, and developing countries.

But if the game is going to be compelling, I'd hope the developer would be compiling and testing it on a Mac. Which means they have a Mac, so they are almost there. I mean, if you want to get a windowed instance of the application it is pretty simple to do, but would still require it compiled and linked against Cocoa libraries, so if you are distributing a precompiled game for OS X, you need a mac to compile it for you. If you are charging for this game, then I'd assume you'd spend a % of the money on the developer license to get it signed. I guess if Valve sorts out the certificate signing thing as well, it would become the defacto distribution point for indie game developers in this situation.

K-12 education environments may be able to apply for the student license like Apple already does for colleges that allows for distribution of the apps on iOS devices among a 200 student group.

Developing countries does become a sticking point, and again, it will be interesting to see if this does shake down to becoming a paid only certificate program or not.

And then, there is also Kickstarter as a platform to raise money to get a Mac and the resources a developer needs to bring their compelling application over to OS X as well.

And I've stated before, I'd want Apple to add a whitelist, so I can authorize specific applications to run that don't have certificates, while not losing the ability to block unknown Applications from running without me first having say-so in it. That feature may be or should be in the works, atleast, I hope it will.

And the bigger divide I think people should be worried about isn't between Signed and Unsigned apps, but between Signed Apps and Mac Store Apps, and how the MSA's are allowed access to features that they can't get if they are just signed. That would really cause more in the way of user confusion and fracturing of the developer groups.
posted by mrzarquon at 10:12 AM on February 19, 2012

You can afford a Mac to write/test your code on, but not the $99 to get the Apple Dev membership?

1. Having to have a Mac to write code works against your point, not for it, by FURTHER INCREASING THE FUCKING COST.
2. Even so, Mac Minis cost ~$599, which is a more reasonable cost when you also get a computer that can do many other things. (But is less reasonable when you consider that Macs typically give you half the computer for twice the price.)
3. The Mac Mini I'd be using for development is borrowed from a friend.
4. Go to hell. Go directly to hell, do not pass GO, do not collect $200.

Also we don't know if Apple has announced there will be a free dev certificate signing program yet (since currently only paying Mac Developers can see / use Mountain Lion to begin with).

That's arguing from nonsense. You don't get to use that as a point until Apple actually announces it, or we even have a hint that they might announce it. (Anyway, my interest is iOS development.)
posted by JHarris at 1:32 PM on February 19, 2012

You can just disable gatekeeper, so I don't see what the problem is.

The problem is, for others to run your program they'd have to disable gatekeeper too, a program that then cannot perform its ostensible purpose of protecting your computer from malware.

Look at it like this. Apple requires developers to register their programs (and presumably exercise at least some editorial control) so it can be sure programs aren't malware. They offer to let people install outside programs by flipping a switch, but that disables checks entirely instead of using a finer grain. Thus, more people will be tempted to disable that switch, thus making malware much more of a potential problem. If 90% of people end up turning off that switch, then of what real use is the switch in the first place?

Did Apple do all this in order to purposely relegating open source and freeware developers to a ghetto? I actually give them the benefit of the doubt on that; I think they didn't intend it, but it's one of those cases where it wasn't a priority for them, so when they brainstormed solutions, those that harmed parts of the community they didn't so much explictly care about about looked more attractive than the increased difficulty of implementing harder solutions, so it ended up happening that way anyway. It didn't hurt that it also aligned with their strategy concerning App Stores.
posted by JHarris at 1:50 PM on February 19, 2012

Did Apple do all this in order to purposely relegating open source and freeware developers to a ghetto?

Also, I'd like to reiterate yet one more time: anything that's distributed in source form is unaffected. Only binaries downloaded through a web browser are affected by gatekeeper.
posted by verb at 2:05 PM on February 19, 2012 [1 favorite]

Also, I'd like to reiterate yet one more time: anything that's distributed in source form is unaffected.

Most users don't compile from source. When open source developers release software, they do it to produce binaries that other people, non-developers, will use. By limiting that audience, by either hard or soft means, they harm open source developers. So, I don't see how your statement is relevant; most people use open source software without compiling from source.
posted by JHarris at 2:32 PM on February 19, 2012

I guess as I've said it before, the best thing to hope for is there is enough backlash from the developers who have had a chance to get their hands on Mountain Lion that Apple enables a whitelisting feature, so there is a one time approval for a non signed application (or a self signed application) without disabling Gatekeeper.

Again, it is all conjecture at this point, from the time I've spent having to work with Apple, until they say something official, it can change at a moments notice. In fact, this may have been part of the new shift in Apple to actually test the waters and see how people will react to Gatekeeper, because pretty much my experience has been folks in Apple think of new ways to do shit, and don't always realize that there is a world that does stuff differently. Especially when it comes to IT and Enterprise work (see every 10.X.0 product not being able to bind to Active Directory at release, 10.5 in particular which didn't work when there was more than one DC in an AD environment). I've heard that they haven't broken AD in 10.8 yet, but that may just mean they haven't gotten around to "improving" that code.
posted by mrzarquon at 2:53 PM on February 19, 2012

And JHarris, I apologize for coming off as attacking you for not personally owning a Mac, but it's my job to make Apple stuff work, so the idea of wanting to produce / implement something for the Mac platform and not wanting a Mac is a different perspective than what I come from. I can understand the frustration re: iOS development requiring a Mac, but from working with both of them, I can see how so much overlap exists that Apple hasn't bothered porting their development tools to other platforms, since it would more require them writing tools from the ground up instead.
posted by mrzarquon at 3:21 PM on February 19, 2012

I foresee an anti-trust case or two in Apple's future, surely in Europe at least.
posted by jeffburdges at 5:28 PM on February 19, 2012

Not with a < 20% marketshare of desktop OS - no antitrust issue.
posted by Mid at 5:44 PM on February 19, 2012

I don't know, if MS doesn't get in trouble with their "unknown publisher" warning boxes in the EU (granted, the options presented the user are less drastic than Apple's) then I don't know if Apple will. And if they implemented a whitelist and allowed selfsigned applications on a one and done prompt basis (so atleast you could easily track the signature on the Allowed list, and if a future update of the app contained a different cert it would notify the user), they would easily be in the same level of functionality that MS is. However, MS may be able to skirt this issue by using third party codesigning groups, not MS themselves.

And I think this is the right page, but it appears that to get a certificate to sign code for Windows you have to start, GoDaddy is $199 a year, and Thawte is $299, and don't give you anything else.

So then maybe Apple is offering free codesigning as part of their (paid) Apple Developer program because it's cheaper than forcing developers to go with third party certificates. Granted if they accepted third party certificates then developers who already signed their Windows code could use the same certificates for the Mac binaries as well.
posted by mrzarquon at 8:19 PM on February 19, 2012

Microsoft unknown publisher warnings only appear once and run the app by default - it's the direct equivalent of the quarantine flag - and similar warning - on OSX 'net downloads, for the same reason, to make sure people realise they've downloaded potentially untrustworthy executable code instead of a jpg or whatever. An authenticode cert is only required for installation of drivers/kernel access etc. If you use one on a standard exe, it means you bypass even the download warning, so there are none at all.

On OSX, I don't believe the 'download' warning is bypassable for developers, unless they distribute through the app store of course. Now there is a 2nd serious warning that will run every time you run the app, that prompts you to put it in the trash - unless the dev pays the annual $99.

You seem to be thinking all OSX devs, and potential devs, buy a mac specifically to write OSX, and iOS apps. So what's the extra cost of a dev licence, which you'd be buying anyway for the pre-release stuff?

My boss at work (a school) is a bit of a mac nut, so all new PCs are now imacs running bootcamp instead. I have a 27" new imac in the office because he really wants to switch the default OS to OSX instead. I have a hackintosh running at home as my main quiet machine (writing this on it now!) and an elderly mac mini for the TV. I have written some little apps for my own use previously for some of the glue work tying linux and windows backends together. I've even shared them with a few fellow sysadmins. Now such apps would probably be written for OSX.
My code's fairly functional, but not pretty, as I'm not a coder by trade.

But much open-source software is written by people like me - to scratch an itch, to do something they can't currently do. I have what, 5, open source apps currently installed, including iterm2, quicksilver and komodo - all written to scratch an itch. They'd all need to sign up for the dev program, and pay the $99, or their users need to turn off gatekeeper. Which is a big incentive for end-users not to use their app, especially if they're not that clueful. And wasn't the whole selling point of OSX over windows is that you don't need to be technical?

Now, for larger commercial devs, or the big open source projects, $99 ain't that much. They likely already have a dev program acount for the team. For individual coders, either open source or small commercial app (of which there are a TON on OSX) who don't code for a living but for a sideline, buying a cert - and keeping it current, so bitrot doesn't catch up with them when the cert expires - it's a much bigger expense. It may be completely out of pocket. And if they don't cough up, their users will be that much more likely to pass over them and go with a big commercial project instead. And big commercial projects often start out as small ones, as they slowly build a user base. So such apps may well not be written in the first place, or will go for full-throttle commercial in the app store - after all, they've got to pay to get on the program to get in the app store to release stuff that doesn't nag the user every time anyway, so they might as well publish it that way anyway.

There's plenty of people who buy OSX, especially laptops, because they like the modern BSD underpinnings of it; I've heard it called linux with a pretty face. Plus of course, there's a resurgent market from people buying a mac because they're one of millions that have an iOS device. More members of my family have macs than windows; one a photographer, one a coder, one a scientist, and one a financial worker.

Given hackintosh's are so easy now - given apple's are basically commodity pc hardware under the bonnet - I wouldn't be surprised if a bunch of devs use those instead, which brings the price premium from a pc to mac down even further. Saying - oh, you can afford a $599 mac but not a dev licence is missing the point - they would have bought a computer anyway, though it may have been a $299 or $499 pc instead (example prices only, I work in sterling).

Having a paid dev licence needed to avoid the nasty warning for end-users, and having that dev program also give you access to the App Store - it's going to push a lot of devs into just using the App Store instead, and cut off a lot of the userbase of devs that don't, such as open-source (because of incompatible licences, amongst other reasons), who won't make that jump to pay up for something which was never much of a commercial project anyway. People like JHarris. People like me (potentially). People for whom buying a mac (or building a hackintosh) makes sense and code as a side-line.

As I've said, I hope Apple introduce a free cert program, like they have for safari extensions. But they haven't yet, and there's no guarantee they will. It's all part of the app storification of OSX to make it more like iOS - similar to the concerns about the sandbox you mention, and as someone who likes general purpose computing, it's a development I eye with a bit of concern.
posted by ArkhanJG at 12:17 AM on February 20, 2012 [1 favorite]

Amusing : Chinese lower court rules shops should pull iPads
posted by jeffburdges at 8:50 AM on February 20, 2012

Having a chance to do some testing, you can whitelist an app by disabling GateKeeper, launching an unsigned app, then enabling it again.

Future app's will still get blocked, but applications that were installed (and launched) while GateKeeper was disabled are allowed in. Not the easiest work around, but it shows that there is an updated list that the OS contains for authorized Applications that do not have certificates. So at this point it would be adding a dialog button to add the application to the default list, as I'd prefer that to Apple getting third party developers to tell users to disable gatekeeper as standard practice for app installation.

Also, as it stands, TextWrangler and Sparrow, both of which are signed by Apple according to code sign (and are in the App Store, so I am assuming are just signed with the same App Store cert), are blocked by GateKeeper. So either GateKeeper wants different signing criteria, or since these Apps haven't been updated with the latest certificate / Xcode signature yet, which means that there is still some things being sorted out (as I would have assumed anything signed with the same certificate for the App Store would be grandfathered in).
posted by mrzarquon at 9:48 AM on February 20, 2012

Wait a minute -- I thought the gatekeeper check was only on app installation, not every time the app launches; is that not correct?

Also a couple of people here have said it was possible to bypass it for a single app by just holding down the option key when starting the install, rather than having to disable gatekeeper altogether... Or have I misread that too?
posted by ook at 10:51 AM on February 20, 2012

Not the easiest work around, but it shows that there is an updated list that the OS contains for authorized Applications that do not have certificates.

Not quite. The issue isn't that the system maintains a whitelist of "grandfathered" apps, it's a flag that's set when you download a binary and unset after the first launch. Already-installed binaries don't have the flag, so Gatekeeper ignores them.
posted by verb at 11:19 AM on February 20, 2012

verb, you are correct. Pretty much with gatekeeper off, it lets you remove the quarantine bit flag as usual on the downloaded binary. With GateKeeper on, it only lets you remove the app from quarantine (and therefore run it) if it is signed.

I haven't had a chance to test it, but that should mean you can remove the quarantine flag via xattr -d com.apple.quarantine at the command line. I had to reimage the machine I was testing on for other reasons, I might get around to trying that when I can get another test machine handy.
posted by mrzarquon at 11:25 AM on February 20, 2012

I foresee an anti-trust case or two in Apple's future, surely in Europe at least.

Once you start researching what Gatekeeper is by reading about it, it is procedurally and functionally almost no different from what side-loading does for non-Android Market apps. You have to manually approve/install your side-loaded apps on Android — side-loading apps requires you to enable "Unknown Sources" in your Android device settings — just as you would manually approve/install non-certified apps via OS X by setting a radio button. So if Apple goes to court, I just hope the bureaucrats are fair-minded and take Google to court over their own restrictive technology.

Looking at this from the other direction, I wonder what users of non-Google approved devices (such as those like myself who installed a fork of an old Android build on an old iPhone) think about not being able to access apps through the Android Market. Personally, being actively prevented from accessing the Android Market seems like an anti-competitive action that hurts consumers, so I understand the concerns about Gatekeeper, on some level.
posted by Blazecock Pileon at 12:04 AM on February 21, 2012

Apple: developers now have until June 1 to sandbox apps for the Mac App Store

The Sandboxing thing is separate from Gatekeeper but definitely related. One of the big problems with sandboxing, as the article mentions, is that lots of generally useful utility apps have to do stuff that there just aren't defined permissions for. One of my favorite shareware tools, for example, provides a quick popup editor for your apache vhost files. Since those are (by default) stored inside of the system directories, there would be no way for the app to comply with the sandboxing rules -- there's no grant for editing system files, unless that's changed recently.

The sandboxing system is a good concept, but Apple is wisely pushing out the deadline. App devs don't need more time to migrate to it, Apple needs more time to make sure the available grants are flexible enough.
posted by verb at 12:06 PM on February 22, 2012

Once you start researching what Gatekeeper is by reading about it, it is procedurally and functionally almost no different from what side-loading does for non-Android Market apps.

These are PCs we're talking about. Excusing Gatekeeper because it's just like something on a mobile device is practically an admission of defeat.
posted by JHarris at 7:38 PM on February 24, 2012 [1 favorite]

I repeat - Gatekeeper is optional
posted by empath at 8:06 PM on February 24, 2012

For now it's optional. But sooner or later, running unsigned code will require you to register as a developer which will require you to pay $99 and be a citizen of one of the right countries, or to circumvent their security (the instructions for which are already illegal to "offer to the public, provide, or otherwise traffic in" under 17 U.S.C. § 1201).

At least 1984 wasn't like 1984.
posted by finite at 8:23 PM on February 24, 2012

Optional for us. Not optional for all those Macies who don't know how to turn it off. You know, optional like Internet Explorer on another OS. And repeat it all you want.
posted by JHarris at 8:51 PM on February 24, 2012

The answer is that all the innovation is happening in iOS and they're backporting it to OSX.
posted by empath at 1:21 PM on February 27, 2012

I just fired up an old dual 1GHz PPC powermac from about 2003, now running 10.5.8, and was horrified to discover it was faster and more responsive than my 8-core 2.4 GHz Mac Pro running Lion. Even my kids could tell the difference. Fast user switching was instant. "Whoah" came the chorus.

OS X is a big bloated mess now.
posted by unSane at 1:44 PM on February 27, 2012 [1 favorite]

At which point it stops being innovative and is just copying yourself. If Apple has built the success of iOS on the fact that phones are not personal computers, then it should go without saying that personal computers are not phones.
posted by Holy Zarquon's Singing Fish at 1:45 PM on February 27, 2012

At which point it stops being innovative and is just copying yourself.

They're just standardizing on one OS. They're innovating like hell on iOS. Everyone else is years behind them.

If Apple has built the success of iOS on the fact that phones are not personal computers, then it should go without saying that personal computers are not phones.

An iPad isn't a phone either. I think Apple is getting out of the personal computer business, at least the PC as you'd recognize it. It's a dying paradigm. The desktop metaphor and heirarchical file system and so on is a thing of the past. The difference between a display and a computer and an input device is going to get erased, more or less, and the idea that your data is sitting on your box at home where your software is installed is over, too.
posted by empath at 1:50 PM on February 27, 2012

I'm thinking of a PC as a device with a screen larger than my pocket, which has a hardware keyboard as standard issue, and has hardware that can multitask without catching on fire. Those things aren't going away.
posted by Holy Zarquon's Singing Fish at 1:56 PM on February 27, 2012

I just fired up an old dual 1GHz PPC powermac from about 2003, now running 10.5.8, and was horrified to discover it was faster and more responsive than my 8-core 2.4 GHz Mac Pro running Lion.

Anecdotal either way, but I've got a G5 dual 2.0 at home with 6 gig of RAM, and it's kind of a dog at 10.5.8. My work iMac, however, running 10.7 on this quad-core i7 -- I have no idea how much faster it is because everything is immeasurably fast. The bouncing icon in the dock metaphor is obsolete for most stuff, except Adobe products. I used to count bounces -- Safari, Chrome, Mail, etc. Are all ready to go before the icon is even at the top of the first bounce.

Also, with that app look & feel -- I'm not a big fan of the new Address Book or Calendar interfaces since 10.7, but they've gone too far in the other direction sometimes, too. I frequently lose track of whether I'm in Mail, iTunes or the Finder because of the blue left sidebar & the grey icons. I need a little differentiation just so I can orient.
posted by Devils Rancher at 2:12 PM on February 27, 2012

I'm thinking of a PC as a device with a screen larger than my pocket, which has a hardware keyboard as standard issue, and has hardware that can multitask without catching on fire.

So an iMac, then right? Which is just a display with a keyboard attached to it. And probably sooner rather than later, it's going to go all SSD, move document storage to the cloud and either will have a touch screen or will allow you to use an iPad as a touchscreen for it, and it will basically be running iOS.

I guess if and when Apple gets around to updating the MacPro, we'll know what their plans really are for 'the desktop'. I think they're going to drop them entirely and replace it with a 'workstation' concept that is more about hooking up external peripherals to notebooks and imacs as needed.
posted by empath at 2:28 PM on February 27, 2012

it will basically be running iOS

That's my point. It will be a computer with a 20-plus inch display, a keyboard (they may die eventually, but they're not on their way out right now, because touchscreens are a shitty, shitty way to type), and the processing power to walk and chew gum at the same time, running an operating system that was built from the ground up to compensate for a device with a three-inch screen, which makes external inputs optional, and which cannot run two programs at once without sacrificing stability.

That's really, really stupid.
posted by Holy Zarquon's Singing Fish at 2:35 PM on February 27, 2012 [1 favorite]