when woz cries
May 29, 2012 10:10 AM   Subscribe

 






They're making the wrong argument. The EFF and Woz will never convince Apple to open up iDevices because doing so is not in Apple's best interest, both in terms of reducing profitability and providing as stable of a platform as possible. Among other things, they've certainly noticed that Amazon is now making more money from Android users than Google is. And part of why the iDevices are as stable as they are is keeping users from installing kernel/root level applications. That stability and magic "just works" concept is at the core of the Apple experience.

The education that needs to be done is convincing users that they need and want open platforms.
posted by Candleman at 10:26 AM on May 29, 2012 [5 favorites]


That was not the elephant image I was expecting.
posted by entropicamericana at 10:26 AM on May 29, 2012 [3 favorites]


I love Woz, but those who wish to tinker, tweak and innovate (like myself) have been preferentially on Linux for more than a decade. I have a laptop running OS X as well, and it's really quite spiffy. But you want tinker and innovate? Linux Linux Linux.
posted by mcstayinskool at 10:27 AM on May 29, 2012 [5 favorites]


So change your System Preferences.

And with Apple moving closer and closer to the iOS model for Apps in OSX, how long will that preference be around?
posted by eyeballkid at 10:28 AM on May 29, 2012 [9 favorites]


This includes apps that let you tether your phone to a computer

I really don't think Apple is the one holding this one up, at least in the US. I believe that when tethering baked into iOS was announced, AT&T dragged their feet on making it available on their carrier-locked iPhones. For some of these things to happen, the carriers need to be shaken up, not just the device manufactuers. Look at AT&T locking the bootloaders of HTC phones.
posted by narcoleptic at 10:30 AM on May 29, 2012


Woz and the EFF should actually bother to find out how GateKeeper works before showing themselves look ignorant about it. They are embarrassing themselves and anyone who blindly follows them.
posted by Blazecock Pileon at 10:31 AM on May 29, 2012 [2 favorites]


The education that needs to be done is convincing users that they need and want open platforms.

I agree with this 100%, but I really have no idea how it will ever happen in a proactive way. Ubuntu is really dead simple to install and use now, but I don't see any sea change going on there. ChromeOS? Please.

The best hope for openness at the OS level is that it happens organically, through disrespected users fleeing from the increasing hubris and anti-competitive practices of players like Apple, or whoever is next on the top of the heap.
posted by mcstayinskool at 10:32 AM on May 29, 2012


I fail to see how this is any different than a Linux package manager requiring signed packages by default. *yawn* I think it's a good thing, even if you plan to turn it off immediately. The people who won't figure out how to turn it off are exactly the ones who need it, and their default protected status gives a kind of herd immunity for those of us who don't.
posted by mullingitover at 10:35 AM on May 29, 2012 [10 favorites]


It's an excellent editorial from EFF. I also fear it will fall on deaf ears. And I'm also discouraged; Android and its devices are significantly more open but it hasn't really resulted in more innovation or interesting stuff in the Android ecosystem. There's so much innovation possible even within Apple's locked down iOS that there's not much demand to get outside it.

To head off the "you can turn Gatekeeper off!" fallacy for MacOS, it's not that it's going to be impossible to run unsigned code, just more difficult. That's enough to cripple the market for unsigned code. "Please buy my app! To install it, you will have to turn off this hidden security preference but don't worry, it's totally fine."

So far Apple's said that the signatures for Gatekeeper are going to be no big thing, just a verification of identity and no restrictions on what signed apps can do. I hope they stick with that. Has Apple ever cleared up whether a developer will have to pay the $99 fee to get a Gatekeeper signing key? I've heard conflicting reports.
posted by Nelson at 10:36 AM on May 29, 2012 [4 favorites]


The worst thing about Android is that the quality of Apps is, well, not. You can find just about any kind of crap possible to download onto your phone. So depressing.
posted by KokuRyu at 10:40 AM on May 29, 2012 [2 favorites]


My iPhone does everything I want and more at the moment. This editorial doesn't do anything to convince me that I'm missing anything major. Nor does there seem to be a lack of innovation, to this casual user.
posted by Brandon Blatcher at 10:41 AM on May 29, 2012 [2 favorites]


Here's an example of something your iPhone can't do: act like an AirPlay Receiver to stream audio from a server in your house. Well it could do that, but Apple won't let it via a third party app.
posted by Nelson at 10:44 AM on May 29, 2012 [3 favorites]


As a developer of commercial and industrial products and open-source contributor who uses Linux whenever possible, I have to say that I absolutely approve of the default GateKeeper settings and of about two-thirds of Apple's lockdown of iOS; everything that prevents millions of Macs and iPhones from turning into the parasite-ridden and unstable Windows ecosystem with its trillions of dollars in hidden costs to society is, on balance, a very, very good thing and worth paying a bit of a price for.

The content restrictions on the other hand are a shitty way to behave; and there's way too much gatekeeper-with-a-small-gk gouging going on.
posted by George_Spiggott at 10:46 AM on May 29, 2012 [8 favorites]


> Has Apple ever cleared up whether a developer will have to pay the $99 fee to get a Gatekeeper signing key? I've heard conflicting reports.

Yes, you will need the $99/year developer license through Apple.

The Mozilla Dev team finally got around to signing up for an account, so future releases of Firefox will be signed as well.

The bigger thing about the iOS lockdown which became an issue as soon as the iPhone went to a subsidized phone model: jailbroken iPhones can be unlocked from the career. Apple allowing for a "hacker mode" of their phones where you can root them is not just counter to their walled garden / safe experience model / App Store gravy train, it is also going to make AT&T and other carriers flip their shit because there isn't any technical restriction to keep their customers on their networks anymore.
posted by mrzarquon at 10:54 AM on May 29, 2012 [1 favorite]


Once Apple starts enforcing the sandbox, we'll really see how restricted apps are going to be in their perfect world.
posted by smackfu at 10:55 AM on May 29, 2012 [2 favorites]


You can find just about any kind of crap possible to download onto your phone.

To be fair, most of the iOS app store is shit too. It's like the long brown tail.
posted by smackfu at 10:55 AM on May 29, 2012 [8 favorites]


Crap, I need to keep up with the OS news better; I hadn't heard about that secure boot UEFI bullshit. I dual boot Ubuntu with XP because I need to use Photoshop and Illustrator and like to build my own boxes. I still have XP because Vista is a steaming pile of excrement and I figured I'd upgrade to Win7 when I get around to eventually building a new PC. If GIMP and Inkscape were up to scratch I would have long switched to Ubuntu only. Now they want to hold my computer hostage from boot?! Fuck that noise.

And didn't MS learn their lesson the first time when the EU spanked them for browser monopoly?!

</back to the Apple discussion>
posted by romakimmy at 10:59 AM on May 29, 2012


To be fair, most of the iOS app store is shit too. It's like the long brown tail.

And yet a 50s futurist who predicted that people would pay hundreds of dollars to carry little electronic boxes that make fart sounds on command would have been called a crackpot.
posted by Copronymus at 11:03 AM on May 29, 2012 [8 favorites]


Nor does there seem to be a lack of innovation, to this casual user.

I would say it's more of a long term thing. Computer tinkering is followed roughly the same progression as automobile tinkering, in the early days you had to be an expert just to put one together and keep it running, later you could buy one pre-built and keep it running yourself if you knew how the internals worked, and eventually it got to the point where pretty much anyone could own one without knowing how it worked at all. So for cars the days of average car owners rather than hobbyists being expected to know how to do basic maintenance and tinkering are over, and because of that the percentage of people who know how to work on cars is much lower.

The people who are writing apps right now are mostly from a generation of computer users who had access to tinkerable computers designed around being able to make things, whereas the first generation of users who only see a computer as a way to interact with existing systems probably won't produce as many people with the kinds of skills to create the next big innovations. One of the major reasons why personal computers have resulted in so many innovations in the last 30 years or so while other major types of technology have more or less stayed the same is that massive amounts of normal people had the ability to create and distribute whatever new content they wanted with them.
posted by burnmp3s at 11:05 AM on May 29, 2012 [15 favorites]


They're making the wrong argument. The EFF and Woz will never convince Apple to open up iDevices because doing so is not in Apple's best interest, both in terms of reducing profitability and providing as stable of a platform as possible. Among other things, they've certainly noticed that Amazon is now making more money from Android users than Google is

Yes, and a lot of other companies made more money manufacturing and selling IBM PC-compatible machines than IBM ever did. And yet somehow Apple's PCs only ever managed to get something like 8-11% of the market. Even if they make less many for any individual involved in the ecosystem, open platforms will win out in the end, I think.

Apple won and earned a major head start in both the smart phone and tablet markets. What they should be worried about is how they are ever going to keep it when other platforms are a much better deal for both consumers and vendors-who-aren't-Apple.
posted by NathanBoy at 11:09 AM on May 29, 2012 [5 favorites]



I love Woz, but those who wish to tinker, tweak and innovate (like myself) have been preferentially on Linux for more than a decade.


And what will you run Linux on when no makes any hardware that will support it? That's where the article is pointing, most future growth in computing devices will be in the phone/handheld sector. You'll be free to innovate on old dead platforms to your hearts content.
posted by doctor_negative at 11:15 AM on May 29, 2012 [3 favorites]


To head off the "you can turn Gatekeeper off!" fallacy for MacOS

If it is a fallacy, then show us how GateKeeper prevents people from installing anything they want.

That's a pretty straightforward request to make from Woz/EFF/usual suspects, I think.

Otherwise, these folks look like they are just grinding their teeth over something they don't know much about-or it looks that way to real developers who do know what they are talking about.
posted by Blazecock Pileon at 11:15 AM on May 29, 2012


The EFF needs to stop handwringing and encourage the development of a solid open-software, cross-platform solution to trojans in the specific and malware in general, and make it faster, more convenient and more powerful than Apple's own implementation.

The biggest threat to open systems isn't the walled garden or Apple. It's malware, which is driving Apple and Android and Microsoft into walled gardens. The only way to lure them back out is to make it safe for their users.
posted by Slap*Happy at 11:15 AM on May 29, 2012 [3 favorites]


Crap, I need to keep up with the OS news better; I hadn't heard about that secure boot UEFI bullshit.

We had a huge fight about it a while back. Now, secure boot is (in my opinion) some nasty horsecrap, but keep in mind: this is only for the ARM version of Windows 8. ARM doesn't have a standardized platform like x86 and amd64 do; even without code signing, installing arbitrary OSes on ARM hardware is a seriously nontrivial undertaking.

Anyway, outside of ARM, Windows 8 certification on UEFI systems actually requires that installing other OSes is allowed.

Woz and the EFF should actually bother to find out how GateKeeper works before showing themselves look ignorant about it.

I found nothing in the sources to indicate that Woz had anything to say about Gatekeeper at all. I could only find quotes where he was talking about iOS.
posted by reprise the theme song and roll the credits at 11:16 AM on May 29, 2012


Apple, like Facebook is targeting the stupid market. They both provide a relatively safe internet experience for the "couldn't be bothered to understand how it works, just show me how to switch on" (aka the clueless) masses, which is good, because their customers get to use the internet, or at least what Apple and Facebook let them think the internet is.

They will be locked in not because they are, there will always be hacks and alternatives, but because they don't even realize or care that there are alternatives. All these people want is a commodity that works.

The more interesting question is whether whether any other players will be able to grab a significant share of the stupid market away from Apple and Facebook.
posted by w.fugawe at 11:20 AM on May 29, 2012


I hadn't heard about that secure boot UEFI bullshit. Only mandatory for Windows RT, i.e. ARM based windows 8 tablets or netbooks. For now, anyway. Standard desktops/laptops it will be turn offable, at the discretion of the OEM; it's not inconceivable that some big box builder with a hankering for lock down will remove the option from the EFI, but it's unlikely to be widespread on standard pcs.

Woz and the EFF should actually bother to find out how GateKeeper works before showing themselves look ignorant about it. They are embarrassing themselves and anyone who blindly follows them.

They were mostly talking about the restrictions upon iOS, but please, feel free to back that little ad hominem up with some actual facts about gatekeeper they got wrong.

"Like the iOS App Store, Apple takes a 30% cut of all software sold. The upcoming version of Mac OS X, Mountain Lion, will reportedly include warning messages that strongly discourage users from installing apps from sources other than the Mac App Store. Fortunately, it will be possible to turn this off in Mountain Lion and install apps from anywhere you want, but Apple is continuing down the dangerous road of making their products less open."

Gatekeeper will a) require being a member of the Mac App developer program ($99), and then b) signing your code. Of course, you're now already paying to distribute via the App store, so you might as well...

If you don't pay for a signing cert, end users will get a warning telling you not to install the app - with no direct way or advice on how to not cancel - and another warning when you launch the unsigned app. Unless the users knows to go into the security settings and turn that off. And isn't the point of Apple products that you don't have to fiddle with obscure settings? And I'm sure having the instruction on your download page 'first turn off application security settings...' won't make any end-users pause, and wonder whether they'd be better off getting that paid, clean, safe, cuddly expensive app from the App Store that also has a thumping great sandbox on it restricting apps from quite a few useful features...

And while I think it's *unlikely* Apple will refuse a signing cert to the mozilla foundation any time soon, there's nothing actually stopping them from doing so. It's not like they haven't yanked software or refused authorisation for no reason given many times with the iOS store - see the latest dropbox SDK issue that caused a whole bunch of apps to get blocked, for just one example.

Gatekeeper is another step toward the 'iOSification' of the desktop OSX, and some developers are justifiably getting nervous at where this is heading.
posted by ArkhanJG at 11:20 AM on May 29, 2012 [4 favorites]


Here's an example of something your iPhone can't do: act like an AirPlay Receiver to stream audio from a server in your house.

Totally cool, yet not something I have a burning desire to do or need.
posted by Brandon Blatcher at 11:20 AM on May 29, 2012


Nelson: "Here's an example of something your iPhone can't do: act like an AirPlay Receiver to stream audio from a server in your house. Well it could do that, but Apple won't let it via a third party app."

It works, but not that way. iTunes has home sharing, and I have a router that runs a DAAPD server that streams to my iPhone/iPad. I think the reasoning behind that is they're misusing the auth key that AirPlay uses.
posted by narcoleptic at 11:21 AM on May 29, 2012 [1 favorite]


There's so much innovation possible even within Apple's locked down iOS that there's not much demand to get outside it.

steven johnson has argued that "the closed architecture of the App Store and the iPhone OS has actually contributed to the generativity of the platform."

re: car tinkering & promoting open platforms (viz. the age of access)

If You Can't Fix It, You Don't Own It: "Manufacturers push new models every year with just enough style tweaks to make our last one feel obsolete. They use legal threats to keep repair manuals away from us and deploy so-called 'security bits' in new products to prevent us from opening our own things. They have even gone so far as patenting screw heads to keep us out of our stuff."

also btw here's ars on gatekeeper and mozilla's experience fwiw...
posted by kliuless at 11:28 AM on May 29, 2012 [1 favorite]


Apple, like Facebook is targeting the stupid market. They both provide a relatively safe internet experience for the "couldn't be bothered to understand how it works, just show me how to switch on" (aka the clueless) masses, which is good, because their customers get to use the internet, or at least what Apple and Facebook let them think the internet is.

Or maybe these people aren't stupid, but just want to work, or share photos, or connect with friends, or just use a computer without having to learn the finer details of TCP/IP networking or Linux kernels or whatever.

Some people find that threatening, I guess.
posted by entropicamericana at 11:30 AM on May 29, 2012 [7 favorites]


From the Panic blog:
There remains one thing that is of concern to me. Despite these great strides forward, Apple is walking a dangerous line with regard to features that are only available to App Store distributed apps. The two most prominent examples are iCloud and Notification Center. Cabel asked Apple if, thanks to Gatekeeper and Developer ID, App Store-only features would be eventually be available to signed apps that were not distributed through the App Store. There was some shuffling of feet and a “we have nothing to announce at this time”. It didn’t sound particularly optimistic.

It would be a shame if this trend continues, as it creates an artificial gulf between App Store and non-App Store apps. For example, as things stand today, we won’t be able to offer iCloud syncing in, say, Coda 2, when you purchase it directly from us. Only App Store purchasers would get that feature. Making matters worse is Apple offers us no real facility to “cross-grade” you from a direct purchase to an App Store purchase, should you change your mind.

There’s no real engineering reason that I can think of for this. It seems marketing or money-driven, and I think it’s un-Apple-like to chase the money at the expense of user experience in that manner. We hope they change their minds about that particular facet.
That means no iCloud sync for MS Office or Adobe products either as they are not (currently) Apple-signed, but self-signed.
posted by bonehead at 11:40 AM on May 29, 2012 [2 favorites]


And what will you run Linux on when no makes any hardware that will support it? That's where the article is pointing, most future growth in computing devices will be in the phone/handheld sector. You'll be free to innovate on old dead platforms to your hearts content.

Well, no. The fact that "most growth is in the phone/handheld sector" does not equate to making desktop and laptop computers "old and dead", except for corporate marketers and the buzz-frenzied tech media. Even if it did, we have a solid decade or more with these archaic beasts being part of our daily lives.

Also, the fact that Apple will try like hell to make the walls of their garden as high as possible, that will not stop people from getting alternatives to run on their hardware. Hell, you can wipe OS X and run Linux on Mac hardware today. And you're going to see tweakable Linux and other such things on most of the growing phone/handheld sector's hardware, without doubt.

I'm not one of those that continually talks about how Linux is going to win on the desktop (or whatever) eventually. But available on next-generation hardware? I'm not worried about that.
posted by mcstayinskool at 11:46 AM on May 29, 2012 [1 favorite]


If my Mac started keeping me from doing something I want to do, I would probably switch if there were a better alternative. However, I don't see this as a foregone conclusion. Gatekeeper seems like a practical step to make Macs more secure for casual users. I see a lot of hand wringing in this thread, but no suggestions on how to bolster security while remaining suitably open.

I think the EFF is a valuable watchdog for many things related to rights in the digital age, but I don't see what the big deal is here. As far as the argument that maybe someday we won't be able to buy hardware to run Linux on, I think it is more likely that someday we won't be able to buy anything (stuffed animal, crockpot, pair of pants, whatever) that doesn't have a tiny linux machine inside it.
posted by snofoam at 11:49 AM on May 29, 2012 [2 favorites]


Blazecock Pileon: Woz and the EFF should actually bother to find out how GateKeeper works before showing themselves look ignorant about it. They are embarrassing themselves and anyone who blindly follows them.

Yes. They're the ones who are ignorant. The remaining founder of Apple and the EFF. The problem isn't that knowledgable users can't disable Gatekeeper, it's that the majority of users, users who are not tremendously technically literate, precisely the users that Apple has courted since the original Mac was released, won't know this option exists unless they root around in System Preferences. That, combined with the wording saying the user SHOULD throw the program in the Trash, is the problem, and it's been explained enough times in the previous Gatekeeper thread that I'm going to have to assume you're being willfully obtuse if you don't see this.

KokuRyu: The worst thing about Android is that the quality of Apps is, well, not. You can find just about any kind of crap possible to download onto your phone. So depressing.

This is the same on either side of the mobile fence. I have seen so much crap on the Apple App Store. But both platforms also have some very good apps. At the moment, I think that race is a tie.

Nelson: Here's an example of something your iPhone can't do: act like an AirPlay Receiver to stream audio from a server in your house. Well it could do that, but Apple won't let it via a third party app.

That's not all. Because of Apple's App Store restrictions:
- You can't sell a PDF creator as a printer driver. Apple has removed an app from the store that used to do that. (I've forgotten what it was called though, and two minutes of Googling fails to reveal it.)
- What you can do with video cables connected to an iOS machine is a maze of cable and iOS versions and supported features. Some of these are Apple's doing -- the Cydia apps Resupported and DisplayOut get around some of them.
- Of course, you also can't sell emulators, or programming languages, or scripting engines -- which means no web browser that runs Javascript isn't Safari -- and if you sell anything through your app you have to give a cut to Apple.
There are more things too, I haven't been strict about keeping a list of things as I've noticed them. I probably should though, just so I can have it handy in iOS threads.

smackfu: Once Apple starts enforcing the sandbox, we'll really see how restricted apps are going to be in their perfect world.

It doesn't matter to some people. Whatever it is tha Apple does, you'll be able to find someone to say it's not only good and right but absolutely necessary to their prosperity/business model/survival as a company. I've seem people do the same thing with Nintendo products.

doctor_negative: And what will you run Linux on when no makes any hardware that will support it? That's where the article is pointing, most future growth in computing devices will be in the phone/handheld sector. You'll be free to innovate on old dead platforms to your hearts content.

In fact, I am actually feeling pretty good about this, because although it is true that mobile platforms are leaning heavily towards an utterly locked down, you'll-do-what-we-say-you'll-do model, behind them is the rise of radically open platforms like Arduino. If Apple and Google gets too grabby with their market lead and restricts users too much (and how much that is is a fluctuating value as different interesting applications for mobile devices arise), then eventually some manufacturer will create their own platform out of off-the-shelf parts and people can use that.
posted by JHarris at 11:52 AM on May 29, 2012 [7 favorites]


Gatekeeper is another step toward the 'iOSification' of the desktop OSX, and some developers are justifiably getting nervous at where this is heading.
The first "must-have" app that appears only on linux will signal the death of Apple -- and I expect the patent suits to start up at that point in earnest. But, I suspect that will not happen for a quite a while.

Gatekeeper is a great idea, and if you want to run software outside of the app store, you can turn the thing off. The people who it's targeted at will not be running software outside of the app store. Sucks for some developers, but it's not a issue of freedom -- I don't expect to be able to start busking in the local coffee shop without permission either. This violates many people's expectations of an Apple branding computer, but it isn't an issue of freedom.

There is, of course, this idea that suddenly you will not be able to turn it off. I suspect the day that happens is the day after the year of Apple's slide into irrelevance. And of course, the day after that, someone will jail break it. I can tell you that right at this very moment -- most computational heavy lifting is not being done by OS X machines, and will never be.
That means no iCloud sync for MS Office or Adobe products either as they are not (currently) Apple-signed, but self-signed.
This is a great example. Dropbox can't be sold on the App Store. I'm guessing they might not even be able to get a cert, we'll see. But this doesn't mean Apple will have it all locked up. If microsoft office and photoshop can't support syncing through iCloud, and people care enough -- they will use Dropbox. And they will hit that checkmark to disable gatekeeper to do it. If the platform becomes locked down such that they can't -- they will find a new platform if that new platform is smart enough to hit Apple's weak points.
posted by smidgen at 11:54 AM on May 29, 2012 [1 favorite]


Apple, like Facebook is targeting the stupid market. They both provide a relatively safe internet experience for the "couldn't be bothered to understand how it works, just show me how to switch on" (aka the clueless) masses, which is good, because their customers get to use the internet, or at least what Apple and Facebook let them think the internet is.

Congrats, you win the pretentious half-wit of the day award.
posted by empath at 12:08 PM on May 29, 2012 [8 favorites]


The first "must-have" app that appears only on linux will signal the death of Apple -- and I expect the patent suits to start up at that point in earnest.

We've been waiting 20 years, when is that going to happen.

Linux already crushed windows and apple in the market it's best suited for -- commodity servers. It's not a desktop platform, and it's never going to be. (Yes, I know people use it as a desktop, but it's a tiny minority)
posted by empath at 12:10 PM on May 29, 2012


Linux is not a desktop platform? Is there something that makes it fundamentally unsuitable for it? I mean, I admit that OS X is based on BSD, not Linux, but I can't imagine what BSD has that makes it better for desktops.
posted by NathanBoy at 12:18 PM on May 29, 2012


I would also imagine that many developers would want something that makes casual users more comfortable installing software. This, in turn, can help people do more things with their computers. It's not like developers boycotted iOS in disgust.
posted by snofoam at 12:19 PM on May 29, 2012


It's not a desktop platform

I have to assume you mean that Linux is not a successful mass market desktop platform, because it's certainly a perfectly capable desktop platform. Even for the masses, whether they choose to use it or not. Jebus, it's WAY easier to install and configure than Windows, which is still what the majority of people are using.
posted by mcstayinskool at 12:21 PM on May 29, 2012


Also, the old way of "signing" software was to put it on a disc, put that in a box with a little logo on the back that says windows or mac compatible and sell it in a store. It doesn't seem that strange that people would find value in a form of certification that works with contemporary (online) software distribution.
posted by snofoam at 12:22 PM on May 29, 2012


Some people find that threatening, I guess.

Not all. Used to be, before you were allowed to have a license to drive a car, you had to prove you knew how it worked, what parts the engine had, etc. and could do basic maintenance. Nowadays, all you need is the ability to drive. It's clear that understanding what makes a car work is irrelevant to using it.

Apple is making the need to understand the internet go away. This is a good thing. The vast proportion of the target market is, (its up to you whether you choose to take this personally or not, if you do, choose a synonym that's less hurtful) - stupid when it comes to the tech, but that doesn't matter. You can use the internet, or that part of it where they mediate for you, which is more than most probably need or care about, without having a clue what is going on beyond how to drive that cute gadget.
posted by w.fugawe at 12:30 PM on May 29, 2012 [1 favorite]


Jebus, it's WAY easier to install and configure than Windows, which is still what the majority of people are using.

It is? Easy to get Outlook and Office up and running? Cubase or Ableton Live? Flash? Games? Photoshop?

I get that it's easy to use if you're a developer and you just need a text editor and that's it. I'm a network engineer, I'm pretty familiar with using linux to code and manage routers and servers. It's spectacularly good at that. I still use OSX to do anything productive that isn't IT related, and Windows to play games on.
posted by empath at 12:32 PM on May 29, 2012 [2 favorites]


The vast proportion of the target market is, (its up to you whether you choose to take this personally or not, if you do, choose a synonym that's less hurtful) - stupid when it comes to the tech, but that doesn't matter. You can use the internet, or that part of it where they mediate for you, which is more than most probably need or care about, without having a clue what is going on beyond how to drive that cute gadget.

Yeah, I'm a network engineer who worked for a nationwide ISP. I'm pretty familiar with how the internet works. I have an iphone, an ipad, an imac, and an apple router. There's absolutely nothing I've ever wanted to do on the internet that Apple has ever hidden from me, except possibly tethering my iPhone, and that was an AT&T restriction. You have no idea what you're talking about.
posted by empath at 12:34 PM on May 29, 2012 [2 favorites]


which means no web browser that runs Javascript isn't Safari

What? As far as I know Dolphin and Atomic support Javascript.

Dropbox can't be sold on the App Store

Why not?
posted by jedicus at 12:35 PM on May 29, 2012


We've been waiting 20 years, when is that going to happen.
That was my point.
posted by smidgen at 12:41 PM on May 29, 2012


It is? Easy to get Outlook and Office up and running? Cubase or Ableton Live? Flash? Games? Photoshop?

Outlook? No. Evolution? Yes, preinstalled on Ubuntu I believe, and works with Exchange and is designed to provide an Outlook-like experience (shudder). Or you can use Thunderbird, which is a *much* better email client than either Outlook or Evolution. Or you can use Gmail.

Office? No, of course not, Microsoft doesn't make it for Linux. But Libre Office works great. Or you can use Google Docs.

Flash? My god, that's been sorted out a long time ago. It works just fine.

Photoshop? Of course not, Adobe doesn't make it for Linux (as are all of your other strawman examples). But I'm not a graphic designer, and neither are you. Use the Gimp, it's just as good for what you want to do as Photoshop.

Linux has come a LONG way. My original statement was that it was dead simple to get Linux up and running, and easier than Windows in this regard.

As far as the system after install, for most this means: does it have working networking right away, does it have a good web browser, email client, and something to author documents/spreadsheets/what have you. Can I install new software easily, can I update the OS easily, etc. On every single one of these things, Linux is now very simple, and I stand by the statement: MUCH easier than Windows. It's at least approaching OS X in that regard, but I will concede that Apple has effectively cornered the market on making a dead simple UI (Lion and the moves to iOSify their desktop is maddening to me, but I am not the target user, and I expect even those moves are fine for what they are trying to do).

I am not trying to make any argument that switching to Linux on the desktop is something everyone will be doing, but the old arguments of why Linux is only for developers, hackers, and nerds are really pretty much across the board false now.
posted by mcstayinskool at 12:46 PM on May 29, 2012 [1 favorite]


Dolphin and Atomic use webkit -- they are not custom made browsers in that sense. They are skins over the same core Safari is using.

Practically speaking, Dropbox will not be sold on the app store because it competes with iCloud -- I would be very surprised from a business standpoint. However, if you want to use Apple's excuse, dropbox needs admin privledges and to be able to start at login time -- both of which are non starters for App Store apps.
posted by smidgen at 12:48 PM on May 29, 2012


There's absolutely nothing I've ever wanted to do on the internet that Apple has ever hidden from me...

Flash.
posted by euphorb at 12:51 PM on May 29, 2012


Flash works fine on my Macbook. I don't need it or want it on my phone.
posted by empath at 1:00 PM on May 29, 2012


I should be clear and say the *Mac* app store. There is a dropbox app in the iOS app store -- but the way it works is substantially different (basically a mostly useless file browsing and upload app) than the way it works on a desktop computer (integrated into the file system). And, of course, dropbox supplies a SDK for other apps to use in iOS -- which not very coincidentally has run into issues on the app store recently.

But, Like I said, I'm prepared to be surprised...
posted by smidgen at 1:01 PM on May 29, 2012


iOS Apps using the Dropbox SDK were rejected (briefly) from the App Store because it was possible to purchase a premium Dropbox account through apps that used it, without giving Apple their 30% cut. It didn't have anything to do with Dropbox being a competitor to iCloud.
posted by The Lamplighter at 1:42 PM on May 29, 2012 [2 favorites]


> Use the Gimp, it's just as good for what you want to do as Photoshop.

That's exciting, if true. I want to put a brush stroke along a path, with tablet pressure simulated by the program.
posted by jfuller at 1:45 PM on May 29, 2012


There's absolutely nothing I've ever wanted to do on the internet that Apple has ever hidden from me...

Flash.


There's absolutely nothing I've ever wanted to do on the internet that Apple has ever hidden from me...
posted by elwoodwiles at 2:02 PM on May 29, 2012 [7 favorites]


Linux already crushed windows and apple in the market it's best suited for -- commodity servers. It's not a desktop platform, and it's never going to be. (Yes, I know people use it as a desktop, but it's a tiny minority)

It is a, if not the, desktop platform in one industry:visual effects. It works well in the conditions of that industry (hundreds of workstations running specialised software over fast hardware, with expert users and/or support staff) because the software's free (and the licence fees add up when you have hundreds of CPUs and monitors), the software's designed for specially trained users and there are already experienced UNIX admins hired to run the farms.

Apple tried to break into the industry by buying the compositing package Shake and killing the Windows and Linux versions. It died on the vine and packages like Nuke ended up taking that market. Similarly, while the GIMP is seen as a poor person's Photoshop alternative in the civilian world, in the VFX industry, it is widely used, and there are forks for dealing with high-dynamic-range image formats and such. Some of the professional attention trickles down into making GIMP look considerably slicker than many other Linux desktop packages.
posted by acb at 2:08 PM on May 29, 2012 [1 favorite]


Photoshop? Of course not, Adobe doesn't make it for Linux (as are all of your other strawman examples). But I'm not a graphic designer, and neither are you. Use the Gimp, it's just as good for what you want to do as Photoshop.

Unless you want to do something tricky and patented, like content-aware fill. Or use commercially available plug-ins.

As for music software, the situation's even grimmer. If you're the kind of techno-primitivist who needs to build their own instruments from oscillators and filters, you can use Pd or SuperCollider and sneer at the noobs with their MacBooks and copies of Ableton Live and ready-made softsynths. If you're still living in the early 1990s, you can get a USB MIDI interface, hook your Roland Sound Canvas up to it and use your Linux PC as a glorified MIDI sequencer. Or you can use various packages along the lines of Amiga trackers, which let you load up samples and sequence them at various speeds. Apparently you can now use softsynths and software effects on Linux as well, with the proviso that only open-source ones exist, so you're limited to a few standard filters/bitcrushers/delays and a generic analogue synth some guy once wrote which sounds a bit like a Roland Juno-6 only not as good. Meanwhile, the commercial music software landscape on OSX and Windows has stacks of plug-ins, from Native Instruments' Absynth to Korg's transistor-exact replicas of their analogue synths to all kinds of FX units.

It's the lack of music software (specifically, commercial music software) which made me buy a Mac in 1997.
posted by acb at 2:26 PM on May 29, 2012


because it was possible to purchase a premium Dropbox account through apps that used it, without giving Apple their 30% cut.

Apple has already won if you think this is a reasonable justification.
posted by smackfu at 2:43 PM on May 29, 2012 [4 favorites]


App Store because it was possible to purchase a premium Dropbox account through apps that used it, without giving Apple their 30% cut.
Yes, I know the circumstances.
It didn't have anything to do with Dropbox being a competitor to iCloud.
Apple just started flunking apps using the SDK on a technicality, they never contacted Dropbox. Dropbox had to do that -- and they had to play customer support telephone to do so. Trust me, Apple knows who makes the SDK. Why do you think iCloud even exists? This is willfully naive.
posted by smidgen at 2:47 PM on May 29, 2012 [2 favorites]


I'm not crying too hard for Dropbox since Dropbox broke their damn iOS client a while back and refuse to fix it. (They helpfully resize your photographs (and other documents?) to fit your iOS device screen and if you want to zoom in on a photograph, well, too bad!)
posted by entropicamericana at 3:15 PM on May 29, 2012 [1 favorite]


Apple has already won if you think this is a reasonable justification.

Apple has already won, full stop. It's all over but the shouting until cortical implants become the next big thing.
posted by entropicamericana at 3:17 PM on May 29, 2012 [1 favorite]


But Libre Office works great.

The Excel- and Word-a-likes (Calc and Write I think?) are great, which is 90% of what most users need. The Access- and PowerPoint-a-likes still need a ton of work before they're usable for general users who are familiar with their MS equivalents.
posted by Lentrohamsanin at 3:31 PM on May 29, 2012 [1 favorite]


Well, no. The fact that "most growth is in the phone/handheld sector" does not equate to making desktop and laptop computers "old and dead", except for corporate marketers and the buzz-frenzied tech media.

While I doubt the desktop computer will die in the next ten years, I would guess that most consumers will stop using them well before that. That means if you want to write software for consumers you'll be writing it for a phone/tablet. Given that there are rumors about Apple going to all ARM processors and killing off the Mac Pro tower, the desktop format may be around but underlying hardware and architecture will be drawing heavily from IOS. My guess is that whatever OS XI will be, it will be a lot more like IOS than OSX.
posted by doctor_negative at 3:44 PM on May 29, 2012


Apple has already won if you think this is a reasonable justification.

Well let's not get needlessly apocalyptic here. Apple's not the antichrist.

Apple has already won, full stop.

But also, let's not call victory. From what I read, iOS has a bit of a lead on Android, but it's not actually that huge. From about six months ago: iOS vs Android: Lots of stats, little clarity.
posted by JHarris at 3:44 PM on May 29, 2012


(Argh, but further reading finds people claiming either that Android is faltering, or taking the lead. Stupid tech pundits.)
posted by JHarris at 3:47 PM on May 29, 2012


Anil Dash just posted a detailed set of historical resources on locked down computing, starting at Microsoft Palladium and heading to Apple Gatekeeper and Windows SmartScreen. It is certainly remarkable how strong the reaction against Palladium was compared to current responses to Apple and Microsoft's new efforts.
posted by Nelson at 4:02 PM on May 29, 2012


If one were to anthropomorphise the race between iOS and Android, it would look like iOS starting with a commanding lead and Android gradually closing in, getting closer and closer, until, when it was almost within reach, the horde of zombies shambling behind it caught up with it and dragged it down. The zombies, of course, represent malware and carrier/OEM-mandated skins/crapware/“enhancements”.
posted by acb at 4:07 PM on May 29, 2012 [1 favorite]


What? As far as I know Dolphin and Atomic support Javascript.

These are both just wrappers around Safari. It's not as simple as using webkit as mentioned up thread either. Chrome uses webkit, but will never see an iOS version since it has it's own branch of webkit and, more importantly, it's own javascript engine. You'll also never see Firefox on iOS either. You can't put a "real" browser on the app store.
posted by markr at 4:08 PM on May 29, 2012


That means if you want to write software for consumers you'll be writing it for a phone/tablet.

Oh, god, I hope you're wrong; when I think about the depressing possibility of such a world I want to get out of the computer business altogether.
posted by Mars Saxman at 4:09 PM on May 29, 2012 [1 favorite]


JHarris: "But also, let's not call victory. From what I read, iOS has a bit of a lead on Android, but it's not actually that huge."

O RLY?
posted by mullingitover at 4:21 PM on May 29, 2012


Oh, god, I hope you're wrong; when I think about the depressing possibility of such a world I want to get out of the computer business altogether.

Why are you so attached to having a plastic box under your desk? Even tablets and phones are temporary. Eventually the idea of a computer will disappear entirely as chips and displays become completely ubiquitous and nearly invisible.
posted by empath at 4:26 PM on May 29, 2012


The vast proportion of the target market is, (its up to you whether you choose to take this personally or not, if you do, choose a synonym that's less hurtful) - stupid when it comes to the tech, but that doesn't matter.

No need for a new synonym--just keep calling people stupid. That strategy has worked great for Linux advocates thus far.
posted by box at 4:34 PM on May 29, 2012 [3 favorites]


I'm basically a Linux neck-beard and have been for more than a decade. I'll never own a machine that I can't administer and control.

That being said, I think hiding the ability to install untrusted applications from naive users on a closed system is a great idea. Not because they are "stupid" but because average users don't have the ability or the inclination to properly vet their software. They are software consumers who want software to do what they bought it for.

As for the usability of Linux today, I think many people would be surprised. I use KDE on Kubuntu. It is easy to install and use and has plenty of eye candy. I never need to use awk, sed or perl to make normal-user type activities work.

If you like using OSX, then go on using it. I don't feel "threatened" at all. I'm happy with my alternative. If you find yourself not liking OSX after a time, consider trying Linux. It really is getting better all the time.
posted by double block and bleed at 5:02 PM on May 29, 2012


It is certainly remarkable how strong the reaction against Palladium was compared to current responses to Apple and Microsoft's new efforts.
Remarkable... and terrifying. In the short term, yes, Apple's walled garden is pretty nice, but in the long run it's a horrible place to end up. People understood this when Microsoft was the instigator, but now that it's Apple everyone is falling over themselves to explain why it's so great.
posted by aspo at 5:05 PM on May 29, 2012 [1 favorite]


People understood this when Microsoft was the instigator, but now that it's Apple everyone is falling over themselves to explain why it's so great.

Or you could just uncheck a checkbox. There's that option, too.
posted by Blazecock Pileon at 5:08 PM on May 29, 2012


If you need to get people to uncheck that checkbox to install your software it isn't going to happen in any size that matters. Yes, for you this is no big deal, but for "users" it is.
posted by aspo at 5:15 PM on May 29, 2012


Yes, and it is also will stop people from installing trojans. Which everyone should be grateful for. Everyone complains about lack of security, but then they complain about security. You can have security or convenience. Pick one.
posted by empath at 5:25 PM on May 29, 2012


Apple, like Facebook is targeting the stupid market. They both provide a relatively safe internet experience for the "couldn't be bothered to understand how it works, just show me how to switch on" (aka the clueless) masses, which is good, because their customers get to use the internet, or at least what Apple and Facebook let them think the internet is.
posted by w.fugawe


I know you've clarified these remarks, but they're still missing a key point. There's a large segment of computer nerds that use and prefer macs. I was a 'I want to do everything, understand everything, build everything' guy myself in my twenties. Once I was in my thirties I realized I didn't want to spend my time on any of that, so I switched to the mac.

If you think a large segment of Mac users aren't advanced users, you are flat out wrong. Now, I have no doubt that gatekeeper is making some in the crowd nervous, and are in a wait and see mode. I agree with those that say 'when I can't do something on my iPhone that I want to do, that's when I'm concerned'. But it hasn't happened yet. When I hear 'but android is open', my first question is 'and what does that allow you to do that makes me jealous'. It hasn't happened yet. Until it does, I'm fine with the positives (and their ARE positives) of a more controlled system.

From the Panic blog:

Perhaps we can not only select the paragraphs that support your point. Here's more:

Other than that though, we think Gatekeeper is a bold new feature that should do wonders for the security of your Mac for years to come. Even though their rapid pace of development is at times difficult for us to keep up with, we are excited that Apple continues to aggressively push the envelope when it comes to keeping Mac OS X safe and secure.

-----

Yes. They're the ones who are ignorant. The remaining founder of Apple and the EFF.

They are obviously not ignorant, but just because it's Woz doesn't mean he's right and we should all just move on to the next topic. I hope that's not what you're implying.

Woz is a smart guy, smarter in some areas than others. What Apple 'should' do probably isn't one of them. I'm not sure that the opinion of someone (ignoring the plane crash) that last worked at Apple 25 years ago should be taken as gold. I think he's coming at this from a user perspective. He wants to tinker. Great. But Woz isn't exactly your average computer user.

But both platforms also have some very good apps. At the moment, I think that race is a tie.

I think you're in the minority in that opinion. Two years ago it wasn't close. Much closer now, but I've used both on average I still prefer iOS twitter apps, read later apps, etc. And I'd rather pay for my apps than have ad supported apps, another key difference.

It doesn't matter to some people. Whatever it is tha Apple does, you'll be able to find someone to say it's not only good and right but absolutely necessary to their prosperity/business model/survival as a company. I've seem people do the same thing with Nintendo products.

And for some people it doesn't matter what Apple does, they'll find fault and criticize and hate them, because that's what they do. So I'm not sure of your point.

Yes, and it is also will stop people from installing trojans. Which everyone should be grateful for. Everyone complains about lack of security, but then they complain about security. You can have security or convenience. Pick one.

Perfect example. If Apple was more open, with the result being more security problems, we'd have a thread condemning Apple for ignoring what surely they knew was coming. Can't win.
posted by justgary at 5:40 PM on May 29, 2012 [2 favorites]


If you need to get people to uncheck that checkbox to install your software it isn't going to happen in any size that matters.

What do you think Windows and Linux people do when they install Flash, toolbars or other plug-ins these days? "Users" are happy to type in their admin-level usernames and passwords, click buttons, and otherwise do whatever an installer will tell them to do in order to get the software installed — even if the installer is malicious, which is what motivated the invention of a very meager barrier like Gatekeeper in the first place.

Until the day that radio buttons disappear and we are compelled to buy all our OS X software through the App Store, this remains a non-issue, despite the best efforts of partisans to make it something else. And if the hypothetical End Times should come about and we OS X users have to get all our software through Apple and only Apple, then feel free to call them out on that — and, frankly, as an OS X user I'll be right there with you, because as an open-source developer, I would find that problematic for being able to distribute my software to scientific colleagues.

But until this hypothetical situation arises, this seems to be as much hand-wringing over nothing as it was months ago. It is virtually no different than Linux package managers restricting default builds to default repositories — in fact, it is even worse for regular end users on Linux, because you have to manually add alternate repositories. For the level of user for whom Gatekeeper is intended, default Linux installations include a more restrictive policy and more complicated technical barrier to installing third-party software, than selecting a radio button in OS X.
posted by Blazecock Pileon at 5:44 PM on May 29, 2012 [1 favorite]


Developing an app used to cost nothing but time. Now, if you want other people to use your app, you'll have to pay Apple a $99 per year tax (without which no codesigning, without which Gatekeeper will block it). I started coding because it was free (Apple provides developer tools at no cost). I published my app as a free app because, well, the tools were free to me. It's a fun hobby, and I believe many people benefit from my app. But I probably would never have started coding if the $99 tax had been in place, if only for the butterfly effect. Also, adding codesigning for Gatekeeper in practice means using the latest tools, which means dropping support for older macs.
posted by jabah at 7:44 PM on May 29, 2012 [3 favorites]


They can still install your free app, even if you don't sign it.
posted by empath at 8:17 PM on May 29, 2012


just because it's Woz doesn't mean he's right

Actually it's more than that.
wrong : right :: right : woz
Or "wrong is to right as right is to woz." Or to paraphrase Mr Spock, "I should say that to be Woz is to be as far above being merely right as we are above the amoeba."
posted by George_Spiggott at 8:54 PM on May 29, 2012


Why are you so attached to having a plastic box under your desk?

I'm attached to having a keyboard. A computer without a keyboard is effectively a read-only device, a client only, not suitable for serving data or doing real work.

I'm attached to having something I can control. Phones and tablets, as they currently exist, tend to be closed platforms - and Apple's devices are the worst.

The whole point of the personal computer revolution was that you could have a machine of your own that you could use to do whatever you wanted, and nobody could tell you "no". You didn't have to beg for time from the mainframe priesthood, you didn't have to submit jobs to the computer department and get the results back later; you just used the machine yourself.

Phones and tablets don't offer that. You can do that limited selection of things the manufacturer wants you to be able to do, and if you don't like it, all you can do is hope that some clever hacker has spent a lot of time finding a way to break out of the walled garden, and then hope that the loopholes stay open long enough to be useful.

This is not an improvement.
posted by Mars Saxman at 11:02 PM on May 29, 2012 [2 favorites]


If you need to get people to uncheck that checkbox to install your software it isn't going to happen in any size that matters.

Somebody needs to explain to the Federation Against Software Theft that nobody's running warez or keygens, because people won't turn off their anti-virus software in sufficient numbers to make software piracy a credible threat.
posted by PeterMcDermott at 1:58 AM on May 30, 2012


> Why are you so attached to having a plastic box under your desk?

I'm not, but I am attached to hardware hacking. The more restrictive the form factor and internal space constraints are, the harder it becomes to build white boxen.

I'm also attached to not having the bootup process p0wned by some vendor or government agency, and I expect homebuilt white boxen will be among the last to go down this particular road to 7734.
posted by jfuller at 9:11 AM on May 30, 2012 [2 favorites]


BP, what matters is the obscurity of the process. Most users won't know about the Gatekeeper setting, and it's within Apple's power to both A. include a link to the setting in the dialog box, with a note like "If you'd like to stop seeing these notices, go here" and B. take out the language saying the application should be moved to the trash.

If Apple did both of these things, my concerns over Gatekeeper would not be eliminated, but they would be greatly eased. They seem obvious to me. The fact that they seem obvious, yet Apple has either not thought of them or has decided against it, leads to the perception that Gatekeeper security measures have an ulterior motive, and the most likely one is a plan to move OSX towards an iOS-style, locked-down model.

Anyway, I have to correct you -- I never have to enter my system password on Windows 7 except when logging in, which uses the dark-screen security prompts, which for all the missteps Microsoft made when introducing them with Vista seem to work pretty well in 7. If Apple is really doing this to cut down on password requests, it seems there are less problematic ways to go about it.

justgary, yeah, that's what I'm implying. Woz is God. We should all bow down before him. SHEESH.

As for people who criticize Apple regardless of whatever they do, well, DUH. It's the internet, a place where there's a word for people who just try to make others mad! You can find someone here hates anything, whether it be a software company, political party, system of thought, movie, or pony.

The fact that Apple has been staggeringly successful as a company lately has increased this, which is actually a healthy reaction -- people tend to not want anyone accumulating too much power, Apple, Microsoft, Google, anyone.

What Apple has that they don't is people who assume they're right first and justify it after. But Apple is a corporation, and thus amoral, and not anyone's friend, not mine or yours. On this matter, it doesn't even seem to be Woz's. It doesn't need missionaries.
posted by JHarris at 9:51 AM on May 30, 2012 [1 favorite]


I don't know, Lentrohamsanin, I do a lot of presentations using LibreOffice's presentation software, and I find it to be indistinguishable from PowerPoint. I guess that this is due to the fact that I don't use flying clip art and the like in my talks, because I know that there are lots of features that PP has which LO doesn't, but it's not a problem for me. Is there a showstopper that you have in mind, featurewise?
posted by wintermind at 10:53 AM on May 30, 2012


JHarris: "BP, what matters is the obscurity of the process. Most users won't know about the Gatekeeper setting, and it's within Apple's power to both A. include a link to the setting in the dialog box, with a note like "If you'd like to stop seeing these notices, go here" and B. take out the language saying the application should be moved to the trash."

If you don't even know how to google 'how to disable gatekeeper' you probably shouldn't be installing apps willy-nilly on your machine in the first place.

There are all kinds of annoyances in OSX that power users end up resolving via the even more obscure command line interface (hello, enable command+F to search in iTunes). Disabling gatekeeper will the power user will really just amount to adding one more entry in this bash script.
posted by mullingitover at 11:39 AM on May 30, 2012 [1 favorite]


If you don't even know how to google 'how to disable gatekeeper' you probably shouldn't be installing apps willy-nilly on your machine in the first place.

Oh, you are so grossly misstating things. I expect Apple should be thrilled to consider that their vaunted, easy-to-use computers would ever require a user to Google up a procedure that has to do with day-to-day use. That's the kind of crap we'd expect from Microsoft dammit.

And... how will someone know to Google "Gatekeeper" if that word isn't on the dialog box? How will they know there's a controversy, and serious concerns about this approach to security, and that this is a feature that should, or could, even be disabled?

Of course one could (and, here, has) argued this is by design -- warn about everything Apple hasn't curated. My responses to that attitude is, 1: it's a bigger world than Apple can supervise, 2: not a few people are offended to be grouped in with malware by default unless they pay Apple to say otherwise, and 3: even setting aside that insulting fee, Apple rejects apps for far more reasons than maliciousness, and this policy will likely group malware in with a lot of legitimate software that Apple doesn't like for other reasons, just like on iOS.
posted by JHarris at 11:56 AM on May 30, 2012 [2 favorites]


If you don't even know how to google 'how to disable gatekeeper' you probably shouldn't be installing apps willy-nilly on your machine in the first place.

Ding ding ding. If the Mac is going to be both of

- A general-purpose computer that can run any program anyone can imagine, like you or I want it to be
- A stable and not easily corrupted information appliance suitable for someone with who doesn't have IT skills and shouldn't have to learn any;

... then something's got to give, and this is basically it. By default, you're warned off installing arbitrary, non-curated programs. If you know WTF you're doing and are prepared to deal with what comes of installing arbitrary programs from anywhere, prove it by finding this oh-so-hard-to-find-radiobutton and changing it.

This seems like the only model that can allow both worlds. Having said that, if Apple wants to be non-assholish about it, they could allow the user to select other, well-respected curators besides themselves. But I suspect that will never happen barring some future FTC or DOJ suit like the the one that eventually made Microsoft allow you to choose other browsers.
posted by George_Spiggott at 11:59 AM on May 30, 2012


We don't WANT people to disable gatekeeper. Gatekeeper is a good thing. It stops people from installing trojans without really going out of their way to do it.
posted by empath at 12:12 PM on May 30, 2012


By default, you're warned off installing arbitrary, non-curated programs.

Apple is not curating it in any way.
posted by empath at 12:12 PM on May 30, 2012


JHarris: "And... how will someone know to Google "Gatekeeper" if that word isn't on the dialog box? How will they know there's a controversy, and serious concerns about this approach to security, and that this is a feature that should, or could, even be disabled?"

If you don't know what it is, you are exactly the person who needs it.

I'm thinking about my mother and my sister here. They're the archetypal non-technical users, and I've purchased cheap windows laptops for them in the past. Invariably they end up infested with malware and somewhere between useless and dangerous within a month. Gatekeeper is a godsend for my family IT guy needs. If there's something they need installed, I can remote desktop into their machines and install it myself, or tell them "It's safe to ignore the warning in this and only this case." I'd otherwise prefer that they left it running and don't go off the reservation.

As for the cost, it's 99 bucks. That's enough to be pocket change for a serious developer, but creates create a reasonable barrier (and a paper trail) for someone who'd sign up for an Apple developer account with intent to create something malicious.
posted by mullingitover at 12:16 PM on May 30, 2012


Apple is not curating it in any way.

You're right, I was conflating the App Store with the signing requirement. But they should allow the user to choose signing authorities in addition to themselves. (And presumably won't until someone makes them.) Corporate users should have an internal certificate authority, for example, that would allow users who are forbidden to change this radiobutton to install internal company software.
posted by George_Spiggott at 12:21 PM on May 30, 2012


George_Spiggott: "Corporate users should have an internal certificate authority, for example, that would allow users who are forbidden to change this radiobutton to install internal company software."

No need for that when you can install the software for them, remotely.
posted by mullingitover at 12:24 PM on May 30, 2012


A stable and not easily corrupted information appliance suitable for someone with who doesn't have IT skills and shouldn't have to learn any

Define easily. There was not a lot of OSX malware to begin with, and on the Windows side where it's obviously more of a problem, almost all malware takes advantage of exploits in existing trusted software (such as a web browser or PDF viewer) to execute and propagate rather than relying on the user to execute a new untrusted program. And in the cases where the malware does require the user to run untrusted software, the scheme will involve directing the user how to disable or dismiss any warnings about untrusted code (such as allowing an ActiveX control to execute). I don't think this particular feature is that bad if it can be turned off easily, but in general a signed code scheme is not necessary or sufficient for an overall security system that is effective in protecting a user against malware.
posted by burnmp3s at 12:25 PM on May 30, 2012 [1 favorite]


burnmp3s: "Define easily. There was not a lot of OSX malware to begin with"

I think that's been in part thanks to security through obscurity, but as OSX gains market share they become more enticing to malware developers. Security in OSX isn't exactly perfect right now.
posted by mullingitover at 12:36 PM on May 30, 2012


Well the article you linked to is talking about the same kinds of exploits that were most likely responsible for the Windows malware you mentioned a few posts ago, which code signing on its own does little or nothing to stop. I'm not saying that code signing is completely pointless or cannot be part of a sane security system, it has positives and negatives like any other security feature. But comments from you and others claiming that non-technical users "need" this security component to be protected from malware are not really true. It could be an effective security features, but since it's not actually preventing any specific attacks right now it's hard to measure that effectiveness, and like any kind of restriction it comes with trade-offs that can sometimes be more trouble than they're worth in terms of effectiveness to hassle ratio (see Vista's much maligned security system).
posted by burnmp3s at 1:06 PM on May 30, 2012


It's specifically going to prevent the only kind of malware which ever had a wide installation base on OSX, a trojan that the user installs himself.
posted by empath at 1:22 PM on May 30, 2012


empath: "It's specifically going to prevent the only kind of malware which ever had a wide installation base on OSX, a trojan that the user installs himself."

I don't think Flashback required any action on the user's part, but yeah, generally this is how Mac trojans get around. Flashback was 100% on Apple and their failure to get a Java update out the door in a reasonable timeframe.
posted by mullingitover at 1:31 PM on May 30, 2012


No need for that when you can install the software for them, remotely.

True as far as it goes, but IT is largely self-serve in today's corporations. It is quite the normal case for users to be able to find software linked on the corporate intranet and to install it themselves. Yes, the push model is used but in my experience, only for required updates, not for application- or task-specific software, and they wouldn't thank you for making every request have to be manually fulfilled by the IT department.
posted by George_Spiggott at 2:11 PM on May 30, 2012


George_Spiggott: "True as far as it goes, but IT is largely self-serve in today's corporations. "

To some extent yes, but normally if an organization has internal tools that everyone uses they'd be installed by IT before the machine is given to you. Plus (at least at the corporation where I work) a huge portion of the tools are web-based and don't require installation.
posted by mullingitover at 4:11 PM on May 30, 2012


The Access- and PowerPoint-a-likes still need a ton of work before they're usable for general users who are familiar with their MS equivalents.

I don't know about PowerPoint, but Access isn't even in the Office versions intended for general users - you need to get the Professional or Professional Plus version, it's not in Standard, Home and Business or Home and Student editions.
posted by robertc at 4:55 PM on May 30, 2012


On "curation," hm, you are right, I was mistaken on that point.

"If you don't know what that is, you're exactly the kind of person who needs Gatekeeper."

No, this isn't exactly true. There is a whole range of users between stereotypical Clueless Aunt Edna and the kind of people who read up on semi-obscure Mountain Lion features. Users should be careful about what they put on their machines, but they shouldn't be fearful. We should be empowering users to learn about and use their magic boxes, not pre-approving a list of spells.
posted by JHarris at 8:04 PM on May 30, 2012


I would like to know if I'm downloading something that hasn't been signed, and have the option to not install it. I'm not sure why you would not want to know this.
posted by empath at 8:50 PM on May 30, 2012


JHarris: "Users should be careful about what they put on their machines, but they shouldn't be fearful. We should be empowering users to learn about and use their magic boxes, not pre-approving a list of spells."

Actually I'm completely OK with them being fearful. They should be, if the computer is holding any data that is dear to them. The current problem is that people *aren't* fearful enough, and then they shit their pants when their computer fails and they lose their life's work/crucial business documents/yadda yadda. I'd be OK with a monthly popup saying "Your hard drive has failed and you've lost all data that wasn't backed up." Followed by a popup saying "Just kidding. But it could've been. Think about that and maybe back up your data."

And we seem to be going in circles, but I'll keep coming back to the fact that Gatekeeper can be disabled trivially by anyone with a small to mid-sized clue of how to use the google. Users are more empowered now than ever before. They're empowered to install signed code and not have to worry about getting their computer trojan'd to hell. And if they want to be power users, they're empowered to learn how to do that, and the information is freely and widely available.

To return to the tired old auto analogy: if you can't be bothered to find a manual on car repair, perhaps you shouldn't go taking a shot at doing your own brake job.
posted by mullingitover at 10:51 PM on May 30, 2012


Implementing UEFI Secure Boot in Fedora, in which a Linux distribution goes through insane hoops to be able to run on Microsoft's mandated secure boot hardware in late 2012 PCs. "it's not really an option to force all our users to play with hard to find firmware settings before they can run Fedora".
posted by Nelson at 10:34 AM on May 31, 2012 [1 favorite]


It's just a painful situation all around. A real vector of malware is to replace the bootloader. Secure boot is a way around that. The theory is hardware vendors include keys for all the OS providers that they allow to run in secure boot mode. Red Hat doesn't want to get a key, because they don't think it will be included. So they are taking advantage of a service Microsoft is providing to piggyback off their key, since everyone knows that Microsoft's key will be included. It seems like people complaining about this don't really have an alternate solution.
posted by smackfu at 12:34 PM on May 31, 2012


It's just a painful situation all around

Yeah, it's just disappointing that somehow both Apple and Microsoft are converging on solutions that give them more control over what software runs on computers. And in the iOS case, gives Apple a nice 30% cut of all purchases made even on websites linked unto the seventh generation. Sometimes it feels like security is the excuse for the vendor lockdown, not the actual motivation.
posted by Nelson at 2:59 PM on May 31, 2012 [1 favorite]


It's just a painful situation all around. A real vector of malware is to replace the bootloader. Secure boot is a way around that.

Except that boot sector viruses are just about the easiest things to find and fix in the world. I'm surprised anyone even bothers making them anymore.
posted by JHarris at 8:00 PM on June 1, 2012


Given that there are rumors about Apple going to all ARM processors and killing off the Mac Pro tower

Rumor: Apple Is Giving the Mac Pro One Last Chance
posted by homunculus at 1:22 PM on June 6, 2012




GateKeeper has Manual override
If you receive an alert that an app is from an unidentified developer, you can still choose to install it. Control-click the installer or the application icon to reveal a contextual menu. Choose Open and you’ll see a dialog that allows you to install the application.

You can install an app without having to disable gatekeeper system wide.
posted by mrzarquon at 4:25 PM on June 11, 2012


> Except that boot sector viruses are just about the easiest things to find and fix in the world. I'm surprised anyone even bothers making them anymore.

That was the old boot sector ones.

The new boot loader ones are the ones that involve built in hypervisors and use virtualization, so the operating system a user boots into is actually running as a guest OS in the compromised system. It can't actually be detected by the running OS, and instead needs external verification (i.e., a signed certified from the bios) to verify that it is indeed running on an untampered and secure piece of hardware.

Who needs a key logger in the OS when you can record all the traffic over the network card and usb interfaces?
posted by mrzarquon at 4:34 PM on June 11, 2012


If you receive an alert that an app is from an unidentified developer, you can still choose to install it. Control-click the installer or the application icon to reveal a contextual menu. Choose Open and you’ll see a dialog that allows you to install the application.

Sigh. We all know what Gatekeeper does by now, how it can be bypassed or disabled. We don't disapprove because it's impossible to override. If that were true it would be a lot worse, although some people would defend it regardless.
posted by JHarris at 12:14 AM on June 12, 2012


On boot loader viruses: wow, fairly insane. Thanks for the info mrzarquon.
posted by JHarris at 12:15 AM on June 12, 2012


Anyone know what Linux distribution Linus runs on his Mac Book Airs?

Any opinions on Ubuntu vs. Mint vs. Debian for the Air? I'd choose Ubuntu all else being equal.

Any idea if HFS+ support has improved? Is ext3 the best choice for the shared partitions? ext2fuse vs. fuse-ext2?
posted by jeffburdges at 5:31 AM on June 12, 2012


> We don't disapprove because it's impossible to override.

For me the thing is that isn't some tech tip hidden on a website, or in Apple's developer notes.

It's a feature on their list of 200 features in Mountain Lion. They are at least acknowledging it is a difficult balance between the two areas.
posted by mrzarquon at 1:19 PM on June 12, 2012




« Older A Dragon Approaches   |   I got 3000 miles to go now...and my feet are... Newer »


This thread has been archived and is closed to new comments