The way it's even implemented now is like the nightmare realized from everything Richard Stallman warned about for decades. Especially for non-technical users, they've practically implemented a system where Apple decides what software you are and aren't allowed to run on your own computer. They can muddy the issue by claiming it's for safety/security but I don't buy it. They could have made the override still clear but much easier to access.
Especially for non-technical users, they've practically implemented a system where Apple decides what software you are and aren't allowed to run on your own computer.
For non-technical users the choice is simple: either Apple decides what is allowed to run on their computer or cybercriminals do. After years of getting burned, non-technical users made their choice. I think it was the right one but the jury's still out for the future.
Perhaps one day these users will get squeezed out of computing entirely. That will be a terrible shame. The same thing is playing out with everything else though. Look at cars and household appliances.
Also, let's not fool ourselves. I'm not sure even most technical people running macOS or Linux would know if they had malware running. I probably wouldn't. It's not like antivirus is commonplace on those platforms.
The notion that you can reasonably have knowledge of and control over all the software that is actually running on your machine has not been realistic for decades.
My router was pwned, not once but possibly 3 times, and the major compromise I only discovered due to the third-party DNS filtering service I'd set up on it. It is practically impossible for any consumer to detect a compromised router, due to their embedded systems and lack of meaningful logging or diagnostics. Therefore I concluded that consumer routers are the weakest link in anyone's home network, and I was pleased as punch to begin renting one that my ISP manages. Peace of mind indeed.
My Windows 10 box became so bogged down that I was convinced it was running some undetectable malware. AV detected nothing, but after a critical look at open ports I just decided to wipe and go to Windows 11.
Here are some of the biggest risks today. Running third-party apps at all, unless they are absolutely necessary. I try to do everything possible with Google-provided apps within the Google ecosystem on my Android phone and the other devices as well, which limits the third-party attack surfaces. My Windows machine runs practically nothing outside of MS or Google. I don't need to.
Other big threats are beyond personal devices at this point. Connecting third-party SaaS to your accounts is a real problem. Facebook, Google Workspace, Slack, GitHub, any service that acts as a platform and runs third-party integrations, that's where you'll get bitten nowadays, and your local AV scans are powerless to shield you from footguns. Just to use HP printer features, HP wanted full, unscoped, read/write/delete access to my Google Drive!
Everyone's "hacked Facebook account" has really been just some stupid game that went rogue. Supply-chain attacks through browser extensions and the rest. Extremely difficult to police from the end-user's position, but deadly and dangerous, because they're out on the net and in the cloud.
I’m a fan of Stallman and his ideology toward computing as much as anyone but tend to think that the ship has sailed long ago. We are not living in a world where everyone who touches a computer has the knowledge or skill set to know a good idea from a bad one. Long-gone are the days when our passwords could be blank because the other guy using the system was also a kernel developer. And so unfortunately Stallman’s ideas are mostly a thing of computing utopia fiction.
It’s fine to let the experts worry about securing our systems. The Internet is safer for it. And it’s fine to not think so, too. But for those people, realize that the product may not be for you. That’s why we have a dozen flavors of Linux.
Defaults to. You can tell it to compile yourself, if that matters to you. I don’t see what the issue is here. Why is it a problem that it defaults to binary distribution?
> The biggest problem is that the defaulting to binary distribution also means that building from source is unsupported.
I don't think it means that at all. They're both clearly supported by homebrew — one just happens to be the default. You can always use -s or --build-from-source to build whatever package you are installing.
It's running the same compilation steps that the binaries are produced from. If you can get a binary through homebrew, you can compile it from source. It's just unsupported in the sense that the developers don't want to spend their time chasing down build issues on individual user's systems. You're on your own if you break your local build environment.
(Ignoring the packages that are just wrappers around closed source software and fetch binaries whether you compile from source or not. Those are the exception, not the rule.)
I mean, you can download source if you want to run it. It isn’t a complete nightmare yet. I think we’re still in a grey area. This will help some people still, though it’ll definitely hinder others (myself included).
Once you need to be in the apple developer program to build and run from source or something, that’ll be a legitimate nightmare. But we’re nowhere near that yet.
> Once you need to be in the apple developer program to build and run from source or something, that’ll be a legitimate nightmare. But we’re nowhere near that yet.
When Quarantine was released in Leopard, and Gatekeeper in Lion, and System Integrity Protection in El Capitan, and then "Allow from Anywhere" was removed as an option in Sierra... Each time, people were saying similar things. "Yea, it's bad, and it's getting consistently worse with every release, but surely we are nowhere near 'really bad' yet!"
To me these are clear security improvements; things are not getting worse. And there is absolutely no reason to think they'll be dropping support for endusers running their own compiled software.
The obvious end point would be the same as iOS, which is to say - you can run it to your heart's content, provided that you shell out for a dev certificate.
The fact that macOS is increasingly becoming iOS-like in both UX and approach to security is not obvious? It's pretty obvious to me from the past few macOS releases.
There are huge, important segments of the macOS user base that require the ability to compile and run their own applications, locally. macOS has pretty much taken over all of academic science & education, & personal workstations for government research. It is the default platform for developers of all kinds in Silicon Valley. As Steve Balmer once argued, it's developers that matter to the long-term health of a platform. Apple deftly captured that market by providing a beautiful and easy to use UNIX-like environment with high quality hardware and good design. If Apple locked down macOS the same way they lock down iOS, it would be the largest foot-gun in the history of computing.
Simultaneously, while the user interface of macOS has converged on iOS over the last half dozen releases and the ecosystems are more tightly integrated, not a single one of these changes has gotten in the way of developers running their own code. The situation now is no different than it was in 2006, for example. What has been made more difficult is running untrusted binaries downloaded from the internet. That's not the same thing.
One argument in favor of removing it (not saying it’s the reason or that they didn’t have other options) is that ctrl-click and open did not obviously do anything different. That is, whether you ctrl-click and open a signed app or an unsigned app, the command in the menu was just “open”, with no indication that you were overriding a security policy. Then the dialog it popped up wasn’t particularly distinct from the “first time run” dialog. There is an argument to be made that going to the security settings and specifically allowing an app is a more clear expression of intent. Kind of in the same way you probably want to open a file you download from the web, but good security practices means the browser doesn’t open it for you on download, you need to explicitly go do it.
That said there’s no reason they couldn’t have fixed either of those issues instead
> Once you need to be in the apple developer program to build and run from source or something, that’ll be a legitimate nightmare. But we’re nowhere near that yet.
This is the case for building and running things with restricted entitlements and system extensions.
Unless you disable system integrity protection entirely, which locks you out of your purchased App Store software, DRM content, etc.
What I'm referencing is that they removed `spctl --master-disable`. This was referenced in release notes that I read upon upgrading, and testing it on my own system confirms it is gone.
Care to explain the nightmare to someone who seriously doesn't get it?
I can run any open-source software I want. Other people can't run my precompiled binaries unless I opt into an attestation system that lets the OS respond to and pre-emptively block binaries from developers found to be issuing malware. Open source is unaffected.
I challenge you to find old software that still runs on modern Macs which was never code signed. Note that support for 32-bit applications has been retired, and x86 applications will eventually be sunsetted as well. This isn't Windows.
Indeed, the current state of affairs on the Mac is the consequence of Apple repeatedly making this kind of choice. That doesn't make it any less frustrating when things that worked before, stop working after.
> They could have made the override still clear but much easier to access.
The level of difficulty is absolutely intentional. For you, it's a small speed bump. For the guy on the phone with my grandma trying to hack her computer, it's more of a hill to climb.
And it is not even true and pure FUD. The most widely spread attack surfaces are different today, people wouldn't try to install malware on your machine.
And even if, we had issue with malware infecting iPhones like Pegasus. Locking down environments with these specific mechanisms isn't improving security.
I tend to not really care about these things as long as powerusers have a way around it. Yeah, it'd be great if everyone was technically literate, but most people simply don't care to be, and I think that's okay?
IMHO there's a huge difference between no freedom for anyone (iOS) and secure-by-default, freedom only for powerusers (macOS / Android / Chromebooks / ARM Windows devices) ¯\_(ツ)_/¯
