Any user who does not like Gatekeeper can turn it off on their machine in ten seconds by running this in a Terminal:
sudo spctl —-master-disable
People will say, no, that’s too big a hammer, it’s not safe… but then, like, what do you actually want? Either you keep Gatekeeper because you like the friction it introduces, or you don’t like that friction and you should go turn it off. Pick one, you obviously can’t have both!
Of course, you as the developer can’t make this choice for your users… but isn’t that as it should be? The user decides what code is allowed to run on their machines. And the default setting is restrictive because anyone who knows what they’re doing can easily change it.
P.S. Meanwhile, on iOS there’s no way to install unsigned software at all, and on Android (starting soon) the process takes 24 hours instead of ten seconds. That is actually ridiculous because it’s taking away user choice.
P.P.S. To be clear, modern macOS has plenty of other restrictions which can’t really be turned off and which I find super annoying. Gatekeeper just isn’t one of them.
Edit: I’ve just learned that as of Sequoia, you have to also tick a box in Settings after running the Terminal command. So maybe it takes 30 seconds instead of ten seconds. That’s mildly more annoying, but still doesn’t really seem like a big deal to me.
kqp 5 hours ago [-]
> what do you actually want?
Give me the ability to choose what I trust. “You can either trust Apple and nobody else, even yourself, or you can trust literally everybody” is obviously not a good faith implementation of this. Apple excels at steering the narrative with false conflation and false dichotomy, I’d also remind you of the came-and-went secure boot debate, which Apple successfully steered into Apple owns the encryption keys vs no encryption, and people just kind of forgot to ask, wait, why can’t I have the keys to my device?
wolvoleo 3 hours ago [-]
Exactly, Apple is making this a black and white choice on purpose. To make it unattractive to bypass them, and introduce legitimate security concerns if you do so. But those don't have to exist if the options were more fine-grained.
The same with SIP (system integrity protection). You can turn it off but then you have to turn it all off.
There's no way to keep secure boot but bless your own changes and sign them in some way, that you have approved. You know, as the owner and admin of your own computer. It's either leave it to Apple or be completely on your own. And to make the choice even more uncomfortable they also disable some features like running iOS apps.
dangus 4 hours ago [-]
I think you should read up on how secure boot works with macOS and alternate operating systems before speaking this negatively about the implementation. Apple is already giving you exactly what you’re asking for.
It’s not really even that different than a PC motherboard that gives you “Windows UEFI” and “enroll my own keys” as options.
As far as code signing, again, what do you want Apple to do here? They already gave you a master switch to turn it off. You are free to turn it off then implement your own third party code signing solution if you’d rather choose who you trust. It’s not Apple’s fault if nobody else decided to make their own trust repositories and the only alternative on the market is to have no safeguard at all.
And let’s not forget who Apple markets their computers to. These features aren’t for you and me, they’re for the non-technical customers who will absolutely get pwned by unsigned code. Go to the MacBook Neo marketing page and try to find a single image of someone writing code or even being gainfully employed.
Nevermark 2 hours ago [-]
This is that false dichotomy.
You can turn off all protection, as you point out. So who Apple markets Neo's to isn't a factor.
> Apple’s fault if nobody else decided to make their own trust repositories and the only alternative on the market is to have no safeguard at all.
Does Apple provide a means for enabling third party trust systems, without disabling Apple's protections in general? If not, that is a serious problem of Apple's choosing. Nobody (to a first order approximation) want's to dispense with Apple's protection, or re-implement it, but to be able to carve out exceptions for specific classes of software.
wpm 53 minutes ago [-]
If you can enable a third party trust system you completely open it up for abuse. If I put my threat actor hat on, I love your idea because now I have an alternative codepath to try and exploit (where you do store third-party trusted roots for code-signing/notarization evaluations that cannot be tampered with, how do you load them, verify them, etc), but now instead of having to dance around bypassing Gatekeeper, I can just try and convince the user to install my certificates and voila, my malware behaves like a legitimate app.
Apple's root of trust for the OS and thus anything that passes AMFI/Gatekeeper scans is built into the hardware. There is no safe mechanism for introducing other roots of trust that is worth the effort.
If you don't trust Apple, why the hell are you buying their computers at all?
F7F7F7 2 hours ago [-]
Sounds like you should pick something other than MacOS.
wlesieutre 1 hours ago [-]
Right, all they need to do is convince every end user they’re trying to distribute software to that they’re using the wrong OS and should replace their MacBook with something running Linux. No problem at all.
novafunc 8 hours ago [-]
Rather than just having the options "Done" and "Move to Bin", give me an option to actually run it without having to manually go into System Settings each and every time without disabling security features?
The added friction feels more like a way to force developers to pay Apple an annual fee for distributing rather than for my safety. Not saying it doesn't help with safety, just that it's more weighed to the former.
plufz 8 hours ago [-]
I also have things I want to change in gatekeeper, but that feature is not one of them. Just gut feeling but I would say 110% of all users, would just click ”start” on every unsigned app if it was that easy.
Affric 5 hours ago [-]
Bingo. I know I would.
I am the king of knowing immediately when I have fucked up.
“Undo” has made us far too comfortable with mistakes.
weaksauce 5 hours ago [-]
they could do it like they do it for accessibility settings. you have to opt in for an app and you need to know damn well if it is a reputable app before giving those controls over. there's enough friction in that that it is not done by many apps but not hard enough that it's a huge ask to whitelist the app.
ceejayoz 8 hours ago [-]
> give me an option to actually run it without having to manually go into System Settings each and every time without disabling security features?
People reflexively hit yes to these things.
mrbombastic 6 hours ago [-]
Just make it a semi-hidden multistep option like browsers when you visit a site with a bad cert, just annoying to leave what you are doing go to system settings and fiddle.
ceejayoz 5 hours ago [-]
I mean, that's basically what it is.
Wowfunhappy 8 hours ago [-]
> without disabling security features?
With Gatekeeper turned off, you’ll still get a warning on first launch which you can easily click through. (Unless Apple changed something in the last few versions—let me know if that’s the case—but it would be out of character for them to remove a warning...)
The “security feature” you don’t want to disable is precisely the thing you are complaining about, so I don’t understand why you’d keep it around.
> The added friction feels more like a way to force developers to pay Apple an annual fee for distributing rather than for my safety.
I don’t imagine Apple makes a substantial amount of money from $99/year developer subscriptions. The App Store is another story of course.
krackers 2 hours ago [-]
> substantial amount of money from $99/year developer subscriptions
You actually do get some value, you can file two DTS tickets [1] a year which are (supposedly) looked at by a real apple engineer. Assuming they haven't outsourced it, that feels worth about $100 considering how badly documented their APIs are.
> I don’t imagine Apple makes a substantial amount of money from $99/year developer subscriptions. The App Store is another story of course.
It has a chilling effect on releasing free apps.
It's going to be an interesting time soon, when even your dog will have a vibecoded app he'll want you to use.
krackers 2 hours ago [-]
I remember you used to be able to right-click and then press open instead of double-clicking which would bypass gatekeeper just for that run. Not sure if it still exists though, I don't have any unsigned apps handy to test.
Barbing 7 hours ago [-]
Posit it saves a decent number of folks who are unable to follow the scammer’s necessary instructions:
“Press command space, no no hold down the command key - gosh it’s in the bottom left - okay, now type “privacy”, now scroll, no you scrolled too far …”
suzzer99 2 hours ago [-]
Lol I would love to see a scammer try to get my mom or dad to do anything other than press the power button. He's in for a world of hurt.
The other day my mom got a text saying she had a $399 charge on Apple, and to call the number if it wasn't her. So she called, because of course, why wouldn't you? Apparently the scammer finally got frustrated and hung up on her because she couldn't understand his accent.
ProllyInfamous 7 hours ago [-]
>give me an option to actually run it without having to manually go into System Settings
I've run several PiHoles for several years, primarily on latest versions (up to v5; current is v6.4.x) – recently updating to v6 has been extremely frustrating [0], e.g: realizing that even when you tell the pi's/en0 ("internet") interface to use a specific DNS server (in GUI/network settings), it still uses the DNS-server recommended by your local DHCP server [1].
[0] I am aware that this is a joint-issue between RaspbianOS and Pi-Hole teams
[1] which requires TWO sudo nmcli which newbs have no business configuring – what happened to -simple- ?
----
If you ever want to consider how crazy DNS-capture is getting, realize that Firefox/&c are all dark-patterning the abilities to turn off "secure"-DNS. The latest Raspian/Pi-Hole defaults are terrifying... [2]
[2] another example: why doesn't v6 enable HTTPS localhost web-access, by default (like all previous versions?!)? Do the developers really expect us commoners to know how to generate localhost certificates – this is obviously behavior due to how the pihole useraccount behaves differently then the previously-root-blessed v5-behavior
----
Thankfully, I've kept a local copy of my favorite distro of Pihole v5, and it is readily-cloneable.
When I attempted to pass a --version tag during a freshinstall (requesting v5 from remote installer), it went ahead and installed latest v6 (so why even.?!).
vor_ 2 hours ago [-]
> what do you actually want?
I want to be able to right-click on an app and choose "Open" to run the program with an authentication dialog. You used to be able to do this, but Apple removed it in favor of an incredibly annoying process of having to go into System Settings every time.
newman314 4 hours ago [-]
I do not think this is the right way. The right way would be for Apple to allow for a free Developer ID for distribution if the app is free and has no in-app purchases.
This provides IMO all-around goodwill while still adhering to good release practices.
matheusmoreira 30 minutes ago [-]
> Any user who does not like Gatekeeper can turn it off on their machine in ten seconds by running this in a Terminal
For now. Enjoy it while it lasts.
ryandrake 8 hours ago [-]
10 seconds or 30 seconds, it's just too much friction to ask end users to do. I actually develop on a Mac, but I've written off Apple as a target system for hobby/open source projects. Between quarantine, code signing, and notarizing (which requires $99 a year), it's just not worth it. Good for Apple users if they like this shit--I'm just not going to bother with distributing to the platform anymore.
macOS is slowly getting like Windows, where, on a fresh install you have to go through and turn off all sorts of unwanted software just to have a sane environment where you, the user, are actually controlling your computer.
seam_carver 7 hours ago [-]
Isn't code signing even harder/more expensive on Windows?
GeekyBear 7 hours ago [-]
The extended validation code signing certificate you need to avoid having your installer blocked by Windows SmartScreen is quite a bit more expensive.
IIRC it also doesn't stop the Smartscreen warning appearing.
kivle 7 hours ago [-]
Well, you can still run unsigned software (by clicking through to a bit of a hidden option in the popup dialog), and they also even remove that through "reputation" if enough people approve said binary (exact bitwise binary, so every new version released will go through the same issue).
SignPath also does stuff for commercial places too (https://signpath.io), but I have no idea of the pricing.
hermitcrab 6 hours ago [-]
Signing on Windows is a pain in the arse and gets more expensive every year. I dread having to renew my certificate. Also they keep reducing the maximum certificate length, so you can't just do it once every 5 years, like you used to be able to.
I can't remember how difficult it was to set up my initial Apple developer account (trauma related memory loss, perhaps) but it is dead simple to renew. Just pay the $99. I did it yesterday. Took about a minute.
ryandrake 6 hours ago [-]
Yes, Windows is terrible, too. The entire desktop software world has lost its collective mind and the platforms are turning themselves into locked down game consoles just so that grandma doesn't accidentally install malware.
tardedmeme 4 hours ago [-]
They might be trying to appease Google who now won't let you pass a recaptcha on windows because windows isn't locked down enough, and force you to scan a code with your Google phone instead.
pseudalopex 2 hours ago [-]
No. Windows code signing was harder and more expensive since years.
snackbroken 6 hours ago [-]
> just so that grandma doesn't accidentally install malware
That's the stated reason. The actual reason is that they are salivating at the sight of how much money the app store and play store are making. They just don't want to move too quickly for fear of customers revolting.
phendrenad2 2 hours ago [-]
Really stupid on their part. There was a town with a baker and an auto mechanic. The baker saw how much money the auto mechanic was making, so he sold his bakery and went homeless because he had no car repair skills.
randyrand 3 hours ago [-]
> what do you actually want?
A UI option would make sense. That is what most users are comfortable with.
chr15m 4 hours ago [-]
> what do you actually want?
To make gatekeeper happy without paying a large amount of money and own Apple hardware (same thing).
elisbce 42 minutes ago [-]
If you want to take the risk and install some unsigned software on your machine, go ahead, but don't blame Apple, who is gatekeeping for the entire ecosystem for making the decision to keep the restrictions in place so that the other 2.5 billion users don't fall victims to malware defenselessly. Also, as a rule of thumb in cybersecurity, never underestimate human flaws or overestimate your ability to overcome them. Even the most brilliant experts cannot possibly know everything and make zero mistakes, let alone "the users" you are talking about. It is pure illusion that "the users" know exactly what's running on their machine under the hood. We should be thankful that Apple is willing to hold the lines and go this far to tighten security up when nobody forces them to. It is probably one of the best thing coming out of Jobs' relentless push for privacy and security on the iPhone.
user3939382 7 hours ago [-]
> The user decides what code is allowed to run on their machines.
Apparently Apple disagrees, Apple decides. Typical users aren’t going to find their hidden 5 step process to enable non-blessed apps and obviously they know that. Gatekeeper is an appropriate name considering the user themselves are on the outside of the gate. It’s the culimination of everything Stallman and the FSF warned everyone about for decades. By its logic we should install police officers in our living rooms for safety.
wetpaws 9 hours ago [-]
[dead]
Zetaphor 7 hours ago [-]
This is not the developer choosing what software can run on their computer, this is Apple choosing for you and then you having to go disable protections (with what implications?) to then be able to choose what software you run.
This has more to do with putting up a scary dialog for normies than it does protecting anyone. A non-technical user isn't going to go bypass this in the terminal, they're going to run back to the App Store where Apple can collect that sweet 30% and analytics.
hermitcrab 8 hours ago [-]
I have been developing software for Macs and PCs as an Indie for 20 years now. I sympathize with the author of the post. You get the feeling that Apple thinks you should be grateful that they allow you to develop apps for their platform.
The author didn't mention Apple's contempt for backward compatibility. Apple like to regularly nuke their entire developer system from orbit. Try running an app developed 10 years ago on the latest version of macOS. It probably won't run.
Microsoft are much better at backward compatibility and they don't force you to join a developer program. But you get totally reamed every time you have to update your authenticode digital certificate for Windows. Just the digital certificate will cost you more than $99 per year. It is a total racket.
musicale 5 hours ago [-]
> Apple's contempt for backward compatibility
This is absolutely correct. Instead of maintaining any sort of ABI and API stability, Apple offloads a constant burden of maintenance updates across thousands of developers, just to keep existing apps from breaking every year with a new iOS version. This takes time which could be spent in more productive ways such as fixing bugs, adding features, or developing new apps. It seems like the wrong trade-off, since stability would offer huge, multiplicative benefits across the whole ecosystem. Apple does seem to want apps to die to mitigate the glut of shovelware in the app store, but there has to be a better way (human curation still seems like the only reliable approach for app surfacing and discovery.)
Most iOS apps are games, but in contrast to developing for other game platforms, iOS developers have to continuously update each game yearly simply to keep it working. (Not to mention Apple was happy to kill off 32-bit games on both iOS and macOS, and many games were never converted to 64-bit.) Compare to other handheld game platforms such as the Nintendo DS/DSi/3DS where games mostly kept working across major and minor hardware revisions along with dozens of firmware revisions from 2004-2020, or the Switch where games have generally worked from across Switch 1 and 2 from 2017 onward.
cosmic_cheese 4 hours ago [-]
Maybe it’s worse for games, but I’ve been maintaining non-game apps on both iOS and Android for many years and keeping the iOS halves functional has generally been pretty chill. Updates aren’t required all that often and it’s rare that APIs break entirely on me, especially if targeting older SDKs. Usually the worst post-WWDC fallout is needing to recompile the app in question with minimal changes.
By comparison, Android is much worse. The Play Store kicks you off for not submitting updates much more quickly and the whole ecosystem is in a permanent state of simultaneous flux and obsolescence. Whatever deity help you if you let an Android project collect dust for a year or two… you’re gonna be fighting battles on multiple fronts getting everything up to date. Gradle conflicts, APIs getting deprecated without fully baked replacements, divergence in behavior between OS versions… it’s a real hoot.
bkdbkd 1 hours ago [-]
Contempt.
use any apple device 2 updates back or more. you're screwed.
You would accept this in no other place in life, except that apple gives it for free, and puts a 'security' sticker on the box.
It's a racket. Planned obsolescence 2.0 - Users forced to update, update removes features, breaks working apps, breaks paid for ip ( literally removed from phones), apple blames the devs. bullshit.
iknowstuff 4 hours ago [-]
well it also made macOS the nicer platform with modern, well maintained apps for the past 2 decades.
musicale 3 hours ago [-]
Unfortunately well-written native macOS desktop software (Apple's own apps are sometimes exceptions, if we ignore monstrosities like the Music app) seems to be dying (new "desktop" software often being a wrapper for a clunky web app), while half of my Steam library that used to run on macOS no longer does. (And removing Rosetta2 might kill the other half.)
fassssst 4 hours ago [-]
fwiw you can ship through Microsoft Store for free and not have to pay for signing.
seam_carver 4 hours ago [-]
Honestly, I kind of support this lack of backward compatibility. So many apps I use from big companies are still Intel based and leaving tons of performance on the table. This will finally force them to change when Rosetta is deprecated.
Open source apps are all native.
Rebelgecko 10 minutes ago [-]
Mac used to have a lot of great shareware from indie devs. Some of them have shut down and their apps will eventually stop working. Kinda annoying when I can play the windows port of a game on windows but not the original Mac version
benoau 4 hours ago [-]
The alternative to this was continuing to optimize Rosetta while simultaneously processors improve, soon enough the performance gap wouldn't matter in the slightest. By the end of the decade you'd probably be comfortably running that software on a MacBook Neo w/ A20 Pro.
Rosetta and its underlying tech enable 10,000s of games and applications to run so it's a tremendous loss overall, it doesn't sound like much will be left if this means x86 OSX games:
> "we will keep a subset of Rosetta functionality aimed at supporting older unmaintained gaming titles, that rely on Intel-based frameworks"
Author here, just pushed a quick update to the article.
To be fair, compared to the prices of Certum and other providers if you ever want to sign something for Windows, perhaps Apple isn't uniquely overpriced (they all seem to be that way): https://www.certum.eu/en/code-signing-certificates/
Looking more into the Windows side of things, I also found Azure Artifact Signing which is supposedly affordable at 8.54 EUR per month, but unfortunately they don't actually support individual users in the EU (only in US & Canada, meanwhile EU only gets support for organizations). I'd probably have to set up a SIA (equivalent of Ltd.) here first - it was in the plans for later, but this is a bit of a roadblock for using Azure too: https://azure.microsoft.com/en-us/products/artifact-signing
My tone might have been frustrated, but I will absolutely say that the code signing industry needs to have a Let's Encrypt moment of some description - at least commoditize it like Azure Artifact Signing was trying to do, but also for individual developers, across all platforms! Sadly, that doesn't seem to be possible when the platforms are intentionally walled gardens. I don't hate the idea of code signing, though - if done right, it's a good idea, same as TLS for (many) websites.
GeekyBear 6 hours ago [-]
To avoid having your application blocked by Windows SmartScreen, you need to pay extra for an extended validation code signing certificate. A normal code signing certificate is not sufficient.
Here's an eight year old Stack Overflow discussion of the issue:
> A guaranteed way to immediately and permanently get rid of the Microsoft SmartScreen warnings is to buy an "Extended Validation" (EV) code signing certificate from one of the Microsoft-approved certificate authorities (CA's), and to sign your app with that EV certificate.
Such an EV certificate will typically cost you somewhere between 300 and 700 USD per year (you better compare prices), and will only be issued to registered businesses. If you're a single developer, you must be a sole proprietor and have an active business license.
The only option to avoid a SmartScreen prompt from day 1 on Windows is to distribute through Microsoft Store, end of story.
If you sign it yourself, via Azure or your own $200/year cert, you will get a SmartScreen prompt initially, but the prompt will stop appearing once the file hash has sufficient download history. There is no exact threshold, but it can take several weeks and hundreds of clean installs from a wide audience.
I have an OV cert for Windows, which is expensive enough. I just make sure to do a snapshot release using the new certificate to existing customers (through my newsletter and forum) a while before using it for new customers. That way there is time for the scary warnings to go away before any new customers see them.
Digital certificates providers are basically checking your id (mostly automted) and multiplying 2 prime numbers together. Then charging you several hundred dollars. A 1 year Sectigo certificate EV with USB key is $431.99. Nice work if you can get it.
Don't be fair. I finally signed up for an Apple Developer Account and it took weeks and I think it took weeks because I finally decided the system wasn't accepting my Driver's License uploads on my (Apple) phone because the camera's light was hitting the hologram which was reflecting back so I moved my application process to my (Apple) laptop and tried there and that's where I fell into a gully, as best I can tell: I somehow, in spite of using the same document throughout with my literal government-supplied ID on it that doesn't change, wound up in two competing applications. One of them seemed to succeed, the other one seemed to fail. On the plus side, they took my cash. On the downside, they did not give me what I bought and it took a couple weeks of re-uploading my PII, which in no way will ever bite me in the ass, to sort it out. All so I could get some vibe-coded slop I created onto my phone.
ofek 7 hours ago [-]
I shared the author's frustration when figuring out how to ship such binaries to end users so I wrote a guide [0] detailing exactly how to do it. Apple's documentation is surprisingly poor and I couldn't find any blog posts so I ended up reverse engineering what works via trial and error as well as popular OSS projects on GitHub.
1 year ago i would have agreed with you. Today, I'm going to take the other side on this. The amount of malicious code embedded in software now is going up exponentially. Yes this is a painful tax imposed on all software, malicious or not, but until they figure out a better system, this system actually will disuade a certain percentage of malicious actors to give up - ESPECIALLY having to pay a fee. As a mac user, i want to know if the developer has paid a significant fee to get this software to me. It a useful signal for me. If they didn't pay and didn't upload their passport, I really want think think hard about the risks involved for myself when I run this thing.
chr15m 4 hours ago [-]
There are many cases of signed & notarised software that pwned users.
chaostheory 30 minutes ago [-]
Sure, but the more barriers there are the better because it still reduces the number of threats. That’s why people choose to rent walled gardens. Otherwise, Linux would have higher adoption even among our crowd.
If you really value freedom over everything else, I don’t see value in putting bad bandages over closed platforms. Might as well just switch to an open one.
tdeck 3 hours ago [-]
Malicious actors can easily pay a fee - they're either running a business or they work for a state actor.
Zetaphor 7 hours ago [-]
How does anyone who cares about open source or even development more generally see this and go "Yeah that's the OS I want to use"?
I genuinely don't understand why so many developers are willing to compromise so much for a thin laptop.
saurik 4 hours ago [-]
It isn't just thin: they are quiet and fast with the best trackpads, reasonable keyboards that (except for the idiotic move when they released the touch bar and dropped the escape key) have a reasonable layout that doesn't change much, and all of the power states work correctly every single time.
I am the second most stubborn person I know in my friend group on this, and after only using a desktop for a couple years during the pandemic, I avoided having a mac laptop for the subsequent five years and it sucked. I finally caved after I realized the new M5 Macbook Air is actually likely to be faster for web browsing tasks and is somehow also (awkwardly?!) competitive at compiling code to the monster modern Xeon build I had just completed, and it doesn't even have a fan!
As far as I am concerned, it is over: Apple has won on everything except screen quality (I am sadly now addicted to OLED and I fundamentally disagree with the Apple position of not having a touch screen on a laptop, a stance that is only more emboldened now that I spend a lot of time with children).
benoau 3 hours ago [-]
> I am sadly now addicted to OLED and I fundamentally disagree with the Apple position of not having a touch screen on a laptop
Both of these are reportedly coming to the MBP this year (lately rumoured to be next year), although there's going to be a steep price to pay and rumours say it will still just have the MacBook's normal angular range so no good for drawing or iPad apps.
Apple is so far ahead of everyone it's sad but they're catching up and Apple is so unflinching on so many topics it handicaps them, we could be stuck with touchscreen Macs that aren't useful for iPad apps for many years, and later this decade ARM chips will start nipping at the heels of the Pro and Max chips while build/component quality is rapidly improving too.
1over137 5 hours ago [-]
It's not the thinness, it's the amazing battery life.
Evidlo 5 hours ago [-]
Framework Pro has that now
TrajansRow 8 hours ago [-]
So, Linux gets a free pass for requiring chmod +x to run his tool, but needing to run xattr on MacOS is somehow worthy of an entire blog post to complain about it?
Serious question - Is it really true that Windows 11 will run an untrusted .exe without a warning?
kingforaday 8 hours ago [-]
By default Windows 11 will not run an untrusted .exe/PE file - it's governed by Microsoft Defender SmartScreen that will present a pop-up scaring people away and it actually isn't intuitive to click-through to run the program unless you've done it before.
pie_flavor 7 hours ago [-]
But after enough people run it, that disappears. They implement crowdsourced trust, because it isn't a rent extraction exercise but actual concern about malware.
ronsor 6 hours ago [-]
True.
But also most malware delivery now doesn't trigger it because malware developers have gotten craftier. If you're unscrupulous, it's not a concern.
MrGilbert 8 hours ago [-]
You can configure it in a way that it won't allow you to run it at all, but out of the box, you will receive a message which forces you through three clicks. Enough to scare off people with no deep knowledge.
And yes, you can turn all of that off.
TrajansRow 8 hours ago [-]
Why isn't the author getting that warning then? Is it because he's only testing the tool on the same machine that it was built on?
pjmlp 7 hours ago [-]
Yes, downloaded files have a specific attribute, and unless you explicitly unblock the file, it will give a warning.
Random09 5 hours ago [-]
The main difference is that on Linux you can do it on gui. It's much easier to explain and convice the user to click "allow executing file as program" checkbox than a xatttr obscure cli command.
8 hours ago [-]
jedberg 7 hours ago [-]
As a user I actually like Gatekeeper. 95% of the time it's not a problem. the other 5% of the time I have to click a button in my settings to allow unsigned code. But at least it gives me pause to think about the source and if I really trust it (which is mostly offloaded to Apple the other 95% of the time).
Free business idea: get an Apple developer account and then agree to sign code for other people in exchange for a small piece of their income. I'm surprised that doesn't exist yet (or does it?).
Zetaphor 7 hours ago [-]
If that isn't already a violation of the developer account ToS, it would be in short order. The dialog is about keeping normal non-technical users (Apple's primary market) from straying away from the App Store where they can collect 30% and analytics. They're not protecting you, they're herding you.
hmokiguess 8 hours ago [-]
Tangential but this made me appreciate how Gatekeeper is perhaps a notorious example of a great naming choice for a piece of software.
JanisErdmanis 7 hours ago [-]
Sometimes I wonder why we don't just treat an installation script like curl https://alx.sh | sh as a universal option for distributing applications. The provenance is there via the HTTPS certificate, and if you're already about to trust an application that can compromise your system, why not trust the installation script as well?
layer8 7 hours ago [-]
The most important argument is phishing. People aren’t good at recognizing when a web site is legitimate. One reason that app certification is a shitshow is that recognizing bad players while minimizing false negatives and false positives is a difficult problem. Domain names fundamentally don’t solve that problem.
realusername 7 hours ago [-]
> Domain names fundamentally don’t solve that problem.
App certification doesn't solve that problem either.
pjmlp 7 hours ago [-]
Because even with HTTPS that script might not do what you expect and then is too late, xz style attack.
kibwen 4 hours ago [-]
You're already installing a binary, the script is not the weak link here.
arusahni 9 hours ago [-]
My favorite is when someone discovers they haven't yet granted Zoom screensharing permission, and that they need to exit the call to re-launch the application with the permission granted.
codedokode 7 hours ago [-]
It's interesting that sanctioned Russian banks still find the ways to push their apps into Apple repository by disguising them as a different app. They get removed several months later, but I assume it is done only because someone complains.
bkdbkd 1 hours ago [-]
Funny how a $20 cert is enough to prove identity and provide security for any domain on the web, but in order to run a calculator Apple hw, Apple HQ is the only entity on the planet capable of such complex security.
newAccount2025 2 hours ago [-]
Ugh. I just went through this ID verification process yesterday and I got it to work on /maybe/ the 8th try. Truly horrible design. Now I’m in a paperwork exchange with some random third party to get the account associated with my LLC. It would be awesome to be able to just write and distribute software, but there’s only one iOS monopoly so what are you going to do but play ball.
petra303 9 hours ago [-]
> I can use SmartID to verify my ID (and age) in about 20 seconds when buying an energy drink at the local grocery store
Where do you have to show ID for that??
joenot443 8 hours ago [-]
I was also taken aback by this, but apparently it's a real trend.
Author is from Latvia (and so am I). You do actually get carded for energy drinks if you look under 30.
However, more relevant to the post, is that when you're ordering groceries online, you need to verify your age at checkout if you're buying stuff like alcohol (or energy drinks). It's trivial, and for a lot of people it uses the same authentication service that they already use to access their bank.
neoeno 8 hours ago [-]
Under 16s can’t buy energy drinks in the UK
Edit: currently a voluntary but widespread scheme by retailers, proposed to be law. TIL
2 hours ago [-]
novok 6 hours ago [-]
can they also not buy tea, coffee or coca cola then? oh no, they might drink the caffeination amount of... 2 cans of pepsi!
walthamstow 8 hours ago [-]
Only if you look 12
puppycodes 8 hours ago [-]
another feature of UK dystopia
7 hours ago [-]
plufz 8 hours ago [-]
You and I have very different ideas of dystopia.
puppycodes 5 hours ago [-]
Personally I enjoy the basic human rights of privacy and freedom of speech which are deeply lacking in the UK system.
tardedmeme 4 hours ago [-]
Other people enjoy their children not being shot.
puppycodes 4 hours ago [-]
Both systems can be bad for different reasons. I'm not making any comparisons.
kristianp 3 hours ago [-]
On a meta note, no one uses link pages like https://links.kronis.dev/NAnEME3Kqt any more. There are better ways of tracking clicks without obfuscating the destination page from the user.
bkdbkd 1 hours ago [-]
All that, and not a single one here is surprised at zero days or trojans or malware that come right out of this process every week.
If it works, then why aren't we surprise when it doesn't?
Because we know it doesn't work.
arijun 3 hours ago [-]
It seems like running with sandbox-exec should remove pretty much all the potential for an app to cause harm… is there a reason why it’s not the default, especially for these certificate-less apps?
ChrisMarshallNY 3 hours ago [-]
Apple's not making any money on developer subscriptions. I suspect they just want to have a velvet rope, to encourage folks to be serious about their work. They don't want farting-around toys. They want developers to ship serious apps.
There'$ a rea$on that $o many people want to relea$e Apple app$. A $uperb rea$on.
It's a really lucrative market. People like to have access to customers that are used to paying a lot. One of the reasons those customers want to pay more, is that walled garden that HN members hate so much, but millions of people have no issue with (whether or not that's a good thing, is not for me to ponder. It just is).
99 bucks is peanuts. It does give you access to the entire suite of Apple tools. Anyone interested in shipping serious software, is likely to far exceed that, in the non-Apple (or Apple hardware) tools that they use to develop the software. Heck, your keyboard probably cost more than that. I remember that we used to pay Microsoft over $4,000 a year for their developer program.
Here's what Apple says about it[0]. That's what I usually do. I think someone else has shared the command line method. If it's a developer tool, then it would probably have a difficult time passing Apple's app review process, anyway, and that will really jangle your cortisol pipes.
> Apple's not making any money on developer subscriptions.
I think we're going to find out in a couple weeks, as Apple will be in court arguing over a reasonable commission to charge developers for using third party payments and their costs and developer subscription revenue are likely to come under a magnifying glass.
> millions of people have no issue with
I think that's a false dichotomy, consumers are not choosing Apple's developer policies and fees, and Apple has gone to great extents to keep consumers ignorant of their fees by banning mention of competing payment options and then burdening them with fees that ensure they can't be cheaper so the fees aren't obvious. This is not a choice consumers have made, it is a choice they have been deprived of.
ChrisMarshallNY 3 hours ago [-]
> I think that's a false dichotomy
If I had been positing it as a developer issue, then that would be true.
However, I was talking about the customer experience, not the developer one. There's no question at all. People pay a premium, and have no issues with the walled garden.
Just because I don't like something, doesn't mean that everyone else shouldn't like it, either. I may not be wrong in my rancor, and they might not be wrong in their acceptance.
One thing that customers are disliking, though, is the buggy and overcomplicated mess that Apple operating systems have become. I am hoping that they do another across-the-board "Snow Leopard" release. From what I hear, that's likely. It might end up making the developer experience a bit more frustrating, though, as they may be demanding more from us.
I've been shipping Apple-based software since 1986, and have found myself screaming with rage at them, many times, in those 40 years; but I never stopped developing for the platform. I guess I'm a walking exemplar of The Stockholm Syndrome.
benoau 2 hours ago [-]
> However, I was talking about the customer experience, not the developer one. There's no question at all. People pay a premium, and have no issues with the walled garden.
You can't even conclude that since lots of customers are actually suing them for excessive fees, Apple already lost that battle in the UK and are facing the return of billions in IAP fees, they are facing another in NL for nearly €800 million where they are certain to lose because they were ordered to allow third party payments and ignored the court, they are facing a class action in the US that actually predates their injunction ordering them to allow third party payments and their contempt for disobeying.
I don't think people will "pay the premium" when Apple has to allow apps like YouTube to offer a $19/month plan alongside a $25/month plan for exactly the same thing. They have fought this entire decade to prevent that choice and argued it will cost them billions.
ChrisMarshallNY 2 hours ago [-]
Eh. Whatevs. I should have known better than to respond.
You have my apologies.
Have a great day!
wolvoleo 2 hours ago [-]
> They don't want farting-around toys. They want developers to ship serious apps.
What users want to install on their own computer is none of apple's business though.
snarfy 2 hours ago [-]
That's entirely against Apple's whole philosophy. You are after all, holding it wrong.
a2tech 9 hours ago [-]
Try to open the file, say ok to the ‘can’t check for malware’ prompt, go to settings, security, approve running the software.
Annoying, but if you’re delivering your app to semi-technical users, not really a problem.
bloppe 9 hours ago [-]
It's only a problem if you want people to use your software
0123456789ABCDE 9 hours ago [-]
it's really cool when i can fall a sleep in peace knowing this keeps my folks from getting rooted
There's some official documentation for this process: https://support.apple.com/en-gb/guide/mac-help/mh40616/mac (and this works ok for terminal stuff too! Though it looks like the process will always fail to run the very first time, meaning you can't obviously pre-approve its first launch)
kwhat4 6 hours ago [-]
It has been like this forever and periodically someone complains, but then they just go out and buy another mac and keep producing software for macOS. If you want this to change, stop providing financial support.
bloppe 9 hours ago [-]
I don't get the part about Homebrew. If you're using Homebrew, it doesn't make a ton of sense to use Itch.io. Just use Homebrew. Seems like a more appropriate place to distribute a dev tool anyway. You could set up a patreon and print a link to it when appropriate. That's basically what Vim does.
I agree that Apple is dumb of course.
thayne 7 hours ago [-]
They want to have a way for users to pay them. Itch.io has that, homebrew doesn't.
alkhimey 4 hours ago [-]
There is no reason to tie the method of payment together with the method of distribution. They could distribute it through brew along with an optional license configuration.
Downloading a cli from a browser is not convenient anyway. You need to copy the downloaded file somewhere that is loaded into the PATH.
And also, software that is downloaded from itch.io app does not require notarization.
jameshart 7 hours ago [-]
Okay, but then the argument that Apple is charging them to certify their software and that is excluding hobbyists falls away doesn’t it? Now you’re not a hobbyist.
thayne 7 hours ago [-]
1. Having a way for some users to show their appreciation by paying you a few bucks doesn't make it not a hobby
2. The expected income is way less than the developer fee, much less the expensive hardware required.
jameshart 6 hours ago [-]
Publishing a tip jar link is going to be possible no matter how you distribute. The desire to use itch is about wanting to sell.
novok 6 hours ago [-]
homebrew voluntarily applies the quarantine flag on casks (ex: apps) so you still need to pay the apple dev tax to distribute your mini app that way, itch.io does not so you don't get the lying scarewall
stephc_int13 8 hours ago [-]
I am not entirely against the whole notarization thing.
If it is good for the end-user, it is usually also good for the ecosystem a a whole, trust is valuable.
But ffs, they are rich enough to make this a lot less painful and hostile for developers.
And this is not a new thing, I used to develop games for iOS, from the very beginning, and while the process somewhat simplified over time, it was a huge cortisol inducing process, not to mention the regular forced OS+SDK updates where the procedures changes almost every time and could fail in not-so-evident ways.
jameshart 7 hours ago [-]
Making it take some pain for developers is precisely what makes it valuable. If you could automate signing up for a developer account and didn’t have to put up some cash it would lose all value as a trust signal.
stephc_int13 6 hours ago [-]
The cash part is not even the worst, even if this is obviously ridiculous for free/open source projects.
The bad UX is really what irks me. Enough that I may entirely opt-out of the Apple ecosystem forever, and I don't think I am the only one feeling that way.
wolvoleo 3 hours ago [-]
I also did. I got sick of not owning my own computer and phone anymore. And also the locked-down nature. Every release they change stuff that I sometimes don't like and there's no options to switch things. Opinionated design. I was pretty aligned with apple's vision in macOS tiger but around Maverick/Sierra things started getting too misaligned with my own needs.
I'm so happy I moved to KDE which has options for everything. It was a breath of fresh air when I moved and it still is, every day.
cybercatgurrl 2 hours ago [-]
it’s as if apple forgets that some of it’s user base are people who scrap together money over long periods of time just to have a chance at affording a mac only to be told they need $99 to distribute an app. your entire user base isn’t 100% affluent people and apple doesn’t seem to grasp this
Rendello 7 hours ago [-]
I love when my Mac declares random PDFs malware and deletes them when I try to open them.
On two occasions I've been completely dumbstruck when the software I was using was deleted out from under me. I'm not a fan of the overuse of "gaslight", but it sure felt like that when I had to restart Docker and the OS was like "what do you mean, Docker? You've never had Docker installed! What are you talking about? Are you feeling ok?"
In ten years of using Macs, I have never encountered this behaviour. I've never heard this from anyone else either. Is this new in Tahoe? I haven't upgraded yet, but your link seems to be from before Tahoe was released.
troad 3 hours ago [-]
Just as a contrapoint to the other commenters, I've had Mac do this on PDFs that I myself scanned many years ago. Pretty sure they were not malware.
I suspect what triggered it was the fact that the files had journeyed through many filesystems in their time - HFS, ext4, NTFS, APFS - and they probably picked up some unholy combination of impossible attributes.
I thought it was pretty egregious to have Apple helpfully try to delete important PDFs that I've been lugging around for years.
m-s-y 6 hours ago [-]
Sorry to say but your PDFs were malware. In 20+ years I’ve never seen this on my Macs nor the literal thousands I’ve managed with various MDMs.
Rendello 2 hours ago [-]
I'm really trying to remember the context, I wish I'd written it down somewhere. But now that I'm thinking of it, I'm almost certain it wasn't PDFs, but JSON files that I'd written. For some reason it would allow me to open them in some applications, but in others I'd get a warning and the file would be trashed.
The Docker thing happened as described in my linked post. It happened with something else too, but again I can't remember. I wasn't planning on doing a post mortem so I guess I let the details slip!
In any case, I do like most of the OS' ways of doing things, including security. But it can be overzealous.
P.S. I'm not crazy! I'm not crazy!!!
jameshart 7 hours ago [-]
Maybe the PDFs were malware?
a_t48 7 hours ago [-]
Maybe I'm too dumb, but I haven't figured out a good way to sign just a binary (or a tar/zip containing a few binaries). I zipped up the binaries, sent them off to Apple, Apple comes back and says "yup, notarized!", and they still trigger the popup. I'm probably missing a step. I guess I'm not currently stapling the ticket to the binary, but supposedly you don't have to if you are running with a network connection.
mixologic 11 minutes ago [-]
Theres two different steps, there is signing and there is notarization. You sign with the developer certificate using productsign/codesign, and then there is notarization, which you use notarytool to submit your signed binaray to apple to notarize.
finally you then take their response and staple it to your binary. Its a lot of steps.
pjc50 7 hours ago [-]
You have to distribute a "bundle" in a particular directory layout.
novok 6 hours ago [-]
you need to pay the tax, they are doing the 'pay money to reduce spam' solution
a_t48 6 hours ago [-]
This was with payment to Apple
tdeck 3 hours ago [-]
Is there no open source collective one can join which will share signing keys and handle signing?
> I'm sure that other countries also have plenty of similar services for ID and age verification
laughs in Bundesdruckerei
sharts 2 hours ago [-]
So don’t target mac
wolvoleo 3 hours ago [-]
Due to the delays in ID verification the author of the article didn't even get to the point of the super annoying 'notarization' process where you can't just sign with your key anymore (as you could a few versions ago) but you also have to upload a copy of everything to Apple and 'staple' their ok to it.
At least I don't think they got to it, they only mention signing but not notarization.
nicklo 2 hours ago [-]
Cortisol spit curve tests are pretty cheap, so I was disappointed to see the title claim not substantiated with real data. Consider biometric testing next time you distribute!
babymetal 1 hours ago [-]
Probably in the minority here but I, too, went to the article hoping for objective quantification of the change in cortisol levels corresponding to the input, i.e. trying to distribute Mac software from scratch.
LoganDark 8 hours ago [-]
Apple's ID verification failed for me and I am now banned for life. There is no opportunity to appeal this or to ever participate in the Developer Program for me. Which sucks because I am now permanently locked out of developing seriously for any of the Apple ecosystem, ever.
4 hours ago [-]
sourcegrift 2 hours ago [-]
Pains me to say this but as a developer, microsoft is a whole order of magnitude better than apple
syassami 9 hours ago [-]
Siri has the same effect.
tonymet 3 hours ago [-]
That’s nothing, Google charges $900-2600 / year if you want to write an app that calls the google apis for user data
xyst 4 hours ago [-]
distributing for macOS is extremely hostile and Apple continues to extort developers through fees, yearly subscriptions, and of course taking 20-30% in transaction sales.
erelong 8 hours ago [-]
It's a backwards walled garden which I mostly avoid to avoid problems like this
drcongo 8 hours ago [-]
I went through this recently. Got as far as verifying my identity, which Apple happily accepted as verified from my UK driving license. Unfortunately, they then automatically set my first and last name from that identity verification step, and some how managed to use a section of my driving license number as my surname - a string of random uppercase letters and numbers - and it's impossible to edit it. So fuck them, that's $99 they've lost.
ggyanie 37 minutes ago [-]
[dead]
Ngraph 2 hours ago [-]
[dead]
iluvcommunism 6 hours ago [-]
[dead]
dcrazy 9 hours ago [-]
Notarize the application and staple the receipt to your app bundle. It won’t trigger the Gatekeeper warning.
gumby271 9 hours ago [-]
Doesn't that still require going though all the hoops that they were struggling with, or is this a different verification flow with Apple?
fg137 8 hours ago [-]
You talk as if the author doesn't know that.
phoyd 9 hours ago [-]
That's literally what this post is about.
dcrazy 8 hours ago [-]
Sorry, it was meant to be a reply to a comment.
Rendered at 03:31:36 GMT+0000 (Coordinated Universal Time) with Vercel.
Of course, you as the developer can’t make this choice for your users… but isn’t that as it should be? The user decides what code is allowed to run on their machines. And the default setting is restrictive because anyone who knows what they’re doing can easily change it.
P.S. Meanwhile, on iOS there’s no way to install unsigned software at all, and on Android (starting soon) the process takes 24 hours instead of ten seconds. That is actually ridiculous because it’s taking away user choice.
P.P.S. To be clear, modern macOS has plenty of other restrictions which can’t really be turned off and which I find super annoying. Gatekeeper just isn’t one of them.
Edit: I’ve just learned that as of Sequoia, you have to also tick a box in Settings after running the Terminal command. So maybe it takes 30 seconds instead of ten seconds. That’s mildly more annoying, but still doesn’t really seem like a big deal to me.
Give me the ability to choose what I trust. “You can either trust Apple and nobody else, even yourself, or you can trust literally everybody” is obviously not a good faith implementation of this. Apple excels at steering the narrative with false conflation and false dichotomy, I’d also remind you of the came-and-went secure boot debate, which Apple successfully steered into Apple owns the encryption keys vs no encryption, and people just kind of forgot to ask, wait, why can’t I have the keys to my device?
The same with SIP (system integrity protection). You can turn it off but then you have to turn it all off.
There's no way to keep secure boot but bless your own changes and sign them in some way, that you have approved. You know, as the owner and admin of your own computer. It's either leave it to Apple or be completely on your own. And to make the choice even more uncomfortable they also disable some features like running iOS apps.
It’s not really even that different than a PC motherboard that gives you “Windows UEFI” and “enroll my own keys” as options.
https://asahilinux.org/docs/platform/security/
As far as code signing, again, what do you want Apple to do here? They already gave you a master switch to turn it off. You are free to turn it off then implement your own third party code signing solution if you’d rather choose who you trust. It’s not Apple’s fault if nobody else decided to make their own trust repositories and the only alternative on the market is to have no safeguard at all.
And let’s not forget who Apple markets their computers to. These features aren’t for you and me, they’re for the non-technical customers who will absolutely get pwned by unsigned code. Go to the MacBook Neo marketing page and try to find a single image of someone writing code or even being gainfully employed.
You can turn off all protection, as you point out. So who Apple markets Neo's to isn't a factor.
> Apple’s fault if nobody else decided to make their own trust repositories and the only alternative on the market is to have no safeguard at all.
Does Apple provide a means for enabling third party trust systems, without disabling Apple's protections in general? If not, that is a serious problem of Apple's choosing. Nobody (to a first order approximation) want's to dispense with Apple's protection, or re-implement it, but to be able to carve out exceptions for specific classes of software.
Apple's root of trust for the OS and thus anything that passes AMFI/Gatekeeper scans is built into the hardware. There is no safe mechanism for introducing other roots of trust that is worth the effort.
If you don't trust Apple, why the hell are you buying their computers at all?
The added friction feels more like a way to force developers to pay Apple an annual fee for distributing rather than for my safety. Not saying it doesn't help with safety, just that it's more weighed to the former.
I am the king of knowing immediately when I have fucked up.
“Undo” has made us far too comfortable with mistakes.
People reflexively hit yes to these things.
With Gatekeeper turned off, you’ll still get a warning on first launch which you can easily click through. (Unless Apple changed something in the last few versions—let me know if that’s the case—but it would be out of character for them to remove a warning...)
The “security feature” you don’t want to disable is precisely the thing you are complaining about, so I don’t understand why you’d keep it around.
> The added friction feels more like a way to force developers to pay Apple an annual fee for distributing rather than for my safety.
I don’t imagine Apple makes a substantial amount of money from $99/year developer subscriptions. The App Store is another story of course.
You actually do get some value, you can file two DTS tickets [1] a year which are (supposedly) looked at by a real apple engineer. Assuming they haven't outsourced it, that feels worth about $100 considering how badly documented their APIs are.
[1] https://developer.apple.com/support/technical/
It has a chilling effect on releasing free apps.
It's going to be an interesting time soon, when even your dog will have a vibecoded app he'll want you to use.
“Press command space, no no hold down the command key - gosh it’s in the bottom left - okay, now type “privacy”, now scroll, no you scrolled too far …”
The other day my mom got a text saying she had a $399 charge on Apple, and to call the number if it wasn't her. So she called, because of course, why wouldn't you? Apparently the scammer finally got frustrated and hung up on her because she couldn't understand his accent.
I've run several PiHoles for several years, primarily on latest versions (up to v5; current is v6.4.x) – recently updating to v6 has been extremely frustrating [0], e.g: realizing that even when you tell the pi's/en0 ("internet") interface to use a specific DNS server (in GUI/network settings), it still uses the DNS-server recommended by your local DHCP server [1].
[0] I am aware that this is a joint-issue between RaspbianOS and Pi-Hole teams
[1] which requires TWO sudo nmcli which newbs have no business configuring – what happened to -simple- ?
----
If you ever want to consider how crazy DNS-capture is getting, realize that Firefox/&c are all dark-patterning the abilities to turn off "secure"-DNS. The latest Raspian/Pi-Hole defaults are terrifying... [2]
[2] another example: why doesn't v6 enable HTTPS localhost web-access, by default (like all previous versions?!)? Do the developers really expect us commoners to know how to generate localhost certificates – this is obviously behavior due to how the pihole useraccount behaves differently then the previously-root-blessed v5-behavior
----
Thankfully, I've kept a local copy of my favorite distro of Pihole v5, and it is readily-cloneable.
When I attempted to pass a --version tag during a freshinstall (requesting v5 from remote installer), it went ahead and installed latest v6 (so why even.?!).
I want to be able to right-click on an app and choose "Open" to run the program with an authentication dialog. You used to be able to do this, but Apple removed it in favor of an incredibly annoying process of having to go into System Settings every time.
This provides IMO all-around goodwill while still adhering to good release practices.
For now. Enjoy it while it lasts.
macOS is slowly getting like Windows, where, on a fresh install you have to go through and turn off all sorts of unwanted software just to have a sane environment where you, the user, are actually controlling your computer.
https://stackoverflow.com/questions/48946680/how-to-avoid-th...
That's what we did for DB Browser for SQLite (sqlitebrowser.org), and it works well: https://sqlitebrowser.org/blog/signing-windows-executables-o...
SignPath also does stuff for commercial places too (https://signpath.io), but I have no idea of the pricing.
I can't remember how difficult it was to set up my initial Apple developer account (trauma related memory loss, perhaps) but it is dead simple to renew. Just pay the $99. I did it yesterday. Took about a minute.
That's the stated reason. The actual reason is that they are salivating at the sight of how much money the app store and play store are making. They just don't want to move too quickly for fear of customers revolting.
A UI option would make sense. That is what most users are comfortable with.
To make gatekeeper happy without paying a large amount of money and own Apple hardware (same thing).
Apparently Apple disagrees, Apple decides. Typical users aren’t going to find their hidden 5 step process to enable non-blessed apps and obviously they know that. Gatekeeper is an appropriate name considering the user themselves are on the outside of the gate. It’s the culimination of everything Stallman and the FSF warned everyone about for decades. By its logic we should install police officers in our living rooms for safety.
This has more to do with putting up a scary dialog for normies than it does protecting anyone. A non-technical user isn't going to go bypass this in the terminal, they're going to run back to the App Store where Apple can collect that sweet 30% and analytics.
The author didn't mention Apple's contempt for backward compatibility. Apple like to regularly nuke their entire developer system from orbit. Try running an app developed 10 years ago on the latest version of macOS. It probably won't run.
Microsoft are much better at backward compatibility and they don't force you to join a developer program. But you get totally reamed every time you have to update your authenticode digital certificate for Windows. Just the digital certificate will cost you more than $99 per year. It is a total racket.
This is absolutely correct. Instead of maintaining any sort of ABI and API stability, Apple offloads a constant burden of maintenance updates across thousands of developers, just to keep existing apps from breaking every year with a new iOS version. This takes time which could be spent in more productive ways such as fixing bugs, adding features, or developing new apps. It seems like the wrong trade-off, since stability would offer huge, multiplicative benefits across the whole ecosystem. Apple does seem to want apps to die to mitigate the glut of shovelware in the app store, but there has to be a better way (human curation still seems like the only reliable approach for app surfacing and discovery.)
Most iOS apps are games, but in contrast to developing for other game platforms, iOS developers have to continuously update each game yearly simply to keep it working. (Not to mention Apple was happy to kill off 32-bit games on both iOS and macOS, and many games were never converted to 64-bit.) Compare to other handheld game platforms such as the Nintendo DS/DSi/3DS where games mostly kept working across major and minor hardware revisions along with dozens of firmware revisions from 2004-2020, or the Switch where games have generally worked from across Switch 1 and 2 from 2017 onward.
By comparison, Android is much worse. The Play Store kicks you off for not submitting updates much more quickly and the whole ecosystem is in a permanent state of simultaneous flux and obsolescence. Whatever deity help you if you let an Android project collect dust for a year or two… you’re gonna be fighting battles on multiple fronts getting everything up to date. Gradle conflicts, APIs getting deprecated without fully baked replacements, divergence in behavior between OS versions… it’s a real hoot.
You would accept this in no other place in life, except that apple gives it for free, and puts a 'security' sticker on the box.
It's a racket. Planned obsolescence 2.0 - Users forced to update, update removes features, breaks working apps, breaks paid for ip ( literally removed from phones), apple blames the devs. bullshit.
Open source apps are all native.
Rosetta and its underlying tech enable 10,000s of games and applications to run so it's a tremendous loss overall, it doesn't sound like much will be left if this means x86 OSX games:
> "we will keep a subset of Rosetta functionality aimed at supporting older unmaintained gaming titles, that rely on Intel-based frameworks"
https://developer.apple.com/documentation/apple-silicon/abou...
To be fair, compared to the prices of Certum and other providers if you ever want to sign something for Windows, perhaps Apple isn't uniquely overpriced (they all seem to be that way): https://www.certum.eu/en/code-signing-certificates/
Looking more into the Windows side of things, I also found Azure Artifact Signing which is supposedly affordable at 8.54 EUR per month, but unfortunately they don't actually support individual users in the EU (only in US & Canada, meanwhile EU only gets support for organizations). I'd probably have to set up a SIA (equivalent of Ltd.) here first - it was in the plans for later, but this is a bit of a roadblock for using Azure too: https://azure.microsoft.com/en-us/products/artifact-signing
My tone might have been frustrated, but I will absolutely say that the code signing industry needs to have a Let's Encrypt moment of some description - at least commoditize it like Azure Artifact Signing was trying to do, but also for individual developers, across all platforms! Sadly, that doesn't seem to be possible when the platforms are intentionally walled gardens. I don't hate the idea of code signing, though - if done right, it's a good idea, same as TLS for (many) websites.
Here's an eight year old Stack Overflow discussion of the issue:
> A guaranteed way to immediately and permanently get rid of the Microsoft SmartScreen warnings is to buy an "Extended Validation" (EV) code signing certificate from one of the Microsoft-approved certificate authorities (CA's), and to sign your app with that EV certificate.
Such an EV certificate will typically cost you somewhere between 300 and 700 USD per year (you better compare prices), and will only be issued to registered businesses. If you're a single developer, you must be a sole proprietor and have an active business license.
https://stackoverflow.com/questions/48946680/how-to-avoid-th...
https://learn.microsoft.com/en-us/windows/apps/package-and-d...
The only option to avoid a SmartScreen prompt from day 1 on Windows is to distribute through Microsoft Store, end of story.
If you sign it yourself, via Azure or your own $200/year cert, you will get a SmartScreen prompt initially, but the prompt will stop appearing once the file hash has sufficient download history. There is no exact threshold, but it can take several weeks and hundreds of clean installs from a wide audience.
This is from https://learn.microsoft.com/en-us/windows/apps/package-and-d...
Digital certificates providers are basically checking your id (mostly automted) and multiplying 2 prime numbers together. Then charging you several hundred dollars. A 1 year Sectigo certificate EV with USB key is $431.99. Nice work if you can get it.
I wrote this back in 2008:
https://successfulsoftware.net/2008/02/27/the-great-digital-...
But it has got much worse since then.
[0]: https://ofek.dev/words/guides/2025-05-13-distributing-comman...
https://successfulsoftware.net/2018/11/16/how-to-notarize-yo...
https://successfulsoftware.net/2023/04/28/moving-from-altool...
If you really value freedom over everything else, I don’t see value in putting bad bandages over closed platforms. Might as well just switch to an open one.
I genuinely don't understand why so many developers are willing to compromise so much for a thin laptop.
I am the second most stubborn person I know in my friend group on this, and after only using a desktop for a couple years during the pandemic, I avoided having a mac laptop for the subsequent five years and it sucked. I finally caved after I realized the new M5 Macbook Air is actually likely to be faster for web browsing tasks and is somehow also (awkwardly?!) competitive at compiling code to the monster modern Xeon build I had just completed, and it doesn't even have a fan!
As far as I am concerned, it is over: Apple has won on everything except screen quality (I am sadly now addicted to OLED and I fundamentally disagree with the Apple position of not having a touch screen on a laptop, a stance that is only more emboldened now that I spend a lot of time with children).
Both of these are reportedly coming to the MBP this year (lately rumoured to be next year), although there's going to be a steep price to pay and rumours say it will still just have the MacBook's normal angular range so no good for drawing or iPad apps.
Apple is so far ahead of everyone it's sad but they're catching up and Apple is so unflinching on so many topics it handicaps them, we could be stuck with touchscreen Macs that aren't useful for iPad apps for many years, and later this decade ARM chips will start nipping at the heels of the Pro and Max chips while build/component quality is rapidly improving too.
Serious question - Is it really true that Windows 11 will run an untrusted .exe without a warning?
But also most malware delivery now doesn't trigger it because malware developers have gotten craftier. If you're unscrupulous, it's not a concern.
And yes, you can turn all of that off.
Free business idea: get an Apple developer account and then agree to sign code for other people in exchange for a small piece of their income. I'm surprised that doesn't exist yet (or does it?).
App certification doesn't solve that problem either.
Where do you have to show ID for that??
https://en.wikipedia.org/wiki/Age_restrictions_on_energy_dri...
However, more relevant to the post, is that when you're ordering groceries online, you need to verify your age at checkout if you're buying stuff like alcohol (or energy drinks). It's trivial, and for a lot of people it uses the same authentication service that they already use to access their bank.
Edit: currently a voluntary but widespread scheme by retailers, proposed to be law. TIL
If it works, then why aren't we surprise when it doesn't?
Because we know it doesn't work.
There'$ a rea$on that $o many people want to relea$e Apple app$. A $uperb rea$on.
It's a really lucrative market. People like to have access to customers that are used to paying a lot. One of the reasons those customers want to pay more, is that walled garden that HN members hate so much, but millions of people have no issue with (whether or not that's a good thing, is not for me to ponder. It just is).
99 bucks is peanuts. It does give you access to the entire suite of Apple tools. Anyone interested in shipping serious software, is likely to far exceed that, in the non-Apple (or Apple hardware) tools that they use to develop the software. Heck, your keyboard probably cost more than that. I remember that we used to pay Microsoft over $4,000 a year for their developer program.
Here's what Apple says about it[0]. That's what I usually do. I think someone else has shared the command line method. If it's a developer tool, then it would probably have a difficult time passing Apple's app review process, anyway, and that will really jangle your cortisol pipes.
[0] https://support.apple.com/guide/mac-help/open-a-mac-app-from...
I think we're going to find out in a couple weeks, as Apple will be in court arguing over a reasonable commission to charge developers for using third party payments and their costs and developer subscription revenue are likely to come under a magnifying glass.
> millions of people have no issue with
I think that's a false dichotomy, consumers are not choosing Apple's developer policies and fees, and Apple has gone to great extents to keep consumers ignorant of their fees by banning mention of competing payment options and then burdening them with fees that ensure they can't be cheaper so the fees aren't obvious. This is not a choice consumers have made, it is a choice they have been deprived of.
If I had been positing it as a developer issue, then that would be true.
However, I was talking about the customer experience, not the developer one. There's no question at all. People pay a premium, and have no issues with the walled garden.
Just because I don't like something, doesn't mean that everyone else shouldn't like it, either. I may not be wrong in my rancor, and they might not be wrong in their acceptance.
One thing that customers are disliking, though, is the buggy and overcomplicated mess that Apple operating systems have become. I am hoping that they do another across-the-board "Snow Leopard" release. From what I hear, that's likely. It might end up making the developer experience a bit more frustrating, though, as they may be demanding more from us.
I've been shipping Apple-based software since 1986, and have found myself screaming with rage at them, many times, in those 40 years; but I never stopped developing for the platform. I guess I'm a walking exemplar of The Stockholm Syndrome.
You can't even conclude that since lots of customers are actually suing them for excessive fees, Apple already lost that battle in the UK and are facing the return of billions in IAP fees, they are facing another in NL for nearly €800 million where they are certain to lose because they were ordered to allow third party payments and ignored the court, they are facing a class action in the US that actually predates their injunction ordering them to allow third party payments and their contempt for disobeying.
I don't think people will "pay the premium" when Apple has to allow apps like YouTube to offer a $19/month plan alongside a $25/month plan for exactly the same thing. They have fought this entire decade to prevent that choice and argued it will cost them billions.
You have my apologies.
Have a great day!
What users want to install on their own computer is none of apple's business though.
Annoying, but if you’re delivering your app to semi-technical users, not really a problem.
I agree that Apple is dumb of course.
And also, software that is downloaded from itch.io app does not require notarization.
2. The expected income is way less than the developer fee, much less the expensive hardware required.
If it is good for the end-user, it is usually also good for the ecosystem a a whole, trust is valuable.
But ffs, they are rich enough to make this a lot less painful and hostile for developers.
And this is not a new thing, I used to develop games for iOS, from the very beginning, and while the process somewhat simplified over time, it was a huge cortisol inducing process, not to mention the regular forced OS+SDK updates where the procedures changes almost every time and could fail in not-so-evident ways.
The bad UX is really what irks me. Enough that I may entirely opt-out of the Apple ecosystem forever, and I don't think I am the only one feeling that way.
I'm so happy I moved to KDE which has options for everything. It was a breath of fresh air when I moved and it still is, every day.
On two occasions I've been completely dumbstruck when the software I was using was deleted out from under me. I'm not a fan of the overuse of "gaslight", but it sure felt like that when I had to restart Docker and the OS was like "what do you mean, Docker? You've never had Docker installed! What are you talking about? Are you feeling ok?"
https://news.ycombinator.com/item?id=42649790
I suspect what triggered it was the fact that the files had journeyed through many filesystems in their time - HFS, ext4, NTFS, APFS - and they probably picked up some unholy combination of impossible attributes.
I thought it was pretty egregious to have Apple helpfully try to delete important PDFs that I've been lugging around for years.
The Docker thing happened as described in my linked post. It happened with something else too, but again I can't remember. I wasn't planning on doing a post mortem so I guess I let the details slip!
In any case, I do like most of the OS' ways of doing things, including security. But it can be overzealous.
P.S. I'm not crazy! I'm not crazy!!!
finally you then take their response and staple it to your binary. Its a lot of steps.
laughs in Bundesdruckerei
At least I don't think they got to it, they only mention signing but not notarization.