13 comments

[ 5.2 ms ] story [ 43.8 ms ] thread
I wonder how does it affect Hackintosh community?
Probably not at all, they will just disable the checks or add another certification authority.
Hm, maybe time to run "Hackintosh" on a Macintosh.
How about no. When I don't have to pay 2x for an Apple laptop, ridden with thermal and keyboard issues and to carry dongles for everything ("but it's so thin!"), I'll be very happy to.

Until then, my X1E, which is durable, maintainable (still to an extent), has all the ports I might need, light, doesn't throttle, while more powerful, cost 1.7x less on top of that, AND running Mojave - will be making me happy, thank you very much.

I don't think it will, they run apps just like any Mac.
It seems like we keep losing more and more control over what we're allowed to run on our own machines.
Comply with the App Store or die :'(
Comply with a commercial operator or use free software. Make sure to buy hardware which supports such from the get-go, especially make sure the hardware can not be disabled or crippled by the manufacturer for violating some nonsensical licence. In plain English this now means "don't buy Apple hardware" as this platform is hostile to free software (e.g. T2 chip which shuts down the machine when 'unlicensed' software (read 'Linux') is used, etc).
No problem, I'll just add installation instructions to my software for users to disable notarization. Perhaps even an AppleScript, .pkg installer, or Terminal command to copy-paste to make the process easier.
No problem, I'll just remove software that requires me to disable notarization.
"Notarization is not App Review. The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly"

If they truly mean this, and only check done is for malicious content then it does not sound that bad except the ~100$ developer account each year to be paid to Apple. Tim Cook needs to be aware of developers being one of the main legs when it comes to creating a happy user base. If he treats them as second class citizens, then making shareholders happy will not last long.

The crowd here tends to interpret code signing requirements as nefarious steps down a slippery slope where Apple locks down macOS and applies draconian rules to deny us access to our own computers. The reality is a little more boring:

macOS has a growing malware problem. The initial solution to this was to introduce the Mac App Store in 2010, where users could acquire trusted apps that had been vetted by Apple.

But the Mac App Store wasn't successful by many measures and users continued acquiring apps elsewhere, including the occasional malware. So in 2012, Apple introduced Developer ID, tying every app to a developer identity which is supposed to be verified through the Apple Developer membership application. This means malware cannot be released by a nameless entity, and that it can be revoked.

However, having recently cleared off a relative's computer of something like 5 separate "Adobe Flash updaters" all signed by different, and apparently fake, developers, it seems that the $99 membership fee and identity verification was not enough to deter fraud and abuse in the program.

The logical next step to protect users is to give Apple more insight into what is being signed, so that they can be more proactive in detecting and blocking malware. Thus, notarization, which involves uploading a copy to Apple.

Apple's software engineering org is populated by some of the developers of your favorite open source projects and indie apps. They're not trying to destroy the platform that they love. In the past, they've given advanced users an escape hatch---option-click to run an unsigned app, Gatekeeper settings, System Integrity Protections settings---and I hope this doesn't change in 10.15. But they are trying to balance this with the needs of 99% of users who just want their Mac to be protected from malware.