Since the whole point of notarization is to give Apple the power to revoke malicious binaries on its system after-the-fact, this seems like it works by design, no? Apple quickly revoked the notarization once they were alerted of the malware.
Otherwise Apple would have to scan every single binary submitted for notarization, which then puts a pretty large onus on them should anything slip through.
If Apple didn't want scan every binary submitted for notarization then they didn't need to introduce the notarization. They already had the means to revoke malicious binaries after-the-fact by revoking the corresponding developer certificate. The main difference with notarization is that it forces binaries to be submitted to Apple early for inspection in comparison with signing using developer certificate which happens locally.
Wouldn’t you also want the ability to revoke just certain binaries? Let’s say a large company like Microsoft accidentally somehow got malware on their Excel app, you wouldn’t want to terminate the dev cert because that would also cancel Outlook, Word, PowerPoint, etc
If I'm not mistaken you can create as many code signing certificates as you want, so it makes sense to sign each application with its own certificate. Of course this wouldn't help when Apple "kills" the entire developer account I guess.
Nope, you can only generate 5 Developer ID Application certificates for the lifetime of your Developer account. It's a real pain to get another one, I had lost all of mine (didn't have a real Mac, so was using various temporary Hackintosh and KVM installs) and it took 2 months of emails to both Developer support and the Security team to get another one issued [and backed up].
That's a bit condescending. The signing stack is very complicated and folks often make mistakes when attempting to back up (export) the correct private key and certificate pair.
Moreover, they've had the ability to "revoke binaries" before notarization was a thing. There's a small antivirus scanner that runs on every app you download and on every dmg you mount, and shows a very scary warning if it detects known malware.
That's fine with me - if the developer was caught with one malware-infected app, I would worry about the other malware they shipped that wasn't caught.
Not true. They can make the certificate invalid after a certain date, while still allowing software signed before that date. This happened when Panic lost their signing certificate.
What else is the scanning of an uploaded executable than an (automated) review process though? The notarization process wouldn't be needed to implement a "kill-switch" for executables by revoking the certificate (code signing with an Apple certificate was required long before notarization). If anything, the notarization creates an illusion of security for the user which might be worse than an unsigned executable (because at least an unsigned exe looks shady right from the start, but a notarized exe had been scanned by Apple so it's ok to run, right?)
"Those checks passed ok" is an approval in itself. The notarization process has the outcome of either being approved or being denied. Approved means "officially agreed or accepted as satisfactory.".
When a Justice of the Peace notarises a piece of documentation, they are not vouching for authenticity they are only voicing for certain claims made: the document was presented on a certain date, and/or that this copy is an accurate facsimile of the provided original.
Notarisation for macOS similarly only means, “the developer presented us with their application and their certificate of authenticity and we signed it with the certificate that allows macOS to run it without complaining.”
There’s no attempt by Apple to claim that the application is safe or does what it says on the tin.
Scanning for malware is simply to avoid embarrassing situations me an author/publisher finding they’ve been compromised by some well known malware.
The outcome of notarisation is that the app has been notarised.
It’s like claiming that the outcome of toasting a sandwich is approval or rejection, no the outcome of toasting a sandwich is you have a sandwich that is toasted, aka “toasted sandwich.”
You might reject a sandwich which isn’t built properly (eg: has mismatched bread slices, is missing contents or smells of dynamite). But toasting the sandwich provided by the customer doesn’t mean you actually like it.
> There’s no attempt by Apple to claim that the application is safe or does what it says on the tin.
So that isn't part of the notarization process. It still was approved by Apple and thus was notarised.
> It’s like claiming that the outcome of toasting a sandwich is approval or rejection, no the outcome of toasting a sandwich is you have a sandwich that is toasted, aka “toasted sandwich.”
That's disingenuous. If I send a Sandwich to be toasted by Apple and get it back toasted that means the Sandwich was indeed approved by Apple since it has been toasted.
If I set up a toasting service and you sent me a ham and cheese sandwich spread with Nutella, you're going to get it back toasted. That doesn't mean that I approve of that nasty sandwich filling though.
Notarising is only the act of a trusted third party verifying that the signature on a document is valid.
Here's a grossly simplified version of what happens with Apple's notary service:
1. Developer writes program
2. Developer signs program to provide evidence to end-user that program has not been tampered with
3. Developer submits program and signature to Apple's notarising service
4. Apple signs program and developer's signature to tell macOS that this developer signature for this program has been seen by a trusted third party (the notary, in this case Apple) — the notary signature basically states that at this date and time the developer presented Apple with the program and the developer signature and that the developer signature is the correct one for that program
5. End user downloads program which includes signature by developer and signature by Apple
6. macOS compares program signature to developer signature
7. macOS compares checks that notary signature matches the program and developer signature
8. macOS now trusts that this program is what was published by the developer, and allows it to run
At no point in this sequence has Apple provided any testimony or recommendation about this program. Notarising is only about ensuring that what you are trying to run is what the developer wrote for you.
"Approval" on the other hand implies that Apple might "disapprove" something, which is not something that happens in the notarising service. A notarising request might be rejected if the applications contains known malware (because the presence of such is an exceptional circumstance which the developer needs to take urgent action to correct, not because Apple doesn't want to sign malware). It's like a Justice of the Peace recommending that you see a doctor if you turn up to ask for a witness to your signature while bleeding profusely from your ear. The JP is not refusing to witness your signature, they are simply suggesting that you have more urgent matters to attend to right now.
You're just making up stuff. You have no idea what you're talking about. You're clearly not a Mac developer.
Nobody should be listening to this long-winded fable spun out of yarn.
I mean, I could go through that whole thing and refute it line-by-line, but I'm just astonished that you think you get to invent all this stuff out of thin air. It's totally wrong, and you don't even have first-hand knowledge of it.
There are so many things I could say, but let's just start with the user experience on Catalina. If you try to open an unsigned app, you get a Gatekeeper alert that says "macOS cannot verify that this app is free from malware" and tells you to move the app to the Trash. (Of course we see from the linked article that the phrase "free from malware" has always been misleading.) Whereas for a notarized app, the Gatekeeper alert says "Apple checked it for malicious software and none was detected" and allows you to open the app. So to claim that this is not any kind of "approval" is just patently absurd.
Yes, those are the basic steps. The fundamental problem was with your technical understanding and interpretation of each of the steps. Also, you didn't answer my question as to whether you're a Mac developer.
I've already explained how the Gatekeeper dialogs prove that your conclusion is false. Moreover, the very page you just linked shows that your claims are false. You say, "At no point in this sequence has Apple provided any testimony or recommendation about this program. Notarising is only about ensuring that what you are trying to run is what the developer wrote for you." Whereas Apple says, "Gatekeeper on macOS helps protect users from downloading and installing malicious software", "Give users even more confidence in your software by submitting it to Apple to be notarized. The service automatically scans your Developer ID-signed software and performs security checks", etc.
This story has now dropped way down in the HN rankings, and it's likely that few people are reading these comments anymore except us, so I have no desire to write a long, point-by-point treatise on how you misunderstand Developer ID and notarization.
> What are you talking about? That's basically the process.
How do you know?
> But you'd only have some inconsequential pedantic details to change.
No, the writer completely misunderstands the entire purpose of the process, and consequently just makes up details about what the writer thinks ought to be happening. It sounds like more of a hypothetical than actual knowledge.
Notarized apps are allowed to run by macOS Gatekeeper. Non-notarized apps are rejected by macOS Gatekeeper. You can quibble about the word "approved", but notarization is very important nonetheless.
> The Apple notary service is an automated system that scans your software for malicious content, checks for code-signing issues, and returns the results to you quickly. [0]
Apple seem to be saying that it is more than a registration process. Not passing a human review would be bigger, but it is a review of a kind.
It's astonishing that the developer community is fine with requiring open source projects to pay $99/yr for notarization to run on macOS. Malware authors will happily pay the developer account fees, as seen here, while open source projects are seriously hindered.
It should be possible to verify developers and distribute open source apps without a cost on macOS.
How would that get them to waive the fee? If your app is open source and they wanted it that bad they could just build it themselves, or develop their own replacement for it, and anybody else can pound sand.
So let's Apple port, build and distribute open source for MacOS. I have no problem with that. Yet I bet it would cost Apple more than the money they do from the license they sell to OS developers.
But they're not going to do that for your project, only the ones they actually care about. In fact they already do this. Your macOS comes with bash (the old one because they don't like the new license) and a slew of other open source software. The whole thing is built on top of BSD. So they take what they want and then make you pay them for anything else.
No problem with MacOS having only the open source programs Apple care about. In that scenario if Apple want that developers keep buying their hardware they'll have care about a lot of software or hope that everybody will be happy to work in a Linux VM, possibly with a Linux desktop. Imagine a Mac with no docker, no GNU userland and dev tools (if they're a thing on MacOS), no vim, no Node, no Python, etc.
How is that supposed to help all the small time developers that are trying to get started on a side project and want to distribute it to their 200 existing customers who Apple doesn't care about at all?
They're not the developers I was thinking about. I was thinking about the kind of open source projects that are installed by 100k-100M people.
Misunderstanding sorted out, let's see. If I wanted to reach 200 customers on MacOS (real or leads) probably I can invest 0.5 USD per customer and see if I end up making some money because one of them hires me to do anything.
I think you underestimate how many power users use macOS. Most of their privacy and security marketing isn't really targeted at normal people. The avg. person doesn't really care that much.
It’s pretty impressive that Ubuntu and Arch (Power User-only experiences in my mind) are considered an alternative to macOS by anyone at all. It shows the Linux desktop is actually delivering something very valuable despite the numbers. Although that the numbers don’t tell the whole story isn’t really saying much.
What if it turned out that ease of use and OS-wide app consistency was the easy part all along? That building good APIs - which includes not changing them, making a good publishing experience - which includes not changing your rules every six months, and making your developers rich - which includes lowering fees - were the hard parts?
Besides the average person does care about privacy and security. Keychain is a product everyone on macOS and iOS uses. Imagine if the OS forced Private Browsing to actually work.
The thing to remember is that, under all the chrome and Apple styling, macOS is rooted in BSD. So the power users who enjoy the *nix-y bits of macOS and are looking for a replacement will look for something that gives them more of that.
Over the years I haven't found very many unix tools I couldn't install with homebrew. I'm also a big fan of the move from Bash to ZSH. Why start up a VM or SSH into another machine if I can just use Terminal or Iterm.
For what it's worth, look-and-feel is arguably more consistent on an OSS desktop than the average commercial workstation, these days. The vast majority of free apps and DEs are built on either GTK or QT, which have a broadly similar feel and can be themed to look identical. Meanwhile, closed/commerical apps are a mess of in-house toolkits and embedded web interfaces, and Windows even has several inconsistent styles in the base install.
I worked at SAP for seven years in their cloud business and about half the engineering staff had MBP laptops. Some engineering teams used only Macs. Operations was the same way. Engineering computer usage in India was mostly Windows, China was ~50% Macs, US/Canada was ~80% Macs, and Europe was ~50% Macs.
"One of the core issues in software engineering is that its approaches are not empirical enough because a real-world validation of approaches is usually absent, or very limited and hence software engineering is often misinterpreted as feasible only in a "theoretical environment.""
Software engineering is Engineering like sandwich Engineer is Engineering.
They should use "specialist". It's not like they are using science to prove something will work.
They do waive it for non-profits, if they have the right paperwork. I'm sure Mozilla/Apache/WordPress/Free Software Foundations could get a $0 key if they wanted.
I see your point and principle , but the salary-opportunity-cost on the number of hours that the average piece of OSS takes to develop would surely dwarf 99 dollars, making that fee maybe 1% of the total effective cost.
Insane is a bit of a strong word — it seems like a reasonable way to ensure that the world isn't flooded with incredibly low-effort apps. I know, I know — the world is already full of those, but I imagine it would be a lot worse if people didn't have to put down $99.
Also, the $99 is the blanket cost to be an Apple Developer, including access to the App Store, technical support, etc. and it seems like a reasonable fee to ensure those resources aren't swamped.
It is a shame about people who can't afford it — I know Apple has a scholarship program for students but I'm sure it can't do it for everyone. I'm not saying I'm in favor of it. But it seems like there are some pretty clear reasons why this is the way it is beyond "Apple greedy".
The app store is full of low effort apps, and the 99$ entry fee really doesn't matter.
I think it still is a "Apple greedy". If I were to operate a personal fleet of devices, I wouldn't be able to build my own software once and run it on the fleet. I'd have to build it everywhere. If Microsoft were to do the same thing, people certainly wouldn't be trying to rationalize it as anything else but the money grab that it is.
If you notice, I actually mentioned this in my comment. I think it would be much worse. $99 isn't enough to stop everyone from making crappy apps, but it's definitely enough to stop a lot. Think of every low-effort app made by some 12 year old who discovered Xcode for the first time.
> If I were to operate a personal fleet of devices, I wouldn't be able to build my own software once and run it on the fleet. I'd have to build it everywhere.
I don't understand what this means. If I understand you correctly, then no, you can definitely deploy internal apps to Apple devices without putting it on the App Store.
If I can deploy internal apps to Apple devices without getting them notarized, then open source devs can distribute their apps to their users without them being notarized too, no? What is the measurable difference here?
Obviously, open source apps still work today, but they won't soon. macOS will become a lot more like iOS soon.
> Also, the $99 is the blanket cost to be an Apple Developer, including access to the App Store, technical support, etc.
This is actually the problem. If an open source developer doesn't want access to the App Store, technical support, etc., they still have to pay for those things.
Code signing in general is a terrible industry. Malware authors gladly pay those fees, even for EV code signing certificates, because scamming has high margins.
$99 almost seems reasonable until you consider Apple bakes in a mechanism for curation (they own the signing keys, right?).
IMHO code signing should be separate from curation systems and should focus on tying code back to a specific individual, not a company. It’s a huge pain to change your identity vs starting a new company to distribute malware.
The current systems are built to wrest control of everything. They don’t care about quality or accountability.
I agree Apple should make the developer fee a nominal amount for all kinds of developers.
The baseline for a Mac or iOS OSS developer is still someone with a Mac and many hours of time to spend on non-paying work. So we're probably talking about students and the temporarily unemployed in first-world countries, not so much low-income counties.
Seems like a full developer account should be free for the asking for students, IMO.
$99/year is such a small amount relative to the costs of software development that it's hard to worry about. Meanwhile, there is good value. (The developer resources Apple provides are not free.)
You can argue that Apple should provide developer resources at no cost, but that just means someone else is paying for them or you will pay them in some other way... or do without.
I think at this point in the tech boom we can all understand that when a company gives you stuff of value at no cost there are significant tradeoffs and paybacks. In software development, I think you want most arrangements to be straightforward transactions. The strings attached to no-cost things tend to build up and cause problems, especially if you have success.
Edit: I struck a nerve, but I don't think this should be very controversial. I'll try to take the objections one at a time in comments.
The resources, time and hardware implicated in the production of open source software, when all added up represent far more than US$99, in terms of value.
You may say that a FLOSS project has no bank account, but it does not have $0 budget (unless it has no value, and is produced with nothing of value, by noone whose time has value).
Software development typically requires at least a computer (a Mac for MacOS and iOS development), internet service, and electricity.
Dwarfing those, though, is the significant time software development takes. For OSS, the time is donated, whether by individuals or by corporate sponsors who sometimes dedicate employee hours to projects of particular value to them. But in either case the donator has to be in a position to afford it, which typically means significant income from other means.
> But in either case the donator has to be in a position to afford it, which typically means significant income from other means.
Even if someone has the time and resources to contribute to OSS, it does not automatically follow that they should be willing to spend said time and resources on notarization (of all things).
Put another way, not every purchase is worthwhile just because you have a million dollars in the bank.
> The developer resources Apple provides are not free.
So then why is the charge for signing and not for developer tools? That way if I wanted to I could use somebody else's tools instead of paying Apple.
> I think at this point in the tech boom we can all understand that when a company gives you stuff of value at no cost there are significant tradeoffs and paybacks.
Which is why I paid so much for my copy of gcc. Wait, hold on.
Apple gives away Xcode and allows people to sign apps for their own iOS devices for free (although they must resign those apps every week). This is intended to allow students and other non-professional developers to learn to code and experiment with Apple developer tools without paying any money.
Of course, Apple spends huge amounts of money on developer infrastructure (Xcode, LLVM, and Swift, for example). Since each additional copy of a piece of software does not incur additional costs for the developer, Apple can subsidize the development of developer tools using the $99 fee taken from (generally) professional developers who wish to publish their apps on the App Store or take advantage of notarization on macOS.
Many major open-source projects are largely developed by employees of large technology companies and foundations with significant budgets. The Linux kernel's largest committers oftentimes work at companies like Red Hat and Intel. Just because you get a given piece of open-source software for free does not mean that its development was done by volunteers in their free time.
> Of course, Apple spends huge amounts of money on developer infrastructure (Xcode, LLVM, and Swift, for example).
So then why do I have to pay them if I'm using emacs and gcc and C++?
> Just because you get a given piece of open-source software for free does not mean that its development was done by volunteers in their free time.
Yet, in many cases, that's exactly what happened. And even when it isn't, if it's distributed under a free software license then it keeps them from screwing you over because any adverse changes can be reverted.
> So then why do I have to pay them if I'm using emacs and gcc and C++?
You may still be using developer resources like documentation. But yeah, a flat fee for a wide variety of services risks edge cases where someone using only minimal resources gets a poor deal. Of course, an alternative is a nickel-and-diming pay-as-you-go micro-transaction scheme, which your main users will hate.
Also, strictly speaking, you don't have to pay them. Vote with your dollars and platform support as a developer. If enough people do, Apple may reevaluate.
> You may still be using developer resources like documentation.
That's not any different. If I write a POSIX-compliant program then it should run on macOS without having used any of Apple's documentation. And if they charged for documentation (which is dumb) it would create a market for third party macOS documentation that I could use instead.
> But yeah, a flat fee for a wide variety of services risks edge cases where someone using only minimal resources gets a poor deal. Of course, an alternative is a nickel-and-diming pay-as-you-go micro-transaction scheme, which your main users will hate.
Offering a flat fee for everything is not inconsistent with offering individual things a la carte. They could offer both. But the bigger point is that it should be possible to produce and distribute software without having any business relationship with Apple whatsoever. I don't want to use anything they make, I just want to have access to my customers who use macOS.
> Also, strictly speaking, you don't have to pay them. Vote with your dollars and platform support as a developer. If enough people do, Apple may reevaluate
That doesn't work at this level of power imbalance. Your software would have to be important enough to get your customers to switch to a different platform, and not have any viable competitors who remain on macOS even if it means higher profits due to the reduced competition. In other words, you would have to be a monopoly yourself in order to have any leverage.
If I write an application in Java, it should run on macOS the same as it does anywhere else, and if it doesn't then I submit a bug report to the maintainers of the JRE. What do I need from Apple?
It doesn't have to be strictly to POSIX to not use anything Apple-specific, e.g. you can get a GUI using Qt or Gtk, or Java. For that matter, there are X.org implementations for macOS.
> Apple gives away Xcode and allows people to sign apps for their own iOS devices for free
Yes they do, to entice developers to build apps for their phones which they sell for a premium. Remember Ballmer (different company, similar context) .. Developers, developers, developers...
That doesn't change the fact that developer resources cost money that has to be paid for somehow.
If Apple doesn't charge developers, they could, e.g., pay for it through more margin on device sales, which means Apple customers are paying for it. That sounds nice for developers, but that's going to cause the developer resources to lose developer focus. Developer resources will be treated as marketing expenses and the scope and character of them will reflect this.
You're taking the current Apple developer program as an eternal truth, when in fact it has changed significantly over time.
Before the App Store, you could develop for the Mac completely free. There was a developer program, which was much more expensive than $99 per year, but it was mainly concerned with WWDC and pre-release builds. There was even a hardware discount for developers, which was very popular, and effectively made the developer program pay for itself in many cases.
> You're taking the current Apple developer program as an eternal truth, when in fact it has changed significantly over time.
Well, I've been developing Mac software for 25 years, so I've seen the developer program changes. Generally, it's gotten a lot cheaper and a lot better over time. (Except there's never been anything like the old Inside Macintosh books, and I guess there never will be.) I guess that's why $99/year doesn't bother me. Historically speaking, it's a great deal.
I'm sure there are more changes to come, but none of us knows what that will be, so there's not much to discuss.
> Before the App Store, you could develop for the Mac completely free.
I haven't kept track of a timeline on this, so I'm sure you're right, but you're talking about a transient state. Before Xcode you had to pay a lot for Apple's developer tools (which I can't remember the name of), or pay a lot for the superior (or so I believed at the time) CodeWarrior. At first, Xcode itself wasn't exactly free, because it was bundled with the OS updates, which cost a decent amount back then.
I guess at various times there has been more or less you could do at the free tier, but it has seemed to me that you could only rarely do a decent job of releasing and supporting mac apps without paying for something.
> At first, Xcode itself wasn't exactly free, because it was bundled with the OS updates, which cost a decent amount back then.
Xcode and Mac OS X were included on disc with Mac hardware. This is how I became a developer.
When Mac OS X was released, that was the period when Apple truly embraced open source and Unix. Since iPhone, however, there's been a lot of backtracking in that area, which I find very unfortunate.
In general, macOS is becoming more and more like iOS. Consequently, it is becoming more hostile to openness.
The world is bigger than the US, Im from a fairly wealthy part of the world on average - - eastern Europe but I can't afford it or buy their products just so I can use their tooling. Probably people living in poorer parts of the world are laughing even harder.
When did this change? You need to codesign/notarize your application lest users get the super scary warning that tells them to move it to trash when they try to run it. Apple literally tells your users your app is garbage unless you pay for this. Definition of a shakedown.
> you can publish macOS software without paying $99 year.
Can you point to straightforward apple instructions for doing so?
I publish an open source project used in classrooms, mostly used by my own students but also others. Despite strong and principled objections, which I hung on to for years, I have simply given up and now pay the fee. I'd love to not have apple be the gatekeeper. But they are. Every release, every update, every summer when I go to fix a few bugs, the restrictions get tighter and tighter, and old workarounds stop working.
I work entirely on Linux and Win10, but I maintain a mac laptop and pay the $99/yr out of pocket just to keep this project alive. I've spent tens of days trying to find a way around either of these requirements, but it's just too difficult (for me, or for my students, or for others wanting to try my software).
There are several such apps and open-source tools that are not notarized, some quite popular. Some of them provide those instructions next to their download links.
Exactly which part of “Download → Right-click → Open → Confirm” is user-unfriendly?
Those steps are literally all it takes. It’s barely 40 keystrokes to list them.
As a user and the resident tech support for people young and old, I am glad that there’s such a barrier against the execution of arbitrary software and it’s easily skippable if one so explicitly chooses.
In any case, how is it any worse than the Windows nag prompts that people accepted more than a decade ago?
The linked article clearly demonstrates that running apps without notarization on macOS is much more complicated than you describe it to be, to the point of it feeling insurmountable for less technical users.
Perhaps you've configured your device in a way that gives you an easier execution path, or the app is employing a workaround to bypass Gatekeeper.
> what gets me every time is that the "right-click" trick only works the second time you try to launch the app. The first time, right-click or not, MacOS won't let you launch the app.
From what I've read, Apple will require notarization on Apple silicon. If that holds for both desktop apps and cli software, it would be neigh impossible to use a mac for development. So I imagine/hope they will have a way of handling OSS better.
That's not true. They're requiring all executables to be signed on Apple Silicon systems, but that's as an ad hoc signature added by the linker at link time. There's no additional cost or overhead on AS.
I think open source licenses are ripe for an update with the following clauses to deal with FAANG companies:
This software shall not be used on platforms that hinder users in their free choice of software.
This software shall not be used to create or in conjunction with adware, spyware, or other malicious software.
(Perhaps after a lawyer has reworded it properly so people can't pretend to not understand what is meant here)
Another one I'd like to see is:
This software is free for personal use, and for commercial use by companies with an annual revenue less than $1B.
(For commercial uses that are not covered by this license, please contact our licensing department)
If malware is going to ignore a variety of other things, do you honestly think they'd abide any licensing? I doubt they really care and will happily break that agreement and they're fine doing so until someone can take them to court to stop it (who's going to pay that fee? and I doubt finding the author of such malware is going to be particularly easy, never mind their country of operation may not even make any of this straight forward at all)
> This software is free for personal use, and for commercial use by companies with an annual revenue less than $1B.
I've been advocating for something similar:
> This software is free for any entity that does not contain material stakeholders (bond holders, debt holders, etc) that are billionaires. A yearly licence fee of $1m waives this requirement.
Something like that. I'm sick of wealth centralization. If a startup wants to use the software, great! Once Peter Thiel invests though it's $1m a year. My core beef with billionaires is that they do not pay their fair share in taxes. The push all their money into shell companies or park it overseas and we end up with doctors that actually save peoples lives paying double or triple the tax rate that the ultra wealthy pay.
"My core beef with billionaires is that they do not pay their fair share in taxes."
Mine is pretending they're not freeloading. A close second is the performant persecution complex. Third might be the rationalist rhetoric about slippery slopes (eg anything less than Freedom Markets™ is socialism).
These would be "field of use" restrictions. Licenses with these kinds of restrictions are normally not considered open source (see items 5 and 6 of both the DFSG and the OSD).
I appreciate your eagerness and positivity but I fear it's not a solution. After all, who defines 'hinder', 'adware' or 'spyware'? (I'm reminded of the phrase "one man's terrorist is another man's freedom fighter".) Any company willing to make adware/spyware probably isn't above ignoring a plea in a license agreement. There are laws against burglary, assault, embezzlement, murder, too, and even with very harsh penalties (e.g. death penalty) they are not always sufficient to deter all criminal behavior.
A $1B limit? no problem - "we'll just send this over to our little 500M subsidiary."
the root problem is the consumer doesn't care and there is a cultural lack of care and trust and humanity. I don't know of any solution to this but the problem runs extremely deep. In fact, there may be no cure, as these problems are noted as the cardinal sins the Christian bible documented and Dante' famously illustrated : Lust, Gluttony, Greed, Sloth, Wrath, Envy, Pride. Solve that and the rest comes easy.
The developer account is much cheaper than lawyers and process required to set up a 500M subsidiary, so I don't think we even need to think of this edge case.
“This software shall not be used on platforms that hinder users in their free choice of software”
That’s the GPL, isn’t it? Version 3 was specifically created to close loopholes w.r.t. to that (https://en.wikipedia.org/wiki/Tivoization: “Tivoization is the creation of a system that incorporates software under the terms of a copyleft software license (like the GPL), but uses hardware restrictions or digital rights management to prevent users from running modified versions of the software on that hardware“)
No that line is different from the GPL. For example, you could still sell the software without distributing the source or without allowing users to link against your code.
The title is not justified. Nowhere in the text is it proven that it was approved by accident. It might have been an employee acting with malice aforethought
Maybe "erroneously" is a better word than accidentally. That's the word Apple used when apologizing to Charlie Munroe for their automated systems revoking his Apple Developer ID and remotely disabling his published Mac apps:
"We determined that your app Downie 4 was erroneously identified as malicious due to invalid logic in our malware detection system. This triggered the revocation of your certificate under Section 5.4 of the Developer Program License Agreement."
Apple created a process whereby applications are run through automated checks for malware in order to be approved for installation on MacOS by the public. The title is accurate. The process isn’t perfect, but human review isn’t perfect either. One issue this brings up is the false sense of security that review and approval processes such as this create among users.
Notarization doesn't actually review the software. It's just a financial and technical barrier to reduce (not absolutely prevent) the spread of mutant versions of malware.
133 comments
[ 5.2 ms ] story [ 186 ms ] threadOtherwise Apple would have to scan every single binary submitted for notarization, which then puts a pretty large onus on them should anything slip through.
That's a big hammer because it breaks everything that was ever signed with the certificate.
1: https://developer.apple.com/documentation/xcode/notarizing_m...
It's a pass of checks that might or might not find something.
It's not some official stamp of approval, except to say "those checks passed ok".
Notarisation for macOS similarly only means, “the developer presented us with their application and their certificate of authenticity and we signed it with the certificate that allows macOS to run it without complaining.”
There’s no attempt by Apple to claim that the application is safe or does what it says on the tin.
Scanning for malware is simply to avoid embarrassing situations me an author/publisher finding they’ve been compromised by some well known malware.
The outcome of notarisation is that the app has been notarised.
It’s like claiming that the outcome of toasting a sandwich is approval or rejection, no the outcome of toasting a sandwich is you have a sandwich that is toasted, aka “toasted sandwich.”
You might reject a sandwich which isn’t built properly (eg: has mismatched bread slices, is missing contents or smells of dynamite). But toasting the sandwich provided by the customer doesn’t mean you actually like it.
So that isn't part of the notarization process. It still was approved by Apple and thus was notarised.
> It’s like claiming that the outcome of toasting a sandwich is approval or rejection, no the outcome of toasting a sandwich is you have a sandwich that is toasted, aka “toasted sandwich.”
That's disingenuous. If I send a Sandwich to be toasted by Apple and get it back toasted that means the Sandwich was indeed approved by Apple since it has been toasted.
Here's a grossly simplified version of what happens with Apple's notary service:
1. Developer writes program 2. Developer signs program to provide evidence to end-user that program has not been tampered with 3. Developer submits program and signature to Apple's notarising service 4. Apple signs program and developer's signature to tell macOS that this developer signature for this program has been seen by a trusted third party (the notary, in this case Apple) — the notary signature basically states that at this date and time the developer presented Apple with the program and the developer signature and that the developer signature is the correct one for that program 5. End user downloads program which includes signature by developer and signature by Apple 6. macOS compares program signature to developer signature 7. macOS compares checks that notary signature matches the program and developer signature 8. macOS now trusts that this program is what was published by the developer, and allows it to run
At no point in this sequence has Apple provided any testimony or recommendation about this program. Notarising is only about ensuring that what you are trying to run is what the developer wrote for you.
"Approval" on the other hand implies that Apple might "disapprove" something, which is not something that happens in the notarising service. A notarising request might be rejected if the applications contains known malware (because the presence of such is an exceptional circumstance which the developer needs to take urgent action to correct, not because Apple doesn't want to sign malware). It's like a Justice of the Peace recommending that you see a doctor if you turn up to ask for a witness to your signature while bleeding profusely from your ear. The JP is not refusing to witness your signature, they are simply suggesting that you have more urgent matters to attend to right now.
Nobody should be listening to this long-winded fable spun out of yarn.
I mean, I could go through that whole thing and refute it line-by-line, but I'm just astonished that you think you get to invent all this stuff out of thin air. It's totally wrong, and you don't even have first-hand knowledge of it.
So you're admitting that you don't know what it is?
Are you or are you not a Mac developer who notarizes and distributes Mac software?
The process is described at a high level by Apple here: https://developer.apple.com/developer-id/
1. Developer signs their app
2. Developer sends signed app to Apple for Notarisation
3. Apple provides notary signature
4. Developer distributes notarised app
I've already explained how the Gatekeeper dialogs prove that your conclusion is false. Moreover, the very page you just linked shows that your claims are false. You say, "At no point in this sequence has Apple provided any testimony or recommendation about this program. Notarising is only about ensuring that what you are trying to run is what the developer wrote for you." Whereas Apple says, "Gatekeeper on macOS helps protect users from downloading and installing malicious software", "Give users even more confidence in your software by submitting it to Apple to be notarized. The service automatically scans your Developer ID-signed software and performs security checks", etc.
This story has now dropped way down in the HN rankings, and it's likely that few people are reading these comments anymore except us, so I have no desire to write a long, point-by-point treatise on how you misunderstand Developer ID and notarization.
What are you talking about? That's basically the process.
>I mean, I could go through that whole thing and refute it line-by-line
But you'd only have some inconsequential pedantic details to change.
How do you know?
> But you'd only have some inconsequential pedantic details to change.
No, the writer completely misunderstands the entire purpose of the process, and consequently just makes up details about what the writer thinks ought to be happening. It sounds like more of a hypothetical than actual knowledge.
It would be news if it was on the App Store, which has a review.
Apple seem to be saying that it is more than a registration process. Not passing a human review would be bigger, but it is a review of a kind.
[0] https://developer.apple.com/documentation/xcode/notarizing_m...
It should be possible to verify developers and distribute open source apps without a cost on macOS.
They have you over a barrel and they know it.
Misunderstanding sorted out, let's see. If I wanted to reach 200 customers on MacOS (real or leads) probably I can invest 0.5 USD per customer and see if I end up making some money because one of them hires me to do anything.
I think you greatly overestimate how much Apple cares about this.
What if it turned out that ease of use and OS-wide app consistency was the easy part all along? That building good APIs - which includes not changing them, making a good publishing experience - which includes not changing your rules every six months, and making your developers rich - which includes lowering fees - were the hard parts?
Besides the average person does care about privacy and security. Keychain is a product everyone on macOS and iOS uses. Imagine if the OS forced Private Browsing to actually work.
What demographic is this? College kids and Apple employees?
It seems like minor benefit in an otherwise atrocious platform.
What commands are you sending your macbook outside installations?
It's not like you are running a server, you still need to SSH into the server to do anything.
If you are technology literate, you've seen the evils of Apple for decades.
A power user fixes their own problem, not waits years for Apple to fix it.
I've seen them at University and some non STEM students homes.
That said, I see iPhones at work, but probably because they are not critical to doing anything other than email.
Software engineering is Engineering like sandwich Engineer is Engineering.
They should use "specialist". It's not like they are using science to prove something will work.
Not sure if related.
Your assessment only works for working developers in high income countries. And even then requiring 99 dollars is insane.
Also, the $99 is the blanket cost to be an Apple Developer, including access to the App Store, technical support, etc. and it seems like a reasonable fee to ensure those resources aren't swamped.
It is a shame about people who can't afford it — I know Apple has a scholarship program for students but I'm sure it can't do it for everyone. I'm not saying I'm in favor of it. But it seems like there are some pretty clear reasons why this is the way it is beyond "Apple greedy".
If you notice, I actually mentioned this in my comment. I think it would be much worse. $99 isn't enough to stop everyone from making crappy apps, but it's definitely enough to stop a lot. Think of every low-effort app made by some 12 year old who discovered Xcode for the first time.
> If I were to operate a personal fleet of devices, I wouldn't be able to build my own software once and run it on the fleet. I'd have to build it everywhere.
I don't understand what this means. If I understand you correctly, then no, you can definitely deploy internal apps to Apple devices without putting it on the App Store.
This is actually the problem. If an open source developer doesn't want access to the App Store, technical support, etc., they still have to pay for those things.
Lol. In my experience a fee is a way to _ensure_ it is filled with incredibly low-effort apps (which tend to be the most profitable).
$99 almost seems reasonable until you consider Apple bakes in a mechanism for curation (they own the signing keys, right?).
IMHO code signing should be separate from curation systems and should focus on tying code back to a specific individual, not a company. It’s a huge pain to change your identity vs starting a new company to distribute malware.
The current systems are built to wrest control of everything. They don’t care about quality or accountability.
The baseline for a Mac or iOS OSS developer is still someone with a Mac and many hours of time to spend on non-paying work. So we're probably talking about students and the temporarily unemployed in first-world countries, not so much low-income counties.
Seems like a full developer account should be free for the asking for students, IMO.
You can argue that Apple should provide developer resources at no cost, but that just means someone else is paying for them or you will pay them in some other way... or do without.
I think at this point in the tech boom we can all understand that when a company gives you stuff of value at no cost there are significant tradeoffs and paybacks. In software development, I think you want most arrangements to be straightforward transactions. The strings attached to no-cost things tend to build up and cause problems, especially if you have success.
Edit: I struck a nerve, but I don't think this should be very controversial. I'll try to take the objections one at a time in comments.
Huh? Some Open Source/Free software have a $0 budget.
You may say that a FLOSS project has no bank account, but it does not have $0 budget (unless it has no value, and is produced with nothing of value, by noone whose time has value).
Dwarfing those, though, is the significant time software development takes. For OSS, the time is donated, whether by individuals or by corporate sponsors who sometimes dedicate employee hours to projects of particular value to them. But in either case the donator has to be in a position to afford it, which typically means significant income from other means.
Even if someone has the time and resources to contribute to OSS, it does not automatically follow that they should be willing to spend said time and resources on notarization (of all things).
Put another way, not every purchase is worthwhile just because you have a million dollars in the bank.
So then why is the charge for signing and not for developer tools? That way if I wanted to I could use somebody else's tools instead of paying Apple.
> I think at this point in the tech boom we can all understand that when a company gives you stuff of value at no cost there are significant tradeoffs and paybacks.
Which is why I paid so much for my copy of gcc. Wait, hold on.
Of course, Apple spends huge amounts of money on developer infrastructure (Xcode, LLVM, and Swift, for example). Since each additional copy of a piece of software does not incur additional costs for the developer, Apple can subsidize the development of developer tools using the $99 fee taken from (generally) professional developers who wish to publish their apps on the App Store or take advantage of notarization on macOS.
Many major open-source projects are largely developed by employees of large technology companies and foundations with significant budgets. The Linux kernel's largest committers oftentimes work at companies like Red Hat and Intel. Just because you get a given piece of open-source software for free does not mean that its development was done by volunteers in their free time.
So then why do I have to pay them if I'm using emacs and gcc and C++?
> Just because you get a given piece of open-source software for free does not mean that its development was done by volunteers in their free time.
Yet, in many cases, that's exactly what happened. And even when it isn't, if it's distributed under a free software license then it keeps them from screwing you over because any adverse changes can be reverted.
You may still be using developer resources like documentation. But yeah, a flat fee for a wide variety of services risks edge cases where someone using only minimal resources gets a poor deal. Of course, an alternative is a nickel-and-diming pay-as-you-go micro-transaction scheme, which your main users will hate.
Also, strictly speaking, you don't have to pay them. Vote with your dollars and platform support as a developer. If enough people do, Apple may reevaluate.
That's not any different. If I write a POSIX-compliant program then it should run on macOS without having used any of Apple's documentation. And if they charged for documentation (which is dumb) it would create a market for third party macOS documentation that I could use instead.
> But yeah, a flat fee for a wide variety of services risks edge cases where someone using only minimal resources gets a poor deal. Of course, an alternative is a nickel-and-diming pay-as-you-go micro-transaction scheme, which your main users will hate.
Offering a flat fee for everything is not inconsistent with offering individual things a la carte. They could offer both. But the bigger point is that it should be possible to produce and distribute software without having any business relationship with Apple whatsoever. I don't want to use anything they make, I just want to have access to my customers who use macOS.
> Also, strictly speaking, you don't have to pay them. Vote with your dollars and platform support as a developer. If enough people do, Apple may reevaluate
That doesn't work at this level of power imbalance. Your software would have to be important enough to get your customers to switch to a different platform, and not have any viable competitors who remain on macOS even if it means higher profits due to the reduced competition. In other words, you would have to be a monopoly yourself in order to have any leverage.
These are conflicting statements. You will have a very difficult time supporting your Apple-using customers without using any Apple stuff yourself.
Yes they do, to entice developers to build apps for their phones which they sell for a premium. Remember Ballmer (different company, similar context) .. Developers, developers, developers...
If Apple doesn't charge developers, they could, e.g., pay for it through more margin on device sales, which means Apple customers are paying for it. That sounds nice for developers, but that's going to cause the developer resources to lose developer focus. Developer resources will be treated as marketing expenses and the scope and character of them will reflect this.
Before the App Store, you could develop for the Mac completely free. There was a developer program, which was much more expensive than $99 per year, but it was mainly concerned with WWDC and pre-release builds. There was even a hardware discount for developers, which was very popular, and effectively made the developer program pay for itself in many cases.
They don't spend all their money!
Yup, a bit glib but it gets to the essence...
Well, I've been developing Mac software for 25 years, so I've seen the developer program changes. Generally, it's gotten a lot cheaper and a lot better over time. (Except there's never been anything like the old Inside Macintosh books, and I guess there never will be.) I guess that's why $99/year doesn't bother me. Historically speaking, it's a great deal.
I'm sure there are more changes to come, but none of us knows what that will be, so there's not much to discuss.
> Before the App Store, you could develop for the Mac completely free.
I haven't kept track of a timeline on this, so I'm sure you're right, but you're talking about a transient state. Before Xcode you had to pay a lot for Apple's developer tools (which I can't remember the name of), or pay a lot for the superior (or so I believed at the time) CodeWarrior. At first, Xcode itself wasn't exactly free, because it was bundled with the OS updates, which cost a decent amount back then.
I guess at various times there has been more or less you could do at the free tier, but it has seemed to me that you could only rarely do a decent job of releasing and supporting mac apps without paying for something.
Xcode and Mac OS X were included on disc with Mac hardware. This is how I became a developer.
When Mac OS X was released, that was the period when Apple truly embraced open source and Unix. Since iPhone, however, there's been a lot of backtracking in that area, which I find very unfortunate.
In general, macOS is becoming more and more like iOS. Consequently, it is becoming more hostile to openness.
There is NO "requirement" for notarization. This FUD keeps getting perpetuated, but you can publish macOS software without paying $99 year.
> It should be possible to verify developers and distribute open source apps without a cost on macOS.
The cost is convincing your users to trust you and allow your unsigned app to bypass Gatekeeper.
I've seen some tools do just that, explaining that they cannot afford the notarization fee.
For now, a dev has to add an explanation next to the download link, and let the users decide.
Can you point to straightforward apple instructions for doing so?
I publish an open source project used in classrooms, mostly used by my own students but also others. Despite strong and principled objections, which I hung on to for years, I have simply given up and now pay the fee. I'd love to not have apple be the gatekeeper. But they are. Every release, every update, every summer when I go to fix a few bugs, the restrictions get tighter and tighter, and old workarounds stop working.
I work entirely on Linux and Win10, but I maintain a mac laptop and pay the $99/yr out of pocket just to keep this project alive. I've spent tens of days trying to find a way around either of these requirements, but it's just too difficult (for me, or for my students, or for others wanting to try my software).
Take a look at how other apps do it, such as:
• MacDown https://macdown.uranusjr.com (also on GitHub)
Download → Right/Control-click → Open → Confirm
There are several such apps and open-source tools that are not notarized, some quite popular. Some of them provide those instructions next to their download links.
https://news.ycombinator.com/item?id=24217116
Those steps are literally all it takes. It’s barely 40 keystrokes to list them.
As a user and the resident tech support for people young and old, I am glad that there’s such a barrier against the execution of arbitrary software and it’s easily skippable if one so explicitly chooses.
In any case, how is it any worse than the Windows nag prompts that people accepted more than a decade ago?
Perhaps you've configured your device in a way that gives you an easier execution path, or the app is employing a workaround to bypass Gatekeeper.
It seems MacDown uses such a temporary workaround to make the process less painful for macOS users: https://github.com/MacDownApp/macdown/issues/1106#issuecomme...
https://news.ycombinator.com/item?id=24219099
Another one I'd like to see is:
https://news.ycombinator.com/item?id=5138866
I've been advocating for something similar:
> This software is free for any entity that does not contain material stakeholders (bond holders, debt holders, etc) that are billionaires. A yearly licence fee of $1m waives this requirement.
Something like that. I'm sick of wealth centralization. If a startup wants to use the software, great! Once Peter Thiel invests though it's $1m a year. My core beef with billionaires is that they do not pay their fair share in taxes. The push all their money into shell companies or park it overseas and we end up with doctors that actually save peoples lives paying double or triple the tax rate that the ultra wealthy pay.
Mine is pretending they're not freeloading. A close second is the performant persecution complex. Third might be the rationalist rhetoric about slippery slopes (eg anything less than Freedom Markets™ is socialism).
A $1B limit? no problem - "we'll just send this over to our little 500M subsidiary."
the root problem is the consumer doesn't care and there is a cultural lack of care and trust and humanity. I don't know of any solution to this but the problem runs extremely deep. In fact, there may be no cure, as these problems are noted as the cardinal sins the Christian bible documented and Dante' famously illustrated : Lust, Gluttony, Greed, Sloth, Wrath, Envy, Pride. Solve that and the rest comes easy.
> A $1B limit? no problem - "we'll just send this over to our little 500M subsidiary."
The new license can acknowledge this too
That’s the GPL, isn’t it? Version 3 was specifically created to close loopholes w.r.t. to that (https://en.wikipedia.org/wiki/Tivoization: “Tivoization is the creation of a system that incorporates software under the terms of a copyleft software license (like the GPL), but uses hardware restrictions or digital rights management to prevent users from running modified versions of the software on that hardware“)
"We determined that your app Downie 4 was erroneously identified as malicious due to invalid logic in our malware detection system. This triggered the revocation of your certificate under Section 5.4 of the Developer Program License Agreement."
https://blog.charliemonroe.net/a-day-without-business/