763 comments

[ 3.2 ms ] story [ 389 ms ] thread
“In other news, Apple has quietly backdoored the end-to-end cryptography of iMessage.”

Is this substantiated somewhere? It seems like a big deal if there is any truth to it.

It's explained right there in the text: it's via iCloud Backup, which Apple makes no secrets about:

- backing up your iMessages: https://support.apple.com/en-us/HT207428

- not being end to end encrypted: https://support.apple.com/en-us/HT202303

It's listed as being "encrypted in storage" and "encrypted in transit", which is a fancy way of saying "we use encrypted disks and TLS, all of which we have the keys for".

Further down on the page, they have a list of things that are end-to-end encrypted. iCloud Backups are not in that list.

It's not a secret.

Ok - so it’s complete bullshit. iMessage is end to end encrypted. There is no back door. The article is lying.

On the other hand it’s true that iCloud backups are not encrypted. That’s a major problem. Worse in many ways since all your private documents, tax returns etc, are in there too.

But let’s not lie about iMessage not being end to end encrypted. It certainly is.

The problem is that the end is then backed up to an unencrypted disk.

These two things are not equivalent. In one instance Apple can be compelled to provide access. In the other instance any man in the middle can intercept.

Please - there are real problems to criticize Apple for. Let’s not muddy the water with lies.

iCloud Backup, on by default, backs up the complete plaintext iMessage history to Apple via the network, automatically, using Apple keys.

It also backs up the device's iMessage keys, to Apple via the network, automatically, using Apple keys. That's called key escrow.

The plaintext message content backup bypasses the end-to-end encryption entirely, providing the service-in-the-middle with complete plaintext.

Apple is the only "man in the middle" for iMessage - all encrypted iMessages transit their servers (using TLS, separate from the iMessage message encryption). Apple, via software changes, has gained possession of the user's iMessage key, and the message is no longer opaque to them when relaying it, and it is not end-to-end encrypted. The party in the middle (Apple) can read all of the messages, just as if it were two different TLS sessions to each user with no encrypted payload (the way most non-e2e messaging is implemented).

Alternately, if Apple, via software changes, has caused the plaintext message content to be relayed back to Apple post-decryption, it is no longer end-to-end encrypted, as the service in the middle is no longer zero-knowledge, and has come into possession of the plaintext.

If that's not a backdoor, I don't know what is.

EDIT: (responding to comment below, throttled)

From https://support.apple.com/en-us/HT202303

> Messages in iCloud also uses end-to-end encryption. If you have iCloud Backup turned on, your backup includes a copy of the key protecting your Messages. This ensures you can recover your Messages if you lose access to iCloud Keychain and your trusted devices. When you turn off iCloud Backup, a new key is generated on your device to protect future messages and isn't stored by Apple.

So if you have "Messages in iCloud" enabled, it backs up your iMessage encryption key (Apple already has the ciphertext from the iMessage service). If you have "Messages in iCloud" disabled, it backs up the plaintext of the messages themselves from your device.

In both cases, Apple can read all of your iMessages, either because their software on your device gave them the key (iCloud Backup=on, Messages in iCloud=on), or because their software on your device gave them the plaintext (iCloud Backup=on, Messages in iCloud=off).

Can you substantiate that the keys are backed up?

Is messages in iCloud on by default? I remember being asked.

Your keys would be backed up in the cloud to ensure you can decrypt your restored imessage backup to a new device.
No - only the session keys for those messages need to be backed up for that.
Just turn off iCloud backup. It’s what I do.
And everyone you iMessage with? Both parties to the conversation have the plaintext and a key that will decrypt the whole conversation.

Unless you are 100% certain that everyone you iMessage with has also done this, your conversations are still not reliably private.

Even then, Apple can silently inject additional escrowed wiretap keys into the keylist for one or both participants, although this is an active attack and can be detected by monitoring changes to the keylist for a given phone number or Apple ID provided by Apple's iMessage APIs.

iMessage is not a security or privacy-first messaging app. It is a fun and usable messaging app with decent efforts towards privacy and no user tracking. The only messaging app that goes all the way with privacy is Signal, which I use for most of my communication. But Apple is focused on the user experience, and there are some fundamental trade offs with user experience that are not necessary for most users. Most users are never going to be subpoenaed by the police.
Look, iCloud Backup is the weak link here. I don't actually know if your messages will still be in other peoples' backups even if you turn off iCloud Backup, but I also don't know enough about the security model one way or another to be able to say, and I haven't seen evidence provided. I'm willing to believe that they are, just for the sake of argument.

What I was trying to say is that Apple is trying to make it as easy as possible for people to recover their messages, because this covers most peoples' threat models, which do not include protecting data from subpoena. Signal is great technology but the fact is it doesn't sync messages between devices because they haven't figured out how to do that in a way that's fully secure. This is a feature that tons of iPhone users want and are not willing to sacrifice for higher security. What am I missing?

> Just turn off iCloud backup. It’s what I do.

But is this problem a problem just at the personal level? The big problem lies at a societal level. And does it then help that a few computer hackers are informed enough to make an important (and crippling) technical decision?

The problem at the societal level is that people prefer convenience to security. The number of people that would forget their password, lose their entire message history, and blame Apple for it is huge. If you have everything end-to-end encrypted, that's the support burden you're looking at, and it's absolutely nontrivial.
“Alternately, if Apple, via software changes, has caused the plaintext message content to be relayed back to Apple post-decryption, it is no longer end-to-end encrypted, as the service in the middle is no longer zero-knowledge, and has come into possession of the plaintext.”

Is just conjecture about something they could do, or is there some evidence that they have done this?

Why are you so quick to defend proprietary software against users?

No way to show from proprietary crap that whatever potentially bogus encryption iMessage clients pretend to have isn't bypassed on the server side. And Apple has historically been hostile to user privacy.

Users are the weakest link on the chain. They should be pre-emptively defended. Not the trillionaire companies. They should have the burden to prove - by providing the source and reproducible builds to their paying customers.

Who should ‘defend’ these weak users? The government?
Thanks for summarizing a bunch of changes that make me depressed about modern computing. Now Android, 'privacy apple' macOS, iOS & Windows all act in similar way. The only thing left is bad user experience linux.
I've opted to purchase the new MBAir, and will only use it in conjunction with a travel router, on which I have root, and can default-deny all network traffic from the laptop except for the stuff I explicitly permit. Dual-Wi-Fi, small travel routers will run for quite some time on a USB battery pack.

I've been meaning to do this for some time anyway, due to the pervasive spyware that's embedded in most iOS apps, which Apple explicitly permits in the App Store. One travel router device should serve me for phone+tablet+laptop. I'll probably have it just do LTE+WireGuard back to a server I run, and then do all of the filtering/monitoring on the VPN server.

It sucks that it's come to this. Hopefully Apple can find their way back. I have a machine running KDE Plasma, which is worlds better than it was in years past, but still has enough rough edges compared to macOS's mirror sheen that it's annoying to use. I'm keeping my intel rMBP 16" I just got as it's likely the last machine of this quality level that will be able to run such a system.

> Hopefully Apple can find their way back.

It's not going to happen. Apple talks up privacy and security but the truth is they don't care about those things. What they care about is having a locked-down platform because locked-down platforms make Apple $hitloads more money than open general-purpose computers.

Let's take another example: Remember back before 9/11 and you didn't have to show an ID when you boarded a plane? The airlines hated that because it meant people could resell tickets when they changed their plans, and there was no way for the airlines to get a cut of that money. After 9/11, the Feds made the airlines ask for ID, which the airlines absolutely loved because it destroyed the secondary market for unused tickets. Of course they didn't frame it this way--the airlines said "they were happy to help enforce additional security measures"--even though you and I both know that asking for ID before boarding a plane is just another aspect of security theater.

Apple is doing the same thing. Locked-down platforms they justify with security theater are making Apple a lot of money. They have absolutely no incentive to change anything.

> It's not going to happen.

I'm allowed to hope, I've been using macs continuously since I was 4 years old, over 30 years.

The time to choose to stop being exploited is, ever and always, now.
It's likely that I have purchased my last mac and last iPhone this month. This post marks the end of an era, and a real-life humanscale era, not a computer-time one: 30+ years!

I'll miss it.

EDIT: It's possible that via bputil(1) run from the Recovery partition that the signed system volume checks might be disabled in M1 macOS 11. This means I could remove the plists for certain intrusive/telemetry system services and still boot. I've updated the post, and will write more about it once I have the equipment in hand.

https://keith.github.io/xcode-man-pages/bputil.1.html

I've been using Macs since 1984. I bought a Lisa to do development for the Mac after Steve Jobs came to my university and told us we could buy his weird new computer for half price. Guy Kawasaki mailed me printouts of new sections of Inside Macintosh every month. I've single-handedly bought several hundred Macs (mostly through my employer) over the years, fighting prejudice and bias the whole time about Macs not being "real computers." I had a rack of about 50 XServes at one point that was my lab's private supercomputer.

But I'm about done. Apple has turned into an entity I no longer recognize. They have become--to use Google's word--"evil".

It's bad enough that they can't seem to fix long-standing and new bugs in their operating systems.

It's bad enough that every version of the operating system deprecates or eliminates useful features in favor of shiny useless ones.

It's bad enough that they don't care about developers any more, and cannot be bothered to create sane developer tools or documentation.

It's bad enough that they don't do backward compatibility any more and you are pretty much forced into a newer -- and in most respects worse -- version of MacOS at least once a year, or else you don't get security updates any more.

It's bad enough that the IOS upgrade treadmill is an even worse situation, where if you have an iPhone, you must keep upgrading it constantly, cannot downgrade, and will have to buy new hardware just to stay on the treadmill.

But what I cannot abide is Apple's increasing lockdown of the platform. It's now to the point that they no longer sell general-purpose personal computers. As your article points out, it's not even yours any more and it cannot be made yours.

Apple just sucks now. And I get to say that because I've been their biggest cheerleader for 36 goddamn years.

> Android, 'privacy apple' macOS, iOS & Windows all act in similar way.

Source?

What kind of source are you looking for. This is about hundreds of changes that all build up to a more locked down experience.

iOS has always been locked down.

MacOS now won't run unsigned software. Mac Pros will brick if you replace the SSD with another genuine SSD.

Safety net on android makes it harder to use root. There is an API to block screenshots. Security changes in Android 11 break termux and all other bash apps.

Windows tried RT and the S version but it doesn't seem to be replacing the regular one yet.

"MacOS now won't run unsigned software." Er, what?

I have a MBP and:

$ gcc -O3 hello.c && ./a.out

hello world

Somehow I prefer the user experience in Linux. If something breaks, it's most likely due to my own doing.
Or an update removing your graphics driver
You clearly don't know me. It is a lot more likely to be my own fault!
I disagree with that, user experience in Linux is and in foreseeable future will be the most flexible of all and hence allows users to make it look exactly the way they like.

For comparison I would say Linux is like bootstrap that you can customize to make it look the way you want. iOS is like a paid theme you have bought over Themeforest with near to zero flexibility.

If you want a predefined good looking desktop, you can look at Manjaro ( that I am currently using and am pretty happy , my decent 16gb RAM with SSD system boots faster than my Macbook Pro 2019 and opens applications faster on cold boot as compared to Mac )

I switched back (after a Mac stint for 12 years) to Linux a couple of years ago, and although hardware support is much better there are still some very sharp edges you could easily bleed out on if you briefly touch.

I have a ThinkPad T470s running Arch Linux (I also tried Fedora and Ubuntu and saw these there too):

- Desktop performance is too poor to run at 4K, even though it works fine in Windows. I'm not talking playing games (they actually work well), just having a desktop with a browser and editor running at 4K. Ive tried Gnome, XFCE and Plasma on Wayland and X11 and they are all the same. The desktop feels slower, but strangely running tests (backend TypeScript and Scala) is noticeably much slower.

- Multiple monitors mostly works, but it's not always plug and play. Sometimes when I plug in an external monitor it doesn't always switch to it, so I have to set it up manually. Other times it just doesn't detect the monitor so I need to reboot. See note above about testing different DEs.

- Bluetooth audio mostly works (including LDAC) but the sound system often gets confused about which output device should be used. Sometimes Bluetooth audio connects, but it still defaults to the speakers. Sometimes the volume control turns down the Bluetooth audio, but turns up the speakers. See note above about testing different DEs.

- Suspend/resume mostly works, but sometimes it has the same issues as when connecting monitors. Sometimes when I resume I get a black screen, but if I go to a virtual terminal I can restart X11 and everything works. Other times it doesn't without a reboot.

Now of course these aren't the end of the world. I've been using this system and dealing with these issues for a couple of years now. The tradeoffs vs Apple privacy and better developer tooling (native Docker is so much nicer) on Linux make it worth it for me. I also have a desktop system which works perfectly, so it seems to mainly be issues with laptops (or this laptop?). But yeah compared to macOS or Windows, Linux really lacks a lot of polish.

Have you tried pop OS?

They do bunch of optimization and come with tested and stable drivers pre-installed.

It is to do with the Kernel and the whole stack fit together which isn't that different between distros.

Also If this person is using Arch they will know how to apply equivalent patches themselves.

I use two 4K monitors. Desktop performance is uniformly excellent, using only Intel Iris graphics. I cannot imagine what you must be doing. I didn't need to do anything special.
(comment deleted)
Desktop performance is too poor to run at 4K, even though it works fine in Windows.

I have used 4k with Intel, AMD, and NVIDIA GPUs on Linux (both Wayland and X11) and it is a smooth as it is on macOS. My only data point is GNOME though, because I am happy enough to never try another DE.

I fully agree with Bluetooth problems. I just gave up and use a wired headphone with mic now :(.

But yeah compared to macOS or Windows, Linux really lacks a lot of polish.

I generally agree. I am a NixOS user, though I recently tried Fedora Silverblue and I was surprised how smooth the whole experience is. They nailed the desktop. Atomic upgrades/rollbacks. Flatpaks are really a nice model for installing desktop applications. It's one of the first times I felt that it's a Linux-based system that I wouldn't worry much about recommending to non-technical users.

I think the more serious problem is the lack of applications like Microsoft Office, the Adobe Suite, the Affinity Suite, OmniGroup applications, etc. Sure, there are free replacements, but they are not as good. And even if they were as good, people generally do not like to switch away from what they know.

"I think the more serious problem is the lack of applications like Microsoft Office, the Adobe Suite, the Affinity Suite, OmniGroup applications, etc."

I'd buy Affinity again if I could use it on Linux. I'm hoping that MS does port Office as it will make me stop wondering why I pay for Office Live (365 or whatever they call it this week).

History repeats itself. 10 or 15 years ago the problems I had with Linux were related to Wi-Fi and graphic card drivers. Nowadays these issues are solved, but new ones appear (the ones you mentioned). I'm pretty confident these issues will be solved in the future... but again, new issues will appear and Linux will always be one step behind.
Why call linux a bad user experience when you are depressed at the state of what you can do on mac/windows?

Doesn't user experience account for what you can do on your device and with how much ease?

Good point. I would say that it's because it's common for UX to be used colloquially as if it's a synonym for UI.

So while Linux's UI may be worse (in an individuals opinion) the UX could be better (in an individuals opinion).

Privacy is a lot less tangible than productivity. Both are important, but I think the latter hurts more directly.
why is the user experience bad in Linux? I use Ubuntu at home and Fedora at work and no, it's not without frustrations, but neither was macOS when I used that for 8 years at work or Windows whenever I have to use that for something or another. Computers are fussy and irritating. Modern Linux is pretty alright, even on the desktop.

"bad user experience Linux" feh. Even nearly vanilla Gnome is pretty decent.

> The only thing left is bad user experience linux.

And the BSD's plus a couple others.

There are more options, the question is just are you willing to make the tradeoffs to take them.

> The only thing left is bad user experience linux.

I occasionally have to use a Macbook for work. The last thing I want when I'm trying to get work done is: an unsolicited notification that OS updates are available, with no direct option to decline to update and dismiss the notification. I'd much rather update my system by issuing "pacman -Syu" on my own terms, and I consider Linux distros to offer a superior user experience in this regard.

"The only thing left is bad user experience linux."

I'm not so sure Linux is that bad of a user experience anymore. I just switched back to Kubuntu from MacOS and Windows 10. The only app I really need that I can't run on Linux is Xcode for building iOS apps. I can't really think of one hardware feature that doesn't work better under Kubuntu than Windows or MacOS: printer works, bluetooth works way better, multiple displays work, sleep/suspend works, sound works better, USB works better (Linux will mount and connect to stuff that Windows and MacOS won't) and that's before we even talk battery. The biggest surprise is that I'm getting 4-5 hours of battery with Kubuntu out of a Dell XPS-15 (i7 w/ Radeon graphics and 4k display) when Windows would kill the rather large battery in about 35 minutes. Honestly, I've been pleasantly surprised, and I have to go do command line config stuff about as often as I did on the Mac.

1. Disconnect Internet (if possible)

2. Open Terminal

3. Run `sudo vi /etc/hosts`

4. Type `G$` (go to end of file)

5. Type `i`, left arrow, enter

6. Type `127.0.0.1 oscp.apple.com`

7. Press esc then type `:x` then press enter

8. Restart

https://gist.github.com/nathanhleung/2ceeda4c743f2a1cf3d670c...

Some updated procedure.

Couldn’t they have used `tee -a` rather than providing an impromptu vim tutorial? Haha.
Not even a very good one either.
Open Terminal run

sudo echo 127.0.0.1 oscp.apple.com >> /etc/hosts

restart

`sudo` can't affect `>>`. `>>` is the shell opening `/etc/hosts` before launching `sudo`.

  sudo tee -a /etc/hosts <<< '127.0.0.1 oscp.apple.com'

  sudo sh -c 'echo 127.0.0.1 oscp.apple.com >> /etc/hosts'

    echo "127.0.0.1 oscp.apple.com" | sudo tee -a /etc/hosts
(-a is the short version of --append)
Good catch. Another way that would work in Linux at least:

sudo $(echo 127.0.0.1 oscp.apple.com >> /etc/hosts)

(comment deleted)
Your first choice to edit a config file should be: sudo --edit pathname

This trick has the same problem, $() has to be evaluated before sudo sees anything.

I see so many people flailing about here, and I've done it myself. So let's consider why these tricks don't work.

sudo is an ordinary command that accepts an environment, a series of words, and whatever filehandles it inherits.

Read /etc/sudoers to note that it's then munging its environment per the env_reset and env_keep directives.

man sudo notes that it's closing non-standard filehandles, by default.

And, by design, sudo doesn't want you to do clever tricks because it's trying to stop you from hacking the Internets.

Let's also look at what a shell is doing. All a shell really does is munge some environment vars, set up redirections, and ultimately fork itself and run commands.

All the redirection, command substitution, process substitution, etc. must take place either before or after the shell forks to run sudo. All the shell can provide to sudo is command line arguments, environment variables, and usually stdin.

All the shell can get from sudo is going to be a return code, and whatever it can capture from the stdout and stderr.

The 'echo foo | sudo tee -a path > /dev/null' trick works because we redirect stdin, and we delegate opening the file for append to the 'tee' command, which has now been run as the privileged user by sudo, and we ignore the stdout.

Likewise, if you want to read a privileged file, var=$(sudo cat foo) will work, because you get sudo's stdout.

You can try sudo sh -c 'arbitrary shell script', but it's not good general advice as shells are often banned as a security precaution.

Also, if you get curious and want to edit sudoers without locking yourself out by corrupting it, use 'visudo'. Note that it won't prevent you from locking yourself out by removing your own permissions! RTFM, take some notes, and experiment on a machine you have a root account on or can log in via single-user mode.

With all due respect, threads like this are why, despite the philosophical appeal of giving owners control of their machines, putting some hurdles in their way makes sense in practice...
In macOS 11.2, /etc/hosts magically becomes a protected file such that:

* only Apple's apps can write to it by default

* only signed third-party apps from the App Store linked to developer accounts in good standing can request permission to write to it

* you can lose your good standing by "abusing" write permission to /etc/hosts (e.g., by blocking access to Apple services)

(comment deleted)
Can the owner of the computer fix this by turning off SIP?
I think Apple's gonna boil the frog on SIP and security in general, slowly restricting what you can disable until it's always on. Apple developers who are committed to the platform will be like Dilbert with the shock collar: "It's not so bad. We're still developing for the most powerful computing platform in the world. Apple needs to do this to protect their users and provide them with the best user experience possible."
Parent poster is talking about a hypothetical macOS 11.2, a future version. Big Sur is still 11.0.
What's the source for this? Or is it a dystopian extrapolation?
The current version of macOS is still 11. The parent post is a prediction of a hypothetical 11.2 version.
> 5. Type `i`, left arrow, enter

I think it should be right arrow.

You're assuming that the ocsp process looks at /etc/hosts. I would not be surprised if it did it's own DNS lookup to a hardcoded DNS nameserver for the ocsp.apple.com lookup.
It's “ocsp” (Online Certificate Status Protocol), not “oscp”.
I’m finding it kind of funny that the conversation about this Apple issue bounces between “you don’t own your computer” and “you can fix this problem by editing your hosts file to block the OCSP calls.”

Doesn’t the success of the latter kind of undercut the former?

sidenote: `G$i<Right><Enter>` is completely unnecessary. Just press `Go` (end of file, open new line below) and start typing.
So after this procedure I can once against boot my own bootloader that I wrote on the Mac that I own? No.
Yet despite all the wailing and gnashing of teeth - both in the article and in the comments here in the various threads - people are still making excuses for continuing to use Apple/Google/Microsoft/et al products because the alternatives are a bit rough round the edges.

These companies have repeatedly shown that they don't respect people's privacy and people have resoundingly responded that neither do they.

I would suggest that the users here are probably some of the best suited in the world to help smooth those rough edges and even surpass the features and usability in the privacy respecting alternatives I just hope we collectively notice this before it's too late.

I was looking into various differences among demographics which use and prefer apple products. Nobody rated any of the problems often thrown in here as a priority.

Majority of iPhone users are women and HN/reddit are primarily men dominated. It should be no surprise that apple caters to aesthetics over thermals and you see people complaining about that on these platforms.

Apple customers put status and prestige when deciding to purchase something above cost. They are rich. They care about environment that's why apple "care" about environment. They care about privacy which is why apple "care" about privacy.

So for them, it's reasonable to change the device than allow it to be repaired at some shady shop. It's consistent with their image. They can't compromise on privacy or safety because that's why they bought into apple ecosystem.

https://www.theguardian.com/technology/2020/feb/26/apple-doe...

>Majority of iPhone users are women

I sold iPhones for years and never noticed this trend. I highly doubt it is true in any significant way. I would also challenge the assumption that women want aesthetics over some other factor. In this day and age, that's an incredibly 'old fashioned' statement to make.

From what I could tell. People bought iPhones because they were:

a)Cool and of good quality. (Your everyman can just go buy an iPhone and KNOW it won't be junk. They don't know the other brands and researching stuff is a pain in the ass)

b)They were used to using them and didn't want to use android/didn't like using android phones

c)They had shit experiences with other platforms and just wanted something 'that would just work'

d)The iPhone really was the first good smartphone on the scene. They have inertia associated with points a->c above.

> that's an incredibly 'old fashioned' statement to make

If spending in cosmetics industry is any indicator, women definitely cares about how something looks over men. There are hard number even if you don't believe in the various evolution theories and biological differences which makes women more prone to noticing subtle visual and design cues.

From 2010: https://appleinsider.com/articles/10/12/01/women_want_apples...

From 2013: https://www.statista.com/statistics/271204/android-vs-iphone...

From 2015: https://www.statista.com/statistics/513995/smartphone-user-g...

I am not aware of any large scale recent surveys focused entirely on that but there are many dating surveys which reports women having preference for men with iPhones. Likely dubious at the numbers most of them report (70%?) and could be influenced by other factors but still it seems women do prefer iPhones more.

I don't think this should be odd. iPhones have the best overall cameras every year and are huge on Instagram and Pinterest (platforms dominated by women) so I can only extrapolate the difference would be bigger now with social media booming.

If you wanted to compare purely biological imperatives, then you'd only take data from cultures that treat women and men wearing makeup equally.

As such - men spend a lot on fashion and grooming, while the same can be said about women and cosmetics... but that's mostly about cultural customs.

PS: Only the latest iPhone has best camera. They traded places with Pixel, Samsung, etc... over the last few years.

PPS: Your stats are a little bit out of date... Let alone - the 2013 data contradicts your claim. Women are distributed between Android and iPhone equally in 2013. There would be a shift towards iPhone, if women wanted iPhone more.

For cultural customs, I am not sure which country to take. For US and UK (which dominate the statistics on stuff like this due to language and other factors), women spend significantly more.

> The 2013 data contradicts your claim.

It doesn't. Men want iPhone less than women. My initial point was simply that people here and on reddit (men dominated sites) are not reflective of apple's focus.

31% of men wanted Android while only 24% of women wanted the same.

> PS: Only the latest iPhone has best camera. They traded places with Pixel, Samsung, etc... over the last few years.

This is misleading. While iPhones fared worse than pixel in photo department for 3 years, they make up to it in other aspects especially video. As for Samsung, it depends on what you consider better camera. iPhone arguably has the best color profile and accuracy while Samsung phones does beautification and increase contrast which does make them look nicer but overall, not accurate.

> For cultural customs, I am not sure which country to take. For US and UK (which dominate the statistics on stuff like this due to language and other factors), women spend significantly more.

You're trying to make a biological preference claim out of what is customary in the Western European cultures.

Sometimes it's better to say that "we don't know", because that is exactly it.

> This is misleading.

No... Your original was misleading, I just forced you to correct yourself.

I will state it more plainly than 'old fashioned'. I find your assumptions about what Women want from their tech products offensive and from what I can gather, just based on you wanting to believe it really badly.

In addition to that... I actually sold the damn things to actual human beings! I KNOW who is buying them! I've met them by the thousands! It's like approaching a mechanic about why Ford's don't break down by pointing vaguely at some tables.

Your data doesn't particularly support your views either.

(comment deleted)
To be fair, if this was truly a big deal, it would be a political issue with bipartisan support and taken care of short order.

In times of strife, at least there's one thing you can always count on: Democracy. It never fails. If you can just remember that one thing, you should be able to sleep soundly at night. (It works for me at least, I used to be a constant worrywart until I learned this trick from my therapist, and I've been golden ever since.)

Yeah. This is solved in America. Like affordable health care. And endless wars.

Wait. No. It isn't.

> To be fair, if this was truly a big deal, it would be a political issue with bipartisan support and taken care of short order.

Are you serious? Since you're using the term bipartisan, I'm going to assume you're also from the US. Have you been following the news/current events recently (and by recently, really I mean any time at all over the course of the past forty or fifty years)? Almost nothing actually gets "bipartisan" support these days. Our government is in a constant state of gridlock and it is next to impossible to get anything done.

> In times of strife, at least there's one thing you can always count on: Democracy. It never fails. If you can just remember that one thing, you should be able to sleep soundly at night. (It works for me at least, I used to be a constant worrywart until I learned this trick from my therapist, and I've been golden ever since.)

I'm really having a hard time telling if this comment is sarcastic. I'm not trying to cause you to lose sleep or anything, and honestly, I commend your optimism if you're serious, but the fact is that democracy is an abstract concept that is almost never put into practice perfectly. Even if democracy's promise of "most people being happy" meaning 51 people are happy while 49 people are not is actually sufficient, even that idealized version is very far from our actually political system in the United States.

I think one thing most Americans actually would agree with is that the way we do things here, right now, in terms of government, doesn't work so well. I think there is a lot of disagreement about what should change, and how, but it seems like very few people are satisfied with the current state of affairs. The more I think about it, the more I think this comment just has to be sarcastic, so this reply is probably a waste of everyone's time, but in any case, wow. I wish what you were saying here were actually true. That would be a nicer world to live in than this one (although, frustrating as it might be at times, this one is also not so bad).

Democracy is probably fine, it's the fact that we allowed politicians anywhere near it that's the problem...
Don't hold your breath. Majority of people would trade security and openness for convenience and profit.

I think we are handing over the future of tech to these few tech giant megacorps.

Unless I missed something, we can still build custom computers right?
The alternatives are still completely unusable by most people.
Android handles this reasonably well. I can use F-Droid reproducible builds where possible and fall back to Play Store (or Amazon App Store) apps for apps I don't care that Google (or Amazon) knows I'm running. I get to choose where I want to make the trade-off between privacy and convenience. If I want convenience, it lets me go further than any Apple product, and if I want privacy, it also lets me go further than any Apple product in that direction also.
I’ve considered making the switch back to Androids to play with F-Droid, do you have a device recommendation?
For phones, anything that gets updates directly from Google (Pixel and Android One) will update quickly and will have community support for LineageOS for many years after official support ends. Unfortunately, Google makes absolutely terrible hardware decisions, but nothing comes close in terms of software value, which is far more important in my experience.
Well the alternative can't rely on unpaid workforce while Apple/Microsoft and co spend billions on their software, GUI and user experience. It is simple economics. Open source needs financing, not just free Github repositories that MS/Apple and co can then exploit for free because the code is licensed as MIT.
Every time you open the shell a windows user talked into switching to Linux, quits forever and talks about the experience to all his friends. For a osos to suck seed the power users would have to give up- their privacy and share their work flows and set up as macros.
Not anymore. Consumer usage nowadays is very browser centered, which is something one can experience with a Linux distro on pretty much any machine.

I agree that it's not as much as a polished experience, but that's the point as indicated - trading off polish for ownership.

I'm excluding from the discussion professional documents editing - compatibility with Libreoffice is mediocre (at best) in my experience, but having very good compatibility is not a consumer requirement IMO.

> Consumer usage nowadays is very browser centered

But it's also just as likely that you're using a browser made by Google, and using other services made by one of the big companies that don't care about your privacy. Where's the difference?

There's some confusion in the thread, in the fact that there's a mixup between operating systems and programs (or classes of programs), however the parent was referring to operating systems:

> The alternatives are still completely unusable by most people.

Otherwise the statement wouldn't make sense.

Google's not in control of the CPU, OS, or Desktop. It's not fingerprinting every binary you run, nor locking you into any of the google tools. You could easily use a different email service, different photo service, etc.
Sure since but this subthread argues that users actually don’t need binaries other than the browser that’s moot.
> Not anymore. Consumer usage nowadays is very browser centered, which is something one can experience with a Linux distro on pretty much any machine.

Or their smartphone, which is a hell of a lot smoother experience. So why does Linux Desktop continue to pride itself on being "good enough" for an "average user" [0] that doesn't even use a desktop?

[0] https://news.ycombinator.com/item?id=25047042

Ok, suppose I can find an alternative to Adobe & co. on linux. Which laptop features a multi finger touchpad as nice and feature rich as the MacBooks?
> Not anymore. Consumer usage nowadays is very browser centered, which is something one can experience with a Linux distro on pretty much any machine.

Browser apps need connection. Most of the services are also subscription based.

This is completely conceding the point. Nothing but the browser is up to par, and even that is not as ‘polished’.

If all people need is a browser, they should buy ChromeOS or an iPad.

"Not as polished" doesn't imply "not up to par".

Ironically, one of your two suggestions is a Linux distribution.

Android is a Linux distribution and MacOS is a FreeBSD distribution.

There is nothing ironic about that. Users don’t know and don’t care.

Are you equating the presence of the Linux kernel with some notion of software freedom or independence from corporate control?

If all people want to use is a browser, Linux is irrelevant.

I think this is something we need to fix with education. We spent so long meeting the user that it developed an expectation. For any piece of technology its peak function is always reached when the human meets it half way and makes a concerted effort.

Whenever someone says “I don’t get computers” or gets angry at their smartphone they’re just leveraging that expectation and conning themselves out of a gain they could make. Same problem - laziness and expectation. At the end of that path is a life of a sharecropper and a cow to milk.

Keep in mind that some of the user friendliest machines today are chromebooks. Simple, not many knobs to turn, relatively secure, and of course browser centric. ChromeOS is of course running the linux kernel and the chrome web browser. The experience is very similar to installing ubuntu, google chrome, and dragging the other icons off the launcher.
But chrome os is is just another of the locked down, centrally controlled, telemetry driven products that people are complaining about.

The fact it happens to use the Linux kernel is like saying MacOS is based on FreeBSD.

I disagree. It's a matter if taking a couple of minutes to educate people. You don't have to be a CS major to be able to use a modern Linux OS. "Most people" don't do anyhting on their Windows or Mac computer that they couldn't do on Linux. IMO it's a combination of fear of the unknown, and a lack of general availability.

Macs are shiny and their marketing department is fantastic. Windows has a monopoly with OEM preinstalls. Those are the main reasons why macos and Windows are so popular.

I've tried using Windows, it's "completely unusable" to me. I couldn't even figure out how to install it without creating a Microsoft account nor could I figure out how to turn off "telemetry".

> It's a matter if taking a couple of minutes to educate people.

While it sounds nice in theory, is just unrealistic.

We'd also need to educate people why they cannot use random proprietary rental application on their mobile device that's not google or apple, or connect to a university vpn that doesn't support linux properly. Many workplaces use zoom for meetings, or google suite, etc etc

Exclusively switching to open/ethical software starts to resemble living like a hermit in the woods, and in reality makes ones life more difficult, reducing the impact the person can do on others.

Bollocks. I've installed Linux for non-technical people any number of times and, provided I make sure everything (network, printers) is working for them, generally never hear from them again. At least not for computer help.

Most people are using their (personal) computers for browsing, maybe an email client if they're not using one of those web-email abominations, the odd bit of word-processing and watching movies/listening to music. Linux works just fine out of the box and the install is substantially simpler than anything I've ever seen over in the MS world.

Right, they just need an expert to install things for them to get started... that's not simple enough for people who don't have an expert they can call.
Why could anyone's auntie do it when they needed MS-DOS or Windows installed in the 90s, and they could not do it any more today? The 'expert' being a neighbour, the little nephew himself, or whichever friend of the family.
The world outside of Linux has moved on from people needing experts to set up computers.

Today we just tell auntie to buy an iPad.

You pointed out a core problem here, and a common blindspot with the HN crowd:

> continuing to use Apple/Google/Microsoft

That is probably 98%+ of devices that most typical people use for everyday computing, across phone, laptop, and desktop. Whether it is an android device, an iPhone, a Dell laptop or a new M1 macbook you are beholden to a corporation that doesn't care about privacy. I would argue that Apple cares a bit more, and I really hope they respond to the most recent shit show with some changes, but I'm not holding my breath.

And before "have you tried this *nix distro??" comments appear, they are still too hard to setup and nowhere near as user-friendly for most people on an everyday basis. And hell, if you setup Chrome and Gsuite as your default tools of choice, as many do (or are forced to because their job) how much are you really breaking free anyways?

I don't know the solution, but its clear that in the war between privacy and convenience and usability that privacy is on the ropes and its the last round of the fight.

I’ve worked out that breaking free from this is just not for the average person. If you have the power then stand outside and look in but there’s absolutely nothing you can do about the churn other than watch it burn. I’ll carry on educating people but even suggesting this might be an issue is drowned out by the marketing machines of the large vendors and downvoted into oblivion even here. That is unless there is some large story that something fishy is going on. But a big story is made of a thousand small ones which people don’t care about.

Look where fighting Facebook and political influence got us. Nowhere.

You are totally right that Linux is only a single digit percentage in user share if you look at all computers deployed world-wide.

However, in the developer sphere, GNU/Linux is way more represented. In the Stack Overflow 2020 survey, 26% of people said they were using a Linux based OS [0]. This number has been gradually increasing over the years so further growth is expectable. It's less than one percent less than the Mac OS share of 27%, but I'm not sure how much noise there is.

So Linux is usable enough for a growing community of developers, and many laptop/computer vendors targeting the developer market offer GNU/Linux as a preinstalled option.

As a result, at least for software people, Linux is a real privacy preserving alternative on the Desktop. HN is a software forum, and the blog post was also made with people educated about software as the recipients. So I think the post you are replying to should be understood not in a global context but in a context of the IT crowd.

Of course, it's not beautiful that Linux is less of an alternative to people who need to use complicated niche ISV software, but generally any industry can make the move if there is a subset of users pushing towards GNU/Linux.

[0]: https://insights.stackoverflow.com/survey/2020#technology-de...

Every company I've worked at for the last 10 years has developed exclusively on macOS.

Linux is fine, but it doesn't just work, and it needs to in order to gain a foothold not just in the developer community but with the general public -- that's the lesson Android has taught us. Until it does it will not budge the numbers. It just won't.

The real apologism here comes from the Linux community, who believes that by virtue of existing, and not being an Apple or Microsoft project, it should be widely accepted in spite of being a distant third in usability. Linux needs to step up its game or it will forever remain a distant third. The general public does not care about "free and open source" -- heck they barely care about privacy at all. That's just us, the HN crowd.

I love Linux in theory, I use it a lot, but my daily driver is macOS. Frankly it likely will remain so even as I transition to being an Android engineer in the coming months.

Have you really used a desktop Linux desktop recently? Sure it might have some problems but Fedora for example is in no way "a distant third in usability".

I haven't used MacOS for a couple of years but I can say for certain that Linux is not that far behind Windows and sometimes even ahead. I think the main problem is lack of application support but specifically for developers most applications are already there.

I use Fedora.

I work on dotnet. I've not been able to run my azure functions on Linux at all. Even on windows, I have to start the azure storage emulator directly and then start func (using the full path). On Linux, azurite is not the same thing as azure storage emulator.

So I must use windows for dotnet development. Even after four years of dot net core. That being said, Linux isn't the problem. Gnome 3 isn't the problem either. Flatpak works great.

There are a few regressions once in a while though. For example, I'm unable to use my lenovo flex 14 (and ryzen 3500U) built in mic since I upgraded to Fedora 33. Looks the issue well be fixed in kernel 5.9 but for the moment I'm on 5.8. But it has been great mostly. If I could use it for work, that'd be great.

I use Fedora on a Thinkpad on a daily basis and it sucks compared to macOS IMHO.
I use both, and they both have their strong and weak points. Purely system-UI-wise, I prefer Gnome Shell to Finder. Upgrading to Big Sur was a shock, the aesthetic went downhill.
(comment deleted)
> Have you really used a desktop Linux desktop recently?

Someone has to say this literally any time someone mentions problems with Linux Desktop, along with "it works for me", "my grandma uses it!", "you just have to buy the right hardware", and "you're using the wrong distro". It is incredibly tiring.

It's a reply to the tiring cognitive dissonance of posts like GP that basically broadcast that 'oh, I would simply love to support open software and general-purpose computing instead of locked-down proprietary platforms, but alas, Linux is simply unusable you see, so I have no choice!'
Yet rather than take at their word that Linux is unsuitable for their use case or seek to remedy those problems, people insist that it must be because of one or more of the reasons I listed above. Alternatively, they attempt to change the user's use case to one that fits Linux better.

It's extremely tiring to watch this happen for as long as I have been watching it happen.

They didn't say Linux is unsuitable for a particular use case or give any meaningful criticism or definition of a use case, they just said that it 'just doesn't work'. Is it any wonder people call out that tripe.
The implication being that it doesn't just work for them. They know that, that's why they asked if they'd personally tried Linux lately. Nobody cares if it "just works" for your grandma or whatever, because that doesn't help them at all.
'just doesn't work' and 'doesn't just work' are two very different statements. You said the former, but I've only spotted people saying the latter in here.

Also if you have to argue with someone that linux does work for them, you've missed the point.

Ah yes you're right, I did misread that.
Are you actually seriously of the belief that Linux ‘just works’ for most use cases or people, and there is a small minority for whom it doesn’t?
Linux is hardly unusable, it's just a worse experience, and for something I spend 10 hours a day on and earn my living with, I want the best experience.
For macOS, you also have to buy the right hardware. You cannot throw it at random $300 Acer garbage either.
You probably could if they'd let you heh, it's really well optimized, and works great on 5 year old Apple hardware with much worse specs than a $300 modern Acer. This is especially true as low-end cheap devices tend to be much more "standard" -- no exotic hardware.
You would either not even boot due to buggy UEFI implementation, or it was cheaping out on some hardware that there is not driver for anything except the OS release it came with.

In some aspects, the hardware on high-end-insh laptops have moved nowhere in the last few years. Yeah, they've got slightly better GPUs to handle 4k, Vulkan/SPIRV and new media codecs, and faster SSDs once they've got rid of SATA, but the CPU performance moved just in percents and it comes with the same memory. My wife still uses 2012 i7 Thinkpad (T430s) with 16 GB RAM, and there are not many cheap machines that could be objectively called better. Certainly not in the $300 range. Heck, until Ice Lake, you couldn't purchase a laptop with more RAM unless you went into luggable workstation segment, so it is no wonder that MacOS works relatively OK on 5yo machines. They are still way better than $300 Acer, despite that Acer having possibly some better paper specs.

How good the specs are doesn't matter for most driver bugs. Instead, it's important which components you use. And even if cheaper devices use "standard" hardware, they still use a much larger variety than the few models that Apple releases.
I use Ubuntu on an officially supported Dell enterprisey machine (E7400) and the experience is noticeably worse than on my Mac.

There are no multitouch gestures, there's screen tearing, 4K video playback on a 4K screen is choppy, sleep and wake up both take a long time, deep sleep doesn't work properly and I HAD TO DOWNGRADE MY KERNEL because of the stupid "Resetting rcs0 for hang on rcs0" bug that would freeze the machine for five solid seconds every minute.

No company (or academic institution) I've ever worked for developed _anything_ on MacOS. That's a US-only phenomenon, I think.

The thing about Android, it was essentially foisted on people, not chosen because it just works. Also, many Linux distributions today "just work" on typical hardware - almost as well as Android on your phone. And if you were using a hardware config chosen by someone else, and a Linux-based distribution pre-installed and pre-configured for that hardware - then Linux very much "just works".

It is true, though, that this is not enough to expand the user base far enough. That needs a lot of coordinated, collective, public activity.

> Every company I've worked at for the last 10 years has developed exclusively on macOS.

There are probably also plenty of companies which exclusively develop on Windows. You can have an entire career in the embedded industry, target Linux all the time, but never use it for development. Development is not all Linux based, I never said that. What I quoted were percentages.

> it should be widely accepted in spite of being a distant third in usability.

As you shared your anecdote, let me share mine. Recently I had to set up a new networked printer on both Windows and Linux. On Linux it worked immediately, on Windows it didn't and required installation of a manual driver. That installation was partially botched and removal didn't work. Only after a few attempts it did, at which point I've spent an hour with the problem. It's the same old crap that you had with Win 95, but now on Windows 10, while Linux has a proper IPP driver and no need to install outside software. Maybe Windows has an IPP driver too, no idea, but it didn't work which is what matters :).

Also, there are definitely distros that are more usable and ones which are less usable. I think there is a true core in the meme of people being lured to linux by "use linux it's user friendly", then being told that Arch isn't that much harder anyways, and then ending up using one of the expert distros which often break in subtle and hard to debug ways.

But yes, in many ways Linux could do better usability wise. For example, it's a nightmare to target GUI Linux and then expect your binaries to work for years. It's almost easier to just ship Windows software and then use Wine. Nvidia also has shitty drivers, and in general, the driver situation isn't perfect. But things are improving I think and the gap is shrinking.

Also note that there is an effect when more people use a piece of software, there is a larger market for people who make a living with improving that software, via support contracts, consultancy contracts, etc. So once desktop Linux gets adopted widely, it might improve in many ways from the current state, simply due to ecosystem size.

+1 for the printer story. Linux was plug and play. On windows... Uuuugh.
macOS uses CUPS :)
I wonder whether it'll continue using it. I remember some drama about the maintainer leaving apple and then forking it.

https://news.ycombinator.com/item?id=24831162

Anyways, the claim was that Windows and Mac are way better than Linux and it doesn't even compare. My anecdote shows that it's not always the case :).

This could have been written by an Apple user circa 2000, when the entire world ran on Windows.

I switched from Mac to Linux, and it's been fine, partly because I used a laptop that has Linux installed by the manufacturer. If you only ever used Hackintoshes you'd think MacOS was a mess, too.

Even better : Switching to Linux on a Mac. So you get a blazing fast Linux experience on a very sturdy long-lasting laptop. I did just that. I love it.
Dude. Installing Linux on a Mac laptop is a nightmare. What model/year did you use? Do external displays work reliably? Does your web cam work?
Long-lasting? Sturdy? You mean the ones tuned by Apple to maintain silence by overheating?
The number of aluminium balls (battery swelling) that used to be Apple laptops I've seen recently makes me a bit worried.
So I jumped to Linux two years ago. Since, I installed Linux Mint on five different machines, old and new ones. I just put the Live DVD. It boots. I launch the installer. End of the story. I honestly never ran into a problem. Not going back to windows anytime. Don't see what's so great about MacOs either.
The general public in Europe cares enough about privacy to pass the GDPR.

Choosing examples from the UK so people can search for them in English, they care when their healthcare data isn't secured, when dating apps leak information, when local councils abuse the rules to "snoop" on people.

If you explain that without a blocking extension (or Firefox's built-in one now?) most pages they visit are sent to Google, and Google maintains a detailed profile, they will ask how to install the extension.

You can say the common man doesn't care about free speech, but enough do care that we maintain it in Western countries.

I think Ubuntu 20.10 with Gnome 3.38 is a viable alternative to macOS, for developers.
I'd say Mint with Cinnamon, since you can install the 20.10 Kernel from the Update Manager.
You can install the hwe kernel in LTS too. Might not be a good idea for a normal user, if it is not necessary.
Let me counter with my own anecdote.

Every researcher I've met in the last 10 years needs some version of Linux to get their job done effectively. Largely because tools like Python/Numpy have replaced stagnated (due to years of monopoly) tools like Matlab and they are much easier to setup and use on Linux.

Mind you, I am not talking just computer scientists. Biology, physics, maths, all use linux based setups.

> Every company I've worked at for the last 10 years has developed exclusively on macOS.

Counter-anecdote: I have had a Linux computer on my desktop for over the last twenty years, have used Linux primarily for maybe the last eleven, and exclusively for the last eight.

I do not get the near-religious love for Apple products. Pre-OS X, they really were wonderful, best in class without a doubt. I kinda get the attraction back in the early 2000s, when Linux could still be a chore and Macs were a decent choice to get a computer which had a shell and ran real software. But now? They are just not for me. I want to own my own computer, write my own software and control my own destiny.

You can’t control your destiny when it’s based on millions of lines of other people’s code, billion transistor hardware designs that you have never seen, fabricated by distant mega factories using closely guarded secret processes.

You may want some idea of controlling your own destiny, but it’s a mirage.

Rome wasn't built in a single day either. If you want to eventually get to your destination, you must do the first step.
That is a sentiment that I partially agree with. I frequently argue that iOS (for example) represents more than a decade of investment, so we can’t expect an alternative to pop up overnight.

However using a Linux desktop simply is not a step in any particular direction. It is especially meaningless for non-developers to do if one of the other platforms just works for them.

Steps in the right direction involve developing software to solve the problems that the corporate operating systems have in fact solved.

It works both ways: Windows (or Mac) are meaningless to any user, who can be served by Linux.

The first step in solving problems that corporate OSes have solved is identifying them. For example, one of the problems is stable/versioned/sandboxable/distro-agnostic ABIs and that is something that is being worked on and they are quite usable nowadays. The related problem is, that the corporate-software is ignoring them (how many conference solution support Pipewire for desktop sharing? Or Wayland in Chrome? Heck, VA in Chrome? Exactly... but whatever Apple comes with, they support within weeks).

It’s easy to know what Apple is going to support and for how long, and how much warning you’ll get when things are deprecated.

How would I even begin to know the answer to these questions when it comes to the Linux technologies you are naming.

Based on what I read here, the community of people who do use them isn’t even sure.

Is it? For few things yes (OpenGL or 32-bit depreciation); other things are simply not found in the new releases (Kerberos Ticket Viewer, TWAIN). Then there's a middle ground, where there is a window of few months to make significant architectural changes to your product (see VPNs and personal firewalls).

So excuse me, I'm going to look for a new release of Cisco VPN that works with Big Sur. Of course, it is customer's VPN, and they don't care that their vendors might use Mac, so no help from them, it is my problem now.

Sounds like don’t buy Cisco.

But more importantly - you verified my assertion.

Even if a small number of security related technologies have a smaller deprecation window, the others have very long ones.

More importantly - we can even find out what they are!

With Linux, can you even tell me whether Cairo, the graphics library behind GTK and for which there is no alternative is even still supported?

> Even if a small number of security related technologies have a smaller deprecation window, the others have very long ones.

It uses mechanism that was introduced in Mojave, so that deprecation window was very fast. Definitely faster than Cairo, which has already more than decade and half under it's belt.

There are alternatives to Cairo, but not drop-in ones; they would require porting (Skia, for example). Other than that, Cairo is basically "done". Yeah, there is occasional need for release with small fixes, but as a software-based rendering library it is not going anywhere. Not that announcing deprecation is otherwise widely respected; the Xorg-server was declared obsolete years ago, the last major release was in 2018, but hey, some still think there's a future and in a few years are going to be surprised by "sudden abandonment".

What are you talking about. Mojave is 2 years old. That isn’t a particularly small window. Even with the 2 year window on MacOS, an alternative was delivered.

But you are confirming the point - nobody even knows what is deprecated or what the alternatives are.

You still haven’t answered the question of how someone is supposed to tell whether Cairo is supported or not.

Is it done? How do you know. Does it need to be developed further? It sounds like it does since people say it’s very slow compared to skia.

It seems like you think you know what the status of things are, but other people don’t. How can that be?

This is the reality of Linux.

> What are you talking about. Mojave is 2 years old. That isn’t a particularly small window. Even with the 2 year window on MacOS, an alternative was delivered.

2 years/2 releases is small window. Alternative was delivered, but it also is no drop-in one. Just lika Skia vs Cairo, requires porting/reachitecting and might not have 100% coverage for what the old solution did. You might have noticed, that in Big Sur there is a list of system apps that ignore VPNs and filtering. That's a problem.

> But you are confirming the point - nobody even knows what is deprecated or what the alternatives are.

Because it works differently. There is no dictator (vendor controlling access) telling you what you are going to use whether you like it or not, and present it as a done thing. Instead, it works by forming a consensus (not 100%, mind you), whether something is needed or not. The community around a piece of a stack might arrive at a conclusion that given piece is no longer maintainable, and make something new (i.e. Xorg-server vs Wayland compositors, or systemd vs sysv-init) and then it will bubble through as distributions adopt it - either because the new solution is maintained and the old one is not, or because the new one solves their problems better than the old one.

> You still haven’t answered the question of how someone is supposed to tell whether Cairo is supported or not.

Supported by whom? In this case, the original maintainer is no longer around. But that's not a problem, distributions will support whatever they ship, so if you have an application that uses it, it will continue to work.

Should you use it for a new project? No. But that was true for years. Cairo is 2000-era software library. Consider it equivalent to QuickDraw, you would not use it for a new software either. Gtk (which was issue here on HN recently) uses it for software fallback (and they've made part of their API, so they've locked themselves in; changing it would mean they would have break their ABI. On the upside, that means that there always be some support). Firefox abandoned Cairo years ago, in favor of Skia, and so did LibreOffice in the last release.

So it shows, that a library or piece of a stack might be deprecated for years, but there might be someone somewhere who really needs it and is willing to keep it on life support (exactly just like Gtk needs Cairo). So the question for you, as someone who requires support, is: what level of support you require and what are you willing to pay (not means in purely monetary sense; though when users are expected to pay for continual support, what's wrong with expecting that on different layer of the stack?) for getting that? Because you can always get it supported; or support it yourself, if you really needed. No one is going to kick it from underneath.The source will still be available, and it is always possible to fix it when needed. You will be never completely denied access as is the case in proprietary stacks.

> It sounds like it does since people say it’s very slow compared to skia.

It is going to stay slow (unless someone invests heavily into it; which is not probable). It is a software library, deliberately; if you want hardware acceleration, switch to Skia, and accept the tradeoffs that come with hw accel.

> It seems like you think you know what the status of things are, but other people don’t. How can that be?

Simple. I asked.

There are many venues, where you can ask. These people will tell you. However, due to having no dictator mentioned above, their answer on roadmap-like questions might be: "depends on the community adoption".

If the answer is ‘don’t adopt Cairo for new projects’ there is a problem, since Skia has poor documentation and a not stable api.

And so if the answer is always ‘it depends’, you are making my point for me.

In Cairo specific case it is 'don't adopt Cairo for new projects'.

Others may have specific reason, why they are still using it (like the Gtk example). Your new project doesn't.

If Cairo is not to be adopted, then Linux doesn’t have a good option right now.
In the previous comments, I've pointed an alternative several times, including what other applications use. So yes, Linux does have good option right now.
> Linux is fine, but it doesn't just work, and it needs to in order to gain a foothold not just in the developer community but with the general public

I understand the general public, but the developer community? Why can't the "professional-computer-whisperer" demographic be arsed to setup their computers?

In all seriousness: The extent to which you have to manually configure / fix stuff in Linux is seriously overstated, especially w/ the "easy" distributions like Ubuntu and Mint. I've installed both of those on other people's laptops and they've had no complaints at all.

> And before "have you tried this *nix distro??" comments appear, they are still too hard to setup and nowhere near as user-friendly for most people on an everyday basis.

This isn't true. This perception continues to hurt the Linux community along with others. Use a properly supported -buntu distro and you are good.

I have. Many times. Every time I end up debugging suspend/resume, graphic drivers, multiple monitor, etc.

I spend enough time changing config files for my job, I’m not spending my own time doing it just to get basic functionality working for workstations.

I think it’s fairly simple to avoid this by buying hardware that is proven to be effective with the OS. E.g. buy a machine with *buntu preinstalled.

Same as with mac really.

Even so, I install Ubuntu on a wide range of machines, laptops included, and I can't recall having any hardware related issues since, oh, 2005 or so?

Parent must be very unlucky, or in fact not realise it is their tweaking and tuning that causes issues.

True, installing Ubuntu is probably simpler than installing Windows, it doesn't ask you a million privacy shirking questions.
Lets call this user-friendly.
Agreed apart from fingerprint scanners on laptops.
And LTE modems. And sleep and suspend. Oh there is also this bug with screen locking that shows your desktop for few seconds. Oh and with dual graphic chipsets too.
> Oh there is also this bug with screen locking that shows your desktop for few seconds.

I definitely encountered this on my mac work laptop from three years ago. (Left that job and have been Linux-based since then.)

Could also be selective memory. "I can't recall having any hardware related issues since, oh, 2005 or so" --> oh, that issue? Yes, of course I had that, everybody has that, that's par for the course...
The last time I attempted was 2017/18. Pretty plain clone PC desktop - MSI motherboard, ryzen 1600, AMD Radeon 580, etc. I bought a couple a different WiFi dongles to make sure the chipset was supported.

Yet the problems remained. Maybe when people say they had lots of problems and it wasn’t worth their time, take them at their word ?

In which case we can remark Windows and macOS are not without problems either. I do remember having hardware support issues with those this decade.
I'm happy GNU/Linux user for many years and I don't remember when was the last time I had to do those kind of things.

Choose a mature/stable distro and that is it. Be prepared to trade a bit of convenience for privacy in case of weird/non-free hardware/firmware.

Personally, I gotta disagree. This still absolutely true, even for large distributions.

Every 2 years or so, I give Linux another try on the desktop, and it always ends after a couple of weeks, because I'm just tired of fixing mouse and keyboard settings, touchpads, HI-DPI and multi-monitor settings, font rendering and video codecs.

I've tried Ubuntu, Mint and recently Manjaro and – don't get me wrong – all of them had great stuff in it and worked fast out of the box, but it's always the last little details where desktop linux fails for me.

>Use a properly supported -buntu distro and you are good.

Honestly it sounds insane but I've started recommending Manjaro KDE. Stuff breaking due to rolling release seems to happen less often than me avoiding having to do other stuff that newcomers to Linux are unfamiliar with.

Like adding a ppa or struggling to find a package since it lets you easily add the AUR, snaps, flatpaks, what have you without a care about the competition between those. The install is painless. KDE's stuff feels intuitive and familiar to windows users and is customisable enough you don't have to deal with some minor personal preference annoyances.

>This isn't true. This perception continues to hurt the Linux community along with others. Use a properly supported -buntu distro and you are good.

And yet, unvariably people aren't good, and when they complain, they are told, "use this other distro" or whatever...

> This isn't true. This perception continues to hurt the Linux community along with others.

The continual denial, constant evangelism, and needless condescension, which I have watched for 20 years now, is what hurts the Linux Desktop community.

>>> And before "have you tried this *nix distro??" comments appear, they are still too hard to setup

I think why Apple, Android, Windows has the advantage is none of those 3 OSes require installation by most people. Why treat Linux differently?

>>> and nowhere near as user-friendly for most people on an everyday basis

User-Friendliness, I think, is more on day to day interaction. It will be interesting if there is a study in an area with low computer/smartphone interaction. Split them into 4 groups. Each group has their own OS. Later on they will be tested with some tasks.

I bought a Purism laptop with Linux installed, and it was definitely as simple to get going on that as it was a Macbook.

Actually even easier because there's no "You must have an AppleID to use this machine - if you don't have one go and register now" step, and no associated problems with that.

> I would argue that Apple cares a bit more

Have you read the article?

Spoiler: They don't.

Exactly. Apple has done a good job of selling the "we care about your privacy" line, but it's still just a line they're feeding you.
If you compare how Siri works compared to comparable services, or Apple Maps, this just isn’t true.
The active word is more. The article doesn’t examine other platforms at all, so doesn’t address this.
Setting up Ubuntu was easy enough. But the file manager locks up regularly, switching between multiple windows of the same app with alt+tab doesn't work reliably, and I actually had to Google how to create a new folder. The stock picture viewer is lacking information such as ICC profile and when I installed the recommended Gimp, it was a mess of windows and the save dialog was horrible.

I suffer through all of it because I need docker with gpu support, but it's honestly a lot worse than what I expected.

I have not had any of these experiences with Ubuntu. Installing an OS on any new personal computer is much more difficult than when they had dvd drives. But once installed on compatible hardware, the Gnome 3 desktop use is nearly the same experience as Mac OS. Installing software is usually a matter of searching the software menu or downloading a .deb and double-clicking to run, and the New Folder button is prominent in the file window.

The office suite is easy to use. Thunderbird is as easy to setup as Mail. Networking and devices are easy to configure from the gui, and Firefox and VSCode run without crashes. Proprietary video drivers for common hardware can be downloaded and installed via the gui. It's at least as usable from an admin standpoint as Windows 10, and from a user standpoint as Mac OS, albeit with a much smaller "app store" experience.

I like Thunar for file browsing. I would give it 6 stars out of 5.
So you weren't able to come up with the idea of right-clicking without Google?
Right clicking didn't work. The main menu also didn't offer the option.

You need to open a burger menu in the top right corner. And then the new folder button is purely an icon and it doesn't show a folder.

What the heck are you using? :D
Ubuntu 18.04.5 LTS
That should be Nautilus already and you should have the "create new folder" context menu on right click. I also can't imagine anything going wrong during setup that leaves you in that state.

One thing with Nautilus is that if there is no empty space to right click on, you can't get to the context menu, because you always end up in the context menu of one of the icons. There is no dead space between them to click on. In this case you can click the breadcrumb to get the context menu or use the icon in the overflow.

Literally the first item in the context menu is "New Folder Shift+Ctrl+N"
It isn't for me :( So then I guess this isn't a usability issue, but rather a problem with unreliable setup.
You can activate single-window mode in Gimp under Windows -> Single-Window Mode.

I would generally recommend Kubuntu over Ubuntu -- it seems like Gnome aims for minimalism somehow, and has thrown out a lot of functionality that used to exist, and generally tends to emulate OSX for a lot of things. (E.g., OSX doesn't do alt-tab for multiple windows of the same app either IIRC.)

BTW, Kubuntu's default image viewer would likely be Gwenview -- You can get it to show a lot of information by clicking "More..." in the Meta Information panel and selecting stuff in the resulting dialog window. Here's a screenshot I found on the nets: https://www.fossadventures.com/wp-content/uploads/2018/05/Gw...

"You can activate single-window mode in Gimp under Windows -> Single-Window Mode."

Thank you sooo much.

> Whether it is an android device, an iPhone, a Dell laptop or a new M1 macbook you are beholden to a corporation that doesn't care about privacy.

Yet Dell and Lenovo offer computers with Linux pre-installed, but so many technical people ignore them because Apple is shiny and fast.

If this trend continues then Linux and other open source OS will eventually exist only as a virtualized guest inside a locked-down proprietary system.

There is genuine choice in the market now, but in ten years there won't be if people keep chasing baubles.

> Yet Dell and Lenovo offer computers with Linux pre-installed, but so many technical people ignore them because Apple is shiny and fast.

I got a Lenovo last year with Ubuntu preinstalled. It was he "blessed hardware". Wifi didn't work after wake / sleep and my connection via usb-c to my monitor was unusable. I switched back to a mac because I wanted to work, not fix my tools.

These aren't one off anecdotes, there are dozens of people in this thread with the same story slightly different. This isn't people going to Apple because it is shiny, it's going to Apple because managing hardware isn't their job.

Either verbally address that meaningfully or drop the condescending attitude.

> And before "have you tried this *nix distro??" comments appear, they are still too hard to setup and nowhere near as user-friendly for most people on an everyday basis.

Uh, no.

There are many reasons why people don't use Linux. The easy of setup and use lines are pure nonsense. Many Linux distributions have been easier to setup and use since at least the introduction of Ubuntu, and perhaps earlier. Just pop in the live installation media, try it out for a bit to ensure your hardware is compatible, then run an installation program that asks questions that make sense to people rather than marketers. Getting the applications you need installed has involved using a store-like interface for longer than software stores have existed on commercial desktop operating systems.

So why is it perceived as harder? One reason: users typically have to install their operating system, while end users rarely see the process on commercial operating systems. Second reason: those who do install their own OS typically dedicate their system to commercial operating systems, yet use dual-boot for Linux (which will add technical steps). Third reason: those making the transition may try to install commercial applications via a VM or WINE due to compatibility, familiarity, or (periodically) the lack of an open source alternative. In other words, it is perceived as harder because people make it harder.

As someone who has been using Linux for decades, I find the setup and user friendliness of something like Windows far inferior to to Linux. Yes, part of that is due to familiarity. On the other hand, some of it is inherent due to there being fewer restrictions with open source software.

Fifth reason - many many laptops have at least some piece of hardware or behaviour that requires fiddling to get to work on major linux systems. Sometimes it's power management, sometimes it's running with multiple monitors or 3d acceleration or the touchscreen, sometimes it's getting the touchpad to work properly or the fingerprint reader.... In my experience, there's usually something.
While this may be true, we should still be impressed by the number of laptops Linux operates flawlessly on. Very few people would expect Windows to run properly on a MacBook and far fewer would expect macOS to run on a generic PC. Yet people expect Linux to work flawlessly on almost anything thrown at it. From my experience, it does a very good job of this (at least in recent years).
This is actually an excellent point that rarely sees the light of day.
From a technical perspective it's a marvel, but as a user, "works flawlessly on the device you have," beats, "mostly works, but with daily annoyances, on your device and many others."
I started to reply earlier in the thread and then decided not to, but basically what I wanted to say was this.

I have used Linux as a daily driver desktop for years, but I don't just buy random hardware and expect it to work. I do some research first and make sure what I buy works well enough with Linux to meet my needs.

> As someone who has been using Linux for decades, I find the setup and user friendliness of something like Windows far inferior to to Linux. Yes, part of that is due to familiarity. On the other hand, some of it is inherent due to there being fewer restrictions with open source software.

Non-tech people don't want (or don't know how) to "setup". The most user-friendly setup won't ever beat "no setup" (e.g., macOS).

Besides, marketing plays a huge role as well. Ask people to name a few "computer" brands: Apple, Microsoft, Google. No one would name "Linux". So, it's not just that people should be able to buy Linux computers with no setup (Dell is selling them, I think), it's also that these kind of computers should get enough marketing so people know about them.

I think another thing that contributes to that last problem about "computer" brands is the lack of knowledge of the distinction between operating system manufacturer and hardware manufacturer - I just moved recently, and in the process of getting to know more people and accidentally becoming their tech support, I was surprised to see how many people didn't have that basic bit of knowledge. When pointing at a chromebook, people say "Google" without questioning why "lenovo" is also written on it.
> Non-tech people don't want (or don't know how) to "setup". The most user-friendly setup won't ever beat "no setup" (e.g., macOS).

I don't like this line of thinking because it is condescending. More importantly though, there are plenty of competent technical users like myself that would love to be using an open operating system but are fed up with dealing with the systemic problems Linux Desktop has that its developers and community keep papering over and pretending don't exist.

It's not condescending, it's realistic. It's how I (as a tech person) approach most non-tech things in life. I rent because I don't want to deal with maintaining a house. I use public transit because I don't want to deal with maintaining a car. And so on.

I may be an extreme example in some ways, but everyone only has so many fucks to give, and most people have legitimately exhausted their budget by the time they get to tech policy.

Extending your analogy, I always feel like when I set up my Linux workflow (something I attempt and abandon at least once a year) it feels like someone dropped a car off in my driveway with the engine and transmission on the sidewalk and no instructions on how to assemble. Installing the "engine" always requires hours of browsing through comment threads written by random people on the internet that are years old.

This year is different though! I'm going to make it work. Also looking at Pinephone for my mobile.

I'm going to let you in on a secret: most of the people who advocate a particular operating system are pretending that systematic problems don't exist.

Strictly speaking, Windows is a usability nightmare. Most people don't notice simply because most people learn and use a tiny subset what is there. Beyond that, there is an entire industry to support Windows (which is part of the reason why people like it). Apple isn't much better. They tend to paper things over by simply dropping support. An example was brought up by another commenter when they mentioned that some ix programs use raster fonts. Strictly speaking that can happen under Linux yet not macOS since Apple dropped support for legacy software while some ix software is decades old. Linux will have its own issues, but I'm not the best judge of that since it is my operating system of choice.

At the end of the day, any operating system will be a compromise of some form or another. Which you choose will depend upon what your wants and needs are.

I don't disagree, Windows especially has been getting a lot worse as it embraces modern development and the users-are-cattle mindset that comes with it.

My problem isn't so much that there are tradeoffs, or even that those tradeoffs are not ones I want to make, it's that there are people out there who seem to insist that Linux Desktop is the one and only proper choice and everyone who doesn't choose it is either stupid or misinformed. If Linux Desktop people were more willing to listen to why people don't use it and take criticism to heart instead of as some kind of personal attack, it might have evolved into something more people would actually want to use.

> My problem isn't so much that there are tradeoffs, or even that those tradeoffs are not ones I want to make,

That's fine, and I agree that advocates sometimes detract from progress.

They can buy a PC with GNU/Linux preinstalled then. If I bought a mac and tried to install windows there it would be a shitshow too.
> They can buy a PC with GNU/Linux preinstalled then.

That's the problem: non-tech people don't know they can do that. Besides, why would they buy a PC with "GNU/Linux" preinstalled if they don't know what "GNU/Linux" mean to begin with? Almost everyone out there knows what "Mac" or "Windows" means, and so they buy Apple stuff. Again, marketing.

It would actually work rather well, that’s the whole point of bootcamp.
> In other words, it is perceived as harder because people make it harder.

If by "people" you mean "Linux Desktop developers". They have taken relatively simple things and abstracted them two or three times until they are so complex and fragile they need special programs and standards to automagically manage it all for the user. As soon as you step outside the box of what they expect (hey, why can't I install a program on a different disk than my OS?) it is revealed for the Goldbergesq garbage pile it is.

> hey, why can't I install a program on a different disk than my OS?

Apple user here (had Linux on the desktop for 5+ years and windows for a longer time):

Why would I care whether my program is on one disk or another? Why would I even "install" something, instead of dragging/dropping a single "file" (yes I know it's a directory) like I usually do. Do Linux applications all self-update using Sparkle like Mac-applications do?

I also love Apple-music where I can listen to everything on all my devices, can I have that in Linux?

Does linux have the same beautiful font-rendering that I get in OSX, or do I have ugly non-antialiased bitmap-fonts now and there?

I also haven't used installation-media for operating-system installation in many many years, everything just works via the internet. I input my apple-id on a new mac and everything sync perfectly without any issue. Do I get that in linux? One login and my mail, notes, calendar, photos, music, files, backups, keychain sync across all devices?

And also simpler UI-questions: Can I rightclick on a file/folder and it says "Compress to zip?". I can have that in windows, can I have it in Linux? Can I easily create a encrypted bundle and mount it in the UI? Can I drag the little icon on top of any open window into any filedialog to rapidly access that file?

Can I easily configure keyboard shortcuts system-wide?

Can I have a photos-app that is as good as Apple Photos?

I think OSX is great. It feels more and more locked down, that is true, but I haven't had any real issue with this yet. I still can develop whatever I want and run it if I feel like it.

> Why would I care whether my program is on one disk or another?

A lot of reasons. Maybe your OS disk is on a ludicrously fast SSD but is space-limited and you don't want to waste that space on applications that don't need it.

> Why would I even "install" something, instead of dragging/dropping a single "file" (yes I know it's a directory) like I usually do.

Agree wholeheartedly. It makes perfect intuitive sense: the application is exactly where I think it is, and if I move it somewhere else then it is exactly there, and if I delete it then it is exactly gone.

> Why would I care whether my program is on one disk or another? Why would I even "install" something, instead of dragging/dropping a single "file" (yes I know it's a directory) like I usually do.

Answer to your second question is very similar to the first one. Why should user drag anything anywhere, and decide to which folder put the applications? It is much easier to click on the install button in the store-like application.

Many users are confused by dmgs and they keep launching apps they downloaded from their ~/Downloads folder.

> Do Linux applications all self-update using Sparkle like Mac-applications do?

Linux applications were auto updated by their respective package managers before Sparkle was a thing. I consider keeping a Linux system updated to be much easier, than Mac one; even if it is updated by multiple mechanisms underneath (apt/dnf, ostree, flatpak, fwupd), from the user's POV it is unfied in the form of Gnome Software or KDE Discovery. On Mac, you have Apple App Store, Sparkle, brew, Microsoft Update, Adobe Update, Eclipse updater, and myriad of other mechanisms, specific to each app.

> I input my apple-id on a new mac and everything sync perfectly without any issue. Do I get that in linux? One login and my mail, notes, calendar, photos, music, files, backups, keychain sync across all devices?

I don't get that on a Mac. But then, I'm not locked into their products.

> And also simpler UI-questions: Can I rightclick on a file/folder and it says "Compress to zip?"

Yes, you can. In Gnome (default for Ubuntu, Fedora), you can right click a folder and there is a "Compress..." menu item. It will give you a choice of .zip, .tar.xz, .7z. I'm sure KDE has something similar.

> Can I easily configure keyboard shortcuts system-wide?

Easily? There's no system that would do that. Some are more flexible, but more difficult to configure, and vice-versa. MacOS goes into the less flexible one, for example I've never managed to have the media keys controlling VLC instead of launching iTunes, or Apple Music nowadays.

> Can I have a photos-app that is as good as Apple Photos?

This is about the first time I see 'good' and 'Apple Photos' used in the same sentence.

Linux is not a single thing. There are many different distributions and combinations of software you can have on any of them. You get what you choose.

There are like 7+ different file managers that you can install and use. One of them probably has compress to zip. Some of them are much more powerful than finder in OS X. I use `mc` and I don't even need to click. I just select a folder <F2> <Enter>, and the folder is compressed. Two pane file managers are great. I love them ever since MS-DOS times.

The fact that I can use bitmap fonts is the major benefit of Linux to me, because I don't use hidpi screens. I can have small fonts that don't suck to look at, and are perfectly crisp. I like that I have that choice.

All of those automatic sync things are an anti-feature to me. I was given an iPhone for webdev testing, and was snapping an odd photo or two with it from time to time, including photos of my ID documents, without realizing that it by default uploaded everything into some stupid cloud. Great, now my state ID is with Apple.

A few times I had to use Mac OS for development had me running the other way since then. Why would I search online and download files to drag and drop them around to "install" them, and sometimes click through next next next finish dialogs, like on Windows, when I can just type a list of programs I want installed and they just get downloaded and installed for me with no fuss, and meanwhile I can do something more meaningful? I can install 10 different programs I need for some project in a single command, and it's such a time saver.

To some people Mac features may be great, to some they suck horribly.

> Just pop in the live installation media

So... way harder than Mac OS.

In fact, that’s literally impossible on my computer.

USB thumb drive is still "live installation media"
Now don’t I feel sheepish!

But seriously, I guess it is possible to use a USB thumb drive on my Mac with only Thunderbolt ports, but I never have and it’s never occurred to me. I suppose I still have one somewhere and maybe a dongle that would let me do it.

which is still a pain in the butt because you have to own, find, backup, and completely wipe a thumb drive to do it. Or you have go to the store because who uses thumb drives anymore?
You don't have a USB port of some kind?
Macbooks from 2019 have 4 thunderbolts 3 ports and 1 mini jack. And that's all.

If you want to power the device, you do it through a thunderbold. If you want to connect a USB that is not USB C, you have to use adapter and/or USB HUB. So you would have to connect to your USB through adapter/hub, and if for some reason whatever installer wouldn't support this you would be screwed (but I guess most of the time it would be doable, just inconvenient).

I got fed up with Win10 last year and finally switched to a Mint distro. I run a software development company that works on the MS stack. I stuck with Mint for six months and finally switched back to Windows.

I didn't find it particularly difficult to set up. Some things are much easier (TAP drivers for connecting to multiple VPNs and running side by side remote sessions to difficult workstations across different networks, for instance). Even setting up a Windows virtual box was no biggie.

There's two reasons I switched back: 1) lack of consistency across applications is hampering to productivity, and 2) lack of stability in the application/tooling is hampering to productivity.

I gave myself 6 months to let myself get used to it, and there's a great many things I loved about it, but in the end it was less of a hurdle to deal with Win10's oddities than it was do deal with various inconsistencies and "usage maintenance" of getting having a suitable, productive workspace across Linux (and yes, I realize a large part of this was due to the fact I essentially run an MS-development shop and therefore have to work with MS tooling, but on the other hand, everyone working in any end-user business scenario has to work with Office documents, etc.)

There's installation and then there's setup. I would agree with you that installation on linux is easy these days, but setup... no.

I have tried moving over to linux several times throughout the years, but setup was always a huge issue. Installation was easy, but things like trying to get my aging peripherals to work properly, and trying to get font rendering not to look like absolute ass were always a huge hindrance.

> And before "have you tried this *nix distro??" comments appear

Your style of comment is also quite the meme at this point, though.

I always reply with: if my dad, mom, grandfather and other 10+ members of my family can use Mint and I have to do minimal maintenance for them, much less frequently than with Windows, then so can you.

Yeah, because your family members definitely represent literally every possible use case in the the world anyone could possibly have for a computer.

Ugh.

Did I say definitely, literally every and could possibly? Notice to what I am replying:

> [..] they are still too hard to setup and nowhere near as user-friendly for most people on an everyday basis.

I think my comment is a fair rebuttal of nowhere near and most. If it was true, all of my family members would have to be outliers, which is statistically improbable. The more credible explanation is that it is not really true (and in my opinion, it clearly isn't).

I think you're being disingenuous about what constitutes "most people" in the context of desktop computing, but alright fair enough, I I seem to have read more into your comment than was intended.
> "I would suggest that the users here are probably some of the best suited in the world to help smooth those rough edges"

How would you get around the problem that many vocal Linux users think easy-to-use software is for weak losers, and consider difficult software a sign of manliness and an identity, even a religion? This is like saying Buddhists would be the best suited people to disarm gun-lovers, without considering that said gun-lovers don't want to be disarmed, and see pacifists as weak and unmanly.

A number of user stopping using these products wont change the slightest thing. We all encouraged our friends and family to ditch IE for chrome, and look where that got us.

Legislation and regulation are the only fixes for these practices. The EC have a lot of kettles in the fire here - on multiple fronts. I trust that, although it will take time, "fairness" will prevail.

> We all encouraged our friends and family to ditch IE for chrome, and look where that got us.

I didn't. I encouraged friends and family to ditch IE for Firefox and nowadays I encourage them to ditch Chrome for Firefox. I never cared that Chrome was a little faster for some time.

One person that only uses the (very old and underpowered computer) for mail and printing documents I helped install Linux (not Ubuntu ;)) and since then they are much happier, because it doesn't get slower with each security update and needs less maintenance help than with Windows.

> We all encouraged our friends and family to ditch IE for chrome, and look where that got us.

Antitrust entities bashed microsoft for shipping IE and look where that got us.

If anything, it's worth keeping in mind that volumes of regulations written for big corps may indeed force them to behave, but are an impediment for tiny companies to enter.

Corps like microsoft do call for regulations and copyright laws all the time, the have an army of lobbyists, they know that even without regulatory capture these extinguish competition.

Legislation doesn’t solve software problems.
Actually if those users go to alternatives and offer they money and feature requests there, alternatives would improve.
Apple has NOT being the same after steve is gone. It is MS 2.0 now!

With better design and products of course, none the less the business practices are the same. Much this is enforced by the current economic and political system.

Not MS. MS today is much less into the anti-user, anti-privacy, rentseeking game, compared to Apple or Google. Apple today is M$ 2.0, as much as people here hate that trope.
The privacy-invasive tracking in Windows 10 is much more obnoxious and tricky to workaround (since it is spread out and hard/impossible to disable). This tracking in macOS is at least under the guise of security whereas the Windows tracking is pure telemetry.
MS is still the same, they just matured a bit. They just have to behave better in the open source community to attract the developers. I don't believe for a second that they are doing it for the benefit of information sovereignty or the development of tech and software.

Their backdoor put a really bad taste in my mouth. Will try to avoid them if I can.

> I don't believe for a second that they are doing it for the benefit of information sovereignty or the development of tech and software.

They're doing it because the cloud is Linux and they need to get into the cloud because Nadella's vision for the MS OS going forward is a unified system that spans PCs, phones, tablets, IoT, everything, not just a desktop OS.

> much less

Define "much". Windows 10 is a mind-boggling privacy invasion. It's just the other offenders attract more attention, that's all.

How about disable all privacy features on setup/installation? It's far easier than the amount of hoops one has to go through for Google.
Only because their attempts at copying Apple and Google fail miserably.

Otherwise, here's Windows 10, have it for free, hell, here's Linux on Windows, just stay on the OS, buy apps on the Store and see these ads! Also give us telemetry.

Side note: no one cares, but I finally tracked down the cause of a really annoying bug, hibernation due to "thermal event" (CPU "overheating") in Windows 10: It's because of using dynamic disks in mirror mode (perhaps in other modes, as well). Makes Windows 10 hibernate randomly. Converted disks back to basic, no problems. Took me a long freaking time to finally solve this.

I'm not. Since the last few iterations of Apple hardware and OS software, I've decided to switch to something else. I'm also advicing all friends and collegues to do the same. There is simply no reason to stay with Apple anymore as a professional. It used to be stability and ease of use, but Windows has since closed that gap, and Linux is a close second (and a must for programming).

Most likely that means I'll run a Linux laptop for programming, and have a partition for Windows on a gaming computer, cuz I love me some games. I know Steam is gradually approaching Linux, but most AAA games still run best under Win. Plus it's an easy platform (outside OS X) to run multimedia production tools. Sorry, I just don't think Gimp or other Linux tools for multimedia production are good enough yet, but the hope remains that they will someday compete with giants like Adobe. For real. And not just as free but woefully inadequate alternatives. Please correct me if I'm wrong here, though. I'd love to be surprised, if you are able!

Gravit designer, Blender and Bitwig studio would come to mind as tools for multimedia production that are as good as anything on the other platforms.
Also Krita is improving pretty much constantly to become the "Blender of drawing".
Great tips! Thank you! I'm more into 2D compositing for video, but I've had my eye on Blender for some time. Not sure how it stacks up against stuff like After Effects. For audio production I already use Reaper FM, but I might give Bitwig a go too. ^^
I haven't used Windows in long time, but it feels like "the gap" was closed by Apple, by letting their system degrade. The high end 2019 MacBookPro is in many regards less reliable for music production than my old 2012 MacBookAir, which is really, really sad. Unless Apple gets their act together my next music production setup will be Windows-based (or maybe I'll even try Bitwig on Linux).
Apple still is best for audio and animation applications and there are synergies in certain industries like game development.

But apart from that it is a bad deal.

Windows degraded itself with its bad store, telemetry and PaaS dream, but yes, as soon as they could Apple developed in the same direction. Microsoft suffers from bad decisions on some management level.

> “the gap” was closed by Apple, by letting their system degrade.

100% agreed. And I would even go so far as to say that Steve Jobs had such a strong vision of how things could be, that it was his greatest mistake to put someone in charge who did not (Tim Cook).

>it feels like "the gap" was closed by Apple, by letting their system degrade.

While there is some merit to this claim, I don't agree with it entirely. In my experience using these systems side-by-side for over 10 years now, it's pretty obvious that Microsoft has stabilized while "stealing" Apple's good parts, and that Apple hasn't really evolved any further than they got in about 2010. In essence, Apple has allowed Microsoft to close the gap, although by about 2005 Apple managed to become so high quality on the computer market, and so ahead of its time (by "stealing" the good parts from Linux) that it's hard for me to say how they could possibly keep that position for long. (I'm not saying that they literally stole things. Obviously they've done a lot of innovation themselves, but there are also some pretty obvious signs of "inspiration" going on too.)

There has for sure been downgrades with Apple too, but not really in regards to pure stability. In my experience most of it started in the 2010's, when Apple decided to turn away from the pro market to focus more on the trend consumer market instead. At first it happened slowly with a few technical changes that put off web designers. However the first major blow was against Final Cut Pro. I guess it turned out well in the end, but in the beginning they stumbled badly and gave away a large market share to Adobe as media pros started fleeing from Apple. Soon after came system changes that made Adobe crash more often (I'm sure it was just a coincidence...), only resulting in customers fleeing from Apple as a whole. Today Apple Mac's are decidedly more of a tightly controlled trend brand than the prosumer brand it used to be. (Kind of like Hasselblad has gone from the photo engineer's brand to an almost purely luxury brand by now.) (Also I really miss the MagSafe lol.)

I don't even bother dual-boot anymore and just use WSL. Windows has basically become what OS X used to be except better because it's actually Windows and actually Linux. It just goes back to Apple not caring one iota about developers. Focusing on developers used to be Microsoft's strong suit and they've positioned themselves well for that again.
> These companies have repeatedly shown that they don't respect people's privacy

I mean, this is just plainly not true.

Apple has done many things, things they did not at all need to do, in order to protect user's privacy. They have shown, repeatedly, that they do in fact care.

It's super infuriating reading posts from developers who are like "Well I would love to use Linux, but I can't because the touchpad drivers don't behave exactly the way they do under MacOS..."
I kinda pity them, I have a track-point.
It was super frustrating until I got used to the Linux way of handling, and then the other system was the weird one. Companies don't mind this effect at all I think, it increases their retention.
My main workstation is Linux for a couple of years now. I have dedicated PC for Ableton and I disabled all known telemetry calls. I got rid of all Apple products except iPad 2.
The alternatives are not "a bit rough round the edges". They are much, much worse.
How much worse are they? Can you explain your experience?
>Yet despite all the wailing and gnashing of teeth - both in the article and in the comments here in the various threads - people are still making excuses for continuing to use Apple/Google/Microsoft/et al products because the alternatives are a bit rough round the edges.

Or we like what Apple/Google/Microsoft are putting out, including the "walled" nature of the iOS/macOS. People's homes are also "walled" for a reason.

Your concerns are not everybody's concerns.

That said, I don't like the telemetry and information leak as described in the article, and would want Apple to stop it and allow disabling it.

But I also don't care for using another OS just because "it's actually yours and you can do anything you want with it". That's also true for TempleOS, but I would't want to use it (to use an extreme example of an alternative), and simililarly, I prefer macOS and the app ecosystem to any Linux distribution I've seen (and I've used UNIX when there were still UNIX wars and SunOS workstations with black and white monitors, and Linux for close to 25 years).

> "...people are still making excuses for continuing to use Apple/Google/Microsoft/et al products because the alternatives are a bit rough round the edges."

I found myself being one of those people, so I made a commitment to no more Microsoft or Apple for my personal devices[1]. I'm eagerly awaiting PostmarketOS to reach full functionality on the PinePhone and I'll give up my Android phone at that point, taking Google out of the equation as well.

I'm even considering trying to learn C so I can contribute to OpenBSD for my hardware that is "rough around the edges".

[1] My wife's PC with Windows 10 is exempt for now; she's not a techie person at all and I don't want to force her into something alien. She tends to borrow my Thinkpad with Linux every now and then and is getting more used to it, so we'll see how that goes.

I need XCode to build software for iOS and OSX, and there isn't to my knowledge any other feasible, performant and off-line capable way to do that beside running OSX on a Mac.

This is the only reason I had to move away from (arch) linux and it saddens me every day.

Reminds me of Eben Moglen's "Freedom in the Cloud" talk.
> On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.

Oh, well. Apple is one of the worst lock-in minded companies with draconian policies. I'm surprised anyone expects anything else from them.

If you worry about having a computer that's yours, macOS should be the last thing to consider running on it. Starting with Linux could help.

(comment deleted)
This is sad. But the solution is not to use Signal. Resistance if futile that way. I believe the only solution is top-down: voting governments that can change this once and for all.
It can be both things. Use signal if you are sending messages that are security sensitive, or if you want to prefer secure messaging by default. But of course vote and talk to elected officials and agitate for policy changes as well.
Signal uses centralised servers controlled by one organisation. It could interoperate with other servers, but the Signal organisation forbids it. I don't see how using Signal leads to freedom from control by an organisation.
I have found it curious how this has gotten zero traction in the press. Earlier today, I was naïvely sure this would cast a pall over the product launches.
Apple PR....is very well funded I would assume.
Well said, we’ve come to the point where if you want the latest silicon, a very good build quality and the most hyped technology, you’ll have to give away some of your privacy. Extra points for mentioning Cory Doctorow, who is providing most of his (prophetic I dare say) books for free over at https://craphound.com (you can also buy them and support him ;-) )
What I've been thinking about is doing the virtual machine route and being able to be on the same computer from dumb terminals around the house.

In this case, you could many 3rd party OS vendors supplying the host machines. Dumb terminals could get competitive.

> These machines are the first general purpose computers ever where you have to make an exclusive choice: you can have a fast and efficient machine, or you can have a private one.

Most of the components inside my PC are over 10 years old. I do video editing. I do music production with many VSTs open and running. And of course web browsing with a million tabs opened at once. For any of those tasks I can't see what would be the point of having a faster machine. Everything happens at once.

Also, having a modular machine lets you replace individual parts when they fail (which they almost never do anyway).

What are people doing with their computers that need so much computing power? Is it gaming?

> What are people doing with their computers that need so much computing power?

Running and developing web apps and microservices in proprietary languages and using oh-so-great modern environments and IDEs only there to lock you into a vertical garden

It's a new software. Take the note editor inside Evernote for example. It just slightly more sophisticated than a common notepad.exe, but it lags and freezes like it computes the Moon flyby trajectory by numeric simulation once every few seconds. Or the new fancy autocompletion module for Spyder python IDE. some stupid autocompletion requires TensorFlow running and therefore I just can't use it, because my 6 core PhenomII ( which is enough for most of what I'm working with) doesn't have AVX-instruction set. MSVC had a decent autocompletion for ages, VisualAssist raised the bar even higher... But now I'm kinda forced to upgrade my PC to get a simply decent code autocompletion... What next? Quad-GPU rig to run notepad?
I tried Evernote on Windows, it was so much buggier and slower than the browser web app, it was really unusable.
I quite agree... The moment I find a simple note-taking app that synchronizes well between Win7 and Android, that moment will be the last moment I use Evernote.

(well, I use excellent DokiWiki engine as my primary knowledge base, but to make it available on the mobile phone requires setting up and securing a web-hosted machine which is too much bother for me right now)

Workflowy is free and synchronizes perfectly between the browser and the mobile apps.
Thanks for mentioning, I'll give it a try!
I agree. My machine is a new modular one. You can have both with no compromises. It’s not even hard. And it works with open source operating systems! I doubt it will last 10 years though because it is modular. It will evolve.
How it is on portability /tdp front?
I have a custom build Ryzen 3700X / 64Gb / 2TiB SSD sized desktop which is built heavy, large and silent. I use a Lenovo T495s as a terminal for it locally and remotely. It covers all use cases then.
Not even gaming, since a 2015 windows machine runs games better than the newest Mac available.
It's about battery life and size/weight.

The faster a chip is, per watt, the fewer watts it needs to draw for the same amount of performance.

In every case, the greatest return on investment for any surveillance system comes from extortion. Extortion takes many, many forms. Some forms are favored by the FBI and prosecutors. Others are favored by spooks. Criminals have many of their own. In every case, they involve coercion.

A key fact about extortion is that the person being coerced is often not the person surveilled. It may be, instead, a judge, or a prosecutor, a purchasing agent, an admissions director, a night watchman. Each has parents, children, spouses, bosses, friends they would not want to suffer. The person surveilled need not even know they were used; the coercion is often more effective when they don't.

For each time you have heard of a defendant who pled guilty to a false charge, a judge who ruled in obvious contradiction to settled law, a legislator who voted against contituents' interests or resigned for "personal reasons", a manager who embezzled, or a contract awarded to the weaker proposal, consider whether it really was just on a whim.

This is the world of pervasive surveillance we are plunging into. This is the world that only consistent encryption and anonymity can have any chance of protecting against. But it is your family and friends who need the encryption and anonymity, not just you.

You make an interesting point about judges. I wonder how prevalent behind the door blackmailing is given we probably wouldn't heard about them if the person complied.
This doesn't apply to Ubuntu,right? As in Canonical isn't doing something like this, right??
Ubuntu hasn't done anything nearly this bad, although the amazon fiasco was pretty rough.

I would still recommend getting comfortable enough with at least one or two other distro's that you can jump ship to if necessary.

With how canonical is behaving with things like snap and such, I wouldn't be surprised if you find similar things. They just don't have the power of their own superior hardware platform to leverage it further.
Ubuntu doesn't run on the fastest/most efficient laptops that were announced this week.
There is an Ubuntu ARMv8-A release (Commonly called AArch64) and there are many Linux-based distros running on AArch64 hardware. Probably wont use any extras on the Apple M1 SoC but it would run nonetheless.
I guess we'll see when my M1 air arrives this month. It's my understanding that by default they won't boot anything not signed by Apple, but I'm hearing scattered reports that there may be some command line configuration tool options that can cause it to disable boot security and boot unsigned stuff. It's certainly the default configuration, and on all of their other arm64 platforms they've shipped so far (iPhone/iPad/ATV/Watch), disabling the boot security is not a configurable option.

My fingers are crossed. We'll know soon.

EDIT: https://keith.github.io/xcode-man-pages/bputil.1.html

Sure, but it does run on RISC-v, other 64-bit arms, AMD x86-64, Intel x86-64, IBM power, etc. Sure apple's got the lead, but they are also showing the entire ARM community how good an ARM can be.

Also keep in mind Apple's M1 looks pretty awesome against Intel, even the i9. Not so much against the AMD Zen3. One of their biggest bragging points was single thread performance, which Zen 3 is rather close on.

It's just the nature of things, don't worry, healthy competition for the M1 is already in the pipeline.

It applies precisely to Ubuntu as well: https://forum.snapcraft.io/t/disabling-automatic-refresh-for...

In a world where Snap is ubiquitous, Canonical is in charge of software running on your devices, not you.

That world is Ubuntu. AFAIK, no other (major?) Linux distro uses Snap.

When you choose a distro, you choose that distro's install-and-update policy. If you prefer a different policy, choose a different distro.

I understand Linux Mint and Pop!_OS are like Ubuntu but without Snap, so they may be what you want. Personally I use Silverblue.

Sure, at least for now it's easy to disable snap. Unlike apple ubuntu can't force you to run things. Apple's got a locked down bootloader that checks the signatures of what is run, so they have in a very real sense control of the hardware, which Ubuntu lacks.
The title should be "Your apple computer isn't yours".
I might be mistaken, but wasn't Windows well ahead of Apple on this one?

First it sneaked Windows 8 and 10 updates onto people's computers, then used every dark pattern imaginable to get them to consent to tracking, then slowly included ads in their operating system.

For the last 2-3 years, I thought "at least Apple isn't doing that", but that is changing.

Unless I'm mistaken Windows 10 still allows you to disable everything and doesn't play games with what you can and cannot block at software/host firewall level.
It does allow disabling settings, indeed, but it's a trove of dark patterns, including updates resetting your privacy settings.
For most people, if there computer was ‘theirs’, it would be that way for about 10 minutes until it was pwned by a bad actor.

The general issue of other people (I.e. Apple et al) having a lot of control over your computer, is entirely valid even if some of the points in the piece are exaggerations.

The problem is that people want it that way.

They are in fact correct that computers are scary and too complex for them to manage, and they want someone they can trust to do it for them.

Stallman may have predicted the issue, but he really didn’t do much to solve the real problems.

The presence of open software isn’t enough without a way for people to know what is trustworthy without being experts.

Until we provide that, this situation cannot change.

> The presence of open software isn’t enough without a way for people to know what is trustworthy without being experts.

As Apple has demonstrated, neither has the presence of closed software. Between Apple and Microsoft, they're nearly 100% likely to get software that is not trustworthy, and cannot be made so.

This would be less worrisome if the state did not compel these organizations to provide their data to the military on demand without a warrant, but due to the vertical integration of big tech companies and US military spying, this becomes a major threat to our society and the basic exercise of civic participation.

It's hard to do things like, for example, investigative reporting against corrupt government officials if the government officials know every time you open Premiere, and where you do it, because they forced your chip/OS manufacturer to tell them.

Firstly - this is a false equivalence.

Sure a government agency may be forcing Apple or MS to help them spy on you, just as they could have compromised whatever else you are using.

But when you download software from at least the Apple App Store, you are in fact protected from many kinds of harmful software.

Let’s not lie and pretend that isn’t a real benefit to many people, even though there are serious downsides to it.

But even if you were right about the equivalence - what’s the point in the handwringing?

There is no way out unless we build our way out.

Shaking your fist at the man just isn’t going to do anything.

The reason there is no alternative is that we haven’t solved the problems yet. People are in fact trying.

Nothing you can say about Microsoft or Apple will make an alternative appear.

The last hoax that I almost fell for was an ad in the Facebook app.
So what?

That’s a nasty communication you chose to receive by installing ad supported software.

It has nothing to do with security or really even computers.

The sense of security is literally the reason why facebook ad hoaxes exist, nothing more.

A claim that "buying Apple makes you safer" makes one less safe, due to perception of extra safety.

> They are in fact correct that [insert anything] are scary and too complex for them to manage, and they want someone they can trust to do it for them

Is this an argument for forced autonomous cars or stopping selling of knives because they are scary and you can cut yourself while cooking?

Why would you think that?

I vehemently oppose government regulation of software distribution, precisely because otherwise we won’t be able to develop a true alternative.

I don’t want people to be prevented from using dangerous tools such as sharp knives, or manual vehicles.

But neither do I want them to be forced to take risks they don’t want to take.

Forced autonomous cars: Yes, once they are good enough. We make people wear seat-belts. Same thing.

Stopping selling of knives: Yes, once we have a safer way of cutting things. Though the real problem is probably people cutting each other on purpose, rather than themselves by accident.

> Forced autonomous cars: Yes, once they are good enough. We make people wear seat-belts. Same thing.

Selt belt wearing is rarely enforced anywhere (especially in Europe, in Italy nobody wears one even though it is illegal).

As for autonomous cars. If they ever work, one of the first mods people will do is to add a steering wheel.

> Stopping selling of knives: Yes, once we have a safer way of cutting things.

Knives are a safe way of cutting things. Billions of people use them everyday without issue.

> Though the real problem is probably people cutting each other on purpose, rather than themselves by accident.

How are you going to stop people from making knives? Humans have been making them for several 1000s of years, IIRC Chimps can make them now. In prisons they literally make shives out of toilet paper.

In the UK carrying knives is banned and their sale is heavily restricted. However in our capital city we still have a lot of knife violence. Guns are also heavily restricted but people still have those illegally and people do get shot. My uncle is a convicted bank robber, he had plenty of guns.

You are solving the wrong problem. You must solve the problem of why people are being violent to one another. That will actually make people safer.

> Seat belt wearing is rarely enforced anywhere

Maybe where you live. Everybody wears one here.

> Knives are a safe way of cutting things. Billions of people use them everyday without issue.

You probably missed the part where I said we would only outlaw knives if we had a safer way of cutting things (reliably).

> Maybe where you live. Everybody wears one here.

Enforcement and compliance are two different things. I was saying that it cannot be enforced. Not that people won't comply.

> You probably missed the part where I said we would only outlaw knives if we had a safer way of cutting things (reliably)

You seemed to misunderstand. The way we have is perfectly safe as it is. Billions of people use them everyday without issue. There is neither the incentive or need to.

You cannot enforce the ban of knives as they are soooo trivial to make (you can make a knife by hitting a large stone against a piece of flint). Even in a very locked down environment such as a prison inmates still manage to acquire them or produce them.

Even if in your fantasy world you did outlaw them and was successful. People would hit each other with Baseball bats, Umbrellas, Pieces of wood, Bricks, lumps of metal.

You must solve the problem of why people are being violent not what they are using to be violent.

> Baseball bats, Umbrellas, Pieces of wood, Bricks, lumps of metal.

That's a good list of items less deadly than a knife.

Make shift weapons can easily be as dangerous (or more so than a knife). People have lost their lives by simply being punched in the head. Life isn’t like the Hollywood action movies, the human body can be very fragile.

It is obvious that you are either idiotic or disingenuous. Judging by the user name, I would guess the second. Have a nice day.

This is the same sort of logic that some people have that people shouldn't be allowed to make choices in life because they "might get it wrong". People should be allowed to make their own choices in what they believe to be their best interests and they should be allowed to get things wrong.

> For most people, if there computer was ‘theirs’, it would be that way for about 10 minutes until it was pwned by a bad actor.

This may have been true back in the early 2000s when people first had good broadband. However all the major operating systems have pretty decent security out of the box mainly due to the embarassment of events like MS Blaster Worm.

> The general issue of other people (I.e. Apple et al) having a lot of control over your computer, is entirely valid even if some of the points in the piece are exaggerations.

The problem is that if you buy a general purpose computing device. You should be able to run whatever you like on it.

They should just have a button somewhere in whatever the equivalent of the BIOS on these machines is that says "I am an adult and I accept the risks of turning off these protections" and then let you install Temple OS if you so choose to.

This is something that needs to be enforced by legal means IMO, something similar to right to repair.

> The problem is that people want it that way.

I don't know about that. They frequently get irritated by it and are just resigned to it IME.

However the popularity of single board computers such as the Raspberry Pi, People building their own gaming rigs and people tinkering with gadgets goes someway in refuting this notion. There will be of course many people that just won't care and will use "iDevice" and that is fine, however there is a large spectrum between "I only run stuff from the app store" to "I run custom Arch Install with optimised kernel with tk kernel patches".

> The presence of open software isn’t enough without a way for people to know what is trustworthy without being experts.

I agree. This is a failing of the open source community. I've actually written a draft manifesto called "better than freedom". This may actually push me to at least have it critiqued by my friends.

> Until we provide that, this situation cannot change.

Something has to change. We are sliding back into the 1980s where all the computer hardware was incomptable with one another.

> People should be allowed to make their own choices in what they believe to be their best interests

> You should be able to run whatever you like on it.

You are contradicting yourself. People are explicitly choosing iphone, a walled garden. Then you say that that's a wrong choice because you believe it's a general purpose computing device and should work differently.

If people buy it then, well, they are fine with it.

Those statements aren't mutally exclusive. People should as a matter of principle be able to run whatever they like, however if they want to stay in the walled garden they can.

If you read the rest of my comment I specifically mentioned some sort of mechanism for turning off the walled garden protections. I would imagine it would work something like secure boot. I have a motherboard that lets me turn off that machanism if wanted to via the BIOS software.

If the only way for it to happen is through lobbying politicians and requiring it by law (not a solution I would prefer) so be it.

Also it is quiite clearly a general computing device as it has all the characteristics of one. It isn't a matter of belief.

> People should as a matter of principle be able to run whatever they like

Well you are free to provide a platform that is as convenient as ios and as free as linux.

In practice that's not easy to say modestly since convenience require quite an investment in design and developement which free platforms tend to lack.

So in reality it's either a well monetized platform (which is either a walled garden or just sells your data), or free platform which is far behind in terms of convenience and support.

> Also it is quiite clearly a general computing device as it has all the characteristics of one. It isn't a matter of belief.

No, it's exactly your belief. Apple doesn't advertise it to you that way, they doesn't say you'll be able to run whatever you'd like on it, so I dunno where did you get this misconception that they should provide you such an ability.

> Well you are free to provide a platform that is as convenient as ios and as free as linux.

Respectfully you obviously don't understand what I wrote.

I was quite clearly talking about the ability to run an alternative OS on the platform. Not whether there Lineage OS or similar is as good as iOS.

You can install whatever operating system you want on a Laptop or a PC. You can already run other ROM images on Android (though some phones you have to root the device which is not okay.

It isn't about an OS already being there. It being able to run whatever OS might be available.

> No, it's exactly your belief. Apple doesn't advertise it to you that way, they doesn't say you'll be able to run whatever you'd like on it, so I dunno where did you get this misconception that they should provide you such an ability.

There is no misconception on my part. If you look up what makes a general purpose computer, that includes things such as PC, laptops, servers and smartphones. The iPhone has all the properties that make it one.

So whether you like it or not, it fits all the criteria. It doesn't matter what Apple market it as or whether they artifically lock it down. That doesn't fundamentally make it a different thing.

> I was quite clearly talking about the ability to run an alternative OS on the platform.

I got it, and explained how it will hurt monetization of their product. Android is a different story with different (I dare say way more scummy) strategies of monetization.

The point is you can't have a convenient platform which doesn't produce revenue allowing to make it convenient and rewarding the investment.

It was quite clear that you were conflating many things.

As to whether it would hurt monitisation. I don't think it will and even if it did I don't care they have more money than most countries do. If they must be required to by legal means so be it.

Also they already kinda allow some of this when you enable developer mode via a Mac with the appropriate iOS developer account. So there is no reason why they cannot do this tomorrow without the paywall.

> and even if it did I don't care

> So there is no reason why they cannot do this tomorrow without the paywall

Sure you don't when you are dismissing economics of software development so vigorously. Try to look at things from the perspective of economic incentives, not pure technical standpoint. You'll understand why free platforms are way less convenient, and closed platforms are as they are.

The incentives can change through eg law as forest_dweller has already mentioned in his comments. I think most people "understand" the current economic situation works out quite well for closed platforms, but it doesn't mean a better way does not exist and can work out just fine economically
As I said if it has to be mandated legally through a movement similar to right to repair so be it. The incentive will be "you must follow the law or be sued".
> If people buy it then, well, they are fine with it.

I don't think people have much choice these days. If you want a smartphone then you will either get something from Apple or from Android people. There are other choices but are they mainstream? In my local shops I can't see anything else. Android or Apple.

That's why I'm buying PinePhone and going to waste lots of my life to make it fit my needs, but I hope once time is spent I will be happier human being ;)

> I don't think people have much choice these days.

Well, choice is about compromise. You have to choose between freedom and convenience, but you can choose. I'm saying that as a person who used 4 linux phones as daily drivers for last 10 years (n900, n9, jolla, xperia with sailfish).

> There are other choices but are they mainstream

Well there are. Maybe they are not mainstream because people value convenience over freedom, which is unfortunate to me, but who am I to dictate them my values.

At least there are always some linux phones to choose from, and hopefully fabless/new open platforms would even increase the amount of such. I mean, 10 years ago it was nokia or nothing, today there are pinephone, fairphone, librem

Why should you choose between freedom and convenience? They are not mutually exclusive.
Of course they are. You need to invest a lot in your platform to make it convenient, so you have to be able to monetize it well enough.
I agree with forest dweller - they are not mutually exclusive.

There are many open source products that have had huge investments without monetization.

> There are many open source products that have had huge investments without monetization.

Like what?

(comment deleted)
I am not talking about the software itself. I am talking about the ability to run whatever software you like. This means alternative OS or allowing someone to install another app store.

They could literally put in a button to let you install what you like. In fact they already did this in the past.

This is hardly about choices and more about shared resources and interaction. You can do whatever you want, but you can't do it to whatever/whoever you want.
> This is the same sort of logic that some people have that people shouldn't be allowed to make choices in life because they "might get it wrong".

No, it's not at all the same sort of logic. We are talking about technology here, not overall life experience. Everyone starts out life on the same footing, with zero experience, and has the innate potential to learn how to live it. But computers are a very specific, highly specialized machinery that the vast parts of the population will never be able to directly understand or fix. I can drive a car but I don't know the first thing about fixing it.

You could claim that no one should own technology if they don't understand it intimately, but that is a different kind of logic and argument. It's silly to conflate the two.

All you are advocating for is a new priestly class.

> Everyone starts out life on the same footing, with zero experience, and has the innate potential to learn how to live it. But computers are a very specific, highly specialized machinery that the vast parts of the population will never be able to directly understand or fix.

I started off with zero experience and learned more over time to throw your own words back at you.

I learned how to program on a computer when I was 10 years old (which was 28 years ago now) after my Grandfather (who was born in the 1920s) learned how to operate his own computer at home. We had manuals and trial and error and the library. It was much more difficult to learn back then because there was no internet, no youtube and almost nobody had a computer. Computers back then were a lot more difficult to use as well. So don't give me this nonsense about it being so opaque it is impossible for an ordinary person.

Also most people will know a friend or relative that is handy with a PC or you could go to a local specialist for help. A large multi-billion company "looking out for the plebs" isn't required.

Apple has been quite good it seems as selling this narrative.

> I can drive a car but I don't know the first thing about fixing it.

Plenty of people used to be able to work on their own cars in the past (and still do today). Most of them would be considered "laymen". Plenty of people fix their own phones and computers, or go to a repair shop where people have taught themselves to repair electronics and turned it into a business. Just because you choose to be ignorant (which is absolutely fine) doesn't mean other people aren't able or willing to.

> I started off with zero experience and learned more over time to throw your own words back at you.

Do you think that all people are born with the innate ability to master computers, programming, and other technical tasks?

Just as not all people are born with innate ability to write a good novel, paint a masterpiece, write a symphony, or lead a nation, I'd say no.

But all people are born with the ability to live their own life and learn how best to do it in the direction that seems natural for themselves.

You are confusing the spirit of this discourse.

> Do you think that all people are born with the innate ability to master computers, programming, and other technical tasks?

No. That is besides the point.

There is a big difference in knowing how to repair a computer, how to program a computer and how to do technical tasks with a computer.

Repairing a computer normally involves identifying the part that is faulty and replacing it. On a desktop PC that is relatively because the components go together like Lego pieces tbh. My father managed to replace the memory in his ageing desktop computer by just looking for what the parts were in the machine and just replacing them. He barely understands how to use a keyboard (he highlights each letter with the mouse and presses delete)

I am good at programming computers but I don't understand how Excel works past very basics. My friend who can't "program" with something like a text editor or IDE, she will quite happily do all sorts of complicated tasks with sheets and cells in it all day.

> Just as not all people are born with innate ability to write a good novel, paint a masterpiece, write a symphony, or lead a nation, I'd say no.

I never claimed the opposite.

However there are plenty of people while they can't write a symphony can start up their own metal tribute band and make quite a lot of money.

You are painting it as a binary of people that can't do something and people that have mastered something. There are plenty room inbetween.

This place is called hackernews and I have explain this point sooo verbosely. This must be satire.

> But all people are born with the ability to live their own life and learn how best to do it in the direction that seems natural for themselves.

Some aren't actually. I have a friend that looks after seriously mentally ill people. They must be cared for almost 24/7. There is one lad he told me about that will masturbate in public because he has no concept of it being socially unacceptable due to having somethign similar to asbergers IIRC.

> You are confusing the spirit of this discourse.

I don't think so.

> You could claim that no one should own technology if they don't understand it intimately, but that is a different kind of logic and argument. It's silly to conflate the two.

Can you point out where he made such a claim? Because I don't see it.

>But computers are a very specific, highly specialized machinery that the vast parts of the population will never be able to directly understand or fix.

Computers are all that only in the vaguest of sense. They're actually not specialised at all. They're actually extremely general purpose. But whether that's the case at all there's a lot items, equipment and tools that are very specialised that most people don't understand but if they were made in act in any way similar to this because someone somehow managed to use them in a retarded way it would surely raise some eyebrows.

Company incentives are trash and I trust them A LOT lot less to not make stuff designed to fail, to lock in customers, to snoop data, etc, etc than I trust myself to not do stupid shit when i want an exception to some safety feature or the like.

>I can drive a car but I don't know the first thing about fixing it.

And would you buy a car with the hood welded shut? With the tires needing some kind of manufacturers signature to not be locked? One that locks up if you try to use some 3rd party seatcovers? No.

And yeah there's some type of modifications to them and actions that we generally try to prevent...but that's because we're talking about a highspeed deathmobile to surrounding drivers/pedestrians if you start putting spikes on it or fuck up your breaks. That however is not the case for a pc, phone, printer or what have you.

> Can you point out where he made such a claim? Because I don't see it.

Please see again the phrasing I used. Specifically, the clause using the word “could“.

Apologies. I completely misread there.
All your recent comments are dead. Don't bother. It's unfortunate that contrarian opinions are silenced but this is the result of another walled garden
“This is the same sort of logic that some people have that people shouldn't be allowed to make choices in life because they "might get it wrong". People should be allowed to make their own choices in what they believe to be their best interests and they should be allowed to get things wrong.“

I am not making any argument that can be construed as this. You are misreading me if you think I am. I agree that people should be allowed to make their own choices which is why I strongly oppose government regulation of software distribution. It’s also why I support people’s right to choose platforms like iOS.

“Something has to change. We are sliding back into the 1980s where all the computer hardware was incompatible with one another.”

I’m not sure freedom and compatibility always go hand in hand, but I agree that something has to change.

As to the tinkerers and people building their own rigs - the idea that there is a large spectrum. I potentially agree.

Serving those people well is a hugely untapped potential. I used to believe that Apple would see this, but I no longer do. I suspect that Jobs would have done.

I would like to think the open source community and commercial ecosystem outside of Apple and Microsoft can seize the opportunity.

We won’t if we spend our time feeling victimized by corporations doing what corporations do.

> I am not making any argument that can be construed as this. You are misreading me if you think I am. I agree that people should be allowed to make their own choices which is why I strongly oppose government regulation of software distribution. It’s also why I support people’s right to choose platforms like iOS.

Fair enough. I've read some of your other replies on here and I got the wrong end of the stick.

As for the rest of your comment here. I agree.

> The problem is that people want it that way.

No, the real story here is that Corporations in the USA, and other Global North countries, have both 1) benefited from state/taxpayer-funded subsidies, grants, and research, and 2) are now locking up and monopolizing these discoveries using the international TRIPS system, 'claiming' Patents and Copyrights, 'kicking away the ladder':

"How did the rich countries really become rich? In this provocative study, Ha-Joon Chang examines the great pressure on developing countries from the developed world to adopt certain 'good policies' and 'good institutions', seen today as necessary for economic development. Adopting a historical approach, Dr Chang finds that the economic evolution of now-developed countries differed dramatically from the procedures that they now recommend to poorer nations. His conclusions are compelling and disturbing: that developed countries are attempting to 'kick away the ladder' with which they have climbed to the top, thereby preventing developing counties from adopting policies and institutions that they themselves have used."

+

“Rich countries have ‘kicked away the ladder’ by forcing free-market, free-trade policies on poor countries. Already established countries do not want more competitors emerging through the nationalistic policies they themselves successfully used in the past.” [1]

Professor Yash Tandon adds:

“During the 1980s and 1990s I worked in many countries in eastern and southern Africa, and then for four years at the South Centre—2005–09. I can say from my experience that the industrialised countries of the North have been trying systematically to block all efforts by the countries of the South to industrialise. Their mega-corporations have tried—and, alas, succeeded—in privatising knowledge, and using it to promote corporate profits over the lives of people."

[...]

“It is the seeds and pharmaceutical companies of the West that have pirated the knowledge of seeds and medicinal products from the South. But whereas in the South this knowledge was shared as a public asset, the Western companies, having learnt from the South, proceeded to claim it as their private property. They are guilty—morally guilty—for the avoidable deaths of millions of people in the South who cannot afford their ‘patented’ medicines against, for example, AIDS, malaria, tuberculosis and other killer diseases. It is a sordid story. But it is not all doom and gloom. Those who control the system (the global corporations and the international organisations that the West controls) do not get their own way entirely. Wars do not always end in the victory of the militarily or ‘intellectually’ powerful.” [2]

All of this then comes together through Tech's Great-Man theory, that has us idolizing those monopolizers:

"In the movie Steve Jobs, a character asks, “So how come 10 times in a day I read ‘Steve Jobs is a genius?’” The great man reputation that envelops Jobs is just part of a larger mythology of the role that Silicon Valley, and indeed the entire U.S. private sector, has played in technology innovation. We idolize tech entrepreneurs like Jobs, and credit them for most of the growth in our economy. But University of Sussex economist Mariana Mazzucato, who has just published a new U.S. edition of her book, The Entrepreneurial State: Debunking Public vs. Private Sector Myths, makes a timely argument that it is the government, not venture capitalists and tech visionaries, that have been heroic.

“Every major technological change in recent years traces most of its funding back to the state,” says Mazzucato. Even “early stage” private-sector VCs come in much later, after the big breakthroughs have been made. For example, she notes, “The National Institutes of Health have spent almost a trillion dollars since their founding on the research that created both the pharmaceutical and the biotech secto...

> For most people, if there computer was ‘theirs’, it would be that way for about 10 minutes until it was pwned by a bad actor.

I remember very well the times where when you’d connect a fresh Windows XP SP2 to the internet without a router or firewall it immediately showed malicious popups and eventually a BSOD.

"Stallman [...] really didn’t do much to solve the real problems" - I beg your pardon but when was he appointed with this responsibility?
Besides, he actually did A LOT. The problem is, the general sheep won't listen to him anyway.

"The choice for mankind lies between freedom and happiness and for the great bulk of mankind, happiness is better." -- George Orwell, 1984

> For most people, if there computer was ‘theirs’, it would be that way for about 10 minutes until it was pwned by a bad actor.

I own a company which manufactures and sells showerheads. Since "most" people are prone to a fall while taking a shower, my company also mandatorily installs a camera alongside, so that we can monitor for accidents, given our deep concern for our customers.

"Some" customers have raised concerns about their privacy, but this is for the greater good. My company is very ethical in its practices, and really values each customer's privacy (pinky promise).

The footage of you and your loved ones showering is completely safe with us, although you can choose not to be recorded while showering by not purchasing our products.

Oh by the way, our showerheads are sleeker and more convenient than anything else in the market.

Feudal lords protected their serfs too.
Yet another reason not to use Apple products. I'm mainly on Linux currently but considering OpenBSD for one of my laptops.
if trustd really cannot be blocked by any vpn, i am wondering how's large corporates will react for this new macbook, e.g. whether to continue allowing employees to use this new macbook as working machine.
The tech corporate response may be one of the best avenues to actually apply any leverage against apple with this current situation. I've already heard of friends at big-tech companies where network admins are applying corporate wide VPN policies to block apple's ocsp.apple.com requests after the outage that happened yesterday and basically nuked productivity for hours. In some cases it meant engineers _could not_ deploy code due to an apple outage because `terraform whatever` wouldn't work, which is pretty outrageous.
We're already used to being unable to deploy code due to a GitHub or NPM outage. I don't think this will persuade the corporate people with the money to invest in switching. By analogy, look at how many staff hours are wasted supporting IE.
I think there is a huge difference in these two things:

* I can’t work because a 3rd party we use for code hosting / dep management is down * I can’t work because my laptop literally can’t run any programs due to a poor security program installed and required by the laptop manufacturer

I'm so glad I caught onto RMS and Eben Moglen when I did. I saw this coming a long way off, and have spent a lot of my time completely gpl'ing my daily use stack. There are a few rare exceptions (steam being the largest one)... but I'm happy I put in the effort.

What we are headed for is a world where a certain subset of people with the technical knowledge have computing freedom, and that vast majority giving up all kinds of rights and data for convienience. A techno-caste system underneath the neo-feudal system that is incoming.

"a world where a certain subset of people with the technical knowledge have computing freedom"

Even that is optimistic.

I should have said "have the ability to have...", but you are correct, unfortunately.
Quote: "These machines are the first general purpose computers ever where you have to make an exclusive choice: you can have a fast and efficient machine, or you can have a private one."

I call BS on Apple having the fastest machine, even at current moment, not to mention in the future. I can make a gaming rig with latest Ryzen CPU that will run whatever I want and be both faster and cheaper than Apple's expensive crap.

How about efficient? A Mac Mini is extremely efficient.
That whole thing is temporary until 2021 when other companies will get a chance to use 5nm fabs.
Don't count on it.

Apple's mobile chips have been consistently the best in the business. When the A14 was released, the second fastest mobile chip you can buy became... the A13.

Is this unsurmountable? Obviously not, it's excellent engineering, not a pact with the Devil. But you can't just hand-wave it away either, Apple's silicon is the one to beat, and they have a head start.

You can only run Apple’s awful software platforms on Apple Silicon so they’re only competing with themselves and for the few people who actually run macOS in the case of the new Macbooks.

Even if the rest of the PC industry never goes to ARM, Apple’s market share won’t change more than one measly percent IMO.

Yes, but here we are essentially talking laptop chips, not phone chips.
All things are temporary. If Apple is consistently ahead in efficiency at any given point in time that's what it means to be ahead.
I am most efficient at my desktop. The sheer screen estate allows me to organize my work better than on any laptop, Apple or not.

I have 2 laptops, bought them to my kids for this times when online school is a must. I tried to do some work, didn't like the small screen.

The Mac Mini is a desktop computer, it's just much smaller than your typical desktop tower. It doesn't have a screen or keyboard built-in. It's not a laptop. It's a box you connect your screen to. How is this relevant?
The Mac mini contains a laptop-grade CPU, RAM and mainboard that lacks expansion.

The only thing that makes it not a laptop is the form-factor.

The comment I was responding to was talking about screen size and only screen size. Your points may all be true (except that it has much more space for cooling than a laptop, which has significant effects on noise and sustained performance) but have no relation to the topic at hand.
Mac mini is a desktop computer. Regardless we're talking about energy efficiency not productivity.
> I am most efficient at my desktop.

It would be weird if the person you’re responding to were referring to personal efficiency—that depends on the person. They were likely referring to power efficiency.

If you know of any other 8 core, 64 bit, 220+ ppi, >=13", 18 hour battery life machines with a great keyboard that weigh less than 1300g, please do let me know. Bonus points for metal enclosure.

If you find such a beast, I will buy it instantly, and I will happily ignore the fact that the MBAir will still have a better trackpad and speakers.

I am not looking to buy a "rig", but a laptop.

Doesn't the Dell XPS meet those expectations? The 15" version can be specced to an 8 core i9 with around 290ppi and an 87Whr battery, and if you're happy with a 6 core i7 you can get a 13" with around 330ppi (same resolution), but with a 52Whr battery.

I'm not sure what "18 hours" means, I am inherently skeptical of any "hour" claims of battery — obviously the less you demand of your machine the less battery it will take.

The 15" is ~700g heavier. The 13" has 2 fewer cores (as you noted), and a slower GPU. 330ppi does sound amazing, though.

Apple's way out in front here, and they know it. That's why I wrote this article: because the choice is private xor fast.

There's perhaps some good news, though: it may be possible to disable the signed system volume checks on the Apple Silicon macs, which would allow editing of the OS startup scripts/settings.

It's worth noting that Apple's "18 hour" battery life on the MBA is listed when watching something via the Apple TV app, presumably as they have various optimisations both in the OS for that and at a chip level.

For regular desktop use it's 15 hours, which is about the same as other higher battery spec laptops.

It is (too) expensive, but crap is certainly not.
You may find something that runs faster. But it will use a lot more power. These are Apple's low power offerings. There's more to come.
> I can make a gaming rig with latest Ryzen CPU that will run whatever I want and be both faster and cheaper than Apple's expensive crap.

No you can not. The M1 chip has the fastest single-core performance of any consumer chip available today, beating every chip in AMD’s brand-new Zen 3 lineup. You can get faster multi-core performance (5950X) but definitely not foe the same price as Apple’s new computers - not to mention the massive power draw and much worse thermals in comparison.

This is really bad , apple touts itself as a privacy company but it seems like a fox in disguise and meddling with VPN is just completely immoral. Now google and Microsoft seem better to me as they at least tell you we are getting your telemetry data and don’t modify vpn traffic.
I am running wireguard on my router, let them try to bypass that
Just run Linux. Works for me.
>Just run Linux. Works for me.

Same here, but TBH, I am also starting to worry for large linux distros (eg ubuntu).

And there's of course the black box hardware it runs on.

I'm running Linux on a 2015 MBP and it works great.

However good luck getting decent Linux hardware support for any Mac >= 2016 and there is very little (probably zero...) chance of anything other than OSX running on an M1

I'm hoping we can get a RISC-V machine sometime in the near future.
How would that change anything?
By nature RISC-v machines will tend to be more open, have an open bootloader, and be friendly to running an open OS. Much less likely to block installing Linux, like Apple has done. Much less likely to block running linux, like on the Microsoft Surface.

Sure some Apple like company could make a fork of RISC-v and then lock down the environment, spy on a user's network traffic, what binaries they run, etc.

There is exactly nothing about RISC-V that makes things built on it more open. RISC-V itself is an Open Source ISA, but that has nothing to do with having an open boot loader or whatever.
How does RISC-V imply an open bootloader or open hardware? It's just an ISA, and there is currently no RISC-V extension that I'm aware of that goes into details like platform boot or platform boot security.

In fact, Si-Five have implemented their own from scratch [1], because there was no existing RISC-V blessed way of doing these things. And their implementation is open, but nothing prevents anyone else from implementing a closed, fused implementation. Or taking the Si-Five implementation and using it to prohibit any modifications by end-users, like vendors already do with U-Boot. [2]

I already have in my hands a RISC-V microcontroller that can be locked down by the firmware developers to prohibit me from reading it out or modifying it [3].

And finally - even running your code on a RISC-V core is not enough to actually make a platform usable. You need documentation for every single peripheral around the core (and/or core complex). And even when you have that, implementation is still a lot of work. See: how much effort it was to do a decent Linux port onto the Tegra X1 on the Nintendo Switch, which is extremely thoroughly and publicly documented (in comparison to other platforms in this class, at least). And the only blocker there was secure/fused boot. Which again, RISC-V will not prevent.

[1] - https://riscv.org/wp-content/uploads/2019/12/12.10-14.20-SiF...

[2] - https://www.denx.de/wiki/pub/U-Boot/MiniSummitELCE2013/U-Boo...

[3] - http://www.gd32mcu.com/data/documents/shujushouce/GD32VF103_... ; C-f security

So knowing this, how is it that HN remains so interested in the new "Apple silicon" or the latest "updates" to macOS. Why in God's name do people agree to participate in so-called "telemetry" and submit to whatever changes Apple wants to make in the OS, without question, in the form of "updates". Trying to control what programs users can run via "AppStores" and "developer certificates", and making them pay Apple for the "privilege" (what should be a "right").

If what the author says is true, I cannot see how anyone can take Apple's claims of "privacy as a human right" seriously. Purchasers have no right to privacy that can be asserted against Apple, who apparently needs to know how, when and where each customer is using the computer he/she bought. The company should be held to task for making such claims.

I still have an old Mac G4 with OS9. It is not connected to the internet. Safe to say no one at Apple cares how, when or where I am using it, and that's how it should be. It is astonishing how overzealous this company has gotten. As Nancy Reagan once said, "Just say No."

> Why in God's name do people agree to participate in so-called "telemetry" and submit to whatever changes Apple wants to make in the OS, without question, in the form of "updates".

I have automatic updates enabled because I trust the vendor who makes my distro to act broadly in my interests. If I discover they've done something I don't like, I can switch to a different vendor and get mostly the same software from them instead.

The answer to your question is that these people trust Apple. I don't understand why.

I'm not going to comment on the linked article, other than say I think it contains serious mistakes in describing what OCSP is for and errors in other statements.

In the background there is a war going on, but it isn't what you think. It is a war between malware creators and OS creators.

From my perspective it goes like this:

To "identify" malware you need signatures. Signatures need valid certificates. Signing keys get lost (or worse stolen), bad actors need to get identified and their identity revoked.

If you don't have signatures you will end up with polymorphic malware. (Brew, pip, ruby gems, npm make me uneasy with how much external trust they require!)

To stop persistence you need some system immutability and secure startup / boot.

If you don't have secure startup / boot you will allow persistence in ways it may be impossible to remove.

If you don't have an encrypted disk protected by a passphrase, a lost device means your personal data is now potentially now "public". If you don't also have the other above protections having a passphrase at this point may be meaningless.

I use an iPhone because it boots from ROM and a DFU Restore wipes all mutable firmware. The flash, where my data is stored is encrypted. When I can, I will also use an Apple Silicon Mac because it works the same way.

Hardware products and operating systems from other vendors and sources do not have these protections. Some attempt to, but the implementations are very flawed or poor - I choose not to use them with my personal information.

For me, Apple products really are designed to protect my personal information.

>For me, Apple products really are designed to protect my personal information.

Which unfortunately isn't mutually exclusive with granting full access to your stuff to state-level actors.

But I guess there's always a category of people who actually like the idea of big brother.

Sorry, but please can you point to any real evidence that Apple allows state-level actors access? From what I can see it is exactly the opposite.

I am not an advocate for big brother.

Apple has been a part of PRISM since 2012. Apple is a US company, and bound by law to give access when push comes to shove.
Sorry, but there are no details about how PRISM works.

The 2012 date is also suspicious - it is in the same year a new Apple datacenter in Prineville came online.

I personally think that PRISM works by externally intercepting data communication lines running to / from the unwitting companies.

The NSA has previously tapped lines (AT&T), but they made the mistake of doing it inside the AT&T building. That eventually leaked out -- so I think it is most likely that PRISM is implemented without the knowledge of anyone except the NSA.

[edit] I started doing more research. Facebook also has a datacenter right next door. I wonder who else is there and where do all the network cables go.

> Sorry, but please can you point to any real evidence that Apple allows state-level actors access? From what I can see it is exactly the opposite.

> Sorry, but there are no details about how PRISM works.

> I personally think that PRISM works by externally intercepting data communication lines running to / from the unwitting companies.

Unless you can prove you're ex-NSA or worked in SIGINT, sharing your opinion is not proof. Snowden's leaks are proof.

Why not give weight to the arguments and proof put forth by Edward Snowden? There have been no attempts by the US govt. or the NSA to disprove his leaks. No counter-evidence presented.

My question is: what do you benefit from continuing to deny and refuse to accept Snowden's whistleblowing?

I'm not ex-NSA, current NSA and I have not worked in SIGINT for any country. I cannot demonstrate proof of this.

I do not believe that the Snowden slides show proof of collusion by any of those companies. All the slides do are indicate that data is being collected from those companies and the program is called PRISM.

If for example, there was also a slide that indicated payments were being made in exchange for the data, then that would be an entirely different thing. That would indicate collusion and be more believable.

I am not denying or refusing to accept Snowden's whistleblowing. I think it is highly likely that PRISM exists. What I refute are the speculations that the companies listed are complicit.

I will also add that PRISM and "beam splitting" are a bit too close for coincidence.

Room 641A at 611 Folsom Street, SF is where "beam splitting" was done. That info leaked. The NSA isn't stupid, I doubt they wanted to repeat that sort of discovery - which is why I think it is believable and likely that the companies listed on the slides have no idea what has been done.

[edited to fix grammar and that there was more than one slide leaked]

Well uploading signatures in plain text does make it much easier for PRISM to intercept.
There is no proof that Apple allows the CCP access to data, however they cannot prevent it: https://appleinsider.com/articles/18/02/24/apple-to-move-chi...

Don't forget that Apple is a multinational megacorp, and is user centric only when it suits them. Consider Tim Cook speaking at the conference used by the Chinese government to promote internet regulation, saying that the vision of the conference is one that Apple shares.

You're absolutely right, and I use a Pixelbook and an iPad Pro for much the same reason. The cryptographic protections are great. (They'd be even more great if I could blow my own bootrom CA into the fuses.)

The phone-home is the issue, however. I've long understood the issue with certificate validity periods and the tradeoffs between short notAfter/frequent reissue and revocation check intervals.

The side effect is that it functions as telemetry, regardless of what the original intent of OCSP is or was. Additionally, even though the OCSP responses are signed, it's borderline negligent that the OCSP requests themselves aren't encrypted, allowing anyone on the network to see what apps you're launching and when.

Many things function as telemetry, even when not originally intended as so. The intelligence services that spy on everyone they can take advantage of this when and where it occurs, regardless of intent.

It's not worth putting everyone in a society under surveillance to defeat, for example, violent terrorism, and it's not worth putting everyone on a platform under the same surveillance to defeat malware. You throw out the baby with the bathwater when, in your effort to produce a secure platform, you produce a platform that is inherently insecure due to a lack of privacy.

PS: The platforms, even with all of their cryptography, aren't nearly as secure as you'd like them to be: https://www.schneier.com/blog/archives/2020/10/new-report-on...

Having OCSP encrypted would cause a chicken and egg problem... OCSP is supposed to validate a certificate, but how do you check the validity of the certificate if the OCSP endpoint also requires validation?
Use plaintext to verify OCSP certificate first?
You could ignore the validity of the TLS certificate when checking OCSP. That way, passive listeners are foiled, and only active MITM would be able to see which certificates you're checking. It's better than HTTP plaintext, which is how it works now.

Most of the bulk surveillance, pattern-of-life IC stuff is passive, not active.

Ultimately, though, I should be able to opt out of app/binary signing (and associated certificate checking) entirely if I so desire, ideally with a preference setting, or at least with Little Snitch. It looks like I'm going to have to compromise platform security overall to disable it, or use external network filtering hardware.

Additionally, it seems excessive to check every time. Checking once a day would be enough (if it needs to be global and immediate, Apple could push a kill hash to Gatekeeper as I understand it). The volume of queries would greatly exceed the size of getting the updates to the CRL every day (or hour!). Indeed, OCSP stapling is a cache of the signed proof of validity.

It also seems like a bloom filter could be used instead.

It really points to Apple being quietly satisfied to have this massive stream of usage data. And available every ISP and snooper along the way too.

I don't think that snooping on the connection explicitly reveals what app is being being launched - it just reveals the identity of the developer that signed it. But I agree that if the developer only has one App, then it does sort of give the game away.

Yes, and DNS is another example of Telemetry. What is google doing with the data they get from their DNS services?

I have in the past examined other devices - A QNAP NAS for example, phones home, sending the last part of the device MAC address. It did this once a minute from when it was turned on. I stoped using it - I do not know if this has changed in recent QNAS versions.

This all sounds well and good. But why not just use signed binaries? Have a user editable keystore that includes the accepted signatures. The default would be apple, installing chrome would require accepting the Google signature, photoshop would require the adobe key. Then users could add their own for brew, firefox, or whatever community software they would use.

This would give good protection against hackers, and not require uploading a signature for every binary run.

Mac users can already add any certificate to the Apple keychain and authorize them for code signing. The outage today, which what was being written about in the article, was caused by the OCSP.APPLE.COM service not responding. The OCSP service was likely being used to validate if an Apple Developer certificate was still valid.

Operating a "trusted" Certificate Authority generally requires operating under some rules. For example, the "Certification Authority Browser Forum" requires operating a CRLs (now considered bad) or a live OCSP endpoint.

Let's Encrypt does this, as does every other certificate issuer.

As is being discussed, separate OCSP is bad from a privacy standpoint - if a check of OCSP is being made, it gives telemetry on if you are trying to validate a certificate. If you can see the traffic it does reveal the certificate being checked.

FWIW, there is an OCSP Stapling method of attaching "recent" OCSP responses inside of TLS requests so that a TLS client doesn't have to make a separate request to an OCSP service.

Actually, Firefox is going to start sending a CRL 4x daily in lieu of OCSP.

Chrome hasn't supported OCSP since 2012, and publishes CRLSets instead.

OCSP is considered bad by at least Chrome and Firefox due to leaking side channel information in exactly the way the article describes.

https://blog.mozilla.org/security/2020/01/21/crlite-part-3-s...

https://www.imperialviolet.org/2012/02/05/crlsets.html

And for websites, there's a better way to do OCSP. The web server using the certificate can get an OCSP response for itself (usually once every few minutes) and attach it to all TLS handshakes for that same domain ("OCSP stapling"). That way, clients get an up-to-date OCSP response, but without having to reveal their browsing behavior to the OCSP server.

Unfortunately, there is no obvious way to carry over this behavior to application binaries, since we're not dealing with a client-server architecture here.

In other words: "The computer isn't yours it belongs to either the OS creator or the malware creators - choose your poison".

Myself I still have some hopes and use QubesOS - I hope they find a business model for it.

They aren't, since they are proprietary software. And taking into account Apple's history, and "proprietary software in a relative position of power", such as the ones we have keeping tabs on our entire lives, chances are quite against users at best.
So what? There are risks everywhere in life. You buy a new car and you decide to go on a road trip and there is a dangerous road ahead. The car company should stop your car remotely?
When you are driving a car, the dangers you encounter are immediately perceptible, and your driver’s license means you specifically trained for and are certified as able to deal with them.

With our laptops full of PII, corporate secrets, cryptocurrency wallet keys and so on, without proper security measures one can be taken advantage of without detection over long periods of time, and only a tiny percentage of the user base can adequately assess potential attack vectors (even the scope of possible damage is not intuitively obvious).

There may be issues with specific implementations, and the degree of trust one has to put in their device’s manufacturer could probably be lower, but without those measures a typical user would be like a 5-year old driving a Ferrari on a winding mountain road. Yes, I’d be okay if my car automatically stopped before a cliff that I couldn’t see even if I drove right into it.

(comment deleted)
I think this is complete FUD to be honest. There is a war on the market due to economic incentives. There are some criminals, but they don't target your workstation specifically.

Previously a hacker might have gotten access to your computer and maybe you had a keylogger, which could compromise you to a great deal. Today you have so much of your info not on your local device that you have countless additional attack vectors. Where do peoples info get leaked? In cloud services mostly.

edit: And of course your info is not safe. The programs you run get send to Apple. That is nothing else as a data leak.

> For me, Apple products really are designed to protect my personal information.

For me, the cost of "protecting my personal information" is too high.

And the government is designed to protect you but it can also come after you.

If you are not going to allow "malware" on your computer, you're giving the power to Apple to label anything they don't want you to run as "malware".

They already have a walled garden on the phones and tablets, which has greatly benefited them. They can deny anyone access to publish software and they have exhibited everything that is obviously anti-competitive.

Now, they're bringing it to laptops.

Honestly, I don't see anything happening to Apple anytime soon. They're way too well off and they have very important government officials in their pockets. The best thing that may happen will probably come from the outside... like the EU antitrust investigation that is going on. Even so, it's not going to stop, not anytime soon anyway.

>In the background there is a war going on, but it isn't what you think. It is a war between malware creators and OS creators.

No, this is _exactly_ the war we think. It is a war between Apple and malware over control of _my_ personal(!) computer.

At this point both malware and Apple leak personal data from _my_ personal computer. So from the perspective of controlling MY personal computer they are both malware and differences are neglectable if I do not even have a choice to install my own OS.

Secure boot is secure if I(!) can secure it, not Apple or any other external authority.

>For me, Apple products really are designed to protect my personal information.

Apple products designed to get _control_ of your personal information from you and thus to control you and your behavior.

Computer is no longer a "Personal Computer" with all of these developments. It's simply a termianal of some big machine where your 'personal' space isn't even really your personal.

Probably it is a good idea to recall what "Personal Computer" meant and what it should mean.

For me it is My control over My computer and My data if I wish to, and this a minimum for My privacy.

And privacy is a minimum for society respecting freedom and rights of a person.

All of this is really like R. Stallman predicted.

My control over My computer and My data

How much private entities get to shape this stuff is a sensible concern but this sort of absolutism is how pretty much nothing actually works. You can't drive an unsafe car on public roads. You can't build an unsafe house, even on "your" land, etc. It's not crazy to regulate what kind of computer you can put on the public network.

It has nothing to do with absolutism, we are talking about basic human rights for privacy, massively disrespected recently. That fact though doesn't make them less valueable, relevant or required for the free society to function.

May be for you it's not even crazy to regulate what kind of paper person uses for own notes because who knows, may be he will bring those notes to the public one day. But for me this communist and totalitarian way of disrespect to personal rights and freedoms is crossing the red line. I've been in such situations and I saw in person the results of such disrespect therefore I think those who are willing to attack personal freedoms should learn some history and shouldn't be surprised about what people can do to protect their freedoms when words do not work.

No, you're trying to elevate some flaky security feature to a debate about human rights. It's not particularly meaningful or conducive to any kind of insight because once you make that jump, you just get to fulminate endlessly about principles and oppression. It's like starting to recite the Universal Declaration of Human Rights every time you stub your toe instead of just saying 'shit!' and thinking about maybe moving that table out of the way.
The broader topic is a debate about human rights that's actively being fought in elections, parliaments, and courts. The right to privacy and the right to repair, for example, and a nascent debate about the right to run whatever software you choose.

"Your computer isn't yours" is a powerful way to express the essence of those debates. Who has the right to do what they want with a computer, the company that built it or the person who owns it?

Software signing is admittedly a relatively minor battle in that war, but it's not completely separate from the broader issues.

>you're trying to elevate some flaky security feature to a debate about human rights.

It is not a "flaky security feature" It is a main thing that defines who controls the personal computer.

Accessing and controlling Personal Computer with personal notes is the same as accessing and controlling personal notes written on paper.

There is no elevation here from my side, it is literally about human right for privacy and I am not the one who tried to elevate the issue to unrelated areas like cars and houses.

It is a main thing that defines who controls the personal computer

It's a flaky feature that people had a workaround for in minutes. Nobody lost control of their computer.

There is no elevation here from my side, it is literally about human right

My secondary school had a bigass Universal Declaration of Human Rights mounted on a wall behind plexiglass. Whenever I got detention I'd protest citing Article 9. At 12, this seemed both funny and trenchant commentary on my predicament.