I think Apple struck an excellent balance with Gate Keeper. Your average user can’t run random software they accidentally download from shady sources, but yet it’s easy enough for power users to get around if they’re willing to accept the risks.
If Apple ever takes away the option to run software that hasn’t been notarized then I’ll feel differently.
Apple has been pretty clear in that they consider Macs to be in a wholly different category of devices than iPhones, iPads, Apple Watches, and Apple TVs. It's why they bothered to make booting arbitrary operating systems a publicly accessible feature on M-series Macs, which they absolutely didn't have to do, with the iPhone/iPad having served as the basis of M-series Macs.
Strictly speaking, Apple doesn't have to do anything. They're judged against the quality of their prior products though, and prior Macs have worked well with an unlocked bootloader. If Apple threw that feature away (like the headphone jack or 32-bit software), then it would have been noteworthy, but it's not. You're ascribing goodwill to something as simple as a non-removed feature.
Whatever the case is with Macs, regulators at-large don't seem to agree with Apple's product segmentation. If they want to distinguish iPhones from Macs, they'll have to find a way that doesn't undermine user authority.
There are many known instances where malware from shady sources has been notarized.
Anyone in the world with $99 can join the Apple Developer Program, and Apple's automated malware checker is not that great.
Moreover, any innocent appearing app can download another app and run it without having to go through Developer ID or notarization, so the whole thing is security theater.
What it mostly provides is a revocation mechanism, which in itself is relatively powerful. On top of that, there is the notary mechanism which further strengthens the option of creating a digital immunity system. The main issue is the balance between security and usability, which is not something that is perfectly solved within a single decade.
It's certainly an improvement, but in the end it ends up like the "type in your password to continue installation".
If an app is not notarized, you can right click and open it.
Do either of these enough, and it becomes automatic. Back in the day, on Windows, pretty much everything out of the box had to be installed "as admin". Even the most mundane apps required admin. Folks just routinely simply logged in as "admin", giving every random app privilege, make the limitation effectively pointless.
Many apps on the Mac require an admin to install them. It's not universal, like it seemed to be on Windows, but many apps require admin. It's not a leap to blindly right click on a new downloaded installer, and type in your password to install it. Or "<App> wants to access removable media" "OK!"
We're conditioned to just click through these warnings because, honestly, we just want the software, and we just want it to work. We don't want to interview everything as a hostile party.
Just the other day I tried installing a custom Webcord build to fix "select all" on macOS (https://github.com/SpacingBat3/WebCord/issues/319). Surprisingly this time, right-click and open didn't make the "app corrupted" message go away, and I had to disable Gatekeeper entirely to install the package.
I find the command `xattr -r -d com.apple.quarantine SomeApp.app` goes a long way toward fixing many gatekeeper problems. For some reason, the right click often fails for me.
Supposedly the right click method only works if you have already attempted to open the app a normal way, and gotten the "error" message. Only then can you right click to open anyway.
Ventura is a 150 year old city where 100k people live. I know this is HN, but can we not let mega-companies capture names like this? "macOS Ventura" is far clearer.
macOS Ventura is the official name. The linked site is a Mac blog so they omitted the prefix. Your anger should be directed at hn policy for requiring original headlines at the cost of clarity, not Apple or the Mac blog
I had no idea what it was about. I don't keep MacOS version names in my head. I assumed it was the name of a company. "Mac" somewhere in the title would have been very useful.
Why? Macintosh is a kind of apple. Apples are fruits. Quarantine is a public health protocol. Surely we need to make it "Operating system for Cupertino (California)-based 'Apple Computer Inc.' computers version 13 changes app privilege management scheme with new xattr". Way better.
This thread is hilarious. I'm very familiar with xattr, but as somehow who chooses not to use an proprietary OS, whose proponents whine about constantly here, I had absolutely no idea what this would be about until I read comments.
I thought maybe Ventura was a sandboxing platform or tool or something.
But no apparently I'm an asshole or idiot for not keeping up with annual releases of a niche os. Jokes on jokes.
Surely you also need to specify that these are said operating system's extended attribute feature and not the generic and platonic ideal for extended attributes? A reader might get confused and think this applies to Linus's Unix Which Is Not Actually An Unix.
This is such a lazy take. It only takes one word to impose context on the rest of a sentence. MacOS is all you need. Not everyone pays attention to Apple's computers. I only this year realised their OS is no longer called OS X, for crying out loud.
There is very little reason to pay any attention to MacOS unless you actually use it.
Wait, which California are you referring to? There's three, California in the US, and then Baja California, and Baja California Sur in Mexico. There are also quite a few in the UK, not to mention California, Ohio, California, Pennyslvania, and California, Missouri. Don't forget California, Trinidad and Tobago, or California, Ubay, Bohol, Philippines; California, Ontario, Canada, California, Paraná, Brazil; California, Santandet, Colombia.
Hang on, I just realized that I'm assuming you're referring to a place. There's also the movie California, a movie from 1927, 1947, 1963, and 1977. There's also the rock band by that name, a Blink 182 album, a Diplo EP, and a Joni Mitchell song. The California is also a US Navy ship, maybe you meant that one?
Please help, I'm very confused. Which California are you referring to? I'm sorry but this conversation simply cannot continue until you clear that up. If it's the California Nebula, I must admit though that I've yet to visit, though the pictures look lovely this time of year.
In the original context of a Mac-focused blog, I think it makes sense. On HN though, I have to admit I had no idea which it was because of the way it's worded. If the subject was "Apple" or "MacOS" then it would read much nicer imo.
> Ventura is a 150 year old city where 100k people live. I know this is HN, but can we not let mega-companies capture names like this?
Ventura is 5 different cities, two different municipalities, hundreds of people, a racehorse, at least one freeway, two planes, a ship, a car, a bus company, a guitar brand (defunct), an engine, a film festival, a design show, three albums, two songs, and two bands. And an OS codename. The exclusivity you're claiming never existed, and the name capture either doesn't either, or is a long-done deal.
Hell, the name of the city you're talking about isn't even Ventura, it's San Buenaventura.
If "app quarantine" and "xattr" make you think somebody is referring to a city, racehorse, or band, I'm not sure the allowed size of titles on HN is sufficient to disambiguate. And I don't think many HN title make the cut either.
> Ventura, officially named San Buenaventura, was founded in 1782 when Saint Junipero Serra established Mission San Buenaventura, the ninth of the California missions.
> Ventura, officially named San Buenaventura, was founded in 1782 when Saint Junipero Serra established Mission San Buenaventura, the ninth of the California missions. Serra named the mission after the Italian Saint Bonaventure, hence the nickname that Ventura is the “city of good fortune.”
So I would be nicer in general but also take this as a distraction from the main point that tech companies shouldn’t squat on human names. The geographic names will be around long after the OS version is obsolete. I know multiple Alexas and a Siri who will be quite happy if Amazon and Apple rebrand, too.
Please don't be an asshole in HN comments, regardless of how mistaken someone else is or you feel they are.
If you know more than someone else, that's great—but then please share some of what you know, so the rest of us can learn (https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...) - and please drop the putdowns! It's not what this site is for, and destroys what it is for.
I wish these internal behaviors of macOS were documented somewhere. A lot of these security features are pretty neat, but developers have to use trial and error to figure out how they work.
If something doesn't work, we have to wonder if it is by design or by accident, and the only way to know is to use a tech support incident, hope it gets escalated to the right person, and see if you get an answer.
Every year I worry if Apple breaks something in one of my apps, and when they do I have to scramble to find a workaround that hopefully doesn't impact my users.
If I'm not mistaken, the point of internal (private) elements and public parts is exactly that: the vendor doesn't need to maintain a public interface for the parts you're not supposed to touch. So as long as you don't use them, you should be safe.
There are of course different problems in the realm of changing public APIs and that just sucks. On the other hand, it sucks less than having 3 decades of baggage that nobody really asks for.
The problem is when those internal changes break existing apps that never intended to depend on Apple internals.
When it happens it's really frustrating to try to figure out why the app suddenly doesn't work as expected any more and what to change to make it work again.
And as a user trying to know how your computer works, you are totally hosed until a year latter someone deep-dives & writes it up.
This article shows clear cases where this crude idea just doesn't work. And it seemingly serves no clear purpose at all right now.
This idea that the vendor's OS is their to do whatever they want with, that they have all rights reserved & anything not announced is 100% caveat emptor, good luck, is a really really shitty & corporate-egoistic way of dealing with the world. There should be a greater than 0 try here, to make things make sense.
And yet y'all keep on the platform as if there aren't alternative.
But somehow countless random hours here and there, countless time over years complaining about it, is all somehow worse than learning the basics of a distro that really just doesn't take that much work when all aspects are truly considered, devoid of the 20+ years of familiarity and stockholm syndrome.
I didn't know about extended attributes before this, but also I grew up with Windows and now Linux and just haven't run into them.
Do people other than the OS tend to use these? Are they well-trodden and portable between OS's? I've seen Unity's .meta files and kind of haten them but assumed they were sort of the "the way"
> I didn't know about extended attributes before this, but also I grew up with Windows and now Linux and just haven't run into them.
The somewhat similar mechanism on Windows is Alternative Data Streams. ADS are like named subfiles below your main file. If you squint pretty hard, unix xattrs look kind of similar -- they're also named binary objects attached to files. But xattrs are typically limited to much smaller amounts of data due to implementation details, and are also namespaced with some sort of integer enum (on Linux, "user" and "system" are common).
I would not really assume they're a portable construct, although commonly used unix-likes (Mac and Linux) both support them in their most popular filesystems.
One of the most popular ADS is probably the Zone.Identifier [1][2] which is how Windows knows if the program you're trying to run was downloaded from the Internet.
68 comments
[ 3.5 ms ] story [ 125 ms ] threadIf Apple ever takes away the option to run software that hasn’t been notarized then I’ll feel differently.
my opinion of apple would change drastically if they let me run my own software on ios. Heck, I can't even access my full filesystem on ios.
(EDIT: without asking permission, let alone paying or renewing a cert)
Strictly speaking, Apple doesn't have to do anything. They're judged against the quality of their prior products though, and prior Macs have worked well with an unlocked bootloader. If Apple threw that feature away (like the headphone jack or 32-bit software), then it would have been noteworthy, but it's not. You're ascribing goodwill to something as simple as a non-removed feature.
Whatever the case is with Macs, regulators at-large don't seem to agree with Apple's product segmentation. If they want to distinguish iPhones from Macs, they'll have to find a way that doesn't undermine user authority.
Anyone in the world with $99 can join the Apple Developer Program, and Apple's automated malware checker is not that great.
Moreover, any innocent appearing app can download another app and run it without having to go through Developer ID or notarization, so the whole thing is security theater.
If an app is not notarized, you can right click and open it.
Do either of these enough, and it becomes automatic. Back in the day, on Windows, pretty much everything out of the box had to be installed "as admin". Even the most mundane apps required admin. Folks just routinely simply logged in as "admin", giving every random app privilege, make the limitation effectively pointless.
Many apps on the Mac require an admin to install them. It's not universal, like it seemed to be on Windows, but many apps require admin. It's not a leap to blindly right click on a new downloaded installer, and type in your password to install it. Or "<App> wants to access removable media" "OK!"
We're conditioned to just click through these warnings because, honestly, we just want the software, and we just want it to work. We don't want to interview everything as a hostile party.
</grouch-with-a-friend-named-Alexa>
> please use the original title, unless it is misleading
The policy appears to invite the adding of clarity. Ie, disambiguation in this case.
I thought maybe Ventura was a sandboxing platform or tool or something.
But no apparently I'm an asshole or idiot for not keeping up with annual releases of a niche os. Jokes on jokes.
There is very little reason to pay any attention to MacOS unless you actually use it.
Hang on, I just realized that I'm assuming you're referring to a place. There's also the movie California, a movie from 1927, 1947, 1963, and 1977. There's also the rock band by that name, a Blink 182 album, a Diplo EP, and a Joni Mitchell song. The California is also a US Navy ship, maybe you meant that one?
Please help, I'm very confused. Which California are you referring to? I'm sorry but this conversation simply cannot continue until you clear that up. If it's the California Nebula, I must admit though that I've yet to visit, though the pictures look lovely this time of year.
Ventura is 5 different cities, two different municipalities, hundreds of people, a racehorse, at least one freeway, two planes, a ship, a car, a bus company, a guitar brand (defunct), an engine, a film festival, a design show, three albums, two songs, and two bands. And an OS codename. The exclusivity you're claiming never existed, and the name capture either doesn't either, or is a long-done deal.
Hell, the name of the city you're talking about isn't even Ventura, it's San Buenaventura.
In California, Ventura CITY and Ventura county.
A simple Gooling negates the need for you to be so wrong in one comment.
Enjoy: https://www.cityofventura.ca.gov/ https://www.ventura.org/
> In California, Ventura CITY and Ventura county.
> A simple Gooling negates the need for you to be so wrong in one comment.
> Enjoy: https://www.cityofventura.ca.gov/ https://www.ventura.org/
From your first link:
https://www.cityofventura.ca.gov/594/About-Ventura
> Ventura, officially named San Buenaventura, was founded in 1782 when Saint Junipero Serra established Mission San Buenaventura, the ninth of the California missions.
> Ventura, officially named San Buenaventura, was founded in 1782 when Saint Junipero Serra established Mission San Buenaventura, the ninth of the California missions. Serra named the mission after the Italian Saint Bonaventure, hence the nickname that Ventura is the “city of good fortune.”
https://www.cityofventura.ca.gov/594/About-Ventura
https://visitventuraca.com/blog/when-san-buenaventura-became...
So I would be nicer in general but also take this as a distraction from the main point that tech companies shouldn’t squat on human names. The geographic names will be around long after the OS version is obsolete. I know multiple Alexas and a Siri who will be quite happy if Amazon and Apple rebrand, too.
If you know more than someone else, that's great—but then please share some of what you know, so the rest of us can learn (https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor...) - and please drop the putdowns! It's not what this site is for, and destroys what it is for.
https://news.ycombinator.com/newsguidelines.html
So you don’t have to worry about being sued over name infringement.
If something doesn't work, we have to wonder if it is by design or by accident, and the only way to know is to use a tech support incident, hope it gets escalated to the right person, and see if you get an answer.
Every year I worry if Apple breaks something in one of my apps, and when they do I have to scramble to find a workaround that hopefully doesn't impact my users.
There are of course different problems in the realm of changing public APIs and that just sucks. On the other hand, it sucks less than having 3 decades of baggage that nobody really asks for.
When it happens it's really frustrating to try to figure out why the app suddenly doesn't work as expected any more and what to change to make it work again.
This article shows clear cases where this crude idea just doesn't work. And it seemingly serves no clear purpose at all right now.
This idea that the vendor's OS is their to do whatever they want with, that they have all rights reserved & anything not announced is 100% caveat emptor, good luck, is a really really shitty & corporate-egoistic way of dealing with the world. There should be a greater than 0 try here, to make things make sense.
But somehow countless random hours here and there, countless time over years complaining about it, is all somehow worse than learning the basics of a distro that really just doesn't take that much work when all aspects are truly considered, devoid of the 20+ years of familiarity and stockholm syndrome.
Do people other than the OS tend to use these? Are they well-trodden and portable between OS's? I've seen Unity's .meta files and kind of haten them but assumed they were sort of the "the way"
The somewhat similar mechanism on Windows is Alternative Data Streams. ADS are like named subfiles below your main file. If you squint pretty hard, unix xattrs look kind of similar -- they're also named binary objects attached to files. But xattrs are typically limited to much smaller amounts of data due to implementation details, and are also namespaced with some sort of integer enum (on Linux, "user" and "system" are common).
I would not really assume they're a portable construct, although commonly used unix-likes (Mac and Linux) both support them in their most popular filesystems.
[1]: https://learn.microsoft.com/en-us/openspecs/windows_protocol...
[2]: https://devblogs.microsoft.com/scripting/powertip-use-powers...
They were originally introduced in Tiger, by the way. https://arstechnica.com/gadgets/2005/04/macosx-10-4/7/
Extended attributes have existed in Linux for many years and are used extensively in security controls.
The two most common examples are likely access control lists (ACLs) and SELinux contexts.
For the latter, many commands (mv, cp, ls, ps, etc.) have a -Z option to preserve or view the SELinux context associated with a file/process.