This page was updated yesterday to remove the following text from the final section, which was added in November 2020:
In addition, over the the next year we will introduce several changes to our security checks:
• A new encrypted protocol for Developer ID certificate revocation checks
• Strong protections against server failure
• A new preference for users to opt out of these security protections
The macOS appocalypse was a really shocking moment -- it was so disappointing to learn that despite the privacy marketing shtick, macOS engineers chose to have Macs phone home sensitive data in an seemingly aggressive way, with no opt out. Now in 2023 the fact that "a preference for users to opt out of these security protections" never materialized, and the copy just disappeared from the website, is quite disappointing. Great write up here [0] - thanks @lapcat!
Anecdata: Ever since that day I've blackholed ocsp.apple.com/ocsp2.apple.com at the DNS level, and all my Mac apps have launched just fine since.
If anyone at Apple reads this, I want to be given the choice. Warn me, stuff the setting into whatever plist -- whatever, but give me the choice.
Frankly for a company with Apple's resources, it's hard to believe the OCSP test suite somehow didn't consider half-open TCP connections. If a global catastrophe like that can happen once, it can happen again - which is why, in addition to the clearly negative privacy implications, Apple should give users who care a clear opt-out.
What Apple probably doesn't want you to know is that you can also run these two commands to disable the notarization requirement, effectively reverting your security level to non-paranoid pre-Catalina:
This reveal add and select a third option, "any source", under "allow applications downloaded from".
The setting will still occasionally reset after installing some system updates because it's 2023 and computers these days are extremely unreliable when it comes to remembering user preferences.
Broadly speaking, as a developer you should expect that none of your users will have disabled those protections and your release plan should have notarizing as a step.
Asking users to disable system protection, or at the very least fiddle with system settings is a non-starter.
> as a developer you should expect that none of your users will have disabled those protections and your release plan should have notarizing as a step.
I don't want to spend $99/year for the rest of eternity for the privilege of having a slightly less scary warning when my users run my app for the first time. Thus, the readme for the one macOS app I made that has gained a bit of popularity instructs users to right-click, then select "open". Works reasonably well so far.
I would absolutely have embraced notarization if it was offered for free. Otherwise it feels like straight up extortion.
Apple is probably lucky that so few people use Macs, because the EU would have a field day with this notarization bullshit if they'd managed to get a 10% market share on computers.
Yet somehow, Windows 10 and 11 are dripping with contempt for the user, but the EU still hasn't acknowledged that as an antitrust problem worth investigating. Their insistence on pushing users into Edge alone should be enough IMO. Stuff like Edge "accidentally" opening on startup and some links "accidentally" opening in Edge instead of your default browser and your default browser setting getting "accidentally" reset to Edge and the taskbar shortcut for Edge "accidentally" reappearing.
It doesn't matter which engine it uses if it does a lot of stuff to represent Microsoft's own interests. Data collection, Bing integrations, other bullshit features like offering loans in payment forms (I remember reading about that), etc
>Yet somehow, Windows 10 and 11 are dripping with contempt for the user, but the EU still hasn't acknowledged that as an antitrust problem worth investigating. Their insistence on pushing users into Edge alone should be enough IMO.
At this point, I'm not sure it's worth investigating. This isn't the 90s when everyone was running application software directly on their PC; now everything is done in the cloud or through your web browser somehow. I honestly find it funny when Windows users have all kinds of agony because of that "contempt" you refer to; if they don't like it, they're free to switch to another OS. I've been watching this for over 25 years now but people just won't give up Windows, even when they only use it for web browsing, so I've lost all sympathy for them, even though the Windows user experience keeps getting worse.
Play Store account cost me $25 as a one-time fee and that does the job of keeping the junk out just fine. There's no good reason why it has to be a recurring payment.
> can write off as a business expense, and hopefully make back with software proceeds.
That's if your software involves money. Mine doesn't — it's all pure altruism. I just want to put my stuff out there for other people who might want it.
> The setting will still occasionally reset after installing some system updates because it's 2023 and computers these days are extremely unreliable when it comes to remembering user preferences.
The sudo touchid mod gets reset so often now that I've stopped bothering with it. Ok, you win apple!
I try this occasionally and always disable it again. For some reason I find the fingerprint sensor is far less reliable for this particular use case. When I try to authenticate, I have to try repeatedly to get it to recognise my fingerprint. I know it’s the same hardware and software doing the matching, so it doesn’t really make any sense to me.
I don't use sudo that much either, but it was always one of those things that was fun to adopt because it was theoretically a one time change. Set and forget. Once Apple started to update the OS more frequently, I stopped bothering trying to keep up with the resets. Thankfully this annoyance is fixed!
I was just thinking that I should make a shell script with these commands and the touch ID one and add it as a login item. Sudo shouldn't be a big deal, just set the owner to root and set the SUID bit.
I did find that online, but unfortunately it did not help. :(
I'm not sure if this is because that info is out of date, or due to some other issue specific to my work machine and what the org has installed/configured on it.
I don't want to necessarily disable it. What I do want is to be able to click "yes yes, I don't care this time / ever for this binary, fuck off." I don't even mind if you make me fingerprint auth for it.
What drives me insane: the inconsistent/invisible functionality around this stuff. In Ventura, if you double-click an unsigned app, it won't run, with a big scary message that it cannot be verified.
...except if you right-click and select "open", you can now click on a button that lets you run the app anyway.
This is not remotely obvious or even indicated in any way. There's nothing that explains this to the user, nada. It just behaves differently if you select "open" instead of double-clicking.
How on earth that compliant with Apple's human interface guidelines?
Making the option that bypasses the security measures less obvious is a feature. This is a case of assuming that developers are Apple’s model user when it’s non-developers who are likely to install “Macsweeper” because a popup ad told them they had a virus.
Additionally, discoverability is relative to experience: I’m a developer and, as such, I can be assumed to know about right-click menus. So putting something there that’s more intended for me _is_ designing a discoverable user interface.
That you can right-click is not surprising. That's not the major thing to be discovered. The major thing to be discovered is that the behavior, which intuitively, should be identical, is silently different.
That feels like such an understatement to me. macOS seems almost uniquely undiscoverable in my experience.
But this makes me curious! What versions of Mac OS nailed discoverability and how? I'd love to look at old videos and/or emulate hardware for them and play around.
Sometime at or after OS X, the industry pivoted to surprise and delight instead, and so did Apple. (Not sure who pioneered it.)
This feeds in well with the whole "cult of apple" thing, since to use the laptop / phone, you have to get other users to show you cool non-discoverable tricks. Take this article explaining basic functionality in Finder for example:
I've been using OS X for about 10 years, and didn't know half that stuff.
Instead, I know just enough Mac OS CLI to know to avoid macports and brew, and to instead use a hypervisor or ssh to a machine with a reasonable filesystem layout.
Here's an article plugging surprise and delight. I'm not a fan, so I'm not going to try to enumerate its purported advantages:
FYI, you can add whatever developer tool you use as an exception to privacy and security rules under "Developer Tools" in the "Privacy and Security" settings. I added my terminal emulator and it seems to let me run prebuilt, unsigned binaries without any annoyances.
Anyone else remember a while back when the notarization sever went down and basically every internet connected Mac on the planet suddenly couldn't open ANY application?
Microsoft has had digital signing with Authenticode certificates for ~20 years now but they didn't give it a fancy name like "notarization" so nobody cares.
"Safely" is strong language that implies software digitally signed by Apple does not contain malware. In my experience, their system is more a sieve than the condom it purports to be.
> If macOS detects that software has been modified or damaged, your Mac notifies you that the app can't be opened. The app might be broken or corrupted, or it might have been tampered with.
Wow, this is a big TIL! Until now I thought all cases of "damaged" had to do with something like bad/incomplete build or wrong architecture. Now it seems like any of them could've been attempts to deliver malware from possibly infected hosts.
Don't give up if you misplaced your Bitcoin. Assistance is accessible. Computer specialist Recovery can assist you in recovering your Bitcoin if you contact them right away. Although there is no assurance of success, Computer specialist Recovery has a successful track record. After seeing your website through a Google search, I made the decision to phone you. Your expertise and professionalism immediately wowed me. You patiently responded to my questions while carefully outlining the recuperation process. Your dedication to client satisfaction also struck me as admirable. You never hid anything from me and always kept me informed of your progress. I value your existence, therefore please accept my gratitude to Computerspeciallist@engineer.com whtsapp +393512018070
60 comments
[ 1.3 ms ] story [ 439 ms ] threadDone.
> Strong protections against server failure
Unknown, but presumably done.
> A new preference for users to opt out of these security protections
Never done. Apple lied.
https://lapcatsoftware.com/articles/ocsp-privacy.html
The macOS appocalypse was a really shocking moment -- it was so disappointing to learn that despite the privacy marketing shtick, macOS engineers chose to have Macs phone home sensitive data in an seemingly aggressive way, with no opt out. Now in 2023 the fact that "a preference for users to opt out of these security protections" never materialized, and the copy just disappeared from the website, is quite disappointing. Great write up here [0] - thanks @lapcat!
Anecdata: Ever since that day I've blackholed ocsp.apple.com/ocsp2.apple.com at the DNS level, and all my Mac apps have launched just fine since.
If anyone at Apple reads this, I want to be given the choice. Warn me, stuff the setting into whatever plist -- whatever, but give me the choice.
Frankly for a company with Apple's resources, it's hard to believe the OCSP test suite somehow didn't consider half-open TCP connections. If a global catastrophe like that can happen once, it can happen again - which is why, in addition to the clearly negative privacy implications, Apple should give users who care a clear opt-out.
[0] https://lapcatsoftware.com/articles/ocsp.html
The setting will still occasionally reset after installing some system updates because it's 2023 and computers these days are extremely unreliable when it comes to remembering user preferences.
Broadly speaking, as a developer you should expect that none of your users will have disabled those protections and your release plan should have notarizing as a step.
Asking users to disable system protection, or at the very least fiddle with system settings is a non-starter.
https://support.google.com/chrome/thread/15235262/chrome-upd...
And Apple isn’t immune either. There was a bug in the iTunes installer where it would erase files if there was a space in the name of the hard drive.
Then some companies are just evil.
https://www.zdnet.com/article/zoom-defends-use-of-local-web-...
I don't want to spend $99/year for the rest of eternity for the privilege of having a slightly less scary warning when my users run my app for the first time. Thus, the readme for the one macOS app I made that has gained a bit of popularity instructs users to right-click, then select "open". Works reasonably well so far.
I would absolutely have embraced notarization if it was offered for free. Otherwise it feels like straight up extortion.
Which it is
At this point, I'm not sure it's worth investigating. This isn't the 90s when everyone was running application software directly on their PC; now everything is done in the cloud or through your web browser somehow. I honestly find it funny when Windows users have all kinds of agony because of that "contempt" you refer to; if they don't like it, they're free to switch to another OS. I've been watching this for over 25 years now but people just won't give up Windows, even when they only use it for web browsing, so I've lost all sympathy for them, even though the Windows user experience keeps getting worse.
windows is/was laden with malware, requiring antivirus, just full of crap for decades.
Now in the DMA/DSA times, things are different. It took them a couple of decades, but the EU is starting to take action.
In that sense yes that is understandable.
As an American developer, $99/year is something I can afford, can write off as a business expense, and hopefully make back with software proceeds.
It should be noted, keeping the bar annoying but not prohibitive with a token fee does cut down on both junk submissions and malware.
> can write off as a business expense, and hopefully make back with software proceeds.
That's if your software involves money. Mine doesn't — it's all pure altruism. I just want to put my stuff out there for other people who might want it.
That’s what you see. Users see it differently. I’m not running random exes on my computer. Even package managers are run in containers and VMs
The sudo touchid mod gets reset so often now that I've stopped bothering with it. Ok, you win apple!
Uncomment, copy it over the default file, win.
Far less hidden.
https://mastodon.social/@StrangeNoises/110910261899874868
Glad I could help. It ran through my feed today by chance.
I love Touch ID in general on this Mac. This just didn’t do anything special for me, so I never really adopted it.
I'm not sure if this is because that info is out of date, or due to some other issue specific to my work machine and what the org has installed/configured on it.
What drives me insane: the inconsistent/invisible functionality around this stuff. In Ventura, if you double-click an unsigned app, it won't run, with a big scary message that it cannot be verified.
...except if you right-click and select "open", you can now click on a button that lets you run the app anyway.
This is not remotely obvious or even indicated in any way. There's nothing that explains this to the user, nada. It just behaves differently if you select "open" instead of double-clicking.
How on earth that compliant with Apple's human interface guidelines?
Apple stopped emphasising discoverability a long time ago.
But this makes me curious! What versions of Mac OS nailed discoverability and how? I'd love to look at old videos and/or emulate hardware for them and play around.
https://i.stack.imgur.com/bdY7i.jpg
Sometime at or after OS X, the industry pivoted to surprise and delight instead, and so did Apple. (Not sure who pioneered it.)
This feeds in well with the whole "cult of apple" thing, since to use the laptop / phone, you have to get other users to show you cool non-discoverable tricks. Take this article explaining basic functionality in Finder for example:
https://www.lifewire.com/use-mac-finder-2260739
I've been using OS X for about 10 years, and didn't know half that stuff.
Instead, I know just enough Mac OS CLI to know to avoid macports and brew, and to instead use a hypervisor or ssh to a machine with a reasonable filesystem layout.
Here's an article plugging surprise and delight. I'm not a fan, so I'm not going to try to enumerate its purported advantages:
https://medium.com/@davidporretta/surprise-and-delight-in-ux...
(Begrudgingly sent from an apple device.)
You get a different dialog box with an option to open the file and this saves a lot of clicking.
By that definition, as convenience goes to zero, then availability, and therefore security goes to zero too.
"Safely" is strong language that implies software digitally signed by Apple does not contain malware. In my experience, their system is more a sieve than the condom it purports to be.
Wow, this is a big TIL! Until now I thought all cases of "damaged" had to do with something like bad/incomplete build or wrong architecture. Now it seems like any of them could've been attempts to deliver malware from possibly infected hosts.