The headline is fairly misleading, and the article sloppily mixes actual fact with predictions stated as fact.

The reality: 10.8 by default only runs apps which were either downloaded from the App Store, with the iOS-style sandboxing that will require, or signed with Apple's new GateKeeper service, and otherwise a traditional Mac app.

Those who condemn this as a flagrant loss of freedom are lost in the philosophical weeds. The conventional wisdom before the iPhone was that native apps were all but dead anyway, and the browser was the future. The iPhone's App Store and attendant restrictions singlehandedly revived the concept of consumers installing software. Meanwhile, the Mac is gaining enough market share that it's now clearly a target for malware. Code signing is about as open as you can get while still tamping down nasty code (and let me stress again that GateKeeper is way more freeform than anything on iOS).

If there are alternate solutions to these issues, it would be fascinating to hear them. Otherwise, well, it's easy to criticize from the bleachers.

From the article:

> When Apple first unveiled the Mac App Store, many - including myself - were concerned what it would mean for the future of the general purpose computer. It felt like a first step towards losing control and ownership over our own computers, a dreaded future where everything we do on our machines is curated, tracked, and monitored by companies who want to squeeze ever more money from us, and governments who want to control us.

> We're allowing an entire generation to be raised with the idea that you do not own software, that you do not own hardware, that you are not allowed to tinker with the magic smiles machine. This is going to come back to bite us in the ass in the future, when we're going to be faced with a shortage of low-level, hardcore programmers.

In many ways, Richard Stallman has been right all along, and slowly, many of his fears are coming true.

Because Apple is the "Gatekeeper" of all software on the platform. They have full control over what goes in the app store, and what doesn't. No longer will you be able to go to a website and download some no-name-joe's software. It HAS to be on the app store. That's the direction it's going in. It has nothing to do with the cloud, being able to redownload your software, view source code, etc... It's about having the choice of what software you can and can't use being controlled by them.

> It HAS to be on the app store.

Last I heard, you can sign your app with a free developer key. It absolutely does not have to be on the app store. And there's a switch in system preferences that lets you disable this whole verification process altogether (or if you want don't want to disable it, but want to make an exception, you can right click on an executable and press 'open' or open it via terminal, instead of double clicking on it).

The HN post is mis-titled. You can still download and run signed apps under the default 10.8 configuration.

Appalling but I can't really fault them for responding to overwhelming incentives. Apple already gave their customers a chance to be treated like tool-using human beings, and the result was a decade of barely moving enough boutique desktops to keep their lights on. Now they basically emboss "suck it, consumer" along the rounded corners, and they're swimming in money. This move is an indictment of the people who demonstrably want to be treated like this, so when they get screwed by stuff their vendor chose not to let them do, make sure they realize it's their fault for opting in. Unlike Microsoft, Apple never conspired to keep competitors out of the market.

What is it about the "geek" mindset that makes one jump to the conclusion that this is part of a vast conspiracy, some cabal of OS vendors, to lock out hackers and prevent anyone from modifying their own machine? Isn't the simpler explanation that 99% of Mac users don't know, don't care how to install custom apps or homebrew, and would gladly have Apple restrict them to signed-apps-only if it means a significantly reduced chance of virus/trojan infection?

And you know what? If some day, for some reason, Apple does decide to lock out hackers and tinkerers from their systems, somehow I doubt Apple's stock-holders will lose any sleep over it. For all the kvetching that I frequently hear from the HN crowd at large about "let the market decide", it's surprising how quickly that attitude vanishes when "the market" decides against you.

(For what it's worth, there was a time when developers had to lay out far more than the average user for capable systems. It's only relatively recently that standard consumer machines could stand in for a dev box. I wouldn't be surprised if the future has developers, once again, paying premium dolar for hardware.)

The title is incorrect: OS X 10.8 (Mountain Lion) by default can only run signed apps. All appstore apps are signed apps, as are anyone who gets a free signing cert from Apple.

There is a setting to "only install Appstore Apps" but it is not the default.

This is completely unacceptable. With sandboxing, this destroys the freedom a user can have on a Mac. Time to abandon Macs.

The disingenuous article confused you. Only appstore apps need be sandboxed. Non-appstore apps can be signed ( a free process ) and have no restrictions on what they do.

Both signed and AppStore apps are runnable by default.

I'm curious how you figure sandboxing reduces a user's freedom?

Considering how much software is still not on the Mac App Store (notably Microsoft Office), the idea that Apple could shut off non-store software completely is pretty fantastical and unrealistic. At that point they lose me as a customer, for sure.

That said (and as a Mac fan), I don't like this move.

"...the idea that Apple could shut off non-store software completely is pretty fantastical and unrealistic."

Could or would? They could at any point. That's not what this (old) news says though. Gatekeeper requires application signing, which is entirely different than "shutting off non-store software completely." All App Store apps are signed by default, which is why the news makes this distinction.

"That said (and as a Mac fan), I don't like this move."

Please, ask yourself why. Reflect on it, because I think a lot of the apprehension is misguided.

App signing is a good thing. Developers have an entirely different set of needs from the general computing public. We represent a small percentage of said population. So why should computers be designed with defaults that suit us, when we have the ability to change them (easily)?

The Flashback virus should be a wake up call to those still clinging to the notion that the current situation is sustainable. It's not. Flashback would have been stopped by app signing. Even if a malicious signed app does make it through to the public, the ability to revoke their cert means you can take the app offline quickly.

This is good for the vast majority of computer users. Is it less open? Yes, but it's a step forward from a safety perspective. You have to choose your priorities. What we have now isn't working.

"by default" are the key words here. It is very easy to disable this behavior, if you don't want it. But, it is a good (read: relatively safe and secure) default to have for the average person.

Right I agree, defaulting to you don't know what you are doing and when you do, you will know how to shut this off is a good thing. A key part of Apple's success has to do with something Microsoft knew and did well back in the day, and that is he who has the development mind share wins. A lot of developers use Apple and if they lock it down entirely they will lose developers because most of us rely on some form of open tools which will not be available in the app store.

The HN post is misleadingly titled. If an app is signed, weather appstore published or no, it can run by default. Signing is free, takes a couple hours to sign up for, and has no restrictions on what your app does.

I'm amazed at the reactions here to this two-month-old article.

And still nobody on HN knows that you can turn gatekeeper off?

I think this Macbook Air will be my last Apple computer. I'm done with the company if they're going to play these kinds of games.

There is a slider. Signed OR Appstore apps are installable by default. Signing is free and takes about 2 hours, tops, to setup.

There aren't restrictions on what signed apps can do.

Or you could do like Torvalds and get a Macbook Air but install another OS on it. Criticize the software all you want, the hardware is still damn good and at the top of what you can get.

Regardless of whether you use OSX or not, when you buy a Mac you're still paying a great deal for OSX. It suprises me that Linus is prepared to fund OSX. I mean the guy is a genius and I'm sure he has good reasons, but my tiny brain does not comprehend it.

No, you really aren't paying a great deal for OS X. If you are buying a Mac because you like the hardware quality, then you should compare it to Windows machines of similar quality. If you were to do so, you would see that the Mac laptops are competitively priced.

Even if there was a few hundred dollar premium, keep it in perspective. How smart is it to be fretting over a few hundred bucks with respect to a tool that you will likely use for a year or two, for a significant % of your waking hours, and upon which you depend for your most of your income?

"You're still paying a great deal for OSX"

OS X Lion costs $29. Windows 7 costs $119-219, depending on which edition you get.

While it's possible to buy a machine without Windows, the selection tends to be quite limited, particularly for notebooks. Assembling your own from parts is an option for desktop machines, but again not really for notebooks.

The hardware is that much better. 2x the cost but you don't have to carry a damn crap-top around that weighs 4 or more pounds and blows a fan when you move a window.

That's fine, until they start requiring signed code just to boot. Apple started out in an environment like that; it wouldn't surprise me if they tried to get back to that.

What are you talking about? I never had any problem booting an Old World Mac with unsigned code. I've installed NetBSD on a number of PowerMac 7100s.

It was more the walled-garden approach Apple took throughout the 90s that I was referring to. The steps they took to ensure that they were the only ones who produced computers capable of running Mac OS -- moving critical bits of the OS to on-board ROMs; applying government pressure when necessary to prevent the manufacture of early Mac clones which used reverse-engineered ROMs; later destroying the legitimate Mac clone market -- are eerily similar, albeit technically inferior, to the things they're doing today to prevent people from running OS X on unauthorized hardware and unapproved apps on Apple devices.

Apple already contends that OS X can't legally run on generic PC hardware, and has already taken x86 Mac cloners to court over this and won, so they know they've got the law on their side when it comes to control of their OS, where it can run, and what can run it.

The next logical step is to take control of what can run on it. With the recent OS X "virus" scare, the issue has become all the more urgent, as the public's perception of its security has been damaged and a signed-app "solution" seems like the easiest way to restore confidence in it.

As far as requiring signed code goes, though, their other devices already all require it, so I'm assuming, based on their moves so far, that it isn't far off on the laptop/desktop end. That it's an option (on by default) in 10.8 makes me think that, one day, the option to run unsigned code in OS X will disappear entirely.

This is new?

This is not news, by the way, this is an editorial disingenuously disguised as news. It contains predictions that have to sound an awful lot like facts to any unsuspecting reader.

There is nothing wrong with predictions, just don’t pretend they are not.