They send a hash of the binaries/libraries, and generate a cache locally so it's not sent again. That helps stop you from running tampered-with binaries and frameworks. No user-personal data is sent.
There is no evidence at all that they are trying to ensure you can only run things from the App Store - I run a whole bunch of non-app-store binaries every single day. To make that claim is baseless and makes me de-rate the rest of what you write.
There is always a trade-off between privacy and security. This still falls well under the Google/Android/Chrome level, or indeed the Microsoft/Windows level with its targeted ads, IMHO.
My understanding is that they keep a local file with known malware signatures, just like the malware scanners on every other platform.
> macOS includes built-in antivirus technology called XProtect for the signature-based detection and removal of malware. The system uses YARA signatures, a tool used to conduct signature-based detection of malware, which Apple updates regularly
Xprotect is a blacklist that runs locally and is rarely used.
The phone home functionality is notarization, where apple does a network call to check that the signature on an executable actually came from apple’s notarization process. It is in essence a reputation system, where developers must be on good terms with apple to have the ability to notarize and get a smooth install experience.
From what I had in mind, notarization is only done developer side before publishing. Client side it's just a check against Apple certificates to verify that the binary haven't been tampered since notarization, no phoning home should be involved. (Or maybe just to update Apple certificates).
They also check the developer certificate in the OCSP stage.
Both of these are mechanisms where apple can effectively lock out developers from having a smooth install experience for their software at their discretion.
1. Most users are not capable of using general purpose computing technology in a wild, networked environment safely.
2. Too many people who matter to ignore insist, "something must be done."
3. And so something shall be done.
4. Apple is navigating difficult waters. As much as I disapprove of how they have chosen a path for iOS, the fact is many people find those choices are high value.
5. I do, for the most part, approve of their choices for Mac OS. I am not sure how they prevent malicious code without maintaining some sort of information for that purpose.
6. We are arriving at a crossroads many of us have been talking about for a long time. And that means we will have to make some hard choices going forward. And how we all navigate this will impact others in the future for a long time.
Look at Microsoft! They are collecting everything! And they absolutely will work with law enforcement anytime, any day, almost any way!
I sure as hell want nothing to do with Windows 11. Most technical people I know feel the same way.
Screenies every 3 to 5 seconds? Are they high? Good grief! Almost feels like raw rape. Metaphorically, of course.
Then we have Linux. Boy am I glad I took the time way back in the 90's to learn about OSS, Stallman, read words from interesting people, Raymond, Perkins, Searles, Lessig, Doctorow, many others!
Linus did all of tech one hell of a solid and here we are able to literally dumpster dive and build whatever we want just because we can. Awesome sauce in a jar right there
, but!
(And this really matters)
...Linux just is not going to be the general answer for ordinary people. At least not yet. Maybe it will be soon.
It is an answer in the form of a crude check and balance against those in power. Remember the "something shall be done" people? Yeah, those guys.
And here we are back to Apple.
Now, given the context I put here, Apple has ended up really important. Working professionals stand something of a chance choosing Mac OS rather than be forced into Windows 11, transparent edition!
And Apple does not appear willing to work against their users best interests, unless they are both compelled to by law, and have lost important challenges to said law.
If you want that, your choices are Apple and Linux!
7. Open, general purpose computing is under threat. Just watch what happens with Arm PC devices and the locked bootloaders to follow just like mobile devices.
Strangely, I find myself wanting to build a really nice Intel PC while I still can do that and actually own it and stand some basic chance of knowing most of what it doing for me. Or TO ME.
No Joke!
As I move off Win 10, it will be onto Linux and Mac OS. Yeah, hardware costs a bit more, and yeah it needs to be further reverse engineered for Linux to run on it too, but Apple does not appear to get in the way of all that. They also do not need to help and generally don't. Otherwise, the Linux work is getting done by great people we all really should recognize and be thankful for.
That dynamic is OK with me too. It is a sort of harsh mutual respect. Apple gets to be Apple and we all get to be who we are and do what we all do with general purpose computers as originally envisioned long ago.
We all can live pretty easily with that.
So, onward we go! This interesting time will prove to be more dangerous than it needs to be.
If it were not for Apple carving out a clear alternative things would look considerably more draconian, I could and maybe almost should say fascist and to me completely unacceptable.
As someone who cut his teeth on computing in the era you refer to, I have a small disagreement about Linux (especially Ubuntu) in your statement.
Apple is priced beyond the reach of many "ordinary people" especially outside the western markets. A cheap (perhaps after market) laptop with Ubuntu on it (often installed by the seller) is something that has been getting a lot of traction among regular users. Most of the things they do are via. a browser so as long as Chrome/FF works, they're good. They often install software that undermines the security that the platform natively offers but still, it's a pretty decent compromise.
You know I decided to take my old note 8 for a test drive as a PC of sorts. Went ahead and purchased one of those USB 3 port bricks so I could hook up a nice display, keyboard, mouse, removable storage.
Samsung Dex popped up and it works mostly!
I found one could do quite a lot.
That is not the way I would go, but if I had to? Bring it! Plenty can be done, good skills learned.
> I run a whole bunch of non-app-store binaries every single day
if you are in the US, you need to either register as a developer, or register an apple id and register your app to run it for a week. that's how you run non-app store code. Both of those require permission from apple.
This is completely incorrect. You can download a random binary and execute it. You will get a warning dialog saying it’s not signed by a known developer. You are free to ignore that though.
Depends what you mean by fiddling. But I'm in the process of switching to mac from Linux because my new job has forced it upon me.
I tried installing "Flameshot" via homebrew and it wouldn't run until I went into Finder, right clicked it and clicked open. Luckily it's mentioned in their docs [0] or I would have never guessed to do this.
I use homebrew every day and have never encountered this. Sounds like an issue with how the software has been packaged.
I also notice two other installation options in your link that do not come with those additional instructions — which to me suggests with whatever they’re doing on homebrew.
If I were you, I would relax. At least you are not being shoved onto Win 11.
And then think about that. Seriously. I did. Have a few times off and on over the years as we sink into this mess.
I bet you find an OS that does a bit more than you may otherwise prefer to prevent trouble. If so, fair call in my book.
Just how big of a deal is that?
Compared to Android, Windows 10 and tons of network services and such and what they do not do FOR you, and instead do TO you.
And you can run a respectable and useful installation of Linux on that spiffy Apple hardware when it gets old. So make sure it gets old, know what I mean?
As someone that just got out of a gig where I had to run Docker on MacOS - for the love of god, I would have done almost anything to use Windows 11.
Look - if I'm going to be treated like garbage, advertised to and patronized, at least let me use the system that can run Linux shells without turning into a nuclear reactor.
It’s not “a big deal” if the user knows about, but the phrasing in macOS is maliciously bad - I sent a build from my machine to a coworker and when they “naively” ran it, the pop up that came up didn’t say “this program is unsigned” it said “this program is damaged and will now be deleted” (I don’t remember the exact phrasing but it made it sound like a virus or damaged download, not like an unsigned program).
There is no evidence at all that they are trying to ensure you can only run things from the App Store - I run a whole bunch of non-app-store binaries every single day. To make that claim is baseless and makes me de-rate the rest of what you write.
There is always a trade-off between privacy and security. This still falls well under the Google/Android/Chrome level, or indeed the Microsoft/Windows level with its targeted ads, IMHO.
Choose your poison, but this works for me.