Application trust is hard, but Apple does it well(security-embedded.com) |
Application trust is hard, but Apple does it well(security-embedded.com) |
> It comes down to an argument of trust - do you trust Apple is acting in your best interests
No. I mean really very obviously no.
Neither Microsoft. Nor Google. Why would I assume any company would act in my interests when they have clear incentives to increase their profits and control by acting counter to them?
It's great that the author loves to exist within the limits and restrictions imposed by Apple, but don't expect me to go along with your Stockholm Syndrome and belittle me for differing.
The problem is when one entity can lock down a platform entirely. Its a problem when its not a choice the user have. Its also a problem that even when the user wants all code to be verified, they cant choose who it gets verified by.
If yesterdays disaster had happen to a third party trust company, and not Apple, a lot of people would be looking for a new trust vendor today. Thats what should happen in a non-monopolistic market.
0: https://www.marketwatch.com/press-release/global-antivirus-s...
1: https://www.theverge.com/2020/10/29/21531711/google-alphabet...
Just because a company sells a product that has some things one might want that no other market players bother combined with some things that they don’t like, doesn’t mean they’re “exploiting a monopoly”.
I guess we’ll wait for you to design a better trust-based system that allows you to stop malicious software from executing on N different machines without needing N users to do anything.
Well, "unacceptable mess" are your words. It's totally acceptable to me that there could be issues on a feature / launch that need to be ironed out, unless we're talking about aviation software or pacemakers.
If we deemed "unacceptable" any misstep or early issue, we wouldn't even have fire, a relatively tried and tested technology, that still has its issues...
>No. I mean really very obviously no.
The question is not an absolut one.
You should read it "do you trust Apple is acting in your best interests OVER any random app you might install or website you visit?".
Not to mention they don't even do the kind of tracking the original "sky is falling" post assumed they do: https://blog.jacopo.io/en/post/apple-ocsp/
As this post says, "Now that you know the actual facts, if you think your privacy is put at risk by this feature more than having potential undetected malware running on your system, go ahead [and disable the checking via /etc/hosts]".
>It's great that the author loves to exist within the limits and restrictions imposed by Apple, but don't expect me to go along with your Stockholm Syndrome and belittle me for differing.
The author is a security specialist, not some random dude. And he made his point with technical arguments, not hand waving.
For much of the software I use, the answer is no. I don't trust that Apple is acting in my best interests over GNU software, for example, not by a long shot. I don't even trust that I could understand if Apple is acting in my interests, because massive corporations like Apple have unparalleled resources they can use to obfuscate their intentions.
Is our best shot at trusting one another to delegate that trust to a notoriously non-transparent corporation with a laundry list of conflicts of interest, obfuscated closed-source software, and that's operated out of a country well-known for surveilling its citizens and citizens of other countries?
Personally I'm not anywhere near ready to accept that that's the best we can do, nor that it's something that we even should do.
(The company that released the Apple II manual was trustworthy. That company was buried out behind the shed long ago.)
Edit: By saying this I'm not endorsing OP exact words, but the failure is not a minor, besides hours of work lost, it was a major stress, as I though I would have to take the computer to repair, or replace it, and I can still manage, but many people can't afford it right now.
In other words, an authoritarian corporate shill, just like the vast majority of others in the "security industry" whom I've had the displeasure of meeting.
But it isn't that. That would be the argument for choosing to install apps through Apple's store, not for Apple preventing you from choosing to install apps through a competing store.
Because then it's not Apple vs. literally every random shady garbage app, it's Apple vs. some specific alternative store that you might very well trust more than Apple to be acting in your interest, e.g. F-Droid.
The fact of the matter is that computers offer myriad ways to compromise your life and behave maliciously, and avoiding that is a tall challenge for any company. Apple is trying it their way, and you can try it yours. But to call it Stockholm Syndrome is an unfortunate take on these efforts.
We at HN like to hold ourselves apart from other communities, but is merely an echo chamber for what gp refers to.
Alright, let's not call it Stockholm syndrome. A "collective hypocrisy" would be more appropriate.
You mean this level of discourse?
>The privacy squad mobilised on this one - in fact, one blog post recieved a lot of attention for decrying such systems with the dogwhistle "you no longer own your computer!"
(Pretending to be able to see into the minds and motivations of people you don’t know is rarely helpful. You have no grounds to attribute users’ behavior and opinions to Stockholm Syndrome, and it doesn’t apply anyway: no one is held hostage or abused in this scenario)
But you don't need signed apps for that, only hashes. And you don't have to phone home for that, only download the latest naughty list whenever it changes so you can check against it locally.
App signing exists elsewhere without sacrificing privacy. Most Linux packages, for example, are signed with GPG keys. The difference is that Linux only cares about installing trusted packages. It doesn't care about applications that are already installed after verification. Apple insists on having the ability to revoke something that's already installed. There are two issues here:
1. Is it reasonable to revoke permissions for an installed package? It could be argued that it will help stop malicious apps that were discovered after they were distributed. However, it could equally as well be that Apple wants more control over devices and hold developers to ransom. Their recent treatment of developers indicate that this concern is not at all misplaced. The least Apple could do is warn the user about a revoked certificate and ask if they still want to proceed (like how browsers do in the same scenario). However, it just refuses outright.
2. Apple chose a very bad method to implement online certificate revocation. OCSP is meant for server certificate validation. OCSP stapling is preferred over plain OCSP due to privacy concerns. Stapling cannot be used in this context. This method unfortunately ruins privacy and spill user information everywhere. They could have chosen some other more private method, like an updatable CRL.
> I’m pretty sure those who relentlessly focus on the possible downsides don’t know either.
As I said, there are more private ways to push revocation status. Apple always claimed that the device lockdown was to ensure privacy. This oversight shows how hollow that claim is.
Important part to notice is the false dichotomy of freedom vs security. The argument that negligent users will screw up if given freedom. This is wrong for two reasons:
1. Defaults vs restrictions: Keep the defaults secure and slightly hard to modify for normal users. But don't restrict those who need alternatives.
2. Security can be achieved without locking everything down and remote controlling it. See web browsers for example. We run JS from all insecure sources, but cannot access sensitive resources (like camera, file access etc) without users' permission. The same can be achieved on OS with sandboxing, microkernels etc.
> no one is held hostage or abused in this scenario
Abuse is not always apparent to the abused. User rights are gradually eroded away in the name of security, giving users enough time to get accustomed to it. There may be escape hatches now, but they are slowly getting closed. For example, we considered PCs that don't allow us to install another OS as abusive. However, we don't hold mobile devices to the same standard. Unfortunately, this normalization of abuse doesn't just affect those who accept it. The rest of us are left without a choice. That criticism is definitely valid.
I get what you're saying, but (as an Apple fanboy) I have to point out that Apple's incentives are to act in your, the customer's, interests since that is what they are selling now. They are differentiating themselves from the Googles by taking user privacy seriously.
If they act against that they lose their key advantage.
Trust but verify perhaps?
I say this not to ascribe malicious intent—I do not think Apple implemented OCSP to push people towards the App Store. But incentives are funny things, and can cause people and organizations to rationalize all sorts of decisions, and conveniently ignore some side effects and not others.
Then please explain how that is consistent with Apple setting Google as default search engine in Safari ( https://www.theverge.com/2020/7/1/21310591/apple-google-sear... ).
As always, Apple only aims for environmentally-friendly actions and privacy as long as they profit from it and it makes a good news article. But then they ignore privacy when you're not looking, and making it unnecessarily hard to repair your devices.
I found out not long ago that a tool I was using had no hygiene practices at all - they grabbed random versions of things they packaged up, had no meaningful audit trail at all, no means to notify (or even awareness that this might be a consideration) essentially no meaningful code review and so on. I noted this because I was investigating a bug for the project and gradually the reality became clear.
At the very least, Apple is one step above mayhem and negligence.
Even without perverse incentives, why would another agent in your environment have any reason to go out of their way to have your best interest at heart?
I see more nuance here. I don't trust the Apple/MS licensing / code signing teams, but I do trust the MS defender team to do much better job. They're not directly connected to a source of profit.
Guns can be well engineered, but that does in no way answer whether it is or isn't acceptable to own one.
It's perfectly reasonable to believe that Apple is acting in Apple's best interest without attributing malevolence.
By downplaying rational arguments: "I think the privacy arguments are far-fetched (because others are worse)"
By using loaded terms: "Dogwhistles
The privacy squad mobilised"
Presenting strawmen: "if I have the code, build the code, nothing can hide in the code. This is a fallacy that people buy in to thanks to effective marketing "
Lying by omission: "It's not feasible for an individual to maintain the list of trustworthy or untrustworthy parties that Apple does."
It's perfectly feasible for a group of individuals. I'll take any group distro maintainers over Apple's word.
He really doesn't just sound like an Apple apologist; he is one.
Yes. I mean really very obviously yes.
And Microsoft. And Google.
I assume they're acting in my interests because they have clear incentives to increase their profits by giving me useful helpful products that I'll buy.
That's the entire premise of competition and the free market. The invisible hand gives consumers what they want. If, as a company, you don't, then you go out of business.
If this were a communist country where the Party performed validation checks? With no choice between products? Then no.
But in a competitive free market? Absolutely. In fact I'm relying on their motive to increase profits in order to trust that they'll act responsibly. What can you trust more than someone else's self-interest, at the end of the day?
I think 2 is much more complicated and the solution is not obvious, but it’s still a very valid issue, indeed I would say it is the most important issue in the industry today.
However much of what I saw in the comments was none of these.
Most of it was intended to dishonesty brand Apple a ‘spyware’ company, or to brand anyone who uses Apple hardware or software as a participant in some great evil.
Neither of these are intellectually honest paths.
This isn't what Apple is doing. If we're to take Apple's words that the govt agencies aren't 100% trustable just because they have a trustable setup today, why should we trust Apple just because they seem to be the good guys today?
... The user?
- instead of OCSP use CRLs or a better technique that allows MacOS to verify locally if a certificate is valid. This would preserve user privacy and wouldn't risk slowing down the user's computer in case things go wrong. It would also introduce slightly bigger risk because of the increase in the validity window, but I think that's a price worth paying. Regarding the size of the CRL's, there should be some cryptographic techniques like accumulators, bloom filters etc. that could improve the size.
- allow power users to add separate trust anchors in cases where they deem appropriate. The same way you go to Control Center to allow an app that was downloaded from the Internet to run, you could also be allowed to add another certificate from a developer you trust.
I think these 2 improvements could go a long way in restoring goodwill for Apple.
No, that's a completely false dichotomy. These are not alternatives at all. I can absolutely trust Apple to act in my best interests in some regards while distrusting them in others.
I do trust Apple to make a good effort to keep malware off my device, a better effort than I could ever hope to make myself. I do trust them not to spy on me to target ads.
But I also know that Apple has a business interest in keeping software off my device that is not malware. I don't trust them to act in my best interest where it conflicts with their best interest.
I also know that their interest in tightly controlling what software goes on my devices creates an opening for authoritarian governments to take control. If and and when end-to-end encryption gets banned, who decides whether or not I can still use Signal? Is it going to be me or is it going to be Apple?
This is definitely not a simple question of trusting Apple or not trusting Apple.
The author conveniently overlooks the fact that customers pay literally thousands of dollars for Apple computers. We're not talking about a free online service here. This is why "you no longer own your computer" has so much traction. Shouldn't we own the devices that we buy?
The tech companies are trying to destroy the very concept of product ownership, and consumers ought to fight to the end over this. It's why "right to repair" is so important too.
Stallman had a lot to say about this[1] over a decade ago.
It protects users, and it works well 99.9% of the time (actually, I am not aware of a previous outage of this system). So, why bother? It's been like this for a while, it is actually very useful to the vast majority of users, and Apple being Apple, even if they collected data, it wouldn't be up for sale like it would on a Google machine.
All the people saying they need to look for alternatives now that they found out that Apple is sending information about applications to its servers will need to think about this post. It's not like Apple is doing this to track users.
It should be at least five nines, preferably six nines. Anything less than that is absolutely inexcusable.
Can I please have a reference confirming this number
>"...It's not like Apple is doing this to track users."
And you of course have reliable inside source who can confirm this.
So no, they don't do it well.
Apple used this same argument when talking about security agencies - https://www.youtube.com/watch?v=BZmeZyDGkQ0.
You may trust them now. But what's to say they'll remain the good guys forever?
By that logic, what's to say Apple will remain the good guys forever?
If it's not astrptufing, I don't think I can understand the mindset of a consumer who feels the need to defend the world richest corporation from criticism.
It's the same as that Clinton comment about Trump voters being deplorables.
Insulting people won't change their mind, rather it entrenches their views.
Plenty of criticism of Apple itself, but that is not a criticism of their customers.
I agree fully with the author's characterizations of the dangers of disabling features or ignoring warnings, but I can't possibly agree with the conclusion that users should not be given a choice. So what if the user cannot understand the technical terms of a popup warning them about malware risk? How does that justify taking away their freedom to proceed anyway and run the program? The author's attitude is patronizing (and also intellectually dishonest as explained already by another commenter [1]).
There are lots of domains in life where we're out of our depth and make decisions anyway that might be dangerous, and we don't have anyone trying to hold or hand or to stop us altogether. Imagine you get into your Apple Car and plot a course on the GPS. The computer's voice says "there is a dangerous stretch of road on the plotted itinerary; please wait for your assigned Formula 1 driver to drive you to your destination". The car refuses to move no matter what you do. Half an hour later a small guy with a thick neck shows up, enters the car (because they've got the keys apparently) unlocks it so it can finally move and explains to you "oh yeah, a car fell down a cliff on that road back in 93". You complain about them not even apologizing for the delay. "You accepted the Terms and Conditions, didn't you?"
I get that the lack of freedom to run potentially malicious programs might be a feature, not a bug of Apple's systems. But I don't see them advertising it as what it is in practice. The notion of "false advertising" is well known and understood, but what about the notion of absence of advertising for a feature that might be unwanted to the point of making at least some potential buyers balk? Is there even a name for that?
Whether before the purchase of an Apple system or later at program startup time, the user should be able to make a decision as to whether to give Apple control of their computer in the fashion we've seen. All the necessary information and data should be provided to them. Whatever choice they make should be respected and they should not be judged for it, even if they did not understand the provided information. But the decision should not be made by some security nerd on a massive ego and power trip, imparting their enlightened guidance to "the lowest common denominator".
I'll just leave this here - https://stallman.org/apple.html
On my firefox browser both on the desktop and mobile it looks like a rather light grey on white background. That is just plain difficult to read and is just terrible UX.
By installing Candy Crush in every home user Windows hasnot made any amazing strides. In fact I would say windows 7/8/8.1 was far far better. What we have now? Candy Crush, Dumb Antivirus taking 20% CPU wasting unnecessary cpu time, Telemetry which sends data even if you opt out.
"I think the privacy arguments are far-fetched" Really?? Just because there are other bad players in market. Just because apple rivals/friends are doing bad thing doesn't mean you have to go and say privacy arguments are far-fetched. Clearly the article is just white washing of apple
No, but you can modify the code, add your own code..
My argument: sod off and let me decide what I want with my own hardware. Luckily I have no business case to deal with Apple products and as a private person I do not care what they do as I am not in their "ecosystem" or whatever they call it.
Since I only use Windows and Linux as desktop / server OS I am lucky not to be a victim of such tactics (at least for now). I know MS does collect telemetry but it is not known to be down to this level.
“ On November 12, 2020 Apple released macOS Big Sur. In the hours after the release went live, somewhere in Apple's infrastructure an Online Certificate Status Protocol (OCSP) responder cried out in pain, dropping to its knees, begging for mercy as load increased beyond what it could handle.”
On the one hand, no. Probably, statistically, apple will know better.
On the other hand, despite the above, if you want to call apple devices "owned" (vs "leased") then yes, the user must be the ultimate decision maker. They might want to delegate these things to apple (or someone else for that matter) most of the time. But they must have the possibility to simply run what they want.
I think we're seeing the "HN crowd" be so frustrated about this because it is a pretty transparently anti freedom thing to do, and HN folks do love themselves some freedom.
The user is the ultimate decision maker - the user gets to decide whether they want MacOS or not.
The only people talking about constraining this freedom are the ones asking for the government to regulate software distribution.
What you are asking for is for Apple to make a design change to their software to support your use case.
That is a very reasonable thing to want, and to reject Apple for not providing, but it has nothing to do with some ideology of what it means to ‘own’ something.
My car has software problems I don’t like - the digital speedometer only reads kph, whereas I live in a place where mph is standard. There is no facility for changing the software.
Obviously I still own the car.
I can see the argument, but at the same time, if they really did, I’m not sure I would agree.
I also am not sure that’s completely theoretical. Apple (almost?) has the money to do so (yearly revenues about $260 billion, cash reserves about $190 billion), and I think ‘the world’ is getting used to not owning stuff more and more. Many users already pay per month for their phones, anyways.
As someone who works in IT: not for most users. Certainly not for any of my relatives, as successful/smart as they may be in other fields.
Certainly have manual overrides for Alpha Geeks (to use O'Reilly's term), but even if a person is on the right-hand side of the Bell curve generally, that doesn't necessarily mean they can make informed software decisions specifically.
I'm fine with automatic seatbelts as long as there's a Terminal.app command I can run to disable them on an as-needed basis.
I want to run the apps I want to run, thank you very much. No one else should have any say in that. It's my computer.
This is why there is no 'File Access' API in the browser, because it'd be like giving guns to teenagers, even with 'safety training' it would get out of hand.
So the issue then becomes one of 'power' as much as 'knowledge' of security, and of course all the peripherial abuse surrounding the 'security rules' that have nothing to do with security.
Involving 3rd parties, giving proper security notifications but still letting users have the final say etc. etc. there are definitely middle paths and reasonable choices we coudl make.
But there's just too much money on the table for the powers that be to look the other way, they will continue to infringe until they are stopped.
So go back a few weeks and you buy a copy of Fortnite, Apple and Epic lock horns on a dispute and they revoke Epic's certificate. Next thing you get a shiny new M1 equipped Mac and go to install it and it's gone from the app store. Slightly deflated, you go back to your Mac and copy the files off it onto your new one, thinking you circumvented this slyly, it does an OCSP check and refuses to run the binary. Eventually the OCSP check will be done, probably after an OS upgrade on your old Mac and that's gone too. So you're deprived of something you paid for and have no control over the hardware you paid for.
This is an example of what could happen.
If it improved security posture the signing infrastructure wouldn't be used to sign any old shit from millions of developers doing all sorts of nefarious things that Apple didn't pick up during the review process...
Edit: this has already been demonstrated if you refer to the Flappy Bird mess a few years back.
Another thing in line with what you mentioned is the ability for the company to squash competition. Not only do they have the last word to veto programs from running, they also get a global view of what everyone is running that nobody else has. This kind of information has been abused by Amazon to drive out competition in favour of their own "Amazon essentials" products, for example.
Personally I drew the line at Catalina, and I think an order of magnitude more will draw the line at Big Sur.
https://www.zdnet.com/article/apple-update-kills-off-zoom-we...
As for Epic. They lied about the content of the software they uploaded to the store, and knowingly breached a contract they had signed. If that isn’t fraud, I don’t know what is.
They could have sued Apple without the fraud. The certificate revocation was only about the fraudulent software update.
Finally, I think the writer should be more careful with their use of the term "dogwhistle". It's a politically-loaded term that isn't used correctly in this piece.
I spent decades building and running my own computers and I’m not interested in doing so anymore. I own the device that I buy, I knew how to turn off these controls and didn’t bother during the outage, and I generally refuse to do so. In return, I don’t have to deal with all the weaknesses of the liberated computing approach that you frame as the only optimal outcome.
Apple’s restrictions liberate me from having to spend time on fully-liberated computing. I’m glad liberated computing exists, but the idealistic view that all computing should be that way is harmful to my life’s priorities.
This seems to conflate restrictions with defaults.
It's reasonable for Apple to configure Macs to be safe "out of the box". But it's not clear why it helps you to prevent other Mac users from changing the defaults.
There are a few people who bring it up, and then use manipulative rhetoric:
“Shouldn’t we own the devices we buy?”
Of course, who would disagree with that! But this is manipulative because you are affirming the consequent. I.e. leading the reader into accepting the conclusion that you don’t own your computer.
“The tech companies are trying to destroy the very concept of product ownership”
This is an ideological claim with no factual basis, there are no memos or recordings supporting that anyone is trying to do this. It’s just you claiming to know the plans of ‘the tech companies’.
It could just be that Apple is trying to stop malware. Perhaps not a secret plot! Maybe there is no conspiracy!
It’s also a laughable exaggeration, as well as black and white thinking . Do you own your house? Presumably not since there are many legal restrictions on what you can do with it. Do you own your car? Presumably not, since you can’t install your own software on its computers. Do you own your toaster oven? Presumably not since you can not reprogram the microcontrollers.
Perhaps the conspiracy is deeper than I realized!
“Consumers ought to fight to the end over this”
More manipulative language. Frame things in terms of a fight between corporations and consumers, and a ‘fight to the end’.
Are you a ‘consumer’?
But more importantly, what is ‘this’? It seems like you are asking to fight over the belief that ‘Tech companies are trying to destroy the concept of product ownership’. I.e. divide people and exhort them to fight over an ideological claim you are making about intentions that you haven’t substantiated.
How about examining some of the technical issues instead of ideological rhetoric?
Here’s one: If the security features can be disabled, how can I trust a Mac I haven’t maintained custody of the whole time?
Here’s another: If people don’t want their computer software to come from Apple, they can buy something else. What is wrong with that?
I have to assume you neither own nor lease any Apple devices. Why are you trying to control what other people do?
Way ahead of you: https://news.ycombinator.com/item?id=25074959 https://news.ycombinator.com/item?id=25076588
> I have to assume you neither own nor lease any Apple devices.
This was a ludicrously bad assumption.
Apple is so awesome, they have already come up with the perfect phrase you can use to describe them. It's "Reality distortion field".
In this argument, I’m not sure that level of product development can be dismissed. I wish Apple had implemented this better, I just bought a Windows machine so I wasn’t dependent on one platform, I’m trying to move towards Linux again (to be aligned with my own values), but the engineering this community wants, and the readiness of the platform & product we can buy any day of the week at Best Buy ... doesn’t exist.
So I, personally incentivized to give Apple a bit of a pass on this one, and hope they iterate this solution in the right direction, and definitely hope they don’t turn the Mac App Store into the iOS App Store.
Well, this is half-thought though.
First, most people don't use any GNU software or even know what GNU is. And they can and do trust all kinds of BS that they shouldn't (that's how computers get filled with malware crap).
Second, GNU in this context means nothing. GNU is an organization and an assorted set of licenses, not a program, and a program being associated with GNU says nothing about the safety of the program or not. The programs themselves could still be maliciously polluted with malware as have happened time and again, unbeknownst to the authors of the programs and those running the repositories.
>Is our best shot at trusting one another to delegate that trust to a notoriously non-transparent corporation with a laundry list of conflicts of interest, obfuscated closed-source software
Well, if you're against closed-source software you shouldn't be using macOS or Windows in the first place.
>and that's operated out of a country well-known for surveilling its citizens and citizens of other countries?
The latter is a political issue, and best solved at the political level. You don't get out of a surveillance situation just by using different programs, when the whole state apparatus, sites you visit, even ISPs, etc, is used for surveillance.
For example, not end to end encrypting iCloud backups is a major problem, especially if it is at the FBI’s request.
However, this has nothing to do with the certificate server outage.
Trust is not binary, and no matter what harmful things Apple does, nothing they do justifies intellectual dishonesty and lies from their critics.
If we want to critique them, let’s critique them for the things they are actually doing, and compare them to real alternatives or technical solutions.
When Woz left.
Also, I think while we're exchanging meaningless and besides-the-point platitudes: "fewer people" ;)
The reason it seems like trolling is that the information you're demanding "evidence" for is:
- the number of elapsed hours since October 7, 2019, when Catalina was released and OCSP became mandatory
- the number of hours of outage the other day
- how division works
None of these seem to be fairly in dispute.
It sends a hash of the certificate in use to Apple, which happens to be an Apple certificate that is used to sign many applications running on your system.
None of your data is being sent to Apple.
Given the presence of the NSA and their ability to send NSLs or FISA warrants, this information should not be hitting the Apple network. A CRL would have been a perfectly acceptable solution.
Responses were cached for 5 minutes.[1] That's effectively checking every time.
I have agreed with that criticism elsewhere. I also think unencrypted iCloud backups are a very serious problem.
Would I sign up for that? Certainly not. But if that sounds unattractive, then they should just accept that when you sell something and the buyer owns it, you don't control over anymore.
I keep pushing this distinction in DRM contexts, too. It's kinda my personal soapbox. :)
No such person would have any illusion about what Mac hardware they could use.
Everyone else, reasonably expects Apple to take care of the OS for them. Indeed that is arguably the selling point and key differentiator of the Mac.
Nobody is misled.
See elsewhere where I respond to the distinction you are making about ownership: https://news.ycombinator.com/item?id=25093873
But the end user doesn't care. They bought something and they want to keep it and use it. And that's where the buck stops.
Sometimes I really wish I owned a T-shirt printing business. Thanks!
Unfortunately, that world is no longer the one we live in.
One of the things I’ve learned about software security is the need to minimise the attack surface of your systems — don’t keep a database running on your web server unless you actually need it, don’t keep ports open unless they’re important, don’t install packages or dependencies you can do without — because everything has the potential for a zero-day exploit. Likewise for my own productive output: the only code guaranteed to be bug free is the absence of code.
For any computer not attached to the public internet, I agree that you should be free to run whatever you want. For anything networked? That’s anarchy, and although I would like the freedom of anarchy I experienced in 2003, unfortunately I don’t like the consequences of everyone else having the freedoms of anarchy in 2020.
I don’t have any fun, easy, side-effect free, solutions.
For everyone else, it is a very important safeguard against social engineering attacks.
I don’t understand your final sentence about “prevent”, and it doesn’t seem to be connected to anything I said. I apologize but as a result I can’t consider or reply to it as stated.
If that very basic thing needs to be spelt out, I'm not sure how any discussion is possible...
Code signing and OCSP and such are band aids to cover the fact that our OSes have deeply inadequate security models. They all date back to the days when the net was far less hostile or in some cases before WANs were a common thing.
Web browsers run code from everywhere and do a decent but not perfect job of this. It’s possible.
Are we discussing generic theoreticals or are there actually specific settings you think you don’t have the freedom to modify?
I haven’t seen anyone say “I can’t modify this setting on Big Sur” and have that inability remain unsolved for more than an hour, yet there’s a huge ruckus about lost freedoms, so I’d love to understand where the rubber meets the road here.
Or if the loss of Mac App Store access that results bothers you, write a simple http filter proxy that only rejects gatekeeper OCSP and place it into your Network preferences Proxy section.
macOS won’t stop you. This is all basic decades-old Linux admin knowledge, and the only Mac-specific command is know how to flush the DNS resolver cache without rebooting. I am not yet persuaded of your argument.
What other specific instances do you know of where you think macOS won’t let you do something to your own device?
Do you still own the car if it'll just turn off the engines when attempt to drive into a sketchy neighbourhood?
Let's assume the car manufacturer knows the city/town's crime rates well and they have your best intentions in mind. They want you to be safe.
Do you still own the car?
Note: I agree that scenario isn’t desirable. However there is no slippery slope.
This is what Tim Cook said about govt agencies wanting a backdoor - https://www.youtube.com/watch?v=BZmeZyDGkQ0 - right around 4:25.
When I buy an Apple product, this is part of what I think Apple does to protect their customers' privacy - No matter what, not even if the govt says so.
Now suddenly, we're back to talking about whether we can trust Apple after they expressly told us not to trust ANYONE including Apple and why that was such a good thing.
And yeah, when people lost access to their zune music, or their steam stuff, they did get upset.
Mind you, I would not outlaw the transaction. But calling it a "sale" is false advertising in my book.
The problem is that they (have the ability to) continue to make those decisions afterwards. You could have "known" an iPhone could run Fortnite at the moment you bought it and then after you received it in the mail discovered that they had decided you were no longer allowed to do that.
You could then say "well I bought it knowing they had the ability to change anything at any time" but I'm not sure I agree that you can give informed consent to a blank check.
However the question I have is given your views, why?
I came to the Mac almost 20 years ago. It was very different back then. The first decade of Mac OS X was brilliant. I felt it was the best consumer OS ever made. It was also a fairly "open" system: Mac UI on top, UNIX underneath.
The second decade of Mac OS X (now macOS), has been a disaster IMO. It just keeps getting worse and worse. All of the restrictions we see now were added in the past 8 years or so.
In short, I was already fully committed to the Mac before it started to get locked down, but I'm becoming increasingly uncomfortable with it as time goes on. There's not a great alternative, however.
I don’t think waging ideological war on Apple is doing anything to help us get one, especially not if you dismiss the real security benefits of their approach as part of some conspiracy to undermine the concept of ownership.
What would help is some analysis of how technically to achieve both security and openness. Nobody has achieved this yet.
Apple’s security strategy does place them as a trusted party in the system. I don’t see them changing this any time soon, since it’s an unsolved research problem, and they need to keep shipping.
I am curious what a system with no centrally trusted authority would actually look like.
If they don’t, they can buy a Mac.
Don’t force them to choose an unsafe tool when they don’t want to.
We learn from mistakes, not from success.
But, more importantly - people use photoshop because they want to edit images.
Most people do not buy computers because they want to learn how to defeat cyberattacks.
You know what some users learn after dealing with insecure systems? They learn to buy a Mac.
Where can I set trustd to use a different OCSP server? What is Apple's recommended secondary OCSP server?
A single point of failure, whether local or remote is an unfortunate design decision.
Month's on end. Is this a serious question?
Is this a serious question? My entire dev toolchain works without internet...
What's the parallel here?
You really think I need DNS to edit my photos, videos, write some music, compile / build my products etc. etc ? And if needed for many things I can use my own DNS services. To post my freshly built product I do not need Apple's DNS. Can do with my own.
A lot to people are claiming Apple is a malevolent entity. In context, it is reasonable for him to rebut that.
I agree with you about his use of loaded terms, and the dismissiveness.
The straw man you cite isn’t a straw man. It is a solid argument. https://www.bunniestudios.com/blog/?p=5706
The lie of omission you assert isn’t a lie.
No group of distro maintainers has solved the problem Apple is solving. The author used the word ‘feasible’. This is currently true, but doesn’t need to remain so. The fact that you are technically literate enough to know about distro maintainers, and trust them does not mean it is feasible for everyone to do so.
“He really doesn’t just sound like an Apple apologist; he is one.”
If that isn’t a loaded term, I don’t know what is.
The exclusive "or" in "do you trust Apple is acting in your best interests, or do you believe they're a malevolent entity?" still makes it a false dichotomy.
> The straw man you cite isn’t a straw man. It is a solid argument.
"if I have the code, build the code, nothing can hide in the code.":
is not something someone knowledgeable would ever claim, only that having the code and building the code will be at least as safe or safer than not having the code at all. Presenting it as "nothing can hide in the code" and then attacking that is, in my opinion, a strawman argument.
> The author used the word ‘feasible’.
And he is correct in that. No single individual can maintain the software integrity of an entire operating system, but a group of people can do so. The omission here is that that group of people need not be Apple.
The argument here is that without Apple taking control of the user's software the user would fall prey to the privacy violating practices of the likes of Google and Microsoft, which is not true. Hence the "lie by omission".
> If that isn’t a loaded term, I don’t know what is.
The term is from the article: "While I'm going to sound like an Apple apologist,"
He claims he is not X, but has given no argument why he shouldn't be considered X and has presented a lot of arguments on why he should be considered X.
He has presented no reason to assume he is not a devoted Apple user, or in his words, an "Apple apologist".
In short, I'm not sure I'm exaggerating, but that I'm willing to disagree on.
“The argument here is that without Apple taking control of the user's software the user would fall prey to the privacy violating practices of the likes of Google and Microsoft, which is not true. Hence the "lie by omission".”
You say it’s ‘not true’. I think it’s quite likely to be true.
But more importantly - it’s an argument. Not a fact. You just happen to disagree with him. It’s not a lie of omission to simply come to a different conclusion.
He hasn’t presented any argument why he should be considered an apologist. You are arguing that he is an apologist. That is both ad hominem, and a loaded term, and it’s you who is using it.
It goes the other direction. If you want to develop for iOS you have to get a Mac even if you don't want one.
Moreover, this behavior is objectionable regardless of market share, because a platform excluding alternative stores segregates that platform into a different market. If you're a developer whose customers use a Mac, and Apple starts operating the Mac App Store the same as the iOS one, it doesn't matter that they have 10% market share because that 10% of the PC market is 100% of your app customers and the relevant market isn't PCs, it's app distribution to a given customer base.
But if the company gives themselves access to that feature and not anybody else (even with the permission of the device owner), and restricts anyone else from reimplementing it, that creates a monopoly which they would then be abusing by restricting what competing app developers can do.
Security is the owner of the device controlling what runs on it. Monopoly abuse is the manufacturer of the device doing so against the will of the owner of the device.
Very annoying that you can't use an old Lisa development system like the ones Apple required for the original Macintosh.
Do people on other platforms have so many security issues that Apple's measures are justified?
I was traumatized a few weeks ago when my parents sent me a particularly jarring video of their Windows computer with audio playing telling them to call a number to get rid of something nefarious-sounding but quickly Googled it and realized it was a bunch of popup browser pop ups pretending to be worse than they were. I don’t run into stuff like that when using Firefox on my MacBook.
I think it matters a lot what you consider "Secure" to mean. Most security people are focused on stopping an attacker from remotely installing and executing malicious code on your device. Huge amount of effort is dedicated by security people to adding hardware to stop buffer over runs, make memory protected, signing code and so on, to stop these types of attacks. A more locked down system like iOS/Android is at least in theory more secure then a device ruining Windows and especially Linux, that lets the user install and run what ever they want.
If you on the other hand define security as in control over your device and your data, then the Mobile devices are terrible. A lot of apps are full of "telemetry" (read spyware) that in practice makes most Mobile device leaks a huge amount of data. You have very little control over this. This is an attack vector that is mostly ignored by these companies, because they dont see it as an attack vector, but rather as a revenue stream.
It allows fraudulent, malicious, or easily exploited code to be disabled.
> It is my computer and it should just work how it is meant to be without any external dependencies.
DNS is an external dependency, regardless of the level of redundancy.
We're discussing the implications of it. You're welcome to not if you think it's irrelevant.
Epic knew it, and the chose to breach the terms of service on purpose to cause this effect. Epic intentionally triggered a contract term that they knew would result in their software being removed from their customer’s devices.
They were given an opportunity by both Apple and the court to restore their software to compliance and still get to continue the lawsuit.
This is 100% Epic’s responsibility.
They could have sued Apple without deliberately breaching the contract, but they chose to make their customers into pawns in their legal strategy.
You effectively need to know what every company in the world is doing to have any real idea what your device is going to be able to do tomorrow. Under those conditions I don't think you can say you were informed when you purchased it.
But I disagree that people weren’t informed. It is common knowledge and widely advertised that Apple issues software updates, and it is widely known that Apple enforces its store rules.
The information about what changes could be made and by whom was readily available to purchasers.
How is that not ‘buying’?
He _literally_ did, himself, in the article he wrote:
"I think the privacy arguments are far-fetched"
and actually acknowledging it verbatim:
"While I'm going to sound like an Apple apologist,"
as in "people who say this are Apple apologists, but I'm only like one if I state it."
> Many invalid points, and straw men in your comment.
Of course.
You just disagree with him, but are engaging in ad hominem rather than engaging with his points.