Gatekeeper Already Present in OS X 10.7.3, Available for Developer Testing

[DigitalFreedom]

profit profit only profit!

Just look at this graph

http://www.theiphonespot.net/wp-con...pple-quarterly-sales-by-product-q405-q211.png

Macs and software are only small part of their revenue now. They definitely plan to increase it ALOT , that's what GateKeeper means. And all of you will be paying and paying.

----------

For sure that's not about security, if that was for security they could at least make it not so restrictive (as a part of parental controls for example). Windows XP had a similar feature for years, and it did not help against viruses at all. Moreover, don't you think it's strange that yesterday they claimed "Mac os X is completely virus free" and then next day they ban ALL third party apps "to protect you". When governments or corporations want to cut your freedom - they're always talking about security. Most of masses are only glad to have their freedom cut.
Also don't you think if there was no AppStore, they would even bother with this GateKeeper? No!
The only (only!) reason they push it is to force developers (and users) to use their AppStore. And that was very predictable. First it hits alternative online distributors and resellers, and eventually it will hit developers - cause the monopoly is always bad. That's definitely anti-competitive behaviour and people must understand - it won't be good for them in a long term. Eventually developers won't own their apps, and Apple will own everything! They will be able to change their rules, commissions etc and there will be no alternative! That is what they want! That is so old practice! But in 1990th there were so many court cases against Microsoft! What now?

Developers should complain and protest about banning their non-signed apps by default, as it's a way to a digital slavery! It's so obvious in the USA, are you still believe in any security and good thoughts? That's a BS! That's all about money and greed! Now 30% and you cannot even mention a competing OS in your app, what next? Isn't that the dictatorship the Unites States were always fighting with? It IS! The freedom is in danger again and again!
That the same as SOPA and PIPA - it results in the same freedom loss!
Don't be so stupid to think it's about security!

 

[mijail]

2) No. My point was that most users won't even know where/what the Gatekeeper defaults are. It will stay stuck at the middle option forever. Hence the barrier-of-entry for indies & open source projects to get mainstream eyeballs is high. Yes, it's always been hard for them, and now it will be much harder.

If a user doesn't even know where the Gatekeeper preferences are, then s/he is the kind of user who NEEDS Gatekeeper, and not the kind user you have in mind when talking about open source.
Open source projects who do educate their users, or who do sign executables (like those who currently sign for example drivers for Windows), won't have a problem.

----------

The nokia issue was with iSync. A feature Apple took away. Although you can get iSync from Snow Leopard and simply copy it to Lion and syncing will work (it worked with my old N8 and N95 ).

Its unsupported and Apple could remove the syncing framework at any time.

You are right in that it's a pain that iSync was removed.
But you are not assigning any blame to Nokia and its underwhelming support. Not fair, I think.

----------

Developers should complain and protest about banning their non-signed apps by default, as it's a way to a digital slavery! It's so obvious in the USA, are you still believe in any security and good thoughts? That's a BS! That's all about money and greed! Now 30% and you cannot even mention a competing OS in your app, what next? Isn't that the dictatorship the Unites States were always fighting with? It IS! The freedom is in danger again and again!
That the same as SOPA and PIPA - it results in the same freedom loss!
Don't be so stupid to think it's about security!

All exclamation and interrogation marks.
Get a paper bag and BREATHE IN IT SLOWLY, man. You're gonna pass out.

----------

If you mean developing in other languages, Apple doesn't really care, it doesn't benefit Apple's eco-system.

Ever heard of, say, MacRuby?
(and I just found this: looks like Apple is in fact going out of its way to support external developers and environments, like Homebrew. See here.
But anyway, that's just the same that Panic's developers are also saying. So it's getting somewhat difficult to believe the naysayers ;P)

 

[gnasher729]

The only issue I see is that many people don't update their software often, it would be nice if Apple could figure out a way to let people check for an update to the app they're trying to run.

If you have an app that you have been using for years, then whether it's safe or not, any damage would be done by now so there is very little point in blocking it. So it would be nice of 10.8 could notice that situation.

 

[J0m083]

I think Gatekeeper is not the crux. That being, from the John Gruber post, the news that only apps downloaded from the Mac App Store will be able to use new functions (API's) like Notification Centre.

We're using tools to create applications for customers. Some of these tools cost a few thousand dollars a year pro seat. I expected neither we nor the toolmakers are inclined to give Apple to what amounts to half a Macbook Pro a year a seat for essentially nothing extra (compared to the current setup) by using the App Store. Which will mean that using such tools we will not be able to offer our Apple customers the full functionality of OS X, which they have already paid for through the hard- and software they bought from Apple.

I'm not afraid of malware in ours tools. Have used one of them since the Apple ][. A corporate setup probably won't help as it is not our applications but the tools we use to run them which are being affected. Which we're not going to switch easily, cost us years of investment.

Wonder why Apple would make life so difficult for us.

 

[Heilage]

They need a platform for developers to make apps on. This direction seems to be adding a simple alternative, not removing the powerful current system (e.g. Launchpad does not remove the Applications folder).

They might just forget that important fact. Or hey, why would you need an application not developed by Apple themselves?

What stupid direction? Seriously I keep hearing this dumbing down or iOS-ification, but no one has provided concrete examples of where OS X is dumber today than it was a year ago. Please tell me what can’t you do in Lion that you could in Snow Leopard? Based on the scant information about Mountain Lion what don’t you think you’ll be able to do in that?

The stupid direction is where it's a mortal sin for the user to actually have to do anything themselves, and god forbid that they would have to utilize half a brain cell to do it. We all lose when things are lowered to the lowest common denominator.

 

[AdrianWerner]

I don't get why you wouldn't buy your app from the app store if its there?

Because you like the developer behind this app? In which case you want to support them by giving them the whole price, instead of letting Apple take their cut.

 

[adamtheturtle]

They might just forget that important fact. Or hey, why would you need an application not developed by Apple themselves?

You might as well say they might just forget they need to have users. There is no indication that Apple is forgetting about developers. And how are these Apple devs working with a super-restricted system anyways?

 

[Heilage]

You might as well say they might just forget they need to have users. There is no indication that Apple is forgetting about developers. And how are these Apple devs working with a super-restricted system anyways?

People will buy their stuff anyway, even if they barely constitute a user.

Remember kids: Expect the worst, so being wrong can work out great.

However, Tim Cook does seem to want a more Mac-oriented approach, rather than the 1984 lockdown Jobs wanted. They might be willing to forsake the proper users for the "Ooh, shiny!" crowd though, if there's enough money in it.

 

[hot spare]

Damn:

http://www.edbott.com/weblog/wp-content/uploads/mse-vs-gatekeeper.png

 

[knightlie]

I don't like the choice of words. As a developer with no plans to use the App Store with its 30% fee, a message implying that my software may damage the users computer is contentious. A simpler "Only install software from a source you trust" makes more sense.

 

[Manderby]

They already said they will be free

Source? I mean, I believe you, but I really would like to read it myself from apple directly but so far I have not found anything.

 

[Stella]

Ever heard of, say, MacRuby?
(and I just found this: looks like Apple is in fact going out of its way to support external developers and environments, like Homebrew. See here.
But anyway, that's just the same that Panic's developers are also saying. So it's getting somewhat difficult to believe the naysayers ;P)

I'm a developer myself, so it would be nice for Apple to actively support other languages than ObjectiveC.. OjbectiveC is long winded - although I still like it. So I'm not exactly a naysayer.

 

[iSee]

Yeah, because nobody ever uses Firefox, right? Chrome isn't built on open source either, is it? Hell, OS X doesn't have large chunks of open source software, oh no!

What utter crap. Consumers probably don't realize that they use open source software or know what it is, but they do use it. Consumers won't be compiling their own stuff, but they can download Firefox.

Uh, calm down dude.
Binary distributions can be signed, open source or not. No problemo.

 

[iSee]

Some businesses have their own Certficate Authority and sign their code with that. I can't speak for businesses that run OS X primarily, but there are Windows shops that do so. Microsoft includes Certificate Services with Windows Server for those that wish to sign their own certificates, rather than relying on third parties. If Apple will sign in-house applications without any validation process of code, then it won't make any difference for those customers. From what I understand about iOS apps though is that the software goes under some evaluation process, to ensure it is safe and whatnot, before it certified. You can't really expect to do business with private corporations that write their own in-house software if it is to go under evaluation by a third party. A third party really has no business in telling companies how their in-house software should function or be secured. I can understand the need for commercial apps, but not private apps. Regardless, we don't know at this point if the software must be signed by Apple or only by any trusted certificate authority. Windows has the same builtin security (only enabled for hardware drivers by default), but it only requires code to be signed by any trusted authority, not just by Microsoft. I believe non-driver apps unsigned or signed by an untrusted authority will prompt the user to verify that it is "safe".

Whew, you're conflating a lot of stuff here.

* Apple does not inspect apps that are not distributed throught the app store.
* An enterprise has the option to get a certificate from Apple which it can use -- at will -- to sign any apps they want. Apple is not involved in signing the apps.

So: this has no effect on an enterprises ability to distribute private signed apps.

 

[mijail]

If you have an app that you have been using for years, then whether it's safe or not, any damage would be done by now so there is very little point in blocking it. So it would be nice of 10.8 could notice that situation.

Not really. If an app is discovered to have an exploitable bug, then it is a vector for ... "problems". And new ways of exploiting old bugs do appear.

----------

I'm a developer myself, so it would be nice for Apple to actively support other languages than ObjectiveC.. OjbectiveC is long winded - although I still like it. So I'm not exactly a naysayer.

What does "actively support other languages than Objective C" exactly mean?

LLVM, the Apple-sponsored open source compiler, do support a number of other languages, doesn't it?

C-blocks is an Apple extension to C, C++ and Objective C, isn't it?

A number of environments are included by default in OS X, like the already mentioned MacRuby, developed by someone at Apple.

Apple has also done a lot on JavaScript optimization in WebKit, open source and used by even a number of competitors.

...so...?

 

[spazzcat]

Because you like the developer behind this app? In which case you want to support them by giving them the whole price, instead of letting Apple take their cut.

So you don't buy software in a store?

 

[dashiel]

1) It's certainly not baseless, but yes it's speculation hence the word "concern".

It’s baseless because there is no precedent

2) No. My point was that most users won't even know where/what the Gatekeeper defaults are. It will stay stuck at the middle option forever. Hence the barrier-of-entry for indies & open source projects to get mainstream eyeballs is high. Yes, it's always been hard for them, and now it will be much harder.

So a software developer has two options:

1) Get the free signed certificate *still not certain if free dev accounts can get certs.
2) On the developer web site offer screen by screen instructions on how to change settings. It’s no different today when you want to install a Ruby GEM and have never done it before.

3) The fact that Apple can flag any signed app is in effect a kill switch. It may or may not remotely remove software like the Amazon ebook debacle, but subsequent downloads would present a warning to users or perhaps even block installation. You seem to trust Apple to play fair. Their historical behavior on the iOS store tells me otherwise.

Apple has never used the kill switch on the iOS store.

 

[dashiel]

The stupid direction is where it's a mortal sin for the user to actually have to do anything themselves, and god forbid that they would have to utilize half a brain cell to do it. We all lose when things are lowered to the lowest common denominator.

Computers are tools to get things done, the average user shouldn’t have to spend energy & effort getting the tool to work. The simpler OS X gets the better. More importantly though making OS X simpler doesn’t mean the more advanced capabilities go away.

 

[dashiel]

They can't have a certificate unless they are using an Apple installer application. If you haven't noticed Steam uses it's own DRM and installer application, so the onus would be on the distributor. Now from what I can tell Steam has better luck getting legitimate applications than Apple does in the long run, but the point remains.

I should not have commented on Steam. I don’t use it or know much about it.

As far as I know the only plugin that was attempted to be removed was MAFIAAFIRE, but that wasn't for Malware. Though if you've noticed, once a flaw is usually found, they are usually exploited.

That's exactly what they said about SOPA/PIPA, but it took engineers, of which I was one, and thousands of corporations to fight against this broad type of legislation that would of impacted the web, much in the same way this would effect the Apple development landscape.

This is borderline FUD and has no relationship to GateKeeper. SOPA/PIPA were designed for corporations who would shut down everything if given their druthers. Apple doesn’t want anything like that, history on iOS bears this out. Apple has never used this mechanism on iOS. Actually let me back track on that I think they may have used it once recently, but once out of 500,000 apps and 4 years of iOS development. That’s hardly the 1984 fear mongering going on here.

 

[stanton]

This is borderline FUD and has no relationship to GateKeeper. SOPA/PIPA were designed for corporations who would shut down everything if given their druthers. Apple doesn’t want anything like that, history on iOS bears this out. Apple has never used this mechanism on iOS. Actually let me back track on that I think they may have used it once recently, but once out of 500,000 apps and 4 years of iOS development. That’s hardly the 1984 fear mongering going on here.

Apple has long had a history of censorship on the iOS app store.
http://techcrunch.com/2009/05/03/tr...-apple-you-want-obscene-ill-show-you-obscene/ Trent Reznor
http://www.guardian.co.uk/technology/2010/may/25/ipad-porn-free-steve-jobs Pornography on iOS
http://www.wired.com/gadgetlab/2011/11/apple-pulls-itether-app-from-store/ iTether Application pulled
http://www.wired.com/epicenter/2010/04/apple-bans-satire/ Mark Fiore's comic

That this will occur on Non-Mac App Store purchases, I would certainly hope not, but the history is there. The reasons have varied from political incorrect to obscenities or simply not doing what Apple deems appropriate. This has long been a black eye on the iOS world, and I would certainly hope that it doesn't spread to the Desktop development which has a long history of innovation. Robert Lopez and Jeff Marx from Avenue Q probably didn't know exactly how relevant the music was in today's society. Like I think I stated earlier, I'm actually in favor of digital certificates and verifying the software is from the actual developer, but the onus of what's right and wrong belongs on the consumer. This is the same reason why Certificate Authorities, (VeriSign, Comodo, etc) should be audited routinely to ensure that no monkey business is going on.

 

[dashiel]

Apple has long had a history of censorship on the iOS app store.
http://techcrunch.com/2009/05/03/tr...-apple-you-want-obscene-ill-show-you-obscene/ Trent Reznor
http://www.guardian.co.uk/technology/2010/may/25/ipad-porn-free-steve-jobs Pornography on iOS
http://www.wired.com/gadgetlab/2011/11/apple-pulls-itether-app-from-store/ iTether Application pulled
http://www.wired.com/epicenter/2010/04/apple-bans-satire/ Mark Fiore's comic

That this will occur on Non-Mac App Store purchases, I would certainly hope not, but the history is there. The reasons have varied from political incorrect to obscenities or simply not doing what Apple deems appropriate. This has long been a black eye on the iOS world, and I would certainly hope that it doesn't spread to the Desktop development which has a long history of innovation. Robert Lopez and Jeff Marx from Avenue Q probably didn't know exactly how relevant the music was in today's society. Like I think I stated earlier, I'm actually in favor of digital certificates and verifying the software is from the actual developer, but the onus of what's right and wrong belongs on the consumer. This is the same reason why Certificate Authorities, (VeriSign, Comodo, etc) should be audited routinely to ensure that no monkey business is going on.

Refusing to sell something or pulling “offensive” content is entirely different argument than using a signed certificate to prevent malicious software distribution. Conflating the two concepts in a single discussion is a fruitless endeavor. I’m not interested in debating that, largely because I agree with you there. The point is Apple has never used a kill switch† nor revoked a digital certificate in the entire history of iOS*

Apple is not reviewing code or content for a Gatekeeper Key. Developers simply apply for a key, signs their App(s) and that’s it. If an App is malicious Apple pulls the key and no new installs are allowed.



† Unlike Google who due to their lax approval process have let through a number of malicious applications.

* Again I seem to recall something recently where an app developer who created thousands of crapware apps was banned.

 

[petsounds]

Apple has never used the kill switch on the iOS store.

They have blocked apps for not fitting in with their moral view and for competing with their own apps. It's not a "kill switch" like on the Kindle, but if your app's cert is revoked entirely, it would be in effect a kill switch. I'm not saying Apple *will* do this, but it's a concern. Just like in a democracy, users/developers have to be very wary about giving up freedoms because those in power are likely not to give them back. If you had choices about where to have your app signed, that would be one thing, but Apple wants master control here over apps on the desktop. I understand the security aspect, but having a signed app doesn't mean that only Apple should sign it, just as SSL certs aren't signed only by one certificate authority.

 

[firewood]

Because you like the developer behind this app? In which case you want to support them by giving them the whole price, instead of letting Apple take their cut.

If you like the developer, you could always separately donate them 30% or maybe 10X the listed price in the App store. Why not?

 

[dashiel]

They have blocked apps for not fitting in with their moral view and for competing with their own apps. It's not a "kill switch" like on the Kindle, but if your app's cert is revoked entirely, it would be in effect a kill switch. I'm not saying Apple *will* do this, but it's a concern. Just like in a democracy, users/developers have to be very wary about giving up freedoms because those in power are likely not to give them back. If you had choices about where to have your app signed, that would be one thing, but Apple wants master control here over apps on the desktop. I understand the security aspect, but having a signed app doesn't mean that only Apple should sign it, just as SSL certs aren't signed only by one certificate authority.

Again you’re talking about two different things, mix and matching the two premises makes it impossible to have a discussion about this. There’s a massive difference between saying “I won’t sell that in my store” and “You can’t use that on something you bought from my store.”

As for signing certs, it’s largely irrelevant where the developer gets one as Apple would still need the authority to revoke it.

 

[petsounds]

Again you’re talking about two different things, mix and matching the two premises makes it impossible to have a discussion about this. There’s a massive difference between saying “I won’t sell that in my store” and “You can’t use that on something you bought from my store.”

As I said, it's a concern. I'm not saying it's going to happen. But it's a steep cliff and a long way down should Apple decide to exert "editorial control" over the apps it has signed. You trust them to play fair, I don't. Jobs never gave me much reason to. Perhaps the Tim Cook-era Apple will instill some. I hope!

As for signing certs, it’s largely irrelevant where the developer gets one as Apple would still need the authority to revoke it.

And why would Apple need that kind of authority? Having a list of flagged apps is enough to notify users of malicious code. Control of the cert signing would only be necessary to cause apps to no longer run -- something you argue Apple would never do.