Uh.. Please, correct me, but while Microsoft doesn't enforce signed binaries -- I don't think Microsoft allows you to disable *checking* that binaries are signed. (I'm not a sysadmin, though) Regardless, I'd gather that is the same case here. You can't disable Gatekeeper, the OS will enforce checking and tell you when a binary isn't signed -- If you want to "proceed anyway" -- you right click or option click the file and open it -- instead of entirely disabling gatekeeper.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
macOS Sierra Tidbits: Apple File System, RAID Support, and More
- Thread starter MacRumors
- Start date
- Sort by reaction score
Seems like this is Apple's way of moving toward one OS for all devices. Like it or not, we just might be stuck with Tim's vision of nothing but glorified iPads everywhere. This prediction may (sadly) come true.
Okay, these are some pretty cool updates. I'm feeling good about the macOS updates. Can't believe i just said that instead of OS X.
Well i would agree that iOS and macOS are light years apart in many features (we will see how yesterday's announcements closes the gap or not), but some of the ARM chips that Apple has developed are actually faster than intel's M chips. Source is here.
Lets see, iTunes Match mis-indexed and scrozzed many of my music files. (nothing like listening to random data instead of a music song).
iCloud drive "misplaced" all my files when I upgraded more storage space and left me with one file instead of dozens, and I still don't know where they went.
Yeah, just what I want. Apple managing my files for me.
This has nothing to do with 'security vs convenience' - it's about who controls your machine.
There will be a workaround by fall or even before. Most of software I use is from what apple call "anywhere" theyre small developers and can't or don't want to pu their apps on the App Store.
It would be better if they just used ZFS rather than making appleZFS
The plan is to run a single file system across their line of products. Tell me, how well does ZFS run on devices with very limited ram?
There's a large performance different between Intel M processors and Intel 'I' processors. Sure, ARM may catch up in several years time, but for a Macbook Pro, where great performance is expected, ARM is no alternative.
You either get it "free" by giving away your right to expect it won't be mined for data or you pay for it.
Free doesn't exist, there is always a cost.
Let's hope....or we'll be looking for jailbreaks for MacOS
That still doesn't prevent them from signing it, doesn't it? I really don't understand why some people here seem to criticise code signing. The abuse potential from malicious apps is tremendous and code signing is an efficient protection measure which is trivial for the developer to implement. The only thing that I would criticise here is that currently (AFAIK) to get a certificate you need to be a registered developer (with a paid membership). This discourages open-source developers who don't want to spend money on a dev subscription.
Considering the majority of users are too ignorant to care about adopting good security practices something has to be done. Like it or not, the "bad guys" are light years ahead and the only people that bear the brunt of the blame is, you guessed it, Apple (and other vendors).
You can't have it both ways. Anyways, it's likely as someone said earlier that this is just removing the option from gatekeeper to prevent people from just turning it off for everything all the time, which is a terrible "solution" to a simple problem (easy to run apps one at a time that are not signed).
No one is criticizing code signing, but not every application is signed for whatever reason.
The option for "anywhere" should still be there. It doesn't inspire confidence in Apple for the future of macOS.
I'll take the risk of installing a potentially malicious application - which in reality are few and far between.. and I'm careful about what applications I do run. I don't need Apple to babysit me.
You don't need too turn off Gatekeeper to run unsigned applications, just press Opt key while opening the application. Despite this, I'm not sure why Apple felt the need to remove the "anywhere" option.
The option for "anywhere" should still be there. It doesn't inspire confidence in Apple for the future of macOS.
I'll take the risk of installing a potentially malicious application - which in reality are few and far between.. and I'm careful about what applications I do run. I don't need Apple to babysit me.
[doublepost=1465912775][/doublepost]
You don't need too turn off Gatekeeper to run unsigned applications, just press Opt key while opening the application. Despite this, I'm not sure why Apple felt the need to remove the "anywhere" option.
I know you don't, which is exactly what I was saying. It is likely the removed the option because people were disabling it (and at times being INSTRUCTED to) and leaving it off. Regardless of what people want, the option to disable it all the time is dumb and leaves users vulnerable.
This is a complete guess but indexing always seems to takes up way more resources than it should do. I can quite easily see it being deferred if the system is doing something intensive with the hard drive. But I'm fairly sure that the OS can write more than one file at a time.
I'm intrigued by Documents and Desktop folders being synced to iCloud Drive along with the iCloud Drive folder itself. This makes working with multiple Macs and iOS devices much easier when it comes to accessing files.
With your Music folder essentially a part of Apple Music, that leaves just the Movies folder as a place of focus for Apple. We have iMovie Theater for completed iMovie projects, but some sort of Photos-like app for all video content would be great. Perhaps a revamped "Videos" app that has iTunes video content, personal videos, iMovie Theater, and iMovie projects, all synced with iCloud. Certainly that would require a lot of iCloud storage, but if people are willing to pay for it, make it happen.
Only problem I see for some is that iCloud Drive is encrypted with your Apple ID, something Apple has access to. True independent encryption would still require locally stored files on a Mac using FileVault 2.
With your Music folder essentially a part of Apple Music, that leaves just the Movies folder as a place of focus for Apple. We have iMovie Theater for completed iMovie projects, but some sort of Photos-like app for all video content would be great. Perhaps a revamped "Videos" app that has iTunes video content, personal videos, iMovie Theater, and iMovie projects, all synced with iCloud. Certainly that would require a lot of iCloud storage, but if people are willing to pay for it, make it happen.
Only problem I see for some is that iCloud Drive is encrypted with your Apple ID, something Apple has access to. True independent encryption would still require locally stored files on a Mac using FileVault 2.
Apple File System
This is so unbelievably dangerous that I won't be using it for at least 2-3 years after it's gone into public use. Designing a whole new filesystem from the ground up is a very risky thing, and there's definitely going to be hidden, obscure bugs. That's been the case with every new filesystem ever designed. Apple is no different. I'll wait for other people to suffer the bugs and lose their data.
That being said, it's about time. HFS+ is a freaking awful filesystem. Almost all of its features are hacked-on, via hidden files at the root of the drive. It's very low performance. But at least it's been vetted for 30 years and it works.
RAID Support
Finally! Setting up RAID via the Terminal was easy enough, but it was hell to manage with the lack of runtime status (like when a disk dies), and the *weird* display in Disk Utility whenever it encountered RAID. And the constant, looming fear that Apple would delete the RAID driver someday.
Now we know that AppleRAID is here to stay. I refused to pay for SoftRAID out of principle: Overpriced and ugly as hell.
This is what RAID management looked like via the terminal. Awful. I am so glad Apple's GUI is making a comeback. That alone is worth the Sierra upgrade for me.
"Anywhere" Dropped From Gatekeeper
This is the most interesting change of them all. Because it kills software piracy on the Mac. Hahaha! I wonder if the hackers will find some other way of disabling Gatekeeper? I hope not! I never pirate anything, because it robs people of the ability to make software for a living, and kills their joy to keep improving it over time. I've seen developers quit and return to a regular day job due to piracy.
Here's why this change kills piracy:
- When "Allow apps downloaded from" is set to "Anywhere", it DISABLES Gatekeeper system-wide.
- When "Allow apps downloaded from" is set to "Mac App Store" or "Mac App Store and identified developers", it ENABLES Gatekeeper system-wide.
Since people cannot set it to "Anywhere" anymore, they cannot disable Gatekeeper. They can right-click unidentified developer packages and say "Open Anyway", sure, but that doesn't disable Gatekeeper. It only lets them open totally unsigned apps (which no commercial software developer does anymore; only free, Open Source software is unsigned).
Legal apps always have a Gatekeeper code signature, which is deeply written into the application and cannot be removed. Pirated apps have always cracked the binaries, which means that the code signature no longer matches. So even if they try to "Open Anyway", it will now always be checked via Gatekeeper's integrity check, which will say "This application is damaged and can't be opened. You should move it to the Trash."
HAHAHHAHAHAHAHAHAHAHAHAHHAHAHHAAHHAHA.
I hope the pirates don't find any workaround to disable Gatekeeper again. I am so happy right now. People deserve to be paid for slaving away long nights writing good software. If this change stays, developers will get more motivation to keep producing software since it becomes possible for more people to make a living from it.
This is so unbelievably dangerous that I won't be using it for at least 2-3 years after it's gone into public use. Designing a whole new filesystem from the ground up is a very risky thing, and there's definitely going to be hidden, obscure bugs. That's been the case with every new filesystem ever designed. Apple is no different. I'll wait for other people to suffer the bugs and lose their data.
That being said, it's about time. HFS+ is a freaking awful filesystem. Almost all of its features are hacked-on, via hidden files at the root of the drive. It's very low performance. But at least it's been vetted for 30 years and it works.
RAID Support
Finally! Setting up RAID via the Terminal was easy enough, but it was hell to manage with the lack of runtime status (like when a disk dies), and the *weird* display in Disk Utility whenever it encountered RAID. And the constant, looming fear that Apple would delete the RAID driver someday.
Now we know that AppleRAID is here to stay. I refused to pay for SoftRAID out of principle: Overpriced and ugly as hell.
This is what RAID management looked like via the terminal. Awful. I am so glad Apple's GUI is making a comeback. That alone is worth the Sierra upgrade for me.
"Anywhere" Dropped From Gatekeeper
This is the most interesting change of them all. Because it kills software piracy on the Mac. Hahaha! I wonder if the hackers will find some other way of disabling Gatekeeper? I hope not! I never pirate anything, because it robs people of the ability to make software for a living, and kills their joy to keep improving it over time. I've seen developers quit and return to a regular day job due to piracy.
Here's why this change kills piracy:
- When "Allow apps downloaded from" is set to "Anywhere", it DISABLES Gatekeeper system-wide.
- When "Allow apps downloaded from" is set to "Mac App Store" or "Mac App Store and identified developers", it ENABLES Gatekeeper system-wide.
Since people cannot set it to "Anywhere" anymore, they cannot disable Gatekeeper. They can right-click unidentified developer packages and say "Open Anyway", sure, but that doesn't disable Gatekeeper. It only lets them open totally unsigned apps (which no commercial software developer does anymore; only free, Open Source software is unsigned).
Legal apps always have a Gatekeeper code signature, which is deeply written into the application and cannot be removed. Pirated apps have always cracked the binaries, which means that the code signature no longer matches. So even if they try to "Open Anyway", it will now always be checked via Gatekeeper's integrity check, which will say "This application is damaged and can't be opened. You should move it to the Trash."
HAHAHHAHAHAHAHAHAHAHAHAHHAHAHHAAHHAHA.
I hope the pirates don't find any workaround to disable Gatekeeper again. I am so happy right now. People deserve to be paid for slaving away long nights writing good software. If this change stays, developers will get more motivation to keep producing software since it becomes possible for more people to make a living from it.
Last edited:
looking forward to using this file system in version 3.0 ate least 5 years from now... you know when it works properly.
For the file optimization to be really successful iCloud Drive needs more Dropbox like features...
I agree with this 100%, if you want the app purchase it. Pirated apps are generally a source of malware in the first place which plague the rest of us as well.
Signed apps are much less likely to contain malware. My guess is that the final version of Sierra will still allow unsigned apps, but will require a manual step in between.
I don't like to much build in intelligence that starts doing things in the background and I am not aware. I do not want to store any documents in the cloud. I hope there is a good system pref page that gives the user plenty of options.