Also, let's say they call you. I expect that, most of the time, this will be more or less what the call will look like:

  You: "Hi."

  User: "There was some window on my screen."

  You: "What did it say?"

  User: "I don't know. I clicked it away."

  You: "What were you doing?"

  User: "Nothing."

I disagree, it causes users to do exactly what they should be doing, being weary of installing a random App package. On top of that, it's very similar to the warnings most major browsers throw when they encounter a file they don't recognize.

It's no more alarmist than IE telling you it doesn't recognize the file you just downloaded, so be careful.

> Personally, I disagree with it because it continues Apple's strategy of intellectually hamstringing its users.

That's one way to look at it. A significantly more accurate way to look at it would be to take any average user, sit them down at an XP desktop and get them to rattle off things they see as unnecessary or overly complicated.

Call it whatever you want, in reality it's taking real user interaction to heart instead of assuming we can somehow educate our way out of problems that we have been struggling with since the dawn of computing.

For example, I can't believe how many people seethed hatred over Versions in Mac OS X Lion. Months before that they were most likely cursing the document model and all the headaches it caused them.

I love this assumption that one day, it will just click in everyone's heads. They will just save reflexively without considering, just like they will all fully understand code signing and will seek out additional information on the subject.

Give me a break. Those models are broken, and we've had years and years to prove it. Re-thinking these basic computing concepts that average users have been screwing up for years isn't intellectually hamstringing anyone, on the contrary it's what will make computing comfortable for the masses instead of just bringing it to them and hoping for the best like we do now.

What actually intellectually hamstrings people? The fear they have of their computer, of doing something wrong, of making an irreversible change they don't understand, or installing malware. Tackling that is extremely ambitious, and kudos to Apple for actually trying instead of making excuses like most others do.

> "We recommend that you find a computer user to explain this error to you"

Really condescending, as well as inaccurate. They're using the computer, correct? Then they are the "computer user", end of story.

> "Follow this wikipedia link to the page about gatekeeper to learn more about this and to find links to explanatory material"

So now we're adding complexity by requesting that they learn about the concept of signed and unsigned code, instead of simply being weary of unsigned apps?

Everyone is quick to criticize the dialog, but their suggestions are more convoluted and inaccurate than the actual message.

  It's no more alarmist than IE telling you it doesn't
  recognize the file you just downloaded, so be careful.

  Condescending

  Everyone is quick to criticize the dialog, but their
  suggestions are more convoluted and inaccurate than the
  actual message.

IE 9 presents you with no such button if the file isn't trusted. You have to go and manually navigate to the Downloads folder to launch it.

> However, I have little sympathy for people that get offended when they're told that they're out of their depth.

So your solution is to change basic human nature and make it so people aren't embarrassed by their ignorance? Good luck with that one.

> Because I tried to present an alternative other than "just get rid of it", which is really the right thing to do.

You say so, but yet you haven't presented a compelling reason why. Getting rid of it is the right thing to do, it's an unsigned program downloaded by a user who hasn't changed the Gatekeeper settings. It looks a little odd not because of how few apps are signed, but it won't in time.

Besides, your alternative suggestions do nothing but demonstrate why it's a bad idea to implement this any other way. They add complexity, insult users flippantly, and are poorly thought through.

You... really believe that adding a wordy "this guy didn't ask for our approval, delete program now" dialog box is "extremely ambitious"? In the only direction in which this is ambitious, is in handing over even more control to Apple, something which iOS showed us that developers for the Apple ecosystems are more than willing to do, no matter how draconian the terms. Other than that, it's just a harsher version of what every OS does already.

On Linux, the custom is to write downloaded files without the executable bit... if you decide to veer from trustworthy or at least publicly-signed channels of distribution; on Windows, you get a similar dialog, but not with an imperative to erase any application which lacks a certificate by Microsoft.

I don't see much of re-thinking of anything here, nor a liberating whatever for the masses.

Is that what I said? Because I think I said that attempting to tackle the fear people have with their computers is extremely ambitious. This dialogue box is one part of a clear effort on Apple's part to do that, so I applaud it.

> In the only direction in which this is ambitious, is in handing over even more control to Apple, something which iOS showed us that developers for the Apple ecosystems are more than willing to do, no matter how draconian the terms.

Or that not all developers are as overly dramatic and full of shit as you are, but whatever.

> Other than that, it's just a harsher version of what every OS does already.

You mean those "other OSes" that are constantly under threat of malware? Yeah, I wonder where the idea came from that a harsher strategy would be better?

> On Linux, the custom is to write downloaded files without the executable bit... if you decide to veer from trustworthy or at least publicly-signed channels of distribution

Right. So in other words, on the default setting a user can easily install compromised software via a social engineering attack, or with a compromised USB key or other removable media? Great job, you've improved nothing and solved nothing.

> I don't see much of re-thinking of anything here, nor a liberating whatever for the masses.

Go figure. I doubt the Hacker News community could identify improved user interaction/reduced user anxiety if it bit them in the ass.

We'll make a deal then. Apple will do this, and sell more Macs than ever before. You'll insist they'll should do otherwise, throw a fit when they don't, insist users are idiots when it works perfectly and sells like gangbusters, and then act like it didn't change anything and was no big deal when eventually this is how all desktop operating systems work.

Sounds good? Ok, break!

I'm redeemed in that I don't hoard all of the shit, it seems.

> Right. So in other words, on the default setting a user can easily install compromised software via a social engineering attack, or with a compromised USB key or other removable media? Great job, you've improved nothing and solved nothing.

I disagree. Signed repositories, warnings and disabling downloaded binaries are good measures for protecting against trojans and worms, while not scaremongering your users or sullying the image of the developers. I'm not sure about the removable media, but you may have a point there. Yet you speak as if this system were immune against social engineering. It will only be if and when Apple decides to remove the option to run any foreign unsigned programs.

> Go figure. I doubt the Hacker News community could identify improved user interaction/reduced user anxiety if it bit them in the ass.

You call a "Your computer is under siege!" message an 'improved user interaction' that will 'reduce user anxiety'?

> We'll make a deal then. Apple will do this, and sell more Macs than ever before. You'll insist they'll should do otherwise, throw a fit when they don't, insist users are idiots when it works perfectly and sells like gangbusters, and then act like it didn't change anything and was no big deal when eventually this is how all desktop operating systems work.

Have you considered a position in Smashing Magazine?

Warning against unsigned apps being potentially harmful is not scaremongering, it's the entire purpose behind code signing. I couldn't care less about "sullying the image of developers" and I bet Apple agrees.

> Yet you speak as if this system were immune against social engineering.

No, I speak as if this system were MORE resistant to social engineering than all other desktop operating systems, which it is. It's also a step in the right direction, towards a system that is immune.

> It will only be if and when Apple decides to remove the option to run any foreign unsigned programs.

I imagine this is how it will end up in the future, the 3rd option will be removed from Gatekeeper. Frankly that doesn't bother me. As long as Gatekeeper retains the "signed, but independently distributed and not reviewed" option and Apple doesn't abuse it, I'll continue using OS X.

> You call a "Your computer is under siege!" message an 'improved user interaction' that will 'reduce user anxiety'?

Right, because all benefits and downsides of code signing are fully represented in this one dialogue box. Give me a break. I'm not even going to bother to rebut this, I just hope you'll think it through for two seconds before responding again.

> Have you considered a position in Smashing Magazine?

Not familiar with the publication. I just call them like I see them. Every effort Apple has made towards simplifying user interaction has met with that response, and every time Apple has been proven right and played out exactly like that. I don't know why people can't just give them the benefit of the doubt at this point.