> At first, it was Gatekeeper. Yeah, appeared in 10.8. Then notarization. Now, on M1 you need to sign your binaries ad-hoc or they won't run.

You are confusing the local software development with the global software distribution.

Anyone is free to install development tools, compilers and toolchains, compile and run anything locally on an OS X, just like on any other UNIX system, including Linux. Gatekeeper and the notarisation enforcement, which are a default but can be neutered, address a common use case of «my mom/little sister/grandfather/etc has downloaded and installed a seemingly useful app from a dodgy website that has excreted a ransomware that now demands a payment to give their data back, or leaked all of their contacts/personal data, or slowed their computing device 100 fold down». OS X does give lay users a way to turn checks off, including the system integrity protection, and shoot themselves in the foot if that is what they want.

In fact, I would like to be able to selectively apply an even more, higher, restrictive security profile to any app, including to the ones available through Apple's own app store. Who can tell what potential spyware / trackware a 500+ Mb WhatsApp download from the official Apple app store contains within? WhatsApp desktop client is a mediocre (feature wise) messenger that is not even as feature rich as the 85Mb Telegram desktop download is. And I, for one, don't have the capacity to reverse engineer and manually inspect every single WhatsApp download/update for my own peace of mind and sanity, and I would also presume that very few people even from around here can. Anything coming out of FaceBook nowadays should be considered trackware and needs to be airgapped with the utmost diligence.

Even the business/enterprise software is ridden with all sorts of trackers. Citrix Workspace client, for example, installs three "telemetry" helper processes that phone home non-stop.

> Custom kernel extensions? No way.

Yes way. They just have to be signed for same reasons as third party apps. See https://support.apple.com/en-au/guide/security/sec8e454101b/... for details. I was recently scrubbing the file system off some legacy components and noticed, with a lot bewilderment, what extra 'useful' USB drivers a 4G MiFi device I had purchased over a decade ago installed at the 1st connection attempt. I, for one, don't need those 'niceties' to sneakily creep into any of my file systems or lurk around.

In fact, OS X has become more GNU Hurd since 10.15 like by pushing kernel extensions into the user space instead, which reduces chances of the kernel crashing due to a bug in a random extension. More kernel stability and security? I say yes to both, albeit your mileage may vary.

* I have to turn off gatekeeper to run unsigned apps.

* I can't write into /bin or /usr on my own machine without flipping some magic option

* I can't run gdb without some complicated signing dance I have to do every time I update it.

* I can't run dtrace without rebooting and switching some secret flag off. I have to tell other people to turn they same thing off so they can dtrace applications.

That's just straight off the top of my head. The dtrace and gdb things are particularly annoying, as it makes life harder for me to get other users to do simple debugging tasks, and there is no simple workaround, just complicated instructions.

Where did you get that information and what makes Apple Silicon different here?

Yeah, such a power user that you can't use any one of the easy, documented ways to deal with that? You're not exactly helping your case here.

>Put it behind some shell command or something... but have it easily documented and marketed towards people like me.

  sudo spctl --master-disable

  csrutil disable

Yeah, Apple has put up more guardrails in macOS. But contrary to your assertion, enhanced security is plenty useful for "power users" too. Being a power user doesn't mean that it's nice to have some bad software clobber your install or a zero-day nail you. Some of the new security features could definitely be made much more easily useful for power users sure, up to and including having a GUI on them. It'd be nice if Apple had functionality to easily have your own root signing setup alongside theirs, so that we could take advantage of all the signing mojo as well. And it's reasonable long term to be concerned about a day when Macs also have hardware trust chains and what happens then.

But for the time being macOS remains 100% modifiable for an actual genuine power user. The new stuff can be turned off, and more easily arguably then back when you needed to recompile your own kernel to mess with kern.securelevel and the like. Somehow someone in the company continues to open source a certain amount of macOS same as the old days, see https://opensource.apple.com/.

It has become unfriendly for Apple development too. Increasing lockdown, endless permission prompts, bugs piling up into a mountain, and the forced OS updates required by Xcode.

Do you have a source for this? I certainly haven't read this anywhere, but I also haven't been keeping a super close eye lately! This would both be really sad and would also essentially destroy the entire OSS community in macOS. (So I'd be very surprised if Apple actually made this change. It would also mean every numerical scientist would have to migrate off the Apple ecosystem, which would be a shame.)

It has become somewhat unfriendly, but I really appreciate that you can still do whatever you want.

To run self-signed apps, run `sudo spctl --master-disable`

To turn off System Integrity Protection, run `csrutil --disable` from recovery mode.

To modify the root filesystem, do all of the above and run `csrutil authenticated-root disable` from recovery mode.

To disable library validation, do all of the above and run `sudo defaults write /Library/Preferences/com.apple.security.libraryvalidation.plist DisableLibraryValidation -bool true`

To disable AMFI, do all of the above and add the boot argument amfi_get_out_of_my_way=0x1

(Some steps may be a bit different on Apple Silicon Macs, I don't own any so I'm not as familiar.)

---

You now have the same privileges Apple does. You can grant yourself whatever entitlements you like, inject your own code into any process, load your own kernel extensions, or just replace the whole kernel with your custom build of XNU.

I actually think a decent chunk of macOS's perceived "unfriendliness" comes from Mac users being less willing to hack around than users of other OSs. The common refrain in Mac circles seems to be that System Integrity Protection should never be switched off under any circumstances. I agree, if you're a normal user—but if you're not, and the handcuffs are annoying you, just unlock them already. (But do leave everything else in place until such a time as it presents a roadblock.)

Also, method swizzling in Objective-C is fun, try it!

Actually I'm now thinking that I'd make a launcher. The only thing that you have to grant scary permissions to, and then run whatever the hell you want on the device you bought.

Agree on the first half, strong disagree on the second. We need way more sandboxing restrictions on all operating systems. I have yet to see someone run into sandboxing problems on MacOS (in production) that wasn't doing some evil shit that should be difficult.

As a developer it's a bit annoying. As a user it's why the OS experience sucks less than windows and linux for user applications. The .app and permissions design is fantastic - the experience of developing it not so much, but it could be improved.

I really don't want your app spawning off god knows how many processes doing god knows what with unfettered access to my filesystem and network.

I don’t know, from my experience just building and running works fine. As hoc signing is something the tool chain does. I don’t write kernel extensions so I cannot really comment on those (though I have a couple of them installed as a user and there was no significant hassle). The worst annoyance I’ve seen is having to authenticate every now and then to attach a debugger to a process.

> there's some sacred knowledge that you should be in possession of, and update it every year for $99, so that you can program your computer.

Programming your own computer has no red tape, the difficulties start when you want to distribute binaries, if you don’t want your users to have to right-click once. You can get compilers and things from xCode, Homebrew or MacPorts and they work without you having to pay anything.

> I like the pure Unix approach more, when the line between using the computer and programming it doesn't really exist, and where the system is basically your IDE too, and where you're going from being a user to being a programmer and back without really noticing. Mind you, it doesn't mean you have to go from one to the other, but when you want/need to, it's damn frictionless, and the system is as malleable as you want it to be.

Yes, it’s nice. But my ose of MacOS and Linux are not very different in that regard (true, I spent quite a bit of time customising xfce, which was fun). Also, to be a bit realistic it does not really work with end users in general. For a mass market OS, the fewer footguns the better.

Don't use them then? Seems like a useful feature to me for certain utility apps that don't require a proper Mac app/can't afford to develop one.

Might be worth reading the entire post and commenting on it in its entirety, not cherry picking.

And rightfully so! How is this not an obvious trend to you?! It isn't just Apple, it's cell phones and tablets with unlockable bootloaders, Windows S-Mode, Samsung Knox, Firefox extension signing that can't be disabled, and a great many other examples. It's the trend that's alarming, not the specific way macOS is configured right now.

> How do you propose that you would be able to develop software on the Mac if you had to sign your executable every time that you recompiled it?

By paying the Apple tax for a developer license and then just... signing your code every time you compile it? You already have to do this for Firefox extension development if you don't bother to run a dev or unbranded build. Alternatively, just run your (unsigned) compiled code in a VM.

> So what would be the financial motive ...

The financial motive is the glaringly obvious walled garden! It's the vendor's control over the device you purchased!

> Do you really want third party kext to be “free” to crash your entire system?

Obviously not; that is a bad faith interpretation of what I said previously. There are ways to ensure user security that don't remove control of the system from the end user. These options are consistently not chosen, by more or less all the major manufactures. I believe that the motives for such behavior are quite obvious.

So blame Apple for it - why do you blame the developers?

Apple wants you to forget that it is the developers that add value to a platform, and yet it charges them for the "privilege" of creating apps for their platform. And then they are openly and increasingly hostile to developers who do not conform to their business model and do not want to pay them or distribute the app through their app store - and thus they keep crippling API after API to make sure that the developers toe their line.

It is because of Apple's hostile attitude to developers that they no longer want to invest (or rather waste) their time on Apple platform.

Here's a real life example of an app that is now no longer viable on macOS because it doesn't suit Apple's goals - https://medium.com/tripmode/apple-started-hiding-the-traffic... ...

Superficially, that makes it seem like not an issue. But it's sort of like when Sony added the "no class action" waiver to their TOS. Yes, you could opt out, but it still removes virtually any possibility of a class action suit since very few people did opt out. Similarly, it is possible to run apps that aren't signed, but most users won't, and that means that it isn't viable, from a developer's perspective, to produce unsigned apps.

Now, it's true that you don't have to go through the App Store review process just to sign an app, but that doesn't mean that Apple can't revoke your key on a whim (or in error).

The cost is also an issue. $99/year is a steep commitment for what used to be a pretty big segment of the Mac developer ecosystem. The common counterargument to this is "Really, you're going to complain about $99 when while working on a $2500 laptop?" But this is nonsense. If you're unemployed, in school, or working a low paying job while developing on the side, your computer likely isn't a $2500 laptop. It's probably a low end Mac and/or a hand-me-down, and you will keep riding that machine until it breathes its last gasp. $99/year is about the cost of your whole computer.

Now, maybe Apple doesn't care about a slew of small, cheap/free apps with low hardware requirements, but their users sure as hell should.

Homebrew put in some work for this not to be an issue, but SIP was an issue for me back in the day and why I no longer use a Mac.

Additionally, there's an annoying popup every time you want to launch a internet-downloaded binary that doesn't even have an 'Allow' on the box itself. One has to go via Settings => Security and Privacy, which is tedious.

> I was able to address that by self-signing the binary.

For many, that's too much friction to bother.

> M1 Macs don’t boot any OS not signed by Apple but they did demonstrate Linux running under virtualization. The fact that they included this in their demo indicates that the ability to continue running open source software on Macs remains a priority.

Maybe, but virtualization is not the same as bare metal. The only thing this shows to me is that Apple knows server-software will be deployed to Linux servers, so they need to provide some ability to test on Linux, even for their own in-house services I'd imagine.

Nothing has really changed in this article though. You can still run software just as before.

I maintain a handful of open source apps for macOS, and have for years. If I don't pay the $100 Apple tax, macOS will treat those apps as if they're radioactive, and it will trick users into believing the apps are either broken or malicious.

In order to run them, users must know how to change arcane settings and do a magic ritual with the UI, otherwise they just won't open.

If the tables were turned and it was Linux that wouldn't run apps that were not signed and approved by Red Hat without having to jump through arcane hoops first, people would be rightfully pointing out how user and developer hostile it is.

> They killed the industry.

Not only that, they helped usher in the race to the bottom when it comes to the app distribution market. Now everyone expects to spend a dollar or two for an app if they're spending anything at all. They also killed the paid update/upgrade model for apps.

The infrastructure to grant/deny use of specific applications to individual users has existed in macOS for years if they wanted to use it that way. Their server just currently gives the same answer to all requests for the same signature.

https://eclecticlight.co/2020/11/25/macos-has-checked-app-si...

How about launching those applications totally privately — no network requests at all?

Spoiler: `sudo spctl --master-disable`. Luckily we're still allowed root on ARM Macs for now :)