Rixstep
 About | ACP | Buy Stuff | Forum | Industry Watch | Learning Curve | Search | Test Drive
Home » Learning Curve » Red Hat Diaries

Locked in the Garden

Here comes the WWDC.


Get It

Try It

Following long years of abuse and turmoil at the hands of Microsoft and the abortive Windows, the eyes of the computing world looked desperately for an alternative, a way out. Unix was that way out.

The invention of Unix was awarded the Technology Medal in 1999. Coauthors Ken Thompson and Dennis Ritchie received the award in Washington from the hands of US president Bill Clinton. Today their Unix powers the Internet.

Almost all web servers run a 'flavour' of Unix. This can be a flavour of Linux or the even more popular FreeBSD.

Apple also run a derivative of FreeBSD, and have acquired FreeBSD's former project lead.

OpenBSD, NetBSD, Ubuntu, Red Hat Linux, SuSE: the list was endless already twenty years ago. Apple's iOS is a derivative of a flavour of Unix.

Unix was not originally an 'open' platform, even though the source code was available for a fee. Both Linus Torwalds and the University of California at Berkeley made open variants. Most free Unix packages available today, for both workstation and server, ship with a GUI front end and are based on either Torvalds' Linux or Berkeley's BSD (Berkeley Software Distribution).

Apple's Unix isn't one of them.

Apple wanted to be embraced by the open source community twenty years ago, and initially ran a project called 'Open Darwin', 'Darwin' being the name of the derivative of FreeBSD used by NeXT. But the project fell apart. Apple make other 'open source' efforts, but they're not the same thing. And source code to a lot of Apple's FreeBSD underbody is available, but it's not the same thing as an 'open system'.

Apple started twenty years ago by making it easy for anyone to get source code, whilst charging $129 for an OS update. Today the updates are free whilst access to a lot of source code and developer tools is constrained by requirements such as registration, etc. Although 'bottom rung' access is free, it is limited, and a number of people report difficulties in accessing the tools they seek. Registration at a higher rung requires paying an annual fee. You must pay this fee if you want to get into Apple's App Store. Only then can you get your product 'certified' by Apple.

The certification process? Yes. Because you want to be listed at Apple's App Store. And that process requires you pay a fee. Your software must also comply with Apple 'standards': some of these standards seem sensible enough, but not all standards can or will be articulated.

Once you finally get your product approved so that it conforms to Apple 'standards' and has the 'look and feel' Apple want, you can be listed at their App Store. And should you actually sell any units, dwarfed and drowned out by the 'big players' there, the corporations who often work closely with Apple, you'll still have to give Apple 30% of what you make, whilst payment processors otherwise ask for a mere 10% plus an additional fee of a dollar or two - two thirds less than Apple. (This carries over to other Apple services, as is seen in the lawsuit filed by Spotify.)

Those enthusiastic and welcoming technical newsletters of old? They went the way of the Apple promise to keep their new OS cross-platform compatible as NeXT had been. Apple closed off the company and the platform to innovation and freedom.

NeXT was clearly the best alternative to Microsoft and Windows twenty years ago. Apple of today are no longer at that level.

In terms of development environments, Apple were once the runaway leader, but this was mostly because of the NeXT tools they'd acquired for their $429 million.

In terms of programming languages, Apple were once the runaway leader, Steve Jobs having purchased the rights to Objective-C from Brad Cox' Stepstone right before his triumphant return to Cupertino. But things have decidedly gone downhill since then, with an abortive update to the Objective-C standard, with the introduction of Xcode to replace NeXT's Project Builder and Interface Builder, and perhaps above all with the release of the Swift programming language, a sort of latter-day REALbasic, specifically constructed 'for the rest of us'.

It's not hard to see where this is going.

Once applauded as the first company to reach a trillion dollar market cap, Apple's value has since fallen dramatically, and at least three other companies lead instead. Access to free tools, to target platforms, to all the things that made Apple seem like one of the forces for good: they're mostly gone today. The original programming language is still far better than what's found elsewhere in the world of Unix, and application support from the Cocoa frameworks is still far better than what's found elsewhere, but things are definitely going in the wrong direction. What is treated as 'freedom' on other Unix platforms is scorned at Apple - the polar opposite of the image they wanted to convey in their 1984 advert. All the Oprahs in the world can't change that. Not in the long run.

Apple introduced code-signing over ten years ago, after a number of mishaps with their first versions of iPhone's OS. Third party software for iPhone must be tacked on with Apple's own 'root certificate', a cryptographic seal that only they can produce. You have to submit your product to Apple; provided they don't discover something that's embarrassing to them, they can seal it for you. You can't seal it yourself. And your product will only run on iPhone if it has that seal.

Apple don't have to let you release an update to your product, even if your clients are clamouring for it, even if bug fixes make it crucial. Rules, tastes, and sensitivities can change at any time, and you can find yourself booted out.

You can even find previously accepted products removed from their App Store - all in the interests of their customers, of course.

Apple never went 'totalitarian' with their OS X. There were too many reasons. They obviously can't do it all at once. But they want to get there. They're getting closer all the time. The latest gambit is a sleight-of-hand called 'notarisation'.

No one knows yet how this 'notarisation' trick will work on Apple's coming OS version 10.15, but a few things are known about how it will not work.

√ There's no Gatekeeper 'module' in the system, instead a number of modules work together.

√ These modules interact with the 'launch services'.

√ Which in turn work with csrutil and spctl.

√ There's no 'open source' here - it's a war between Apple and the consumer.

csrutil was introduced in 10.11, in September 2015. It's a tool for configuring System Integrity Protection (SIP). This is a resource protection scheme above and beyond ordinary file permissions, ancillary 'file flags', and access control lists. As Unix file systems do fine with ordinary permissions and file flags, SIP must be for Apple's own benefit.

spctl deals with the system's 'security policy', another Apple add-on not found in traditional Unix, but introduced for 10.7 Lion some ten years ago.

An aside here: if people fled Windows for the safe haven of Unix, and Unix proved safe all these years, what has changed? Why is Unix suddenly insecure? Or is it just Apple wanting to get people to distrust the 'Rock Solid Foundation™'?

It's hard to see what's really going on outside if you're locked inside the garden.

What's understood now is that csrutil and spctl somehow work together. What's suspected is that they can somehow prevent the installation of kernel extensions. What follows from this is that Apple indeed have 'pulled the switch'.

Apple have come under increased scrutiny and criticism, both for their questionable software decisions and for their flagging and evermore chaotic hardware lines.

It used to be a breath of fresh air to buy things at Apple. They had the 'four pillars' of Steve Jobs: high-end and low-end desktops and laptops. Four. That was it. Look at how things are today. Now go take a look at their mobile lineup.

When a single mobile device can cost more than three high quality laptops from another company...

And with the sadistic 'butterfly' keyboard, dongle mania, their obsession with 'thin', the borked-up internal design, the Touch Bar, etc, and the sometimes voiced suspicion that Apple keep reusing flawed components as a sort of 'enforced' obsolescence...

Take the time to view a clip or two by Louis Rossmann and you might wake up. For what are you to buy next time around? What will fail first? How about replacing a battery again? How about replacing a keyboard?

About | ACP | Buy Stuff | Forum | Industry Watch | Learning Curve | Search | Test Drive
Copyright © Rixstep. All rights reserved.