|Home » Learning Curve
Wait With the Pitchforks?
El Reg's Thomas Claburn weighs in.
SAN FRANCISCO (Rixstep) — Can 10.15 be closing down macOS? El Reg's Thomas Claburn weighs in on the likelihood pitchforks will be needed.
It seems at least two sources are involved in this particular story: namely that Apple plan to further 'clamp down' on ISV output with macOS 10.15.
Both sources claim that something's going on, and that developer IDs will be needed to run anything on the next version of Apple's desktop/laptop OS, but many questions remain.
El Reg's Thomas Claburn took a good look at the situation.
'Imagine for a moment the possibility that macOS 10.15, due to arrive later this year, will run only apps signed with a valid Apple developer certificate, with no option to whitelist unsigned apps via the company's Gatekeeper security mechanism', he writes.
Which is exactly what we were told. That 'whitelisting' would no longer be possible.
Thomas goes on.
'That would mean the only application code you could run on macOS 10.15 would be software created and signed by registered third-party developers, who right now have to pay $99 a year for said status.'
Bingo. That's where the blood starts to boil. To have to pay money (to Apple, who else) for the chance to run independent software... Note that the $99 is not even a fee - it's the equivalent of a driving licence permit: there's no guarantee you'll pass the drive-up exam, so to speak.
There can be time limitations as well; perhaps your software will simply cease to function after five years?
'Unsigned code you build yourself wouldn't, therefore, run on your own hardware, with that OS installed.'
'The aim, we presume, would be to stop unsigned malware running accidentally, primarily.'
Who said anything about malware? No one would believe that. But to make more money, now that iPhone sales at long last taper off.
'Right now, the latest version of macOS can be told to run software only from the Mac app store, the app store and certified devs, or from anywhere with no restrictions.'
Yes. Even though more and more people are calling its very existence into question. Yet it's user-configurable.
'It's been suggested that Apple is planning to ban all unsigned programs in macOS 10.15 and onwards, and a Register reader within the industry has insisted to us he's heard this on good authority.'
There appear to be at least two sources.
'It's equally plausible the scenario has been fabricated or overblown to encourage Apple to tip its hand.'
Only if the conspirator is inside One Infinite.
'We've asked around about this, and have been unable to confirm it.'
Not surprising. No one's been able to confirm it. Which would lead one to conclude that the sources, at least one, immediately expressed uncertainty, and themselves said they needed more. (Apple would hardly admit to such a thing anyway. But it gets better.)
'We asked Apple, but the company seldom answers our inquiries.'
Nope. Particularly not El Reg!
'The last time this reporter got an immediate, unequivocal response from Apple was in 2006...'
Rather par for the course.
'Refusal to [address speculation] makes the claim at least worth discussing, given that it's not very far from changes delivered in macOS Mojave (10.14).'
Good point. The frogs can feel the water heating up, but most insist they're still comfy.
Has there been some confusion with notarisation? One would presume all those concerned knew what it was. Thomas Claburn:
'The Mojave update introduced the concept of app notarisation, a pre-distribution code-scanning service performed by Apple that looks for malicious content and signing problems in developer-signed apps.'
Or nixes anything they don't like. (What a shame customers can't do that with Apple code - nothing would run. Ask Woz.)
'Successfully vetted apps get appended with a ticket that provides extra information to Gatekeeper.'
No messing with OPC. Mucking about with someone else's property again. The height of irresponsibility to let someone muck with one's software. Downright stupid. What are ISVs supposed to do? For, if they're respectable, they'll have to scan the stuff Apple returned to them before sending it on to people who trust them. Yucky. What a mess. So more than understandable if an ISV should refuse.
'Apple has said app notarisation is optional under Mojave but will be mandatory in the future.'
There you go. Anyone know anything about OpenBSD? Linux Mint?
'Note that in an upcoming release of macOS, Gatekeeper will require Developer ID signed software to be notarised by Apple.'
Note that in an upcoming release of your system, Apple, all you'll have left on the ISV side are feeble greybeards. But we all miss Steve.
A bit of the cruncher:
'We suspect that those whispering the supposed looming changes have mistaken the foretold notarisation requirement with a slightly broader restriction affecting not just developer-signed apps but all apps.'
Possible, but not probable. But what is certain is that not all details are known, and what is likely is that something else is afoot which falls between the one and the other.
'When we asked Cabel Sasser...'
'Seems at odds with how Apple is positioning the Mac right now as a workstation for professionals.'
Sounds good, but are they really doing that? And can they not have a workaround?
'Plus, on the Mac, all the security can be turned off anyway.'
Perhaps today. Not so certain tomorrow. Thomas Claburn:
'At the same time, the distance between what Apple has said it will do with mandatory notarisation and what it could do by closing Gatekeeper to any unsigned code is small.'
That bears reading again. And again and again. For it's obvious that, despite all the disclaimers these past ten years, Steve's 'nope' was a bit of a lie. Not a completely white lie either.
'With macOS Sierra, Apple began hiding the option to install apps from unidentified developers.'
Smells conspiracy. And that's two OS versions ago.
Thomas Claburn points out that closing the whitelisting 'loophole' would be easy, and he cites 'Marzipan' as a reason they'd try.
Felix Schwarz had perhaps the best comment of them all.
'If Apple wants to really require signing for all apps with 10.15, I really hope that Apple has thought about these issues and put viable, working solutions for them in place.'
'I fear, however, that it could be a continuation of the kind of platform security changes macOS has seen in more recent history: well intentioned, but not well made.'
And, with that, he could mean any one of a hundred or more different things.
'Potential problems, he said, would be that unsigned legacy software might not run and any open source software currently distributed without being signed would have to pay the annual fee for an Apple developer account.'
Precisely. Benjamin is chairman of the board.
'If Apple required all macOS apps to be signed, he said, it would make Mac developers very angry...'
Not for long. Oliver Twist would...
'I believe that for your own personal device, you should be allowed to run whatever code you want.'
That could be dangerous.
The Register: Don't get the pitchforks yet
Industry Watch: Apple Locking Down 10.15?
Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.
Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.
All Content and Software Copyright © Rixstep. All Rights Reserved.