Comment by heavyset_go
4 years ago
Some x86 systems weren't completely locked down, but similar systems successfully lock down millions of phones, tablets and console devices (which are x86 systems these days).
The trend for security in desktop computing that's pushed by these large companies is to, over time, approach similar levels of lock down that mobile devices currently have. Both Windows and macOS are approaching the iOS security model that depends on manufacturers blessing what software can run on their products, and banning software they don't want users to run.
For example, with Defender on Windows and Gatekeeper on macOS, developers need to buy certificates from Microsoft and Apple's partners in order to distribute and run their software on users' desktop computers. If developers want their software to run on Windows or macOS, they need to remain in good standing with Microsoft or Apple. If Microsoft or Apple decides they don't like you or your app, all they need to do is to revoke your signing certificate, and Defender and Gatekeeper won't let your software run on Windows or macOS. That, or they can choose to no longer renew your certificates after they expire.
> Some x86 systems weren't completely locked down, but similar systems successfully lock down millions of phones, tablets and console devices.
so shouldn't we be protesting against the systems that are locked down, instead of protesting against largely non-problematic implementations? For instance, with secureboot you can load your own keys, and the TPM isn't some sort of coprocessor that has access to your entire system.
>If Microsoft or Apple decides they don't like you or your app, all they need to do is to revoke your signing certificate, and Defender and Gatekeeper won't let your software run on Windows or macOS.
I'm not sure about gatekeeper, but at least on windows smartscreen can be disabled. I understand how having a gatekeeper sucks, but I also understand the problem of malicious software, which gatekeeping partially mitigates. In the end the fact that you can disable makes it a non-issue for me.
It is not a non-issue. Because 95% of people will not disable it. This means that if Microsoft asks some company to make changes to their program, then they will have a lot of leverage behind that ask. Even if you personally disable the gatekeeping, you will be affected indirectly as the market for non-compliant programs will be unsustainable. Everything you run will be microsoft compliant, outside maybe one or two hyper-niche things.
This is what Android has taught us.
Except there are a ton of people (as in millions of them) who have smartscreen disabled because they're using a non-microsoft antivirus program. So no, this is a non-issue.
Also, smartscreen is not a naive block of unsigned code. Code blocking is reputation based, and people disabling smartscreen and running a binary contributes to that reputation. Which means that people like gp are actively helping by continuing to use Windows and running safe-but-unsigned apps. So, to reiterate, not an issue.
> Both Windows and macOS are approaching the iOS security model that depends on manufacturers blessing what software can run on their products, and banning software they don't want users to run.
That's been said for years, and hasn't held true. I can boot a Linux kernel on my M1 macbook. Apple could easily have locked it down in exactly the same manner as their iOS/iPadOS devices, yet chose not to. I can still install whatever I want. The default state of the system has a locked down root volume. And the default behaviour is not to install untrusted software, unless you jump through a couple of hoops. Those are good defaults. Those are damn good defaults for most people. If you're running untrusted code in your webbrowser all day long, you want your base system to be as unmalleable as possible, and as untrusting as possible to third party code. But I can still work around that with almost no hassle. Homebrew still installs software as easily as it used to nearly a decade ago; it just might need the occasional --no-quarantine flag for unsigned software.
Even recently they appeared to have actively assisted in the running on non-macOS operating systems on their hardware: removing the requirement for kernel images to be in mach-O format[1].
[1]: https://twitter.com/marcan42/status/1471799568807636994
> > Both Windows and macOS are approaching the iOS security model that depends on manufacturers blessing what software can run on their products, and banning software they don't want users to run.
> That's been said for years, and hasn't held true.
It certainly has. Unsigned binaries were recently deprecated entirely on M1 Macs. Microsoft even released versions of the Surface that can only run Windows and only run apps blessed by Microsoft. With each iteration on these products, the screws are tightened a bit more.
Software freedom is not just about being able to run Linux. Most Mac users buy Macs because of macOS and its integrations, running Linux doesn't help them out. Software freedom on macOS definitely does, though. As it stands, that freedom has been chipped away at with new releases of Apple's software and hardware.
For example, I'm the author of several open source utilities for macOS. Users had no problem using the utilities a few years ago, but because they're unsigned or not Notarized, macOS tricks users into thinking that they're either broken or malicious. Even self-signing the apps has macOS treating them as if they're radioactive. Users don't understand the scary signing and certificate alerts, so they end up thinking they've downloaded malware. The solution to this is to pay Apple $100 every year, and then regularly have them scan and approve of the apps via Notarization. That's antithetical to software freedom. Regular users who want to use un-Notarized software are left frightened and without having their needs met. Software freedom is important for everyone, not just developers and power users.
Heck, the amount of work it takes just to install gdb and debug another process on Mac OS is insane. There's no clear instructions on apple's website: the best thing to do is follow a stack overflow post with something like 14 instructions on how to generate the right kind of self-signed cert, acknowledge all the warning messages, and then follow the various comments for os-version specific alterations. It took me ages.
> Unsigned binaries were recently deprecated entirely on M1 Macs.
Except bins signed by self-signed certs are still treated basically the same as unsigned binaries were before.
7 replies →
>That's antithetical to software freedom. Regular users who want to use un-Notarized software are left frightened and without having their needs met.
It's easy to argue "give me software freedom or give me death!" if you're a technically competent user that probably won't fall for a trojan, but what about everyone else? Don't you think there's a reasonable argument to locking down systems to improve security? To be clear, I'm not arguing for sacrificing software freedom wholesale for security, only in default configurations.
4 replies →
> Apple could easily have locked it down in exactly the same manner as their iOS/iPadOS devices
Yes. That is in fact the problem. They shouldn't have the ability at all. Given the ability it will be done, it is only a question of when and why.
Corps have this ability already and are building in tech to make circumvention even more difficult. We are one update away as it is now.
How do you propose preventing that, outside of legal remedies? If they design the hardware it obviously can be done. Hell, with the right external chip you could do it with a MOS 6502.
And as for barring it legally, remember that there are valid uses for locked down systems. It can be a useful security barrier.
> > Both Windows and macOS are approaching the iOS security model that depends on manufacturers blessing what software can run on their products, and banning software they don't want users to run.
> That's been said for years, and hasn't held true.
https://news.ycombinator.com/item?id=25074959
However, if you jump through those hoops, you lose certain functionality, namely Apple Pay and the ability to run iOS apps on Mac.