Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Apple is already doing this. They've recently required that ALL software run on Mac is signed by them, even apps from outside of the App Store.

https://developer.apple.com/news/?id=04102019a

Not much longer until we can't run software Apple doesn't like at all.

Because I shouldn't get a say in what I run on my four thousand dollar computer, of course.



Right click bundle icon, click `Open', follow instructions (such as they are). It's been like this for years.

You might have to tick the 'App Store and identified developers' option in the General section of the Security & Privacy preference pane? - but my recollection is that if you don't, you just need to right click a bit more often...

I was a mite concerned when they introduced this stuff, but the net effect has been minimal, and I've (so far?) found no reason to disable it.


And people complain that desktop Linux is arcane and full of obscure configurations


They do.


All it takes to disable Gatekeeper is a single Terminal command. All it takes to disable System Integrity Protection is a single Terminal command run from recovery mode. By my count, that is ten minutes of work at most to allow not just unsigned software but unsigned drivers that run at a super low level.

Add in a few more Terminal commands and you can even disable really arcane things like amfi [1]. I don't know why you'd ever want to do that, and it's probably a bad idea, but you can, so by all means please go nuts.

When Apple starts taking away Terminal commands you are free to start screaming, and I'll be there with you. For now, all Apple has ever done on macOS is remove UI options, which keeps inexperienced users from running into them.

---

[1] https://github.com/stek29/nvram-liber-macos

P.S. Microsoft, by contrast, does not let you permanently disable driver signing on 64 bit Windows 8/10. This perpetually drives me nuts, but no one else seems to care for some reason...


>Microsoft, by contrast, does not let you permanently disable driver signing on 64 bit Windows

Have you tried the next? (I haven't tried it because I don't have access to a Windows box on which I have admin privs.)

https://windowsreport.com/driver-signature-enforcement-windo...


Test mode and `nointegritychecks` work for some drivers and not others—I've never been able to figure out why. Monitor EDID overrides are a quick example of what doesn't work in test mode. You need go through the whole advanced startup process, which only takes effect until the next reboot.


All developer-ID signed software downloaded from the internet with the quarantine bit set.


Too much fud. Can you download code from github and type ‘make’?

Then you can run anything


As long as your build toolchain is available, that is, signed.

Signing software is a good idea. Which signatures to trust should be a user's decision, though, with sane defaults.


That is the case. The defaults are 'developers who were vetted by apple', it is up to the user to trust or distrust individual applications and running non-signed ones is trivial.


I agree with this.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: