The same with SIP (system integrity protection). You can turn it off but then you have to turn it all off.
There's no way to keep secure boot but bless your own changes and sign them in some way, that you have approved. You know, as the owner and admin of your own computer. It's either leave it to Apple or be completely on your own. And to make the choice even more uncomfortable they also disable some features like running iOS apps.
You want the ability to choose a different “authorities” that verify and sign binaries? That makes sense to me but is unlikely to relieve any of the issues in the post.
Also what do you mean by “even yourself?” What would that option look like?
For plenty of users, a button right there in the popup is almost the same as no Gatekeeper for most scenarios, but if we can handle it why not let us
It’s not really even that different than a PC motherboard that gives you “Windows UEFI” and “enroll my own keys” as options.
https://asahilinux.org/docs/platform/security/
As far as code signing, again, what do you want Apple to do here? They already gave you a master switch to turn it off. You are free to turn it off then implement your own third party code signing solution if you’d rather choose who you trust. It’s not Apple’s fault if nobody else decided to make their own trust repositories and the only alternative on the market is to have no safeguard at all.
And let’s not forget who Apple markets their computers to. These features aren’t for you and me, they’re for the non-technical customers who will absolutely get pwned by unsigned code. Go to the MacBook Neo marketing page and try to find a single image of someone writing code or even being gainfully employed.
You can turn off all protection, as you point out. So who Apple markets Neo's to isn't a factor.
> Apple’s fault if nobody else decided to make their own trust repositories and the only alternative on the market is to have no safeguard at all.
Does Apple provide a means for enabling third party trust systems, without disabling Apple's protections in general? If not, that is a serious problem of Apple's choosing. Nobody (to a first order approximation) want's to dispense with Apple's protection, or re-implement it, but to be able to carve out exceptions for specific classes of software.
But, yeah, macOS power users these days seem to spend a lot of time criticizing the OS and the company and never seem to just switch to something else.
Apple is the 4th most popular PC manufacturer on the market. You can use something else. It's not a monopoly, nor a duopoly like with iOS.
I switched to Linux, and I've been beyond shocked at how smooth it's been. It's been better than both Mac and Windows in more ways than I expected. And sure, not perfect, but still.
Which yes, many people do. There are plenty of people who have no desire to try Linux. And if you're a developer then you have to consider those people, because many of the people who use your software are the type with no desire to try Linux.
But there are fewer and fewer reasons not to try Linux, and that group of "I'd never use Linux", while still large, is slowly shrinking. I'd argue that Microsoft is doing more than Apple is to push people into reconsidering Linux (and, often, discovering that it's actually pretty good these days, and that your techie friend whom you call all the time to help you with Windows is actually happy to help you with your Linux questions instead).
But slowly, over time, it's making less and less sense to dismiss Linux a priori.
Does my existing hardware connect to the internet and go to sleep when I close the lid? Does the hardware I can buy from major retailers do the same thing?
I know these are _technically_ vendor problems and not Linux problems, but I’ve got enough things to figure out without adding “what chipset does this high end laptop use” to the mix
Apple's root of trust for the OS and thus anything that passes AMFI/Gatekeeper scans is built into the hardware. There is no safe mechanism for introducing other roots of trust that is worth the effort.
If you don't trust Apple, why the hell are you buying their computers at all?
Gee, if only Apple had a reason for implementing this entire feature for themselves…
This is the exact same false dichotomy they mentioned; it's perfectly reasonable to have a set of trusted software vendors that includes Apple but also some others, while the only choices that they support are either just Apple or literally anyone in the universe. You're conflating "trusting Apple" with "trusting no one but Apple to make it sound like the opposite of the latter is somehow also contradictory with the former.
Claiming it's "not worth the effort" is a lot easier when you've already muddied the waters like this.