macOS unable to open any non-Apple application

> I'm puzzled that people are willing buy a computer/OS where (apparently) software can/will fail to launch if some central company server goes down. Maybe I'm just getting this wrong, because I can honestly not quite wrap my head around this. This is such a big no-go, from a systems design point of view.

The answer is pretty simple: these problems are extremely rare, they don't last very long, and they tend to have fairly simple workarounds. You seem to have a principle that any non-zero chance of being affected by a problem of a certain type is a complete deal-breaker, but most people when buying a computer probably just subconsciously estimate the likelihood and impact of this type (and all other types) of problems and weigh that against other unrelated factors like price.

> rare, very long, simple

in this context those are simply weasel words in my opinion

I think more specifically it's rare enough that it hasn't happened to most people yet or people blame themselves ("my internet is bad" and the like)

The payoff for the very slight risk is an effective built-in malware prevention system that doesn’t treat me abusively and reacts in a timely manner to abusive circumstances.

After decades of production operations, I have no complaints about how this was handled, and I expect they’ll investigate and patch any defects exposed by the outage.

I went for a walk when this happened and when I got back it was fixed. Works for me.

It's even simpler than people not caring, people don't know.

It's true that I don't have data on how often this type of problem happens, how long they last, and what the workarounds are, but I'm using those words not to be intentionally vague, but to reflect my own impression from my own experience, and I strongly suspect my impression matches most people's.

There's software "EazyFlixPix" which shut down its authentication server - so everyone who purchased the app can no longer install it (unsure, but they might be also prevented from running it too).

Feels problematic.

Without principles, your freedom will be (is being!) slowly chiseled away, pragmatically accepting each small step. By the time even pragmatism tells you to refuse, it'll be too late.

That's exactly what happened in Hong Kong: https://www.nytimes.com/2019/10/09/technology/apple-hong-kon...

But it could never happen here...

(As someone pointed out, this does more than just prevent apps from running - it also leaks which apps you use and how often. Someone could ask Apple exactly when you started Tor browser, for example)

The problem is that this is not an issue that should be viewed only in the current context. Just because things are rare now, don't last very long doesn't mean that they will continue to be that way, or that it will work at all in the future if Apple decides that only EOL OSs could be using this system at some future point where it's mostly changed.

Not caring about this now is like not caring about government or corporate privacy invasions because "I have nothing to hide". It completely ignores all the variables that have to align to make this benign that happen to at this point, but are in now was assured for the future.

If you use your laptop as mostly a youtube machine or a social media station then yes, the described problems are not a big deal, in fact they are probably beneficial to your well-being. But if you use your laptop to earn a living, that can be a major problem, day traders for a top of the head example. This also sounds like a nightmare for the corporate world. I suspect that these custom silicon iOS devices will be fully cemented as 'Fisher Price' computers.

I agree with your point about it being a principle, although I would add that the decision to build a product in this manner is also a principle.

Furthermore, I would sort of disagree with the answer to why people would buy this. In terms of "most people buying a computer", the overwhelming majority of Apple customers are likely ignorant to this issue, and will continue to be.

He's not commenting how the problem should be viewed. He's communicating how he thinks most people view it. IOW, you're arguing what should be while he was talking about what is.

As an Apple user of 10 years: I had no idea macos phones home like this.

Exactly. Today was the first day when I knew this was possible. If I had been buying a computer a month ago, this would not have been a factor in my calculations whatsoever, because I didn't know it was even a possibility to consider.

A month from now? Different story.

That's different mindset — ability to fix, right to repair. No way to comfortably run another OS on MacBook, has to use macOS. It is closed source, users at mercy of the company. Think different.

It's a certificate check.

I knew and didn't care. If you care, you're going to be real upset when you look at your other alternatives.

That said, I don't think many people here actually care. I firmly believe that most of the people on this site just like to shit on Apple, because they prefer that to trust their privacy to an Advertising company.

FYI, both Windows and Chrome (to an extent) can do this too. Windows will phone home to smartscreen scan downloaded executables, and Chrome checks every download against virustotal (owned by Google since 2013) for viruses to warn that software is malicious, and I've been burned by this a few times when a download wouldn't complete for multiple minutes due to this scan.

Furthermore, if you’re one of the few who do know and it bothers you, you can turn it off.

Also, which is the bigger risk for most people: disruption to the cert verification, or malicious runtimes on their system?

(Hint: I have literally never seen an example of one of our bank's customers being unable to bank because of this. I have seen heaps and heaps of examples of endpoint compromises resulting in people having their accounts cleaned out.)

> If you use your laptop as mostly a youtube machine or a social media station then yes, the described problems are not a big deal, in fact they are probably beneficial to your well-being

I've set up a few Linux installations for people who only use their computers as Facebook and YouTube machines, and I haven't had a complaint. They also wouldn't be able to break their systems if they tried.

I'm of the opinion that if ChromeOS would fit a user's use case, then so would Ubuntu with Firefox or Chrome, most of the time.

Those same Linux systems would fit my needs as a developer with only a few small changes.

Security, simplicity, power and ownership don't have to be mutually exclusive. You can have a simple and secure computer, and also have power over your system and own your hardware.

> Just because things are rare now, don't last very long doesn't mean that they will continue to be that way, or that it will work at all in the future if Apple decides that only EOL OSs could be using this system at some future point where it's mostly changed.

Okay, sure, you could attempt to estimate future damage from what appears to be a simple (albeit bad) bug in MacOS. Maybe it means all Macs will completely stop working in 2 years. But again, I think consumers will subconsciously estimate the likelihood of this to be extremely low.

> Not caring about this now is like not caring about government or corporate privacy invasions because "I have nothing to hide".

What? I thought we were talking about the immediate user-visible bug here, where some third-party apps could not be opened on some Macs for some period of time today. Sure, there are separate potential privacy concerns any time an OS phones home for any reason. But the problem here is just a blatant bug that manifests when the OS phones home and the servers are having problems. Macs continue to work fine when they're not connected to the internet, so it's pretty clear this is just a bug that's not actually related to the privacy concerns with phoning home.

It's like saying car crashes are rare, insured against, and you personally never experienced one.

This does not mean car crashes can be ignored, or cannot happen to be dangerous.

There is a balance between the possible damage because of not checking signatures remotely, and the possible damage from not being able to run a program when the remote checking service is unavailable. But there is no situation where the average damage is exactly zero :-/

How do you use your computer if you don't have an Internet connection and one is required?

That's one potential issue, if you have privacy concerns. But the real problem here is that there's a blatant bug in the phone-home code that causes apps to crash if Apple's servers have a problem.

What? In your analogy, the parent commenter would be saying "I'm puzzled that people are willing to buy an operate an automobile given that they can be involved in dangerous accidents."

And in this analogy, I'm not saying "we should ignore car crashes." I'm saying "the reason people still buy and operate automobiles despite the possibility of accidents is pretty simple."

There's no question that software bugs are bad. But that doesn't mean we should expect consumers to ditch an entire manufacturer forever because it's physically possible for that manufacturer to have a software bug. Obviously, bugs are inevitable. I'm not making excuses. I'm just explaining why people wouldn't instantly abandon a manufacturer after experiencing a single serious software bug.

Furthermore, if you're one of the majority who don't know, you cannot turn it off when it affects you.

> What? I thought we were talking about the immediate user-visible bug here, where some third-party apps could not be opened on some Macs for some period of time today.

>>>>> these problems are extremely rare, they don't last very long, and they tend to have fairly simple workarounds.

This is about Apple controlling what software you can run on your computer, for all third parties, and in a way that if the system/service is malfunctioning or shut down there's a chance it blocks all non Apple software.

You can either choose to accept that Apple is a good steward of this because they haven't screwed up too much yet, and that you're okay with it because you have no or little need for third party software it might affect (or are willing to deal with it), or you can view this as an erosion of your rights to control the hardware you bought, which while only slightly inconveniencing now are still fundamentally the same as what could be used egregiously in the future.

You either vigorously defend the rights (or what you want to be a right) now, or you watch it erode slowly. That's how the system works. You want privacy or believe it's important? Protect it now and even if you don't have anything to hide. You want the ability to control your own computer and run your own software, and not be beholden to some companies deprecation schedule affecting things they didn't write, or at least believe it's important for a possible future? Then defend it now.

Given how iOS functions, and how Apple is moving to their own silicon for their other products, do people seriously doubt that a future where you actually can't run anything on MacOS except what you get through their store isn't at least a possible future? If that's something we care about, it's something we should be vocal about now.

“Bug” is an unverified assumption. For all we know this could be a designed outcome.

But that’s beside the point. If you don’t know, you won’t avoid Apple products because of it.

Then it's a bug in the design.

simply doing “if server does not respond, don’t check anything” would be bigger flaw in design because that would mean just modify hosts file to localhost or something and the security check would be worked around.

This is how you could make Photoshop free back in the day. Add their stuff to /etc/hosts and voila

But Macs already work fine with no internet connection, and apparently modifying the hosts file does resolve this problem.

You still can run the same program checked by windows though, by opting in to use the program. And definitely you still run other programs as the check only occurs on installation, and not every time after running it.

I would accept "flaw", "incorrect choice", or "mistake". But if they considered it, and chose this path, knowing full well this would happen, that's not a bug.

"I'll do YOU one better." /Drax

I know, and I _want_ this. In general, it effectively eliminates the possibility that I'm going to install malware.

What's it like renting a computer?

Doesn't this bigger design flaw you describe apparently exist? I (and many others) did exactly that to get our machines responsive again, ocsp.apple.com 127.0.0.1 in the hosts file.

I don't understand what you mean.

And they don't know because the hidden source of the binaries their overpriced hardware is running. So users can't inspect the source and look for hidden "gems" like this one, let alone fix those intentional bugs themselves - not just due to not having the source, but the hardware refusing to boot anything not signed by the blessed key of Apple.

Even a youtube machine can become a big deal if the walled garden prevents you from installing an ad blocker or third party client & forces you to watch mandatory adds to see any videos - that might very well happens (and happens) in walled gardens.

Yeah, a modern Linux distro can satisfy the needs of a "regular" user just fine - an up to date web browser and maybe an email client and all is fine.

Yet at the same time it makes it possible for the user to "grow" and make use of more advanced features of the system for creative endeavors.

On the other hand on a locked down mobile device or chromebook, there is not really any room to grow and be creative, it's only good for consuming content.

Modern Adobe cracks are note that different in nature

No, I don’t think you should just dismiss the privacy issue. It seems every time I launch an app, MacOS tells Apple. That’s also a REAL problem — and I guess I won’t be buying a Mac again unless the feature can be turned off.

The bug has now illustrated a huge privacy issue for people in macOS, that was not obvious before. So we are now talking about THAT too.

Not every time, just the first time an untrusted app wants to run. And there is no information in it but a hash.

I’m not dismissing it, just pointing out that it’s completely ancillary to a bug that causes programs to crash.

Apple has the db of apps matching the hash.

What you said is like saying nothing except a social security number is used to identify you, as if that wasn't linked to the rest of the info about you.

Are Macbooks really overpriced? A Microsoft Surface or a Razer laptop cost roughly the same price.

Not in this case. This particular thread is about any app that was not an Apple app having problems launching, regardless of how many times have been launched before. It has revealed that actually every opening of any application phones home.

Your metaphor suffers an imbalance in spectrum. We are hardly talking about life and death here. You clearly can’t make the same comparison to car crashes. People’s motivations will certainly not be the same in these two cases.

The tricky part with renting a computer is that you have to insure it against accidental damage by the renter, and that has to be “gig economy” or “business” compatible insurance, because you’re profiting from loaning it to others.

There’s also not exactly a huge market for rental computers when you consider that libraries offer them for free, and often with better Internet connections than those renting a computer could offer.

Renting computers is a lot easier if you host them in the cloud and deny physical access to your customers, though — they generally can’t do permanent damage, and there’s no issues with theft/loss. But this isn’t typically viewed as “renting” anymore, but instead something like “colocation” or whatever EC2 is.

Why do you ask?

I like this piece to summarize situation:

https://sneak.berlin/20201112/your-computer-isnt-yours/

Normally I'm of a similar opinion to yours...but in this case I'm not.

What happens if you're trading securities, or if you have an imminent deadline? Apple sells a fail-closed security feature, without investing the resources necessary to keep it as near to 100% serviceable as possible, and never really discusses it with the user. When it hangs, most users don't even know why.

WTF!

Seems like they could partner with Akamai (or one of its competitors) to make the server-side component of this feature more robust.

If they are going to sell the MBP as a premium professional product, then they must recognize that it will sometimes serve as the linchpin of users' mission-critical activities.

Take a billion dollars out of the stock buyback, invest it in the product instead, and make this problem go away.

Apple’s entire CDN collapsed on Big Sur launch day, which for years was and probably still is backed by Akamai. The OCSP endpoint was just one of many that was impacted. Seems like that’s exactly what you suggest they should have done to make this more robust. The endpoint failed for the first time in a decade this week. That’s better uptime than any stock exchange you’re trading securities on.

Razer laptops come with the latest and greatest in terms of GPU/CPUs, plus they usually feature things like high-refresh displays, full RGB keyboards etc. They're still overpriced, mind you - since you can find comparable laptops for literally half the price - but at least they have the powerful hardware in them to somewhat justify their steep pricing. Similarly to Apple though, their pricetags are heavily inflated by the Razer branding.

Can't comment on the Surface, never looked into them much.