It's funny. There are two trends in computing that are nearest and dearest to my heart. Free and Open Source Software Performance Per Watt Apple Silicon is likely going to deliver on #2 in a way...
It's funny.
There are two trends in computing that are nearest and dearest to my heart.
Free and Open Source Software
Performance Per Watt
Apple Silicon is likely going to deliver on #2 in a way that we've never seen before and that is legitimately exciting. However on the flipside, I think I'll stick with my Raspberry PI 4 8GB velcroed to the back of a NexDock Touch as my go to energy efficient "laptop" because Apple Silicon is going to be an absolute shitshow in terms of #1.
It really is a shame that Apple is building this wonderful hardware and kneecapping it in this way. They could legitimately blaze a better trail for everybody by simply allowing people to write their own drivers and boot third party operating systems on such efficient hardware. But they won't.
Are they not still blazing a better trail for everyone, though? They're going to demonstrate en masse that an ARM chip can perform as well as an x86 chip with less energy. There are obviously...
Are they not still blazing a better trail for everyone, though? They're going to demonstrate en masse that an ARM chip can perform as well as an x86 chip with less energy. There are obviously trade offs with the M1, like no upgrade-able RAM since it's an SoC, but once consumers and the computing world at large see real viability, why wouldn't other manufacturers follow suit? AMD shook up the market by offering better chips, and so will Apple. Window users probably won't abandon Windows and their freedom for upgrades just to have a more efficient machine, but I reckon they'll jump on the ARM train as soon as it gains more steam. Apples M1 chip is good for everyone, and both good and bad for their own consumers. Apple does a lot of things that are bad for consumers, but this chip could be good for the market as a whole.
It's simultaneously funny and sad watching companies who once railed against Microsoft of the 90s like Google and Apple, slowly turn into Microsoft of the 90s. They don't even realize it. Of...
It's simultaneously funny and sad watching companies who once railed against Microsoft of the 90s like Google and Apple, slowly turn into Microsoft of the 90s. They don't even realize it. Of course the same thing happened to Microsoft. They railed against IBM and somewhere along the way became the new IBM.
Human History is a never ending cycle of stupidity and repetition.
I do rail against Microsoft to this day. Everyone likes to pretend Microsoft today is different from Microsoft of the 90's, but they're still playing the same old game with a different skin. They...
I do rail against Microsoft to this day. Everyone likes to pretend Microsoft today is different from Microsoft of the 90's, but they're still playing the same old game with a different skin. They enabled Google, Apple, and Amazon to do what they do, and they're doing just as much.
I like Google only insofar that they are my choice for lesser evil in a world where nobody will learn or use privacy-focused alternatives if it takes more than 5 minutes to learn. I'm still working to extract myself from Google, but it's an uphill battle.
The tech stupidity cycle was caused by Apple, Microsoft, and others (Oracle/Adobe) because they convinced the government that education should focus on learning to use their products and not on how to use a computer.
That myth again? The potential profits for any particular strategy is debatable and shareholders are not asking for this. Apple’s lawyers aren’t in charge of product design. Company leadership...
That myth again? The potential profits for any particular strategy is debatable and shareholders are not asking for this. Apple’s lawyers aren’t in charge of product design. Company leadership owns their decisions and they could have done things differently, perhaps something like the Chromebook’s developer mode.
Henry Ford was not permitted to stop paying a special dividend (on top of the regular dividend) in favor of building community, worker wages, and the company...despite owning 58% of the company due to a lawsuit from a minority shareholder.
Ebay purchased a minority share in Craigslist, knowing Craigslist's community-oriented culture, and got a judgment permitting the destruction of that culture if it impedes potential profits.
If you are not legally permitted to express a desire to be altruistic outside the scope of generating even more profits, then it follows that "publicly owned corporations are required to care only about profit" is true. All other words contrary to that are obfuscations to hide the truth of the matter.
Those cases can be summarized as saying that if you screw over minority shareholders and say explicitly that you're screwing them over, depending on the terms of the agreement, they might be able...
Those cases can be summarized as saying that if you screw over minority shareholders and say explicitly that you're screwing them over, depending on the terms of the agreement, they might be able to sue you and win. But, short of that, there are enough workarounds that it doesn't constrain management decisions very much.
Managers don't normally brag about how they're screwing over minority shareholders. It doesn't keep a CEO from building a new headquarters or buying another corporate jet as long as they can justify it somehow. (Or in Larry Ellison's case, sponsoring a sailboat-racing team to try to win the America's Cup.)
You can even say you're not going to respond to shareholder pressure in slightly less explicit terms. In the Google IPO founder's letter they wrote, "Google is not a conventional company. We do not intend to become one" and "Many companies are under pressure to keep their earnings in line with analysts’ forecasts. Therefore, they often accept smaller, predictable earnings rather than larger and less predictable returns. Sergey and I feel this is harmful, and we intend to steer in the opposite direction." They also set up a different shareholder classes so they can do whatever they want, like buying robot companies or spending money on launching balloons into the stratosphere.
Focusing on the long term is a dodge that can justify just about any business expense, or even enormous losses like Uber. Also, just about any expense is forgiven if the company makes money in the end. Nobody's going to sue Apple for not maximizing.
It's not about maximizing (although that's the way a lot of companies go now), but about how anything other than enhancing or preserving profits is secondary. Ford was still paying out 1.5 million...
It's not about maximizing (although that's the way a lot of companies go now), but about how anything other than enhancing or preserving profits is secondary.
Ford was still paying out 1.5 million on the standard dividend. As the majority shareholder, his line of reasoning should have been perfectly valid (assuming it wasn't just a ploy to skirt the other shareholders to enrich only himself instead). We're they getting as much as before? No, but ostensibly neither was he, and that the wider world would benefit instead.
Altruism and culture are secondary to profits. It's legally enforced, even if there are workarounds to get around it.
I thought I'd switch gears and talk about what I think is right about this point of view (or at least something adjacent to it). One thing you can say about the incentive to make a profit is that...
I thought I'd switch gears and talk about what I think is right about this point of view (or at least something adjacent to it).
One thing you can say about the incentive to make a profit is that it's very persistent. Managers can come and go. Corporate mission statements can change. The culture can change. A company might get out of one kind of business and enter a different one. Maybe the owner dies and the company is sold. The level of thirst for profit can vary, but the profit motive remains. It's culturally pervasive and it affects everyone. Even people whose primary motive isn't to make money will still think making money is good and losing it is bad.
This is also true of most people, throughout most of their lives. Whether it's a kid trying to make a little money to buy something they want, a college student who hopes to get a good job someday, someone in the workforce hoping to get a raise or a better job, or a retiree thinking about their inheritance, most people are at least secondarily motivated by money even when it's not their primary goal.
An incentive that persists when everything else changes is going to have large effects.
Also, sometimes the effects of financial incentives aren't obvious at first, but once you see them, they're everywhere. So, in the middle of a city, when you see a parking lot, why is it there? Probably some investor is waiting for the right time and buyer to sell, and they can make some money in the meantime. I've read someone who knows about agriculture saying that selling hay is sort of like that, done to get some kind of tax breaks.
I don't think corporate law is the cause of this persistence and pervasiveness, because it's bigger than that. Money is something that just about all organizations care about. Even for a charity, an organization that gets more contributions can do more, and it's better for them if it's a steady stream of income. Just about any organization is going to treat raising lots of money as a good thing and losing lots of money (for the wrong reasons) as a big mistake, probably an emergency, and maybe even a crime.
So while I would disagree on what's primary and what's secondary (I think it varies depending on the situation), I do think it makes sense to pay attention to monetary incentives and their sometimes hidden effects. It's good reason for suspicion and curiosity.
“Required to care only about profit” is still an exaggeration, though, that oversimplifies a lot of complicated corporate politics. Company management and board members do care about profits (they...
“Required to care only about profit” is still an exaggeration, though, that oversimplifies a lot of complicated corporate politics. Company management and board members do care about profits (they own shares and it’s a generally agreed-upon corporate mission) but they are still people with multiple, mixed motives, who can also make decisions based on other considerations. Some of these they can even talk about openly.
Diversity campaigns, support for gay rights, programs to go carbon neutral - companies aren’t doing these things because they’re going to make so much money that way. They do it to improve relations with employees and customers, which is ultimately good for the company, or so they hope. And, being people, they may have personal reasons as well.
There are more questionable expenses. What’s the deal with Apple’s new corporate headquarters? That monstrosity is definitely not about shareholder profit.
It’s generally considered bad to lose too much money on such things unnecessarily. There is a budgeting process. But Apple is just about the most profitable company there is and the wolf is very far from their door. They have a lot of leeway to put money into speculative projects that might not ever pay off.
It’s pretty clear, though, that creating an open OS or an open computing ecosystem that programmers can customize to their whims all the way down to the hardware has never been part of their agenda. Apple has always wanted applications to be written their way, according to their rules. The dream of making computing appliances goes back to the first Macintosh or maybe the Lisa. Sometimes they dabble with end-user programming (like with HyperCard) but it’s within a sandbox.
That is a common misunderstanding, there is no such requirement. (last paragraph of the linked page) "In nearly all legal jurisdictions, disinterested and informed directors have the discretion to...
Remember, publicly owned corporations are required to care only about profit.
That is a common misunderstanding, there is no such requirement. (last paragraph of the linked page)
"In nearly all legal jurisdictions, disinterested and informed directors have the discretion to act in what they believe to be the interest of the business corporate entity, even if this differs from maximizing profits"
Many corporations do appear to act as if profit is all they care about, but they're not required to. If all Apple cared about was profit they wouldn't be spending five billion dollars on a fancy office. Profits can be generated just as well from a cheap warehouse.
Just as an aside five fucking billion fucking dollars on a building. I'm not even prepared to sharpen the guillotine for these bastards.
Office space is a legitimate expense and they can carry a building as an asset on their books and depreciate it over time, so it doesn’t drag down earnings too much. There are also more...
Office space is a legitimate expense and they can carry a building as an asset on their books and depreciate it over time, so it doesn’t drag down earnings too much. There are also more complicated arrangements involving long-term leases.
Also, the value of real estate often goes up, particularly in Silicon Valley. Yahoo made a lot of money on real estate for a while. A company hitting hard times could sublease part of the office space.
This is all a fig leaf for Jobs wanting to build a really cool building, though. They are not really in the real estate business and real estate designed to lease out probably wouldn’t be designed that way.
Money doesn't always equal profit though, it is a subtle distinction but an important one. Investors with a clue should care about stability and growth over the longer term. That doesn't always...
Money doesn't always equal profit though, it is a subtle distinction but an important one. Investors with a clue should care about stability and growth over the longer term. That doesn't always mean chasing profits at any opportunity. Sometimes it means the business investing in paying staff more, or in community outreach, or any number of other things other than increasing the number on the bottom line.
Also I just noticed @skybrian made this point and more, rather better than I did, just a few comments up. So I shall stop typing stuff now.
Well, yes. But I'd argue the way they do that is by making their customers happy. A business with mostly unhappy customers is either a monopoly (which is illegal in some countries, including mine)...
the business is there to make the business owner (and no one else) happy.
Well, yes. But I'd argue the way they do that is by making their customers happy. A business with mostly unhappy customers is either a monopoly (which is illegal in some countries, including mine) or a failed/failing business.
Why don't they chase profit at every opportunity? Firstly because smart businesses know they need to invest in R&D, in staff, in marketing, in being a 'good neighbour' to the other people in locations they exist in. But I guess you can argue that is a form of chasing profits - after all, all those things contribute to success which ultimately does come down to profits. I think there's a difference in operating as a sustainable, responsible business and flat-out chasing profits at all costs. Look at companies who are investing in ethical supply chains, ecologically friendly production and so on. They don't strictly need to do that, they could choose to sell to people who don't care about such things or they can use marketing (aka 'lies', in this case, although not all marketing is) to make themselves appeal on those fronts without actually achieving any meaningful results.
Ultimately though, companies are run by human beings and human beings have complex and varied motivations. Sure, some people are focussed entirely on the number in their bank, but not everyone - even people running successful businesses can feel beholden to wider responsibilities.
I understand (and sympathize) with your concern, but you're also bordering on "altruism doesn't truly exist" territory. At some point the distinction becomes so small as to be effectively...
The point I'm really trying to drive home here, is how all of the resources of the business get allocated is dictated by the business owner, and how they are allocated will ALWAYS be in whatever manner the business owner thinks will produce the most utility for themself. People who tell me "that's not necessarily true" are basically saying that sometimes business owners will intentionally allocate resources in a way they think is stupid or harmful to their own interests, and I am often left bewildered.
I understand (and sympathize) with your concern, but you're also bordering on "altruism doesn't truly exist" territory. At some point the distinction becomes so small as to be effectively meaningless. Surely if there are ethical people, there can be companies led by ethical people, as rare as either might be.
Well, people do stupid things all the time so I'm not sure why you'd be surprised by that - but more to the point, why is it hard for you to believe that sometimes people might decide to do things...
People who tell me "that's not necessarily true" are basically saying that sometimes business owners will intentionally allocate resources in a way they think is stupid or harmful to their own interests, and I am often left bewildered.
Well, people do stupid things all the time so I'm not sure why you'd be surprised by that - but more to the point, why is it hard for you to believe that sometimes people might decide to do things other than merely enrich themselves?
I mean, they sure aren't doing these things to be nice. They are definitely doing these things because they have made an extremely calculated decision
I know a couple of people who run businesses which would be classed as 'ethical' and they absolutely are nice people who are trying to make the world a better place at the same time as putting food on their own tables. Again, people's motivations are complex and multifaceted. I don't think it is either fair or reasonable to reduce all people's motivations to nothing but profit. Sure, plenty of people are motivated by profit but not all.
To give you a concrete, albeit fairly small, example, I don't have to spend extra money buying compostable packaging for one of my businesses. But I do. Not because I can use that for marketing - although I do because it would be stupid of me not to take advantage - but the reason I chose to spend that extra money is because I don't want to be responsible for more plastic crap ending up in the ecosystem that I live in. I do lose money by doing that. The ROI on the marketing isn't enough to cover the costs of the packaging. By your standards I'm stupid, but there you go. Hope you're not too bewildered by my decision. But at least there's a tiny amount less plastic in the world.
Businesses aren't machines. They're people, even vast empires like Apple are just people. People aren't simple. People are any of greedy, stupid, kind, compassionate, short-sighted, selfish, generous and many more things.
Business often isn't a zero sum game. A simple example would be coming up with an improvement to a product that doesn't cost anything. Sometimes cutting back on environmental waste saves money....
Business often isn't a zero sum game. A simple example would be coming up with an improvement to a product that doesn't cost anything. Sometimes cutting back on environmental waste saves money. Sometimes working conditions can be improved without it costing anyone else, or in a way that easily pays for itself. Innovation is often about finding these opportunities.
Also, customers often do have a lot of power, particularly if it's a big customer and a small business. Who has the most power depends on the situation.
See, I would say the opposite of that. Business exist at the whim of their customers. If the market doesn't support their decisions - for whatever reason those decisions are made - then the...
only one of these entities has any real power: the business owner.
See, I would say the opposite of that. Business exist at the whim of their customers. If the market doesn't support their decisions - for whatever reason those decisions are made - then the business fails. If the businesses have all the power then businesses can only fail when the business owner decides they should, and that's obviously not the case.
Whether you realize it or not, you are making a calculated economic decision to maximize your personal utility.
I think the problem I have with this is that you can say that about every single decision anybody ever makes. Which means it's a fairly meaningless statement. My dog is currently choosing to maximise her personal utility by sleeping next to the fire.
"Hey Mat, it would make me a lot happier as your employee if you bought the cheaper packaging and used the savings to increase my wage". Here, you have an opportunity to increase your employees utility at the expense of your own. Would you do it? Would you even consider it?
I'd talk about it with them. Although that particular business is just me and I'm reasonably happy with my compensation ("self-employment - the hours are great but the boss is a bastard"), but in theory it's certainly a conversation I'd be happy to have. That hypothetical discussion would require a very strong argument on their part, because reducing plastic pollution is something I feel quite strongly about. But yes, I'd consider it.
Feel free to frame that as me maximising my personal utility by making sure my employees feel valued and listened to, because that ultimately benefits my profits or gives me a nice fuzzy feeling inside. Or just because y'know, they're human beings and I give a shit. Same thing.
I agree 100%, which is why I don't think we should just let whoever can figure out how to amass the most capital resources call all the shots!
Do we do that? I guess we do that to some extent. We do worse things though, one of which is let people who can win elections make major decisions and frankly I think that's pretty idiotic too. Having the only qualification required to lead a town/region/state as a popularity contest is just bonkers. Especially when it's so easy to hack the popularity contests. (note: some countries have more robust and well-balanced popularity contests which can work better, but not where I live)
Yes, of course it would be better. I'm not arguing for Apple's business practices. Rather, that I have hope that the market will follow suit and we won't be reliant on Apple's mercy to use great...
Yes, of course it would be better. I'm not arguing for Apple's business practices. Rather, that I have hope that the market will follow suit and we won't be reliant on Apple's mercy to use great chips.
Definitely! And it's pretty fun to think about a world where everyone uses a simple computer that's basically a thin client and computing is offloaded to a more powerful or efficient machine. It...
Definitely! And it's pretty fun to think about a world where everyone uses a simple computer that's basically a thin client and computing is offloaded to a more powerful or efficient machine. It sort of harkens back to the mainframe days, which is nothing new.
Because other manufacturers like Qualcomm are likely years behind of Apple in terms of processor design. At least, that's my guess. If that ends up being the case, however long it takes for others...
Because other manufacturers like Qualcomm are likely years behind of Apple in terms of processor design. At least, that's my guess. If that ends up being the case, however long it takes for others to catch up is just more time wasted that our climate doesn't have.
We need to get serious about curbing resource usage and adopting more efficient methodologies and we need to do it yesterday. We don't have time to wait for the so-called "free market" to work it out.
I think that putting the onus squarely on the consumer is unfair. It's like telling consumers that their tailpipe emissions are the end of the climate as we know, despite consumer vehicles being...
I think that putting the onus squarely on the consumer is unfair. It's like telling consumers that their tailpipe emissions are the end of the climate as we know, despite consumer vehicles being just a sliver of emissions, and we neglect to talk about the airline industry, cruise industry, and other heavy polluters. In this case, it's data centers and the mining and refinement of silicon and other materials (like lithium) for batteries, cases, and so on that are the major energy sources in manufacturing. If the environment is the concern, advocating for consumers to buy newer, efficient machines, when they likely have fairly modern machines that will become e-waste, is counter to that line of thinking. I am all for environmental concerns and a staunch supporter of moves to efficient processes and manufacturing, but I also want to be realistic. "Green" tech has it's own issues that are rarely addressed in conversations of techno-utopianism.
You make a valid point: eWaste is a huge issue and we turn a blind eye to other industries that are huge polluteers. No doubt about it. I'd like eWaste to go away. But in a world structured around...
You make a valid point: eWaste is a huge issue and we turn a blind eye to other industries that are huge polluteers. No doubt about it.
I'd like eWaste to go away. But in a world structured around facilitating the continual transfer of little green pieces of paper from the masses to the elite few, it seems inevitable that the eWaste will continue as long as the elite are motivated to engage in planned obsolescence, pushing back against allowing their devices to be repaired in some sane and efficient way (he says while looking sternly at Apple and nearly every other smart phone manufacturer) and trying to goad people into buying some that's new and shiny every single year.
I absolutely agree with you. The right to repair is a hill I will die on any day of the week. Apple is so bad for it, and it's even worse that they are posturing as environmental conscious. At the...
I absolutely agree with you. The right to repair is a hill I will die on any day of the week. Apple is so bad for it, and it's even worse that they are posturing as environmental conscious. At the end of the day, I want Apple to be kinder to consumers, allow us to run on this new, great tech however we want. They could so easily be the dawn in a new age of computing for everyone.
The poster seems to suggest fixes like something called "Little Snitch" and they don't seem to claim its a nefarious plot by the US government to spy on you. They are just saying that the...
The poster seems to suggest fixes like something called "Little Snitch" and they don't seem to claim its a nefarious plot by the US government to spy on you. They are just saying that the information is available and have been made available to certain branches of the US government (among other Governments). Something they link proof for.
The fix they had previously - don't work with the current update, which was so recent that demanding they should deliver simple fixes or suggest them (without trade-offs) or stay quiet about their complaints is a bit odd.
So it seems to be a blogpost that raises some valid complaints by someone who themselves say they at times use MacOS backed by links and references.
Is it possible that Apple is associating finger-print data with user IPs or other forms of ID when doing OCSP checks? Yes. But are they? That’s total speculation and everything from that point on...
Is it possible that Apple is associating finger-print data with user IPs or other forms of ID when doing OCSP checks? Yes.
But are they? That’s total speculation and everything from that point on is conspiratorial, IMO. There is a clear security benefit to users by doing these OCSP checks. (And these checks are cached so subsequent runs when the software hasn’t changed don’t need to make outgoing requests to check again.) Why would Apple take a security minded action and at the same time open liability like that? What does Apple have to gain from it?
I can’t say definitively that they aren’t logging the info that the post says they could. But I’m trying to understand the motivations. Is Apple being forced to collect this information by the US government? If so, why would they allow macOS power users to so easily prevent outbound checks like this? It just doesn’t add up to me. To me it’s the equivalent of bemoaning the US government for using your social security number or track you. Are SSNs perfect? No. Is the government using them to track you? Yes. Is this a malicious conspiracy? No.
They are linking directly to Apples reports concerning what information they provide to law enforcement. Which is the criticism - no one seems to be implying that there is a conspiracy. Just a...
They are linking directly to Apples reports concerning what information they provide to law enforcement. Which is the criticism - no one seems to be implying that there is a conspiracy. Just a very clear passage of information.
THEN of course they slap on the available information the could give out - which obviously doesn't mean they are - and they also mentioned that the avoidance system is currently unavailable.
The version of macOS that was released today, 11.0, also known as Big Sur, has new APIs that prevent Little Snitch from working the same way. The new APIs don’t permit Little Snitch to inspect or block any OS level processes. Additionally, the new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them.
Now I don't know anything about that. I don't own an Apple PC or run MacOS (nothing ideological as reason though, its just too costly for me) so maybe they and the sources they reference are misinformed?
Also please note that the only person claiming its a "malicious conspiracy" - is you. Also noting that Arp242 refers to the blog as claiming a "nefarious plot". Now I understand that this obviously is a sensitive topic for the both of you and perhaps I have stumbled in to a hotbutton issue outside of my understanding - but from an outsiders perspective I think that form of pejorative descriptions and rephrasings is ... well "problematic".
Again - I don't know enough about this, I only try to keep up to date on Mac issues since sometimes I have friends who have problems with them and I want to keep up to date. So maybe this is justified.
There’s some really strange psychological buttons that Apple seems to be able to push for people who don’t actually use their products. This is not a personally sensitive issue to me. It’s just a...
Now I understand that this obviously is a sensitive topic for the both of you and perhaps I have stumbled in to a hotbutton issue outside of my understanding
There’s some really strange psychological buttons that Apple seems to be able to push for people who don’t actually use their products. This is not a personally sensitive issue to me. It’s just a matter of seeing this pattern play out for decades! People who half understand something about Apple or Apple platforms read or hear something that has some kernel of truth and then turn around and rant about it without the appropriate context or nuance. I expect higher quality discussion and content on Tildes. That’s my main motivation for stepping into these threads and voicing my opinions.
I read the linked post as an alarmist, conspiratorial rant that took sundry different jabs at Apple with plenty of links but barely any context. If you got a different impression, that’s fine. But I really think you should reread his post and pay attention to his language and rhetoric. He doesn’t use the word conspiracy, but he is saying that in other words.
Did Apple make API changes in Big Sur specifically to hobble Little Snitch? That is what is implied here. Or maybe this is just mundane API changes that Apple has made for other reasons and Little Snitch has not yet updated. Regardless of using Little Snitch, I can assure you, as someone who does actively use macOS Big Sur (and has been on the betas since the summer) I can easily prevent OCSP or any other outbound connections to Apple with changes to my hosts file or configuring the macOS firewall. Little Snitch does a lot more fancy things with macOS’s networking, and it may be true that if you relied on Little Snitch to block Apple from doing things you take issue with, that may have changed. But, rather than discuss this in a nuanced fashion and consult experts when in doubt about the facts, the Apple alarmist will instead make wild conjectures and pat themselves on the back for calling out the big bad corporation.
I’d prefer if people spent their energy doing more productive things.
I see this exact thing for pretty much anything, especially when it comes to tech and privacy or security. It's not Apple exclusive. By volume, Windows probably has received more of this over the...
There’s some really strange psychological buttons that Apple seems to be able to push for people who don’t actually use their products. This is not a personally sensitive issue to me. It’s just a matter of seeing this pattern play out for decades! People who half understand something about Apple or Apple platforms read or hear something that has some kernel of truth and then turn around and rant about it without the appropriate context or nuance.
I see this exact thing for pretty much anything, especially when it comes to tech and privacy or security. It's not Apple exclusive. By volume, Windows probably has received more of this over the decades. Recently, it's been Firefox and Mozilla that have been getting it in spades.
Okay, you two are done. Don't reply to each other again, in this thread or any of the other ones where you've been having this exact same argument for days. This is ridiculous. Edit: I'm wiping...
Okay, you two are done. Don't reply to each other again, in this thread or any of the other ones where you've been having this exact same argument for days. This is ridiculous.
Edit: I'm wiping out all of your arguments for now until I have a chance to review and will un-remove later if they seem reasonable and aren't just an escalating, distributed bickering match.
This seems like such an odd way to phrase the problem. There already exist alternatives to combating malware without broadcasting an unencrypted(!) hash of the request. In fact, you can have...
Once people like this start proposing alternatives to combat malware [...] I'll start listening to them
This seems like such an odd way to phrase the problem. There already exist alternatives to combating malware without broadcasting an unencrypted(!) hash of the request. In fact, you can have malware protection without having internet access. Windows Defender provides real-time malware protection and (at least to my knowledge) that doesn't require an internet connection. In my mind, Apple's implementation is the alternative implementation.
I completely agree with you that Apple must balance multiple interests (eg, effectiveness) when deploying an anti-malware solution. Nevertheless, Apple has branded itself the privacy-focused...
I completely agree with you that Apple must balance multiple interests (eg, effectiveness) when deploying an anti-malware solution. Nevertheless, Apple has branded itself the privacy-focused mainstream OS; privacy is certainly one of those interests.
I think it'd be impossible to really compare them due to the differences in os. If you could run both methods on either base os it would be a fair test but anything else is just conjecture.
I think it'd be impossible to really compare them due to the differences in os. If you could run both methods on either base os it would be a fair test but anything else is just conjecture.
There's absolutely no reason Apple or anybody else should ever be able to know what apps I'm using, without my explicit, prior, and optional consent. If I'm "Less Protected" from malware, so be...
There's absolutely no reason Apple or anybody else should ever be able to know what apps I'm using, without my explicit, prior, and optional consent. If I'm "Less Protected" from malware, so be it. Just make it optional, and preferably open source, and I'll be happy.
I think a reasonable trade-off can be made here. You can make the mechanism for disabling protection reasonably difficult to execute and make it come with plenty of big red warnings that you must...
I think a reasonable trade-off can be made here.
You can make the mechanism for disabling protection reasonably difficult to execute and make it come with plenty of big red warnings that you must read and understand first. Then only very few people would still be successfully manipulated.
Very few is still worse than none, but the upside is that a large number of power users regain control. I think that's worth it. It's the approach a lot of systems already take.
Such as? Not trying to be cheeky, BTW... I'm genuinely curious to hear what you think would be a better way to handle that sort of potential security issue.
and significantly better designs, as well.
Such as? Not trying to be cheeky, BTW... I'm genuinely curious to hear what you think would be a better way to handle that sort of potential security issue.
Thanks. Reading through that, and another comment of yours mentioned in the one you just linked, has definitely shed some light on the situation. I am not a MacOS user so I had no idea the default...
Thanks. Reading through that, and another comment of yours mentioned in the one you just linked, has definitely shed some light on the situation. I am not a MacOS user so I had no idea the default action was to trash all unsigned applications, and that it requires a somewhat obscure step for users to actually go through with running it... although I am an iOS/iPadOS user and it's also a PITA to run homebrew on those too, so I probably shouldn't have been so surprised it was as bad/worse on MacOS. :/
I've got the proposal: Stop letting people be idiots with respect to technology. I haven't run an anti-virus since XP came out, even explicitly disabling it when Windows Defender came out. I've...
Once people like this start proposing alternatives to combat malware
I've got the proposal: Stop letting people be idiots with respect to technology.
I haven't run an anti-virus since XP came out, even explicitly disabling it when Windows Defender came out. I've gotten hit by malware twice. Wipe the drive, reinstall the OS, and restore from backup.
If people can't do those things, that's because we've catered to making computers consumption appliances and not tools.
I'm reasonably certain I could run an XP installation today with few, if any problems. Because I understand how to prevent and mitigate the problems malware causes, instead of just learning how to use a mouse and keyboard to use Microsoft Office, Netflix, and Youtube.
This article seems overly inflammatory, at least for most of us. I think there are two issues. Apple notarizes software. The upside is malware avoidance. The downside is the government can find...
This article seems overly inflammatory, at least for most of us.
I think there are two issues. Apple notarizes software. The upside is malware avoidance. The downside is the government can find out what applications you have on your computer. But is this a real concern? I checked in with my wife, who pushes back on overly broad government subpoenas as part of her job, she didn't see any concerns with this. I think Apple's approach is the right approach for 99% of the world.
The second issue is more alarming. As @nothis succinctly put it, what about an off switch? Some users may not want the government to know which applications they use. Some users may not want any data to leak outside of their VPN. Some users may want to monitor the data that Apple sends itself. "Just trust us" is not good enough for the small but vocal minority who care about privacy. If Apple burns its relationship with these people, it is burning its "privacy first" credibility. That said, the jury is still out, so let's see how Apple responds.
It is a real concern. I like Ollie's take on it: https://youtu.be/fCUTX1jurJ4 Our surveillance society is getting progressively worse, and the majority write off with 'but I have nothing to hide'...
Our surveillance society is getting progressively worse, and the majority write off with 'but I have nothing to hide'
You don't until you do. You want your neighbor staring at you while you shower? Then why is it OK for the government to be able to pull up literally everything you've ever done on a computer?
That's nice enough for her, but not an argument at all. It's an appeal to authority, and not an authority that any of us knows about.
But is this a real concern? I checked in with my wife, who pushes back on overly broad government subpoenas as part of her job, she didn't see any concerns with this.
That's nice enough for her, but not an argument at all. It's an appeal to authority, and not an authority that any of us knows about.
I meant what concerns are there for the vast majority of people in the government being able to subpoena which applications were opened on which date. I'm legitimately curious. As to your point,...
I meant what concerns are there for the vast majority of people in the government being able to subpoena which applications were opened on which date.
I'm legitimately curious.
As to your point, completely valid. But it's a big company. Someone made a poor decision. Big companies need a while to course correct sometimes.
I think this is pretty damning evidence that Apple doesn't give one iota about your privacy or security outside of being able to market to that effect to those who don't understand technology. You...
I think this is pretty damning evidence that Apple doesn't give one iota about your privacy or security outside of being able to market to that effect to those who don't understand technology.
You know how you could do this in a privacy-focused way? Push down the hashes instead of having users push all of theirs up. Let people opt out with one button click with clearly labeled risks of doing so.
If you have to install a third-party program to get your privacy back (See W10Privacy for the Microsoft equivalent), you have no privacy.
Apple is already maintaining a list of blessed and cursed hashes. The idea would be to store that database on each user's computer, instead of querying Apple remotely each time.
Apple is already maintaining a list of blessed and cursed hashes. The idea would be to store that database on each user's computer, instead of querying Apple remotely each time.
But users would still have to send hashes to Apple for every app on your computer or they would have an incomplete (and less useful) database. Unless I'm missing something, here?
But users would still have to send hashes to Apple for every app on your computer or they would have an incomplete (and less useful) database. Unless I'm missing something, here?
It could work similar to the way that Google's "Safe Browsing" API works, which is used to block dangerous URLs (e.g. phishing sites). Chrome uses it of course, but other browsers like Firefox do...
It could work similar to the way that Google's "Safe Browsing" API works, which is used to block dangerous URLs (e.g. phishing sites). Chrome uses it of course, but other browsers like Firefox do too.
That felt like a pretty dense and confusing explanation, let me know if you want me explain any of it in more depth.
Overall though, it's definitely possible to do something like this in an efficient and privacy-preserving way, but that's not the method Apple is currently using.
I don't know exactly how the database is curated right now, but I don't think they populate it with every program people use. In particular, I don't think Apple does anything with unknown hashes....
I don't know exactly how the database is curated right now, but I don't think they populate it with every program people use. In particular, I don't think Apple does anything with unknown hashes.
Here's the Apple support page. It looks like they let users upload malware from their own computer; and that the notarization process is part of their developer program, which they manage directly. So I don't think keeping a database on your computer would in principle remove any functionality from the current system, assuming it's privacy-respecting.
It's funny.
There are two trends in computing that are nearest and dearest to my heart.
Apple Silicon is likely going to deliver on #2 in a way that we've never seen before and that is legitimately exciting. However on the flipside, I think I'll stick with my Raspberry PI 4 8GB velcroed to the back of a NexDock Touch as my go to energy efficient "laptop" because Apple Silicon is going to be an absolute shitshow in terms of #1.
It really is a shame that Apple is building this wonderful hardware and kneecapping it in this way. They could legitimately blaze a better trail for everybody by simply allowing people to write their own drivers and boot third party operating systems on such efficient hardware. But they won't.
Such a missed opportunity.
Are they not still blazing a better trail for everyone, though? They're going to demonstrate en masse that an ARM chip can perform as well as an x86 chip with less energy. There are obviously trade offs with the M1, like no upgrade-able RAM since it's an SoC, but once consumers and the computing world at large see real viability, why wouldn't other manufacturers follow suit? AMD shook up the market by offering better chips, and so will Apple. Window users probably won't abandon Windows and their freedom for upgrades just to have a more efficient machine, but I reckon they'll jump on the ARM train as soon as it gains more steam. Apples M1 chip is good for everyone, and both good and bad for their own consumers. Apple does a lot of things that are bad for consumers, but this chip could be good for the market as a whole.
It's simultaneously funny and sad watching companies who once railed against Microsoft of the 90s like Google and Apple, slowly turn into Microsoft of the 90s. They don't even realize it. Of course the same thing happened to Microsoft. They railed against IBM and somewhere along the way became the new IBM.
Human History is a never ending cycle of stupidity and repetition.
I do rail against Microsoft to this day. Everyone likes to pretend Microsoft today is different from Microsoft of the 90's, but they're still playing the same old game with a different skin. They enabled Google, Apple, and Amazon to do what they do, and they're doing just as much.
I like Google only insofar that they are my choice for lesser evil in a world where nobody will learn or use privacy-focused alternatives if it takes more than 5 minutes to learn. I'm still working to extract myself from Google, but it's an uphill battle.
The tech stupidity cycle was caused by Apple, Microsoft, and others (Oracle/Adobe) because they convinced the government that education should focus on learning to use their products and not on how to use a computer.
That myth again? The potential profits for any particular strategy is debatable and shareholders are not asking for this. Apple’s lawyers aren’t in charge of product design. Company leadership owns their decisions and they could have done things differently, perhaps something like the Chromebook’s developer mode.
I would encourage you to read through these two writeups:
https://www.litigationandtrial.com/2010/09/articles/series/special-comment/ebay-v-newmark-al-franken-was-right-corporations-are-legally-required-to-maximize-profits/
https://www.professorbainbridge.com/professorbainbridgecom/2012/05/case-law-on-the-fiduciary-duty-of-directors-to-maximize-the-wealth-of-corporate-shareholders.html
Henry Ford was not permitted to stop paying a special dividend (on top of the regular dividend) in favor of building community, worker wages, and the company...despite owning 58% of the company due to a lawsuit from a minority shareholder.
Ebay purchased a minority share in Craigslist, knowing Craigslist's community-oriented culture, and got a judgment permitting the destruction of that culture if it impedes potential profits.
If you are not legally permitted to express a desire to be altruistic outside the scope of generating even more profits, then it follows that "publicly owned corporations are required to care only about profit" is true. All other words contrary to that are obfuscations to hide the truth of the matter.
Those cases can be summarized as saying that if you screw over minority shareholders and say explicitly that you're screwing them over, depending on the terms of the agreement, they might be able to sue you and win. But, short of that, there are enough workarounds that it doesn't constrain management decisions very much.
Managers don't normally brag about how they're screwing over minority shareholders. It doesn't keep a CEO from building a new headquarters or buying another corporate jet as long as they can justify it somehow. (Or in Larry Ellison's case, sponsoring a sailboat-racing team to try to win the America's Cup.)
You can even say you're not going to respond to shareholder pressure in slightly less explicit terms. In the Google IPO founder's letter they wrote, "Google is not a conventional company. We do not intend to become one" and "Many companies are under pressure to keep their earnings in line with analysts’ forecasts. Therefore, they often accept smaller, predictable earnings rather than larger and less predictable returns. Sergey and I feel this is harmful, and we intend to steer in the opposite direction." They also set up a different shareholder classes so they can do whatever they want, like buying robot companies or spending money on launching balloons into the stratosphere.
Focusing on the long term is a dodge that can justify just about any business expense, or even enormous losses like Uber. Also, just about any expense is forgiven if the company makes money in the end. Nobody's going to sue Apple for not maximizing.
It's not about maximizing (although that's the way a lot of companies go now), but about how anything other than enhancing or preserving profits is secondary.
Ford was still paying out 1.5 million on the standard dividend. As the majority shareholder, his line of reasoning should have been perfectly valid (assuming it wasn't just a ploy to skirt the other shareholders to enrich only himself instead). We're they getting as much as before? No, but ostensibly neither was he, and that the wider world would benefit instead.
Altruism and culture are secondary to profits. It's legally enforced, even if there are workarounds to get around it.
I thought I'd switch gears and talk about what I think is right about this point of view (or at least something adjacent to it).
One thing you can say about the incentive to make a profit is that it's very persistent. Managers can come and go. Corporate mission statements can change. The culture can change. A company might get out of one kind of business and enter a different one. Maybe the owner dies and the company is sold. The level of thirst for profit can vary, but the profit motive remains. It's culturally pervasive and it affects everyone. Even people whose primary motive isn't to make money will still think making money is good and losing it is bad.
This is also true of most people, throughout most of their lives. Whether it's a kid trying to make a little money to buy something they want, a college student who hopes to get a good job someday, someone in the workforce hoping to get a raise or a better job, or a retiree thinking about their inheritance, most people are at least secondarily motivated by money even when it's not their primary goal.
An incentive that persists when everything else changes is going to have large effects.
Also, sometimes the effects of financial incentives aren't obvious at first, but once you see them, they're everywhere. So, in the middle of a city, when you see a parking lot, why is it there? Probably some investor is waiting for the right time and buyer to sell, and they can make some money in the meantime. I've read someone who knows about agriculture saying that selling hay is sort of like that, done to get some kind of tax breaks.
I don't think corporate law is the cause of this persistence and pervasiveness, because it's bigger than that. Money is something that just about all organizations care about. Even for a charity, an organization that gets more contributions can do more, and it's better for them if it's a steady stream of income. Just about any organization is going to treat raising lots of money as a good thing and losing lots of money (for the wrong reasons) as a big mistake, probably an emergency, and maybe even a crime.
So while I would disagree on what's primary and what's secondary (I think it varies depending on the situation), I do think it makes sense to pay attention to monetary incentives and their sometimes hidden effects. It's good reason for suspicion and curiosity.
“Required to care only about profit” is still an exaggeration, though, that oversimplifies a lot of complicated corporate politics. Company management and board members do care about profits (they own shares and it’s a generally agreed-upon corporate mission) but they are still people with multiple, mixed motives, who can also make decisions based on other considerations. Some of these they can even talk about openly.
Diversity campaigns, support for gay rights, programs to go carbon neutral - companies aren’t doing these things because they’re going to make so much money that way. They do it to improve relations with employees and customers, which is ultimately good for the company, or so they hope. And, being people, they may have personal reasons as well.
There are more questionable expenses. What’s the deal with Apple’s new corporate headquarters? That monstrosity is definitely not about shareholder profit.
It’s generally considered bad to lose too much money on such things unnecessarily. There is a budgeting process. But Apple is just about the most profitable company there is and the wolf is very far from their door. They have a lot of leeway to put money into speculative projects that might not ever pay off.
It’s pretty clear, though, that creating an open OS or an open computing ecosystem that programmers can customize to their whims all the way down to the hardware has never been part of their agenda. Apple has always wanted applications to be written their way, according to their rules. The dream of making computing appliances goes back to the first Macintosh or maybe the Lisa. Sometimes they dabble with end-user programming (like with HyperCard) but it’s within a sandbox.
That is a common misunderstanding, there is no such requirement. (last paragraph of the linked page)
"In nearly all legal jurisdictions, disinterested and informed directors have the discretion to act in what they believe to be the interest of the business corporate entity, even if this differs from maximizing profits"
Many corporations do appear to act as if profit is all they care about, but they're not required to. If all Apple cared about was profit they wouldn't be spending five billion dollars on a fancy office. Profits can be generated just as well from a cheap warehouse.
Just as an aside five fucking billion fucking dollars on a building. I'm not even prepared to sharpen the guillotine for these bastards.
Office space is a legitimate expense and they can carry a building as an asset on their books and depreciate it over time, so it doesn’t drag down earnings too much. There are also more complicated arrangements involving long-term leases.
Also, the value of real estate often goes up, particularly in Silicon Valley. Yahoo made a lot of money on real estate for a while. A company hitting hard times could sublease part of the office space.
This is all a fig leaf for Jobs wanting to build a really cool building, though. They are not really in the real estate business and real estate designed to lease out probably wouldn’t be designed that way.
Money doesn't always equal profit though, it is a subtle distinction but an important one. Investors with a clue should care about stability and growth over the longer term. That doesn't always mean chasing profits at any opportunity. Sometimes it means the business investing in paying staff more, or in community outreach, or any number of other things other than increasing the number on the bottom line.
Also I just noticed @skybrian made this point and more, rather better than I did, just a few comments up. So I shall stop typing stuff now.
Well, yes. But I'd argue the way they do that is by making their customers happy. A business with mostly unhappy customers is either a monopoly (which is illegal in some countries, including mine) or a failed/failing business.
Why don't they chase profit at every opportunity? Firstly because smart businesses know they need to invest in R&D, in staff, in marketing, in being a 'good neighbour' to the other people in locations they exist in. But I guess you can argue that is a form of chasing profits - after all, all those things contribute to success which ultimately does come down to profits. I think there's a difference in operating as a sustainable, responsible business and flat-out chasing profits at all costs. Look at companies who are investing in ethical supply chains, ecologically friendly production and so on. They don't strictly need to do that, they could choose to sell to people who don't care about such things or they can use marketing (aka 'lies', in this case, although not all marketing is) to make themselves appeal on those fronts without actually achieving any meaningful results.
Ultimately though, companies are run by human beings and human beings have complex and varied motivations. Sure, some people are focussed entirely on the number in their bank, but not everyone - even people running successful businesses can feel beholden to wider responsibilities.
I understand (and sympathize) with your concern, but you're also bordering on "altruism doesn't truly exist" territory. At some point the distinction becomes so small as to be effectively meaningless. Surely if there are ethical people, there can be companies led by ethical people, as rare as either might be.
Well, people do stupid things all the time so I'm not sure why you'd be surprised by that - but more to the point, why is it hard for you to believe that sometimes people might decide to do things other than merely enrich themselves?
I know a couple of people who run businesses which would be classed as 'ethical' and they absolutely are nice people who are trying to make the world a better place at the same time as putting food on their own tables. Again, people's motivations are complex and multifaceted. I don't think it is either fair or reasonable to reduce all people's motivations to nothing but profit. Sure, plenty of people are motivated by profit but not all.
To give you a concrete, albeit fairly small, example, I don't have to spend extra money buying compostable packaging for one of my businesses. But I do. Not because I can use that for marketing - although I do because it would be stupid of me not to take advantage - but the reason I chose to spend that extra money is because I don't want to be responsible for more plastic crap ending up in the ecosystem that I live in. I do lose money by doing that. The ROI on the marketing isn't enough to cover the costs of the packaging. By your standards I'm stupid, but there you go. Hope you're not too bewildered by my decision. But at least there's a tiny amount less plastic in the world.
Businesses aren't machines. They're people, even vast empires like Apple are just people. People aren't simple. People are any of greedy, stupid, kind, compassionate, short-sighted, selfish, generous and many more things.
Business often isn't a zero sum game. A simple example would be coming up with an improvement to a product that doesn't cost anything. Sometimes cutting back on environmental waste saves money. Sometimes working conditions can be improved without it costing anyone else, or in a way that easily pays for itself. Innovation is often about finding these opportunities.
Also, customers often do have a lot of power, particularly if it's a big customer and a small business. Who has the most power depends on the situation.
See, I would say the opposite of that. Business exist at the whim of their customers. If the market doesn't support their decisions - for whatever reason those decisions are made - then the business fails. If the businesses have all the power then businesses can only fail when the business owner decides they should, and that's obviously not the case.
I think the problem I have with this is that you can say that about every single decision anybody ever makes. Which means it's a fairly meaningless statement. My dog is currently choosing to maximise her personal utility by sleeping next to the fire.
I'd talk about it with them. Although that particular business is just me and I'm reasonably happy with my compensation ("self-employment - the hours are great but the boss is a bastard"), but in theory it's certainly a conversation I'd be happy to have. That hypothetical discussion would require a very strong argument on their part, because reducing plastic pollution is something I feel quite strongly about. But yes, I'd consider it.
Feel free to frame that as me maximising my personal utility by making sure my employees feel valued and listened to, because that ultimately benefits my profits or gives me a nice fuzzy feeling inside. Or just because y'know, they're human beings and I give a shit. Same thing.
Do we do that? I guess we do that to some extent. We do worse things though, one of which is let people who can win elections make major decisions and frankly I think that's pretty idiotic too. Having the only qualification required to lead a town/region/state as a popularity contest is just bonkers. Especially when it's so easy to hack the popularity contests. (note: some countries have more robust and well-balanced popularity contests which can work better, but not where I live)
Yes, of course it would be better. I'm not arguing for Apple's business practices. Rather, that I have hope that the market will follow suit and we won't be reliant on Apple's mercy to use great chips.
Definitely! And it's pretty fun to think about a world where everyone uses a simple computer that's basically a thin client and computing is offloaded to a more powerful or efficient machine. It sort of harkens back to the mainframe days, which is nothing new.
Because other manufacturers like Qualcomm are likely years behind of Apple in terms of processor design. At least, that's my guess. If that ends up being the case, however long it takes for others to catch up is just more time wasted that our climate doesn't have.
We need to get serious about curbing resource usage and adopting more efficient methodologies and we need to do it yesterday. We don't have time to wait for the so-called "free market" to work it out.
I think that putting the onus squarely on the consumer is unfair. It's like telling consumers that their tailpipe emissions are the end of the climate as we know, despite consumer vehicles being just a sliver of emissions, and we neglect to talk about the airline industry, cruise industry, and other heavy polluters. In this case, it's data centers and the mining and refinement of silicon and other materials (like lithium) for batteries, cases, and so on that are the major energy sources in manufacturing. If the environment is the concern, advocating for consumers to buy newer, efficient machines, when they likely have fairly modern machines that will become e-waste, is counter to that line of thinking. I am all for environmental concerns and a staunch supporter of moves to efficient processes and manufacturing, but I also want to be realistic. "Green" tech has it's own issues that are rarely addressed in conversations of techno-utopianism.
You make a valid point: eWaste is a huge issue and we turn a blind eye to other industries that are huge polluteers. No doubt about it.
I'd like eWaste to go away. But in a world structured around facilitating the continual transfer of little green pieces of paper from the masses to the elite few, it seems inevitable that the eWaste will continue as long as the elite are motivated to engage in planned obsolescence, pushing back against allowing their devices to be repaired in some sane and efficient way (he says while looking sternly at Apple and nearly every other smart phone manufacturer) and trying to goad people into buying some that's new and shiny every single year.
I absolutely agree with you. The right to repair is a hill I will die on any day of the week. Apple is so bad for it, and it's even worse that they are posturing as environmental conscious. At the end of the day, I want Apple to be kinder to consumers, allow us to run on this new, great tech however we want. They could so easily be the dawn in a new age of computing for everyone.
The poster seems to suggest fixes like something called "Little Snitch" and they don't seem to claim its a nefarious plot by the US government to spy on you. They are just saying that the information is available and have been made available to certain branches of the US government (among other Governments). Something they link proof for.
The fix they had previously - don't work with the current update, which was so recent that demanding they should deliver simple fixes or suggest them (without trade-offs) or stay quiet about their complaints is a bit odd.
So it seems to be a blogpost that raises some valid complaints by someone who themselves say they at times use MacOS backed by links and references.
Is it possible that Apple is associating finger-print data with user IPs or other forms of ID when doing OCSP checks? Yes.
But are they? That’s total speculation and everything from that point on is conspiratorial, IMO. There is a clear security benefit to users by doing these OCSP checks. (And these checks are cached so subsequent runs when the software hasn’t changed don’t need to make outgoing requests to check again.) Why would Apple take a security minded action and at the same time open liability like that? What does Apple have to gain from it?
I can’t say definitively that they aren’t logging the info that the post says they could. But I’m trying to understand the motivations. Is Apple being forced to collect this information by the US government? If so, why would they allow macOS power users to so easily prevent outbound checks like this? It just doesn’t add up to me. To me it’s the equivalent of bemoaning the US government for using your social security number or track you. Are SSNs perfect? No. Is the government using them to track you? Yes. Is this a malicious conspiracy? No.
They are linking directly to Apples reports concerning what information they provide to law enforcement. Which is the criticism - no one seems to be implying that there is a conspiracy. Just a very clear passage of information.
THEN of course they slap on the available information the could give out - which obviously doesn't mean they are - and they also mentioned that the avoidance system is currently unavailable.
Now I don't know anything about that. I don't own an Apple PC or run MacOS (nothing ideological as reason though, its just too costly for me) so maybe they and the sources they reference are misinformed?
Also please note that the only person claiming its a "malicious conspiracy" - is you. Also noting that Arp242 refers to the blog as claiming a "nefarious plot". Now I understand that this obviously is a sensitive topic for the both of you and perhaps I have stumbled in to a hotbutton issue outside of my understanding - but from an outsiders perspective I think that form of pejorative descriptions and rephrasings is ... well "problematic".
Again - I don't know enough about this, I only try to keep up to date on Mac issues since sometimes I have friends who have problems with them and I want to keep up to date. So maybe this is justified.
There’s some really strange psychological buttons that Apple seems to be able to push for people who don’t actually use their products. This is not a personally sensitive issue to me. It’s just a matter of seeing this pattern play out for decades! People who half understand something about Apple or Apple platforms read or hear something that has some kernel of truth and then turn around and rant about it without the appropriate context or nuance. I expect higher quality discussion and content on Tildes. That’s my main motivation for stepping into these threads and voicing my opinions.
I read the linked post as an alarmist, conspiratorial rant that took sundry different jabs at Apple with plenty of links but barely any context. If you got a different impression, that’s fine. But I really think you should reread his post and pay attention to his language and rhetoric. He doesn’t use the word conspiracy, but he is saying that in other words.
Did Apple make API changes in Big Sur specifically to hobble Little Snitch? That is what is implied here. Or maybe this is just mundane API changes that Apple has made for other reasons and Little Snitch has not yet updated. Regardless of using Little Snitch, I can assure you, as someone who does actively use macOS Big Sur (and has been on the betas since the summer) I can easily prevent OCSP or any other outbound connections to Apple with changes to my hosts file or configuring the macOS firewall. Little Snitch does a lot more fancy things with macOS’s networking, and it may be true that if you relied on Little Snitch to block Apple from doing things you take issue with, that may have changed. But, rather than discuss this in a nuanced fashion and consult experts when in doubt about the facts, the Apple alarmist will instead make wild conjectures and pat themselves on the back for calling out the big bad corporation.
I’d prefer if people spent their energy doing more productive things.
I see this exact thing for pretty much anything, especially when it comes to tech and privacy or security. It's not Apple exclusive. By volume, Windows probably has received more of this over the decades. Recently, it's been Firefox and Mozilla that have been getting it in spades.
Okay, you two are done. Don't reply to each other again, in this thread or any of the other ones where you've been having this exact same argument for days. This is ridiculous.
Edit: I'm wiping out all of your arguments for now until I have a chance to review and will un-remove later if they seem reasonable and aren't just an escalating, distributed bickering match.
Fair enough. I suppose I didn't understand what you demanded they do.
This seems like such an odd way to phrase the problem. There already exist alternatives to combating malware without broadcasting an unencrypted(!) hash of the request. In fact, you can have malware protection without having internet access. Windows Defender provides real-time malware protection and (at least to my knowledge) that doesn't require an internet connection. In my mind, Apple's implementation is the alternative implementation.
I completely agree with you that Apple must balance multiple interests (eg, effectiveness) when deploying an anti-malware solution. Nevertheless, Apple has branded itself the privacy-focused mainstream OS; privacy is certainly one of those interests.
I think it'd be impossible to really compare them due to the differences in os. If you could run both methods on either base os it would be a fair test but anything else is just conjecture.
There's absolutely no reason Apple or anybody else should ever be able to know what apps I'm using, without my explicit, prior, and optional consent. If I'm "Less Protected" from malware, so be it. Just make it optional, and preferably open source, and I'll be happy.
How about an off switch?
A way to switch off the "malware" check, if you don't want to?
I think a reasonable trade-off can be made here.
You can make the mechanism for disabling protection reasonably difficult to execute and make it come with plenty of big red warnings that you must read and understand first. Then only very few people would still be successfully manipulated.
Very few is still worse than none, but the upside is that a large number of power users regain control. I think that's worth it. It's the approach a lot of systems already take.
Such as? Not trying to be cheeky, BTW... I'm genuinely curious to hear what you think would be a better way to handle that sort of potential security issue.
Thanks. Reading through that, and another comment of yours mentioned in the one you just linked, has definitely shed some light on the situation. I am not a MacOS user so I had no idea the default action was to trash all unsigned applications, and that it requires a somewhat obscure step for users to actually go through with running it... although I am an iOS/iPadOS user and it's also a PITA to run homebrew on those too, so I probably shouldn't have been so surprised it was as bad/worse on MacOS. :/
I've got the proposal: Stop letting people be idiots with respect to technology.
I haven't run an anti-virus since XP came out, even explicitly disabling it when Windows Defender came out. I've gotten hit by malware twice. Wipe the drive, reinstall the OS, and restore from backup.
If people can't do those things, that's because we've catered to making computers consumption appliances and not tools.
I'm reasonably certain I could run an XP installation today with few, if any problems. Because I understand how to prevent and mitigate the problems malware causes, instead of just learning how to use a mouse and keyboard to use Microsoft Office, Netflix, and Youtube.
This article seems overly inflammatory, at least for most of us.
I think there are two issues. Apple notarizes software. The upside is malware avoidance. The downside is the government can find out what applications you have on your computer. But is this a real concern? I checked in with my wife, who pushes back on overly broad government subpoenas as part of her job, she didn't see any concerns with this. I think Apple's approach is the right approach for 99% of the world.
The second issue is more alarming. As @nothis succinctly put it, what about an off switch? Some users may not want the government to know which applications they use. Some users may not want any data to leak outside of their VPN. Some users may want to monitor the data that Apple sends itself. "Just trust us" is not good enough for the small but vocal minority who care about privacy. If Apple burns its relationship with these people, it is burning its "privacy first" credibility. That said, the jury is still out, so let's see how Apple responds.
It is a real concern. I like Ollie's take on it:
https://youtu.be/fCUTX1jurJ4
Our surveillance society is getting progressively worse, and the majority write off with 'but I have nothing to hide'
You don't until you do. You want your neighbor staring at you while you shower? Then why is it OK for the government to be able to pull up literally everything you've ever done on a computer?
That's nice enough for her, but not an argument at all. It's an appeal to authority, and not an authority that any of us knows about.
Don't just criticize. Provide constructive criticism. What concern do you see?
I meant what concerns are there for the vast majority of people in the government being able to subpoena which applications were opened on which date.
I'm legitimately curious.
As to your point, completely valid. But it's a big company. Someone made a poor decision. Big companies need a while to course correct sometimes.
I think this is pretty damning evidence that Apple doesn't give one iota about your privacy or security outside of being able to market to that effect to those who don't understand technology.
You know how you could do this in a privacy-focused way? Push down the hashes instead of having users push all of theirs up. Let people opt out with one button click with clearly labeled risks of doing so.
If you have to install a third-party program to get your privacy back (See W10Privacy for the Microsoft equivalent), you have no privacy.
How would that work though? The Apple servers would have to crawl and hash every app on the internet. That seems extremely difficult.
Apple is already maintaining a list of blessed and cursed hashes. The idea would be to store that database on each user's computer, instead of querying Apple remotely each time.
But users would still have to send hashes to Apple for every app on your computer or they would have an incomplete (and less useful) database. Unless I'm missing something, here?
It could work similar to the way that Google's "Safe Browsing" API works, which is used to block dangerous URLs (e.g. phishing sites). Chrome uses it of course, but other browsers like Firefox do too.
Programs that want to use it can download and periodically update a local version of the blocked hashes that they can check URLs against. They use a hash-prefix-based system that keeps the data very compact but requires an additional verification check online if the URL might be malicious (when a prefix match occurs), but still doesn't need to reveal the actual URL by using a k-Anonymity approach.
That felt like a pretty dense and confusing explanation, let me know if you want me explain any of it in more depth.
Overall though, it's definitely possible to do something like this in an efficient and privacy-preserving way, but that's not the method Apple is currently using.
(mention for @wirelyre so they see this too)
I don't know exactly how the database is curated right now, but I don't think they populate it with every program people use. In particular, I don't think Apple does anything with unknown hashes.
Here's the Apple support page. It looks like they let users upload malware from their own computer; and that the notarization process is part of their developer program, which they manage directly. So I don't think keeping a database on your computer would in principle remove any functionality from the current system, assuming it's privacy-respecting.
That's scary. It's unclear to me why we can't simply advance technology without a trade-off on our privacy.
I don't even mind so much to send information. But collecting data at such scale just can't be a good thing.