> That's been said for years, and hasn't held true.
It certainly has. Unsigned binaries were recently deprecated entirely on M1 Macs. Microsoft even released versions of the Surface that can only run Windows and only run apps blessed by Microsoft. With each iteration on these products, the screws are tightened a bit more.
Software freedom is not just about being able to run Linux. Most Mac users buy Macs because of macOS and its integrations, running Linux doesn't help them out. Software freedom on macOS definitely does, though. As it stands, that freedom has been chipped away at with new releases of Apple's software and hardware.
For example, I'm the author of several open source utilities for macOS. Users had no problem using the utilities a few years ago, but because they're unsigned or not Notarized, macOS tricks users into thinking that they're either broken or malicious. Even self-signing the apps has macOS treating them as if they're radioactive. Users don't understand the scary signing and certificate alerts, so they end up thinking they've downloaded malware. The solution to this is to pay Apple $100 every year, and then regularly have them scan and approve of the apps via Notarization. That's antithetical to software freedom. Regular users who want to use un-Notarized software are left frightened and without having their needs met. Software freedom is important for everyone, not just developers and power users.
It's easy to argue "give me software freedom or give me death!" if you're a technically competent user that probably won't fall for a trojan, but what about everyone else? Don't you think there's a reasonable argument to locking down systems to improve security? To be clear, I'm not arguing for sacrificing software freedom wholesale for security, only in default configurations.
Except bins signed by self-signed certs are still treated basically the same as unsigned binaries were before.
So why would a company want total control on its ecosystem ? Because government don't want social unrest. So if you can ensure your platform is free of "terrorist", then you can discuss with government better. For example, if you're secure, you can position yourself as a reliable player on banking, e-health, etc. That is, you gain a very strong position to shape society in ways you're interested in. Don't forget that big companies have the power to do that and that those who command them are not required to be benevolent. They are private companies so there's no oversight on which interest they serve first.
It's not all doom and gloom though . As computer gets into our lives, more and more government and parliaments will become aware of the issue and there will be a place to fight for our rights. It's already the case.
The only thing that matter is : a computer is a general purpose machine and must stay a "general purpose" machine.
Fully agreed. This is the most important point. No company or vendor should prevent me from running the software I want, in the way I want, be it modified for my own purposes or not.
Sure, if you only look onto the security side it may be more secure if you can only run approved software, but it is in no circumstances okay to reduce the freedom of a user on his/her private machine. (In a business setting it makes sense to only allow software approved by the IT-Department)
I'm far more worried about companies locking things down due to legitimate concern (security) with malicious intent.
Than being arrested for being mistaken for osama bin laden because I decided to grow a beard.
I'm not sure what the "crack down" is when you can disable it fairly easily.
>So why would a company want total control on its ecosystem ? Because government don't want social unrest.
You'd think that if they want to suppress uprisings, the mechanism they use to do so will be slightly more robust than a setting in the developer options.
>The only thing that matter is : a computer is a general purpose machine and must stay a "general purpose" machine.
How is this related to what we're talking about? What gatekeeper/smartscreen is doing is effectively operating a whitelist system. The platform itself is still open, and you could still do whatever you want before. What's more is that you can disable the system, so I'm not seeing what the issue is.
But it doesn't really make sense:
- All the technical work to restrict users could certainly be done in one release: it's not that hard.
- As to market acceptance, I don't think any of the changes re: binary signing are "getting users used to" being restricted.
So, requiring signed binaries doesn't appreciably make the technical or market challenges of restricting unapproved apps easier.
> Even self-signing the apps has macOS treating them as if they're radioactive.
I appreciate that I can both benefit from PKI attestation of apps (for a small degree of protection against malware), and I can override it and run unsigned stuff.