Thoughts on the Mac OS X Mountain Lion Developer Preview
by Andrew Cunningham & Anand Lal Shimpi on February 19, 2012 7:40 PM EST- Posted in
- Mountain Lion
- Mac
- macOS
Gatekeeper
Of the Mountain Lion announcements, Gatekeeper has been one of the most discussed. Apple has touted OS X as being a safer, more secure environment than Windows, offering its customers a relatively malware-free experience. In the early days this was often discounted by saying that OS X wasn't a likely target for malware simply because no one used it. Today Apple claims to have a Mac installed base of 63 million users. While there are far more Windows users, that's not an insignificant number. And it's growing.
As the likelihood for significant malware targeting OS X increases, Apple must do whatever it can to maintain its pristine image. In a sense, Apple made its bed by promising a more secure, virus/malware-free experience, and now it has to sleep in it. It's not a bad thing, but it's something that is going to require a lot of work.
The easiest and most obvious solution to the problem is the Mac App Store. Every app distributed through the Mac App Store is certified by Apple and thus no malware/viruses should ever make their way to a customer's Mac if they only run apps from the Store. That's a step in the wrong direction unfortunately. Companies like Adobe and Microsoft don't make their applications available in the Mac App Store (paying Apple 30% for every copy of Photoshop sold seems unlikely to happen), not to mention the tons of useful open source or other programs that aren't distributed through the MAS. While the iPhone can sell just fine as a platform that's more of an appliance, Macs (at least today) cannot.
The alternative is to heavily warn users that what they're running isn't exactly safe but allow applications, regardless of origin, to be run. This is what's done today in Lion. The first time you run an application that you downloaded you'll get a message that looks like this:
It's the everlasting debate between freedom and security. Give up one to get the other, but what's the right balance?
The compromise in Mountain Lion comes in the form of a tool called Gatekeeper. An innocuous little radio selection in the Security preference pane, Gatekeeper lets you choose what applications can be run on your Mac.
You can choose to only allow applications from the Mac App Store, allow all (the two extremes we discussed above) or pick an in-between option: allow anything downloaded from the MAS or anything by an identified developer.
This in-between setting is the compromise.
If a developer joins the Mac developer program ($99/year) it can become an officially identified developer with Apple. The developer can then sign its applications with a unique cryptographic key that Apple recognizes, without requiring that the apps be distributed through the Mac App Store. Unlike the Mac App Store, there's no approval process that the developer's signed apps need to go through. There's only one stipulation that goes along with the identified developer label: the apps distributed with that key cannot be malware.
Apps from identified developers will communicate with Apple's servers to verify the digital signature is intact and correct only upon install or the first run of the application. Subsequent runs do not phone home and there's no remote kill switch for these applications. Should Apple find out that a developer has been distributing malware Apple can revoke the developer's key, but that would only render those apps that have yet to be installed/run from working. Without a certification process for non-MAS apps there's still a degree of risk associated with this compromise. I don't believe the ideal solution is to force everyone to buy through the MAS, but Gatekeeper's compromise isn't an impervious solution.
Apple tells us the default Gatekeeper setting in Mountain Lion will be to allow apps from the Mac App Store or from identified developers to run. Hopefully by the time Mountain Lion ships many third party developers will be on-board and identified making the transition mostly seamless. If you don't change the default Gatekeeper setting there's another way around the protection: simply control-click (or right click) on the app you're trying to run and select open. Doing so will override the Gatekeeper setting and let you run an unsigned app.
Facebook
Twitter
RSS
96 Comments
View All Comments
steven75 - Monday, February 20, 2012 - link
"But my 10 year old needs to understand computers properly"And why, exactly, is that?
Will you require her to build her own car, slaughter her own meat, assemble her own furniture?
bji - Monday, February 20, 2012 - link
Is it really possible that so many people can't see the difference in the expected benefit of having deep technical knowledge of computers versus knowing how to build a car, slaughter a cow, or build furniture?Seriously - are you living in 1912 or 2012? I personally live in 2012 and can readily see the benefit of technical knowledge.
Furthermore, experience with building/programming computers is fairly easy to impart when a) the parent is already interested in and knowledgeable about them, and b) it is an easily accessible, "clean" topic of study. We can easily teach our children about computers, it is much harder for a whole variety of reasons to give them hands-on experience with car manufacturing or cow slaughtering.
I imagine that there are in fact some carpenters for whom the last suggestion - furniture assembly - is a reasonable thing to try to teach their children, but those people are probably underrepresented here. But I would not begrudge them a desire to pass their knowledge onto their children either, although I suspect those of you in the deliberately-obtuse crowd would.
solipsism - Monday, February 20, 2012 - link
Is it really possible that so many people can't see the difference in the expected benefit of having deep technical knowledge of computers versus only having a computer if you've built it yourself?bji - Monday, February 20, 2012 - link
Although your comment doesn't make any sense as written, I'll assume you meant to point out that you don't have to force someone to build their own computer as the only way to help them to learn about computers.Nobody said that building your own computer is the *only* way to learn about computers; but the burden of proof would be on you if you are suggesting that it isn't a good way to get some knowledge about how computers work and what they are made of.
cjs150 - Monday, February 20, 2012 - link
If all children are taught is to use certain software packages, for example Word, you are not teaching computing but merely a more modern version of a typist course. Children deserve and need to learn more because they will be the next generation of programmers, system designers, graphic designers etcYes children should learn about how the meat they eat is farmed, the slaughtering techniques, hygenie issues. Actually slaughtering animals is probably off the agenda in a inner city school though!
I believe that assembling her own furniture would get taught in woodworking (or whatever the course is called now), although that covers a bit more as well. And she did (with help) assemble her own flat pack book case
Conficio - Tuesday, February 21, 2012 - link
As a father, I'd only remark that you should carefully weigh if your daughter has an interest in building a computer.Nothing wrong with teaching your kids a subject where you are an expert. Just they have to be motivated.
School teachers these days (not much to their fault) are not experts in anything they teach. In a modern (city or Internet connected) world there are always better writers, critical thinkers, mathematicians, biologists, farmers, woodworkers, typists, etc. in easy reach. It used to be 100 - 150 years ago that a teacher was one of the elite (besides the mayor, priest, doctor and lawyer in town) based on his/her academic training and ability to read/write and have some understanding of the world beyond the village boundaries. The world has changed often you find among the parents alone way more expertise in most subjects taught.
Anyhow in most cases teachers do not and can not stretch the knowledge of their pupils into current expertise in almost any field. So being able to teach some of this yourself is a good thing.
However, you got to see that at the end of the day you are not imposing your own desires and like onto your child. Because that won't help and make the child only feel misunderstood by its parents. Have an eye of the fact that it is not so much about what you learn, but more to what level of effort (and academic abstraction) you learn it. That is what teaches you how to learn any kind of complex subject and that is the skill that sustains you in life (besides social abilities and [self] motivation).
FWCorey - Tuesday, May 1, 2012 - link
"As a father, I'd only remark that you should carefully weigh if your daughter has an interest in building a computer.Nothing wrong with teaching your kids a subject where you are an expert. Just they have to be motivated."
Part of being a parent and helping your child to develop is giving them knowledge of a broad range of subjects. Just because something the have no knowledge of doesn't interest them, doesn't mean that might not change once they've been given a little experience with it. And if it doesn't change, at least they can honestly tell themselves it's an informed choice.
We should all have at least a little knowledge of a wide range of topics anyway, whether they appeal to us or not for the simple practical reason of communication with others who do. You also never know when a tidbit of info from some other topic can help you see something you ARE interested in from another perspective.
suprem1ty - Tuesday, February 21, 2012 - link
Theres nothing wrong with providing some education.Especially when said education (computing) is so important and fundamental to our current society.
If I had a child I would want to make sure that they were well educated when it came to things I found important; it's not until they're old enough to choose for themselves that I would let them "take their own path" as it were.
cyabud - Monday, February 20, 2012 - link
"I want to know how things work, I want to be able to fiddle with settings, add programs that genuinely extend or enhance my working experience."Apple hasn't removed any features from Mountain Lion that prevent you from fiddling with settings or adding programs that genuinely extend or enhance your working experience.
I am a power user running OS X, Windows and Ubuntu on multiple machines/VMs. All three systems offer plenty of configuration options (from a client perspective, as oppose to server) and third party software to do pretty much anything I want from any system I choose.
Sure, AirPlay Mirroring is 720p only for now but don't act like alternatives don't exist... My copy of Lion is running a DLNA server streaming 1080p video to my Samsung blu-ray player without issue.
KPOM - Monday, February 20, 2012 - link
Windows 8 ARM will be an even tighter walled garden than Mountain Lion. It will be like iOS, actually. Apps will be available exclusively from the Windows Store.I think computers have started to arrive where cars have been for the last 20 years or so. They are complex appliances that are turnkey to the end-user. Most of us don't know how to tinker with our cars the way people did back in the early days (or as late as the 1970s and 1980s).