Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
On Fri, May 17, 2013 at 08:11:27PM -0400, Rich E wrote: nowadays is for a rediculously high level of securty, by default. Not to misconstrue your point in a disingenuous fashion, but let us not confuse or conflate control with security. Andy ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
There's also an option in the System Preferences Security Privacy pane to allow applications from Anywhere as opposed to just the App store or identified developers. That way you don't have to approve software manually case by case. Easy solution for now, but who knows how things will develop from here... On Fri, May 10, 2013 at 5:43 PM, katja katjavet...@gmail.com wrote: Correction, current terminology is 'identified developer' (not 'certified'). Here's Apple's how to handle apps from unidentified devs on OSX 10.8: http://support.apple.com/kb/PH11436 Katja On 5/10/13, katja katjavet...@gmail.com wrote: About OSX 10.8 Mountain Lion I've read some time ago that it would run / install apps from certified Apple devs only, unless the user disables that level of security, and then it would run any app without such restriction (which is of course not recommended). At the time I read about that, I was considering upgrading from OSX 10.5, but the concept of 'Apple certified developer' made me think twice. Eventually, it made me turn towards Linux for good. Still I feel that Pd, externals and patches should be supported for as many platforms possible, as is tradition. I can understand why Apple wants to raise their standard for trusted code. In Linux world too, there's screening before one gains write access to trusted repositories, which is obviously beneficial for quality and security. But in Apple's case, selection rationale and criteria will not be open to discussion, or even fully knowledgeable. Therefore, being 'Apple certified developer' is more like being a loyal employee than an independent software developer. Frankly, I feel no appeal at all. Hopefully there's a way around. Katja On 5/10/13, Jonathan Wilkes jancs...@yahoo.com wrote: - Original Message - From: Miller Puckette m...@ucsd.edu To: pd-dev@iem.at Cc: Sent: Friday, May 10, 2013 12:41 PM Subject: [PD-dev] Mac Os now requiring Apple signatures on all SW !? T o Pd devs - I heard from a student that the neweset Mac Os (10.8? not sure - perhaps we can just call it 'Cheshire Cat') won't run binaries of any sort that haven't been signed by Apple - and that to get Apple to sign your app you have to register as a developer ($100/year) and still risk getting denounced as non-Apple-approved. If this is really the case it puts all of us in a bind - for example to publish a piece of music that relies on a custom extern you'd have to pay out the $100 in perpetuity to keep the extern signed. Maybe this is overblown but if it's true it puts Pd devs in a bind - I think we're obliged to try to suppport Pd on Apple (so as not to undercut current Pd users who are on Mac) but to play along with Apple would be to participate in what is ultimately a scheme to wrest control away from computer users everywhere. I'd welcom others' views on this, especially if someome can tell me this is a false alarm :) I haven't read a single article or new story on anything resembling this. Such a move would make the entire Apple ecosystem incompatible with ALL GPL v3 software. I suppose such a move isn't outside of the realm of possibility, but if Apple did go down that road you can bet it will effect more than just Pd-extended/Pd-l2ork. So either a) its FUD, or b) we would throw our weight behind whatever large-scale organizing effort manifests itself (probably coming from the FSF) to defeat such a move. Either way it should not affect a single line of Pd code nor the development process. -Jonathan Miller ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev -- William Brent www.williambrent.com “Great minds flock together” Conflations: conversational idiom for the 21st century www.conflations.com ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
I wouldn't stop anyone from putting Pd into the Apple App Store, but I'm not going to contribute to the effort. It is indeed this ridiculous path that Apple is taking with Mac OS X that has made me abandon Mac OS X. I now use Linux Mint 95% of the time. .hc On 05/17/2013 08:11 PM, Rich E wrote: I think putting a 'validated' pd in the app store is a great idea, for both pd-vanilla and pd-extended. Just alot of work. I believe, but am not certain, that dlopen will continue to work as long as you play the 'app sandbox' game: if a user wants to load binaries from a different location in a sandboxed app, they need to give permission. Here are the juicy details: http://developer.apple.com/library/mac/#documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html#//apple_ref/doc/uid/TP40011183-CH3-SW5 of importance in there is 'Securty-Scoped Bookmarks'. Note this isn't just Mac, you have to jump through the same hoops for WinRT, which hasn't really caught on yet, but its a sign that the trend nowadays is for a rediculously high level of securty, by default. On Fri, May 10, 2013 at 7:21 PM, Jonathan Wilkes jancs...@yahoo.com wrote: - Original Message - From: Miller Puckette m...@ucsd.edu To: Jonathan Wilkes jancs...@yahoo.com Cc: pd-dev@iem.at pd-dev@iem.at Sent: Friday, May 10, 2013 7:12 PM Subject: Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !? T hat sounds sensible... sounds like I can probably do nothing for now (but I'm worried they're going to progressively lock things down harder in the future... this isn't going in a good direction!) Well, if they decide to remove the easy workaround that would be a big enough change that we'll likely hear news from FSF and others. -Jonathan M Again, that adds credibility to a system that adds little more than a pain for users, and it distracts everyone other than bureaucrats. Most users just want to download and run your software. If a school sysadmin wants to misunderstand security and force instructors to go through the hoops, then the school or, at worst, the instructor should pay you to jump through the hoops and get a signing key. The end user shouldn't even be aware of any of this, other than maybe seeing a link to the _trivial_ workaround katja mentioned next to the version you currently have available. -Jonathan ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
I think putting a 'validated' pd in the app store is a great idea, for both pd-vanilla and pd-extended. Just alot of work. I believe, but am not certain, that dlopen will continue to work as long as you play the 'app sandbox' game: if a user wants to load binaries from a different location in a sandboxed app, they need to give permission. Here are the juicy details: http://developer.apple.com/library/mac/#documentation/Security/Conceptual/AppSandboxDesignGuide/AppSandboxInDepth/AppSandboxInDepth.html#//apple_ref/doc/uid/TP40011183-CH3-SW5 of importance in there is 'Securty-Scoped Bookmarks'. Note this isn't just Mac, you have to jump through the same hoops for WinRT, which hasn't really caught on yet, but its a sign that the trend nowadays is for a rediculously high level of securty, by default. On Fri, May 10, 2013 at 7:21 PM, Jonathan Wilkes jancs...@yahoo.com wrote: - Original Message - From: Miller Puckette m...@ucsd.edu To: Jonathan Wilkes jancs...@yahoo.com Cc: pd-dev@iem.at pd-dev@iem.at Sent: Friday, May 10, 2013 7:12 PM Subject: Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !? T hat sounds sensible... sounds like I can probably do nothing for now (but I'm worried they're going to progressively lock things down harder in the future... this isn't going in a good direction!) Well, if they decide to remove the easy workaround that would be a big enough change that we'll likely hear news from FSF and others. -Jonathan M Again, that adds credibility to a system that adds little more than a pain for users, and it distracts everyone other than bureaucrats. Most users just want to download and run your software. If a school sysadmin wants to misunderstand security and force instructors to go through the hoops, then the school or, at worst, the instructor should pay you to jump through the hoops and get a signing key. The end user shouldn't even be aware of any of this, other than maybe seeing a link to the _trivial_ workaround katja mentioned next to the version you currently have available. -Jonathan ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
- Original Message - From: Miller Puckette m...@ucsd.edu To: pd-dev@iem.at Cc: Sent: Friday, May 10, 2013 12:41 PM Subject: [PD-dev] Mac Os now requiring Apple signatures on all SW !? T o Pd devs - I heard from a student that the neweset Mac Os (10.8? not sure - perhaps we can just call it 'Cheshire Cat') won't run binaries of any sort that haven't been signed by Apple - and that to get Apple to sign your app you have to register as a developer ($100/year) and still risk getting denounced as non-Apple-approved. If this is really the case it puts all of us in a bind - for example to publish a piece of music that relies on a custom extern you'd have to pay out the $100 in perpetuity to keep the extern signed. Maybe this is overblown but if it's true it puts Pd devs in a bind - I think we're obliged to try to suppport Pd on Apple (so as not to undercut current Pd users who are on Mac) but to play along with Apple would be to participate in what is ultimately a scheme to wrest control away from computer users everywhere. I'd welcom others' views on this, especially if someome can tell me this is a false alarm :) I haven't read a single article or new story on anything resembling this. Such a move would make the entire Apple ecosystem incompatible with ALL GPL v3 software. I suppose such a move isn't outside of the realm of possibility, but if Apple did go down that road you can bet it will effect more than just Pd-extended/Pd-l2ork. So either a) its FUD, or b) we would throw our weight behind whatever large-scale organizing effort manifests itself (probably coming from the FSF) to defeat such a move. Either way it should not affect a single line of Pd code nor the development process. -Jonathan Miller ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
About OSX 10.8 Mountain Lion I've read some time ago that it would run / install apps from certified Apple devs only, unless the user disables that level of security, and then it would run any app without such restriction (which is of course not recommended). At the time I read about that, I was considering upgrading from OSX 10.5, but the concept of 'Apple certified developer' made me think twice. Eventually, it made me turn towards Linux for good. Still I feel that Pd, externals and patches should be supported for as many platforms possible, as is tradition. I can understand why Apple wants to raise their standard for trusted code. In Linux world too, there's screening before one gains write access to trusted repositories, which is obviously beneficial for quality and security. But in Apple's case, selection rationale and criteria will not be open to discussion, or even fully knowledgeable. Therefore, being 'Apple certified developer' is more like being a loyal employee than an independent software developer. Frankly, I feel no appeal at all. Hopefully there's a way around. Katja On 5/10/13, Jonathan Wilkes jancs...@yahoo.com wrote: - Original Message - From: Miller Puckette m...@ucsd.edu To: pd-dev@iem.at Cc: Sent: Friday, May 10, 2013 12:41 PM Subject: [PD-dev] Mac Os now requiring Apple signatures on all SW !? T o Pd devs - I heard from a student that the neweset Mac Os (10.8? not sure - perhaps we can just call it 'Cheshire Cat') won't run binaries of any sort that haven't been signed by Apple - and that to get Apple to sign your app you have to register as a developer ($100/year) and still risk getting denounced as non-Apple-approved. If this is really the case it puts all of us in a bind - for example to publish a piece of music that relies on a custom extern you'd have to pay out the $100 in perpetuity to keep the extern signed. Maybe this is overblown but if it's true it puts Pd devs in a bind - I think we're obliged to try to suppport Pd on Apple (so as not to undercut current Pd users who are on Mac) but to play along with Apple would be to participate in what is ultimately a scheme to wrest control away from computer users everywhere. I'd welcom others' views on this, especially if someome can tell me this is a false alarm :) I haven't read a single article or new story on anything resembling this. Such a move would make the entire Apple ecosystem incompatible with ALL GPL v3 software. I suppose such a move isn't outside of the realm of possibility, but if Apple did go down that road you can bet it will effect more than just Pd-extended/Pd-l2ork. So either a) its FUD, or b) we would throw our weight behind whatever large-scale organizing effort manifests itself (probably coming from the FSF) to defeat such a move. Either way it should not affect a single line of Pd code nor the development process. -Jonathan Miller ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
Correction, current terminology is 'identified developer' (not 'certified'). Here's Apple's how to handle apps from unidentified devs on OSX 10.8: http://support.apple.com/kb/PH11436 Katja On 5/10/13, katja katjavet...@gmail.com wrote: About OSX 10.8 Mountain Lion I've read some time ago that it would run / install apps from certified Apple devs only, unless the user disables that level of security, and then it would run any app without such restriction (which is of course not recommended). At the time I read about that, I was considering upgrading from OSX 10.5, but the concept of 'Apple certified developer' made me think twice. Eventually, it made me turn towards Linux for good. Still I feel that Pd, externals and patches should be supported for as many platforms possible, as is tradition. I can understand why Apple wants to raise their standard for trusted code. In Linux world too, there's screening before one gains write access to trusted repositories, which is obviously beneficial for quality and security. But in Apple's case, selection rationale and criteria will not be open to discussion, or even fully knowledgeable. Therefore, being 'Apple certified developer' is more like being a loyal employee than an independent software developer. Frankly, I feel no appeal at all. Hopefully there's a way around. Katja On 5/10/13, Jonathan Wilkes jancs...@yahoo.com wrote: - Original Message - From: Miller Puckette m...@ucsd.edu To: pd-dev@iem.at Cc: Sent: Friday, May 10, 2013 12:41 PM Subject: [PD-dev] Mac Os now requiring Apple signatures on all SW !? T o Pd devs - I heard from a student that the neweset Mac Os (10.8? not sure - perhaps we can just call it 'Cheshire Cat') won't run binaries of any sort that haven't been signed by Apple - and that to get Apple to sign your app you have to register as a developer ($100/year) and still risk getting denounced as non-Apple-approved. If this is really the case it puts all of us in a bind - for example to publish a piece of music that relies on a custom extern you'd have to pay out the $100 in perpetuity to keep the extern signed. Maybe this is overblown but if it's true it puts Pd devs in a bind - I think we're obliged to try to suppport Pd on Apple (so as not to undercut current Pd users who are on Mac) but to play along with Apple would be to participate in what is ultimately a scheme to wrest control away from computer users everywhere. I'd welcom others' views on this, especially if someome can tell me this is a false alarm :) I haven't read a single article or new story on anything resembling this. Such a move would make the entire Apple ecosystem incompatible with ALL GPL v3 software. I suppose such a move isn't outside of the realm of possibility, but if Apple did go down that road you can bet it will effect more than just Pd-extended/Pd-l2ork. So either a) its FUD, or b) we would throw our weight behind whatever large-scale organizing effort manifests itself (probably coming from the FSF) to defeat such a move. Either way it should not affect a single line of Pd code nor the development process. -Jonathan Miller ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
- Original Message - From: katja katjavet...@gmail.com To: Jonathan Wilkes jancs...@yahoo.com Cc: Miller Puckette m...@ucsd.edu; pd-dev@iem.at pd-dev@iem.at Sent: Friday, May 10, 2013 5:20 PM Subject: Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !? About OSX 10.8 Mountain Lion I've read some time ago that it would run / install apps from certified Apple devs only, unless the user disables that level of security, and then it would run any app without such restriction (which is of course not recommended). At the time I read about that, I was considering upgrading from OSX 10.5, but the concept of 'Apple certified developer' made me think twice. Eventually, it made me turn towards Linux for good. Still I feel that Pd, externals and patches should be supported for as many platforms possible, as is tradition. Pd-extended and Pd-l2ork have plenty of widely-used GPLv3 externals that come with them so it's a non-starter. If the security setting you describe is a binary choice then unfortunately for the Mac user that is the proper solution here. But keep in mind this isn't a choice between security and Pd, this is a choice between security and running any free software code whose devs refuse to support a non-transparent, arbitrarily revokable signing mechanism that has a central point of failure and terrible track record wrt to privacy/security. -Jonathan I can understand why Apple wants to raise their standard for trusted code. In Linux world too, there's screening before one gains write access to trusted repositories, which is obviously beneficial for quality and security. But in Apple's case, selection rationale and criteria will not be open to discussion, or even fully knowledgeable. Therefore, being 'Apple certified developer' is more like being a loyal employee than an independent software developer. Frankly, I feel no appeal at all. Hopefully there's a way around. Katja On 5/10/13, Jonathan Wilkes jancs...@yahoo.com wrote: - Original Message - From: Miller Puckette m...@ucsd.edu To: pd-dev@iem.at Cc: Sent: Friday, May 10, 2013 12:41 PM Subject: [PD-dev] Mac Os now requiring Apple signatures on all SW !? T o Pd devs - I heard from a student that the neweset Mac Os (10.8? not sure - perhaps we can just call it 'Cheshire Cat') won't run binaries of any sort that haven't been signed by Apple - and that to get Apple to sign your app you have to register as a developer ($100/year) and still risk getting denounced as non-Apple-approved. If this is really the case it puts all of us in a bind - for example to publish a piece of music that relies on a custom extern you'd have to pay out the $100 in perpetuity to keep the extern signed. Maybe this is overblown but if it's true it puts Pd devs in a bind - I think we're obliged to try to suppport Pd on Apple (so as not to undercut current Pd users who are on Mac) but to play along with Apple would be to participate in what is ultimately a scheme to wrest control away from computer users everywhere. I'd welcom others' views on this, especially if someome can tell me this is a false alarm :) I haven't read a single article or new story on anything resembling this. Such a move would make the entire Apple ecosystem incompatible with ALL GPL v3 software. I suppose such a move isn't outside of the realm of possibility, but if Apple did go down that road you can bet it will effect more than just Pd-extended/Pd-l2ork. So either a) its FUD, or b) we would throw our weight behind whatever large-scale organizing effort manifests itself (probably coming from the FSF) to defeat such a move. Either way it should not affect a single line of Pd code nor the development process. -Jonathan Miller ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
So here's a mad idea I had - what if I put a 'validated' Pd vanilla up for sale for $5 - but also give the identical program away for free the way I do now - that way, school sysadmins who really want their machines only to run 'validated' sotware will be out $5 a box and we can put the money toward the next Pd convention. Maybe that's the canonical way to run a Pd convention in the USA - by acting like USA people. cheers M On Fri, May 10, 2013 at 03:12:23PM -0700, Jonathan Wilkes wrote: - Original Message - From: katja katjavet...@gmail.com To: Jonathan Wilkes jancs...@yahoo.com Cc: Miller Puckette m...@ucsd.edu; pd-dev@iem.at pd-dev@iem.at Sent: Friday, May 10, 2013 5:20 PM Subject: Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !? About OSX 10.8 Mountain Lion I've read some time ago that it would run / install apps from certified Apple devs only, unless the user disables that level of security, and then it would run any app without such restriction (which is of course not recommended). At the time I read about that, I was considering upgrading from OSX 10.5, but the concept of 'Apple certified developer' made me think twice. Eventually, it made me turn towards Linux for good. Still I feel that Pd, externals and patches should be supported for as many platforms possible, as is tradition. Pd-extended and Pd-l2ork have plenty of widely-used GPLv3 externals that come with them so it's a non-starter. If the security setting you describe is a binary choice then unfortunately for the Mac user that is the proper solution here. But keep in mind this isn't a choice between security and Pd, this is a choice between security and running any free software code whose devs refuse to support a non-transparent, arbitrarily revokable signing mechanism that has a central point of failure and terrible track record wrt to privacy/security. -Jonathan I can understand why Apple wants to raise their standard for trusted code. In Linux world too, there's screening before one gains write access to trusted repositories, which is obviously beneficial for quality and security. But in Apple's case, selection rationale and criteria will not be open to discussion, or even fully knowledgeable. Therefore, being 'Apple certified developer' is more like being a loyal employee than an independent software developer. Frankly, I feel no appeal at all. Hopefully there's a way around. Katja On 5/10/13, Jonathan Wilkes jancs...@yahoo.com wrote: - Original Message - From: Miller Puckette m...@ucsd.edu To: pd-dev@iem.at Cc: Sent: Friday, May 10, 2013 12:41 PM Subject: [PD-dev] Mac Os now requiring Apple signatures on all SW !? T o Pd devs - I heard from a student that the neweset Mac Os (10.8? not sure - perhaps we can just call it 'Cheshire Cat') won't run binaries of any sort that haven't been signed by Apple - and that to get Apple to sign your app you have to register as a developer ($100/year) and still risk getting denounced as non-Apple-approved. If this is really the case it puts all of us in a bind - for example to publish a piece of music that relies on a custom extern you'd have to pay out the $100 in perpetuity to keep the extern signed. Maybe this is overblown but if it's true it puts Pd devs in a bind - I think we're obliged to try to suppport Pd on Apple (so as not to undercut current Pd users who are on Mac) but to play along with Apple would be to participate in what is ultimately a scheme to wrest control away from computer users everywhere. I'd welcom others' views on this, especially if someome can tell me this is a false alarm :) I haven't read a single article or new story on anything resembling this. Such a move would make the entire Apple ecosystem incompatible with ALL GPL v3 software. I suppose such a move isn't outside of the realm of possibility, but if Apple did go down that road you can bet it will effect more than just Pd-extended/Pd-l2ork. So either a) its FUD, or b) we would throw our weight behind whatever large-scale organizing effort manifests itself (probably coming from the FSF) to defeat such a move. Either way it should not affect a single line of Pd code nor the development process. -Jonathan Miller ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev ___ Pd-dev mailing list Pd-dev@iem.at http
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
- Original Message - From: katja katjavet...@gmail.com To: Jonathan Wilkes jancs...@yahoo.com Cc: Miller Puckette m...@ucsd.edu; pd-dev@iem.at pd-dev@iem.at Sent: Friday, May 10, 2013 5:43 PM Subject: Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !? Correction, current terminology is 'identified developer' (not 'certified'). Here's Apple's how to handle apps from unidentified devs on OSX 10.8: http://support.apple.com/kb/PH11436 Then the steps to override are outlined on that page. Since it stores the override as an exception it's minimal bother for the user. I'm not exactly sure what I think of the Apple Developer Program. It provides a very minimal benefit of communicating to the user that the binary they are attempting to run was signed by someone who has jumped through some hoops, is probably the person they say they are, and probably hasn't put any overtly harmful code inside the software. But that's a long way from anything approaching meaningful security like showing the source to anyone in the world that wants to look. Just compare the number of viruses and spyware coming from the app store to the number of viruses and spyware that have ever come from Debian repositories. While that's not an issue for Pd which has its source publicly available, just having the signature adds credibility to the system. If someone from the Pd community is willing to pay money to use a system that has a broken security model, I'd at least like to see it go first toward downloading Pd over SSL since at least we know how exactly that system is broken and the security it does add would benefit all distributions, not just Mac OS. -Jonathan Katja On 5/10/13, katja katjavet...@gmail.com wrote: About OSX 10.8 Mountain Lion I've read some time ago that it would run / install apps from certified Apple devs only, unless the user disables that level of security, and then it would run any app without such restriction (which is of course not recommended). At the time I read about that, I was considering upgrading from OSX 10.5, but the concept of 'Apple certified developer' made me think twice. Eventually, it made me turn towards Linux for good. Still I feel that Pd, externals and patches should be supported for as many platforms possible, as is tradition. I can understand why Apple wants to raise their standard for trusted code. In Linux world too, there's screening before one gains write access to trusted repositories, which is obviously beneficial for quality and security. But in Apple's case, selection rationale and criteria will not be open to discussion, or even fully knowledgeable. Therefore, being 'Apple certified developer' is more like being a loyal employee than an independent software developer. Frankly, I feel no appeal at all. Hopefully there's a way around. Katja On 5/10/13, Jonathan Wilkes jancs...@yahoo.com wrote: - Original Message - From: Miller Puckette m...@ucsd.edu To: pd-dev@iem.at Cc: Sent: Friday, May 10, 2013 12:41 PM Subject: [PD-dev] Mac Os now requiring Apple signatures on all SW !? T o Pd devs - I heard from a student that the neweset Mac Os (10.8? not sure - perhaps we can just call it 'Cheshire Cat') won't run binaries of any sort that haven't been signed by Apple - and that to get Apple to sign your app you have to register as a developer ($100/year) and still risk getting denounced as non-Apple-approved. If this is really the case it puts all of us in a bind - for example to publish a piece of music that relies on a custom extern you'd have to pay out the $100 in perpetuity to keep the extern signed. Maybe this is overblown but if it's true it puts Pd devs in a bind - I think we're obliged to try to suppport Pd on Apple (so as not to undercut current Pd users who are on Mac) but to play along with Apple would be to participate in what is ultimately a scheme to wrest control away from computer users everywhere. I'd welcom others' views on this, especially if someome can tell me this is a false alarm :) I haven't read a single article or new story on anything resembling this. Such a move would make the entire Apple ecosystem incompatible with ALL GPL v3 software. I suppose such a move isn't outside of the realm of possibility, but if Apple did go down that road you can bet it will effect more than just Pd-extended/Pd-l2ork. So either a) its FUD, or b) we would throw our weight behind whatever large-scale organizing effort manifests itself (probably coming from the FSF) to defeat such a move. Either way it should not affect a single line of Pd code nor the development process. -Jonathan Miller ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
FWIW my 2c is expounded here; http://www2.prestel.co.uk/rey/faustus.htm On Fri, May 10, 2013 at 03:28:28PM -0700, Miller Puckette wrote: So here's a mad idea I had - what if I put a 'validated' Pd vanilla up for ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
- Original Message - From: Miller Puckette m...@ucsd.edu To: Jonathan Wilkes jancs...@yahoo.com Cc: katja katjavet...@gmail.com; pd-dev@iem.at pd-dev@iem.at Sent: Friday, May 10, 2013 6:28 PM Subject: Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !? So here's a mad idea I had - what if I put a 'validated' Pd vanilla up for sale for $5 - but also give the identical program away for free the way I do now - that way, school sysadmins who really want their machines only to run 'validated' sotware will be out $5 a box and we can put the money toward the next Pd convention. Maybe that's the canonical way to run a Pd convention in the USA - by acting like USA people. Again, that adds credibility to a system that adds little more than a pain for users, and it distracts everyone other than bureaucrats. Most users just want to download and run your software. If a school sysadmin wants to misunderstand security and force instructors to go through the hoops, then the school or, at worst, the instructor should pay you to jump through the hoops and get a signing key. The end user shouldn't even be aware of any of this, other than maybe seeing a link to the _trivial_ workaround katja mentioned next to the version you currently have available. -Jonathan cheers M On Fri, May 10, 2013 at 03:12:23PM -0700, Jonathan Wilkes wrote: - Original Message - From: katja katjavet...@gmail.com To: Jonathan Wilkes jancs...@yahoo.com Cc: Miller Puckette m...@ucsd.edu; pd-dev@iem.at pd-dev@iem.at Sent: Friday, May 10, 2013 5:20 PM Subject: Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !? About OSX 10.8 Mountain Lion I've read some time ago that it would run / install apps from certified Apple devs only, unless the user disables that level of security, and then it would run any app without such restriction (which is of course not recommended). At the time I read about that, I was considering upgrading from OSX 10.5, but the concept of 'Apple certified developer' made me think twice. Eventually, it made me turn towards Linux for good. Still I feel that Pd, externals and patches should be supported for as many platforms possible, as is tradition. Pd-extended and Pd-l2ork have plenty of widely-used GPLv3 externals that come with them so it's a non-starter. If the security setting you describe is a binary choice then unfortunately for the Mac user that is the proper solution here. But keep in mind this isn't a choice between security and Pd, this is a choice between security and running any free software code whose devs refuse to support a non-transparent, arbitrarily revokable signing mechanism that has a central point of failure and terrible track record wrt to privacy/security. -Jonathan I can understand why Apple wants to raise their standard for trusted code. In Linux world too, there's screening before one gains write access to trusted repositories, which is obviously beneficial for quality and security. But in Apple's case, selection rationale and criteria will not be open to discussion, or even fully knowledgeable. Therefore, being 'Apple certified developer' is more like being a loyal employee than an independent software developer. Frankly, I feel no appeal at all. Hopefully there's a way around. Katja On 5/10/13, Jonathan Wilkes jancs...@yahoo.com wrote: - Original Message - From: Miller Puckette m...@ucsd.edu To: pd-dev@iem.at Cc: Sent: Friday, May 10, 2013 12:41 PM Subject: [PD-dev] Mac Os now requiring Apple signatures on all SW !? T o Pd devs - I heard from a student that the neweset Mac Os (10.8? not sure - perhaps we can just call it 'Cheshire Cat') won't run binaries of any sort that haven't been signed by Apple - and that to get Apple to sign your app you have to register as a developer ($100/year) and still risk getting denounced as non-Apple-approved. If this is really the case it puts all of us in a bind - for example to publish a piece of music that relies on a custom extern you'd have to pay out the $100 in perpetuity to keep the extern signed. Maybe this is overblown but if it's true it puts Pd devs in a bind - I think we're obliged to try to suppport Pd on Apple (so as not to undercut current Pd users who are on Mac) but to play along with Apple would be to participate in what is ultimately a scheme to wrest control away from computer users everywhere. I'd welcom others' views on this, especially if someome can tell me this is a false alarm :) I haven't read a single article or new story on anything resembling this. Such a move would make the entire Apple ecosystem incompatible
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
That sounds sensible... sounds like I can probably do nothing for now (but I'm worried they're going to progressively lock things down harder in the future... this isn't going in a good direction!) M Again, that adds credibility to a system that adds little more than a pain for users, and it distracts everyone other than bureaucrats. Most users just want to download and run your software. If a school sysadmin wants to misunderstand security and force instructors to go through the hoops, then the school or, at worst, the instructor should pay you to jump through the hoops and get a signing key. The end user shouldn't even be aware of any of this, other than maybe seeing a link to the _trivial_ workaround katja mentioned next to the version you currently have available. -Jonathan ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev
Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !?
- Original Message - From: Miller Puckette m...@ucsd.edu To: Jonathan Wilkes jancs...@yahoo.com Cc: pd-dev@iem.at pd-dev@iem.at Sent: Friday, May 10, 2013 7:12 PM Subject: Re: [PD-dev] Mac Os now requiring Apple signatures on all SW !? T hat sounds sensible... sounds like I can probably do nothing for now (but I'm worried they're going to progressively lock things down harder in the future... this isn't going in a good direction!) Well, if they decide to remove the easy workaround that would be a big enough change that we'll likely hear news from FSF and others. -Jonathan M Again, that adds credibility to a system that adds little more than a pain for users, and it distracts everyone other than bureaucrats. Most users just want to download and run your software. If a school sysadmin wants to misunderstand security and force instructors to go through the hoops, then the school or, at worst, the instructor should pay you to jump through the hoops and get a signing key. The end user shouldn't even be aware of any of this, other than maybe seeing a link to the _trivial_ workaround katja mentioned next to the version you currently have available. -Jonathan ___ Pd-dev mailing list Pd-dev@iem.at http://lists.puredata.info/listinfo/pd-dev
