Yes, it definitely adds quite a bit of friction. Though my other points about not needing to pay for the Apple Developer Program unless you want to codesign (at a much lower price than what you pay for a codesigning certificate suitable for signing Windows programs) and not having to pay Apple 30% (or 15%, or anything) on macOS still stand.

Your point doesn't really stand, no.

Your solution solves a made up problem that nobody cares about, and doesn't solve the one that actually matters, which is to successfully make and distribute good software to users.

Someone shouldn't have to add the the fine print line "Assume I am talking about things that matter, instead of things that don't" to every statement or opinion that they have.

It didn’t take my kids long to learn how to run unsigned binaries, and neither of them are developers.

I've walked a couple hundred customers (American small business owners) through installing an unsigned MacOS application.There was plenty of friction for enough of them to cause us onboarding problems and for us to invest in doing it the Apple way.

A lot of it introduced from 2017 onwards and I think now it says something akin to "this application will hack your computer and is a virus" and you need to click the smaller hidden "ignore"s a few times to do what you want.

An actual customer won’t like it when you tell them they have to turn off or bypass a security feature to run your software. Not when other software doesn’t need it.

How about "actual users" rather than "actual customers?" We should not normalize this because it eats away at free software. It is totally unreasonable to have to pay the operating system's manufacturer in order for person A to simply distribute software to person B, outside of manufacturer's infrastructure. The manufacturer has nothing to do with that distribution, and has no business "warning" the user about this software.

As much as I hate to submit to Apple having to Notarized my software, I have to admit that it’s a useful measure to detect and prevent malware. The end user is protected by Apple’s “Good Housekeeping” seal of approval.

Funny, I've never once in all my days installed malware from a Linux package manager, and this "seal of approval" doesn't cost me or the developer any money at all.

If you want to justify rent-seeking because it helps you pay for your lifestyle, come out and say so in the first place instead of pretending it's for the benefit of your users. But claiming that Linux is a "hobby" on HN is essentially trolling.

You don’t have to pay to do that on MacOS, they can bypass the warning saying it’s unsigned and that the developer can’t be positively identified.

Apple should really provide free codesigning for free/open source software.

(almost) everyone has an SSL certificate for the web. An OS could check if software is signed with one. And maybe display a warning for only domain validation.

What does software being signed signify? Does it mean it's vetted? Can a malware author pay the $X and have their malware signed?

No, Apple will detect and suppress malware as part of the vetting process.

Ah, so they do vet? I didn't realize, thanks.

This is something that definitely chafes. Even in a large-company enterprise environment, so many worthy & legitimate projects never end up shipping due to financial or office-politics reasons. Putting up paywalls between devs and their work that they to spend both time and money on is bloody stupid.

yet. everyone knows kids are good with getting around restrictions on computers, whether put there by their parents or otherwise.

kids will learn just about anything with the right motivation. adults who you are trying to get to pay you to use your software on the other hand...

well as someone who runs a few unsigned binaries myself. Its not hard if you know what to do but apple makes a big deal about how its "unsafe" and this freaks non tech people out.

Yes, but your kids have a technical parent, so chances are they both have significantly above-average intelligence.

I should've said 'techie' parent. I assume most people knew what I meant.

I answer a support line for users at my institution installing an unsigned application and almost every MacOS support call is because the unsigned app option is only shown in a normally hidden system setting.

That statement is just not true. We don't sign our software and we never had that happen with any customer. It neither happened to any unsigned software on any of my own machines, in spite of running Defender on them.

Nah, much more common that "SmartScreen" will assume they're malware and throw up a big warning prompt (which the user will say "can't be bypassed" because they didn't click "More info").

Nope. Or at least, never happened to me. This comment section is starting to read like a "Bad Times" virus warning

https://web.archive.org/web/20060925013545/http://www.making...

And having re-read "Bad Times" for the first time in years, the "screw-up your VHS tracking" is a testament to its age.

"...translate your documents into Swahili, make your TV record Gigli, neuter your pets and give your laundry static cling."

https://www.youtube.com/watch?v=zvfD5rnkTws

Seriously, though, I've had the Windows Defender thing happen to freshly compiled binaries I made. The only way to prevent it from happening is to sign your binaries, or submit them individually to Microsoft using your Microsoft account for malware analysis.

It flagged the binary as being some sort of trojan (which name I looked up and found that it was a Windows Defender designation for "I don't know the provenance of this binary so I'm going to assume it's bad") and quarantined it.

There are a bunch of words around the button. If you read them, they make you not want to press the button.

If it is a company laptop, it can be impossible (unless you sort of hack it to circumvent the security settings they put).

It's often not just one button. It's a button, then opening the settings, manually navigating to the right section, clicking Open Anyway and then entering your password.

On macOS? One button?