Elon Musk, Twitter, Apple's App Store, Gatekeeper, and Keymaster
For the rectification of the Vuldronaii. Computing without restrictions.
Elon's opened Twitter a lot. Not enough to please those who've been burned by the platform or those allergic to Alyssa Milano and the woke, but it makes for excellent reading.
Elon's repatriated Donald Trump and said it was wrong to exclude him. Which of course it was. But Donald has his own platform today, expanding slowly but surely and, above all, surely slowly. Donald won't be back.
So Elon seems to be trying to fill the gap. He's filling people's minds with some oftentimes genuine gems in Donald style. And he won't run out of ammunition soon either, as the Hollywood woke will continue to make great targets.
Latest is the rumour that Apple might stop running Twitter's app through their App Store. Fine, says Elon, then we'll make our own phone. John Gruber, Mr Woke himself, immediately eviscerates all those who he thinks misinterpret Elon and simultaneously adds a gem of his own, claiming that what Elon really meant to say (without actually saying it) is that Elon would make his own App Store.
Just remember: Gruber's been caught out time and again for being a complete arse, to the extent that even the New York Yankees are preparing a statement.
In immediate juxtaposition to Elon's latest notorious tweet is a claim that Apple take a 30% commission on everything passing through their App Store.
Gosh, say some, can that really be true?
For a bit of perspective. Online software sales, dating back through the mists of time to the very first online software outlet ever, SWREG, take a traditional 10% cut. Ten percent. There can be a 'service charge' to compensate for low unit costs, but that's a dollar or two and no big deal. Ten percent. That's it. Industry standard, and has been so for decades. Ten percent.
Along comes Apple. Steve Jobs liked to make gadgets, Tim Cook likes to make money. Tim's very good with his clients - he's been very good with us personally - as long as they keep pouring in the money. Cook wants more and more money. Cook's idea of the 30% cut is demonic genius.
Note that Apple will never say '30%'. What they literally say is 'you as the software vendor get to keep 70% of your own money!!1!' Yes they literally say that. And nothing else. And all those Apple fanboys jump for joy. (Apple fanboys are the unknown ancestors to today's woke, in case you didn't know.)
So what if you don't want to sell your software through Apple's App Store? Good luck. Put it online. See what that gets you.
If it's an iPhone app, it won't work. Why not? Because, to run, your app must have Apple's own cryptographic seal. This seal is provided through what's known as a 'root certificate'. Those are hard to get and things can get expensive. Using seals like that also means that your software must necessarily connect to Apple's computer servers in realtime just to run.
(Remember years ago when Apple had this big rollout and the Appleverse stood still? Only Rixstep's software - our software - still ran. Everybody else's computers were BRICKED! Those bozos at Panic were in a panic, literally, as but one example: They couldn't figure out what was going on. Apple's servers were busy, is what was going on.)
So getting into all that cryptographic stuff does have a few shortcomings. Too many shortcomings that are too big for reasonable minds, but Cook saw the dollar signs. It's estimated that, today, Apple can pick up an easy 60, 80, or why not 100 billion per annum in US greenbacks just for letting your software pass through their digital fingers! Kim Dotcom never had it so lucrative. 100 billion. Think about it.
So you finish your whiz-bang Blinkenlights app, send it to Apple. Apple slaps their root certificate seal on it, and then you can sell it through their App Store. And if it's an iPhone app, it has to have that seal anyway, no matter what. Why? Because Apple invented the platform and can thereby make the rules.
But they can't do the same thing for computers, although they'd like you to believe so.
Apple's PC platform is legacy Unix by way of NeXTSTEP which is modified FreeBSD. That's open source for the most part. That software's been around for a long time, longer than Apple actually. So no, they can't botch things up there.
But they'll try! You know they'll try!
For if you want to sell your PC (Mac) software through their App Store (they want you to) then you need to submit it the same way, PAY $100 UP FRONT PER ANNUM just for the privilege of being able to submit an app, and then you can get the coveted cryptographic seal.
Which is bullshit.
It's bullshit in many ways. It's bullshit because it's ANATHEMA, but also because it's actually a lie. A lie we've been trying to expose for years.
That lie got us here at Rixstep more or less cancelled by Mac media. Cook doesn't want the truth out there. So nothing we write about this will get picked up by websites that get advertising revenues from Apple. (They even tried to harass our payment processors. Yes.)
Awful Truth
Getting at what's really going on under the bonnet (hood) of a Mac system takes some time to understand. We devoted a lot of time to it. We were instinctively against this ridiculous cryptographic seal on software to begin with. Apple tried to sanctimoniously convince people that they weren't safe without it. We knew that was a lie. They went from mocking Windows for being insecure to claiming they themselves were insecure, all for a penny more in profit.
We had to find out what was really going on under the bonnet, what was causing the system to issue all those paranoia-inducing warnings that 'YOUR SYSTEM IS NOT SAFE' or whatever they were tossing your way.
What it boils down to is this. (The system was honed over time. Initially it ran only through Apple's Safari web browser. Later they incorporated it into the low-level code in the system itself. It's still not perfect or complete, but pretty close.)
The idea is to slap a so-called 'extended attribute' on all the files you download. This extended attribute doesn't show up in the file proper, but separately. Apple systems can see it. (We can see it too.) An extended attribute ('XA' for short) has two parts, its name and its data. In the case of this particular extended attribute, the data is of no major importance. It's the name that matters. And that name is:
** QUARANTINE **
Or, more precisely, 'com.apple.quarantine'.
GATEKEEPER
Some people have heard of Apple's Gatekeeper. Not many are sure what it is. What it is not is a single module, a single application, a single program. It's a collection of devious Apple technologies meant to scare the shit out of you and keep you boxed in at their corral.
As soon as you try to launch an app, the system code looks for the 'QUARANTINE' extended attribute. If it finds it, all hell can break loose.
Can things go better if you've obediently paid your $100 to Apple and agreed to pay them 30% if you actually sell anything? Yes. The quarantine XA is still there, but the system's launch services note the seal, they (literally) phone home to Apple to make sure the seal is legit, then your app launches anyway. (With a few restrictions you really don't want - more in a bit perhaps.)
'If only...' was our thought. It's on the download that files pick up that quarantine crap. Is there any way to detect when files are actually being downloaded? Something perhaps like David Cutler's File Change Notifications?
We first discovered a built-in 'Mac' notification that Safari broadcasts on downloads, so that was a start. But it wasn't universal, so it wasn't what we needed.
FSEvents
But, as it turns out, in their zeal to create the perfectly impossible system, Apple had invented something called 'FSEvents', or file system events. This is the failed motor behind Spotlight. Failed because it's not perfect and can get you into a lot of trouble when you least want it.
But the scope of FSEvents far surpasses David Cutler's File Change Notifications, in a way so typical of Apple. When they could have created a feature that's smart and to the point, they instead create something that's 'busy' and a complete mess.
But we don't have to worry about the 'mess' part. All we need to know is when downloads drop on the system. Then we'll kick in our cleaning routines to rid your downloads of those pesky extended attributes before Apple's one hand even knows what the other hand's been doing.
For software running on an Apple computer without the cryptographic seal is presumed to be 'legacy software' and therefore OK to run. No hitches in launching it, no phoning home, Apple won't know what you're doing with your own property anymore, and so forth.
Easy enough.
And that's what we call Keymaster. (We reckoned we'd stay in the Ghostbuster universe. Why not?)
The first version of Keymaster is the free version, included in our free 'Test Drive' download. Links to this download should be all over the site. This free version is called KEYMASTER SOLO.
We then set about making a fully featured version for our professional clients. This version is much more flexible. It's simply called Keymaster.
As you use either version - and feel free to ask questions about use, recommendations for use, etc - you'll learn about the ins and outs and quirks of your Apple desktop toys.
Perhaps you've already tired of Apple and have moved on to a freer form of Unix? Good for you! But we're the resistance here, inside the Apple walled garden, so use us if you need to.