Recently I challenged myself to learn more about USB, HID devices and kernel development, so I partially reverse engineered and wrote a driver for the Xbox One controller. This is great and all, but it needs to be signed for people to use it without lowering a level of defense. Turns out you don't just need to be an Apple Developer, you also need to make a special request and regenerate your certificate, which needs to have a special extension, else it'll be rejected by the kernel signing system. Not the least worried I pony up 99€ (not a dev), submit a request, and an automated mail tells me I'll have a reply under 7-10 business days. So I wait 2 months, and, slightly worried since I have no reply yet, I submit again. That was 13 days ago[0].
I used to think that GateKeeper was great technology and that things will be okay. Now I have doubts: does Apple really care about its developers? How long before the kext-dev-mode boot arg disappears and kernel space becomes inaccessible to mortals?
Yes, of course, or you wouldn't have the ability to do it at all. But Apple cares more about it's users and the experiences they users have, and things like GateKeeper help them sell users on a safer, walled experience. As an Apple developer (in that I've paid for a license, not Apple-employed) with parents and a grandparent who have a Mac, I much prefer simply telling them to only install stuff from the App Store and not worrying about downloading and running anything from the general Internet.
I think it's not just that the dev backdoors will go away, I think the whole OS is going away. It's pretty obvious to me that in the long run only iOS will remain. It makes zero sense to keep two semi incompatible operating systems around, and it's just the sort of radical move apple would do. Yes, there are a gazillion reasons to keep OS X around, but knowing apple none of them will matter enough.
I believe this is similar to Microsoft's driver model, where at the end of the day, they decide what's signed or not and thus what can hook into the kernel.
Recently I challenged myself to learn more about USB, HID devices and kernel development, so I partially reverse engineered and wrote a driver for the Xbox One controller. This is great and all, but it needs to be signed for people to use it without lowering a level of defense. Turns out you don't just need to be an Apple Developer, you also need to make a special request and regenerate your certificate, which needs to have a special extension, else it'll be rejected by the kernel signing system. Not the least worried I pony up 99€ (not a dev), submit a request, and an automated mail tells me I'll have a reply under 7-10 business days. So I wait 2 months, and, slightly worried since I have no reply yet, I submit again. That was 13 days ago[0].
I used to think that GateKeeper was great technology and that things will be okay. Now I have doubts: does Apple really care about its developers? How long before the kext-dev-mode boot arg disappears and kernel space becomes inaccessible to mortals?
[0]: https://github.com/lloeki/xbox_one_controller/issues/2