Probably no so related but your comment remembered me some friends sentence, something like: "end-users don't mind about the technical aspects they just want something that works".
This is an ad-hoc claim and not necessarily true, I know. But turns out that this sentence is trivial nowadays with this such of big impact of technology in people's lives. So users are not foolish, they are every day more aware about software in general. They know what they want and can give you the value that your software deserves so just let's start to tell them more about Linux.
FYI: The original title of the post is "The Gates to Hell: Apples Notarizing" evidencing the frustration involved with the notarization process and which now was relativised to just "Apple’s Notarizing".
For macOS (which is what we're talking about in a topic about notarization), you can sell your software any way you want outside of the App Store, without the 30% cut. There's still a $100/year developer account fee to be able to notarize new builds of your app.
This is not iOS where the App Store is the only way to install an app.
This comment is not an endorsement of any aspect of Apple's business model, I'm just correcting a factual error in your comment.
That is correct, but that is a special discount program you have to apply for, wait for judgement, and get approved for in advance. It's not the default.
It was a great step forward, but I don't understand why they made it so complicated with an approval process, when Google did the same thing afterwards and could just say "the first million dollars a year is 15%, after that it's 30%".
The total revenue difference for the different companies is probably negligible.
(or... outside of the App Store you can sign up for a PayPal account and accept payments at a 3% rate instantly)
They review applications because they want to make sure big developers with many apps aren't dividing their apps across lots of different developer accounts so as to get around the total sales cap. (The application form asks questions about other accounts you have, related businesses etc.)
If you are a small dev with just one developer account, you'll sail through the applicaton process.
The cheapest base code signing certificate will be via a Sectigo (formerly Comodo, although they allow resellers to advertise either brand) reseller. I'm not affiliated with this site beyond being a customer, but the website 'codesigncert.com' is the absolute cheapest i've found for Windows signing (EV 3 years: $219/yr [0] / regular 3 years: $59/yr [1]).
Note that this landscape might change in the future. Microsoft is working on Azure Code Signing, which will mean Microsoft themselves manages issuing the certificate, doing the identity verification, etc - the only catch being that they probably don't want to have to deal with any lost keys or improperly stored keys, so they don't let you generate your own cert and you can only sign certs via the API or other integrations. All of this info is available via this talk [2] and it's the only public information available on this service that i've found.
Wasn't for me. That site's renew button simply starts an order for a new one (as renewal is really just replacing with a new, extended certificate) and sectigo themselves re-did all the company verification, after which my cert was issued. Went smoothly except for waiting ~24 hours for it. If you were trying to get an EV certificate, the process is supposed to be more strenuous on making you prove your operation (sometimes) as well as prove that your certificate infrastructure is secure enough.
Not everyone has the same difficulties the author did.
XCode notarization does work for many developers, perhaps even the majority! It is a fragile process, though, and the author is not the only one for whom it fails.
If unikernel offers excellent performance, faster boot times, throughput and memory consumption. I'm curious what are the benefits of VMM (Firecracker) in contrast to unikernel?
Are not those two comparable?
You can think of the VMM as the toolstack that executes the moment you send a command to start a VM up. Once it's done it hands over execution to the actual VM (i.e., the OS within the VM). Thus the total boot time is the sum of the VMM plus the actual VM boot time. In the past, both of these took a long time. With the advent of unikernels, which can boot in as little as a few milliseconds, the focus has also been on reducing VMM time.
1) VMs have hardware backed isolation - containers do not.
2) Containers share the guest kernel. To elaborate many/most container users are already deployed on top of vms to begin with - even those in private cloud/private datacenters such as openstack will deploy on top since there is so much more existing software to manage them at scale.
3) Platforms like k8s extend the attack surface beyond one server. If you break out
of a container you potentially have access to everything across the cluster (eg: many servers) vs breaking into a vm you just have the vm itself. While you might be inside a privileged network and you might get lucky by finding some db creds or something inside a conf file generally speaking you have more work ahead of you to own more hosts.
4) While there are vm escapes they are incredibly rare compared to container breakouts. Put it this way - the entire public cloud is built on virtual machines. If vm escapes were as prevalent as container escapes no one would be using AWS at all.
I agree, an argument for 4 is the fact that the hypervisor attack surface can be scaled up and down by adding/removing virtual devices. There is only a little set that stays permanently, like 30+ hypercalls on Xen. Overall compared to a standard OS interface (Linux has in the range of 350+ syscalls) this is still very little. The Solo5 VMM project tried even out another extreme by reducing the hypercalls to less than 10 if I remember correctly.
> the entire public cloud is built on virtual machines
Some cloud providers will trust containers to isolate different customers' code running on a shared kernel, but it's not the norm. I think Heroku might be one such. There's at least one other provider too, but frustratingly I'm unable to recall the name edit found it, it was Joyent, who offer smartOS Zones. [0]
I got stuck with exactly that use case today and trying to figure out how I can enter directly to my dir without typing it again. Bash is no so neat at completions like Fish for example. However !$ does the thing and keeps my fingers healthy.
But in current conditions, sadly this trash will continue to harm our children if parents as well as those big tech companies don't tackle the problem seriously. It's sad that even they promote or allow it directly or indirectly.
Fortunately there are parents aware about this flagellum and it's harmful impact in the society, specially in our young people. And they don't allow that this happens to their children.
Probably no so related but your comment remembered me some friends sentence, something like: "end-users don't mind about the technical aspects they just want something that works".
This is an ad-hoc claim and not necessarily true, I know. But turns out that this sentence is trivial nowadays with this such of big impact of technology in people's lives. So users are not foolish, they are every day more aware about software in general. They know what they want and can give you the value that your software deserves so just let's start to tell them more about Linux.