Wednesday, December 11, 2013

My Mac Lied To Me

My daughter, explaining why she was reluctant to upgrade her OS if not necessary, complained that a previous upgrade resulted in the computer reporting a program as damaged when the only thing wrong with it was that it was not from the Apple Store or an identified developer. A web search for the text of the message eventually provided her the explanation—to run the program she had to change her security settings to permit applications downloaded from anywhere to run. Prior to upgrading the system (to OSX 10.8.5) the program had run with no message, so she concluded that the upgrade had either added a new "feature" or altered the security setting without telling her it was doing so.

My initial reaction was skepticism. While I could understand Apple warning a user against a program not from a trusted source, describing such a program as damaged is a lie. The appropriate response would be a warning that the current security setting will not allow the program to run because it is not from a trusted source. That would allow a user to decide whether or not to change the security setting. The result of reporting the program as damaged could well be to cause the user to waste quite a lot of time trying to locate an undamaged copy.

I have now checked her report, and it was correct. My desktop is also running 10.8.5. I set my Security & Privacy settings to "Allow applications downloaded from Mac App Store and identified developers." I went to the site for maptool, the program with which she had encountered the problem, and downloaded maptool-1.3.b89.dmg. When I double clicked on the maptool program on the disk image, I got a message:

"MapTool-1.3.b89" is damaged and can't be opened. You should eject the disk image."

I then reset my security settings to "Allow applications downloaded from: Anywhere" and double clicked on the program. I got a warning that it had been downloaded from the internet, clicked the "open" button, and it opened.

Apple is in fact deliberately lying to its users.

28 comments:

Perry E. Metzger said...

Not necessarily! The digital signature in the .dmg will only be checked if you have turned on the security settings. The signature may also be bad, and thus, if the setting is on, it is checked and registers that the bundle is damaged or that the digital signature was at least improper, but if it is off, it won't check the signature and doesn't notice the damage.

Douglas Knight said...

David Friedman is in fact deliberately lying to his readers.

Daublin said...

It's probably more, the software happens to lie, and Apple hasn't bothered to fix it. Granted, with such an inaccurate error message, they really should have fixed it.

In more detail, a software installation is much like a snapshot of an economy frozen in time. There are a zillion small components that have been developed selected. Just like firms fail and are replaced, Apple removes and adds software components over time.

Just like firms out-source their work, so do software components. In this case, the dmg-opener is almost certainly out-sourcing to the signature-checker. The signature checker fails, but the dmg-opener probably has no way to report this back to its caller--it only gets to either do its work, or say generically that it failed.

At some point in history, the "is damaged" description was the only reason that the dmg-opener would fail. However, the dmg-opener has grown to have new creative ways to fail, so the "is damaged" is now sometimes incorrect.

Power Child said...

I had this exact same thing happen to me with two other programs when I got my new Mac at work.

I find this baffling. My assumption is that Apple's goal is to protect users from making bad choices--a good goal. But if that's the goal, the solution should consist of providing users with more information and better (sometimes, fewer) options, not displaying false error messages designed to confuse and mislead.

FutureNerd said...

Apple messages usually aren't this lame. What this can be is a bug. The new security level wasn't tested against cases like this. The code calls a routine to check the dmg, the routine says it failed, and the programmer assumed that meant the dmg is damaged. dmgs with bad certificates may be a rare case that the Apple people hadn't seen up to that point.

Matthew said...

It's nothing compared to the time where an update to iOS nearly bricked my phone

Rebecca Friedman said...

Except the darn thing runs fine - if I make Apple let me run it. And had been running fine for quite a while before that. It wasn't broken. If they meant the digital signature had problems, but it is perfectly capable for it to have problems and yet the program to run fine, then they should say the problem is with the digital signature - not with the program.

And "can't" be opened? Oh yes it can be. They won't let me open it, but disable the security setting and it can be opened just fine. So yes. That was a lie.

- Rebecca Friedman, Who Wasted Hours She Didn't Have Trying To Get An Undamaged Version, And May Therefore Be A Little Sharper About The Issue Than She Ought.

Unknown said...

dont do 10.9 just yet. I get scrambled graphic regulary.

Anonymous said...

We need to teach Mr. Friedman some Newspeak. Apple isn't "lying" to its users, it's "protecting" them.

Tibor said...

Why not use Linux instead? :) I gather that OsX is probably better than Windows but it seems to me that for example Ubuntu, which I use, is even better. There are problems with games, true, although this seems to be getting better as Valve is starting a Linux based platform and an increasing number of games are originally developed for linux also.

But I may be biased. One thing I don't like about apple is that they provide portable devices that are functional but try to minimize user's tinkering with the device or the system...and Linux of course, goes the exact opposite way (but I should also add I am not a good programmer and definitely don't understand the linux kernel very much...still, I can change a lot with a bit of help from the internet). Also, its software restrictions are annoying...that applies mainly to iPods. I used to have a Creative Zen harddrive mp3 player before iPod, but sadly, with my quite specific demands of no touch screen and a large hard drive, the only possible mp3 player is iPod classic for me...which I have, but I erased the firmware and replaced it with an open source alternative that allows me to play .ogg files for example and also allows for much more customization. Still, changing the battery or the hard drive (which I had to do, as mine is damaged) is a cumbersome project, you basically need to do it with two knives and are likely to damage the case in the process. Clearly, they don't want the users to do these things for themselves which is a policy that I don't like very much. It could be because I was completing my first computer on my own when I was six years old, since my father runs a remanufactured computers store and tinkering with the hardware is kind of ordinary activity for me, whereas most users probably don't want to touch the device's guts. And apart from that, because Apple has such a restrictive policy, it also allows it to make sure everything is compatible with everything and runs well without too much interference - which can be a good trait even for people who otherwise are advanced users, but simply want something that works with minimal effort of setting it up and they don't really want to customize much.

EH said...

I assume the somewhat moralistic tone at something which is, as futurenerd notes, an easily imagined bug, is somewhat facetious.

Not that there isn't something to hold against apple here though. Things like these are unintended but all too predictable consequences of the whole top-down approach to personal computers that apple represents.

That business model has proven itself quite well versus the median computer user, but god forbid you have your own opinions on which programs should run on your computer, using what settings. I think windows gets the balance right here. You don't have to compile your own programs, as with Linux; but you could, if you wanted to.

Power Child said...

My first project at my new (current) job in software development consulting was to read and create a presentation on Apple's development best practices for iOS, comparing them with the best practices for Droid. In more than a few places, both sets of guidelines emphasize stuff like "Don't just tell the user there's a problem--provide actionable ways to solve the problem, or if it's something that can be automated, then automate it and give the user a brief report on what was done."

I don't believe there's a big gap between Apple's iOS department and the regular OS department. Surely those guys talk to each other.

So, again, I'm baffled.

Power Child said...
This comment has been removed by the author.
Power Child said...

Sorry to overpost, but thinking about it even more, this dishonest error message violates numerous established software usability heuristics. This is true whether the dishonesty is deliberate--Apple trying to discourage people from wandering off their app store reservation--or accidental--a coding oversight or something like that.

Brandon Berg said...

I'd bet good money that FutureNerd's explanation is correct. This is speculative, of course, but if I had to guess, I'd say that the code that loads programs makes a call to a routine that checks the .dmg, and then prints this error message if the check reports a problem. Up until now, this worked fine because the only thing that could cause the check to fail was a damaged disk image. Then they may have modified the dmg check to
implement security checks, and then assumed that the code that called it and reported the error needed no additional work.

Again, all speculative, but this is an explanation I find eminently plausible in light of my own experience in software development. Programmers tend to put very little thought into error messages, and I can definitely see someone saying, "It's supposed to reject it and it does. All done!" Automated tests often don't even look at error messages.

That said, I am surprised that no human testers caught this.

Power Child said...

@Brandon Berg:

Doesn't Apple have UX people as well as programmers?

Anonymous said...

I tend to agree with the Friedmans on this. While it could certainly be a bug or an over sight on Apple's part, it seems like this is likely to be a common scenario that would have been caught with any reasonable amount of QA testing.

I've always been anti-Apple because of their attempts to lock you into their ecosystem, though most companies are guilty of this nowadays.

Telling someone that something you didn't buy from their store, where they get a cut of the profit, is damaged certainly sounds like an attempt to deter you from buying from outside sources. There seems to be no good reason not to give a warning that tells what the real issue is.

The move to app stores we've seen with the move to mobiles is making vendor lock in more and more of a problem.

Tibor said...

EH: What was the last time you used Linux? Linux of today (some distributions) is far more user-friendly and low bar than it used to be, say, 10 years ago. In some respects, it is simpler than Windows.

For example, in Ubuntu, the programs that are in the repository are easily installed either by a simple command in the terminal or even through a GUI program that comes with the installation...and installation of Ubuntu is as simple as it gets, again you just follow a GUI like when you install windows (nowadays anyway, I still remember doing a good deal of it through the command line back in 95 or so...of course, my father taught me what the commands do, I just learned to read back then and the only english words I knew were from computer games and windows menus). Plus there is no licence number :)

Also, you can try ubuntu (and probably other distributions also) on your windows (I am not sure about Mac OsX, but perhaps even there) PC and see how you like it. You just need an empty DVD or a usb stick you then just boot from. And you can have 2 systems on your computer at a time - linux and windows and choose which one to boot each time (by default, you cannot access the linux files through windows, but you can the other way...but it can be made accessible also). I have it like that on my personal computer (my work computer only uses linux), so I can play games that do not support linux (you can also install an application called wine which emulates windows environment, but it does not work with all games and even if it did I take advantage of the fact that in order to play a game, I have to reboot and put in a password...which is usually good enough to keep me from spending too much time playing games.

Power Child said...

@Tibor Mach:

Repository? Command? Terminal?

These are not user-friendly terms (at least, not to average users). Does Linux substitute a more accessible vocabulary?

Tibor said...

Power Child:

OK, so you install Ubuntu and on the sidebar to the left there is a icon called "software centre for ubuntu". You click on that and then a window pops up with a search bar where you can put your query...the program or functions you demand. It shows a list of programs it found. you just click on one and press install. It installs it automatically. Not all programs can be found that way (mostly only those that are in the repository, that is why I used that term), but you can install those that can really easily.

You can forget that there is a terminal (which is the same as the command line in windows, essentially...although you can do much more with it) and just use this GUI.

It is true, that linux (or maybe all unix, but I am not sure about that, maybe mac OsX does, I have never actually tried it) environments do not support binary executables the way windows do. And programs that are not in the repository are harder to install that is also true. Generally though, linux (those distributions that are meant to such as ubuntu or linux mint) has gone a long way towards user friendly interface.

Patri Friedman said...

bug or not, the move towards restricting to "authorized" applications (ie apple gets a cut bc they are distributed through their app store) is creepy and bad for users. Sure, you can turn it off on OS X now, but you have to root your iphone to do it, how long until we have to root our macbooks to install free, open source software?

for the last decade+, with os x, i've felt like i got the power of linux and the beauty of apple,but actions like this poison that beauty.

Richard Ober Hammer said...

Apple is not alone. As a user of Microsoft Windows, I have often seen error messages which are misleading or wrong. Error messages should be more truthful and helpful. But I have the impression that this norm has never risen to a high priority in the software industry as a whole.

As a writer of software and error messages, I've been instructed by my supervisor to rewrite my messages, to make the messages support the agenda of the software department, rather than to give direct and helpful information to the user. So office politics can get involved.

Furthermore, the low-level part of a program that detects and reports an error is often a service that will be called in many different user circumstances. As such the programmer of that code can guess only poorly what the user may have been doing when error stopped progress at that low level. Ideally, this guess should be reworded in higher-level error processing. But again, the industry has not placed a high priority on helpful error messages, yet.

Tibor said...

Patri: I would say that today's linux (some of its distributions) can compete with Apple in terms of beauty as well. But this is highly subjective of course.

Tibor said...

Richard: I suspect that most users, when they encounter an error message, don't really try to use to fix the problem themselves but call support or someone more skilled who will do that for them. Of course, that someone would have a use of good error messages. But an effort put into that would probably not help sales all that much, because the end users usually don't really care about what those messages say (apart from the word error) anyway.

Rebecca Friedman said...

Tibor,

I suspect it depends on the message. When the message is as simple as "This application is broken, you can't use it" - I mean, I'm not especially good with computers, but even I try reinstalling under those circumstances. It wasn't broken before, now it is, so it broke, right? And if I reinstall it, it should work, right? Because when I installed it originally it worked...

(Mind. I would not try to fix most problems myself. I would go to more skilled friends for help, albeit I would try to understand as much as possible of what they did so I could do it myself next time. But when the error message is simple enough, or appears to be...)

Tibor said...

Rebecca: Yeah, but from my experience there are still quite a few people around who have trouble with something as simple as reinstalling a program.

You meet a lot of colourful people when you work in a computer store (I used to work in my father's firm part time). I remember one customer who came there and said that his "neighbour knows a lot about these internets". It's true though that these people are also usually not the ones that make the decisions about what OS to use in the first place and usually ask someone to do that for them (unless they are convinced that they in fact do understand it very well...in my experience, female customers are more willing to admit they don't understand it than male ones are).

A little bit off topic but another evergreen in the computer store is "I don't want anything too powerful, I just want it to play games". Which is of course fine as long as the people then come to believe you that you actually need a quite a powerful computer for games and are not convinced that you are trying to cheat them and sell a computer that is more expensive than they need for their purposes.

However, I haven't been in the show for 6 years or so...maybe the situation has improved since then. Most young people under 40 probably have an elementary knowledge about computers today.

Power Child said...

The point of an error message isn't just to inform the user about the problem; it should also provide actionable affordances that allow the user to fix the problem--or else automate that process and inform the user what took place.

These aren't just general UX principles, either. Apple lays them out explicitly in its own developer guidelines.

Anonymous said...

I managed to change the security settings and my Maptool still doesn't work.