HN Theater @HNTheaterMonth

⬐ rowanG077

The iPad Pro is really my dream machine hardware wise. Thin and light, powerful, beautiful display. Unfortunately I don't think it will ever run Linux. So it a perpetually out of reach dream. Doubly infuriating because it would be technically feasable, especially with Asahi.

⬐ bluedino

I just want to be able to dock it and run it like my MacBook Pro. I just want one device.

⬐ chongli

Why buy one device when you can buy two?

-- Apple

⬐ bluedino

I always owned a 13" and 15" MacBook, because I could never decide which I liked better.

⬐ wil421

I can’t help myself and get caught being an Apple fanboy from time to time. Screw Apple for being this way, I just want a multi-user experience on an iPad so my kids and I have different apps on login. Nope, buy two iPads.

⬐ andy_ppp

It would be so great to be able to install full MacOS… I really wish it was an option for advanced users like many of us here.

⬐ alden5

it's infuriating knowing that my ipad is faster than my mac as one of the gpu cores is binned on my mac and yet ill never be able to use the ipad's extra performance, with the locked bootloader it's essentially doomed to become ewaste when apple stops supporting it and the app store stops working as older ios versions are almost completely unsupported by almost all apps, meanwhile when my m1 air stops getting updates i can just switch to something like asahi :/

⬐ p1necone

I wonder how much of the work on getting it to run on M1 macbooks is transferable to the iPad Pro (which also uses the M1 chip).

⬐ rowanG077

Probably all of it. There are some special things like the touch screen but the architecture is mostly the same. The hard part is cracking the bootloader. Which afaik hasn't happened for any modern ipad.

⬐ nicoburns

Quite a bit I would have thought. The GPU at least will be identical.

⬐ monocasa

You'd need an exploit as the bootloader isn't opened.

⬐ smoldesu

Gods be good, and consumer-rights legislation be swift...

⬐ nicoburns

I wonder if Apple might one day open this. They’ve solved the technical problem of doing this without compromising security on the M1 MacBooks, so there’s really no reason not to.

⬐ oneplane

It's more a policy issue than a technical issue. But security-wise, malware on macOS is definitely not a solved problem. There are very real differences between the pervasiveness of iOS (and iPadOS) exploits and on macOS.

As for reasoning: anything that costs money to do but doesn't get you any money in return is a reason not to do it. This can obviously be a direct effect or side effect:

- If it is easy to run iPad apps on an iPad without paying for them, an entire sales channel is going to make a whole lot less (this isn't as much about the availability of free apps, but about the single pipeline for end-users)

- If someone at Apple needs to work on supporting boot loader selection menus and recovery modes etc. that's someone who needs to get paid, and it's going to take a whole lot of iPad sales to cover that expense; when looking at other devices and markets, most of their life they run whatever software they came with and get trashed with that same software and replaced; no post-market OS involved

- Perspective; some people might feel like their status symbolism is attacked if a device gets additional users, even if very few, that don't match their perceived user base

- Legal might want to try and make the devices keep their appliance-like status, instead of turning them into general purpose computing devices; this is pretty similar to consoles and stuff like network equipment; most of them are general purpose computers with some job-specific add ons, you could run all sort of deviating tasks on them

The only reason I might find reasonable is the end-user tunnel vision. As soon as a device gets some form of multiple personality disorder that makes a lot of things harder for everyone on the supporting side (including that family member that everyone always asks for help with their computer gets a BSOD, but also the helpdesk, in-store support, documentation etc.). It's also pretty easy to socially engineer someone into compromising their own devices, and that is a bad thing with bad results. We can't expect everyone to be capable and able to make informed decisions and know how their stuff works. A jailed experience on an appliance-like device yields far better results in that scenario.

Ironically, this also puts a very big additional load on apple to get this 'as right as possible' when all the tools they sell must work consistently, all day, every day. For the end user, but also for business use. If some special function needs to be made available, and Apple is the only one who can enable that, they will feel that heat if it's something requested or standardised often enough. Take CAC support; if there is a sector that simply won't be able to use the product without it, Apple will have to make a choice; implement it and make money from significant sales, or don't, and miss all those sales.

⬐ barkingcat

Nope. It's not a technical issue.

Apple will never open up the ipad because that's not what it's for. It's for media consumption and running paid apps via the app store.

Apple has no use for an ipad that is open - the pure purpose for that device is to buy/download/install apps and media via itunes/music app, app store, and partner applications (locked down so all purchases must go through the apple app store)

If you want an ipad that is open, buy a macbook air.

⬐ p1necone

The twofaced advertising really bothers me - they promote the iPad pro as if it's a "pro" laptop/desktop replacement, but it's clearly just designed for the same use cases as any other iPad/Android tablet.

⬐ olliej

That’s entirely dependent on what “pro” you’re talking about. I suspect many professional artists don’t need the stuff that a MacBook has (ie macos) but like having a low latency touchscreen and stylus. Similarly I suspect most professional software developers don’t need a touchscreen (or accompanying stylus).

You can say that you think these should be a single device, but saying that because they’re not invalidates the “pro” claim because neither device can do everything isn’t reasonable.

For example, many pro designers could probably say the MacBook “pro” is not pro as it doesn’t have a low latency touch screen. Or that some behemoth PC is not a professional workstation because it doesn’t have said touchscreen.

Hopefully that alternative view helps demonstrate why you’re “it’s not pro” claim isn’t really valid.

This is of course also ignoring the generically vague definition of what “pro” even means.

⬐ musictubes

Music making on the iPad is amazing. Now you can use the same VST on the iPad and Mac (Apple Silicon). Moog just re-released their Minimoog app for both. The iPad Pro is certainly capable of professional music work, at least for performance.

⬐ jmmcd

What app are you using for that? I was surprised to see Logic isn't available on iPad.

⬐ nkingsy

But I play buttery smooth COD mobile on an M1 iPad while waiting for builds, so thats more or less professional.

⬐ dagmx

“Pro” really depends on what market you’re speaking to which is where your comparison falls apart.

Large, HDR and color accurate screen is very important to a lot of content creators for example, and coupled with the Apple Pencil+apps like procreate or shapr3d, there’s a significant number of professionals who make use of the hardware that the Pro offers that other tablets or devices in the iPad range cannot.

Yes the Air has the pencil but not the screen, while the regular iPad has the older pencil which is significantly behind the current gen.

⬐ GeekyBear

> Apple will never open up the ipad because that's not what it's for. It's for media consumption and running paid apps via the app store.

The limitation is that you can't execute code you download off of random sites on the internet. The amount of Android malware that relies on the ability to download random code and execute it is massive.

>One of the keys to Joker’s success is its roundabout way of attack. The apps are knockoffs of legitimate apps and, when downloaded from Play or a different market, contain no malicious code other than a “dropper.” After a delay of hours or even days, the dropper, which is heavily obfuscated and contains just a few lines of code, downloads a malicious component and drops it into the app

https://arstechnica.com/information-technology/2020/09/joker...

As they mention, this family of Android malware has been around forever, yet it still shows up regularly in the Play Store.

>Known as Joker, this family of malicious apps has been attacking Android users since late 2016 and more recently has become one of the most common Android threats.

⬐ smoldesu

On the iPad, you don't even need the App Store as a vector to install malware. As long as your iCloud account is syncing iMessage, you're susceptible to the same exploit chains that Pegasus used months ago (and presumably future encoder bugs, despite Apple's sandboxing efforts).

Using malware as an excuse to stop sideloading is a scare tactic. It's this generation's terrorism scare, but malware still grips both systems all the same. Apple can keep their current defaults, but being forced to jump through a bajillion hoops just to install gimped software is a disservice to the iPad as a device. Even Microsoft is willing to let you run Linux on their tablets.

All of this is not to say that Apple will unlock the iPad. It's the right thing to do, but since when has Apple erred on the side of customer freedom?

⬐ GeekyBear

>malware still grips both systems all the same

The amount of malware that regularly shows up in the Google Play Store is so large that tech sites have taken to warning users to be careful what they install from inside Google's walled garden.

>With malicious apps infiltrating Play on a regular, often weekly, basis, there’s currently little indication the malicious Android app scourge will be abated. That means it’s up to individual end users to steer clear of apps like Joker. The best advice is to be extremely conservative in the apps that get installed in the first place.

https://arstechnica.com/information-technology/2020/09/joker...

It's not that it's never happened in Apple's App Store, but it's certainly not something that happens on a weekly basis.

As that article points out, an Android apps ability to download code from random locations on the internet, install it and then execute it is a big source of the problem.

⬐ saagarjha

Changing the behavior of an app post-review is possible on both platforms.

⬐ GeekyBear

The issue isn't changing the behavior of the app.

The issue is installing and executing code that wasn't present when the app was reviewed.

⬐ saagarjha

Code is behavior, and behavior is code. There's really no difference in the end when you can ship an interpreter runtime in your app.

⬐ GeekyBear

There seems to be a big enough difference that Ars Technica felt they needed to warn users that they could not trust apps from inside Google's walled garden.

>“Joker is one of the most prominent malware families that continually targets Android devices,” Zscaler researcher Viral Gandhi wrote in last week’s post. “Despite awareness of this particular malware, it keeps finding its way into Google’s official application market by employing changes in its code, execution methods, or payload-retrieving techniques.”

The best advice is to be extremely conservative in the apps that get installed in the first place. A good guiding principle is to choose apps that serve a true purpose and, when possible, choose developers who are known entities. Installed apps that haven’t been used in the past month should be removed unless there’s a good reason to keep them around.

https://arstechnica.com/information-technology/2020/09/joker...

⬐ saagarjha

To be entirely honest I don't really like the chances of people finding what they want on the App Store either, since it's not all that hard to accidentally be mislead into downloading the wrong app, or one that is filled with ads or IAP scams. One large difference from Android is that the [iOS] platform will prevent certain easily-abusable behaviors, which is a genuine point. But "oh my app does something else after it was reviewed" is a problem on both platforms.

⬐ GeekyBear

We aren't talking about attempting to mislead a user. We're talking about apps you download from inside the walled garden that install malware that costs the users real money.

>Once installed, Joker apps secretly subscribe users to pricey subscription services

https://arstechnica.com/information-technology/2020/09/joker...

⬐ saagarjha

The only point I want to make is that downloading code and executing it to perform malicious behavior is a moot point. What is possible on either platform, or currently done, is not something I wanted to address.

⬐ warning26

> They’ve solved the technical problem of doing this without compromising security on the M1 MacBooks, so there’s really no reason not to.

You could say the same thing about sideloading apps and running web-browsers-that-aren't-Safari; both of those are "solved" on the Mac side, but I would bet that unless the EU forces them, Apple will never allow either of those things on iOS.

⬐ joak

Exactly.

Without good ad blockers (ie ublock origin) and other nice extensions (ie I dont mind about cookies) it is hard to browse/search the web efficiently.

For this reason alone an ipad pro is limited in scope.

⬐ nicoburns

I don't think you can. Both of those are security issues on the mac side. I don't think those issues justify locking down iOS devices, but they are security issues. On the other hand, different OS's on Apple Silicon devices are isolated from each other using full disk encryption and the SecureEnclave. Unless there's a hardware exploit, the only thing a linux OS could do to a partition containing an iOS/macOS volume is delete it.

⬐ GeekyBear

> The iPad Pro is really my dream machine hardware wise. Thin and light, powerful, beautiful display. Unfortunately I don't think it will ever run Linux.

You can sideload UTM and run Linux today.

>UTM is an app for running other operating systems on your iPhone or iPad. It is not for running iOS on other systems. This allows you, among other things, to run Windows or Linux on your iOS device at a usable speed.

https://getutm.app/faq/

Sideloading involves having a developer account, either free or paid.

>Sideloading allows you to load unofficial apps on your iOS device. If you have a free Apple account, you must re-sign the app every 7 days. If you have a paid ($99/year) Apple developer account, you must re-sign the app every year.

https://getutm.app/faq/

If you go with using a free developer account, you can use software called AltStore to automate the process of renewing the software every week.

https://altstore.io/

Using AltStore to keep gaming emulator apps signed is mentioned in the video, but if you go with a free developer account you are limited to three sideloaded apps being active on the device at a time, and AltStore would count as one them.

⬐ jbverschoor

I want external display support. And keyboard/mouse (iPhone).

https://www.youtube.com/watch?v=UgyoEKfqZiw

Then I would be happy with just an iPad and a magic keyboard for the majority of things I do.

⬐ rowanG077

They have a very different definition of usable then me. Since virtualization doesn't work it's painfully slow.

⬐ easton

UTM on iOS doesn’t have access to the virtualization extensions on the M1 chip (you need a private entitlement, ergo, a jailbreak). Without them, VMs will be painfully slow.

⬐ dwaite

My understanding was that hardware virtualization extensions are turned off in firmware at boot time. I don't know if private entitlements or jailbreaks would be enough.

⬐ saagarjha

They’re not. An entitlement is enough.

⬐ GeekyBear

>Because iOS devices lack hardware virtualization support, we cannot use the KVM accelerator and instead use the TCG accelerator which does dynamic code translation and JIT compilation. UTM also includes a SPICE client written for Metal. This connects with the SPICE server in qemu and allows for some para-virtualization as the QXL graphics driver running on the guest OS can send low-level draw commands directly to Metal APIs.

https://getutm.app/faq/

⬐ saagarjha

This is no longer true, M1 and A14 introduce hardware virtualization support.

⬐ GeekyBear

As the grandparent mentioned, the native virtualization framework requires an entitlement that Apple will not grant, however, the next version of UTM seems to have found at least a temporary way around this.

TrollStore:

>Jailed iOS app that can install IPAs permanently with arbitrary entitlements and root helpers because it trolls Apple

https://github.com/opa334/TrollStore

UTM v4.0.7 (RC2) release notes:

>(iOS) QEMU Virtualization for M1 iPad. With the release of TrollStore, you can now enable Hypervisor on iOS. Note that only M1 hardware and kernel have support for Hypervisor. iOS 14.4.2-14.5.1 is supported only on M1 iPad Pro jailbroken with fugu14/unc0ver. iOS 14.0-15.5b4 is supported on any M1 iPad running TrollStore.

https://github.com/utmapp/UTM/releases

Otherwise, UTM has their own built in virtualization framework with JIT.

⬐ MuffinFlavored

> NOTE: TrollStore will NEVER work on anything higher than iOS 15.5 beta 4 (No not on iOS 15.5, not on iOS 15.6 and certainly not on iOS 16.x), please stop asking!

⬐ smoldesu

The state of sideloading on iOS is healthy as ever, I see.

⬐ wronglebowski

This is so great in theory, too bad if you can only install these via the AltStore and if you’re away from your Mac for 7 days the AltStore and all those apps stop working.

⬐ MuffinFlavored

There's no way to accept a developer's certificate and not have to give them your device UUID to install non-app store apps other than AltStore, right?

⬐ wronglebowski

If it's open source you can compile and install from Xcode I believe but the 7 day limit still exists.

⬐ GeekyBear

Personally, I don't feel like "your device has to connect to the same wifi network as your computer once a week" is going to be a problem for the vast majority of people.

However, if you can't possibly live with that 7 day limitation, you can upgrade to a paid developer account, and only have to resign apps once a year.

⬐ AnnoyedComment

None

⬐ wronglebowski

I just think it’s ridiculous to have to pay a 100$ a year subscription to run whatever code I want on the devices I own.

⬐ GeekyBear

Then live with the limitation of using a free developer account and having AltStore automate the seven day renewal process.

⬐ haswell

This is obviously the only option, but also sidesteps the point.

The point being that I am not allowed to run code on a piece of hardware that I purchased and own.

Yes, that’s the cost of buying into the Apple ecosystem. The point is that ecosystem is hostile to developers and tinkerers.

(Not OP, but I share their sentiment).

⬐ GeekyBear

> This is obviously the only option

Well, no.

The free option is to install AltStore on your computer, and when your device connects to the same wifi network as your computer, the renewal process will be automated for you.

For the vast majority of people, getting home at least once a week is a given.

If you travel for work, I imagine your laptop goes with you.

⬐ haswell

> Well, no.

> The free option is to install AltStore...

I'm confused. You've just re-stated what you already said. When I said "only option", I was referring to the fact that the only way to run my own code without spending $100/year is to jump through hoops that still result in scenarios where I can't travel without bringing my dev laptop with me (which is generally not the computer I travel with).

> If you travel for work, I imagine your laptop goes with you.

And if you're writing iOS/iPadOS code on a work laptop, presumably you've got a developer certificate.

But again, this misses the point.

That point being that I, as a tinkerer, cannot run my own code on my own device without bringing an App Store Server with me or spending $100/year.

Yes, that's Apple's policy and that's well known.

Doesn't mean anyone I have to like it or find it acceptable.

⬐ onethought

A device you own, but on software you license, and agree to their terms.

Even OSS have licenses and warranties.

⬐ extrememacaroni

Just one thought, and you chose this one. Great.

⬐ skohan

This is such a weird argument to me. Yes that's the legal framework we are living under, but I think it is pretty far from any intuitive sense of ownership. Software is quite strange in the way it allows something we own, and keep in our home, to be controlled in large part by some third party at a distance.

For instance, imagine if you had a car such that the company which made it controlled where you could drive it to, and which stations you could stop at to buy gas. Would that make sense to anyone?

⬐ alwayslikethis

> which stations you could stop at to buy gas

This is already happening to an extent with Tesla, though you can still charge it at home.

⬐ Huh1337

Tesla gives you more options than others, not less. You can charge your Tesla at literally any charging station, you just need a compatibility plug. But it's not possible to charge non-Tesla cars at Superchargers.

⬐ onethought

Cars with different fuel types have been a thing for a while.

EVs with different plug types are also a thing, with software even blocking use of adapters.

Your example doesn’t seem to illustrate anything weird. (Unless you mean to say “everything is weird”)

⬐ skohan

Different fuel types is categorically different. The fact that you can't run a petroleum engine on diesel is not a restriction placed on the car by the vendor, it's just physics.

My example would be, what if your car refused to accept fuel at a given gas station because that station did not sign a licensing agreement with Honda? Or what if your car refused to drive to restaurants which were not approved by the manufacturer? I think we would all agree that would seem very strange indeed, and people would be livid.

EV's with different plug types are a relatively new thing, using DRM for charging stations seems pretty weird if you ask me.

It's a similar situation with BMW's move to lock heated seats behind a paywall as a software feature. A lot of people are quite livid about other industries trying to adopt these kinds of norms from software.