I assume you're talking about the Mac App Store since one can't easily install iOS software via github.

It's a tricky situation. Windows Vista tried to improve security and then was criticized for having too many UAC pop-ups, and for breaking legacy drivers.

I don't like Apple's syspolicyd, but it is also an attempt at improving security.

> I understand the urge to make phones more secure by default and to help users avoid foot guns

There's secure by default, and then there's stuff users can't override even with great effort. Android restricts some dangerous operations by default and makes users jump through a couple hoops to acknowledge the risk. iOS usually forbids them entirely.

> I tend to agree with this, but if you look at the PC ecosystem, you'll see that 'leave users to figure out their own security' is a shit show.

I do not in fact see that. PCs work pretty damn well, security-wise, even with clueless users. I'll grant you it isn't as secure as phones, but it's by no means horrible.

The problem is that we're in a duopoly on the most important metaphorical ecosystem on the planet. If the market were competitive and efficient, I'd agree, but it isn't.

The upshot of this is that Apple can unfairly compete in all sorts of verticals just by owning that platform. A lot of companies could make a good Airpod competitor, but without access to the same functions as Apple's they're hamstrung. Watches have this problem even worse.

Say what you want about Microsoft at their zenith, you COULD compete with their browser, in fact, people did. You just can't with iOS. That's more important than some users having poor security. (And really, how are we going to worry about phone security when there's a system as stupid as passwordless social security numbers being the key to your financial life?)

The natural duopoly needs to be regulated such that it doesn't spill over into every tangential market.

Without that "shit show" you would never end up with devices like iPhones and useful software that drove last decades of innovation and progress.

The ability to build better things is the reason why you can now sit here, using technologies built on that "shit show" machine, and bloviate how new generations aren't allowed to build new things anymore because a megacorp needs to feed its greed.

It's not really about system administration. The average person is a low effort moron who will do whatever he pleases without thinking about the consequences.

The difference with computing is that since it's "new" and sometimes it has bugs, they will blame the hardware/OS any chance they get.

Word. When my kids were pre-teens and teens I moved their computers onto Red Hat because I was tired of cleaning spyware off of it when it was a Wintel box. I moved my wife onto a Macbook Pro for the same reason, and she used to do user support for a community college back in the day.

> The average person is really bad at system administration

the average person doesn't even understand the basic concept of what the average HN reader considers system administration, and we're wrong anyway eh

> Because with iMessage, it's not about your own security, it's about the security of everybody that you're allowed to message from a given device.

You do realize that you're implying that Apple is insecure by design? Because I can easily (locally) root my iPhone and get raw access to iMessage.

> we all know how IoT vendors are with device security.

Couldn't agree more: https://www.cve.org/CVERecord/SearchResults?query=apple+watc...

At some point you need to accept that there are sufficient hoops necessary to jump through to disable security that no one would accidentally do it. If you really think that security is so paramount that no level of compromise is acceptable, then you should be outraged that devs can test their apps on their iPhones. You should be up in arms at the existence of the App Store that lets you install software written by third parties. You should be petitioning Apple to remove safari as what could be more insecure that downloading and running arbitrary code from a completely unknown website? And you should be happy paying $1500 for a function-less, featureless, slab of Titanium with an Apple logo etched on the back, secure in the knowledge that it has no security vulnerabilities whatsoever.

You do understand that “make it work by default” and “customization” are not exclusive, right? you can definitively pick defaults and allow customization for those who want it.

They should be able to.