Some useful context: this is almost certainly being driven by Apple’s Private Cloud Compute architecture and not tariffs, as an investment of this magnitude is not planned overnight.
Why is PCC driving Apple to spend billions to build servers in the states? Because it is insane from a security standpoint (insanely awesome).
PCC is an order of magnitude more secure server platform than has ever been deployed for consumer use at planet scale. Secure and private enough to literally send your data and have it processed server side instead of on device without having to trust the host (Apple).[1] Until now the only way to do that was on device. If you sent your data for cloud processing, outside of something exotic like homomorphic encryption[2], you’d still have to trust that the host did a good job protecting your data, using it responsibly, and wasn’t compromised. Not the case with PCC.
To accomplish this Apple uses its own custom chips with Secure Enclaves that provide a trust foundation for the whole system, ultimately cryptographically guaranteeing that the binaries processing your data have been publicly audited by independent security auditors. This is the so called hardware root of trust.
It is essential then that the hardware deployed in data centers has not been physically tampered with. Without that the whole thing falls apart. So Apple has a whole section in their security white paper detailing an audited process for deploying data center hardware and ensuring supply chain integrity.[3]
You can imagine how that is the weak point in the system made more robust by managing it in the US. Tighter supply chain control.
[1] https://security.apple.com/blog/private-cloud-compute/
[2] Fun fact, Apple also just deployed a homomorphic encryption powered search engine! It’s also insane!
[3] https://security.apple.com/documentation/private-cloud-compu...
<<<security is not my domain, asking genuine questions!!>>>
At the end of the day, it ultimately still boils down to trust though, yes? Trust that they are running the data centers the way they say they are, trust that their supply chain is what they say it is, and so on? At the same time, using some open source piece of software also entails a great amount of trust: I’m not going through the source code of Signal myself, and I’m also not checking that an open source locally served model isn’t sending traffic/telemetry etc back to some remote server via whatever software is running the model… rather, I’m placing my trust in the open source community that others have inspected and tested these things. I’m sure all sorts of shady PRs into important open source code bases are made on the reg after all. So that’s not to say that trusting Apple is necessarily more or less wise than trusting open source software from a security standpoint… my point is just that it seems like they are aspiring to a zero trust architecture, but at the end of the day, it does still require trust that they are operating in good faith vis-a-vis what they are representing in the white papers right? To me, it seems like a relatively safe assumption that they are for a variety of reasons, but nonetheless, it is an assumption right?
> I’m placing my trust in the open source community
You’re right, security is a matter of degrees not absolutes, but open source software requires considerably less trust than closed source. Right?
PCC applies this principle by making the binaries it runs public and auditable by you or anyone in the security community. (In some cases the source code as well.) The craziness is in the architecture that provides cryptographic proof to clients that the server they’re connecting to is running an audited binary and running on secure hardware. It even does TLS termination at the shard level so you can have high confidence that if the binary isn’t connecting to anything your data will be unreadable by any other server in the org.
So it goes way beyond trusting what the whitepaper says. Data center hardware deployments are audited by a third party that signs the servers in a key ceremony. That ultimately undergirds the cryptographic attestation that servers provide to clients that everything has been audited. And it’s also the element that tighter supply chain control helps shore up.
If you’re new to security the architecture documentation I linked to is a very friendly read and a good intro to some of these threats, countermeasures and rationales.
Thank you for the really great response! It answered my main question:
> The craziness is in the architecture that provides cryptographic proof to clients that the server they’re connecting to is running an audited binary and running on secure hardware.
I definitely missed this concept when skimming the links before posting my comment - very very cool!
> open source software requires considerably less trust than closed source. Right?
Of course… but at the same time, I think the difference in the degree of trust I am placing in say, Signal’s end to end encryption and Apple’s (claims of) end-to-end encryption is not as large as it might cursorily seem. Would I be more surprised to read in the news that Apple had secretly embedded some back door than I would be reading in the news that malicious actor managed to push some hidden exploit through to Signal in an otherwise innocent PR? I’m genuinely not sure which would surprise me more, or which event would be more probable, so can I really make any claim as to which is more secure, given the current knowledge I have? Obviously I could think more deeply about this, but superficially, both are requiring pretty large amounts of trust from me - which I don’t think is misplaced in either… though I do personally trust something like signal more at the end of the day based on… what, intuition? A gut feeling?
> At the end of the day, it ultimately still boils down to trust though, yes?
Isn't that pretty much the story for most every thing though? It comes down to discernment, which is mostly subjective itself.
Same here. Personally, do I trust Apple? I don't have a leaning one way or another about that. What I trust is that Capitalism is gonna capitalize. And Apple doing what it says here, is its Brand. If down the road it comes out later it was all a lie. That Brand has no more standing. No more standing, no more sales. And Apple is in the Brand/product selling business. I trust they won't throw away their trillions because they would rather sell their Brand on white papers over an actual product that the papers describe.
Yes, I think along similar lines there… but on the other hand, brands need not reflect underlying truths about reality, and in fact often do not. Suppose two years from now, it is revealed by a whistleblower that they were part of a special skunkworks team responsible for creating various backdoors in PCC in order to enable Apple to access the data, train new models on queries, or maybe respond to government requests etc etc, all of which which were subtle, complicated exploits. Maybe Apple denies and discredits, or minimizes, or issues some sort of limited mea culpa. To what extent would it affect Apple’s brand? How long would it stay in the public consciousness? Would people (writ large, not those on HN) care? Perhaps it impacts the stock price, but for how long? Obviously there would be some sort of cost to such an event occurring, but would it outweigh whatever benefits that Apple might gain in the meantime? Maybe those benefits have to do with avoiding the wrath of the federal government… who knows. Like you said, discernment is the only tool we have, and it’s difficult to really know what’s going on at the end of the day.
Moscow rules and George Smiley’s tradecraft are probably the only real security… ha!
Trusting Secure Enclaves custom chips over processing locally is going to be a hard to impossible sell for those who truly care about privacy.
Thankfully for Apple that's a very low number in a world where people demand tiktok remain legal when shown how their data is being used by foreign actors. People only care about privacy when it's local (don't want mother to find out, neighbours to talk, friend to think a certain way about you or classmate stalking) and that's why ai fakes are much more concern then a company knowing everything you do.
But this product is great for fortune 500 businesses.
I think this is a level of security Apple is providing at additional cost to themselves that only a tiny fraction of consumers would even pay an extra cent for.
From that perspective I really appreciate this effort by Apple.
> at additional cost to themselves
For now.
> for those who truly care about privacy
> Trusting Secure Enclaves custom chips over processing locally is going to be a hard to impossible sell for those who truly care about privacy.
Isn't local processing on Apple devices rooted in the same secure enclave hardware/firmware, attacked and hardened for 10+ years?
The problem with any remote arrangement is that you have to trust Apple that the server side is running all that stuff. Their answer to that is "you can audit us", but I don't see how that would prevent them from switching things in between audits.
As far as local processing goes, though, you're also still fundamentally trusting Apple that the OS binaries you get from them do what they say they do. Since they have all the signing keys, they could easily push an iOS update that extracts all the local data and pushes it to some server somewhere.
Now, I don't think that either of these scenarios is likely to happen if it's down to Apple by itself - they don't really gain anything from doing so. But they could be compelled by a government large and important enough that they can't just pull out. For example, if US demanded such a thing (like it already did in the past), and the executive made a concerted push to force it.
> Their answer to that is "you can audit us", but I don't see how that would prevent them from switching things in between audits.
PCC does actually prevent Apple from switching things in between audits to a high degree. It’s not like a food safety inspection. The auditor signs the hardware in a multi party key ceremony and they employ other countermeasure like chassis tamper switches. PCC clients use a protocol that ensures whatever they are connecting to has a valid signature. This is detailed in Apple’s documentation.[1]
See, this is why I think privacy engineering is low key the most cutting edge aspect of server development. Previously held axioms are made obsolete by architectural advancements. I think we’re looking at a once in 15 year leap - the previous ones being microservices and web based architecture.
[1] https://security.apple.com/documentation/private-cloud-compu...
you have to trust Apple that the server side is running all that stuff
> When a user’s device sends an inference request to Private Cloud Compute, the request is sent end-to-end encrypted to the specific PCC nodes needed for the request. The PCC nodes share a public key and an attestation — cryptographic proof of key ownership and measurements of the software running on the PCC node — with the user’s device, and the user’s device compares these measurements against a public, append-only ledger of PCC software releases.
> compelled by a government
Sadly, the bar is much lower than "compel". Devices are routinely compromised by zero-day vulnerabilities sold by exploit brokers to multiple parties on the open market, including governments. Especially any device with cellular, wifi or bluetooth radios. Hopefully the Apple C1 modem starts a new trend in radio baseband hardening, including PAC, ASLR and iBoot, https://www.reuters.com/technology/apple-reveals-first-custo...
At some point having trained and certified Apple engineers overseeing this sort of thing gives far more confidence than random startup #1345134 who promises they hired the best college drop outs that they could find.
Everything about democracy is great except its people. You know, the big brained carbon lifeforms that refer to themselves as “citizens”.
Yup. Apple knows that they don't have to ship anything more than a whitepaper to justify their stance to current customers. They could announce an internet-connected bidet with a webcam and there would still be people arguing that it's safe until someone exploits it.
The fact that Apple is comfortable shipping a whitelabel ChatGPT is proof that the whole Private Cloud Compute thing is just for show. They're perfectly happy partnering with the Worldcoin guy to sell you something popular if there's money in it for them. Apple knows people expect them to release some haughty whitepaper, so they cook up PCC and claim you can audit it if they think you're worthy of seeing the insides. Now all the privacy nuts can pipe down while Apple plans a longer-term strategy to make their hardware compete in the datacenter.
There is a world where Apple takes their own privacy commitment to the next level through radical transparency. But that's not what PCC is, it's another puppet for the Punch-and-Judy security theater that sells their iCloud subscriptions.
PCC is completely different from the ChatGPT integration. ChatGPT is indeed not a privacy-hardened system, but Apple devices only use it for so called “world knowledge” queries and make you confirm when calling out to it, typically involving limited personal data.
PCC is designed to handle extensive personal data, and the auditing is attested by cryptographic proofs provided to software clients, not just white papers read by humans. It is significantly different from what we’ve seen before in the industry, and highly worth the effort to understand it if you are at all involved in server engineering.
> Until now the only way to do that was on device
as usual, Apple's implementation is exceptional, but far from the first. see https://confidentialcomputing.io/ and its long history
2019 Linux Foundation Confidential Computing
2015 Intel SGX (Skylake)
2014 Apple Secure Enclave (A8, iPhone 6)> 2015 Intel SGX (Skylake)
Might be worth pointing out that SGX was compromised repeatedly and comprehensively by speculative execution attacks, e.g.
https://www.usenix.org/conference/usenixsecurity18/presentat...
ARM TrustZone launched with the Arm1176JZ-S in 2004.
It's worth noting that AWS has had this sort of infrastructure with Nitro for quite some time now:
https://aws.amazon.com/ec2/nitro/nitro-enclaves/
At some point it was novel to put a separate hardware root of trust on a PCI-e card but I think that was a while ago, even for Apple!
PCC is an awesome solution for Apple to ensure that no one other than Apple can execute code in that environment.
That is however not most users' concern (in fact, I'd guess less than 0.001% of Apple users are concerned with supply chain attacks on Apple's servers); what we're concerned with is Apple itself misusing our data in some way (for example, to feed into their growing advertising business, or to redirect to authorities). PCC does NOT solve any of this and it's in fact an unsolvable solution as long as their server side code is closed source (or otherwise unavailable for self-hosting as binaries). For me, Apple Intelligence stays off on my devices (and when that is no longer an option, I'm jumping ship - I just wish there was something at least passable to jump to).
Are these the droids you’re looking for? https://github.com/apple/security-pcc
> this is almost certainly being driven by Apple’s Private Cloud Compute architecture and not tariffs, as an investment of this magnitude is not planned overnight.
The tarriffs haven't happened overnight. They've been discussed for going on 2 full years now. Anyone who wasn't blinded by their own political preferences saw this coming.
Sounds like ireland or wherever their tax haven is might make some real savings from this
Thanks to ireland all big US corporations saved hundreds of billions of dollars past few years so now they can get back to US with this massive cash for anything they want (ofc. nothing will get back to EU as long as they ignore tax heavens)
Ireland has harmonized tax rates with the global corporate minimum tax
Apparently right inline with their plans: https://daringfireball.net/linked/2025/02/24/apple-500-billi...
I don't get why folks keep saying x86 linux servers here for AI, if anything it'd be M series arm based servers, either running linux or macos. Realistically I'd imagine a set of scaled up mac mini arm servers for running inference or fine tuning on them as more likely being the "ai servers" than x86 based anything. Power is the key thing that they'll be optimizing for, and that's where ARM shines.
Don't they need gpus (for training)? Apple already did a footshoot wrt gpus in the apple ecosystem. unless they have some sort of apple-internal ai chips ready to train models.
Apple's Private Cloud Compute is on racks of M4 chips which have NPUs and GPUs on-die and unified memory access to however much RAM they want to put on them. All of a sudden they're competitive with NVIDIA, but they don't let anyone else use that platform.
ARM is not a GPU architecture, nor is Apple Silicon the most power efficient GPU/CPU available to datacenters. The factor Apple is optimizing for is their own profit - they're terrified by the notion that another company might dictate their software margins for them.
Quite a lot of cash to generate AI stickers in messenger.
this is it. siri will finally be reliable
> Four years ago, a few months after Mr. Biden’s inauguration, Apple announced an “acceleration” of its U.S. investments, pledging to spend $430 billion and add 20,000 jobs over five years. In January 2018, during Mr. Trump’s first term, the company said that its “direct contribution to the U.S. economy” would be $350 billion over five years and that it planned to create 20,000 jobs over that period
Anyways, the land (obviously in Texas) is already purchased and has been sitting empty. The unbuilt factory keeps getting more expensive though.
Mark my words: it will end up like the Apple Car.
Apple “Intelligence” has been a flop.
Will it be collocated with the promised Foxconn plant?
That is a con to con the con …
Are they going to abandon H-1B and focus on hiring Americans for this project?
Apple has been sitting on a war chest the size of Jupiter for a long time. Glad to see them putting it to good use.
expect of course they won’t… few months into every new administration (see 2017, 2021…) they’ll make a splash announcement like this… and then wait for the next administration to make it again
It’s a con to con the con …
The sentiment in this thread. Surely Apple has a fiduciary duty and so no reason for FUD.
Time to move away from Apple before they train their AI Models on the rest of my data that they left untouched
Some part of me thinks they are billing an overbudget here to report that they actually didn't need to spend that much so that they can beat lower guidance (same play for MS, Google, Meta). We've heard that actually training these models doesn't cost even a billion dollars.
A strong majority of Apple's revenue comes from outside the US. If Apple is tied to US protectionism, it is precisely the sort of org that suffers.
Now to be real, Apple has been announcing these multiple hundred billion dollar investments every four years like clockwork. They did it early in Trump's first term, they did it again early in Biden's term, now they're doing it again. But for all of the "Yeah, this is what tariffs are for! Hoo ya!" rhetoric, note that companies like Apple have far, far more to lose than what America "gains" by acts like this.
strong minority you mean :)
https://www.statista.com/statistics/382175/quarterly-revenue...
No, I don't. The Americas in totality account for 42.3% of Apple's revenue. But of course "The Americas", despite the confusion of many Americans, is not only the USA, so while that is already a minority, South America is 14% of that 42.3%, then subtract Mexico and Canada...
If only they could spare a few dozen devs to update the command line tools to the 21st century.
Please explain how this will increase the stock price in the next week, otherwise it will not be prioritized
Yeah, the real stock market mover is the mouse cursor. That wiggly thing they did that grows the mouse cursor really send ripples throughout Wall Street.
Given its value for aging users with weakening eyes, that tracks :)
:(
to Tim Cook, yes, but not to Steve Jobs.
I don't think Steve Jobs would care any more about command-line MacOS tools than Tim does
Steve Jobs would lean into making Apple the #1 AI developer platform and showcase at WWDC how the terminal is now obsolete
He wasn’t stupid. He’d observe their own developers and see how they rely on the terminal and command line for their work. He’d ask pointed questions and demand thoughtful answers.
Then he’d find a way to make it the #1 AI developer platform or distort reality until it is.
Or you can take the extra minute to install them yourself with brew, this a complete non issue for anyone that understands the command line in the 21st century using MacOS. Also, I would never build anything against macos userland because it's almost never the target.
Brew takes a minute just to update itself, let alone install anything.
And then everything needs to have the /opt/brewsomethingsomething PATH. /bin:/usr/bin:/usr/local/bin not good enough.
MacPorts is The Way.
In the big '25? Nixpkgs is the New Way.
So what? Do you complain when apt, yum, dnf, pacman, ports, or any other package management system does a download? I bet you don't, so it's not really a usable argument. Secondly, yeah, not tainting my systems OS and system paths is a good thing and opt/ from the filesystem perspective is the absolute right place to put add on packages.
"The /opt/ directory is normally reserved for software and add-on packages that are not part of the default installation"I complain every single time apt, yum have to self update for a solid half minute plus.
these two are orthogonal to each other.
Desktop Linux is right here, desktops Linux has always been here!
I don't understand why people complain about Apple neglecting developers when desktop Linux provides a superior experience aside from the rare times you need to compile an iOS/Mac specific application.
> desktop Linux provides a superior experience aside from the rare times you need to compile an iOS/Mac specific application
or reliably use peripherals
Wow, did you travel here from 2002?
Edit: In case it's not clear from my initial, gut-driven snark: I definitely think if you use a reasonably popular distro (commercially backed or not) in 2025, you should never have any trouble connecting peripherals to it, with the possible exception of Bluetooth, which I hear also applies to macOS.
Nope, I came directly from an MS Teams meeting where the desktop linux users had no audio.
I'm on Windows, and my work laptop has no audio via its headphone jack.
I have no idea how this is supposed to even work, and since it's not my computer I don't mess around trying to install drivers. I just use my phone to call in for Teams.
Things happen, let's not act like any OS is perfect.
MacOS is definitely not perfect. I'm being snarky. But it has been my anecdotal experience as both a user and observing colleagues that MacOS is more reliable and stable for desktop use than Linux. This is unsurprising since it's easier to build a stable walled garden than an open ecosystem.
Macs are generally more reliable, but if you buy a year old ThinkPad Linux will be just as stable .
The only issue Linux really has is when new chipsets come out you might need to wait 6 months or so for the drivers to be updated. But to be completely fair, on one of my laptops I had no webcam support for like six or seven months until Windows update decided to finally install it for me.
If you need a significant amount of hard drive space, Macs are almost always exorbitantly expensive. I make music so I find myself dual booting between windows and Linux. I don't want to speed 3k+ on a MacBook just to get a 4TB SSD I can add to any Windows PC for 200$.
Plus on Linux you can customize your personal experience to a much greater level. If you dislike X,Y,Z you can disable it or find an alternative.
Both OSX and Windows are cramming so much monetization into the OS, there's a very real feeling that I'm just sharing my computer with a giant corporation rather than actually owning it.
It’s less convenient when you are on the go, but you can pack an external SSD and offload stuff to it. A friend of mine had one velcroed to the back of the screen.
It's actually cheaper to own a MacBook Air for things that need to work 100%, like a coding interview, and then a secondary laptop when you're playing video games or making music .
That's basically what I do now, my old M1 MacBook air is more than good enough for LeetCode and I'm more or less know it's never going to fail.
> But it has been my anecdotal experience as both a user and observing colleagues that MacOS is more reliable and stable for desktop
You mean a few month after a new MacOS version has shipped and they've got time to fix all the bugs it introduced, right?
I haven't personally experienced that problem. Updates on Mac have always been smooth for me. But I'm a sample of one and it's probably workflow dependent.
MS Teams audio issues aren't the best example -- ask anyone forced to use Windows
I came from meet where none of the macs could screen share due to recent OS updates :)
Presumably these users have audio in other contexts? Are they running the web app version of teams? Do other web apps play audio? From 10000 feet up, I wouldn’t start by blaming Linux here (even as a non-Linux-desktop user,)
This isn't a hill I want to die on, but isn't it the case that even if the problem is in MS software compatibility with Linux that still results in desktop Linux being a less reliable platform for day to day use?
Depends on the day to day use. I have experienced a lot more pain on Windows than on any other platform. Perhaps HP-UX or AIX 3.x were more painful.
Last year I was using a Windows laptop for work and Teams was very unreliable with audio and video. And don’t even think of using the nice camera on top of the expensive video conferencing monitor on my desk.
The inability of the people you work with to use their devices means almost nothing. It’s as if you said nothing.
to be fair Teams barely works on Windows
Team barely works, period. It’s almost a feature, actually.
Tons of peripheral devices do not work well or reliably on Linux, and I literally cannot remember the last time I have had ANY issue with Bluetooth on macOS. Certainly not in the last decade.
I don’t remember the last time I had an issue with Bluetooth on Linux either. Most likely before 2010 or so.
The last time I did was this morning. I get dropped connections constantly, microphone not working in Teams (solved by reboot), pegged connections preventing handoff, etc.
> with the possible exception of Bluetooth
Good thing no one uses that!
I went through 5 distros a month ago dealing with fractional scaling issues on my 4K monitors. Decided it is not worth dealing with a went back to macOS so… No.
I feel like I spent a significant chunk of the mid 1990s editing /etc/X11/XF86Config in search of the right incantation...
I very recently tried again to adopt Linux on the desktop. I'm really sick of feeling like a frog in a pot of water. It's becoming harder and harder to bypass their literal gatekeeping of which applications I can run on my computer, and with every new version of macOS the temperature in the pot keeps rising.
The main problem I have with living in a Gnome desktop environment, is with the keyboard. I'm not willing to abandon my use of Emacs control+meta sequences for cursor and editing movements everywhere in the GUI. On macOS, this works because the command (super/Win on Linux/Windows) key is used for common shortcuts and the control key is free for editing shortcuts.
I spent a day or so hacking around with kanata[0], which is a kernel level keyboard remapping tool, that lets you define keyboard mapping layers in a similar way you might with QMK firmware. When I press the 'super/win/cmd' it activates a layer which maps certain sequences to their control equivalents, so I can create tabs, close windows, copy and paste (and many more) like my macOS muscle memory wants to do. Other super key sequences (like Super-L for lock desktop or Super-Tab for window cycling) are unchanged. Furthermore, when I hit the control or meta/alt/option key, it activates a layer where Emacs editing keys are emulated using the Gnome equivalents. For example, C-a and C-e are mapped to home/end, etc.
The only problem is, this is not the behavior I want in terminals or in GNU/Emacs itself. So I installed a Gnome shell extension[1] that exports information about the active window state to a DBUS endpoint. That let me write a small python daemon (managed by a systemd user service) which wakes up whenever the active window changes. Based on this info, I send a message to the TCP server that kanata (also managed by a systemd user service) provides for remote control to switch to the appropriate layer.
After doing this, and tweaking my Gnome setup for another day or so, I am just as comfortable on my Linux machine as I am on my Mac. My main applications are Emacs, Firefox, Mattermost, Slack, ChatGPT, Discord, Kitty, and Steam. My Linux box was previously my Windows gaming box (don't get me started about frog boiling on Windows) and I'm amazed that I can play all my favorite titles (Manor Lords, Hell Let Loose, Foundation) on Linux with Proton.
I don't get it either, it takes twenty minutes to burn a USB stick and run the installer. It takes me longer to remove the bloatware and set up my preferred settings on a proprietary OS than it does to install Linux nowadays, and that's been true for a decade at least now.
It's just not hard! It's not more work! And yet the meme about it being more trouble just. won't. die.
You people are supposed to be technologists! Why won't you spend 20 minutes of one time setup to get a better experience?
Not all hardware works? I don't see anybody complaining about having a limited set of hardware options when they buy Apple! Canonical maintains a list of fully compatible computers; just pick one, buy it, and you wind up with a computer just as easy to use as Mac OS but without the endless paper cuts of using a system that has no respect for you at all and thinks it knows better
Most of us have .dotfiles, I can snap any macos installation into my preferred configuration in about 5-10 minutes unattended depending on internet speeds. I do most of my work in a terminal, as long as that works, I'm good on Linux, MacOS, and BSD's. They all have pros and cons.
I only wish Apple’s terminal supported Tektronix and ReGIS. And provided a sane implementation for sixels.
I use Apple laptops primarily for the hardware. But Linux has never really been a great experience on Mac laptops when it comes to battery life, reliable suspend/resume, etc. etc. I used to use Yellow Dog Linux on a G4 PowerBook way back in the day, but I haven’t had much luck with Linux on Mac hardware since then.
I had an old i5 Mac mini laying about I wanted to use desktop Linux on the other day. The last time I tried, was about 20 years ago. I note nothing has changed since.
I have one of those running the latest Fedora. It’s a great workstation.
I use macOS because it's the only OS to reliably support Apple's Macbook M series.
(Unless someone wants to correct me.)
If you are paying for Apple hardware, it’s silly to use an OS that’ll make it only less reliable and compatible.
Desktop Linux is an oxymoron. i’ve tried it many times and every single time I went back to macOS.
Any particular reasons?
I made this. It makes it easy to use all of the most common gnu tools via brew, without having to do gsed for sed, etc... all with working man pages. It also lets you switch back easily in a shell session if you need the mac native ones for some godforsaken reason:
You mean how the Unix standard tools on Mac are way behind Linux?
So are the BSD tools by some definition of "behind". Another way to look at this is to say that GNU tools as typically seen in modern Linux are bloated (I know, Linux and "bloat" are kind of a meme, but it is generically true for the most part when it comes to the command line utilities feature creep over the years, so it's a useful and descriptive word).
I have to work with old machines and legacy operating systems quite a bit in my day to day and I always am going to prefer something lighter and with less ways to shoot myself in the foot w.r.t. POSIX compliance. MacOS is Unix certified so I appreciate them being somewhat reserved in the features they add on top of POSIX.
Modern GNU userland utils are nice and fun but if you are looking for compatibility it's best not to use them. Consequently, the MacOS situation doesn't bother me especially given you can install more up to date tools if you want. I think keeping the defaults older and more compatible is a good thing.
There is poor cross-UNIX compatibility if you're doing anything complicated, anyway. I maintained a large test suite for about a year that was written in POSIX sh and targeted Linux, macos, {Free,Open,Net}BSD. It wasn't fun because every program behaved in slightly different ways, half of them undocumented (for example, I remember having lots of pain with how different versions of tail handled SIGPIPE).
In the end it was was easier to rewrite in Perl than to keep maintaining that thing, struggling for hours to find ways of implementing every little bit of functionality that worked reliably on every OS. You'd add or fix something, and the tests would break on FreeBSD. You would fix it there and it would stop working on NetBSD. And so it goes.
This is true about cross Unix compatibility. I can still dream though.
What tools do you prefer?
I prefer a lot of the BSD variants of the typical POSIX tools (i.e. bsdtar vs GNU tar, ksh or similar instead of bash, etc etc). Usually because they add less extensions on top of what is required by POSIX, but are still easily acquired in a modern Linux distribution. I mostly just alias them.
If I write a script using BSD esque tools I can be reasonably sure they will work on any Unix-like, whereas if I write/test my script on a machine using GNU utils, I'm fairly likely to accidentally use a GNU extension that would cause the script to fail on an older Unix-like OS. For instance, I do a lot of work migrating code off of AIX,and I need the scripts I develop to work on AIX when I'm gathering environment information from customers. I can't just assume they will have a ~2020+ implementation of Unix userland tools with all the GNU extensions and nice features. Sometimes the machines have been sitting quietly in the back of a data center not being updated for quite a while and will have more "90s style" of Unix tools.
For a simple version bump, I feel like brew is fine. Or do you have other tooling updates in mind?
Many people here are commenting that brew is a good way to get modern tools. I must say, I prefer Docker by several country miles.
It’s like having the tools in a different computer. You can mount your local filesystem onto the container, but if feels like WSL - there’s always an “impedance mismatch” between the two sides.
I prefer to use the tools running locally on the same OS I’m working with. For that, MacPorts is great.
Apparently there is a 20,000 surplus somewhere waiting to jump in.
I heard they have strong Nordic developers waiting for free markets in Greenland.
I bet the Panamanian Ai industry masses are also sitting on the edge for this.
lol. lmao.
Apple better hope none of their customers realize how comparatively mid of a product iphones are by the time those servers are ready.