The installer does not validate in MacOS 11.6.7.
Developer is not known.
The security system does not allow installation.
This has been discussed many times. A fix is on the way. In the mean time you can just right click on the pkg file and choose OPEN.
As a cybersecurity consultant for my day job I really donāt appreciate your advice. I do know how to bypass the security system of macOS. It is a bad idea to do so. Your advice is encouraging bad behavior and only help cyber terrorists and criminals in their activities. How do we consumers know that the PIB site is not compromised? As the origin and authenticity of the file canāt be established it should not be trusted. What you should do is to take down the file and say that is broken.
I believe @jamieh ( a āconsumerā, like you) was just trying to be helpful, and pointing to advice which had been given by the productās devs, and was giving options rather than explicitly intending to offer technical advice. The spirit of his post was seeking to respond with the current state as far as this issue is involved.
Can I with respect suggest that you take this up with the development team. You have the choice of taking what you view as a risky action or waiting for a fix to the problem, and clearly you will do the latter.
āWhat you should do is to take down the fileā
As a Scaler user, he is not able to do this, and this should be addressed to Scaler or PIBā¦ I donāt think @jamieh will mind my saying that he is a board participating musician and not an IT expert.
For those users that that have already taken the action mentioned, I suspect the terrorism risk is probably rather low, and Iām much more troubled by the 300,000 daily cases of COVID here in the UK.
1 Like
First, bad advice is bad advice, regardless.
Yes, PIB should not have published the file in the first place.
Based on what? How can you tell we have downloaded the same file? You canāt, it does not validate.
The security system is there to prevent you from making bad decisions. This is such a decision.
Hi @Hmlhdr
We are aware of this issue and appreciate you posting about it. It is more frustrating for me than it is for you. We have had many complaints and it was a genuine mistake from the development team of which the lead developer has been travelling and has not been able to sign. He will do tomorrow and it will be rectified.
My suggestion is if you donāt feel comfortable then donāt install it. You can select the 2.5 version from you account and install that.
Finally please keep it chilled on this forum. Our users go to great lengths to help others and that is what they are doing here. Trying to force your opinion or way on others wonāt be tolerated. Again sorry for the inconvenience with 2.6 validation.
I tried to keep my response as neutral and respectful as possible, and the reason I did respond was that @jamieh (a valued contributor to the board) was merely trying to be helpful, but received a sharp rebuff. There was no way for him to know what your level of MacOS skills were, and he pointed to a suggestion by the devs - it wasnāt his idea.
The fact is that he stated āyou canā, and not āyou shouldā. It was not advice, it was offering a possible solution as he understood it, promoted by people who (presumably) also know something about MacOS, as they wrote the software.
You chose not to follow that suggestion, which is your absolute right, which everyone will accept, together with your reasoning. I donāt refute this in any way.
Probability is fundamentally based on observation. Thousands of users have downloaded Scaler and thus far zero instances of this software infiltrating GCHQ have been reported. So we have, courtesy Bayes, an a priori assumption of the likelihood of an association between a Scaler download and acts of terrorism.
You are absolutely correct in asserting that personal, commercial and catastrophic damage might be the result of the use of un-validated software. Had the Iranians taken your advice, their centrifuges would not have been trashed by Stuxnet. I thus in no way contest the validity of your opinion, but I hesitatingly suggest that it may lack some context in this particular case.
The fact that something bad might happen from a course of action does not stop humans from following those actions. We swim in seas contaminated by sewage which could kill us; we get on planes which could crash; we have COVID injections because we judge the balance of risks from the vaccine are less than those from getting the disease. Itās certainly ābad adviceā to swim in turd laden waters, but we do this because observation of the rate of negative outcomes has framed an assessment of risk from the action in focus - so we swim. The fact that itās a bad idea and there is a small risk should not result in swimming being banned. People can choose.
So as to my conjecture (āsuspectā) - not an assertion, note - that the terrorism risk was āprobablyā (in the Bayesian sense) low, I offer (albeit humbly, having squat knowledge of cyber issues) that to date the evidence for this is that there have been no reported terrorism events reported as a direct result of a Scaler download. That sets an initial, low, estimate for a negative outcome of so doing. You may have more information on the integrity of PIBs servers, and you would thus modify your risk assessment accordingly.
However, people may make the free choice to download it or not, with assessment of this risk ā¦ just as they swim in the sea or get on a plane. Itās their choice to exercise, and one, maybe from ignorant stupidity, I am prepared to take.
Although this forum is for musical discussion and specifically for the Scaler application to help us, I will tell you Yorkeman that it is a pleasure to read you; your philosophical sense of life based on all your experience (you are the grandfather of the forum for a reason) is so naturalā¦ I will tell you that when I was young I bathed in the river and in the Mediterranean, but now both my beloved river and my sea āāare highly polluted; so I usually use the pool (which makes my eyes sick, because of the chlorine they put there to disinfect). But it is true: humans decide at every moment, evaluating possible problems.
Especially this question raised by @Hmlhdr does not concern me to have been able to answer him with an intention of help (as we always do in this forum) because I do not have a Mac. I have Windows. But a good contributor on the forum @jamieh jamieh did it to help and the answer seems very bad to me. Perhaps I have lost the desire to answer the future questions raised here, even
Iām sorry and will not post on these forums again.
Itās all good my friend. @Hmlhdr As a professional you have every right to be concerned and express that concern. Both sides have weighed in and the Devs have also commented. Itās not that I havenāt been doing this for a while. Iāve always been my own IT and tech support as far back as my first Mac in the early nineties. So @yorkeman I used to be able to field strip a Mac for Memory install and battery replacement and PCI card insertions before it was a common thing. Those early Mac cases were a bear to access. My studio only had PC so it was up to me to take care of my Mac for audio. Ah, those were the days.
Anyway, the problem should be fixed soon and we can all continue making new music.
Cheers and stay safe my friends!
~J~
Duly noted, and abject apologies for casting you as not IT capableā¦
1 Like
@Hmlhdr No need to apologise and no need for such extremes, we are friendly here we just donāt like being told off! FYI new, signed installer is now available on the Plugin Boutique website