Note that the "just" is overlooking that it's more locked down than a typical Linux box, in that the OS filesystem is read-only and all app installs live in userland (though you can turn off the read-only behavior). For what it's worth I'm very much a fan of it as a default for a mass-market machine, but you'll run into weird gotchas if you want to do "programmer stuff" with it.