Although possible to disable the feature, those steps are crazy complicated, and probably impossible for anyone who isn't a developer. (Apart from anything else, regular users should never be advised to disable SIP.)
A year ago, a Chrome update (its Keystone auto-update agent) corrupted system files in Macs which had SIP disabled [1]. The result was that they didn't boot anymore. Mac users who had SIP enabled were not affected.
I won't disable SIP and I'll avoid installing Google Chrome on my new Macs, if possible.
What stops a Linux program altering the system? I guess you need root access to change things outside of /usr/local this could easily be done on macOS too but the wheel had to be reinvented by Apple in a way that is probably less trustworthy.
With SIP you can't change some things even as root. SIP has definitely made macos a harder target, though it is still lagging Windows in some areas. Linux is almost comically unprotected.
You can check binary signatures on disk (tripwire) but that is extremely tiresome to maintain and does not prevent straight loading of shellcode into memory.
/usr/bin/vim was installed by my package manager, but there's no guarentee the version I'm running matches the version that was installed. Now in debian there is a file which has a checksum of the version the package installed, but that's not checked on execution, nor is it itself signed (so the process that replaced vim could just as easilly replace the checksum, or the process that checks the checksum)
You actually need root on macOS to modify anything under /System, and this was the case even before SIP. This is why some installers ask for the root password.
The issue is defaults. Personally, I prefer using an open source alternative OS where generally everything is disbled by default. (NetBSD is best exemple I have found.) Commercial OS like the ones created by Apple, Microsoft, Google, etc. have default settings that are opinionated, i.e., some users might not wish to choose these settings. This puts a burden on the user to disable or work around them somehow. Apple iOS and MacOS by default generate a considerable amount of network traffic to Apple servers as soon as they are powered on. When I power on a computer running NetBSD, there is by default no traffic to a corporate mothership.
Given the choice between (a) a corporate OS that requires me to perform some amount of work to "turn off" some "features" the corporation has enabled and (b) a non-corporate OS that requires me to perform some amount of work to "turn on" the "features" that I want to use, I prefer (b).
It seems to me that the issue with this approach is that those commercial OSs have to deal with a way more diverse audience than NetBSD and even Linux.
While most of Linux's audience (and probably practically all of NetBSD's) is rather technically inclined and could possibly be expected to turn on the security features as they need them, most of Windows' and macOS's audience will very likely have no idea that there is even an option to do this.
Also, software companies would probably take the easy route and just assume that since those features aren't enable by default, most people don't enable them and develop their software in a way which could be incompatible with them.
So I think that for an OS like macOS, where most people flock "because it just works and has no viruses", strict defaults are a sane choice. Having people go through hoops and click through warning messages would probably also push companies to better design their software.
In the end, I think the best way is for such features to be the default setup. But those OSs need to have an "escape hatch" for someone who actually wants those features disabled and actually understands the risks of disabling them. While macOS does (for the moment) have this hatch, it looks maybe /too/ complex. But then I think the difficulty of the exercise is in setting the "correct" level of complexity for this operation.
Well said. And frankly, this is true even of FOSS -- or why are there so many flavors of Linux?
Even technical users are going to differ in the sets of opinions they hold and are qualified to hold. I care about which Python I have installed. The virtual memory manager? Not so much. Someone else might, though.
The problem is that people who work on some specific fields (music, cinema, graphics) have almost no choice when choosing OS and computer.
Most of them won't even care about sending too much data to a company if that's the price to have the same device everyone else is using in their industry...
I have a G4 I bought for use as a DAW. It still has OS9; I never installed OSX as I knew it would probably slow things down. I never needed to connect the Mac to the internet. If I needed to send/receive files via internet I moved them via crossover cable to a laptop or PC that was connected to the internet.
People today, even more so than in the 2000's, have multiple computers. Would it still be feasible to have a Mac used for {music, cinema, graphics} that is not connected to the internet. Certainly one would have other computers that were connected to the internet and moving files between computers on the local network, preferably via Ethernet, is much faster.
But the point of me telling personal stories is not to suggest anyone could/should do the same things; on the contrary, it is to illustrate that "one size does not fit all". Today's Apple chooses for the user, rather than letting the user choose.
> The problem is that people who work on some specific fields (music, cinema, graphics) have almost no choice when choosing OS and computer.
Came here to say that.
> Most of them won't even care about sending too much data to a company if that's the price to have the same device everyone else is using in their industry...
I do, I truly do care. So much that I'm looking at open-source/Linux options, at least for my home projects. Doesn't look very bright on the video side, but DaVinci Resolve is at least available for Linux. Rawtherapee is getting there with local adjustments as we speak. Darktable has lots of power but terrible UX.
The problem is not the defaults. The problem is choice. When the motto is "just works", the system needs defaults that works. But savvy user needs to be able to change these things.
A more common use case for this kind of choice is corporate laptops. They usually set up their own policy on the laptop before handing it to employees for good reason. Firewalls are especially necessary to avoid leaking confidential information.
> Given the choice between (a) a corporate OS that requires me to perform some amount of work to "turn off" some "features" the corporation has enabled and (b) a non-corporate OS that requires me to perform some amount of work to "turn on" the "features" that I want to use, I prefer (b).
actually default on, is not a problem if it is easy to turn it off in that case.
if apple would have had a button to turn it off, we would be fine.
Defaults are opinionated per definition. You might agree or disagree with them.
I don't believe the defaults related to this issue are a problem; its the lack of transparency about this, coupled with it being difficult to change this. Probably every update you gotta fix that. That's akin to running a Hackintosh. And we all know macOS is moving towards iOS; not Hackintosh/PC.
You get industrial grade security solutions out of the box with many Linux distributions. You get namespaces, firewalls and seccomp for free with any Linux kernel, and any Linux system with systemd gets unprivileged containers and sandboxes for free, too. AppArmor exists for MAC, and there are userspace sandboxes.
How many user applications actually fashion a sandbox that is non-trivial to escape with those protections? I struggle to think of any outside of the more popular browsers. The Snap and Flatpak sandboxes are good case studies in the practical limits of Linux sandboxing: it’s rarely effective without designing your entire app around it because the way most applications interact with the system was never designed for it. X11 probably being the most egregious limiter, followed by no standard trusted file access UI.
On the server, there’s a reason Amazon built Firecracker and Google built gVisor instead of just using the Linux sandboxing primitives. I think calling them “industrial grade” is pushing it when they’re rarely used as the first line of defense against code that is expected to be actively hostile.
I agree with the thrust of you comment though, outside the webbrowser, proper sandboxing a barely used outside web browsers. However, I think the problem is as much social as technical. Every time Flatpak comes up, it mostly gets hostile reactions.
The situation is rather unfortunate. A lot of people believe that Linux is more secure than other operating systems, but in practice the Linux desktop is far less secure than e.g. macOS, iOS/iPadOS, or Android.
And no, you aren't safe because it is open source software. Sandboxing also protects against unknown vulnerabilities in open source software.
> On the server, there’s a reason Amazon built Firecracker and Google built gVisor instead of just using the Linux sandboxing primitives.
The reason is that Firecracker is a virtual machine, and Linux containers and sandboxing primitives are not meant to be used for virtual machines.
Pointing at Snap and Flatpak's "sandboxes" is disingenuous when they're notorious for having sandboxing as an after thought to app distribution.
When I say industrial grade, I mean that the sandboxing and isolation primitives that are used in industry are those that are either provided in the kernel, or are deployed as part of a standard Linux server deployment.
Firecracker is a virtual machine that exists to provide a container-level interface. It is not designed for nor capable of running a full virtual machine. GVisor is even less virtual machine like: in fact it originally only worked via a ptrace sandbox and added a KVM-based interface (without a real Linux guest kernel) latter to improve performance.
I point to snap and flatpak because outside of browsers they are AFAICT the only attempts to sandbox user applications on Linux. It would be disingenuous if there were some other apps or distribution channels doing a better job that I hadn’t mentioned, I’d love to hear of some.
> On the server, there’s a reason Amazon built Firecracker and Google built gVisor instead of just using the Linux sandboxing primitives. I think calling them “industrial grade” is pushing it when they’re rarely used as the first line of defense against code that is expected to be actively hostile.
actually firecracker is not a sandbox. it's basically qemu/libvirt and a minimal implementation of devices. it's qemu-kvm with a http interface and way less devices.
the reason why they rewritten qemu-kvm is because qemu-kvm contains a lot of code that is not needed and is way more bug prone. and also loading a kernel is way faster in firecracker since they optimized the kernel loading code.
I’m not sure of the distinction you’re drawing here. Originally Amazon used the Linux namespaces, cgroups, etc. for isolating Lambda invocations, but they only did this at the AWS account granularity (i.e. your Lambdas only shared the same VM with other Lambdas from your account) for security reasons. They built FirecrackerVM so they could run Lambdas freely on the same bare metal machine as others without having to group by tenant VM in this way. Obviously they found using the Linux primitives to be insufficient for maintaining isolation when dealing with hostile native code.
All you need to do is to know about the linked page and have it open on another computer, disable some initial disk protections, reboot into recovery while holding down some unmentioned key combinations, disable further restrictions by typing in cryptic Terminal commands that don't match the public names of the features they affect, reboot again, type in more cryptic commands as root to modify deeply nested system files and perform filesystem voodoo, and then reboot yet again with an optional prayer. Repeat for every OS update.
Yeah but as a counterpoint, most Hacker News users have used Linux at one point, which lets you run commands like `rm -rf /` as root. I think it's fair to allow power users to easily disable these protections.
Ironically, coreutils introduced[1] a requirement to add `--no-preserve-root` to `rm -rf /` way back in 2003, so that particular example doesn't really support the counterpoint you're trying to make.
The easier it is to opt out, the more likely it is for sketchy developers to guide tech-novice users through that process, the more likely it is for malicious actors to take advantage of those who opted out.
Ugh. I'd love to switch to Linux, but as a designer, I'm stuck. It's not a lack of understanding of how it works— Before I was a designer I was a developer, worked in IT for a while, worked in upper-level support for a while, and Linux was my primary personal and professional OS from the late 90s to like 2010.
Why don't I just run a closed-source OS in a VM? They are fussy. Having some weird graphics tablet driver problem or something can really kill the creative connection between me and my work, and if I'm coming down to the wire on a deadline, it can cost me a contract.
What about tools that work natively on Linux? They generally just don't work for professional design use. Whenever I say that, a billion people always jump in and say "Gimp and VivaDesigner and Natron and XYZ and PDQ" work fine for me," and to my astonishment, they always seem surprised that the same just isn't true in most (any?) professional workflows. Sure, with varying amounts (usually non-trivial) of extra effort I can cobble together a disparate set of tools that might sometimes yield similar results to professional design programs, but it's going to take significantly more work to produce possibly lower-quality results, and that's just not an option for a pro. If you were hiring someone to craft the image of your company in a crowded, competitive marketplace, would you pay them more to take longer and potentially end up with a suboptimal product just because they were only using OSS to do it?
A software developer could feasibly use something like windows notepad or pine to achieve the same results as an IDE, or even a more powerful text editor like SublimeText. For many non-professionals, people just editing a config file, or people making the occasional shell script, it does work fine. Better even, considering that the extra baggage of complex tools would actually slow them down rather than speed them up.
Some things changed for the good the last couple of years.
I am programming on Ubuntu (C#, PHP, Javascript) with Jetbrains software. This works absolutely great.
For 3D work I use Blender.
But for graphical work I agree that there are still alternatives missing.
Figma is a very good alternative for Sketch. Scribus is a good alternative for Indesign. Krita is very good for concept art. But that's about it.
Inscape is a good alternative for Illustrator, but only if you work in RGB.
Gimp can do what Photoshop can but it will take you 3 times as long.
But for me the trade-offs work. I want to own my computer so I choose to work in Gimp instead of Photoshop. I also started to design websites directly with CSS. And I switched from 3DsMax to Blender (which isn't a trade-off anymore).
It's like 75% as good as Photoshop, which is pretty amazing for a JS app. I've found things like quality of masking refinement tools— an absolute must in my workflows— to be lacking.
I think Blender and Figma are good, professional tools. For the rest of them, I'm sure they work fine if you don't need to produce extremely polished stuff at volume— but they're not even close to good for that use case. (which is what my comment was about) I could see a UX Designer who works primarily in wireframes and such things getting by fine with linux, but not someone who works primarily in visuals.
As you can read in my comment I agree with you. For example working with text in Gimp is just horrible. And Inkscape is very good untill you need it for CMYK.
But this thread is about owning your PC. And then I think all those trade-offs can be overcome. Sometimes this means thinking in other directions. For example the choice to design in CSS instead of Photoshop.
I don't think you can say: 'I cannot get away from Apple'.
But you can say: 'I choose to stay at Apple because I think it is more convenient'.
I have tried in 2008 with Ubuntu Studio, after spilling coffee on my Powerbook G4, to work in Linux as a UI designer full time and people don't realised the power of Inkscape at the time. 2017 I have used only Ubuntu LTS with Gnome and Affinity Designer in Win VM, full year.
This time around I think that is possible, and economically solid, the move from Apple to ARM and closed walls of App Store to create conditions for real Linux Desktop Revolution.
Yeah, Inkscape is great. Maybe Linux works for working exclusively with on-screen assets? Not there if you do a lot of print work/layout. It's not that there aren't any tools for it, it's just that the tools aren't even close to as smooth or productive.
At least you’re stuck on a Mac. I do motion design and I’m stuck on windows because of stupid Apple vs nvidia beef and apple only allowing you to have a good gpu if you pay for Mac Pro with Xeon you don’t need and expensive memory you don’t need.
I'm assuming your use case doesn't require that much compute power so maybe you could use an old Mac just for work stuff and a Linux machine for everything else?
get 2 machines then. Who says you need to have a single machine for everything? Get a Mac for your design work, treat it like an appliance, and use Linux for everything else on another machine. Problem solved.
While I like your solution in principle, I can imagine it complicating life awfully...
People email you assets/images for use in your production work: are you going to get that on your 'designer' machine or on your Linux box? Most likely the latter, now you have to transfer it over to the 'work' box. Not technically difficult, but a definite speed-bump in your workflow. Awkward.
Your online document-sharing/demos (say Dropbox, whatever): is that from the work box? the utility box? both? Again, not technically a train-smash, but... awkward. A discontinuity that you'll have to deal with multiple times a day, a detour in your flow.
I can see why many would consider it too much of a hassle.
Why professional users don't complain? I unfortunately need to keep Windows machine for pro tools I use and it took me some time to remove any telemetry plus I can still see with Glasswire some apps are sending traffic. Usually I send an email to the software provider and ask what they send. Unfortunately some don't even reply and there is no OSS alternative, so there you go. I wish pirates went a step further and instead of hacking DRM also removed calls home and telemetry. Should mods should be legal if you have a full version and I would pay for such mods.
I agree that Gimp et al are terrible, but why not use Figma? It’s a great design tool, and thanks to it being browser-based you can use it on any platform, including Linux.
Freedom is hard, and thingsbcosts money if you're not willing to put willpower - more news at 11
Jokes aside you don't have to do it if you're scared, and if you want to try you can always switch back and forth between machines / OSs so you use the most suited environment according to the limits of context and the job you need to do.
Much like you can aim at 0% environment pollution by gradually removing excess stuff instead of going full off the grid, you don't have to do a radical move. Use the tools you need for the job, aiming at result production while keeping a liquid approach.
Depending on your skills, willpower, effort, and willingness to abandon uninventive corporations you can be faster and more efficient. You're just not feeling comfortable investing time and effort, which is a sacred choice.
Please consider that things have changed since 2019, VMs support of tablets and color grading tools are a breeze and using tools that your competitors are scared to use will make you innovative. Godspeed~
I have gotten rid of almost any Apple only tools (OmniGraffle to Figma; OmniFocus, Things3, iA Writer, Ulysses, Alfred App to Emacs+Org, and some more), but there is only only a few left that I can‘t find a replacement for in Linux-land: DEVONthink for managing my thousands of documents (actually I just keep my files in DEVONthink and use the search feature, could end up using just file system), ScanSnap Manager (a driver for my Fujitsu Scanner plus a desktop app for scannning the documents, and Spotlight search that works from within every other app for instantly finding any document.
I guess I need to get a Thinkpad running Linux for slowly finding replacments for my tools, and migrate not within weeks, but spreading my migration process over months.
My most essential tool is Emacs / Org and Lisp, Python plus the terminal with some shell scripting for automating all my workflows.
Yes, I will miss the smoothness that comes from very tight integration of hardware and services, but I absolutely hate the path that Apple is on, slowly taking all freedom from its users, until macOS is as closed as iOS. This is against every conviction I have as a citizen for whose freedom it is essential to have control over the machine that enables me to connect to the world and do my work. We are no toddlers, Apple does not need to put us in a walled garden, a promised land without any malware and danger (that‘s the promise, but in reality they want to control every aspect of their ecosystem, like an emperor that wants to tax every aspect of acting and movement in his land).
If you don't mind, could you elaborate a bit on how you've replaced Alfred?
I use it heavily for:
* snippets (mostly for terminal so Termius might be an option but I also use it for non-terminal things)
* clipboard history (are there up to par alternatives?)
* workflows - mostly launching various websites, like Jira tickets with "<board> <ticket #>" or "c suponer" to conjugate Spanish verbs), but also for launching various shell scripts (like changing nameservers with "ns <provider>"), or keyboard shortcuts for playing specific sounds (for fun)
> I guess I need to get a Thinkpad running Linux for slowly finding replacments for my tools, and migrate not within weeks, but spreading my migration process over months.
I'm in the same boat. I've been eyeballing a Tuxedo Pulse 14, but have been thinking of getting a regular PC keyboard in the meantime for the Mac and play around with Linux in Virtualbox.
> I guess I need to get a Thinkpad running Linux for slowly finding replacments for my tools, and migrate not within weeks, but spreading my migration process over months.
Well, if you actually like to tinker from time to time just for tinkering's sake, this is a great approach I inadvertently took.
My daily driver for 7 years had been a late 2013 mbp, which still works and is plenty powerful for most of what I do. Then during the shelter in place period I installed a Arch on my desktop (which normally runs Windows for Photoshop, etc) just to experiment a little with ZFS on Linux, etc. Then I started using it more and more and now I rarely use my mac again. (note that I'm not new to linux, had been using it both on the desktop and the server for a very long time and my work laptop runs linux).
However, unlike you, I don't use many Apple-only tools mostly just Things and Bear. I haven't found replacements for those, but as they never were a critical part of what I do, it wasn't that big of a deal to just drop them.
> OmniFocus, Things3, iA Writer, Ulysses, Alfred App to Emacs+Org, and some more
All of these were replaced with org-mode and Emacs (and likely some other Linux features for Alfred). Doom Emacs is a good framework to explore Emacs as it supports both vim and Emacs bindings (there’s also cua-mode).
Emacs + Org-mode (once mastered) are excellent for both writing structured text (in org-mode‘s markup instead of markdown), and for managing tasks and projects.
With org-mode I have dozens of files for managing my projects and tasks. And I can mix notes with tasks. This is a feature that makes it exceptional. When I was using Things3 I liked the tiny section beneath the task description where I could type some notes about the task. With orgmode I can write a full outline beneath the task description.
Emacs is extremely flexible as it can be extended with packages written in Lisp. There are packages that allow me to navigate to any outline node in my ~ 200 org files within a second (ivy + counsel + ripgrep-integration, also org-ql which allows me to query my org files).
Also, I write large amounts of text with org-mode (it’s an excellent outliner too; been previously using OmniOutline) and convert to markdown or any other format via pandoc.
Emacs, once mastered is an application framework that allows me automate any workflow for which I previously used AppleScript, DEVONthink, Python, Bash.
Thinkpad T460p on arch linux for me (after getting macbook pro 2017 15 inch keyboard issues followed with cablegate immediately afterwards).
The T460p is a 2016/17 secondhand machine which cost USD235 which I then added a ram upgrade and a new 72Wh battery to. I don't miss the mbp at all and prefer the linux OS anyway.
It probably took me until this moment to realise I was largely falling for marketing in thinking only the best specs would do ...
This seems so negligent it's difficult for me to believe this was a mistake. Perhaps it could be argued that Apple doesn't want applications blocking the network traffic of trusted applications because there is limited upside to doing so and doing so may restrict core functionality such as system updates, etc. But surely the most reasonable explanation here is that Apple wants a back door to guarantee they can monitor your activity / allow intelligence agencies a way to access to your system?
No, that is not the most reasonable expectation. Fails both Occam's Razor and the laugh test.
To believe this, one has to believe that a $2 trillion company did this on purpose, knowing it would be revealed within hours and that it would take a major hit on the very reputation for user privacy and security that they have spent years building.
There are a lot of better explanations available than "Apple decided user security can fuck off and that clumsily collaborating with the bad guys in trivially-detectable ways was a way better plan".
Maybe you're right – I am quite a paranoid person.
I guess I just don't understand how this wasn't flagged as a concern when the feature was being worked on? How is it possible that Apple's engineering team built a backdoor like this without it raising serious security concerns? And if concerns were raised why was this not adequately pen tested prior to release?
I'm not sure what's worse from a reputational perspective... A company that prides itself on privacy but can't get something as basic as a firewall right, or a company that knows how to write secure software but occasionally puts backdoors in them for intelligence agencies?
I'd posit that if that were true, they'd probably never have made it to even a $2bn company, never mind $2tn. HN is - for Apple's intents and purposes - an insignificantly tiny bunch of people they're 95% not really interested in as customers.
Ultimately, there's little difference between incompetence and malevolence when acting in this level. Incompetence might actually be slightly worse.
The malevolent act on their best interest which is often predictable and limited. The incompetent simply give away data to every random badguy under the sun.
I'm done with Apple. It's incredibly restrictive for no real gain at this point. I have a really old MB Air I only ever use to compile apps for the App Store for clients, but otherwise there's no clear path towards improvement from them, so I'm voting with my wallet for the foreseeable future.
This reminds me of the old saying that it's impossible to work within an infected system to clean it --- and now that corporations have been "infecting" systems with such telemetry/spyware by default, that's even more true.
I believe Win10 was the first to do something like this --- it ignores the hosts files and firewall for certain hardcoded domain names and IPs.
I built something similar to this[1] for when I'm dealing with hosts I don't have complete control of -- to block outgoing connections. Now it seems there might be a more widespread use case.
Even an external firewall can't easily block everything. Just send telemetry over port 443 to an AWS server and most can't block it. You can't trust a device that need an outgoing firewall.
https://imgur.com/a/y0NPJ2o - DNS activity of my Mac PRO + Big Sur during the last 30 mins. This is a filter on `apple` domain so I'm not sure if I'm seeing everything since they might use other domains but heh - for the curious.
I hope this proof-of-concept is the last straw that gets Apple to walk this design decision back. Because if it doesn’t, I'm not looking forward to whatever it is that does.
I expect Apple to take the opposite path, not immediately, but eventually: disable sideloading and enforce a Mac App Store only policy on macOS, similar to iOS. After all, if all apps are reviewed and approved by Apple, there is no malware that can use this weakness or the future ones.
And I am sure the 30% cut and $100 annual fee has nothing to do with the decision either. Apple only cares about customers, not money. /s
> I expect Apple to take the opposite path, not immediately, but eventually: disable sideloading and enforce a Mac App Store only policy on macOS, similar to iOS
Yep. And when Apple does it, HN will celebrate. There's a certain type of person who's terrified by independence and freedom and who craves the comforting safety of rules and control. macOS will be the OS for that kind of person.
Apple has all but guaranteed that my current Mac will be my last. I have been using Macs since the Mac IIx, and my first Mac laptop was the Powerbook 190.
The only reason that I have my Mid 2018 Macbook Pro, is that I bought it in Budapest after my previous machine died, and the reseller Apple store was the only one that stocked English keycaps for the keyboard (they did have to unbox and change the keycaps).
My technology choices are starting to feel frustratingly niche. I am using Apple over Linux because I tired of having to mess around with the systems constantly to get things working. ItJustWorks™ is a powerful driver.
If I'm being honest with myself, it's also a question of access to paid apps. If I list all the apps I use on a daily basis, a bunch of them are Mac only, and an even smaller set run on Linux (even if they have a Windows version as well).
disable sideloading and enforce a Mac App Store only policy on macOS
People have been repeating that for years, since the Mac App Store was announced. It’s not in Apple’s interest to do it. There is a ton of software, open source in particular, that Apple benefits tremendously by. It costs Apple nothing to maintain the status quo.
Going Mac App Store only would drive tons of developers off the platform and do absolutely nothing to increase sales on the Store anyway. It would be widely panned as a ham-fisted move.
Apple single-handedly killed off the Safari extensions ecosystem for extremely dubious reasons. It would be inaccurate to say that they have locked down macOS to Mac App Store-only apps, but even if you ignore the embedded platforms the concerns about locking down macOS are extremely founded even as Apple repeatedly says they aren't trying to do this.
Apple developers would stay on the platform, regardless.
The GNU/Linux developers that have been giving money to Apple for a shinny UNIX, might go to Windows with WSL, which I doubt unless we are speaking about the crowd that only cares about POSIX and keeps calling that "Linux".
The GNU/Linux developers that have been giving money to Apple for a shiny UNIX instead of sponsoring OEMs, now they finally learn how Apple has always been, including before the days of almost getting to close shop.
In this context it can be a "power" move to push away developers who are unwilling to agree to further closing of the platform. As a result Apple will have only "the faithful ones" and will avoid reactions like recent Unreal fiasco ( in this case the faithful one is Unity). And as I see its working perfectly, most of tech you-tubers are in the bag by default, most of the designers and creative users are lazy (and technically challenged), corporate users, semi pros and regular iPhone crowd are already locked in and don't care. The only thing is someone to start legislative reaction, but this is hard and Apple has all the money. So this is the new norm. Machiavellian move with global impact:)
Game developers are more than happy to deal with such platforms, and I confess it was more fun to target the Amiga, knowing what to count on, than the mess that the PC has been since forever.
That crowd can turn on to their Pandora, GPX, Arduino, Raspberry, whatever SOC is going trendy.
As for Unreal I wish they learn their lesson, or be honest and create a lawsuit against Sony, Nintendo and Microsoft.
I think an argument can be construed that (one of) Apple's interests is to control what and how users can do on Apple devices. iOS-like lockdown seems entirely in line with that.
> Going Mac App Store only would drive tons of developers off the platform and do absolutely nothing to increase sales on the Store anyway.
And others would fill in the gap. The Store sales would inevitably have to go up – it would become the only way to get software on the device. Not like every user would immediately drop the Mac. I can imagine a non-trivial fraction of users wouldn't even notice that something has changed.
It wouldn't happen right next year, or in one go, but the more I think, the more I am growing convinced that it's sneaking up.
> It would be widely panned as a ham-fisted move.
If it doesn't affect the bottom line, it doesn't really matter. They got away with 4 years of perhaps the worst laptop keyboard of the decade; are getting away with inflicting the TouchBar price tag on tens of thousands of users(1), making devices unserviceable, and even with the matter in question.
Given Apple's size and user base, I'm afraid that outside of straight-up illegal activity, there's little Apple can't get away with. Especially if the janky move is factored into small, cruddy steps.
(1) I realize it's a lame point, but it annoys me personally
There are numerous excellent reasons why that will never happen. And why it’s not in Apple’s interest to do so.
The most obvious reason is that it would utterly destroy the Mac among influencer communities and developers.
But perhaps the most underrated reason is that Apple already has a managed computing platform in the iPad. Rather than the Mac becoming more locked down, I expect the iPad will become ever-more desktop-like and take over more and more market share from traditional computers.
I’d contend that an iMac-like desktop iPad is a more likely future product than a fully locked down Mac.
Developers on the Apple that matter to Apple are those using Objective-C and Swift, everything else was a nice thing back in the dark days of almost closing shop.
I commented on your Twitter post already, but I'll reiterate here. This is not a vulnerability, it is as intended. By default, you can only install Applications via the App Store on Big Sur, and AppProxyProvider only affects Applications installed via this method.
This has the dual-benefit of protecting casual users, and allowing power-users flexibility with any binaries that aren't sandboxed. From what I understand of your example, you used the bundled python installation to make the connection, the python binary is not sandboxed and is not affected by AppProxyProvider. This will be the case with any other binaries as well -- ping, ssh, etc...
You can get a lot more done today without Microsoft than you could 20 years ago, but it is very hard to not have an accessible copy of Word if you interact with lawyers (where formatting and change tracking matters, and mostly compatible like libreoffice or google docs is not sufficient.
Also, if you take remote tests for school (which was almost mandatory for some, and now for almost all), many places require you install some windows only rootkit so they could claim to have monitored you.
My children’s remote school mostly works without any MS stuff, but every now and then it doesn’t and I have to fire up a VM.
Monopoly is still there, even if it is not as tight as it once was.
I’ve used both windows and Apple developed operating systems for a long time, generally I agree with you - Microsoft is the trailblazer in user-hostile self interested decisions.
This however is something that Microsoft has absolutely dreamed about doing, but never had the power to actually make it happen. Apple wants to have the same power on the desktop that they have on iOS - no code not blessed (and taxed) by Apple run. This is what Apple wants, total control of everything executed by the cpu.
I guess it's will be to late when some "hackers from country X" gonna start to leak sensetive information on EU politicians and their relatives just before elections.
Saying "the EU wants to backdoor encryption" is like saying "the USA wants to backdoor encryption" when one working group is talking about it. "The EU" doesn't want backdoors in encryption just like American politicians don't all agree with trump's Twitter mania.
I have no idea how they ever expected this to work. Seems it would be trivial to proxy a c&c through apps with access. All you need is a signal, any signal, to the outside world. If air gaps can be beat, this concept was doomed from the start, unless I'm missing something.
This is a deal breaker for me. Little Snitch is absolutely 100% essential for privacy. I’m staying on MacOS Catalina until they pry it off my cold dead hands.
If the 16inch came with Mojave that would be my safe place too. Killing 32bit apps and now bypssing firewalls. They really are a selfish engineering group.
Does it look like the software part of Apple has been consistently grappled with controversial decisions?
I heard Apple has been very secretive in its development. Maybe it works for hardware, but software is an area where collaboration across teams are very important, isolated bubble breeds incompetence and politics.
I don’t think there’s any secrecy left nowadays with Apple’s hardware, just a theatre. Their presentations are the least surprising of all tech firms - partly due leaks part due to super conservative feature development (if any).
Yeah, I remember when their hardware announcements were pretty much airtight. Up to Apple black-balling Gizmodo from all events after Gizmodo got ahold of an unreleased iPhone an employee had lost. Even then the phone was disguised inside the shell of an older model. [0]
The person that found the phone only poked around after he was confused when it went bricked a few hours later (remotely done by Apple). Then they actually tried to get it back to Apple, and got blown off. That's when they contacted Gizmodo. I think Apple was pissed that Gizmodo paid $5,000 to get it from the finder and didn't return it immediately to Apple without question or inspection.
Classic projection. Say one thing do another. If that is not an example of hostile company then I don't know what is. At least they don't yet harvest your DNA, make a clone of you and force him or her to work in their factories.
Why? As long as you're not getting the ARM ones, you can stick on 10.15 - which is something many will do anyway for at least a year until Apple irons out the worst bugs of BS.
Only thing I'm still pissed about 10.15 is that Wine still can't run 32-bit apps.
You can stay on an older version for a little while, maybe a year at most until it stops getting patches. Then you get to make the choice of using an OS that's vulnerable to exploits and an OS with a gigantic backdoor in it.
Ah excuse me for that. 2 years of additional lifespan is still painfully short for a deprecated OS. Even free OSes like Ubuntu LTS get more years of support than versions of macOS (Ubuntu LTS release cycle of 2 years minus 5 years of support = 3 years of additional support after deprecation).
TBH, I didn't expect this. I've been wary of the iOSification of the mac for a while now (and following that, splitting Apple, effectively killing the mac), but I hadn't expected them to do something so dumb with the network routing. What benefit does it bring them?
Apart from security implications I can see multiple privacy issues here. Apple's services may attempt connections to non-Apple resources as well as Apple's.
My understanding is that trustd (Trust Daemon) will be allowed to report/validate (OCSP? CT?) certificates anywhere issuer points it to, and that nsurlsessiond (NSURLSession Daemon) will be allowed to attempt any connections other Apple processes will tell it to. From what I observed, opening a single podcast in Podcasts.app sometimes results in nsurlsessiond connecting to resources under multiple different domains.
My pessimistic view of today's techworld tells me to follow the money on this and that I might not be able to block in-system ads in some future.
Of course when this possibility was raised 25 days ago on HN [1] there was a swarm of apologists who figured the superior Apple services needed no firewall interception (and just 2 days ago we learned that hell yes, they do!) and that this was all by design and impervious to abuse by other apps.
Turns out, no, macOS is still written by the same old skeleton crew at Apple and they still introduce trivial problems in most things they do.
In the Vault 7 leaks, Little Snitch was mentioned as something three letter people had problems with circumventing. I think it's worth considering whether this new attack surface is there by design:
I didn't follow up on the Reuters news piece from January titled "Exclusive: Apple dropped plan for encrypting backups after FBI complained - sources". Has it been confirmed? If yes, then your assertion is most probably correct.
That Reuter's piece is original reporting that Apple never responded to, so I would say that it's all but confirmed that they did in fact do this at the FBI's request.
I try to forget those in between years of of System 7 / OS8 / OS9. They all gave me deep scars through countless hours spent troubleshooting extension conflicts. All while seeing the unhelpful, literal bomb icon dozens of times in a row [0]. The windows BSOD was bad, but at least it never mocked you about the OS blowing up.
More details: In theory, extension troubleshooting should have been easy. 1) Boot with them off. If it boots, it's the extensions. 2) Turn half off. If it boots, you know it's the other half. 3) Repeat step #2 with the remaining extensions until you find the offending one.
Except it wasn't always a single one. It could be a problem that only occurred when a combination were active. So you'd go through the much higher # of combinations of turning certain groups on together... the first 5 & third 5 extensions, etc... Sometimes even that wouldn't work, and you'd be stuck opening programs you knew used certain extensions to force them into activity. Eventually, if you were lucky, you'd find the one corrupt extension and reinstall it. But if all else failed, you backed up the data with all extensions disabled, blew out the OS with a clean install and reinstall all the programs & restore the backup.
GP is saying that the same teams have been working on macOS as before, implying they are just as fallible as previous iterations of macOS authors were by "same old", and implying that they are understaffed for the task by calling them a "skeleton crew"[0]
I could really use a "special edition" of MacOS - sort of like what happened with XP in the later days. Strip out all the Apple stuff, privacy failures, and excessive gatekeeping [$] and just leave the raw OS.
What UNIX are you thinking of? Even the Berkeley distribution appeared to require a license from AT&T to use, for V7 UNIX. Anything with AT&T's code was litigiously protected, culminating in a law suit in the 90s against 4.4BSD Lite, which was the first to claim to be rid of all AT&T code. Are you saying most installations were just unlicensed copies?
The previous discussion was about how Big Sur has some built-in exceptions for Apple software.
The current discussion is about the discovery that these built-in exceptions can also be abused by non-Apple software, rendering the firewall completely ineffective.
Has anyone tested if disabling the 'Automatically allow built-in software to receive incoming connections' setting in the Firewall config changes this behavior? Seems like it might be attached to that static list of whitelisted processes.
Apple is allowing apps to specifically their own DNS over HTTPs. This DOH setting will not be transparent to the user and will be per application. So imagine a world where each app can bypass your system network settings .... already here
Trying to understand this as someone who is not sophisticated about security issues. It SOUNDS like, if you have a Big Sur machine that runs no software other than Apple's and software downloaded from App Store, this isn't an issue.
The problem is if you install non-App Store software. Most people don't need to do that, but of course, the types of users who frequently Hacker News frequently will. So they run the risk of installing, and using, malicious software.
I myself do install non-App Store software sometimes. Prior to Big Sur, I could use Little Snitch and be sure I knew what servers it was communicating with. With Big Sur, I can't.
Pretty much any file you could open on your computer can be used to install malware (given the right conditions). It’s not limited to applications. And that malware can now hijack these services that bypass firewalls, VPNs, etc undetected.
Thank you. I am not sophisticated about these things so let me ask a follow-up. By "open" a file, most end users think of documents that are opened by applications... either from the App Store or from Apple.
I think you are thinking about things like shell scripts, binary executables that run in the terminal which being an official Mac "Application", etc. Is that right?
Malware can be embedded in just about anything. PDFs and other documents are a common vector. While scripts and executables are obviously a greater risk, it’s pretty easy to mask malware as those files as well.
For something like a PDF, macOS would open Preview, or some other PDF-handling app, to handle it if the user opens it in the Finder. So the PDF would have to have code in it that exploited some security weakness in the associated app that would cause the code to be executed, correct?
Apparently Patrick Wardle describes a security hole, which uses the NetworkExtension framework to make it as if his code is Apple code, and thus ignores the firewall rules. My guess is, that it'll get patched and that will be that.
If you think about it, blocking OS stuff makes less sense. You're already trusting the OS to a great degree.
(I can understand the need for most people to control the OS to a great degree, but personally I don't feel that need for macOS, which is my workhorse.)
You should be able to deny/allow connections for any app, including 1st party apps.
This isn’t only an issue of trust. There are apps made to meter your connection (e.g. when you’re using your phone as a Personal Hotspot), where you’d like to see how much bw your 1st party apps are using, and have the option to block them.
Yes, but you won't have much visibility into anything encrypted (HTTPS). Which is everything. You'll just see opaque traffic going to certain IP addresses and you also won't know what process on the computer caused it. Doing this in the OS is way nicer.
Personally, I fixed this by getting an unlimited mobile data subscription, which was only €20/month here in The Netherlands. But I understand that most people can't get that.
What does seem weird to me, is that they didn't implement a low data mode into macOS, like they do with iOS.
For me that begs the question as to why this mechanism exists in the first place, though. Maybe apple will patch this vulnerability but people will find a way to exploit it again.
I'm sure there are advantages to system processes avoiding the firewall (inept admins unable to block updates for example) but does that outweigh the downsides?
% cd /System/Library/Frameworks/
% cd NetworkExtension.framework/
% cd Versions/A/Resources/
% ls -l Info.plist
-rw-r--r-- 1 root wheel 8.9K Jan 1 2020 Info.plist
⇒ I think this requires root. That, IMO, would make it less of an issue (maybe even a good thing, given the complaints people have about Apple not giving them control over their hardware)
IMO, this issue is not about the existence of the feature, but about non-Apple software being able to take advantage of it. For that requiring root, IMO, is relevant.
Is Big Sur compliant with GDPR? Do they list what they send and why and is it opt in? Or the OS is using a loophole that GDPR only applies to the web? I think people should start sending GDPR complaints to Apple. But even if Apple gets multi billion fine, it won't affect them in any way apart from loss of PR points.
Please file new bugs for this even though it has obviously been already reported to Apple. Apple always touts that the more reports it gets for an issue, the more attention it’ll get.
I love this though, finally the GNU/Linux crowd that has been giving money to Apple for convinience, instead of sponsoring Linux OEMs gets the message.
Wouldn't you rather they give money to Apple, so there's an alternative OS to pure UNIX/Linux conformance (with Mach, file hierarchy changes, and tons of added stuff), Swift, and so on? That puts some actual pressure to those Linux OEMs and distros...
With sponsoring Linux OEMs instead we'd still have more of the same beige boxes, no new major architecture like ARM on the desktop, a Windows-2005 state of desktop environments (Linux DEs and Windows have both not just copied but dragged behind OSX/macOS changes ever since Aqua, like adding compositors, expose view, and so on, instead of coming up with their own ideas, GNOME/KDE advertise and redo on every new release stuff that was already in Windows in 2002), and so on.
I buy into Apple ecosystem for what it is, the progression of NeXTSTEP ideas (whose I came in touch with during my thesis), where UNIX compatibility was only used to bring stuff into the platform and have a place at the 90's workstation wars.
That is what Apple platforms are all about, an alternative OS design, where UNIX compatibility is good figuration, but will never get a main actor role.
By sponsoring GNU/Linux OEMs I mean paying companies like Tuxedo, Asus, Elementary, System76,..., just don't pay someone else to develop on their OS expecting to improve GNU/Linux ecosystem.
WSL is going to be the same, Microsoft just discovered that there is this crowd that cares more about POSIX tools, keeps calling them "Linux", but what they really want is anything that seems like UNIX, so out of the ashes from Project Astoria and Drawbriges, WSL got born and advertised to the masses unhappy with "GNU/Linux" on macOS.
As for the lack of creativity you point out, I fully agree with you, GNU/Linux desktop experience feels like those guys that buy a Fiat Spider and then stick a Ferrari logo into it.
>As for the lack of creativity you point out, I fully agree with you, GNU/Linux desktop experience feels like those guys that buy a Fiat Spider and then stick a Ferrari logo into it.
Yeah, could not put it better.
The sad thing is there are tons of things they could do to differentiate from macOS/Windows and build something better, but the only thing they do is "copying the same" + "more customization" but with lesser production values (due to less resources, more fragmentation, more customization meaning less coherence, no unified vision(s), etc).
Fucsia is the only alternative OS project (real in the sense with money and a player behind it, there are tons of academic toy OSes that ultimately wont matter), trying to do something at the 2020-level, but knowing the attencion span, lack of vision, and culture of Google it wont go anywhere, or just end up as a ho-hum replacement for Android.
There's lots of resistance, cargo cult, and ceremony, at the Linux distro level, and some things need a big player with lots of resources to push them. Canonical is not that big, and doesn't really do that well anyway (even assuming it's interested). And because Linux is mostly hardcore devs and enthusiasts, it's difficult to sell them any major change to the way things have always been.
One idea for example that sounded like a move forward is something like GoboLinux fs structure. But of course that will get ridiculed by most Linux greybeards because it's not like things have always been. Some for something like NixOS. And that's just of the FHS layer -- imagine the resistance to changes to more classic layers (e.g. the hate something like systemd still gets).
Apple can change things more easily because they can do it end to end, and millions of consumers don't expect things to stay like NextSTEP forever, or care about strict POSIX adherence), but they still get all the hate on HN for many moves.
And of course nobody appreciates the hard work of moving e.g. 500,000,000 devices or more (iOS + macOS) to a new filesystem you have developed in the span of 5 or so years - but they notice all the baby issues that pop up (while similar issues to e.g. fs changes in Linux distros, with all the fragmentation, and "DIY" go unnoticed, or pinned to the user as responsible who switched from ext4 to something else etc.).
https://tinyapps.org/blog/202010210700_whose_computer_is_it....
And a humorous guide on disabling protections like code signing and notarization:
https://www.naut.ca/blog/2020/11/13/forbidden-commands-to-li...