Hacker News new | past | comments | ask | show | jobs | submit login

Yes, I moved away too. So much dumbing down, so many things changed just for the sake of it. And of course no settings to revert it. Eventually it was just too annoying to upgrade.

A lot of it is security hardening but the problem is I have to give all control to Apple. There is no way for me to change anything in the read only OS part without the whole rigmarole of booting into recovery mode and blessing my changes with every update. There should be a way I can sign my own changes. It's the Apple way or the highway. And I'm running into more and more issues when the Apple way is just not good enough for me.

I'm really so happy with having options again with KDE. No more opinionated software for me.




They have long understood that security is always an argument to throw into the pot to justify their changes. Boot malware isn't really a widely spread problem in 22 and MS still pushes TPM 2.0. It is probably less about user security than control about users and machines.


This is what can happen when you turn off SIP on the Mac. You can’t trust developers to not be careless and/or malignant.

https://arstechnica.com/information-technology/2019/09/no-it...


Poor security design. App installers should definitely be sandboxed, "sip" or not. Preventing the local admin from making any changes due to lack of that, is fixing the wrong problem. Or perhaps not in a granular enough way.


So it’s “poor security design” when a user with root access specifically disables the security and bad things happen?


Yes, useful and destructive/fatal configuration should be separated.

If you have to remove a load-bearing pillar to install a light-switch, the design is poor, to say the least.


There are two separate levels

- root access - doesn’t disable SIP

- Disabling SIP requires you to go through many contortions.

People didn’t need to disable SIP to install Chrome. They were doing it for other reasons.


Yes, and those reasons are why I mentioned poor design.

This morning I was reminded, my work Mac has a dozen daemons trying to contact things I don't want, such as icloud, itunes, google, etc. A fraction of these are ostensibly useful, but I had to resort to Little Snitch to block them because the OS is read-only, i.e. insanity.

Even the user-hostile mess of Windows allows me to turn off the worse services... although even that is dwindling.


The OS is not “read only” if you go through contortions. But if you can write anything to the OS, so can anything you run




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: