Hacker News new | past | comments | ask | show | jobs | submit login

Why is it strange to complain about randomly needing to grant applications access to apparently-unrelated permissions? This sounds exactly the same kind of weird handwaving Linux fanboys routinely get scolded for. And "It's better than Windows" doesn't make it good, but the fact is that you don't have to do this for any kind of keybinding in Windows, so it's neither here nor there.



It's strange because you have distorted the facts. iTerm doesn't "suddenly" ask for accessibility permissions. You, by your own description, have attempted to make global changes to the macOS GUI. That's a legitimate and expected situation for an accessibility permission dialog to show up.


Why does changing a keybind inside of iTerm 2 need global accessibility permissions? By my own words, it's not a global shortcut, because well, it wasn't.

> I'll try to set a keyboard shortcut (not a global one mind you)

(I will admit that the phrase "keyboard shortcut" instead of something like "key binding" likely lead to this confusion, but by the time this occurred to me, the edit window was already closed.)

This hit me just recently when trying to map Command+P to Control+P. I don't know if Command+P is somehow special, but if you want to try it for yourself, feel free.

Secondly, though, accessibility permission is a really large hammer. Typically that's a high level of privileges as it usually means being able to read and interact with just about everything on-screen. Granted, this is the reality of many desktop OSes today anyways, but that's the other thing. If I have to switch all of these permissions on for many apps anyways, is this really a good design? No, of course not.

I tried to keep my rant relatively contained, because the truth is I hate macOS a lot worse. A software I used to like a lot, SnagIt, has become progressively less usable as macOS has updated over time, presumably because apps that handle screenshots and video capture have had to get increasingly tricky to function. Just about every time SnagIt starts, it gives me a laundry list of permissions I need to grant it. I mean literally it has to be like 7 things. Most of them seem to stick, but apparently after the software updates some of them need to be done again.

This security model sucks in other ways too. Like for example, you have to give your terminal emulator full disk access. If you don't, really stupid things will happen. I accidentally ran brew update in a VS Code terminal. It worked! And promptly wiped out all of the granted permissions on all of the casks it updated, because VS Code (of course) doesn't have full disk access, and as part of the security model you can't just update an app without full disk access. I really wish that wasn't the default behavior, because it was genuinely just a mistake to use the VS Code terminal for that. But even worse, I really want to grant this permission to Brew and not literally everything I run in that terminal emulator, so this is pretty damn unideal.

I haven't even gotten into Gatekeeper, OCSP stapling, and all of the trouble I have gone through trying to sign apps for macOS and have it not need to phone home to check the signature. (I was also hit by that funny bug where programs were taking forever to execute because the exec syscall was hanging waiting for Apple's servers. Reminds me that I am on a "privacy friendly" OS.)

But seriously, I'm really only scratching the surface here. Don't get me wrong, I hate other OSes too. I have an ongoing rant right next to this one about how much I hate Windows 11, and I don't think I really need to express how bad desktop Linux is from a usability standpoint.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: