
macOS 10.15 Vista - feross
https://tyler.io/macos-10-15-vista/
======
ohazi
Maybe we _should_ be angry?

Apple has been neglecting OS X since Snow Leopard, thinking that iOS is the
only thing worth investing in. Microsoft apparently agrees -- they chopped up
the Windows team last year, pushing out the Windows chief and dumping the
remaining re-orged husk under Azure. Just for security reasons alone, it
should be terrifying that there isn't a standalone Windows group anymore.

Windows hasn't been usable since 7; the current version literally requires you
to let it reboot itself on a 9-5 schedule. And now this with Apple, _again_.

Can we move on already? Most of us spend at least half of our waking hours
interacting with a desktop operating system, most of us use either OS X or
Windows, and yet _both_ of these companies have made it clear that their
desktop OSes are no longer a priority! Why are so many of us still putting up
with this?

I know people like to knock Linux-on-the-desktop, but you know what? I can go
buy a Thinkpad, spend 20 minutes putting Debian or Ubuntu on it, and it'll
just work, and I'll get software updates forever. I used to care about flashy
widgets back when Gnome was cloning old OS X features, but now I just use XFCE
because it looks reasonable, it works, and it stays the fuck out of my way.
And when there are bugs, people make a little noise, and then they get fixed.
Remind me again what version of bash Apple ships? I don't have the time or the
energy to work around that crap anymore.

~~~
ashishb
WiFi, battery, and sleep. Have these problems been fixed with Linux on
laptops?

~~~
ohazi
Wifi: The advice from five years ago was to select/buy the Intel wifi card.
Those are the only ones I've used, and they've all Just Worked. Intel cards
are the only option if you're buying a Thinkpad.

Sleep and hibernate: Works on every Lenovo I've used.

Battery: My most recent laptop gets around 8-9 hours with a new battery on a
normal workload, and when it drops to 3 hours, I buy a new battery.

~~~
haspok
On newer kernels (4.8+) and latest Ubuntu my Thinkpad L390 freezes
consistently when I try to suspend. It's gotten a bit better with 5.0.0.31,
now suspend works 50% of the cases when I select it manually from the menu,
and the laptop is connected to power. Otherwise, 90% freeze.

Even my old trusty XPS 13 started not to go to sleep 1 out of 10 times. There
must have been a serious regression in the kernel, but no one seems to care.

For this reason alone, I started to seriously consider giving up Linux on the
desktop.

~~~
neuronic
No Linux distro has ever just worked with Sleep and/or WiFi. My last Linux
machine (Ubuntu) would never be able to connect to WiFi after sleep mode.
Believe me, I tried everything you can think of and find in various
StackExchange posts.

When a GRUB update destroyed my dual-boot setup and made my system completely
unrecoverable, I ditched Linux and never looked back. Using OpenOffice or
LibreOffice was also more akin to self-punishment usually seen in medieval
monks.

As a student, all these problems were okay, but nowadays I don't have the time
to constantly fight against my own OS to finally figure out that I have to
adjust my fan speed rotation coefficient to make the third party WiFi driver
work.

------
Razengan
Apple seems to be forgetting their own credo against nag-based security:

[https://i.imgur.com/qbUy5aH.png](https://i.imgur.com/qbUy5aH.png) (from an
ancient WWDC slide mocking the Windows approach.)

They may have overdone it in a few cases, and not done anything where it's
really needed (like a unified list of all third-party startup items, such as
Google’s sneaky Keystone malware, or seeing all outgoing data and connection
attempts like Little Snitch shows), but as other commenters have mentioned, it
lets me catch various apps overreaching into my computer for things they just
don't need to function, and I definitely appreciate that.

Another thing I wish they would do is provide an infallible way to verify
system password request dialogs. Not long ago DropBox used to show you a fake
dialog that then stole your administrator password. There should be a list
inside System Preferences where you can go and see all the authentic password
request dialogs that are currently being shown.

In short, they should move away from _nagging_ to better _monitoring_ and
reporting.

~~~
trymas
> Not long ago DropBox used to show you a fake dialog that then stole your
> administrator password.

Wow. What the hell? Can you provide any sources to read about this more?

~~~
JustFinishedBSG
[https://applehelpwriter.com/2016/07/28/revealing-dropboxs-
di...](https://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-
security-hack/)

Dropbox imitated a system dialog box in order to get your password to give
itself system level permissions without asking you.

~~~
trymas
Thank you.

I am speechless on the behaviour from DropBox.

I wonder why I have never heard of this and I do not remember any major
security scandal regarding DropBox stealing your admin passwords, but maybe
that information just went around me for some reason.. :)

EDIT: I wonder how this was implemented, I imagine that any app, can recreate
a pixel perfect dialog imitating system dialog asking for password and steal
your sensitive information, though how can app add itself to accessibility
list programatically? I am not knowledgable of MacOS API and somehow I think
apps should be prevented to be able to do this on their own. Was it a MacOS
security bug? What else DropBox did "under the hood" with admin password that
we do not know of yet?

~~~
pilif
It was the OS dialog which allows apps to customize the prompt text. No need
to fake anything. That article was wrong.

Check the HN discussion from back in the day

------
etchalon
I understand this is chaos, but it's chaos because it has to be. There's no
way to move users from an world of opaque "if it's an application, it can do
anything it wants" to a world of "applications should ask me when they want to
do something" transparency.

The idea that Apple doesn't care about the Mac because it's trying to
explicitly improve our privacy and security is … weird.

~~~
mathemagics
Agree that it is overall an improved experience. After upgrading, I discovered
that a VPN app wanted access to my Documents folder. No reason it would need
that, so I simply denied it. Lo and behold, the app continues to work just
fine as expected. IMO, this alone is a big reason to upgrade to Catalina.

~~~
cactus2093
I wonder if maybe it just stores a settings file in there or something?

I've seen similar things with apps that request access to Dropbox or Google
Drive just not being scoped granularly enough, so they just ask for access to
your entire account to control a single file or folder. Which leads to a
shitty situation, either you give up functionality like being able to
declaratively override settings and sync them between machines, or you
compromise your security and allow access. There's no way the PM for the
product actually cares about granular permission scoping, so of course nobody
actually implements in a safer way where you don't have to make this choice.

I haven't looked closely at the new MacOS permissions and how granular they
can be, but I'm kind of curious how this will turn out. I suspect the average
person will just get used to clicking allow on everything, so developers won't
actually care about only asking for what they need, and not much will actually
improve about security. But I hope to be proven wrong.

~~~
72deluxe
Settings should be under ~/Library somewhere (perhaps ~/Library/Preferences?)
and not in the Documents directory.

~~~
cactus2093
I've seen a number of apps that store settings or presets in Documents. Kind
of the same ideas as dotfiles in your home directory, which seems pretty
reasonable and I don't think there's one agreed right place for any of this.

A nice benefit of storing them in Documents is that it syncs to icloud
automatically even on the free tier, so you can share it between all your
computers.

------
iamleppert
This isn’t a “step forward in user privacy” or whatever the others here are
saying. It’s a mess and very poorly executed UX.

Users will tend to feel overwhelmed and just click through modals when they
are presented in this way. Displaying stacks of modals is an anti-pattern.

The right thing to do would have been to create a migration UX that allows
quick review and audit of application permissions, presented in a table,
sorted by applications that are requesting the most permissions. With a clear
explanation of what’s happening and why a review is now needed. That would be
a step forward in user privacy and informed consent.

Anyone defending such an abomination of UX should have their software
designing license revoked.

~~~
judge2020
FWIW, every program looks like one that usually is set to start at startup;
the intent is to have the dialogue only show up when you start an app for the
first time. Since so many background apps were running at startup they all
slowly needed to ask for their permissions.

> create a migration UX

Might not be possible if the previous MacOS isn't full-on tracking what
folders a program is accessing, and it still would likely encourage allowing
all permissions if the user has more than 30 different programs accessing
enough folders.

~~~
oconnore
If you were ok running your previous apps you should also be ok with gathering
usage data for a week before the OS attempts to do a hard cut-over to a more
secure model.

~~~
thirtyseven
It seems like this would be very difficult to implement securely. You
basically would have to preserve the old, unsafe mode and hope that nobody
circumvents whatever restrictions you put in place to make sure that it only
applies to the pre-migration apps .

~~~
judge2020
If all of 10.14 were tracking it there probably wouldn't be much issue, but
i'll bet the average MacOS user doesn't have more than 5 startups apps that
would show this dialogue; that combined with this happening exactly once
during the upgrade process means it's not a big priority for Apple to address.

------
013a
I'm astounded with some of the user security dialogs that Macs display. I got
one today: "VSCode wants to make some changes. Deny or Allow." That was the
exact wording.

Seriously? THIS. BENEFITS. NO. ONE.

The only thing I can figure is that, somehow, Mac has required applications to
display something to the user to get their permission to make some substantial
system-level changes. But the application is, I guess?, allowed to fill in the
message dialog. I can't believe that wording came from Apple; I assume it was
Microsoft, who I do trust as much as anyone, so I'll approve it, but this
leaves a lingering question:

Either Apple actually did write that, or they allow applications published by
"whoever" to fill in "whatever" messaging they want to get the user to click
Yes. It's absolutely unacceptable behavior.

I'd say I'm done with Apple, but there isn't a personal computing platform who
gets this right. Every Apple employee reading this article should be ashamed.
Every Microsoft employee should be ashamed. Everyone just Needs To Do Better.

What is Better? I don't know, off-hand. It's not easy, but I'd imagine why
that's why these companies are paid billions of dollars. For starters: If I
install around your centralized certificate signing authority to install
something, I Trust That Application. It doesn't need to alert me every time it
makes a change. And if I install it through your store, then I also trust it,
because you trust it. So why do I get so many damn "Approve This Change"
notifications? I should get ZERO after the install.

I get that most users aren't as savvy as me, but that's why you're making it
so hard to bypass that central certificate signing authority, and I'm fine
with that. It's the lingering notifications that make zero sense. Fix your
shit, Apple, because I haven't encountered anyone that's ecstatic with
anything you've released in the past 18 months.

~~~
ericd
My favorite are the dialogs whose only options are "Do the thing we want" or
"Learn more about the thing we want" with no option to dismiss. Slightly less
terrible are the daily dialogs that give the options "Do the thing we want" or
"Bug me tomorrow". More and more, Apple devs seem to have contempt for the
idea that the user should be in control.

They haven't quite descended to Microsoft levels of "We're restarting your
computer now kthxbye", but it's a grim, user hostile path they're on, at least
with notifications.

~~~
asdff
Just as I've read this comment, I got a 60 second restart countdown
notification for untold software updates. Like what if I got up to do
something found all my shit locked up behind an update that to date cannot
report an accurate timeframe (why bother reporting one at all if they haven't
been right since my first mac with tiger). I'm not even on catalina yet, so
maybe that's it.

I don't know what's with microsoft and apple. When I'm in the middle of using
my computer is not the time to close everything and lock the machine down for
30+ minutes for an update. I'm going to say no every single time.

~~~
ericd
Haha I guess that was bound to happen, given the number of HNers. I don't
remember the last time I saw that one, though, whereas my Windows box is
always trying to restart itself (despite frequently succeeding). I'm currently
beating back iCloud notifications.

Man, I miss Snow Leopard. I think that was peak OS X for me.

~~~
lovelyviking
Miss Snow Leopard too, last sane release ... everything was in a much better
balance and care. I keep it in one machine as reference point to make sure I
am writing good apps.

------
geerlingguy
This is kind of the same as the first time you enable Little Snitch. IMO it’s
good to reveal that you’re running dozens of applications with basically full
access to all your files.

I’d rather give additive permissions to applications, since I’ve seen evidence
time and again that security is one of the lowest priorities for most
development shops.

It’s annoying the first time after upgrading (I haven’t done it yet), but it
is infrequent after that.

Except for the Safari 13 download authorization prompt for every domain. That
is a little more annoying to me.

~~~
ilumanty
Using Little Snitch is an explicit choice. It would be weird of Apple to
assume that users _want_ to see all those messages and peek into the clockwork
at the first occasion.

------
Gaelan
You know, this is a pretty apt analogy. Vista (apparently) was considered
terrible primarily because it ripped off the band-aid and made a bunch of
inconvenient but important-for-security-in-the-long-term changes. [0]

[0]:
[https://twitter.com/swiftonsecurity/status/85185740489147187...](https://twitter.com/swiftonsecurity/status/851857404891471872)

~~~
Yetanfou
Well, that, plus the fact that it was resource-heavy. This was compounded by
the fact that a lot of hardware was sold as being 'Vista-ready' while in
reality being incapable of running the overly-fancy graphics-heavy 'glass'
shell. It also had a number of performance problems (e.g. slow file copy)
which only got sorted out in Windows 7. Oh, let's not forget the fact that
Vista was supposed to be Longhorn, the OS of the future with a database file
system and all sorts of fancy stuff which was either dropped due to
performance problems or never left the lab in the first place.

~~~
kbenson
> Oh, let's not forget the fact that Vista was supposed to be Longhorn, the OS
> of the future with a database file system

This sounded interesting when I first heard about it, long before Vista came
out. Now when I see it I wonder what they were trying to do. A file system
_is_ a database, with a well understood user API. So what were they going to
add? Tagging? Application level views of the system? None of t hat seems like
something that would require anything more than an extension that handled
additional metadata.

~~~
stickfigure
_A file system is a database, with a well understood user API._

Yes, a terrible API which works poorly for most home use cases.

You probably have music on your computer. In your hierarchical filesystem, do
you organize it by Genre/Artist/Album or Artist/Album? Do music videos live in
the same Artist directory or in a separate "video" folder?

Chances are you don't know/care because you're using an app like iTunes that
builds a custom database on top of the filesystem. And something like Photos
that reinvents a totally different custom database. And more database
reinventions for email, ebooks, games, karaoke files, voice memos, calendar
appointments, etc... all proprietary file formats without published APIs.

Data doesn't want to be organized in a single static hierarchy.

~~~
kbenson
I take it you missed the part where I said " None of t hat seems like
something that would require anything more than an extension that handled
additional metadata"? I'm not saying don't add additional data that can be
fast indexed and trackable, I'm just not sure why it requires a rewrite from
the ground up and isn't additional data that is tracked tacked onto the file
metadata. I mean, what is that not going to be able to support that _just_ the
new metadata would? The difference is whether you _also_ have a hierarchical
location stored or not.

The only thing that comes to mind is ACL tracking and it getting a bit complex
from different access types, but I can think of a few options to work with
that already.

~~~
stickfigure
So you want to take existing filesystem technology, and build additional
indexing and query capabilities so that it can handle nonhierarchical data?
Sounds like a great idea. Let's call it "Longhorn".

~~~
kbenson
I think you mean WinFS. Longhorn is a whole release codename, which
encompassed many new features.

Given that a beta WinFS eventually was made available as a separate download
years after even it's beta was slated to be released[1], I suspect they did
what I outlined above - _eventually_. Otherwise, I'm not sure why a bolt on
component to the system would require so long and miss deadlines like it did.

1:
[https://en.wikipedia.org/wiki/WinFS#Development](https://en.wikipedia.org/wiki/WinFS#Development)

------
yowlingcat
Very sad to agree with this entire post. I hate to essentialize it to an
already checked and problematic mythology of Jobs-Ives, but it seems like all
of the air left the sails after Jobs passed. The OS versions are getting
unreservedly worse, likewise with the hardware -- it's active regression
rather than stagnation.

When it comes to having a quality laptop and OS to get work done, I would at
least be happy with stagnation if the stagnation point occurred around the era
of the best MBPs -- late model MBPr 15s, ~2012 to 2015-2016. I'm typing this
one one right now. It's a little long in the tooth, but I'm horrified to
update to a newer one and have to get the whole bottom panel replaced, yet
again.

I'm hoping to defer this decision by a year or two, but I'm sure I'll have to
bite the bullet eventually, and every year, I hope that it's not going to be
worse, so that it'll at least be good enough. Sadly, it looks like that hope
may yet be naive.

~~~
wil421
Why do you think the hardware and software versions are getting worse? My late
2017 15 inch rMBP is a lot better than my 2011 MBP. I also like the recent
releases of MacOS. Dark mode, stacks on desktop, seeing Meta data in preview,
and the new screenshot tool are a few Mojave features I like.

Memory compression in Mavericks was also something I feel is great. Although I
never dealt with it directly as a programmer, only a user.

~~~
bsder
2017 may be significantly better that 2011, but it's _NOT_ significantly
better than the early 2015 Retina's.

The problem Apple has is that the early-2015 Macbook Pro Retina's _really_ hit
the balance point with the physical form factor. Enough heft to feel solid
without too much weight. Enough battery life to do real work. A solid set of
ports: HDMI. Magsafe. USB 3.0 ports. A keyboard that doesn't break due to
random micron-sized dust particles.

So, a _LOT_ of people want a 2015 Macbook Pro but with _ONLY_ the tweaks to
bring it forward to 2019 _technically_ (memory, CPU, display, change to the
two Thunderbolt 2 connectors to USB-C Thunderbolt 3) while leaving it in 2015
physically.

~~~
Solvitieg
I think the stagnation you're describing is not unique to Apple.

The marketplace has become much more competitive as innovation has pretty much
stalled.

I'm thinking of moving back to Mac OS after being on Windows for the last six
years.

------
wilg
This isn't ideal, but it also looks to be because there's a ton of power user
stuff installed, which is going to require lots of permissions. And you really
do need to ask the user individually.

~~~
r00fus
This. My parents would never deal with this because they don't run Hazel,
Alfred, Bartender, etc.

I run some of them, but I'm fine with hard transitions.

------
greggman2
I for one am super happy for these permission dialogs. They help me know which
apps are doing what and tell them, no, you can't do that!

Going from the old model, a native app can do almost anything to the new
model, a native app has to ask permission means that yes, there is a one time
issue of having to give all apps the permissions you want them to have. That
happens just once though on this transition. Normally it would happen once or
twice a month as you install new apps.

~~~
dawnerd
I'm all for them as well. Forced me to reconsider some of the apps I have
installed having not previously known what they were doing. Example, bartender
needs screen recording. While Im sure it's 100% safe, I still don't trust
giving an app that permission if its going to be running all the time. Just
seems like an unnecessary attack vector.

Seeing some people say 'if you were fine with it before...' \- well that's the
thing, I wouldn't have been fine with it before if I had known.

------
Rebelgecko
At least for me, there's really no good reason to upgrade to Catalina. Most of
the new "features" are things that I can't or won't use (e.g. desktop Siri).
However Catalina causes a lot of problems with things that I do care about (32
bit apps, hardware drivers)

~~~
scarlac
I won't pretend you have the same interests as me but one of the reasons I
personally look(ed) forward to Catalina was the ability to essentially "run
iOS apps" (recompiled for macOS).

I can't wait to get rid of some of my Electron apps in favor of proper native
ones. That feature alone would be worth the upgrade in my opinion.

But that's not to say I agree with how they've implemented the permissions
dialogs. As a developer who had to deal with them I found several glaring bugs
in Mojave, not to mention a sub-par UX. I'm sad if they haven't improved on
that.

~~~
bobbylarrybobby
How can you just "run iOS apps"?

~~~
lawik
Developers can use Catalyst to build their iPad/iOS apps for Mac. New thing
with the new OS version. And sort of a path forward towards the idea of Swift
UI and one UItoolkit to rule them all I guess.

[https://developer.apple.com/mac-catalyst/](https://developer.apple.com/mac-
catalyst/)

------
enzoaguado
What I find personally funny is the amount of bashing Microsoft gets for being
hostile to privacy, yet when Apple or some other company tries to make a push
forward, they get bad comments because of a side effect of it Yes, this could
probably be better, but practically no security improvement can be achieve
without a tradeoff. As mentionned in the blog post, this user is a power user,
with many programs installed and these popups appears only one time. Spending
at most 10 minutes accepting/denying permission prompts (which, let's be
honest, are pretty concise and clearly worded) is a good tradeoff for more
control on what applications are doing on my system.

------
NiekvdMaas
Anyone remember this Apple ad from 12+ years ago?
[https://www.youtube.com/watch?v=VuqZ8AqmLPY](https://www.youtube.com/watch?v=VuqZ8AqmLPY)

That didn't age well...

~~~
72deluxe
Well remembered!

I used to work with a guy who was a spitting image of the PC character

------
vikingcaffiene
I've lost faith in Apple leadership. After 10 years of being a diehard, I
recently jumped ship. Got myself a System 76 Oryx Pro and an Pixel 3a phone.
Still working out the kinks but so far so good. The apple tax was only worth
it when was the clearly superior choice. It ain't anymore.

~~~
cjohansson
I’m at the same position now. If macOS converges to Windows then Windows is a
better alternative, the reason I started with Apple was that Windows was a
mess, now Linux feels like the most sane alternative for power-users

------
dmix
Fine grained privacy control is not the same as being notified 14 times about
the same thing by Windows, even though you said you didn't want notifications
already.

------
FPGAhacker
Yeah, this was basically my experience. Not a good first impression, but I’m
assuming I won’t be asked this stuff again for the same apps. So, oh well.

------
makecheck
It seems to me that for the sake of user experience they should really, really
try to automatically coalesce multiple system messages and notifications that
appear while others have not yet been dismissed. For example, automatically
grow the first alert into a list with checkboxes or something if another alert
shows up, so that the user can reply to all of them in a sane way.

~~~
dwaite
The dialogs are meant to be presented in context so that the user understands
_why_ they are being asked for a privacy-impacting decision. Applications rely
on this so that they may ask for permission within context.

E.g., a retail company app that asks to track location permissions on start
will often get denied. That same app asking for location permissions when the
user says 'find nearest stores' will have decent success.

Promoting it up to a system-level coalesced set of notifications both
eliminates the benefits of asking for permissions in contexts and the
motivation to stop asking for permissions out of context. It also creates a
problem in some apps where the prompt is modal, because the API is blocked
until the question is answered.

~~~
makecheck
Apple does require apps to provide context in a lot of cases, and the app’s
provided reason appears alongside the message.

There is nothing about a combined window that requires context to be lost. For
example, add a column that includes trigger conditions and reasons for each
one, e.g. “while launching startup item”, “when opening AppName”, “to
authorize task performed by AppName”, “downloaded from xyz.com”, etc. If that
information really isn’t enough, the user still has the option to deselect one
and try it again in isolation.

An API can be held in a modal state without requiring each app to have its own
dialog; the system can decide what action allows the API to return to resume
the app. Similarly, an app can fire off an async notification without caring
if that notification window is separate from others. This is entirely a
presentation issue.

------
crooked-v
The biggest annoyance I've had here is that it makes some apps just plain not
work if they're using something symlinked from ~/Library to ~/Documents (for
Mackup or other syncing solutions), though some work fine, so it may just be
exposing apps that are doing something weird with file access in the first
place.

------
jzl
In case anyone needs a history lesson, here's a good refresher:
[https://www.networkworld.com/article/2277550/microsoft-to-
im...](https://www.networkworld.com/article/2277550/microsoft-to-improve-
vista-s-problematic-uac-in-windows-7.html)

 _" UAC was created with the intention of putting you in control of your
system, reducing cost of ownership over time and improving the software
ecosystem," according to the post, which is attributed to Ben Fathi, corporate
vice president of development for Microsoft's Windows Core Operating System
Division. "What we've learned is that we only got part of the way there in
Vista and some folks think we accomplished the opposite."_

------
lovelyviking
Since SL I feel that Apple gets more and more control over Apps, rather then
me over my own system.

Being for years able to advocate that apple approach, with all problems, was
at least superior in user interface feel and experience. Now I have more and
more trouble finding real arguments.

I can't stand popups, they appear in the middle of what you do. They interrupt
your flow. If you ask me they should not exist in a good software.Certainly I
was not missing a lot of dialogs for security. I need one list in one place
with permissions/apps where I can tune what is allowed and what is not for
each app, including(!) Apple Apps and where they connect.

It's getting worse and worse in many aspects. I feel less and less in control
about what system does.

I can't track what connects, where, why and which information is sent, for
instance by Calendar, when I turned off all related to iCloud, I do not expect
it to connect anywhere, yet it does.

Also some "geod" deamon connects every time I go online even though I disabled
everything possible through GUI related to iCloud and even time sync ... So
why it connects I have no idea, but if I forbid it in a router, then guess
what? Internet doesn't work completely. Safari won't load anything.

We talk about privacy and security? How about fixing those behaviours and
giving me control back? How is catalina with that? So we have many dialogs,
distracting us from what are real privacy concerns?

------
wayneftw
I’m surprised they didn’t ask for a password too, after clicking OK on each
dialog. I’m not surprised at the UX though, Apple has always done a pretty
terrible job of that for power users.

~~~
olliej
The problem with "power users" is fairly simple: defining what a power user
is, isn't trivial, and different people have different ideas as to what is
good. Then you have being a "power user" does not mean "I want any app on my
system to be able to do anything".

As for not asking for their password: This actually makes a _lot_ of sense.
Users already hit "ok" fairly quickly (I assume the inclusion of the readable
name + icon in the dialog is to make noticing what is being asked more
immediately obvious). Requiring a password would have the effect of making
every new app ask for a password, so you are training a user to (effectively)
grant root access for any software they install.

Compare the outcome: user auto clicks "give this app access to your contacts",
app can access and/or encrypt the user's contacts. User auto-enters their
account password: app can access and/or encrypt everything.

Note that even power users run into malware - they're not magically immune -
and if you download "vscode" and it asks for access to your contacts, email,
etc you might go "huh" and re-examine it.

------
littlecranky67
I didn't come close the provided screenshot in the article, but I was also
alienated by the number of popups & permission requests I got after upgrading
to Catalina.

I really see what Apple is trying to do here - I do not want a system as in
Windows, where my Game Launcher X scans my hard drive for other game
launchers, and extracts contacts & game list just to send it to Game Launcher
X manufacturers servers for "analytics" or "enhancing my user experience".
(this is just an unconfirmed rumour but nonetheless, see [0])

Apps have become far more than just programs and tools we use to solve a
problem, they have become marketing channels and data-gatherer for the
companys creating them. The time we can install a program from a trustworthy
source and give it full access to OS APIs and the Filesystem are gone.

I do not have a better technical solution as what Apple shipped, but I really
am glad that I can prevent Applications from scanning through my Downloads
folder or settings folders of other applications.

[0]: [https://www.pcgamer.com/epic-steam-data-
reddit/](https://www.pcgamer.com/epic-steam-data-reddit/)

------
someonehere
Literally this was me this morning after I upgraded last night and went to
bed.

I get Apple wants to make people feel their in control of their privacy, but
literally every app I use for work prompts me for every permission imaginable.

“Oh the command you’re running in Terminal, it wants permissions to your
Downloads folder, is that ok?” ::click yes:: “Guess what? That same command
you’re running in Terminal now wants to access you Library folder. Is That
cool?” ::click yes:: “hey it’s me again, that Terminal command. It now wants
to access your Documents folder. Is that cool?”

I’m a Sys admin prepping all the hoops to make my clients avoid this fiasco.
It’s somewhat documented what we should expect, but it’s a lot of prep work
and real world testing we need to go through to ensure our users don’t ask,
“why am I always being prompted with these pop up questions?”

Also, TV, Podcasts, and FindMy are being disabled in Catalina. Disabling
FindMy and logging everyone out of iCloud turns off the risk of the new Tile
like features Apple is about to release on the world. I don’t want my users
turning their work machines turn into Bluetooth beacons for Apple.

~~~
andrekandre
> I get Apple wants to make people feel their in control of their privacy, but
> literally every app I use for work prompts me for every permission
> imaginable.

i would guess this has the side-effect of making devs think hard about what
really needs access or not, and tightening up where data is stored (say in the
app container, not copying files willy nilly over the hd, using entitlements
etc)

> Oh the command you’re running in Terminal, it wants permissions to your
> Downloads folder, is that ok?” ::click yes:: “Guess what? That same command
> you’re running in Terminal now wants to access you Library folder. Is That
> cool?” ::click yes:: “hey it’s me again, that Terminal command. It now wants
> to access your Documents folder. Is that cool?”

yes, that is annoying, but i’m pretty sure that only happens the first time it
tries to access those folders... is that correct?

personally, i think that’s good that it checks those, because some scripts can
do damage to your data (say. by accident), and you might want to know if it’s
trying to say, read your keychain or not

~~~
olliej
It only happens on the first time, and only on access to a protected resource.
This applies to builtin apps and 3rd party apps.

For Cocoa apps this mostly shouldn't happen ("power boxes" that do file
open/close dialogs, etc)

------
coldtea
The reason for so many messages at once -- in case it's not obvious to someone
not using macOS -- is that this user had a lot of apps set to autostart at
login...

So several apps started at the same time (upon reboot and login) and now
needed explicit user permissions under Catalina, so they prompted for those.

What I don't understand is, why can't Apple have an app/panel where all
standalone such nags are placed?

So, instead of 20 mini-windows all over the place, you get a single window,
with the name of each requesting app and the nag, and even options like "deny
all", "allow all", or some quick way to select some and not others (e.g. nags
grouped by app).

And an additional idea: I'd have a physical led or similar mechanism on the
computer, that only when a dialog is official and uses standard system UI
lights up (similar to how a led lights up when the camera is on). I'd use
secure enclave and make sure that only system APIs can set this on -- no
userland code, except when it calls the specific legit dialogs, which should
also not be hidable and have the highest z-index.

------
psychometry
Wait, Bartender 3 can record my screen?

~~~
justintoon
They provide a detailed explanation why at this page:
[https://www.macbartender.com/Screen-Recording-
Permission/](https://www.macbartender.com/Screen-Recording-Permission/)

~~~
psychometry
Well, I decided that none of that was worth the risk and uninstalled it. They
need to find a better way.

------
cwilby
I recently tried again at setting up Ubuntu on my 2013 Macbook, after multiple
attempts over the years that didn't pan out due to Wifi issues, battery life,
graphics drivers, touchpad etc.

As of 2019, it's flippin' fantastic. Most issues above are gone and Docker
development experience in particular is vastly improved over Docker for Mac.

With the direction Apple is going, I don't see a road back soon.

Disclaimer - everyone's mileage varies, just sharing my odometer.

~~~
melvinroest
Huh, that's quite the contrary to my Mac Mini 2012 experience. My Raspberry Pi
wasn't here yet and I wanted a web server.

Yea, Wifi didn't immediately work, but with some Googling you figure out how
to find the right driver and use modprobe (or whatever it was) to load it in.

Though, I do have my fair share of Ubuntu install horror stories, so I guess
I'm simply lucky when it comes to Mac and Ubuntu.

------
moreorless
This reminds me of WindowsRG.

[https://www.youtube.com/watch?v=YbEYOaO9kp4](https://www.youtube.com/watch?v=YbEYOaO9kp4)

~~~
proverbialbunny
Since I was quite young I'd play pranks using a computer. I switched the Mac
Classic bootup picture with a bomb, causing my father to freak out. I gave my
grandparents a free cupholder out of their cd rom drive they used for years. A
decade later they were still thanking me for the upgrade.

I then once pulled up winrg.swf and fullscreened it. I told my grandmother I
had upgraded her computer for her. She took a look at it for about 15 seconds
then started crying.

Since then I've been a bit more cautious. Windows Really Good edition is still
pretty great though.

------
cotelletta
Everyone should be spamming the hell out of Apple's feedback form if they:

\- have 32-bit apps or games that won't be updated

\- don't think there is anything worthwhile to upgrade for

\- don't need mismatched marzipan iOS toys on their desktop

\- don't have an iPhone or iPad and just want a computer that's a computer

etc.

This reeks of "we checked our stats and the normies don't care", a huge
mistake for a platform once loved by developers.

------
vkoskiv
It's really infuriating. I've been using the 10.15 betas since june. Every
single time I build&run my binary in Xcode, macOS asks if it should have
access to my Documents folder. I click `yes` every time, but it never
remembers. It's just become an annoying extra step to my development cycle.

------
aianus
Is there any way to turn this feature off?

------
JustFinishedBSG
In this thread and every other threads like it: people complaining about
Windows/MacOS hostile path, yet refusing to use Linux.

You know, "vote with your wallet" also means "vote by changing the products
you use".

------
ptah
I don't see any compelling reason to upgrade to catalina. at least macOS
upgrades are a painless process, but the risk of breaking existeng
applications is becoming increasingly likely over the years

------
sys_64738
Is this not a slight on Windows Vista? By SP1 they had pretty much resolved
all the UAC hiccups.

~~~
dpkonofa
Yes, but that took nearly 2 years (1.5 if you're only counting from individual
public sales) and the launch was _terrible_. I'm glad that Vista happened
because it very much needed to but they really shit the bed on its release.

------
alimbada
Apple's reality distortion field still at work. Praise Apple engineers for
this... nagfest[?] but if it were Microsoft everyone was and would be up in
arms about it.

------
auslander
Alfred 3 app is busted.

------
lovelyviking
v

------
webwielder2
Complaints without suggestions are really the worst.

~~~
FPGAhacker
That’s hilarious. Kudos if you meant to do that.

------
widowlark
It's crazy to me that when Microsoft does this kind of thing (via Vista), it's
considered terrible but when Apple does it, the thread fills with people
saying it's the best way forward.

~~~
pram
HN didn't even exist when Vista was released.

~~~
dragonwriter
HN was called Slashdot then.

