Hacker News new | past | comments | ask | show | jobs | submit login

Just another reason to build and use a Hackintosh, if you want to be free to choose your own software. Apple is slowly moving towards an iPhone model with macOS.

..will be required by default..

Just change the setting if the default doesn’t suit you.

This change mainly affects developers who will now have to pay apples ransom if they want anyone to be able to run their app.

I’m not sure how the developer running a hackintosh fixes that.

On a Hackintosh you have that choice, on Apple hardware you'll eventually have that choice taken away from you.

That is my point.

For a user of your sophistication, why bother with a Hackintosh at all? You could use a truly free Linux based OS and not have to deal with any of this. Is there some killer app that you can only get in Mac OS? Xcode I guess for iPhone dev? And if you have a moral objection to Apple making MacOS like iOS, why would you want to do iOS dev?

Firstly, macOS is a far and away superior experience, given the alternatives, secondly it has better applications, or the Mac versions are better than for other platforms and thirdly it allows development on all platforms with a minimum of fuss.

Overall it's just more productive and pleasant. If there were a practical alternative I'd jump in a second.

Developing for all platforms is a commercial reality, regardless of what I think, but wanting freedom to develop software for any platform without a corporate's approval is not unreasonable. The complaint applies to Google and Microsoft to some degree as well.

Kernel extensions will also need to be notarized, so Hackintosh doesn't seem very likely.

Hackintosh user here: this has literally no impact on anything.

If you turn off SIP, you can run unsigned kernel extensions without issue, both on a Hackintosh and on a real Mac†.

If you're a Hackintosh user, but for some strange reason you want to leave SIP enabled, you can inject unsigned kernel extensions via the Clover bootloader. (I think you may need to temporarily disable SIP during setup or something like that, I don't fully remember. I just turn SIP off.)

† I actually find this much easier than Windows, which is a royal pain in the neck if you want to install unsigned drivers.

You can have partially enabled SIP. With CSR = 0x01, SIP is fully enabled except kext signing, more secure then disabled SIP.

I mean, if you want SIP, you can leave it fully enabled and load all custom kernel extensions with Clover, as I mentioned.

As I see it, if you're the kind of user who's installing Hackintosh, you're also probably savvy enough to not grant root permission to just any software. I want to have full control over my computer.

Selectively disabling parts of SIP is unsupported, FYI

What do you mean? You can always check: 'csrutil status'. I have all items enabled except kext signing.

Does csrutil status not give you the "This is an unsupported configuration, likely to break in the future and leave your machine in an unknown state." warning?

Warning, not error. And it shows the rest of protections enabled, good enough for me.

I guess if you’re willing to live dangerously it can’t hurt :)

It is hackintosh. All guides tell you to disable SIP, so I live rather cautiously :)

So are Hackintoshs?

Apple shames you for doing that instead of telling you it's unsupported.

Kernel extension already require a special developer certificate. You should explain to Apple what you need it for, then if your are accepted by Apple you get a new signing certificate including kernel Extensions. After that you can do "anything". With the notarized every app will be needed to be scan by Apple before. It's something a lot more painful than Microsoft Windows Defender which do the same (first launch of unknown app) for every app and maintained a worldwide database of signature of authorised apps.

Hackintoshes are not affected any protection Apple applies, they just work round it by modifying or re-implementing the software.

Why? Just NOP that check. If you have control over your hardware, nobody can stop you.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact