Hacker News new | past | comments | ask | show | jobs | submit login

For users who know what they are doing:


  sudo spctl --master-disable

The users who really know what they're doing are going to refuse to disable system integrity protection. I paid a shitload of money for the T2 chip, secure signed boots, a virus-free environment and complete peace of mind from malware. No way I'm turning that off on a work machine.

I have a Raspberry Pi for hacking, I'm happy to root the hobby computers, not the work ones.

That's why if find postings like this dangerous. If an author is asking someone to run a command, they really need to explain what the command does and what the tradeoffs are.

The command doesn’t do anything by itself from what so can tell. It just enables the option to run unsigned code.

I find it weird that you don't expect root privileges on devices you do work with.

It seems like this conflates the notion of having root privileges with turning off security. There is no meaningful connection between the two save in situations where there is no meaningful way to control said security layers save destroying them.

For example refusing to boot a bootloader that isn't signed doesn't require your oem to hold the only possible key that can be used to sign said bootloader.

Which are a very tiny percentage of typical Mac users.

As it should be. The vast majority of users should only run signed software. That leaves the ones who know what they are doing a way to bypass it.

You mean those that after doing that just perform "curl | sh" as it has become trendy among the younger UNIX generation?

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact