Things like these (including secretly signing you into Search when you sign into YouTube† or refusing to support PiP on iPadOS/macOS) just solidify Google's image in my mind as a forever scummy, intrusive company that I wish I could leave behind like I did Microsoft, but sadly Google Search and YouTube still don't have good enough alternatives yet.
* (startup items usually reside in the LaunchAgents/ and LaunchDaemons/ folders in your user ~/Library/, the root /Library/ and /System/Library/)
† (you can fix this by deleting all Google cookies after signing into YouTube, on any OS)
I feel alienated from my computer. Subtle things will just change. If I really dig I might be able to find out why, but I don't have the time, so I just accept it.
Usually very small things that are barely noticeable. My Chromecast extension disappeared and was integrated into the browser. My brain could not help but notice this benign change, which caused a hard to place sense of unease.
Or when Google decided to remove rotation from the home screen on Android 2.3 -- it wasn't a huge problem, but I could have sworn that something changed. Users were conflicted, many convincing themselves that the homescreen never rotated at all.
It has made me not trust my computer. I second guess myself much more. If some option no longer exists, I wonder if it was just my imagination or if it was quietly deprecated while I wasn't looking. Does it even matter?
I think that we are being trained to see devices as ephemeral, and not to get too attached to them.
For 90% of people, they have always "felt alienated" from their computers. They didn't understand what was happening or why things changed either, and it was easy to get yourself into trouble if you didn't know what you were doing and were trying to figure out how to fix something.
So companies decided to make their software have fewer options, and do more things automatically, without asking the user to have to make a choice. They don't give the users an option to customize, so they don't have to worry about those customizations causing breakage.
For advanced users this is crippling, but there are a lot more of them than there are of us, so they are going to be catered to.
I have stubbornly resisted it, but I think I will go the way of all of my friends and just accept it soon.
I now spend more time doing personal system administration than at any time in my life as a computer user. If you want to have control of your computing devices, you need to spend more time than in the age of five in floppy disks.
Most updates are a one way trip now, and they aren't keep on publishing exactly what features they have removed, so a lot of time is spent disabling updates, firewalling, researching, jailbreaking, imaging, and backing up.
My biggest liability now is not malware, but updates! I have to put all of my development toolchains in virtual machines, because they will break and I can not rely on being able to re-create them. Re-creating my modest workflow is a bi-annual affair, when it really shouldn't be.
And there has been a cultural change in software development as well. Software like Firefox will clobber your data during an update, and when you file a bug report, it will be WONTFIX, and they will say that it is your fault for not using Time Machine and rolling back their changes. They did this awhile back with bookmarks, and they certainly do it with extensions. I had to spend an entire afternoon recovering annotations and citations that were destroyed by a Firefox update, and I was told it was essentially my fault for trusting Firefox and not having hourly backups.
I hate to sound like a broken record, but there was a time when you could reasonably assume that if an update was making major changes, that it would give you the option to go back, or at least export your data if it didn't support it. I really wish the open source community would step up and be different, instead of embracing this.
Personally I don't buy the whole "removing choices to stop users from hurting themselves" excuse. To me it seems like over zealous designers trimming far more than necessary to make things look nicer at the cost of usability. But what do I know?
Now we're using computers and software every waking hour and using software with millions of distributed users that we expect to always show us the latest updates.
We're using phones for banking and payments, to turn our lights on and off, to keep a lifetime of family photos backed up and synced across multiple devices.
It has made things more complex, but I don't think a world of 1997 style configure-it-yourself software would necessarily help with that.
As anecdotal as it may be, my friends and family have used computers and smartphones for years, but I’ve experienced the same increase in requests for tech support as the parent comment.
Further, no one said there’s increased complexity. The argument is that the oversimplification, the removal of features, and overzealous design assumptions have made UX go in the wrong direction. It’s also an argument I agree with.
A lot of UX design today fails to recognize the spectrum of “tech literacy” and it should, ideally, accommodate all within that spectrum, rather than pander to the least “tech literate” end. It’s not always possible, but it should be strived towards. Instead, we have UX trending towards attempting to be so “intuitive” that it becomes counterproductive.
Anyway, we had to start using a paper notepad and pens to keep track of the information!
Even for people who just want to paste an address from a text message to look up in maps, and especially if you want to do anything with the calendar.
I just remember 15 years ago on my Treo 650 never needing to do that, and having no problem copying text between different apps seamlessly, between calendar, email, text, maps, and other apps. Same with Blackberry. Using modern Android is as awkward as driving a car with a mouse.
But I think there was an intentional push to minimize options for users, to make fewer pathways for things to go wrong. Forcing people to use pen and paper when they have a smartphone next to them is a UX success for them, because they don't have to improve handling text.
Yes, I get it, this reasoning does technically provide a justification for the design decisions made that will shut some people up. But that doesn't make the product or design decisions anything to be proud of.
And, to take it a step further, I don't think UX is putting in honest effort to improve things for unskilled users. All the low barrier to entry stuff is superficially pleasant, but the number of common UI paradigms end users have to learn how to intuit their way around has exploded, while affordances and discoverability have plummeted. People who've spent their dayjobs in front of computers for years - if not decades - are assumed to categorically have bad, less-than-worthless, ideas about what might make interacting with those devices easier. All because "shut up, nerds. Nobody would ever like the things you like" was easier than listening and figuring out the how to separate the wheat from the chaff.
This is a weird claim here because this issue only appears if you made a conscious decision to disable a critical security of the operating system, something only possible because you have "options and user control in modern software".
It’s great that Apple lets you disable SIP in macOS. It’s not great that Google frequently takes away user control. Different companies making different decisions in different situations is not contradictory, and outliers do not discount an overall trend.
Apple wins in that regard - stability, consistency and reliability in daily use. It’s boring in a way for tech enthusiasts but wins in the eyes of people for whom their phone is just another tool which needs to work when they need it. They’ve no inclination to fiddle around with things nor a desire for a changing UI.
When all is said and done, Google can die off or fail as a business, but this and persistent data collection as a norm will remain its most lasting "contributions".
And of course since everything is in a constantly broken state, it is also in a need of constant auto-updates that both break and unnecessarily change stuff without my knowledge or permission.
For this specific feature, on LineageOS, you can restore home screen rotation. I don't really understand why it's off by default though, it's confusing to have apps rotate but not the home screen.
I've always assumed they know what they are doing (Android UX seems quite good, despite what my three years younger self would think), but I don't get this. Is it because you can mess up your home screen by adding or moving icons when rotated?
I think it is either because iOS doesn't rotate the home screen on phones, or because they introduced this simplified car interface that did rotate, and they wanted to differentiate. But like so many design choices, it was not due to technical reasons, but marketing or political reasons.
It's funny, when I used Windows 10 for the first time recently, Ubuntu's unintuitive lock screen finally made sense, since they copied it. Whenever open source software starts doing something strange with their interface, I only have to look at proprietary software to see what interface they cargo-culted, going back to Pidgin copying iChat. I would love to see the discussions where they make these decisions. I imagine someone bursting into a meeting "You guys, Microsoft did a thing with their interface, we have to put everything else on hold to copy them!"
Some time last week Youtube removed the publication date from videos. Apparently they restored it today.
For a while it was super strange and I had to rely on comments to guess when the video was posted.
It’s really too bad, because Google traded their pristine reputation for possibly a slight boost in their near term earnings.
I sometimes feel like companies have used the guise of "protecting novice users" as a means to take away our freedoms and increase their power (e.g. Google forcing updates on Chrome; Microsoft forcing updates and telemetry on Windows; Apple prohibiting non-app store applications and iOS downgrades). Of course, Linux and BSD exist, but many people don't want to deal with them.
The whole situation is just depressing to me.
 for example https://download.lineageos.org/beryllium/changes/
Reminds me of 1984.
Part of this is because release notes no longer most things removed (they are just covered under "other interface enhancements").
I did track down the home screen rotation change but it was very obscure. In one thread a user had to post actual video of two different Nexus One devices and prove that the update removed landscape homescreen mode. This is the world we live in, where this is a massive cloud of uncertainty over what our devices are even capable of doing!
This actually bugged me a lot (I cast into meetings quite a bit) and your comment made me go find a solution... Turns out it's super easy!
Now I live in Firefox and it's just as good as Chrome, at least for my needs. I've dropped pretty much all Google stuff except for GMail, mostly out of laziness (I would have to update hundreds of accounts).
I held off for two years moving away from GMail for this reason. A year ago I decided to pull the plug anyway, and it turned out to be much less annoying than expected. My strategy was as follows: first enable a forward from GMail to your new mail address, then directly migrate the ~10 vital/daily accounts, then just leave the rest pointing to the GMail account. After that, change each remaining account immediately (no exceptions) the moment I either log in to it, or receive an e-mail from it that refers to the GMail address.
It took me about two months migrating away from GMail, and as a bonus I was able to identify quite a few old login I didn't really have a use for anymore, so I closed them.
For regular mail I put an auto-reply in GMail that says I don't use it anymore and the address will be closed at some point in the future. But honestly, I don't think anyone ever saw it as nobody sends regular email anymore these days. All in all the process was pretty painless, and I feel very happy about ditching the last Google service I was still using (except the rare Google query of DDG fails to return useful results)
That seems strange to me, as email is my main form of communication.
What are the people you know using instead?
Now email in professional life is a different story, and is 100% mandatory, but that's all in the enterprisy outlook world...
One amazing advantage to using fastmail (or really any real e-mail provider) is that it is trivial to set it up to use your own domain for e-mail, and to do catchall addresses for your domain. I use this feature heavily, using the general strategy of giving every service a different e-mail address. In this way I can sort by incoming to field, and block out anyone who sends spam using rules acting on the to field. This does an amazing job of sorting out things like mailing lists that keep re-adding you or that are worth monitoring but aren't worthy of showing up in my inbox.
I switched to FastMail, and and added an MX record for the domain I already had to alias the mail adres to that domain. So now I could easily switch to some other e-mail provider at any time in the future. But I’ve been totally happy with FastMail so far.
I did consider self-hosting but decided it’s just too much of a hassle to get decent spam filtering and security set up.
Setting it up in Fastmail is super easy if your halfway computer literate. It literally says what DNS records you need to creat.
Importing your Gmail emails is even easier: log into Gmail from within the Fastmail options. Grant access. Now it’ll import all your mail in the background.
This, and forced auto-updates were exactly what finally led me to entirely removing Chrome from all my systems.
> (I would have to update hundreds of accounts).
I actually have been doing this for the past couple months. It wasn't too bad, just time consuming. I took the opportunity to request account closures for every account that I don't expect to use in the future.
Exactly this. Chrome was never my main browser, but though it's useful for testing web dev I just nuked it from the system once I realised it kept trying to find new ways around my deactivation and / or removal of keystone. That was several years back.
You will never have to update any accounts with new email addresses ever again.
What does Gmail offer that you can't get on other services? (honest question)
Gmail's mandatory phone number requirement upon registration and inability to get unique aliases (iCloud allows 3, so you can have 4 addresses per account at a time, and without the "baseaddress+" prefix which self-defeats the point of an alias) turns me off right at the start.
It's not always mandatory. I don't know what the heuristics are, but I've managed to create a couple new Google accounts (non-gmail, for dev purposes) during the past couple weeks without them being tied to a phone number.
Folders don't cut it.
whitespace. precious, precious whitespace
Apple is willing to inundate users with permission prompts for microphone, location, and disk access. Why not the ability to start with the system?
Dropbox apparently also used to show you a fake system password dialog which saved your administrator password, and more:
As for what they're using accessibility for, I believe the official primary use case is tighter integration with the Office suite (e.g. showing users if anyone else has the doc open). So nothing exactly malicious.
This isn't anything new. Keep in mind that Dropbox was offering sync status icons for years before Apple finally created an official API for doing so. IIRC that was using an even dirtier hack, involving monkey patching Finder at runtime. I'd definitely count that as a useful feature as well, and one that Apple had no interest in supporting until it became a user expectation.
I've got no affiliation with Dropbox, and I can definitely see the concern over the TCC hack. But once you try to do any meaningful integration with macOS, you do begin to sympathize. The official APIs are limited, flaky, and prone to deprecation at a moment's notice (see Quicklook plugins in Catalina for a fresh example). And Apple, despite making it impossible for third parties to innovate in their ecosystem, gets to paint themselves as saints.
Security is paramount, of course, but needlessly restricting how users and developers can use the OS will either lead to even dirtier hacks, or only Apple apps being allowed to do new, interesting things. And I don't particularly like either option.
At least on Windows, I could with confidence say that Sysinternals Autoruns + Process Hacker would get you 99.9% of the way. I too went from Windows to macOS, and I tried countless tools (Lingon X, CleanMyMac, App Cleaner, App Cleaner & Uninstaller Pro, etc.) to no avail in my quest to kill Dropbox.
When Google does it, they are just elbowing their way into your computer.
I really wish there was a way I could revoke an App's ability to request access.
I might be saying that to the wrong audience, but I think Apple is being overly cautious not to bother developers and power users at the expense of security on the desktop. Not as if other OSs are better – just this week my flash drive came back with a Windows virus after I sent it to a print shop –, but still.
In this specific case it shouldn't be possible to run without SIP outside of safe mode IMO, but it's still possible because some people need to run unsigned kexts and other hacks.
It's the same thing with the sandbox. I've seen a lot of developers making excuses not to publish on the App Store because they need things like unlimited access to home directory for whatever reason and the sandbox restricts them. Last excuse I saw was "we need to scan for subtitles". Yeah, right.
Yeah, that's not even a valid excuse! Once a user manually selects a file, the macOS sandbox also gives an app access to any "associated" files like subtitles, automatically:
(search for "subtitle" on that page)
Let me try to explain better: There was a thread here in HN about a Google Cloud outage and someone posted a link to a Zoom conference. I noticed that their app was still installed after clicking the given link. This happened to other people too:
I wonder if it's a coincidence!
...but you can still delete whatever you want out of System32 (though it may grow back), and you can add your own things, and dll hijacking is an issue etc. Just when it comes to kernel code are the protections better.
I might be remembering it wrong, but I thought it was definitely a good thing and definitely a step forward.
I wish that would happen more often. With so many things moving to the web there's not that many excuses left to sacrifice security and stability for backwards compatibility.
But my point is that Zoom shouldn't even have been able to install that server on my system in the first place. It's my computer, so I should have been asked before. Same for Google Keystone Updater.
I had Chrome installed "just in case" (mainly for the dev tools for the rare occasion I do web dev) and I just uninstalled it and the updater. It's not worth the surface area...
Now to get around to nuke all this junk that Citrix Receiver installs. Ugh.
It is also suspicious how set they are so against users using an older version of their browser. Security is not a good enough justification. It is actually easier to use an older Operating System than an older version of Chrome.
This is clearly just to protect the integrity of their platform.
I thought that, too, but then I held my breath and just switched to DuckDuckGo as my main search engine and... there's no difference, really. Maybe some niche cases where google spits out more specific results and handles exact quotes better. But for 99% of "type a word, get results" kind of uses, it works great. I did not expect that, maybe still burnt from when Google was so far ahead of the competition in search it wasn't even a question.
Youtube is a different story but I don't really miss anything not logging in, so there's that.
"Malware installs itself persistently, to ensure it's automatically re-executed at reboot. BlockBlock continually monitors common persistence locations and displays an alert whenever a persistent component is added to the OS."
sudo rm -rf /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle
sudo ln -F /private/var /var
The version of Keystone packaged with Chrome is not affected by this bug, so allowing it to reinstall Keystone will not recreate the issue.
WHY can you not make Chrome update like every other sane, well-behaved app?
Update notification -> User confirmation (or an OPTION for auto-updating) -> Download status.
Why do you insist on installing things into our startup sequence without our permission? If your intent is to "protect" users, increase the nagging. I'd be fine with Chrome refusing to load any website until Chrome is updated to the latest version.
Even Apple, who is notorious for making users' decisions for them, lets us choose when to update apps and operating systems.
Google's software is a cascade of lies and deceptions.
Think about this: when you start to tamper with Keystone agent, it never says anything to you, it just silently reinstalls itself somewhere else like spyware.
It will keep asking over and over for root access, without explaining why. They make it seem like your installation is incomplete without root access, but that is a lie. It will function fine running out of ~/Library/ as /Library. But there is no way to make it stop asking.
Google Earth, Google Drive, or many other Google products will re-install Keystone agent.
If I try deleting it, then that means I probably want it gone. They should prompt me to repair it or leave it alone.
You would think that Google would want to show off their updater. Even just a growl notification that an update has occurred.
But it makes sense why they don't want users thinking about it. If they were more transparent, they would say:
We've installed this software that will monitor your filesystem and make irreversible changes whenever we feel like it. Sometimes we will break things, but most of the time we won't and if we do break something, we will fix it. It is possible to disable, but you will have to search for it, because you will never discover it yourself. Oh, we could just have a checkbox in Preferences, but we want to make you work for it. And all you are doing is requesting that we stop updating, but we'll still be running.
They also used to shit on IE and WP, now everyone gets to enjoy Google's hegemony.
you have tons of complaints in this thread about google's "bad behavior" but you continue to put up with it to by patronizing the company and their tools, without even apparently asking the question, "do i really need chrome?" or whatever. have you asked yourself why you keep their software on your computer if it's such a headache?
i'm sure i'll get the typical "but there's nothing better!!" response and there may not be, but it's telling of you personally that you are willing to get so upset with all of this and then... keep on keeping on.
What would you suggest I do?
I use Chrome sometimes. Firefox is bad in its own way, often emulating the worst of Chrome. Like, at least the Keystone agent is unobtrusive and you don't even know it is there. Last time I checked, Firefox's Updater.app is just as disrespectful to the user, but it is horribly inefficient and clumsy.
Because someone at the Chrome team has setup an OKR of newest version rollout rate. His/Her salary and promotion are at stake.
Because that's how you end up with software that isn't updated, running old insecure versions.
As a user, I like it when my apps automatically update without me having to worry about it. The frustrating part about the Mac App Store is how it still makes you worry about updating apps.
You see a download bar on app icons in the Dock and Finder while they are updating, then a badge (blue dot prefix before the name) on recently updated apps.
Rarely (i.e. on new user accounts) it may ask you for the iCloud account (if it was a purchased app, I think) or administrator password (after some major OS installations).
How is that frustrating and "making you worry" about updating?
It seems like you haven't used the Mac App Store or have changed the default to manual updates.
Obviously the model here is different, but its still a minor frustration to me.
Wait, what? The Mac App Store updates your apps automatically in background (I know bc sometimes it tells me it can’t update a particular app until I exit it)
that's the part I find annoying. Contrast to iOS which doesn't have this problem. Obviously the model on iOS is a lot different (more restrictive backgrounding, apps are build to handle shutdown at any time), but its still a minor frustration I have with MAS.
There is no legitimate reason for any install other than an OS upgrade to modify /var or any other system-related directory.
> We're building a replacement that fixes the problem.
The fact that your team would allow any code which modifies a machine at the OS-level only reifies the concerns regarding Google's products.
rm -rf /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle
ln -shf /private/var /var
chflags -h restricted /var
chflags -h hidden /var
xattr -sw com.apple.rootless "" /var
Tell your team and your supervisors this:
My computer is not your playground.
There is no legitimate reason for a user-space install to manipulate system directories. So for an install to do so, there must have been an conscious decision made and code written to make real.
Therefore, for this system manipulation to have both been introduced and released, "most engineers on the team" either raised no problems with it or did not consider the implications of this decision.
> But for the time being, let’s let engineers do their job?
They did their job, which resulted in the release of this system destabilizing product.
Perhaps the job they should have done was to consider their work product be one which did not assume complete control of the machine onto which it runs?
Users have no choice but to take whatever updates they throw at us, and have no recourse but to sit around and wait for another update to be pushed.
There is no way to roll updates back, and disabling updates is obfuscated and hidden away behind an obscure terminal command that nobody would discover on their own.
Google invited themselves into the guts of our computer on the pretense of updating their browser, and then they made a mess.
If Google explicitly laid out what they were doing and asked permission, many users would not grant it, which is why they are so covert about it. It isn't that it is being unobtrusive, it is that it is hiding.
I swear, only Google can get away with this. Nobody was this defensive when Microsoft pushed Windows 10 on people.
These devs know what they are doing and in the current economic environment are clearly happy to be doing it.
Killing it resulted in a relaunch and 100% cpu. There is no way to stop this except for unloading the launch agent, AND launchdaemon. Removing the application and killing the instance.
The os platform providers updates.. use that instead of crafting your own malware.
How would you like it if your car suddenly has a top speed of 15mph, and no power steering, because someone wanted to update the number of radio presets.
Of course then it stopped booting at all yesterday so if it was that then it must have pushed the 4.5yr old battery over the edge and killed it. Or overheated something until it died. I don't think those fans have ever been cleaned.
Makes me wonder if other software might be attempting to damage the system (totally by mistake) but SIP is preventing it, making it quite deadly to use said good software if you happen to turn off SIP for stuff like debugging
Seems an awful lot of work related computers (eg Avid systems, and more) have been rendered inoperatable until someone manually boots and fixes each one.
chmod 000 ~/Library/Google/GoogleSoftwareUpdate
chmod 000 /Library/Google/GoogleSoftwareUpdate
It seems kind of counter productive to kill off the auto update system when you can just as easily switch to a browser that just doesn't do what Keystone does.
More important, I like Google Earth and it tries to install Keystone too.
I've heard "Firefox is better than it was" only for me to reinstall the latest and find it's still way cludgier than chrome.
In general, I've found it to be much better than Chrome, but as always YMMV.
I think in the end that's something that you have to test out for yourself periodically, as it seems to be great differences of which is the best performer across OSs and devices. As a rule of thumb I try to do a short evaluation of each of them every ~5 releases.
From experience, they absolutely do it.
Thank you. This was the best tip to come out of this whole discussion.
I'll identify every location Google apps write to, and lock them out with this.
They are both very low, but I’d rather programs not change my stuff against my will, even if they are trying to protect me.
Problem partly solved.
My wife's a primary school headteacher (or K-12 as you say in the States). Her MacBook was disabled by this. Yes, she takes weekly backups, but schools don't have free money to spend on spare laptops for a few days' work, nor on unnecessary technician time to fix it. Fortunately I spotted this posting (thanks, HN poster!) on blearily checking HN this morning and instantly recognised this was what's happening.
Have some decency for the people whose lives you've just affected and apologise to them.
Your true statement that tone will often matter is an interesting discusson on society and education. That it is also relevent on a site otherwise dedicated to intelligent discourse was the nugget I was hoping people would think about.
Couldn't help but notice most of the posts from the Chrome team lacked any sort of apology. Including this support post https://support.google.com/chrome/thread/15235262
Bit disappointing when this bug has bricked multiple machines.
> If you have not taken steps to disable System Integrity Protection and your computer is on OS X 10.9 or later, this issue cannot affect you.
SIP came in with 10.11. Any machine on 10.9 or 10.10 is vulnerable.
Do you want only PR people on HN trying to talk to you? Because this is how that happens.
One of the first places "I'd" look? It's not my Mac. I'm not sure how many primary headteachers read Hacker News or have a spouse who does. I'm guessing <1%.
When the world's biggest software company actually bricks people's Macs with a software update, then "sorry" is the least I expect, frankly. But if you want to dismiss this with "dickhead", you do you.
I'm torn on that one. I want direct communication to be possible without running it though PR or people with PR training, to improve response times especially in such "busy" situation. This requires us on the receiving end to be somewhat lenient. But on the other hand, I also don't find something better elsewhere, including the more official announcement linked to. Thus this style seems like company policy and certainly deserves criticism.
The keystone team accepted this as a p0 bug.
/ also shouldn’t be writable so it’s understandable how this wouldn’t have been caught. writable / is not sane and it’s unlikely you’d test that case.
i’m having a hard time understanding why this isn’t a mac bug. trivial kernel panic.
That prevents end-of-the-world scenario like the one above, if the script derails.
In the example above, the command would be `rm -rf /` without the variable present, and the shell would expand / to all the folders in /. So it's not a direct call to `rm -rf /`, you would need to handle the shell expansion of /* as well?
come to think of it, when would you ever want to rm -rf/? even in a chroot it doesn’t seem like a thing you’d want to do.
As a consumer? No. I'm not interested in QAing buggy software. I want it to not break my machine.
More seriously, SIP messages do show up in the system logs, which next to no one ever reads unless it's to find out that SIP is preventing something that the user really intended to occur.
It seems even more likely that the result of unlink() would be ignored (right up there with ignoring printf()), not because it’s the right thing to do but because lazy programmers will assume that failures are incredibly unlikely or unimportant. For example, if the code is a cleanup phase that just wants to remove a list of files, what are the odds that the program dutifully checks that the files actually went away?
Or, as the reason for the omission of such checks is more likely to be, what to do if something that shouldn't fail, fails? And if whatever you decide to do to handle the error itself also fails? Repeat ad infinitum. To even try to go down that rabbithole is simply a waste of effort and does nothing but introduce unnecessary complexity, to put it bluntly.
These aren't like the days back when I could self install Linux and expose it to the internet while I configured it.
Which is a very good thing on my book.
Today it is Google's Keystone, tomorrow it is some scummy app downloaded by a grandpa thinking it was a link actually sent by one of his grandsons about their birthday party.
I’m looking forward to iPadOS. All the heaven from iOS in terms of sandboxing and no background tasks (except very well defined).
Also Catalina afaik will make an os partition which cannot be tampered with.
And if anyone wants to know, I have to disable SIP because Apple won't let me use an eGPU on my Macbook with TB2.
I'm in a similar boat with a kext that enables unsupported Thunderbolt 3 docks.
I might have to use PurgeWrangler for an older iMac. Apparently, can keep it mostly enabled, but you need to mind updates and be ready to recover if your modifications are invalidated https://github.com/mayankk2308/purge-wrangler/issues/2#issue...
I wonder what role Apple’s aversion to working with Nvidia played in all those Avid users having SIP turned off.
PS: Written on a Hackintosh
Found non-functional system update engine. Please reinstall Google Software Update from https://dl.google.com/mac/install/googlesoftwareupdate.dmg
KSUpdateEngine no ticket to update for the specified product ID.
I don't want a "System update engine"... This is baked into Apple's AppStore. It works very well. Use that. You don't need access to my system.
That's easy, just regularly download a new Chrome. The difficulty is managing to stop keystone from reinstalling and re-enabling itself.
> This is baked into Apple's AppStore. It works very well. Use that.
I hate keystone with a passion, but TBF getting a modern browser into the appstore is not possible, even ignoring all the limitations the store puts upon its software, there's no way you can actually get a browser (as opposed to a shell UI around the platform webkit) in the appstore by its rules.
Keystone is malware made by Google. The incident this week was the first time it contained an actual destructive payload, but it's been malware for years.
csrutil enable --without kext
csrutil enable --without fs
csrutil enable --without debug
csrutil enable --without dtrace
csrutil enable --without nvram
Is it documented anywhere? man page didn't help.
Same with both Linux and windows.
Bit of a design flaw with the OS - in all cases a process should be allowed to restrict itself to have fewer permissions and access to fewer API's without being root, but sadly that isn't universally the case.
> Same with both Linux and windows.
This isn't true anymore on Linux. Chrome switched to using an unprivileged user namespace sandbox instead of the old SUID sandbox is Chrome 43 in 2015. It depends on a Linux 3.8+ kernel for the user namespaces support.
Could you clarify how this is the case on Windows? I thought Google Chrome installs and runs just fine without admin privileges. I'm not aware of any security downsides for doing so.
Note that Windows doesn't work like Linux with setuid bits and whatnot. The permissions a file is installed with don't dictate what permissions the program that executes it has. That's entirely a function of the program's security context. Hence, for a machine-wide installation to actually make a difference security-wise, Google would actually have to install e.g. a high-privilege service that would run when you try to start Chrome. I don't think it does such a thing.
So I think Windows is already designed correctly in this regard and hence I don't think this is an issue on Windows as claimed.
That doesn't seem right, unless you mean some specific version of sandboxing? Changing selinux/apparmor hats, setting up seccomp, creating namespaces, and others can be done just fine by regular users. They're all sandboxes.