Hacker News new | past | comments | ask | show | jobs | submit login
macOS 10.15 Vista (tyler.io)
386 points by feross 6 days ago | hide | past | web | favorite | 315 comments





Maybe we should be angry?

Apple has been neglecting OS X since Snow Leopard, thinking that iOS is the only thing worth investing in. Microsoft apparently agrees -- they chopped up the Windows team last year, pushing out the Windows chief and dumping the remaining re-orged husk under Azure. Just for security reasons alone, it should be terrifying that there isn't a standalone Windows group anymore.

Windows hasn't been usable since 7; the current version literally requires you to let it reboot itself on a 9-5 schedule. And now this with Apple, again.

Can we move on already? Most of us spend at least half of our waking hours interacting with a desktop operating system, most of us use either OS X or Windows, and yet both of these companies have made it clear that their desktop OSes are no longer a priority! Why are so many of us still putting up with this?

I know people like to knock Linux-on-the-desktop, but you know what? I can go buy a Thinkpad, spend 20 minutes putting Debian or Ubuntu on it, and it'll just work, and I'll get software updates forever. I used to care about flashy widgets back when Gnome was cloning old OS X features, but now I just use XFCE because it looks reasonable, it works, and it stays the fuck out of my way. And when there are bugs, people make a little noise, and then they get fixed. Remind me again what version of bash Apple ships? I don't have the time or the energy to work around that crap anymore.


>Apple has been neglecting OS X since Snow Leopard, thinking that iOS is the only thing worth investing in

What exactly is the evidence behind this? They have been adding several huge components/APIs/tools that they have working for macOS (Metal, APFS, Swift, CoreML, etc), they have had added the Mac App Store, they have tons of under the hood improvements (e.g. memory compression), and so on.

What exactly did you expect to see, or was seeing before "Snow Leopard"?

>I know people like to knock Linux-on-the-desktop, but you know what? I can go buy a Thinkpad, spend 20 minutes putting Debian or Ubuntu on it, and it'll just work, and I'll get software updates forever.

Then don't let the door hit you on your way out.

In my experience in most definitely not "just work" except with very careful selection of laptop/peripherals, and all kind of uses cases break too, including no major creative/office apps like Creative Studio, Pro Tools, Cubase, Premiere, FCPX, MS Office, and so on, which I depend on.

And every now and then this or that project will decide to majorly break stuff in some transition... (Gnome does it, KDE does it, X/Wayland/etc does it, ...).

And I've used Linux (and several UNIX variants) since 1997, and still do professional (as a server OS) everyday, so not exactly new to the game.


> >Apple has been neglecting OS X since Snow Leopard, thinking that iOS is the only thing worth investing in > What exactly is the evidence behind this?

I agree neglect is probably not the right word. I like the term Marco Arment uses on his ATP podcast: drive-by updates.

> They have been adding several huge components/APIs/tools that they have working for macOS (Metal, APFS, Swift, CoreML, etc),

These all seem to have been developed for iOS first and macOS second.

> they have tons of under the hood improvements (e.g. memory compression), and so on.

Personally I experienced rage-inducing multi-second freezes after updating to Sierra, disabling memory compression solved the problem.

> What exactly did you expect to see, or was seeing before "Snow Leopard"?

Stability, usability, and polish.

I don't think it's controversial to say that all of these have taken a precipitous fall since Snow Leopard.

There are probably many reasons for this. It seems to me the biggest culprit is the yearly release schedule.

They've shown themselves utterly incapable of releasing a quality update each year. The question is, why are they keeping it up? To sync up with iOS releases roughly maybe?


>These all seem to have been developed for iOS first and macOS second.

iOS and macOS is basically the same OS.

iOS uses the same kernel and main userland, and was developed just as a spin-off of OS X with more lockdown enabled, some inapplicable services removed, and a profile that fits smaller devices. Otherwise the kernel, fs, userland, etc is 90% the same, minus different APIs (mostly UI) on top (which they also try to unify for several releases now).

macOS+iOS should be seen as the same thing as far as system-level development (kernel, fs, etc) are concerned.

Of course features still need integration to the respective form factors and UI paradigms (e.g. APFS required userland and Disk Utility changes, for one), and Apple has done that for both platforms.

>Stability, usability, and polish

And yet, Snow Leopard was created exactly because people complained Leopard and earlier were not stable enough. It was the release to focus on stability and polish over new features (and they even admitted this was alluded in the name change, "Leopard" -> "Snow Leopard" as opposed to a whole new version-animal).

And if we go back then, we can find tons of complains about instability, lack of polish, the world ending, etc.

>They've shown themselves utterly incapable of releasing a quality update each year.

Given that they ship 100 million or so updates, they have almost immediate adoption (far quicker than new Windows version), and the complains always subdue after 1 point release or so, I don't think so.

Not to mention most complains now are about them deprecating stuff (32 bits for one) -- as opposed to breaking stuff.

Heck, they pushed a whole new FS to hundreds of millions of users (5x+ that with iOS in), and there hardly any issues to write home about -- and that in record time (FS experts said it normally takes 10 years to mature a new FS to do such a conversion and warned of apocalypse which didn't happen).


> iOS and macOS is basically the same OS.

Sure, but when people talk about "macOS being neglected", they're referring to a neglect of work put into the things that are uniquely macOS: multi-user support (better Fast-User Switching; better Screen Sharing; OpenDirectory et al; AFS back when that was considered a good idea; Server.app features); workstation productivity (evolution of the windowing paradigm seems to have stopped after Mission Control was introduced); fault-tolerance features like Time Machine; treating non-sandboxed (incl. POSIX CLI) apps as first-class citizens; and, well, any updates at all to the natively-desktop apps like Finder and XCode.

When was the last time you saw Apple announce a new feature of an app that exists only on macOS? Or announce a new OS feature that only makes sense, design-wise, on a desktop? They used to do both of these pretty frequently. The only things I can name from the last two releases are tabs (Finder) and dark mode (macOS generally.) Those are pretty small beans.

Oh, and there was also the whole NeXT-y paradigm of document bundles, Spotlight discovering app bundles and registering their file-type handlers and provided components, etc. That seems to have been lost in the shuffle—maybe the people responsible for it have all left. Remember QuickLook plugins? Remember when Preview worked on basically every file-format that you would run into on the internet, rather than not even knowing how to display a WebP?


> iOS and macOS is basically the same OS.

I'm aware of that. But they are not exactly the same, are they?

> Of course features still need integration to the respective form factors and UI paradigms.

Isn't that what usability and polish are all about?

> And yet, Snow Leopard was created exactly because people complained Leopard and earlier were not stable enough. It was the release to focus on stability and polish over new features (and they even admitted this was alluded in the name change, "Leopard" -> "Snow Leopard" as opposed to a whole new version-animal).

I know, and that's why we all love Snow Leopard. Why the regression since then?

> >They've shown themselves utterly incapable of releasing a quality update each year.

> Given that they ship 100 million or so updates, they have almost immediate adoption (far quicker than new Windows version), and the complains always subdue after 1 point release or so, I don't think so.

They release updates alright, but what about the quality? The fact is overall, macOS has gotten slower, buggier, and uglier with every release.


>I'm aware of that. But they are not exactly the same, are they?

Yes, in minor ways I already mentioned.

>Isn't that what usability and polish are all about?

Yes, and as I already wrote: "Apple has done that for both platforms.". You don't get a lesser Metal or a lesser APFS on macOS vs iOS, or less UI integration.

>I know, and that's why we all love Snow Leopard. Why the regression since then?

I'm not particularly fond of Snow Leopard over other releases, nor I see much "regression since then". There are several legendary Siracusa reviews until Yosemite (after which he passed the torch) here: https://arstechnica.com/author/john-siracusa/

Here's e.g. Mavericks:

Over the past three years, each successive release of OS X has found its way onto all of my Macs in less time than its predecessor. This year, I may have already gone Mavericks-only across my whole household by the time you read this. Barring any unforeseen bugs or compatibility issues, Mavericks seems like a no-brainer upgrade to me.

And here's Yosemite:

Viewed in isolation, Yosemite provides a graphical refresh accompanied by a few interesting features and several new technologies whose benefits are mostly speculative, depending heavily on how eagerly they’re adopted by third-party developers. But Apple no longer views the Mac in isolation, and neither should you. OS X is finally a full-fledged peer to iOS; all aspects of sibling rivalry have been banished.

Do you see much talk about regression there? There are also post-Siracusa reviews on Ars for each macOS release up to and including Catalina.

>They release updates alright, but what about the quality? The fact is overall, macOS has gotten slower, buggier, and uglier with every release.

Uglier is pretty subjective if not downright wrong. The new dark mode is great, and the UI is as good as ever. What was better? The skeuomorphic years? The candy colored Aqua years?

Slower is easy: it's 100% wrong. In fact, can you show any number of it? If anything, memory compression and battery savings in recent releases made the macOS more performant, and dropping 32bit apps (and double-loading of the same libs for 32/64) even more so... And APFS is also a big improvement over HFS, and Metal is faster than the previous stack and has already given significant performance boost to FCPX and other apps.

I'm not sure what exactly you find "slower" then...


> Yes, and as I already wrote: "Apple has done that for both platforms."

Yes I saw it the first time. They certainly did it. But we're talking about how well they did it, aren't we? Usability and polish?

> I'm not particularly fond of Snow Leopard over other releases, nor I see much "regression since then".

You clearly aren't and clearly don't, but quite a few macOS users are, and do.

Here's a sampling of regressions for your perusal:

https://arstechnica.com/information-technology/2017/11/macos... https://furbo.org/2015/05/05/discoveryd-clusterfuck/

> Uglier is pretty subjective if not downright wrong.

If you like the new looks, good for you I guess.

> Slower is easy: it's 100% wrong. In fact, can you show any number of it?

I don't have any numbers. What I do have, is the experience running these successive releases on the same laptop. And it has definitely not been positive.


>Yes I saw it the first time. They certainly did it. But we're talking about how well they did it, aren't we? Usability and polish?

Can you be specific? What exactly is the problem with "usability" and "polish" of said features I've mentioned, like Metal, APFS, Swift, SwingUI, etc? The only credible example I could think of that's unpolished is Catalyst (for porting iOS apps to Mac, unified backend) which is a work in progress...

>You clearly aren't and clearly don't, but quite a few macOS users are, and do.

Bad for them I guess. I, however, linked to a pro and well respected OS X reviewer, so there's that...

>Here's a sampling of regressions for your perusal:

I can give you tons of reports like those for any version you wish. Here's from an article about the myth of the "stable" Snow Leopard:

"Initial experiences with Snow Leopard weren’t as blissful as more recent commentary remembers. The troubled rollout of MobileMe, iCloud’s precursor, was still an open wound. Soon after release, a major bug was discovered in Snow Leopard that would cause the home directories of guest accounts to be wiped completely. The issue was prevalent enough that Apple publicly responded and later issued an update, 10.6.2, to address the problem. Early updates to Snow Leopard were packed with fixes to a long list of bugs. A 2009 article from iLounge on Snow Leopard’s reliability is filled with comments from frustrated users, some considering moving back to Leopard. Time heals all wounds, right?"

https://9to5mac.com/2018/01/31/snow-leopard-became-reliabili...

>If you like the new looks, good for you I guess.

Are there many people on record that they don't like them? I've never read any major complaints about the "new looks" anywhere. In fact the Dark Mode was almost universally praised...

Not to mention the "new looks" are just incremental evolution (and mostly refinement) of how OS X looked since forever. What exactly don't you like? Anything concrete?

Prefer this look? (10.2):

https://zdnet4.cbsistatic.com/hub/i/2014/07/31/deed4628-185f...

Or this (10.4):

http://blandname.com/wp-content/uploads/2006/09/mac-os-x-104...

Or maybe this (Snow Leopard):

https://cdn.arstechnica.net/20090828/snow-leopard-leak.png

I'll take this at any day:

https://media.idownloadblog.com/wp-content/uploads/2019/06/m...

(Not to mention the dark mode)

>I don't have any numbers. What I do have, is the experience running these successive releases on the same laptop. And it has definitely not been positive.

Whatever...


> What exactly is the evidence behind this?

10.7 is where they removed Expose (replaced it with Mission Control) and it frustrated me to no end not being able to have rows of workspaces. It go so bad that was around the time I started doing everything in a Linux VM in Parallels. Lion was the last version I used, and at other places I worked, I just heard endless frustration about permissions, root access restrictions and other issues that are pretty specific to developers.

> In my experience in most definitely not "just work"

A lot of stuff doesn't when you need commercial integration, sure. Evolution-ews does mostly just work with Exchange though. You can connect to Docker containers without needing a VPN. Package management in most Linux distros is more straight forward and can update almost everything. You can add 3rd party repos and not be tied to an "App Store."

Linux does require some more work sometime, but I know how to fix things on it. I'm not digging through some Mac or Windows weird subsystem bullshit, trying to figure out why I'm getting permissions errors all over the place.


> the current monstrosity literally requires you to let it reboot itself on a 9-5 schedule.

* the previous monstrosity.

Windows will now let you carry on without updating until seriously important security updates are a month old. They really do have to force the hand of ignorant users eventually, else Microsoft gets blamed for an insecure OS.

I also don't understand where you get the idea that msft doesn't care about their desktop OS. They are basically overhauling it twice a year, for free. These larger updates do take 30 minutes, but, mind you, which is it: do they care too little or too much?


I guess I'm behind the times. Is the Candy Crush installer still in the Start menu? Do they still randomly revert telemetry settings on updates? What was that thing I read last week about no more local user accounts? Maybe all of these things have little asterisks on them, but at this point I don't care anymore.

Chrome and Firefox are also noticeably faster on Linux than on a fresh Windows install on the same machine. Don't know WTF is up with that, but this has been consistent for years.


> Is the Candy Crush installer still in the Start menu?

Yup.

> Do they still randomly revert telemetry settings on updates?

Yup. I've heard that this is a bug? Who knows, I just know I still see it flipping.

> What was that thing I read last week about no more local user accounts?

It's hidden behind the "Join a Domain" option, or triggers when you're not online. Dark patterns!


> > Is the Candy Crush installer still in the Start menu?

> Yup.

No. Windows now remembers that you have uninstalled these apps.


Then I guess I hit another bug! The dang thing returned on my last big update.

> Windows will now let you carry on without updating until seriously important security updates are a month old.

If I specifically tell it not to install, yes.

If I want it to automatically install everything, then give me a notice it needs to reboot? Then I keep having windows shut down in the middle of the night, right after installing, no notice, no "forcing the hand eventually". Has this changed in the last couple months?

At least they seem to have finally figured out how to get virus definition updates automatically while reboot-needing updates are set to notify.


> They really do have to force the hand of ignorant users eventually, else Microsoft gets blamed for an insecure OS.

Theoretically, Microsoft could restructure their whole OS to support hot code reloading of system components, such that nothing ever needs rebooting. I mean, nobody else does it, either; but it'd be neat, wouldn't it?


Apple has made massive improvements and regular upgrades to macOS since 10.6. I'm not really sure what you are referencing when you say otherwise, but as a Mac user full time at work and at home, you're simply totally wrong.

Windows 10 is quite usable, it's in use all over the world by millions of people. The home versions force a reboot when upgrades are required, but even those upgrades and the associated reboots can be delayed 35 days. The enterprise versions and pro versions can be completely controlled as they should be. Forcing upgrades is probably the best thing MS has ever done for the general security and health of the internet.

Linux is still today a piece of shit, as it has always been.

Apple ships zsh, not bash. If you want an upgraded version of bash you install home-brew and do brew install bash. Done. Or just use zsh because it's better.

If you are an xfce linux on the desktop user, you are very out of touch with modern operating systems.


Until Linux-on-the-desktop gives me the GUI workflow, a full OS stack of the likes of macOS, Windows, Android, it is going to be left as a travel OS for my tiny surviving Asus netbook.

For a couple of years I believed on the dream, nowadays I rather invest my time elsewhere.


Although I'm not personally a fan of it, I don't see what Gnome is lacking that you can get on those OSs you listed

GNOME, like KDE, still fail short of the full stack developer experience across all distributions, they focus mainly on the UI layer alone.

Something like macOS Frameworks, Android Frameworks, .NET/UWP.

https://developer.apple.com/documentation/

https://developer.android.com/guide/platform

https://docs.microsoft.com/en-us/windows/apps/desktop/choose...


About the bash thing: Apple isn’t allowed to ship a newer version due to licensing problems. That’s also the reason why they switched to zsh [1].

[1]: https://thenextweb.com/dd/2019/06/04/why-does-macos-catalina...


Yeah, I know. It's not just bash, it's a lot of their other userland tools too. It was sort of funny at first, and you can update them with homebrew and usually not break things, but at the end of the day... this is Apple's licensing problem, and yet I have to deal with it. That's stupid! I have scripts that run perfectly on my servers... why should I have to be a contortionist to test them locally?

They are allowed, it is just like everyone else on comercial world, they rather not deal with copyleft software licenses.

Which is a quite different issue.


AFAIK GPLv3 means (among other things) that if a company is slapped with an injunction due to a patent suit, you can't just license the patent for yourself - a patent license has to cover all GPLv3 usage.

They are allowed, but some of the legal consequences to the new terms in GPLv3 are worth stalling updates, choosing alternative system components and even rewriting components to avoid.


Apple is perfectly allowed to ship a newer version, they'd just have to share some of their special sauce. Not entirely unreasonable in my opinion.

Apple doesn't want to ship a new version because they don't want people to see how they've modified bash. I don't know what patents or top secret features they've added to make their version of bash incompatible with GPL, as they're allowed to ship GPL code in a closed source product just fine as long as they ship it as a separate binary, but it's more important than their users' convenience apparently.

Also note that Microsoft ships entire Linux distros without having a problem with GPL licensing.


> Apple doesn't want to ship a new version because they don't want people to see how they've modified bash.

This is just false, the old bash is GPL2 and Apple publishes the source for their bash on their open source compliance page. The reason they don't upgrade is the GPL3 patent grant clause, they ship the last GPL2 release for all GNU utils. The linux kernel is GPL2, so Microsoft doesn't have this problem.


Microsoft ships the entire Ubuntu, which does contain GPL3 code. Maybe they get away with it because it's not so integrated with the rest of Windows.

In WSL1 Microsoft only ships an implementation of the Linux syscall interface, the actual userland comes in the form of a tarball inside an appx package from Canonical, through the MS Store.

I don't exactly know how WSL2 works, but the main difference is that they now use an actual Linux kernel inside a lightweight VM, and that kernel's source is on GitHub. Userland still comes from appx-wrapped tarballs from Canonical.


It's not a GPL problem. It's a GPLv3 problem. Most likely the anti-tivoization clause. Linux, like the old version of Bash that Apple is shipping, is licensed under GPL v2.

I suspect Microsoft is also very careful to make sure they don't ship any GPL v3 components with Windows itself, even when they're available via separate download, because they want to be able to ship locked down devices.


That still doesn’t answer how MS is able to ship an entire Linux OS which obviously contains the newest versions of bash and many other binaries without apparently having licensing issues that Apple does.

They don't ship it though. The Linux subsystem for Windows is a different component. It's an image you download and run (might be community maintained too; not sure).

Locked down devices don't get to use WSL in the first place.

And I don't see what the problem is. Okay, so they'd have to let you replace the bash binary. That doesn't give you any abilities you don't already have.


In Microsoft's defense, at least the Windows 10 updates are now quick. Last week a minor patch for MacOS took 30 minutes on a 2019 Macbook Pro.

The four hours I spent cleaning up my dad's laptop last week beg to differ. I had enough time to make and eat dinner while it was updating, rebooting, and then cleaning up the updates. Maybe he hadn't updated in a while?

I made him a small Linux partition after clearing up enough space, and now everything runs so much faster that he refuses to boot back into Windows.


Maybe he hadn't updated in a while?

That shouldn’t make much of a difference, we only accept it as an excuse because it’s been the norm for so long.


WiFi, battery, and sleep. Have these problems been fixed with Linux on laptops?

Wifi: The advice from five years ago was to select/buy the Intel wifi card. Those are the only ones I've used, and they've all Just Worked. Intel cards are the only option if you're buying a Thinkpad.

Sleep and hibernate: Works on every Lenovo I've used.

Battery: My most recent laptop gets around 8-9 hours with a new battery on a normal workload, and when it drops to 3 hours, I buy a new battery.


On newer kernels (4.8+) and latest Ubuntu my Thinkpad L390 freezes consistently when I try to suspend. It's gotten a bit better with 5.0.0.31, now suspend works 50% of the cases when I select it manually from the menu, and the laptop is connected to power. Otherwise, 90% freeze.

Even my old trusty XPS 13 started not to go to sleep 1 out of 10 times. There must have been a serious regression in the kernel, but no one seems to care.

For this reason alone, I started to seriously consider giving up Linux on the desktop.


No Linux distro has ever just worked with Sleep and/or WiFi. My last Linux machine (Ubuntu) would never be able to connect to WiFi after sleep mode. Believe me, I tried everything you can think of and find in various StackExchange posts.

When a GRUB update destroyed my dual-boot setup and made my system completely unrecoverable, I ditched Linux and never looked back. Using OpenOffice or LibreOffice was also more akin to self-punishment usually seen in medieval monks.

As a student, all these problems were okay, but nowadays I don't have the time to constantly fight against my own OS to finally figure out that I have to adjust my fan speed rotation coefficient to make the third party WiFi driver work.


> There must have been a serious regression in the kernel, but no one seems to care

If the feature used to work reliably in older kernels, you could try and bisect the issue. There's a bit of work involved, but it's quite doable.


> Intel cards are the only option if you're buying a Thinkpad.

Not true. My Thinkpad E485 from late 2018 has either a Broadcom or a Qualcomm chip, but definitely not Intel. It works like a charm though. The bigger issue is the Realtek Ethernet NIC which has an annoying driver bug where it does not detect the carrier except when the cable is already inserted at boot time. Never buy Realtek if you can avoid it.


Tell my E585 and its craptacular Realtek card that. I ordered an Intel card but it's been in weird foreign shipper hell for weeks.

Depends on the hardware manufacturer.

But if you're a regular laptop user the bigger issue is trackpad feel, if you're used to Apple devices or the new Windows drivers for trackpads, it's not acceptable. You're better off switching the way you work to using a window manager and shortcuts, like most hardcore linux users do at some point.


I really wouldn't want to use a Linux laptop for work unless I had a WM installed like i3 or dwm, so I could completely ignore the awful trackpad. Apple may be bad at some things, but trackpads are not one of those things.

Can't argue with that! Lenovo trackpads seem to alternate between almost usable and utter trash every few years. I usually just plug in a mouse...

I just got a t480s and I feel the trackpad is my main complaint ... it feels kinda plasticky and the responsiveness isn't quite there (e.g. phantom dragging).

Overall, the quality doesn't compare to my 2013 macbook air, but it does have some newer features which're nice.


Lenovos have trackpoint; why would you want to use trackpad, when you have the nub?

Trackpoints slow you down, a lot. They're good for more precise work like dragging bezier handles, not so good if you want to navigate UI's imo.

They have acceleration just like mouse has, so moving the cursor is not a problem. For quick scrolling, there is the middle button + nub (granted, this is not easily discoverable).

That's a bit of a loaded question given the huge variety of hardware configurations out there, and the fact that most vendors only test with Windows. Linux hardware compatibility has improved vastly over the years, but I don't think it will ever be 'fixed' for all possible hardware configurations.

For wifi, anything with intel wifi will work fine. Atheros and Killer generally work fine as well. Basically, just stay away from Broadcomm and Realtek.

For battery, ymmv. the 2 most recent laptops I've used with linux (a dell xps 13 and a system76 darter pro) get decent battery life (8-10 on the dell, 5-8 on the system76). On the dell, the battery life wasn't much different than windows 10 on the same machine.

For sleep, this usually works fine, but can be broken on certain hardware. On the dell laptop sleep worked, but there was an annoying issue where sometimes upon resume the cpu would get stuck at the lowest frequency.

On the system76, I initially had an issue with a 10-20 second delay resuming from sleep but that was fixed with a firmware update. Presently, sleep/resume works without issue 100% of the time for me on that machine


People here seem to have had positive experiences, which may be due to a bit of fanboyism or Apple hate, but a relatively technically capable colleague tried to install Ubuntu onto a Dell recently, and failed: grahpics and network issues; no idea if it could sleep. Two days of work lost, so now he has a mac.

Sounds to me like your colleague did not use a laptop supporting Linux (did he try to ask Dell directly?), in which case it would not be "work" but amateur "tinkering".

Even if it does install and seem to work well at first, a non-supported device can break the OS install any time due to some driver / firmware change etc., and you'd have no one to blame but yourself — no promise was ever made by Dell or Linux that this particular device+OS would work.

It's just not what you should do in a business / work setting. We use supported devices — for Ubuntu, for RHEL, for ZFS, for pfSense, for VMware or Xen or HyperV, etc. — because we need someone to call when things don't work, and we need to be sure they just won't fail or break 99.99% of the time. Short of that, you're on your own, and it's no revelation that Windows works on all laptops but Linux simply doesn't — it works "most of the time", "with some caveats quite often". Blame manufacturers who don't write drivers for Linux (looking at you, Qualcomm, Nvidia...), blame OEMs who select those parts for their machines, but don't blame Linux itself — you get it for free with more than 4,000 drivers included last I checked.


For a fair comparision he should have bought one of Dell's laptop which come preinstalled with Ubuntu.

I didn't have any issue with Wifi and sleep on my home Dell XPS 13 9380 running Arch. As for the battery, well I followed the arch wiki recommendations (add a kernel startup parameter, and use tlp) and it is ok now but it does not just work out of the box.

It is still not on par with Windows (I kept it just in case). I get around 8-9 hours of battery life on Windows while on Linux it is more like 6-7 hours. But it is mostly due to the fact that Chrome/Chromium and Firefox don't support hardware acceleration on Linux and I watch quite a lot of youtube videos. There is a Chromium that uses the video acceleration API (VAAPI) but it comes from the user arch repository, there is now also a snap package (I haven't yet fully tried them).


All my Linux devices do a lot better under Linux than under Windows; Lenovo X220, MS Surface and GPD Pocket all run both but battery life is miles ahead of Windows for my use (programming and browsing for programming). I use Ubuntu with i3wm. i3wm is, I think, where most of the difference comes from; it is very light. And, imho, much easier to work with than mouse driven stuff.

Regarding sleep: Windows still doesn’t get it right - my daughter plays Roblox on my wife’s Dell laptop, as she’s 5 she just closes the lid with the game running when she’s done. I sometimes hear the fan going before I go to bed later, because apparently a “slept” windows laptop is still merrily letting whatever game was running render 60 fps with the lid shut. Bit silly, and probably awful for her battery life

The only real problem I have left with my XPS13 is with sleep/hibernate.

I’d like it to work like macOS. It seems like that’s possible but it requires a swapfile to save state to. As far as I can tell that means enabling virtual memory which is a no no on SSD.

Just that and I wish Bluetooth remembered the on/off state it was left in after reboot.


Both s2idle and deep ( https://www.kernel.org/doc/Documentation/power/states.txt ) are what you want, and work.

> Just that and I wish Bluetooth remembered the on/off state it was left in after reboot.

That's just a Qualcomm problem. The BT is completely broken. Fixed in the latest kernel for me.


I might be missing something but doesn't that still depend on swap space and having a swapfile and virtual memory set up?

I'm fine with having a swapfile but I don't want it used for anything other than Suspend-to-disk. i.e. I don't want the SSD being hit with multiple writes caused by VM.


No they just enter lower power states and keep everything in RAM. I don't even have a swap and it works fine.

Sorry maybe I'm not explaining what I want to very well.

On the Mac it will suspend to RAM but also dump to an image file at the same time. If the mac runs out of power it will later restore from the image once power is restored.

That's possible on Linux using hybrid-sleep and suspend-then-hibernate but they require a swapfile.

I haven't yet found a way to have a swapfile without allowing that swapfile to be used for virtual memory too. I worry that virtual RAM will eat my SSD.


How often do you upgrade your drive? If you expect to change it sometime in next 5 years or so, I wouldn't worry about using swap on SSD at all.

To be honest I hadn’t really considered that. I’ve never actually upgraded an SSD in a laptop.

I guess it may be more the thought that it will kill the SSD than the reality but it’s still something I’d prefer to avoid if there’s a solution.


> It seems like that’s possible but it requires a swapfile to save state to.

Has macOS solved this issue differently? Do they save RAM state to some non-SSD non-volatile memory, or do they just not care and dump it to SSD anyway?


I believe they favour sleep mode where the ram is powered on and the state is kept alive on ram. Only when the sleep time goes too long or battery starts running low, they dump into SSD.

It's not the swapfile that's the issue it's having the swapfile also be used for virtual memory.

If it was only used for suspend that would be fine because it would only be written to when you suspend the laptop, which in the grand scheme of things is pretty rare compared to writes caused by virtual memory swapping.


Mac OS does the same in this regard though, but in my experience neither Mac OS or Linux are particularly aggressive at using swap anyway.

Yup, macOS dynamically allocates swap files on disk when they're needed - that's why you may see 0 swap space in htop, which doesn't mean that it doesn't use swap.

That’s interesting. I wonder can Linux be persuaded to dynamically alter the swap space from 0 as part of the suspend script?

I think if you were to use a swapfile and set swappiness to zero it should behave like this.

Brilliant! I think this is the going to be the answer. Have the swapfile but use swappiness to tell the kernel not to use it day to day. Thank you :D

I switched to a t480 w/Debian from a macbook pro due to battery. Same apps, I get 8h vs 1.5h with VirtualBox running a VM, or 12h (vs ~2h?) without.

WiFi works. Sleep is "meh" compared to the Macbook, but that's on me for not having a swap partition.

Happy with my switch so far, and it's been 1y3mo


Yes. Since ~5 years I haven't had a single problem with any Laptop (I'm mostly using ThinkPads, the newer ones, here even the Multi-Touch-Trackpoint and touchscreens perform better than under Windows).

My thinkpad X1 carbon works just fine with Arch Linux. Though you do occasionally need to refer to the wiki to fix things. It's usually pretty painless.

Unless you buy the most recently released hardware, yeah. (For example latest ryzen has issues) Hardware and sleep pretty much works for an average consumer. Even HDR support is almost there.

"Battery" is not one thing, so can't answer. Does idle draw count as an issue? Do services you can switch on/off count as a battery issue? In comparison, does MacOS indexer out iCloud sync going crazy count as a battery issue?


Latest Ryzen issues have been fixed btw.

Never had such issues in any laptop I bought over past 15 years. It's just a matter of choosing good hardware.

Yes. Buy a Lenovo and these work out of the box as you expect. In fact I get better battery life than under windows.

Chromebooks. You can now run a full linux distro securely on a Chromebook too (alongside the Play Store).

> OS X since Snow Leopard

10.6 was my last favourite release. Lion (10.7) removed expose (no way to put it back in) replaced it with the terrible Mission Control (removed having multiple rows of desktops. Now you just had one long row. Expose no longer split out all windows so you could see them; it grouped like windows together without the ability to turn the feature off)

I've personally been using Linux at all the jobs I've held since 2012. I use it at work and at home, with my Windows machine being exclusively used for games and photo editing (I have some workflows with Darktable, but I still really prefer Lightroom).

Linux is a great development platform and tiling window managers (i3/swap, xmonad, awesome, etc.) really make it shine if you're willing to put in the effort to learn them. I'm lucky I've been at four different companies that either allowed or encourages developers who wanted to run Linux exclusively. These days I ask about it in job interviews and don't continue down paths where a Mac is the only option.


> Microsoft apparently agrees -- they chopped up the Windows team last year, pushing out the Windows chief and dumping the remaining re-orged husk under Azure.

Do you have a reference for this? This seems like pretty big news.


A quick internet search finds news articles from March 2018, for example:

> the Windows and Azure platforms are being combined, operating under Jason Zander

https://arstechnica.com/gadgets/2018/03/windows-leader-terry...


I like my windows 10.

I also like my arch Linux as well.

Even my MacOS rund stable enough that I don't have any issues with that.

But if you don't keep your Debian up to date the chance that you can't longer upgrade it is high. After 1-2 years.


You can update Debian many years later. I just updated a system over multiple versions no problem.

Yes, you can upgrade after several years. But you can't skip a version. If you started at 8, you need to upgrade to 9 and then to 10. Can't skip 9.

Sure, but all versions of Debian are still available so I don't see why that is a problem... Except as an annoyance due to the extra work.

I had packages just gone on enough occasion s.

Angry or not, it doesn't matter. If you're angry and you give your money away, nobody cares. But, at the same time, if you're cheerful but you keep your money, you may start to influence things.

As of Catalina, Apple has switched the default shell to zsh and nags you when you launch bash.

That said... I agree. Between this, the abysmal keyboard failure rate, and some of the user-hostile choices they've made, I've switched to a Razer laptop.

Windows 10 Pro lets you avoid most of the jank, by the way. But, I'm only on it as an eventual migration path to something running XFCE (my favorite wm due to its out of box usability).


What’s so upsetting about switching the default shell to zsh? It’s compatible enough that most users wouldn’t be able to tell the difference.

Besides, licensing problems would persist no matter how much more effort Apple is willing to put into macs.


They have a big shared codebase between iOS and macOS, so them adding GPLv3 tools can end badly with the anti-tivoization clauses.

You mean they have GPLv2 code in iOS?

Yes they do.

Amazingly, the message is actually hard coded into the bash binary, rather than having been done via an rc file – so it can't be disabled in any obvious way I can see.

export BASH_SILENCE_DEPRECATION_WARNING=1

Thanks!

Wait what? Why/when did they do this?

What are you asking?

Why/When MacOS transitioned to zsh?

Why; because bash became GPLv3 at some point in history and MacOS couldn’t update their version of bash. (The last GPLv2 version).

When; was catalina (just released)


I would agree. We should be angry. Especially with news, if they are correct, that you prohibited to install linux on newer Macs. As I understood you can boot linux from external flash drive, but it's not the same as installing it on internal storage. Did someone tried to install Linux after installing Catalina, I am afraid of a few surprises there ...

AFAIU you're not prohibited, it's just matter of drivers. Apple uses some non-standard approach to disks which Linux did not implement yet and Apple does not care about Linux to add that support themselves.

Apple seems to be forgetting their own credo against nag-based security:

https://i.imgur.com/qbUy5aH.png (from an ancient WWDC slide mocking the Windows approach.)

They may have overdone it in a few cases, and not done anything where it's really needed (like a unified list of all third-party startup items, such as Google’s sneaky Keystone malware, or seeing all outgoing data and connection attempts like Little Snitch shows), but as other commenters have mentioned, it lets me catch various apps overreaching into my computer for things they just don't need to function, and I definitely appreciate that.

Another thing I wish they would do is provide an infallible way to verify system password request dialogs. Not long ago DropBox used to show you a fake dialog that then stole your administrator password. There should be a list inside System Preferences where you can go and see all the authentic password request dialogs that are currently being shown.

In short, they should move away from nagging to better monitoring and reporting.


> Not long ago DropBox used to show you a fake dialog that then stole your administrator password.

Wow. What the hell? Can you provide any sources to read about this more?


https://applehelpwriter.com/2016/07/28/revealing-dropboxs-di...

Dropbox imitated a system dialog box in order to get your password to give itself system level permissions without asking you.


Thank you.

I am speechless on the behaviour from DropBox.

I wonder why I have never heard of this and I do not remember any major security scandal regarding DropBox stealing your admin passwords, but maybe that information just went around me for some reason.. :)

EDIT: I wonder how this was implemented, I imagine that any app, can recreate a pixel perfect dialog imitating system dialog asking for password and steal your sensitive information, though how can app add itself to accessibility list programatically? I am not knowledgable of MacOS API and somehow I think apps should be prevented to be able to do this on their own. Was it a MacOS security bug? What else DropBox did "under the hood" with admin password that we do not know of yet?


It was the OS dialog which allows apps to customize the prompt text. No need to fake anything. That article was wrong.

Check the HN discussion from back in the day


Only, it wasn’t a fake dialog. This is the normal OS sudo dialog which has API to allow the prompt text to be set by the application.

The text could have been more specific what they need root rights for and how necessary the root rights are for continued usage, but they did not fake the dialog.

It’s so hard to correct wrong information from the past. Even though discussion stemming from that article has shown that it was the system dialog, all people remember is the misinformation (albeit possibly inadvertent misinformation)


Safari is also vulnerable to phishing popups that are indistinguishable from Apple popups.

https://privacylog.blogspot.com/2019/06/safari-zero-day-any-...


> Another thing I wish they would do is provide an infallible way to verify system password request dialogs.

You are requesting trusted path (https://en.wikipedia.org/wiki/Trusted_path) for windows the ctrl-alt-delete sequence is apparently used to implement their trusted path, so it should have been designed to foreground its own active windows, minimize non trusted windows, or similar.


In my experience, Trusted path and Trusted UI tend to fail due to significant UX challenges. It tends to be quirky and require user training.

In my experience, this could be said for virtually every security feature, particularly when new to users. But I still find it worthwhile to fully/correctly implement security features even if they might not be correctly used. Many correct security features have gradually become commonly understood in most communities to everyone's benefit, while most short cuts have eventually caused major problems that are made doubly bad by reputable firms having invested in training users to accept a solution that could only be implemented in snake oil.

The Apple dialogs fwiw are at least easy to understand, and are distinctive for each security nag type. Having used Catalina in public beta over the last month it really does not feel like using Windows Vista, you get asked once for each application and after that, nada. The experience would be far better if macOS did not re-launch every open application after installing a major OS update so that the dialogs could be drip-fed as each app was used.

I do agree that better monitoring and reporting would be better, but these nags are for basic folder access and notifications. I do find it strange however that macOS now requires permission for an app to send notifications, whereas it is no longer required to provisionally send notifications to a user on iOS (until they turn them off).


For those curious about the WWDC session that slide is from, I can't find the exact session and timestamp right now, but the same things were said as far back as WWDC 2011, in Session 203: "Introducing App Sandbox"

Which..is a little harder to access now:

https://meta.stackoverflow.com/questions/387070/apple-has-ju...


The "nagging" approach seems to work well on mobile, at least with targeted permissions. I don't know how it is on iOS, but this seems very similar.

> https://i.imgur.com/qbUy5aH.png (from an ancient WWDC slide mocking the Windows approach.)

That's funny



I understand this is chaos, but it's chaos because it has to be. There's no way to move users from an world of opaque "if it's an application, it can do anything it wants" to a world of "applications should ask me when they want to do something" transparency.

The idea that Apple doesn't care about the Mac because it's trying to explicitly improve our privacy and security is … weird.


Agree that it is overall an improved experience. After upgrading, I discovered that a VPN app wanted access to my Documents folder. No reason it would need that, so I simply denied it. Lo and behold, the app continues to work just fine as expected. IMO, this alone is a big reason to upgrade to Catalina.

I wonder if maybe it just stores a settings file in there or something?

I've seen similar things with apps that request access to Dropbox or Google Drive just not being scoped granularly enough, so they just ask for access to your entire account to control a single file or folder. Which leads to a shitty situation, either you give up functionality like being able to declaratively override settings and sync them between machines, or you compromise your security and allow access. There's no way the PM for the product actually cares about granular permission scoping, so of course nobody actually implements in a safer way where you don't have to make this choice.

I haven't looked closely at the new MacOS permissions and how granular they can be, but I'm kind of curious how this will turn out. I suspect the average person will just get used to clicking allow on everything, so developers won't actually care about only asking for what they need, and not much will actually improve about security. But I hope to be proven wrong.


Apple provides APIs for saving app settings in the app's sandbox. They require no additional permissions.

You're probably right that it's not nefarious in this app's case, but rather just developer ignorance. But even so, this is the right path to nudge developers towards better security practices.

Also, the permissions are contextual. I didn't see this dialog until I launched the app. Similarly, the first time an app wants to show a notification, the system prompts you to allow / deny it. I'm sure Apple can polish this more over time. But I will take this over the "nearly full-system access by default" paradigms that dominate desktop OS's.


Settings should be under ~/Library somewhere (perhaps ~/Library/Preferences?) and not in the Documents directory.

I've seen a number of apps that store settings or presets in Documents. Kind of the same ideas as dotfiles in your home directory, which seems pretty reasonable and I don't think there's one agreed right place for any of this.

A nice benefit of storing them in Documents is that it syncs to icloud automatically even on the free tier, so you can share it between all your computers.


Another issue that comes up in these scenarios is after denying to change your mind. How do you give the app access now?

It's often not straight forward and often getting in some system settings somewhere. Android has this problem.


Had the same concern, but the dialog tells you how to change it. Not only that, it'll take you directly to the correct location in system preferences, where all the apps & their permission status are listed.

So what you are saying is that you don't trust the application to access your Documents folder, but you trust it with creating a VPN tunnel to keep your network traffic safe?

uhmm....

To me, it seems that if the Documents permission dialogue in fact caught the app doing anything bad, it should remove all trust for the app and the developer. It's all or nothing, really.


No, what I'm saying is that a VPN application does not need access to my Documents folder, and if it tries to access it, then I'd like to know about it.

Nor do I entrust it with all my network traffic. As to whether it warrants completely removing the app or not, it's up to the user to decide, isn't it?


It's a bad onboarding though, full stop, and not very Apple like. For example, I imagine there could be a way to present the user a screen with all apps, and ask the user on one screen to check/uncheck any that it would like to receive notifications for.

Similarly, for the apps requesting access to various things, if I were Apple, I'd wait a bit and then present the user a list with the apps requesting access, explaining why it's happening, etc.

So two simple screens with clear explanations and helpful advice, versus a million baffling popups.


”I imagine there could be a way to present the user a screen with all apps, and ask the user on one screen to check/uncheck any that it would like to receive notifications for”

All 150+ apps (I don’t know how many are installed by default, but I have 277 on my system), many of which the user won’t even know he has installed? (I just found out I have an “Adobe Air Uninstaller” and two “Abobe Air Application Uninstaller”s, something called “Computer.app”, and 11 different Java 8 updates, for example)

And no, I don’t think such a dialog would be useful because users could delete applications they “don’t use” from there. The average user simply doesn’t know which applications he doesn’t use. I certainly don’t.

I think they could do a bit better, but I don’t think this problem has an easy answer. For example, they could exclude all Apple apps from these questions, but I suspect that would (rightfully) give us “Apple gives its own applications preferential treatment” complaints.


I disagree but only for one major reason: the entire reason this is coming up is because the OP is using an old version of Alfred that wasn't prepped for the new permission settings of Catalina even though there's a fully compatible version that's been released since. The vast majority of users will never, ever get something this obnoxious so it's not a bad on-boarding experience as much as it's a side effect of running old software.

I don't know the numbers, especially as companies have pushed hard to change upgrade habits. But unless they're forced by automatic upgrades, most people wait years to upgrade. Even if they are upgrading because they get new hardware, they run all those migration assistants and such to copy everything over.

I'm sure they do but, as in the case of Alfred, they're notified multiple times that there is a newer version and that their OS may not support all the features of the app and vice versa. You have to explicitly ignore the dialog boxes and install the new OS anyways to get the behavior being demonstrated in the OP.

Surely many users have at least one piece of software that is a bit old.

This Mac notion of "if your software/hardware wasn't purchased this week, it's unsupported" is not a good look.


If you have one window, with checkboxes, the window would need to start with the boxes all unchecked. And users, being users, would then demand a way to check all of the boxes. And then what would the point of the notifications and requests be?

If they didn't, people would complain that they had to click all these checkboxes, and then missed one.

Or the window wouldn't have room for applications to explain why they needed that access.

Or they would, and users would maybe read the first one, but skip others.

There is no "better experience" which doesn't sacrifice the point of the prompts.


Yes their recent trend of moving user privacy to the forefront is one of the few really positive trends i've seen out of apple in the past 2-3 years. Ignoring that the questions being asked by the OS are good is very bizarre.

Yes their recent trend of moving user privacy to the forefront is one of the few really positive trends i've seen out of apple in the past 2-3 years.

Apple has moved privacy to the forefront for a much longer time. Apple was the first to roll out end-to-end encryption of messages to hundreds of millions of people (iMessage 2011), the first to roll out end-to-end encrypted (video) calls to hundreds of millions of people (Facetime, 2010). They introduced the secure enclave, which was quickly used throughout the OS with iPhone 5s in 2013.

Whatever reasons they have (and despite their failings), they have been pushing privacy for almost 10 years now.


I expect applications to have access to my desktop. I do not need to be asked. It would be like asking permission to access my clipboard, or use my speakers, or read my keyboard.

If you bombard users with dialogues for every little thing, all you will do is train them to habitually click yes. Now you have lowered security, because users will ignore the more serious warnings too. And you've wasted everyone's time in the process.

This was exactly why UAC dialogues were largely a failure. And to think that UAC appears only once per app...


You expect applications to have access to your desktop?

You should only ever expect the user to have access to the desktop and, even then, the only apps that would ever prompt for access to the desktop are those that aren't updated for High Sierra and above. On the latest versions of macOS, the Desktop folder is shared by iCloud. This is definitely not an instance where security has been lowered nor is this the standard behavior of the new OS.


> You expect applications to have access to your desktop?

Yes! That's what applications do, they read and write files. Most other software is, more likely than not, either a game or a web page.

Does every app need to access my desktop specifically? No. But if we're trying to protect "normal users", I don't think most of them have the wherewithal to think through "what exact locations does and doesn't app X need to access?"


But they should only read and write files that you give it permission to. E.g, Word should only be reading and writing whatever files you open to edit, it shouldn't be able to access all the files in your Applications folder. If it needs temp files it can write those to it's designated section of the file system.

Sure, if applications are able to do things in the exact way Apple imagines. Unfortunately, the real world is almost always more messy—there's always at least one exception that isn't provided for by Apple's sandbox. Look at how many Mac apps offer both stripped-down Mac App Store releases and separate, more robust versions if you buy from their official websites.

I'm by no means against Sandboxing, by the way. I think it's great that if you want to buy and use sandboxed apps—and are willing to accept more limited functionality as an occasional consequence—the Mac App Store provides that option for you. However, there needs to also be an alternate path, by which I can say "this is an application I trust, please let it do its job."

There should, of course, be several different permission levels—Parallels needs its own kernel extension, most applications don't. Permission prompts are an important part of enforcing that. And that's precisely why prompts need to be use sparingly—if you bombard the user with too many of messages, they'll ignore all of them.


It should read and write whatever files it needs to without bothering me for every little thing. For instance, supposing they want to show you a welcome screen with all of your documents from your Documents folder (or anywhere else) - I don't want some asinine popup asking me for permission. Word is a well-known application. I installed it. I trust it and the corporation that wrote it. That's enough for me.

The alleged problem is not even solved by a permission dialog. I should answer OK to the fact that it needs to access all of my Documents, forever, and that's supposed to be more secure? Why not just ask me for permission to my whole drive so it can scan for documents everywhere? Apps will just start asking for more and more permissions like they do on iOS, which is annoying.

macOS is slowly but surely being turned into iOS. It's software for the lowest common denominator - the average idiot - which I'm not, at least when it comes to technology.

Thankfully, my workstations are all Linux but I still have to deal with both macOS and Windows on a daily basis. But at least on Windows, the permissions annoyances can be avoided by simply not using UWP apps from their app store. I hope there's a way to turn this off on macOS but knowing Apple I doubt there will be because clearly they're on a mission to wipe macOS off the table. Perhaps that would be a good thing though. More people will move to Linux.


For instance, supposing they want to show you a welcome screen with all of your documents from your Documents folder (or anywhere else) - I don't want some asinine popup asking me for permission. Word is a well-known application. I installed it. I trust it and the corporation that wrote it. That's enough for me.

But this is not how it works. Word from the App Store is sandboxed. If you open a document in Word, this is done using the native file opening dialog. This is a separate, privileged process. The file is symlinked into Word's sandbox as a result. This means that Word has access to that file from that point onwards. So, it can show a welcome screen with documents that you have previously opened (which is what applications typically do, very few applications will show all documents).

This is how things have worked ever since Apple required sandboxing for App Store apps. The problem is non-App Store apps that are not sandboxed. They have unfettered access to every file. I guess these extra permissions are to provide a certain level of protection against such apps, which is good.

Word is a well-known application. I installed it. I trust it and the corporation that wrote it.

There are many well-known incidents of trusted applications being compromised and backdoored. E.g.:

https://blog.malwarebytes.com/threat-analysis/mac-threat-ana...

To make things worse, the hash was updated in Homebrew cask. So even if you used a package manager, you would have installed a compromised application. Trusting applications may have been ok in the age of shrink-wrapped software. But now that applications are distributed over the web, allowing unfettered access is insanity.

More people will move to Linux.

The Linux ecosystem is also moving towards immutable base systems (Fedora Silverblue, NixOS) and restricted, sandboxed applications (Flatpak). Sure, it will always be possible to install a 70ies UNIX-style distribution. But the world is moving to sandboxing and putting up more restrictions, because the computing world became more hostile.

macOS is slowly but surely being turned into iOS.

This is getting tired and old. People said the same thing ten years ago and yet here we are, macOS is still an OS for 'general purpose computing'. I think Apple is finding a nice balance between securing the average user through sandboxing and SIP, while keeping giving the knobs to disable protections to advanced users. I say this as someone who currently uses Linux 95% of the time, but I wish Linux was as far as macOS with application sandboxing and system integrity protection.


> People said the same thing ten years ago and yet here we are, macOS is still an OS for 'general purpose computing'.

Well, the "slow" part can be slower than ten years. It might just still not be there, but compared to how macOS was 10 years ago, it does have more iOS-like restrictions nowadays even if it isn't full-on iOS.


> But this is not how it works. Word from the App Store is sandboxed.

Yes, that is how it works. Sandboxed apps can absolutely request access to an entire folder. See here:

https://developer.apple.com/library/archive/documentation/Se...

> An app-scoped bookmark provides your sandboxed app with persistent access to a user-specified file or folder.

But all of that isn't really relevant to what I was saying. You're bringing up technical details about how sandboxed apps work. I'm saying that sandboxes suck and I don't want them, particularly from Apple who will just use security as an excuse to take away more of my freedoms.

> I guess these extra permissions are to provide a certain level of protection against such apps, which is good.

I would rather not trade my freedom and liberty for even more annoying and absolutely useless security measures. You see the top comment on this thread now right? It's about how useless these dialogs are and how Apple has actually argued against them in the past.

> There are many well-known incidents of trusted applications being compromised and backdoored.

So? Don't update right away if your OS manufacturer can't be bothered to run a properly curated package management system that vets packages before anyone installs them.

> But now that applications are distributed over the web, allowing unfettered access is insanity.

I've been using desktop software for 30 years and for 25 of them, I've been downloading it from the Internet. My simple security measure are to verify sources, turn off automatic updates, don't update right away and read the news. Haven't had a problem yet.

> The Linux ecosystem is also moving towards immutable base systems (Fedora Silverblue, NixOS) and restricted, sandboxed applications (Flatpak).

Some Linux distributions are moving towards that. Anyway, I'm fine with immutable base systems. I'm even fine with sandboxed apps, as long as the permissions request infrastructure isn't annoying as it is in iOS and now macOS. And, as long as I can still install non-sandboxed apps without any further useless annoyance.

> This is getting tired and old.

No it's not. It's getting one tick closer with every release and if you want, we can certainly detail each time that macOS has changed to become more like an iPhone. Some part of you must realize that this is exactly what Apple would love to do as quickly as possible but they won't risk alienating users just yet. Do you really not see how Apple has been moving towards a less general purpose computer?

I mean, I wouldn't even call macOS "general purpose" to begin with because you can only really install it on Apple hardware. Right from the very start with Apple, their OS has always been more like "Apple purpose" - software that you can only use for Apples purposes.

> macOS is still an OS for 'general purpose computing'.

Yes, for now. Just a little bit less with each release.

> I wish Linux was as far as macOS with application sandboxing and system integrity protection.

No thanks. The world needs less security theater, more actual security and more freedom to use our own bodies and properties as we wish.


Applications can write files perfectly fine without the ‘can access the desktop’ permission. When you tell the application to open a file using the system dialogs, the system automatically grants the application access to read and write the file.

The permission is needed only when the application wants to go around the normal way of opening files.


The typical desktop for most user is a dumping ground for whatever it is they are currently working on. Or in some cases more or less anything they've been working on for the past years. A dumping ground full of potentially sensitive documents, work-in-progress files that are not supposed to leak beyond the computer, etc.

Do you really think any application on your computer should be allowed to read and write them because "that's what applications do"? 90% of the 'applications' on my computer I didn't even install myself, like uninstallers, updaters, helper applications, background services, whatever. These have no business looking at files in my Desktop folder. And particularly not if its on iCloud and shared with other devices like my phone.


Applications do not need permission. The user that is currently controlling the application needs to be able to use that application to read and write files but there's no reason that the application needs access when it's not in focus and, with the sandbox model in Catalina, applications have the ability to ask for explicit read/write permissions without prompting the user if they've already given access to install it.

The biggest protection here is that the folder is shared via iCloud in most instances. Asking for explicit permission is really the only way to do that safely.


> I expect applications to have access to my desktop. I do not need to be asked. It would be like asking permission to access my clipboard, or use my speakers, or read my keyboard.

I would like to know if an application:

- Is scanning the contents of my documents or desktop outside of files I specifically selected or it previously created

- Is monitoring data going on the clipboard

- Wants permission to make alert sounds or play other audio even if my sound is silenced/muted

- Wants to listen to my microphone

- Wants to monitor sound being output by other applications, such as VOIP

- Is monitoring for keystrokes even when it is not in the foreground.

> If you bombard users with dialogues for every little thing, all you will do is train them to habitually click yes. Now you have lowered security, because users will ignore the more serious warnings too. And you've wasted everyone's time in the process.

If the new permissions were about security, they would all be denied and applications would have to figure out how to cope. They are about user privacy.


> If the new permissions were about security, they would all be denied and applications would have to figure out how to cope. They are about user privacy.

As I see it, those are the same things within this context. The effect is the same. Users are just going to click yes. They aren't going to think through "what other files are on my desktop right now?"


> I expect applications to have access to my desktop. I do not need to be asked.

You mean the place where your mom stores her confidential banking statements ?

> It would be like asking permission to access my clipboard,

You mean the place where you often copy paste passwords ?

> or read my keyboard.

You mean the place where you type your sensitive infos ?


This is precisely why I chose those examples. My keystrokes contain sensitive information—the ability to read them comes with enormous potential for misuse. However, if my keystrokes can't be read, my keyboard isn't useful for much.

At some point, the only way to be truly secure is to switch off the computer—that's why voting should be done on paper ballots! Once a computer is switched on and connected, everything is a tradeoff between usability and security. Personally, I have work to get done.

At what point is Apple the only one able to make useful software? And by the way, while Apple is pretty good at user privacy, they are by no means at the top of my list, particularly after the whole Siri debacle.


Not being asked to grant all permissions that an application wants up front (before you even get a chance to use the app) has a positive impact on the user experience.

If the application asks for permission to access my contacts only after I select an option to share information with others, for instance, I can feel more confident about granting that permission.

Asking for all permissions up front is the permissions model that Google just abandoned.


Apple could have figured out a way to coalesce all the individual pop-ups into a single window. I'm sure they considered it and deemed it not worth the effort since this is a one-time pain... of course it's one-time pain shared by millions of users. :-(

An individual window would have completely destroyed the point.

The point was to make you aware of what permissions the applications you use require access to.

And to get explicit permission from the user.


An individual window would have completely destroyed the point.

Hardly. Apple could have used the OSX installer to scan two or three common locations for applications and do a bit of static analysis. Apple could have put the permissions notifications in the notification center with an annoying nag screen every hour or two for the first ~30 days turning into an immediate prompt after that (or after all detected programs have been processed).


If a program calls fopen, how is static analysis going to help?

It will just know that the program will open a file of some kind, not the location of said file.


That sounds like deeply awful UX.

That sounds like deeply awful UX.

Indeed, almost as bad as popping up countless dialogs per application.


Ah, yes, the tyranny of using the mechanism designed to ask a user to read and confirm something to read and confirm multiple somethings.

Ah, yes, the tyranny of using the mechanism designed to ask a user to read and confirm something to read and confirm multiple somethings.

So what's the point then? To inflict more pain?


You could do that within a single window.

How?

It shows it at the point of access request. If 2 programs request access 5 minutes apart, how would you show that in a single window?

Do you suspend the first program and wait until another application makes an access request? What happens if another doesn't make a request in a given time period? Will the user wonder why the first application has stopped doing anything useful for 5 minutes?

Honestly, how would you show this in a single window?


You certainly could, however I guarantee a huge majority of users wouldn't read a lick of what they were agreeing to.

Individual popups don't completely solve this, but it makes more obvious that a specific application is requesting a large amount of permissions. They're a bit more digestible to the crowd that won't bother to read an alert longer than one line.


It’s not like an overwhelming majority of Mac OS users has configured their machine to auto start a vpn, a virtual machine server and all these fragile utilities.

I doubt any regular user is going to see anywhere near this amount of warnings.


I don't know about this somehow being proof that "Apple doesn't care about the Mac" or something, but I remember distinctly when Apple themselves, and the fanboys, were ragging on Microsoft for UAC (which really only asks you to confirm occasional administrative operations).

As for the general quality of Catalina, there seems to be a deluge of amateur-hour flaws that affect real workflows for real users.


I disagree that there's no transition.

This looks like a pretty good alternative:

https://www.andrew.cmu.edu/user/bparno/papers/user-driven.pd...

Instead of the OS displaying an annoying prompt when the application tries to use a privilege, the application embeds an OS-drawn access control gadget inside its UI, such that the user interacting with the UI grants the privilege.


Actually not far from how it works on macOS. Usage of a system "open file" dialog automatically creates a permission for the application to access that file from inside its container.

https://developer.apple.com/library/archive/documentation/Se... (search for "Powerbox")


macOS does something similar already for file open/save dialogs: they’re drawn by a trusted OS component instead of directly by the app, and the user’s act of selecting a file grants the app permission to access that file without an additional dialog.

> a world of "applications should ask me when they want to do something" transparency.

Why not make the user know what applications do: which files, ports, devices it has to access, and what data it emits, to begin with?


Very well said. It is a rough upgrade, but a step forward in security and privacy.

Second this. It's a major security update that allows you to re-evaluate and more precisely manage access rights that your existing apps have. Not sure what "super user" author is really sad about. No one is keeping him from using windows.

Erm, preferring the old Apple experience (or even a perceived old Apple experience) to the modern Apple experience does not necessarily mean he would prefer the Microsoft experience to the modern Apple experience...

I don’t think that’s intentional though. Otherwise a proper way would simply be to prompt the user with something like « you’ve just upgraded your system, would you like to take this as an opportunity to reevaluate all your applications access rights ? ».

Almost every user clicks no and moves on with their life and then we’re put into a weird situation where apps installed prior to Catalina have a ton of permissions and apps post Catalina have comparably few.

You could say this is fine but it does demonstrate that something bad probably happened because we’re they presented the immediate option for existing apps they would have made a different choice.

Right now I have iOS 13 and it’s been great to see how many apps want but 1000% have no need for Bluetooth access — it’s nice to not have to comb through settings and revoke them manually.


It really says a lot that he has no provision for comments on his posts.

It's just change = bad without looking at what is being changed and why.

The "privacy" dialog popups are just marketing. Sure, there may have been an issue with a few bad apps, but Apple found a way to continuously remind you that they are the only ones that 'care about your privacy'TM. Meanwhile, they still happily take Google's money to make it the default search engine in Safari.

… how is an actual functional limitation imposed on applications through an operating system's APIs "just marketing"?

If you click deny, BEHOLD, the application is denied that permission.


I don’t think you read the post properly : all those popups appeared after an OS migration. I don’t see why upgrading the OS would need you to reauthorize apps, and even parts of the OS like icloud shouldn’t require you to relog (unless the security mechanism of icloud itself has been upgraded to a new system with no migration possible of the credentials).

These are new permissions that didn’t previously exist.

No, they are new restrictions that didn't previously exist.

Users were already "owned" before Catalina, so waiting 5 minutes to avoid spamming 100 popups isn't a major risk.


This isn’t a “step forward in user privacy” or whatever the others here are saying. It’s a mess and very poorly executed UX.

Users will tend to feel overwhelmed and just click through modals when they are presented in this way. Displaying stacks of modals is an anti-pattern.

The right thing to do would have been to create a migration UX that allows quick review and audit of application permissions, presented in a table, sorted by applications that are requesting the most permissions. With a clear explanation of what’s happening and why a review is now needed. That would be a step forward in user privacy and informed consent.

Anyone defending such an abomination of UX should have their software designing license revoked.


FWIW, every program looks like one that usually is set to start at startup; the intent is to have the dialogue only show up when you start an app for the first time. Since so many background apps were running at startup they all slowly needed to ask for their permissions.

> create a migration UX

Might not be possible if the previous MacOS isn't full-on tracking what folders a program is accessing, and it still would likely encourage allowing all permissions if the user has more than 30 different programs accessing enough folders.


Have a migration tool window with table where all requests are appended instead of popup being displayed. Blink that tool anytime a new requests comes in, have explanations on migration tool window. Apps who ask for permission will be hanging in background until you approve/deny permissions from migration tool. You can do migrations on your time when you need particular app, and not be forced to choose permissions for all apps at once.

If you were ok running your previous apps you should also be ok with gathering usage data for a week before the OS attempts to do a hard cut-over to a more secure model.

It seems like this would be very difficult to implement securely. You basically would have to preserve the old, unsafe mode and hope that nobody circumvents whatever restrictions you put in place to make sure that it only applies to the pre-migration apps .

If all of 10.14 were tracking it there probably wouldn't be much issue, but i'll bet the average MacOS user doesn't have more than 5 startups apps that would show this dialogue; that combined with this happening exactly once during the upgrade process means it's not a big priority for Apple to address.

It's a huge step forward, because some of the bad actors that have ruined mobile by abusing every possible API to read whatever they can get their hands on are also developing for the desktop.

The article is a pathological example anyway, because I got zero prompts even on my work machine.

And Vista was a good step forward also back then, but people can't be bothered to take care of their data.

This is why security work is such a slog, you're dealing with motivated, well funded attackers that only need to succeed once, while the people controlling the key to the castle are mostly nincompoops.


The article is asking the wrong question. He’s asking “Why is Apple doing this to me?” when Apple is just the messenger. He should be asking “Why on earth are all these little 3rd party utilities running at startup and asking for all of this access?”

Personally, if I encountered this mess, I’d be shamed, inspired to meditate a bit on my own personal computing hygiene.


Indeed, and just like in the real world many computer users do the equivalent of not even washing their hands after using the bathroom.

Any chance you work in corporate IT security? Sounds about right. Treat your users like dummies, maybe shove a dozen “security” dialogs in their faces, and have no qualms about disrupting their workflows or providing crappy experiences.

But what experience would you recommend here instead? If 2 programs that require access start 5 minutes apart, do you stop/suspend the first one until another program starts and then show a dialog listing both for a good "experience"? What happens if another doesn't start for a while? Do you show the dialog after a certain time period? How can it see into the future and know what other program you are going to run in order to show the items in a nice neat single-window list?

Or do you show multiple dialog prompts (like in the screenshot) because there is no way of knowing what disparate applications will access at any given time?

My experience of corporate IT (having been a subject of someone else's policies) was to have my machine locked down to the maximum because someone somewhere once ran a random EXE they'd been emailed or downloaded and it contained ransomware and encrypted everything it could access (network servers too). As irritating as it was, what would you do to stop that happening again? It was a developer that ran that...

This includes "professional" users who saw Edge or IE as "the Internet" and would get "IT" to add an ODBC entry for a database server, despite having worked there for 10 years. Most of my colleagues didn't know the difference between a database server and a terminal server. And this included management.

What would you do instead then??


> Treat your users like dummies

Clearly you've never seen a "user". Dummy is tame, I would have described them differently.


But that's a one time thing. When you're doing an OS upgrade, I guess you're expecting some extra work. Your also have to reinstall xcode, update other apps etc.

I still don't know why I always have to reinstall xcode. It's very annoying.

For one, it needs to install the SDK's for the new deployment target you just installed (be it macOS or iOS), and update the toolchain so it can build for it.

It's mildly annoying, but the alternative would be to let you continue using the old version pegged to an older deployment target, and let you figure out all the incompatibilities at once when you decide you want release your app to the app store. IMO this would be much more annoying than just getting a coffee once while you wait for the upgrade.


Another alternative would be to upgrade xcode as part of the OS upgrade so all of my apps continue to work without me having to figure out this extra undocumented step. I'm not even using xcode. I just need the latest command-line tools for everything else to work.

He said reinstall, not upgrade.

For example, Xcode 11, which has 10.15 SDK target, can be installed on Mojave. This has been the case for years, the new Xcode can run on the n-1 OS release. So why reinstall it, after the system is updated?


That's why I never upgrade a system. I'm always reinstalling it from scratch. First: I'm going happy path and not encountering any migration issues, which might be buried deep below. Second: I'm getting rid of unused apps and files. Third: I'm testing my backups and ensuring that things are good. Fourth: I just love to see pristine clean system.

> should have their software designing license revoked.

Dang it, I never filed for one.

Hey Clippy, where do I get one of those...

> Hi I'm Clippy! It looks like you're trying to make a joke. Do you need some assistance?

Clippy would like permission to invade your screen after you summoned him.

/s


Unrelated, are you keyle from the old demoscene days? If so nice to see you here, we haven't talked in 15 years.

- ks


hey fabian :)

Luckily, lawyers and bureaucrats don't have that much power over this industry, yet.

Areas that come to mind that are legal-liability driven would be things like health-care, aircraft flight control systems, etc. In those industries, they do have strict software regulations already.

Otherwise, free market baby.


These are all new permissions.

So there is no database of applications that need access to read/write Documents or Pictures.

So a UI like you are suggesting is not technically possible to create.


Maybe we have different understandings of how that UI would work, but I imagine it to be totally possible:

Take all the windows/notifications from OP's screenshot, map each of them to a row in a table, group by application. Show all this info in 1 modal, call it Migration Assistant.


The notification is thrown at the point of need. Some will appear when the application is first started, but some will only appear if the app is directed to a specific state by the user.

Still you can direct user to one list of apps/permissions each time those needs to be tuned, where user can review all permissions associated with particular app and decide whether to turn them on or off. How can you do that with endless dialogs and how can you review what you've allowed later, after dialog disappeared ...

You can review later by going to System Preferences / Security & Privacy / Privacy, then looking at the various permissions to see what apps have been allowed.

If there are all new permissions, then it should be technically possible to create a list of ALL those new permissions and present that list to the user with apps requiring those permissions. What is so "not technically possible" there ... ? Actually in iOS you have list of apps with permissions in settings. At least something like that would be better then endless popups, which should be prohibited completely in _any_ interface, if you ask me. I am making effort to avoid any jumping dialogs in my apps,but now OS itself does it for me ... sad

I'm astounded with some of the user security dialogs that Macs display. I got one today: "VSCode wants to make some changes. Deny or Allow." That was the exact wording.

Seriously? THIS. BENEFITS. NO. ONE.

The only thing I can figure is that, somehow, Mac has required applications to display something to the user to get their permission to make some substantial system-level changes. But the application is, I guess?, allowed to fill in the message dialog. I can't believe that wording came from Apple; I assume it was Microsoft, who I do trust as much as anyone, so I'll approve it, but this leaves a lingering question:

Either Apple actually did write that, or they allow applications published by "whoever" to fill in "whatever" messaging they want to get the user to click Yes. It's absolutely unacceptable behavior.

I'd say I'm done with Apple, but there isn't a personal computing platform who gets this right. Every Apple employee reading this article should be ashamed. Every Microsoft employee should be ashamed. Everyone just Needs To Do Better.

What is Better? I don't know, off-hand. It's not easy, but I'd imagine why that's why these companies are paid billions of dollars. For starters: If I install around your centralized certificate signing authority to install something, I Trust That Application. It doesn't need to alert me every time it makes a change. And if I install it through your store, then I also trust it, because you trust it. So why do I get so many damn "Approve This Change" notifications? I should get ZERO after the install.

I get that most users aren't as savvy as me, but that's why you're making it so hard to bypass that central certificate signing authority, and I'm fine with that. It's the lingering notifications that make zero sense. Fix your shit, Apple, because I haven't encountered anyone that's ecstatic with anything you've released in the past 18 months.


My favorite are the dialogs whose only options are "Do the thing we want" or "Learn more about the thing we want" with no option to dismiss. Slightly less terrible are the daily dialogs that give the options "Do the thing we want" or "Bug me tomorrow". More and more, Apple devs seem to have contempt for the idea that the user should be in control.

They haven't quite descended to Microsoft levels of "We're restarting your computer now kthxbye", but it's a grim, user hostile path they're on, at least with notifications.


Just as I've read this comment, I got a 60 second restart countdown notification for untold software updates. Like what if I got up to do something found all my shit locked up behind an update that to date cannot report an accurate timeframe (why bother reporting one at all if they haven't been right since my first mac with tiger). I'm not even on catalina yet, so maybe that's it.

I don't know what's with microsoft and apple. When I'm in the middle of using my computer is not the time to close everything and lock the machine down for 30+ minutes for an update. I'm going to say no every single time.


Haha I guess that was bound to happen, given the number of HNers. I don't remember the last time I saw that one, though, whereas my Windows box is always trying to restart itself (despite frequently succeeding). I'm currently beating back iCloud notifications.

Man, I miss Snow Leopard. I think that was peak OS X for me.


Miss Snow Leopard too, last sane release ... everything was in a much better balance and care. I keep it in one machine as reference point to make sure I am writing good apps.

> centralized certificate signing authority to install something, I Trust That Application

You mean like how Facebook trusted the Cambridge Analytica apps which then went on to steal huge amounts of data.

Or how about all of the legitimate apps which include metrics libraries which have then gone on to steal huge amounts of data.

You simply can't trust the original signing process these days.


You can't just Give Up and live a life without any Trust. That's like experiencing a bad breakup then deciding that you never want to be in a relationship again, because being vulnerable is too uncomfortable.

Computing is strikingly similar. You're vulnerable when you use any service where any level of personal information or even code execution is passed to a third party. You're vulnerable even when you buy a VM from DigitalOcean, or when you edit a document on Google Drive, or when you install some binary from a company. But that's alright; to be vulnerable is to be human, and there are tons of very tangible benefits to allowing yourself to be vulnerable.

There are alternatives. You can live like RMS and be so scared of vulnerability that you lock yourself in a self-imposed computing exile. I don't trust the code; I need to see it. I don't trust the authors; I need to be able to make changes. I don't trust my contributors; they need to open-source what they make. I don't trust service providers; I need to host my own servers. That's a very sad outlook on life.

Facebook fucked up. In fact, they've fucked up so much that they aren't deserving of my trust anymore. Everyone is allowed to have different opinions about who they trust, but Apple, Google, Microsoft, and many other companies have not fucked up to the same degree, and are still deserving of my trust. I don't love Google especially, and tend to think that they're headed down the same path, but they still do a lot right. Maybe I'll be burned someday. But that's alright.


So you want all your apps to have root-level system access?

I think the poster above is arguing that dialogs like "this app needs permissions, deny or allow" are effectively giving root-level system access for all intents and purposes, for almost all users -- exactly because users have no basis on which to make that decision and saying "deny" probably prevents the app from doing what it was the user wanted it to do.

So users almost always click "allow". What's the point of the dialog then?

Really, the dialog should be explicit about what's needed and why it's needed and what click "allow" does (i.e., always allow this action, for this purpose? Or always allow any root-level action from this app? Or something else?)

Only then will users actually be able to make a decision beyond "do I trust Microsoft and do I want to do this thing I just asked Word to do?"


I always err on the side of "deny" and trying to fix it afterwards, particularly on Android. Typically well-written apps will alert you that you are about to receive a system prompt and explain the reasons why.

Are you using VSCode to access files on remote servers (e.g. using Transmit)?

This breaks in 10.15. Do you have a work around?


This is kind of the same as the first time you enable Little Snitch. IMO it’s good to reveal that you’re running dozens of applications with basically full access to all your files.

I’d rather give additive permissions to applications, since I’ve seen evidence time and again that security is one of the lowest priorities for most development shops.

It’s annoying the first time after upgrading (I haven’t done it yet), but it is infrequent after that.

Except for the Safari 13 download authorization prompt for every domain. That is a little more annoying to me.


Using Little Snitch is an explicit choice. It would be weird of Apple to assume that users want to see all those messages and peek into the clockwork at the first occasion.

LS is probably my favorite app after iTerm2. The hardest part is definitely the first few months of CONSTANT dialogues. So worth it though.

Maybe it’s just me, but I feel a certain sense of comfort in seeing explicit privacy dialogues that make sense, coupled with a deep feeling of control when I press that “Deny” button.


You can change the default download permission from "ask" to "allow" in Safari's websites preferences.

You know, this is a pretty apt analogy. Vista (apparently) was considered terrible primarily because it ripped off the band-aid and made a bunch of inconvenient but important-for-security-in-the-long-term changes. [0]

[0]: https://twitter.com/swiftonsecurity/status/85185740489147187...


Well, that, plus the fact that it was resource-heavy. This was compounded by the fact that a lot of hardware was sold as being 'Vista-ready' while in reality being incapable of running the overly-fancy graphics-heavy 'glass' shell. It also had a number of performance problems (e.g. slow file copy) which only got sorted out in Windows 7. Oh, let's not forget the fact that Vista was supposed to be Longhorn, the OS of the future with a database file system and all sorts of fancy stuff which was either dropped due to performance problems or never left the lab in the first place.

> Oh, let's not forget the fact that Vista was supposed to be Longhorn, the OS of the future with a database file system

This sounded interesting when I first heard about it, long before Vista came out. Now when I see it I wonder what they were trying to do. A file system is a database, with a well understood user API. So what were they going to add? Tagging? Application level views of the system? None of t hat seems like something that would require anything more than an extension that handled additional metadata.


A file system is a database, with a well understood user API.

Yes, a terrible API which works poorly for most home use cases.

You probably have music on your computer. In your hierarchical filesystem, do you organize it by Genre/Artist/Album or Artist/Album? Do music videos live in the same Artist directory or in a separate "video" folder?

Chances are you don't know/care because you're using an app like iTunes that builds a custom database on top of the filesystem. And something like Photos that reinvents a totally different custom database. And more database reinventions for email, ebooks, games, karaoke files, voice memos, calendar appointments, etc... all proprietary file formats without published APIs.

Data doesn't want to be organized in a single static hierarchy.


I take it you missed the part where I said " None of t hat seems like something that would require anything more than an extension that handled additional metadata"? I'm not saying don't add additional data that can be fast indexed and trackable, I'm just not sure why it requires a rewrite from the ground up and isn't additional data that is tracked tacked onto the file metadata. I mean, what is that not going to be able to support that just the new metadata would? The difference is whether you also have a hierarchical location stored or not.

The only thing that comes to mind is ACL tracking and it getting a bit complex from different access types, but I can think of a few options to work with that already.


So you want to take existing filesystem technology, and build additional indexing and query capabilities so that it can handle nonhierarchical data? Sounds like a great idea. Let's call it "Longhorn".

I think you mean WinFS. Longhorn is a whole release codename, which encompassed many new features.

Given that a beta WinFS eventually was made available as a separate download years after even it's beta was slated to be released[1], I suspect they did what I outlined above - eventually. Otherwise, I'm not sure why a bolt on component to the system would require so long and miss deadlines like it did.

1: https://en.wikipedia.org/wiki/WinFS#Development


"Data doesn't want to be organized in a single static hierarchy."

Data has no feelings.

In the case of file system, it makes perfect sense to be stored in a single static hierarchy because that perfectly reflects the concept of a paper file in a filing cabinet, in a little binder.

Even a relational database system that lets you query tables for data based on set ordering has a single method of storing the data on disk - that's a clustered index. You can't get away from having that, despite being able to support additional nonclustered indexes. In that case, the table and its rows really is organised in a static hierarchy too.

As it stands, NTFS has plenty of features that lets you attach a secondary data stream to a file anyway, and all manner of metadata. The Windows Internals book on NTFS is very informative on this.

These features don't exist on APFS though, as it's not as good despite being brand new, it seems!


Lots of file systems at the time were hierarchical databases, but the file-system Microsoft was working on was to be more a hybrid with the ability to find files based on specific criteria right away, rather than having a search process walk the tree looking for something.

The point of a database is probably to index via arbitrary columns, allowing for fast lookups and filters of files. The current model is to find something you more or less have to walk the directory tree.

I remember friends bitching about Vista's UAC prompts but I never really had an issue with it. I suspect that was because their main experience was with Windows XP, which pretty much did everything with admin rights.

I think I was the only person I know who actually liked Vista, mainly because of these. I was on the fence about installing Catalina but this blog post paradoxically convinced me to do so.

>You know, this is a pretty apt analogy.

Disagree wholeheartedly. It definitely has "hints" of Vista band-aid rips in the same way that shit like La Croix has "hints" of flavor but Vista was one of the worst OS releases I ever had the pleasure of being part of, only behind Windows ME. It took Vista a really long time to be a stable, fully-usable OS and, while I'm glad for the steps they took with it, their execution was terrible.

On top of that, this is completely due to the user.


> On top of that, this is completely due to the user.

What? All the user did was install Catalina and leave it alone for a few hours. How is this all "due to the user"?


Because, in this particular case, the user was using software (Alfred 3) that he knew wasn't going to work right on Catalina prior to upgrading it. Newer versions of Alfred exist that support the newer permissions model in Catalina. He knew that version wasn't fully compatible with Catalina and chose to install it anyways. A normal user isn't going to get that.

Uh, okay. Now explain all the other software requesting permissions:

- Acorn

- HazelHelper

- Plex Media Server

- Keyboard Maestro

- Parallels Access

- Bartender 3

- Arq Agent

- Nextcloud

- Tweetbot

- 1Password

- Spark

- Drafts

- OmniFocus

- Dash

- Bear

- iCloud

If you have dozens of apps asking for permission, then you need to have a better system of displaying those requests than one off popups/notifications.

This is not on the user. Don't victim blame. This is what any other person upgrading would see, maybe not to the same extent but I'm not sure it'd be that far off.


Except that's not true at all unless every single one of these is an old version of the software that hasn't been updated since High Sierra. Any app that was developed using the sandboxing paradigm from High Sierra (and nearly every app in that list has been updated to support this) would not need to ask for all those permissions.

This would not be common for the vast majority of users and it's only caused by someone explicitly ignoring warnings and notices. It may be a little more common for power users but the average user may get 1 or 2 of those prompts and nothing more. The OP is only in the situation they're in because they either upgraded the OS without updating the individual apps or they purposely ignored a prior prompt to give access.


Did you actually look at the article you're replying to?

I literally took the screenshot that was posted and enumerated every application asking for permissions. If it happened to them, it'll happen to many, many users. Especially if those apps are updating outside of MAS.


>every application asking for permissions

Only every outdated application asking for permissions. The author of that post already explained why he was getting so many of those prompts. He admitted that it probably wasn't reflective of what the typical install will look like specifically because he was purposely using older versions of software.


Very sad to agree with this entire post. I hate to essentialize it to an already checked and problematic mythology of Jobs-Ives, but it seems like all of the air left the sails after Jobs passed. The OS versions are getting unreservedly worse, likewise with the hardware -- it's active regression rather than stagnation.

When it comes to having a quality laptop and OS to get work done, I would at least be happy with stagnation if the stagnation point occurred around the era of the best MBPs -- late model MBPr 15s, ~2012 to 2015-2016. I'm typing this one one right now. It's a little long in the tooth, but I'm horrified to update to a newer one and have to get the whole bottom panel replaced, yet again.

I'm hoping to defer this decision by a year or two, but I'm sure I'll have to bite the bullet eventually, and every year, I hope that it's not going to be worse, so that it'll at least be good enough. Sadly, it looks like that hope may yet be naive.


Why do you think the hardware and software versions are getting worse? My late 2017 15 inch rMBP is a lot better than my 2011 MBP. I also like the recent releases of MacOS. Dark mode, stacks on desktop, seeing Meta data in preview, and the new screenshot tool are a few Mojave features I like.

Memory compression in Mavericks was also something I feel is great. Although I never dealt with it directly as a programmer, only a user.


2017 may be significantly better that 2011, but it's NOT significantly better than the early 2015 Retina's.

The problem Apple has is that the early-2015 Macbook Pro Retina's really hit the balance point with the physical form factor. Enough heft to feel solid without too much weight. Enough battery life to do real work. A solid set of ports: HDMI. Magsafe. USB 3.0 ports. A keyboard that doesn't break due to random micron-sized dust particles.

So, a LOT of people want a 2015 Macbook Pro but with ONLY the tweaks to bring it forward to 2019 technically (memory, CPU, display, change to the two Thunderbolt 2 connectors to USB-C Thunderbolt 3) while leaving it in 2015 physically.


I think the stagnation you're describing is not unique to Apple.

The marketplace has become much more competitive as innovation has pretty much stalled.

I'm thinking of moving back to Mac OS after being on Windows for the last six years.


On the hardware side: keyboard, touchbar, touchpad to keyboard ratio.

On the software side: slowness but more importantly a general decrease of opinionated cohesion, and an increase in odd UX decisions. Facetime calls to my iPhone trigger alerts on all of my devices, even if I'd prefer it to just be my phone (I rarely use Facetime on my machine). Beyond that, there are too many useless popups that interrupt me in what I'm doing that I have to X out of that I end up with a screen that looks like the topic post -- hence the pejorative "10.15 Vista" which is how a lot of folks about Windows Vista when it was released after the relatively sleek and polished UX of Windows 2000 and XP.


1. Open the Facetime app.

2. Open the Preferences menu.

3. De-select the "Calls from iPhone" checkbox.

4. Done.


It's not a great default behavior in the first place, and indicative of other issues.

What really irks me is the touchbar. It's never going away, not because people like it, but because so many would lose face if they admitted it was a bad idea.

I don't understand why people feel this way. Apple's doing away with 3D Touch because of the data that says that people don't use it. What makes you think they wouldn't do the same with the Touch Bar?

Despite that, I love the Touch Bar. I do tons of video and audio editing and it's super-convenient for me. It seems like HN just has a higher noise ratio against the TB because it's mostly programmers and a high percentage of them are tied to a physical escape key. As a front-end dev myself who uses VS Code, I feel like that audience is just going to keep shrinking while the percent of people that will find benefits to the TB will probably grow.


What irks me is that it's an added cost for not much functionality for like 90% of people on top of an already expensive laptop with other compromises (namely base storage and memory). If it was just an option, you wouldn't hear all this bitching on the internet.

>for like 90% of people

Citation needed. I would venture to say that more people use it than you think.


MacRumors has been hinting that the touchbar is being phased out, but we’ll see. If you’re one of the people that actually gets value out of the touchbar, that’s great.

Forcing it on all 15 in. MBPs and maxed-out 13 in. models was the biggest FU to Mac users and an insanely user-hostile decision. But they’ve been really good at pulling those lately, so I’m not getting my hopes up.


one of the reasons i bought an air instead of another mbp was so i could get touch id and no touchbar!

I'm curious if the guy who came up with that even uses it. Honestly one of the worst "features" that Apple has ever green-lighted.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: