> First, ask yourself, would you like to undo a decade of security protections painstakingly created by Apple, protecting your Mac from malware, spyware, and ransomware? [...]
> [...] Speed and convenience over security any day! Let us march on boldly ! The steps listed below will give you a short description of each protection we disable, [...]
And if you want to switch, that's fine—but, if there are other things you like about macOS, you could also just set it to not make these checks.
It's a real shame that it's usually not the same people suggesting/applying these "pro hacks" to other people's computers that will end up spending hours on the phone with less tech savvy friends and family members trying to get their things back into a secure (or just working) state.
Personally, when I'm trying to fix someone's computer and I notice weird things have been done, I immediately recommend backing up files and doing a full reinstall. (And I'll offer to do the reinstall—which is easy—provided they do the work of backing up important files.)
I would like to know, however, if this tradeoff has been worth it. Does anyone have any statistics on whether this has helped reduce the amount of malware ran by users?
I read somewhere that xcode can bypass that because it's registered as a developer tool. There were some instructions saying that adding terminal.app to the developer tools pane in security preferences would solve my problem but it didn't.
Butchering ocsp by fiddling with /etc/hosts still didn't fully solve the problem: it still takes 200-300ms to start any new binary the first time. But at least it's no longer up to several seconds in case of bad networks.
In a narrow test it seems like it may very slightly improve performance, but I did a fairly large multi-project test with this setting in CI and saw no real impact.
By contrast, a narrow test with the "Developer Tools" security exemption added to my terminal, unambiguously demonstrates the large potential performance improvement of actually skipping the assessments.
Unfortunately, the exemption only seemed to work for apps, so I never identified a way to turn the assessments off in CI. Also, it causes my laptop to hang until I hard cycle or watchdogd kills it (after 5 minutes) on shutdown (I did all of this in Catalina, though I verified this was still the case midway through Big Sur beta; have not verified on final release).
I was on a narrow search for any cheap ~reasonable solution I could recommend for Nix to mitigate the performance hit at install or run time--while avoiding any security/config/functionality splash damage that might end up on the front page of HN some day :)
Also, sticking it to overbearing Apple is fun – until it bricks your computing device or makes it vulnerable to all kinds of malware and you end on the receiving end of a ransomware or other extortion attack.
And of course the cost is disabling a bunch of very real security protections.
I just opened my VSCode terminal for the first time on a freshly upgraded Big Sur system running on 6 year old hardware and it appeared in less than 1 second.
Notice that these things can all be disabled.
Lock in really has nothing to do with things like SIP.
It has to do with things like platform differentiation.
I.e. software and device support for which there is no good alternative.
Honestly, it's almost like Windows programming in the late '90s. You had only one real option, Visual C++, and you either paid out the ear for it or pirated it. That restrictive approach doesn't work, and Microsoft learned that. You can't make developers pay to make your platform worthwhile.
Rudimentary dev tools like xcode are not added value worth $100/yr and 30% of your profit. Other platforms provide better tools and more flexibility for free. People will wise up eventually, and I think that's already happening.
Sorry for getting off-topic. I used to be a fan of OS X, but I'm really disappointed in the direction they took things.