Hacker News new | past | comments | ask | show | jobs | submit login

It's honestly mind-boggling how many people whine and complain about macOS not "letting" them do this or that when they can turn off virtually every one of their gripes in about two minutes.

The most egregious was someone complaining that /bin and other system folders are read-only [on systems under System Integrity Protection]. Surely anybody with a pressing desire to e.g. upgrade their bash install or any other thing that requires write access to those folders is also capable of figuring out how to turn off SIP?




It's honestly mind-boggling how many people whine and complain about macOS not "letting" them do this or that when they can turn off virtually every one of their gripes in about two minutes.

It it too much to ask to have the normal security protections that macOS provides and still being able to block Apple services with Little Snitch or Lulu or letting Apple services go through a VPN as well?


Strangely enough you can re-enable SIP after making the changes you need to let you or your desired applications do what you want.


> It it too much to ask to have the normal security protections that macOS provides and still being able to block Apple services with Little Snitch or Lulu or letting Apple services go through a VPN as well?

This. Apple is making the use of many security functions black or white: either you allow complete control by Apple, or you have little to no protection at all. Instead they could easily allow the user to customize, and make a selection that works for them (which was the standard in older versions of OSX - pre-Big Sur [1]). The above defending of a giant faceless corporation, by @filleduchaos, is what is mind-boggling.

This feature obviously helps protect some users (non tech-literate ones), but for many it means completely turning off many useful security features ('opting out' by turning off SIP) with a lack of any sort of granular control/customization, on a device they supposedly own. It's a shame this new capitalist encroachment on user privacy is met with such understanding.

[1] https://news.ycombinator.com/item?id=25078034, https://sneak.berlin/20201112/your-computer-isnt-yours/


> This feature obviously helps protect some users (non tech-literate ones), but for many it means completely turning off many useful security features [...]

I'm pretty sure you have the "some" and "many" the wrong way around. In reality, this feature protects many users (non tech-literate ones), but for some that feel the need to turn it off, it, well, won't protect them, because it's turned off.


> Apple is making the use of many security functions black or white: either you allow complete control by Apple, or you have little to no protection at all.

Wow, thank you for providing a perfect example of what I mean.

I specifically brought up upgrading bash because that was the use case that prompted me to actually learn about SIP. It took me all of fifteen minutes to read a few docs on it, restart and disable it, upgrade to Bash 5...and re-enable SIP and move on with my day, because the dichotomy of "complete control" and "little to no protection" you're presenting here is an egregiously false one. But god forbid anybody actually learn about the platform they're criticising (and there are plenty of real things to criticise about macOS that aren't just projected fears from iOS) before clutching at pearls.

I came to macOS from Linux, and there most definitely are conflicts between what I want to do and what Apple thinks I should be doing. Astonishingly I've almost always been able to go ahead and do those things (barring a complete lack of functionality e.g. with dropping support for 32-bit libraries, an unsolvable dilemma I've managed to crack by...leaving one of my devices on Mojave) because I don't just sit on my hands and whine about it. Apparently this is defending a giant faceless corporation, so I should probably wear that badge with pride.


I understand where you’re coming from. My critique was a bit misdirected.

I guess what is behind it is my frustration and anger with the increasing widespread acceptance of black box computing devices - which are supposedly ‘user controlled general purpose computers’, yet are increasingly not, and which are instead actively spying on us and policing us in a million different ways.

[Edit: what follows is an articulation of various things I’m currently witnessing (a stream of consciousness), as well as frameworks I’m currently learning to apply, that I want to record for myself and others - potential allies who are concerned with this as well]

I’m angry that our overall tech and science literacy is constantly decreasing. I’m angry that a lot of things are getting more and more locked in (Tivoization), blocking learning and making it increasingly unfriendly for beginners

What this looks like in practice is that the essential/necessary ‘ladders‘ to learn and accomplish something (the age and current-skill level -appropriate materials or tools/technologies) are kicked away, with those who kicked it away (locking it away) claiming that they did not use those ladders themselves. They instead claim others can follow in their footsteps - without having, or being given, access to the very same ladders they needed to climb up themselves. This is bourgeois gatekeeping. There’s a book written about an economic theory by economist Ha-Joon Chang, called ‘Kicking Away The Ladder’, that I believe illustrates this well:

“How did the rich countries really become rich? In this provocative study, Ha-Joon Chang examines the great pressure on developing countries from the developed world to adopt certain 'good policies' and 'good institutions', seen today as necessary for economic development. Adopting a historical approach, Dr Chang finds that the economic evolution of now-developed countries differed dramatically from the procedures that they now recommend to poorer nations. His conclusions are compelling and disturbing: that developed countries are attempting to 'kick away the ladder' with which they have climbed to the top, thereby preventing developing counties from adopting policies and institutions that they themselves have used.”

The two main strategies originally used by the global north as they developed, yet which global south countries are now denied access to in north-south relations, are: protectionism and government subsidies.

The exploitation that happens today on a large scale between north-south, seen in the way global south countries are plundered and abused by the global north capitalist firms and governments, is the same phenomenon that we see (on a smaller scale) in the global north capitalist education system, where rich capitalists can get their children tutoring and give them much more patience and attention (as well as opportunities to take over a family business or other non waged intellectual labor - in opposition to waged manual labor - and a chance to develop favorable relationships with other capitalists) than parents of working class children, perpetuating antagonistic class relations.

-

Also I shouldn’t be talking about MacOS internals (SIP, etc.) because I don’t know enough about it yet.

Thanks for clarifying, and no, please do not wear any such badges!


>Apple is making the use of many security functions black or white: either you allow complete control by Apple, or you have little to no protection at all.

In that respect, no Apple's no different from Facebook's "agree to share your data or take a hike" move with WhatsApp


It's extremely different. In Apple's case we're talking about a personal computer that someone paid a few thousand dollars for and is their general purpose machine for their own private affairs (unrelated to Apple), and in Facebook's case you're talking about a single-purpose centralized communication app that is free.


> letting Apple services go through a VPN as well

Apple Services go through a VPN as well. A VPN redirects all traffic and does not use the content filtering framework which allows the Apple services to bypass restrictions.

So if you install a VPN it will happily route all traffic over it, including traffic from Apple's own applications.


System directories are sealed as of Big Sur; disabling SIP is not enough to be able to modify them.


You can still modify them though. It's just, uh, annoying.


I wonder if it's possible to turn all this on before activating the machine?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: