Hacker News new | past | comments | ask | show | jobs | submit login

> they could allow whatever signatures go into SIP to be updated, so you could make changes and then bless your changed configuration

What's wrong with SIP being on or off?




Off the top of my head, dtrace and dyld are gimped with SIP enabled, and you cannot modify your system volume for whatever reason (yes, that means "sudo mount -uw /" fails). You cannot use LD_PRELOAD if SIP is enabled, even on your own apps. Kernel extensions also need you to disable SIP, which is annoying if you want to work on a kext or even install one.

For a non-technical problem: if you want to be able to share your screen on apps like Discord and forward audio output, you have to install a kext (oops, can't do that anymore with SIP enabled!), or you use "system extensions" which run in user space and expose less APIs (oops, on Apple Silicon macs the user has to boot into recovery mode to temporarily disable some security option before system extensions can be loaded!)

The result? A lot of Mac users are simply too wary set up audio output for Discord's screen sharing because it means having to boot into recovery mode and do a bunch of stuff that will scare the hell out of any non-technical user.

So it's not just power users that are affected by silly Apple policies. Everyday users, too.


I think that's magnifird by the software you use, in this case, Discord. I've got SIP enabled and didn't need to disable it for Zoom or Google Meet to do screen sharing. There was one permissions dialog I had to go through in accessibility for screen sharing to work for them, and it's a tiny bit scary, but it's not SIP disabling, reboot into recovery mode and run crsutil disable level scary.


All features of Discord work for me using the normal system permissions on screen recording and audio. I do run MacVMs with SIP off, but I leave it on as an important security feature most of the time. It's really not a lot different that say, SELinux, except a bit easier to administer but a bit less flexible. RO system volumes are getting popular too. Fedora has one, as does the steam deck.


Zoom and Google Meet share audio conferencing with Discord all of which require the microphone audio. But Discord differs in that you can stream the audio _output_ as well; think of something like Twitch.


Zoom will happily share desktop audio when screen sharing.


rewind.ai is able to capture speaker output without having to disable SIP, so it still sounds like this is a Discord-specific failing.


Agree on this, but I would like to lament the loss of SoundSource, an amazing third party app that I paid for, that since some recent MacOS requires some SIP related BS to enable - which I’m not even close to willing to do on my work laptop where I spend 90% of my time. So I just lost this functionality, and unlike Windows MacOS has absolutely no ability to do this natively (adjust the volume and destination of sound per-app)


>Kernel extensions also need you to disable SIP, which is annoying if you want to work on a kext or even install one.

A nitpick, but kexts really aren't the way forward post-Catalina.

Note that I am not defending Apple's bungled handling of the transition.


SIP off can, I believe, muck with Apple Pay on Apple Silicon Macs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: