This is one of those tough cases where software cuts both ways.
Some people are smart, informed developers that install a trusted tool to monitor their traffic and have legitimate reasons to want to inspect Apple traffic. They're dismayed.
Most people are the opposite and this move protects the most sensitive data from being easily scooped up or muddled in easily installed apps, or at least easily installed apps that don't use zero days.
Is the world better or worse due to this change? I'd say a touch better, but I don't like the fact that this change was needed in the first place. I trust Apple, but I don't like trusting trust.
I'd argue this opens up a giant attack surface where malicious software will try to route its command and control communication through a protected service. Do we really want to trust that Apple will keep all 50+ of these privileged services fully protected?
I think it makes the "world" slightly worse in that it will be harder to discover malware. Little snitch has a small user base, but it's been used to identify many forms of malware and protect many more people once the threat is identified.
Yes I agree with your first part. There are real drawbacks.
But it's like installing a custom HTTPS cert in your OS to inspect potential traffic that malware may use through, say, a Google Doc or Sheet. It's helpful to true professionals dealing with highly sensitive information, but it's ultimately a bigger source of compromise for the vast majority of software users.
I don't think there is an easy answer here. That's why I said I thought it made the world a "touch better" and I can see from your response that you understand the tradeoffs roughly as well as I do based on the wording of your response. The fact is that contemplating these hard tradeoffs belie the underlying truth: Securing computers is hard and getting harder and the stakes keep going up. I can't say if this move by Apple will ultimately be worth it, but I certainly understand the predicament they are in. This is no easy work.
Why not just give additional permission levels? I don't really get why so many permission models on what software can do are effectively "admin mode" or "user mode". Why can't you get a very strong warning when software tries to snoop on traffic, but you can still do it? Or maybe you have to go into settings and allow it or something like that.
When you rent space in a building, do you get access to every single apartment/office space in the building? No. You get access to specifically what you rented and the front door. The maintenance people for the building will have access to the front door and other maintenance areas, but won't have access to your space. We can clearly conceptualize models like that. We even have something like this on phones.
I helped a friend of mine with her OS X laptop. She had installed something bad and it installed MITM proxy and its own CA and other things to totally own and inspect all of her web browser traffic including SSL. So these features that we find powerful and informative also do have a dark side for more novice users.
OK, but if it's a real security risk why do they only protect their own services? Why not have the user jump through a bunch of complex hoops like editing a plist file from an elevated terminal account? Hell, this is the os that makes it onerous to install software that didn't come from the App store. Clearly they don't mind throwing some user pain in front of basic activities.
Absolutely not, installing a CA makes attacks which weren't previously possible now possible. A host firewall isn't doing anything a network provider (read: your ISP, coffee shop, vpn provider, etc) couldn't already do. At least you can possibly look at what the host firewall is doing.
Installing any third-party software that inspects network traffic makes attacks which weren't previously possible now possible, since that software can be targeted.
It depends on the host firewall... many quality operating systems allow host firewalls to apply process-based policy which your upstream certainly can’t achieve.
If they can circumvent system security for their own purposes (even though I’m sure it wasn’t planned to be that way), then they should be open to circumventing it for our country (by backdoor-ing their encryption), at least that is how I would imagine it will be referenced in the inevitable government lawsuit. What a major screw up Apple!
> Do we really want to trust that Apple will keep all 50+ of these privileged services fully protected?
No.[1] That's what people need to start understanding.
Even if you decide to trust that someone will attempt to act in your best interests (you really shouldn't, see Google's extinct "do no evil" mantra), you can't trust anyone to do so perfectly.
All this aspirational goodwill that fans express on behalf of their favorite FAANGMUULA is the tech equivalent of flat earthing. The facts are simple: no software is perfect, you can't trust any software.
If you can get into apple’s system processes, you are already on the other side of the airtight hatchway. You can make sufficient changes to the system at that point that you can certainly mess with any user-installed firewall monitoring.
In any system with any kind of sane security model, being able to convince the Maps app to send arbitrary data to an arbitrary URL is not exactly the same thing as total change-stuff-not-even-root-has-access-to compromise.
I think this is the case where you can have traffic monitoring set-up on your home router or any other network gateway available. It will be slightly more troublesome, but not impossible.
Even if you believe all the MPs / representatives are trustworthy and intend to act in your best interests, their competence is going to be limited, so we need to checks and balances and a limit on their power.
The decision is questionable, but you can always inspect traffic from the machine outside it, I would even say that's preferable in context of malware.
TLS makes this difficult today and SNI encryption will make this next to impossible without installing a custom ca certificate and doing MITM. Even that isn't helpful when you are using a laptop that may not always be on the network where you have deployed a device for inspection. Better to be able to inspect or block on the device by application.
I would be astonished if Apple doesn't at least experiment with key pinning for the services it has decided to "protect" in this way.
If pinning is used then you can't interfere by interposing a middlebox, the connection would just fail. I guess it's possible Apple would find corporate pushback is too strong, but maybe not.
Don't use things you don't trust. If you trust Apple's proprietary software at least you are getting exactly what you signed up for. Apple gets to do whatever they want, which you apparently trust them to do. Will they accidentally let in bad guys? Maybe. You signed up for that too.
When we are talking about malware that's irrelevant. And if we are talking about inspecting Apple's traffic, I don't think you should trust things you see on their hardware running their operating system.
Someone else here recommended those, and now I have 11 for myself + my staff. They are great 2-port devices, with free GPIO pins too! Can do on-device VPN (openvpn, wireguard + tor) with a policy that kills internet access unless it's through the VPN.
Ah, nice. I've been looking for something with which I can sniff my phone's activity, and that provides all of the keywords. And $20 ain't bad neither.
If I install Little Snitch, it's because I trust Little Snitch to be responsible for my computer's network traffic, over and above anyone else.
I recognize that this won't necessarily apply to all users or all apps, but there needs to be a way for the user to designate trust. Apple services and traffic should not get special treatment.
That's the exactly the thing - they are, indeed, chasing me off. When this Mac dies, I'll be replacing it with something running Debian.
It is too bad - the Mac hit this sweet-spot where it was pretty much my perfect machine for several years - a kickass Unix workstation in a decently built laptop, with a decent GUI, with access to consumer apps, too. It was great while it lasted.
Thing is, this is a reasonable thing for Apple to do. Back when they weren't enormous, it made sense for them to at least make token gestures to the Unix-weenie/developer market - we threw a lot of money at them and made them hip when they were down and out. Now we're in rounding-error territory, and that we got what we wanted for a while was sort of a happy accident, anyway. Building developer dream-machines was never Apple's thing.
I bought my first Mac in 1991, and this one will last a while longer. Can't really complain too much about 30 years of decent-to-awesome tools.
I disagree that it's reasonableness except in the short term. We're seeing a change in developers' opinions; my friends in video production were getting ready to ditch Apple due to their "professional" software and hardware products getting worse both in relative (hardware) and absolute (software) terms. Part of the Apple cachet is that these are professional tools; how long is their reputation going to hold up if those professionals leave the platform?
It's a touch of hubris to think that we are and will continue to be taste makers, certainly. Maybe Apple won't get burned by alienating this crowd. But it seems a risky strategy for dubious return.
Both the tech-bro and the media production audience are now a rounding error of a rounding error for Apple. It is a consumer luxury brand first and foremost, and it derives 99% of net income from that. Catering to dorks in basements is a tiny legacy business and the support level for it is commensurate. (It probably actually only exists because Apple has its own share of dorks in basements.)
That's assuming nobody cares about the opinions of tech people when they're buying tech.
It's not just that tech people are customers, it's that ten other customers will look at what the tech people are carrying and assume they're the ones to know what's good.
And developers write code for the platform they actually use first. And spend time fixing the problems with that platform that are keeping other people from using it. Then more non-developers switch to it because it's improving.
You could (and perhaps would) make the same argument about Intel (for providing the processor) or Broadcom (for providing the wifi chip) or Comcast (for providing internet service). And it's true, all of these parties have the ability to use their positions for nefarious purposes.
However, I would like to limit that potential as much as possible, partly by creating a stigma against practices that remove control from the user.
I find it interesting how the needs of legitimate security mesh so well with the industry desires to kill off general-purpose computing for the majority of users
As a general rule, you want to prevent software from bypassing a user's informed consent. Apple typically does this in one of two ways:
1. Have functionality only accessible through system frameworks, so that the OS can be responsible for prompting for informed consent and granting it to a process. This means that the system itself has to have functionality to prompt for that informed consent in a way that users can understand.
2. Require processes which an application cannot script that are technically complicated enough that users might realize they are pulling off the warranty-voiding stickers. A prime example would be rebooting into recovery mode to turn off system integrity protections via a terminal command.
Both of these wind up getting gated in priority, but such is the priority of their system - limiting the ability of arbitrary software to act as an unrestricted agent of the user so that user security and privacy (as well as device operation like battery life and radio reception) can be protected.
> A prime example would be rebooting into recovery mode to turn off system integrity protections via a terminal command.
I actually think the way Apple implemented this downright brilliant. As you say, it can't be done automatically, and it's definitely made to be a bit intimidating. At the same time, it's not difficult or onerous, that's a pretty hard balance to strike.
By contrast, when I try to install unsigned drivers in Windows, I feel as though Microsoft is fighting me, and I get annoyed basically every time. I've never had that feeling with SIP; when I get a new computer, I take off the training wheels I don't need, and move along.
Unfortunately, Apple often does 1 far more often than 2, whether it be because 2 is harder, or has a worse experience, or what have you. And Apple exempting themselves is really option 3 for themselves.
I mean the irony is when it comes to browsers you see the general tone of HN shift to the opposite opinion when it comes to features like, RTC, USB, Bluetooth, Filesystem Access. These are all features that give users more power but it's (apparently) easier to see the downsides and how these features can and are used maliciously.
Now put yourself in the Apple's position where "an iOS app" or a "mac App" is about as trusted as a random website. Tech people have a strong culture of locally installed apps being extremely trusted but that doesn't extend to everyone. Can you imagine if websites could control your firewall?
> I mean the irony is when it comes to browsers you see the general tone of HN shift to the opposite opinion when it comes to features like, RTC, USB, Bluetooth, Filesystem Access.
I don't think it's that ironic. From my vantage point, the big tech companies specifically and consistently invoke the security arguments that are best aligned with their agendas.
• We need to enforce automatic Windows 10 updates to keep your computer secure. (But also, we won't let consumers use the security-patches-only LTSC branch we offer businesses.)
• You cannot install an app on your iPhone that we have not personally vetted. (As part of the vetting process, we enforce a 30% cut on all digital goods.)
• We need to hide URLs in Chrome to protect users from phishing websites. (But isn't it nice how it makes AMP more seamless?)
• We need to give browsers Bluetooth and USB access, because web apps are safer than random Windows executables. (But also, we can advertise inside of web apps more easily.)
I could go on. The problem with all of these arguments is that they aren't wrong so much as they're selective. The iOS App Store does protect users from malware, and hiding URLs does protect users from phishing. What goes unacknowledged are the trade-offs of these decisions—some of which may themselves be bad for security.
Because it's not really "hiding the URL" despite what all the outrage bloggers tried to make it seem. It's by default (i.e. until you tap/click it) hiding the parts of the URL that the site controls. So paypal.amazon.citibank.scamsite.biz/secure/login/trustus will just show scamsite.biz.
My first instinct was to distrust the hide-until-click URL bar also, but you've illustrated clearly why it's a reasonable default. It mitigates the effect of malicious websites playing URL games, and allows the browser to more accurately convey to the user where they really are.
To drive your point home, paypal.amazon.citibank.scamsite.biz/secure/login/trustus will likely have a perfectly valid certificate, along with the trusted green closed-lock before the URL, implying that the site is "secure".
This was solved a decade ago by rendering the 2nd+1st level domains (and sometimes other parts of the URL) in a different style.
> There's also arguments that URLs are too complex for normal people to understand.
That argument is an insulting attempt to justify a form of illiteracy[1]. Most people don't need to know all of the technical features of a URL; they just need to be able to use it as an address and recognize basic features like the hostname.
Street addresses are a good analogy. Most people understand the basics easily even though physical addresses are far more complex[2] than URLs!
> Now put yourself in the Apple's position where "an iOS app" or a "mac App" is about as trusted as a random website.
The mistake is in creating a category called "iOS app" or "mac app" and trying to fit every piece of third party code in the universe into that category.
What there should be is different categories of apps with different levels of trust. Then 95% of apps can go in the totally untrusted category because they don't actually need any special privileges. Which then makes asking for a trusted privilege a red flag rather than something the user clicks through because they see it for every app they install.
> Can you imagine if websites could control your firewall?
Realize that this has already happened. You wanted to block DNS to untrusted servers so everything would have to use your Pi-hole? Say hello to DoH. You could block AOL Instant Messenger by blocking port 5190, good luck doing that with Facebook.
The web made every protocol run over HTTPS to bypass your firewall, even if it has nothing to do with transferring hypertext.
Because that's what happens when you do security wrong. It has to be usable or it gets routed around. People started blocking unknown ports by default, or blocking/mangling protocols both of the endpoints didn't want blocked or mangled, so firewalls got displaced.
You don't actually want that to happen (again). You don't want the only options to be living in a cage or rooting your device with some unaudited 0-day code you got from some Russian hackers. There is value in the existence of the middle ground.
User freedom means being able to command our computers to do anything, even if it's against the law or against the business interests of corporations. A free computer is by definition hostile to corporations and governments since it can be used against them.
Security as an industry is generally all about protecting the interests of corporations and governments. Just look at how they react when normal people use subversive technology like encryption. The people in power simply cannot tolerate anything they have no control over.
…is not a monolith. There are plenty of people in security interested in giving you freedom as a user, actually, many do it specifically for that reason.
For the average user who expects to be able to block malicious traffic via something like Little Snitch, but still expects their OS updates, App Store, etc to work, or for someone who "knows better"?
It's not about trust that they aren't doing something malicious, it's about trusting them to provide the level of attention and work required to keep something very secure.
A kernel and the core OS capabilities are a high security domain and I expect Apple to be extremely careful and put a lot of attention into making it secure. Desktop applications are a different domain where security is not quite at the same level and Apple will not and can not provide the same level of security for all of them that it can and does provide for the base OS.
As a simple example, compare Safari and the OS. The domains in which they operate make it extremely hard, if not impossible, for Safari to have the same level of security as the OS and kernel because the use case of Safari opens it to far more attack vectors.
Does anyone believe that exempting all Safari traffic from firewalls would be a good idea? If not, then why should we accept that it's a good idea for some arbitrarily set of other Apple applications?
The issue here is simple, it's the same as it always is with Apple. There's a choice to do the thing that's slightly more complex and requires users to provide even a minimal amount of input that they might have to think about ("An application is attempting to change the traffic flow required by X service, if you allow this it may cause problems with this service. Yes/No?"), but instead they opt for "Users must trust us implicitly and entirely in everything we do", which is their go-to solution. It all comes back to control, does Apple control the user, or the the user control their software? Apple has built their empire around the former, so while we can't expect the latter without if being forced on them, that doesn't mean we shouldn't.
Well, that's not the whole story: consider another example, the various parts of Safari. Apple wrote that, Apple wrote the whole OS…should they have access to a kernel task port? Shouldn't I trust them to not do bad things? Of course I do, since I use the browser–but I am glad that those are split into separate processes and sandboxed, because an exploit in any of those instantly turns this access into a confused deputy problem. A confused deputy is trustworthy–but they're confused.
Adding exceptions means adding more points of failure, more complexities in code, more opportunities for attackers to bypass restrictions placed on them but not on OS services. Not only that, but you get the upside of having a unified model for Apple and your app developers "for free"–the latter which is of critical importance to Apple in particular, since they have had years of trouble in this area.
Microsoft makes an OS too. And to use it I have to spend an enormous amount of time turning off all its daemons that phone home, harvest my personal information, show me ads, and force updates on me.
So no, I don't trust OS providers. I tolerate them and defend myself against them.
This really isn't about trusting Apple, this is about trusting Little Snitch. I don't think it would be a good decision to allow any app to control your firewall, but I should be able to say "this app should be allowed to because I trust it."
5 years ago I found LS was unable detect any traffic out of a VMWare virtual machine running on the same Mac. Sure the VM is running through some installed virtual network adapter, but if that's all it takes an attacker can set up one of her own. Cool Hollywood interface but I gave up on LS as a serious security tool right there.
Guest traffic was visible when the VM was in NAT mode, but when switched to Bridged mode traffic went straight through with LS unaware. I suppose LS was only sniffing the standard adapters, though this could have been improved since.
If you don’t trust Apple then you need something more than little snitch. Apple is responsible for both hardware and OS. What delta in security or trust is little snitch going to offer over Apple?
In this situation the question isn’t about whether or not Apple can be trusted.
Apple has clearly betrayed users’ trust in this situation.
People don’t install Little Snitch only to prevent nefarious third party activity. Some may want to know what traffic is going to and from their computers. Other may want to block all traffic for testing and/or research purposes.
I can trust that Apple is not doing something nefarious and still see that Apple is blatantly betraying the fact that people trusted when switching stuff like firewalls away from kext that it wouldn’t build backdoors for itself.
Also, any backdoors Apple builds for its own apps and services are simply an additional attack vector that could potentially be used by non Apple malicious actors.
> Apple has clearly betrayed users’ trust in this situation.
That's a perfectly reasonable opinion to hold, but 99.9% of macOS users won't know the difference and will be safer for it.
Some of the folks who know the difference will also be fine with it. FWIW, I've used Little Snitch (only to prevent nefarious third party activity), and its biggest UX problem is that it treats legitimate OS traffic no differently than untrusted traffic.
Apple hasn't weakened the security of their devices to provide a secret way in, in fact, they made their systems even more robust.
The question absolutely is whether Apple can be trusted. Little Snitch works for other apps, just not Apple's apps. The remaining slice of the pie you're arguing for is whether or not we can trust Apple.
So what delta in security and trust over Apple are we getting by asking for this change, and how much insecurity and brittleness are we inviting to all other users with our ineffective software based firewall?
> The question absolutely is whether Apple can be trusted.
This is a false dichotomy. I choose to use a Mac, but I also choose not to let my Mac phone home to Cupertino unless I allow it. Why can't I have that choice? Why does it have to be all or nothing? I'm only interested in the Mac, I have zero interest in Apple "services". It's a fine computing device, but I see no reason why the device has to continue to talk to Apple after I purchase it, except to download software updates — which I manually trigger.
It's not about trust, it's about choice.
EDIT: Now if Apple provided a way to easily disable all of those "services" that phone home, there would be a lot fewer complaints about this issue. But they don't.
> Apple hasn't weakened the security of their devices to provide a secret way in, in fact, they made their systems even more robust.
I'd consider poking a hole in firewalls to be providing "a secret way in", particularly in the context of Little Snitch. This isn't some antivirus bloatware that comes preinstalled, or a firewall imposed by corporate networks. The entire pitch of Little Snitch is that it enables you, the user, to monitor and control any bit of traffic that leaves your machine. No one was asking for Apple to bypass that.
ANY firewall inherently trusts the OS of the device it's running. They have to in order to function. The firewall sits on top of the OS, not underneath it. Even on Linux if you're running ipfw, the traffic first goes through the OS and then to your firewall.
There is trust and there is visibility. Here’s an alternative example I actually do quite often: I attach debuggers and such to system processes. Not because I don’t trust them to not do something malicious, but knowing what they are doing is always useful to me. If Mail is randomly reading files from my Documents folder, perhaps something is wrong with it. Maybe I should just tell it that I can’t look there and see why it might be doing so. These are things that give me more control over my system, not things I engage in because of a lack of trust.
Yes, but as a user, I expect the OS to behave in a transparent manner. If the OS provides a firewall API, I expect it to send all traffic through firewalls that use that API, not selectively redirect traffic from certain apps or domains.
Bottom line is that Apple made software like Little Snitch switch away from kexts and then built in behavior that was unexpected, which would not have been possible for them to do while Little Snitch was based on kexts.
Whether this is malicious, not malicious, secure, insecure etc. is irrelevant to whether this is an untrustworthy action. It’s not what one would reasonably expect and is therefore a betrayal of users’ trust.
If Apple switched gatekeeper on MacOS to completely remove the option and the workarounds to run unsigned apps, it would certainly be more secure. It would also be a huge betrayal of users’ trust in Apple and the MacOS platform.
I would disagree with that statement. The user bought an Apple computer so they clearly trust Apple already. If anything, the new frameworks make the system more secure which strengthens that trust for users. The only people really affected by this change are users who want granular control over everything whether it comes from Apple or not.
This conflating of purchasing with trusting is harmful. It's an ongoing trend I've seen with large tech companies, with arguments of the form "You accept a tiny X, therefore your rejection of the giant Y is invalid."
We buy things from companies we don't implicitly trust all the time, because we can isolate and verify those things.
I don't always trust the supermarket to sell me non-moldy produce, but I can look at the produce and see whether it's moldy.
I don't trust oil companies not to destroy the environment, but if they sell me bad fuel it will be very clear.
I don't trust OS makers, but I can run firewalls and network sniffers to verify that the OS is behaving reasonably, and isolate it when it isn't. Until I can't.
That's fine but you bought it. When it comes down to it, America and capitalism run on the premise that you vote with your dollar. You voted with your dollar regardless of the mental gymnastics you did or didn't do to make that decision.
You're overloading "trust". I think most people trust Apple not to be malicious, but that doesn't mean they trust apple to omniscient and perfect.
A back-channel that you can't inspect but Apple can use is a back-channel that you can't inspect but malicious actors have found a way to use waiting to happen. Preventing you from seeing that traffic doesn't protect you, only protects Apple at your expense, since you have no way of detecting whether something fishy is going on.
Trust relies on faith or evidence, the overwhelming circumstantial evidence is that Apple can not be trusted with anything other than their commercial interests.
You can not trust Apple with anything else, therefore you must have faith.
Why doesn't each individual user have the final say over whether she wants to accept the change or not? There is no option presented to the user:
[ ] Do not trust Apple, trust only me
You say "Some people are smart, informed developers" but in this case, it appears Apple is treating every user as the same.
I am not a "developer" (nor am I particularly "smart") and yet I monitor traffic to/from computers I own. Maybe some incorrect assumptions are being made about so-called "users". I find it perplexing that any company should be able to prevent me from monitoring traffic to/from computers I own. I own the computers, I pay for the bandwidth. I do not buy Apple computers for the Apple software.
Actually, I don't think this is about trust. I mean, when I use an Apple OS, I (should) trust them, as their software has access to all my most sensitive digital information.
However, making it impossible to route the traffic of the system apps through a VPN of my choice (whatever the reason), is just broken functionality.
Absolutely. For example, I think that the lockdown of the bios was a move that hobbled developers like myself that installed custom bios extensions. I used to be able to run raw linux on real hardware. Now I need to use a commercial virtual machine just to get the dev environment I want.
The difference between the two is subtle, but true. I want true masters that understand what the tradeoffs are to make those hard choices for themselves. I want the rest of the world to have a blanket of privacy and security that protects everyone.
Especially the elderly that are too trusting with what they believe.
I appreciate the response. I suspect you’re missing the many ways in which this change can negatively impact valid and fairly frequent advanced usages of macs, in a way similar to the BIOS change you mentioned.
When I was in college, Little Snitch was an absolute must for using Macs in our networking labs, because it was the best way to analyze and control our network. Without it the mac was not a feasible option.
This change by Apple would have essentially eliminated the macs use in several of these experiments, and I suspect that’s true today as well.
Further, this has a regular advanced user impact as well, for users on metered networks who would like to control their data usage.
Have you used little snitch? It very clearly allows all apple traffic by default, and if you modify something that would affect it, you get a huge popup explaining what will happen and have to click on a red button to confirm.
> Is the world better or worse due to this change?
This is the false shortcut behind any attempt to weaken security. Security makes access harder, therefore let's weaken security to improve access.
The fact is that weakening security also makes malicious behavior easier and/or more likely. Changes like this are bad particularly because Apple users pay for a protected walled garden.
Local network access is a separate permission since iOS 14. I’m not sure whether that is for scanning or multicast only (e.g. finding devices such as Chromecast) or complete access to anything other that the gateway and dns servers.
> Some people are smart, informed developers that install a trusted tool to monitor their traffic and have legitimate reasons to want to inspect Apple traffic. They're dismayed.
Wouldn't say I'm that smart. Wouldn't call myself a developer either. But I'm still kind of dismayed. I used to love macOS (or OS X to be precise), but the clock has been ticking for years now. Near every decision made about macOS future goes in the wrong direction (for me). Right now I'm looking at Manjaro. But still, I need the Adobe CC suite to get my work done, so I will have to use two machines. I hate running two computers. But that's probably where I'll end up.
Either Apple doesn't trust Little Snitch and shouldn't let it interfere with any apps, or Apple does trust Little Snitch and shouldn't block it at all. There's no reason to implement this halfway.
If the data is so poorly protected in transit that a firewall app on the system is a concern, something has gone very wrong indeed. It's just going to see that your Apple services on your Apple device are speaking to Apple servers.
There's an availability consideration here, but that's about it.
Tech savvy users are not just the minority. They're also cheap. They've been conditioned by the FOSS movement to think all software should be free as-in-beer. (The people who started FOSS didn't say that, but that's what it's become.) They say they want free as-in-freedom, but since they are not willing to pay for it they don't exist. Those who pay set the agenda for everything.
Developing a truly polished operating system with a whole ecosystem of services is far, far beyond what volunteers and hobbyists can achieve. It's just too much work. It also requires focus and coordination and someone who is able and willing to say no. Without that the FOSS community rewrites everything over and over again instead of doing the not-fun parts of programming like fixing bugs and edge cases.
TL;DR: we get what we pay for. We don't pay for freedom so we don't get it.
Where are these weird anti-FOSS statements being bred from?
> Those who pay set the agenda for everything.
And this different from non FOSS software how?
> Developing a truly polished operating system with a whole ecosystem of services is far, far beyond what volunteers and hobbyists can achieve.
As someone who uses Linux as my primary workstation I disagree. My coworkers that use Mac or Windows seem to have about the same number of issues overall. I mean- look at the article this is about. I’m pretty confident that would be much harder to get away with in the Linux community. Gnome shell is more polished than windows or macOS were at the same age.
> It also requires focus and coordination and someone who is able and willing to say no.
Clearly you haven’t dealt with the Gnome folks who are perfectly willing to say no to features some users scream for. Or read any of Linus’s rants about nvidia.
I crap on FOSS a bit because I like it and wish it got more traction in the mainstream. I intend it as constructive criticism.
I've been a FOSS user and sometimes contributor since 1994 when I installed Linux with floppy disks, and have consistently watched FOSS lose the mainstream because they don't grasp the critical importance of UI/UX.
I want to write "it has to just work" on a sledgehammer and bash people about the head with it over and over again until they understand that user experience is f'ing EVERYTHING and every installation or setup step required to adopt something roughly halves adoption.
This is largely because we are in an age of time and attention poverty.
Is it really a goal of most FOSS projects to attract the mainstream? IME some of the highest-quality and longest lived projects know who their users are and provide an extremely high quality product.
I don't want to see Arch Linux, for example, to start prioritizing for attracting non-technical users who want it to "just work."
Well you should be thankful our predecessors took making things "just work" seriously enough to remove your need to boot using toggle switch sequences.
Oh come on! It is not because I spend most of my life inside a terminal that I don't prefer simple things over complicated ones.
Technical doesn't mean "unnecessarily complicated", it means "rich, expressive and built for users that are willing to spend some time to learn" (at least it should)
Sorry then. I had read something anti-foss the other day (probably on Reddit) which seemed to have a hidden agenda behind it like in the old days. As far as having a “it just works” experience- sticking with the Lenovo and Dell professional lines has worked out pretty well for me.
> They say they want free as-in-freedom, but since they are not willing to pay for it they don't exist. Only paying users matter.
Citation needed. If you look at app store pricing models the opposite seems true. If I were going to take a random guess I would say that tech savvy users use open source software to avoid anti-consumer bullshit more than anything else.
If enough people said to Apple "hey, this stuff is not acceptable and we won't pay for it" and then they actually did follow through, Apple would stop.
My point is that the vast majority of people don't say that, only a very tiny minority. The vast majority of people want convenience, not control. They want their stuff to "just work" because even if they do have the technical knowledge they don't have the time to screw around with fixing their computer. Apple is giving the market what they want as evidenced by actual buying behavior, not posts on HN.
My other point is that while there probably are enough tech-savvy people who care about freedom to support a viable alternative platform, the majority of these users are not willing to pay for anything so there is not in fact a market for it.
Basically what it boils down to is that people don't actually care. Even the vocal people who say they care don't care because they won't open their wallets or change their buying habits. If you won't actually do anything about something, you don't care. Whining on the Internet is not doing something.
> If enough people said to Apple "hey, this stuff is not acceptable and we won't pay for it" and then they actually did follow through, Apple would stop.
“The market will price this out” doesn’t actually work because it assumes that 1. Apple’s product strategy is done to match market desires perfectly and 2. The decision to buy is solely predicated on this particular thing. The first is false because nobody can do that and the second is because people buy Apple products for other reasons than just that. I personally know many people (although this sample is of course unbiased) that buy Apple devices for a number of reasons (they work well, they look nice, they have good support) but hate that they can’t do thing on them. But their purchase decision doesn’t reflect their opinions on this particular issue.
> Basically what it boils down to is that people don't actually care. Even the vocal people who say they care don't care because they won't open their wallets or change their buying habits. If you won't actually do anything about something, you don't care. Whining on the Internet is not doing something.
People aren't buying features off a list. In a situation like this a missing feature has to be so important that it completely disqualifies the product, which is a very different thing from a willingness to open the wallet.
It's similar to how you can get a kindle with or without lock screen ads. If the only option was with ads, you'd see more people buying that version because it becomes artificially hard for them to say "I don't want ads". Even though they're willing to pay for the feature.
And for convenience vs. control, well, this firewall bypass doesn't help convenience.
> They want their stuff to "just work" because even if they do have the technical knowledge they don't have the time to screw around with fixing their computer.
And that's why I picked up an MBP this year; it's caused me way less grief than my various Linux boxen have.
It's the opposite for me. Pop!_OS has caused me the least amount of grief. I tried switching to it as my main workstation but, sadly, Zoom doesn't run very well (in my experience). It crashed often and started using 100% CPU on all my cores.
I'm happy to pay for good FOSS and open hardware and I'm paying. Also I'm trying to avoid any proprietary and especially cloud-connected things. You are generalizing too much, there are enough people who are happy to pay for trustworthy software and hardware. Just noone cares.
> Tech savvy users are not just the minority. They're also cheap.
Bologna. I spent $4,000 for this MBP, and I've spent many hundreds on accessories, and thousands of dollars on software to run on it. I do everything on it. It is the center of my digital life.
That being said, the day I go to do something on this machine and find that I can't is the day I go buy a sub-$1,000 PC laptop, and go back to Linux (which I ran on the desktop for 19 years). Apple should be very careful how hard they squeeze here.
Apple seems to do all kinds of weird networking _stuff_. For instance, during wakeup, your T2 equipped Macbook will wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard. Probably checking timestamps on signatures for the keyboard firmware, or something stupid like that. This only happens if it happens to have a default route.
Similarly, all macOS machines will test a DHCP supplied default route before applying it by trying to reach something on the internet. So if you happen to have some firewall rules that block internet access, no default route will be applied until the internet check times out.
I won't share the other sentiments about the above, but is it really that hard to document these behaviors?
Apple touted the T2 chip as the bee's knees in security. Now, we have a vulnerability that cannot be defended against. However, Apple went all in on the security of this T2 chip so that you cannot replace the SSD (besides the method to manufacture). I appreciate the desire at making a device difficult for a bad actor to get to your data, but they epicly failed and ultimately only made an user-hostile device. Oh, and the laptops with these chips also had the world's worst keyboard. Absolute trash.
> I appreciate the desire at making a device difficult for a bad actor to get to your data
That's what FileVault is for. I don't understand what's the problem T2 is trying to solve by its existence. Being able to use something else to read the data from a drive you pulled out of your computer, after decrypting it with your password, is a feature, not a bug. T2 is a regression, not an improvement in security. You can't call it a security product if you keep the master key, which Apple does.
One of the value props was the inability to reset and resell if it were lost or stolen. Now that it’s cracked there is more of an incentive to not try and find the owner.
As for actual data security you are probably right
> One of the value props was the inability to reset and resell if it were lost or stolen.
It's sure one of those nice to have features, but there's no good reason why it has to be mandatory like it is. All in all, having a device purposefully retain some information when you factory reset it is user-hostile.
The "lost or stolen" argument also hardly holds for desktop computers like Mac Pro or Mac Mini or iMac, yet they still have T2s in them.
But one of the things about Apple products that makes people okay with the exorbitant pricing is the resale value. I thought Apple themselves realized this?
> The mini operating system on the T2 (SepOS) suffers from a security vulnerable also found in the iPhone 7 since it contains a processor based on the iOS A10.
> ..Using the checkm8 exploit originally made for iPhones, the checkra1n exploit was developed to build a semi-tethered exploit for the T2 security chip, exploiting a flaw. This could be used to e.g. circumvent activation lock, allowing stolen iPhones or macOS devices to be reset and sold on the black market.
> Since sepOS/BootROM is Read-Only Memory for security reasons, interestingly, Apple cannot patch this core vulnerability without a new hardware revision.
From what I could find, the encryption keys of the T2 are still secure but the OS running on it is not. Wiping the SSD and/or repairing another might be enough to resell the device without any locks but I'm not 100% sure about that.
> I don't understand what's the problem T2 is trying to solve by its existence.
watch the 2 security briefings that Apple delivered at black hat. i think they are 3 years apart and each touched on different aspects. i might be misremembering and T2 is covered in just one of them.
I'm not sure. I have a 2019 mbp 16 with a dodgy logic board and while it crashes even without charging on the left it definitely crashes more often when charging on the left. I'm stuck in limbo because I need my machine for work. Will take it in when I have a break.
In Berlin everything is pretty much open (loosely enforced indoor mask and social distancing mandates). They’re not trying to eliminate the virus here like they do in Singapore or Australia. They track 3 values and depending on the scores they escalate or ease restrictions.
I noticed odd hangings and cpu hitting high temps on a MBP 2018' w/ dell usb C dock on left side, meanwhile right side is fine but I had to reboot randomly and sometimes it will just crash.
Docks on the left side, or similar devices which provide both power and send data, seem to be particularly problematic. On advice of my employer's IT department I went from "spinning up new VMs in VirtualBox reliably leads to thermal excess, CPU throttling, and total system shutdown" to a system that actually works -- just by moving the dock connection to the right side.
It's a little funny because the advice used to be you should use the left-side USB-C ports first because they were faster (both for data and charge, IIRC?)
What? I have to test this. I have my 4k monitor also providing power. Being a lefty I always plug it into the left side. Need to test this. Thanks for the information.
I never had mine crash, but if I charge on the left hand side, the temp of the laptop increases to the point of needing the fan. Charging on the right hand side does not cause this problem. I had never paid attention to what side I was charging on until earlier this year when someone posted about it. After trying the right hand ports, I could see a difference.
The new keyboard is no longer horrible beyond index. Unfortunately, it's merely adequate, which at least in my book is unacceptable for any $1k+ laptop, let alone $3k+.
I am at MB Pro #3 in as many years. We replace around 2 percent of or colleagues' machines per week. Some because of the keyboard (they go into repair and are rotated back) some because they stop working from one moment to the next (also into repair, but only once, after that if it happens again they're scrapped). All three of my MB Pro devices were in repair once because they stopped working costing me one additional day of setup of a temp device. And also one day for setting them up again after they came back. When they died for good another day for a temp replacement until the newly ordered one arrived and it was another day of setup. So I am currently quite well versed in setting up a MB Pro and have it scripted as far as I can thanks to homebrew and the like.
But replacing 2.5k every year with additional repairs in the 700 Euro range isn't viable.
Sadly we are primarily a Mac shop and I have to say that Keynote is by far the best piece of presentation software I know of. But none the less. The hardware is currently unacceptable imho.
Yeah if you want to wipe a laptop, make sure you unlink your user account first. It's Apple's theft protection, same as with their phones. It'll want to see a successful login with the Apple ID.
This is the worst. So many people seem to forget their apple ID password but remember their screen unlock password. I saw a case recently where someone had an attacker get access to their apple account as well as everything else. I was able to do a fresh install of their windows laptop but I was unable to reset the persons iphone because the attacker had changed the apple id password.
I have also seen many android devices bricked by the same anti theft protections.
Yep we have a whole box full of perfectly good phones and that's just for one office :(
However Apple does unlock them if you can prove ownership. You need an invoice with serial number. It's a lot of hassle but it works. The reason for that box is that we didn't get serial numbers on the invoices for a long time :(
It's another one of those things that are supposedly for the benefit of the consumer but also really supports the company's bottom line by having to buy a new product. I'm always a bit dubious of their motives. I do see the benefit of such features. But they should have some kind of workaround for unlocking it. Such as a card with a QR code that you get with the phone and keep on file or something. Because theft isn't the only way you can get locked out. And since the fappening Apple is really difficult with resetting passwords, in some cases people just can't make it happen.
Android is even tougher but our local carrier can send them for repair to unblock them. Also, Samsung KME overrides the lock, which makes sense because it proves the device is company owned. I wish Apple DEP could do this too.
How old are the phones? Everything up til the X can be hacked now to bypass that I was told. If the company has no use for them you could probably make a huge profit unlocking all of them.
> Apple went all in on the security of this T2 chip so that you cannot replace the SSD
That's not a security thing, really. It's easy enough to layer encryption on a normal SSD. It's their desire to make it some kind of do-everything auxiliary chip, which has the end result of weakening security.
Plus don't talk about display. Its has serious flaw. Like most macbook 2017 have lines on bottom due to apple placing controller in tcon board. What a trash .
Oh wow! This probably explains why every now and then when I wake my MacBook Pro from sleep it says no keyboard is connected! I thought I had some hardware problem on a basically brand new machine. Glad to hear it's only a stupid software problem!
The absurdity of sitting in front of a frozen keyboard and trackpad for up to a minute before I can unlock the screensaver on a 2k machine has driven me spare. And now has driven away from these astounding lemons.
I think the threat model here is that someone might've swapped out your keyboard to one that's spying on you, whilst you're out at a conference enjoying the more social aspects of such gatherings. At the same time, if you were to not be connected to a network, this kind of verification wouldn't do anything.
I have a 2017 MBP. There are several keycaps that that are no longer physically connected to the key, so if I tilt the laptop 4 or 5 keys fall off. I have been dealing with it by using an external Apple keyboard (with added benefit of having 10-key and full sized arrow keys). Since it's on a desktop in this config, I have it set to never sleep so luckily I have not seen this unwakeable fuck up.
It doesn't fix the problem, but it resets the clock until they fall off again. In Texas, it was <48 hours between dropping my Macbook off at the Apple shop and receiving it on my doorstep.
I just followed your link, and had an interesting experience. Of all of the Apple Stores and Authorized Repair they do not appear to be accepting repairs. Everyone of them tell me:
"This location has no available reservations.
You can check another location now, or check this location again tomorrow."
Can't even get far enough to see if the repair would be covered. Good job Apple
48 hours is pretty optimistic. At least for the 2016 model they can't just change the keycaps but they'll have to change the whole bottom case. This took a few weeks for me since I had to send it to a certified repair center.
That's the same for the 2017 model that I had to fix. I got a new mobo + battery. Convenient because my battery was in dire need to servicing.
I heard it would take weeks and even had a backup laptop ready, so it surprised me when it came <2 days later. It was my original laptop too (had all my data and the same dent).
Oh well, the new models don't have this issue anymore. What a fuck up.
The big question is will they extend the warranty by the number of months the Apple Stores were closed due to pandemic lock down? My keycaps didn't start misbehaving until about April.
> Apple seems to do all kinds of weird networking _stuff_. For instance, during wakeup, your T2 equipped Macbook will wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard. Probably checking timestamps on signatures for the keyboard firmware, or something stupid like that. This only happens if it happens to have a default route.
I had the same thing happening to me but Apple changed the complete keyboard under their extended keyboard warranty programm (even though it was out of Apple Care already).
The idea is that if your keyboard is replaced with a keyboard that has modified (hacked) firmware, your computer will refuse to let you use it.
To do this, it must obtain a cryptographic attestation from the keyboard firmware, proving that it has not been modified. Further, to avoid replay attacks it must include the current time in the message it signs. NTP is used by macOS to determine the current time, so as to verify the signature provided by the keyboard.
So, if NTP is slow to respond or time out, you are stuck waiting for your Mac to verify your keyboard's signature.
So they introduce a major usability breaker (consider opening up your macbook on a plane with no internet access) to prevent a really obscure security issue that requires an attacker to replace the entire system's top case without you noticing. Nice.
At least give the user the ability to turn that off.
Sorry, that wasn't the best word choice. Certainly a counter is another viable way of performing that check. (And obviously comes with its own set of trade-offs which I'm not interested in performing value judgments on!)
Ugh, Cisco AnyConnect, had my MDM policy erroneously install the 32-bit version of it and removing it required finding a shell script in /opt/cisco and running to deregister it before I could install the updated version. So much fun!
So I'm not the only one?! Holy I thought I was going crazy, dropping out of the VPN meant a ten second freeze until a couple of weeks ago. Do you have any additional sources?
> but is it really that hard to document these behaviors?
I imagine it is, given the bureaucracy of a big company. Apple's documentation has long been really dreadful, mostly nonexistent and where it does exist, usually incomplete and even wrong. I've assumed it was because the code itself is developed by isolated groups while the documentation presumably has to touch all sorts of people (publishing, translation, language checks, ...) in a kind of Conway's law.
However, hard or not, writing comprehensive documentation is quite doable. I have never been a fan of the Windows programming model but I have long admired not just MS's documentation but the amount of effort and commitment they obviously put in.
Apple cares about some things but in this regard it appears they simply don't give a shit.
Online documentation. For some reason the qualification is necessary because their header files have a bunch of information that whatever script or tool that generates the webpages doesn’t catch.
> Apple seems to do all kinds of weird networking _stuff_. For instance, during wakeup, your T2 equipped Macbook will wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard. Probably checking timestamps on signatures for the keyboard firmware, or something stupid like that. This only happens if it happens to have a default route.
When did they start doing this? I'm still using High Sierra on my 2018 MBP work laptop, because the keyboard and trackpad was freezing for anywhere up to 5 minutes or more with Mojave after a wakeup (usually after a long sleep). Downgrading to High Sierra fixed it, but fighting with the machine was such a pain I haven't dared touch it since.
I'm wondering if you're describing the problem I was having, but could never figure out.
Unrelated but has anyone often had Chrome going on cpu usage rampage and unresponsive fairly frequency on 'wakeup from sleep'? It's almost certain to happen if the chrome has been updated and waiting to be restarted.
That's how typical Apple "magical/just works" features are implemented, i.e. very ugly behind the curtain.
Documenting means revealing the edge cases and the limitations, which engineering knows is the best kind of documentation. But marketing people are invested in the "magic".
The keyboard thing is new to me, wow that sucks. The other one sounds like a workaround for captive portals. I think there is some documentation on that wrt Safari and the built in networking, but it was mostly a workaround needed to deal with wifi hotspots that intercept dns until you pay/subscribe, and it causes safari to look hung - so they had to make it clear it wasn’t their browser hanging since it couldn’t make SSL connections.
OS is a weird design. It lets the machine belong to Apple/MS/Google not we, so they could update whatever they want or query to their website secretly. You can't even stop them because once you installed you agreed for all. You don't have choices to partially agree. It makes me feel like when you have a cecal surgery, the doctor also took out your foreskin for auto-updating.
You actually just helped me diagnose a really annoying bug I've been having lately. When I wake up my Mac from sleep mode the keyboard and mouse are unresponsive for a up to a few minutes in some extreme cases, sometimes I even have to hard reboot. I found online that it was related to VPNs trying to restore their connection but I could never find the link between the keyboard and the VPN.
It was also compounded by the VPN setting I use to disable all traffic until it successfully reconnects. Meaning whether my computer works or not is dependent on my VPN providers reliability.
Now that I know Apple thinks I need an internet connection to wake up my laptop securely I'm quite pissed by this. Brand new $4k laptop is a paperweight if my VPN can't connect.
I'm working from home now, and in my company we use Tunnelblick for vpn into corp network. VPN has time-based OTP so it never gets saved.
Sometimes when my MBP goes to sleep it loses wifi connection and VPN disconnects. When it wakes up, Tunnelblick asks for password, but it doesn't restore routes (I guess?). Basically no internet until I either enter password or click disconnect. At that moment I'm typing in my OS password and pressing Enter.
What then happens is that it waits for ≈30 seconds and then logs me in, as if it made a network request and waited until it timed out.
Could it be related to the issue you're describing?
I was trying to figure out how my routing table was set up on my iPad and I found out that iOS doesn't expose any interface to routing tables, at any level of privilege. Very frustrating.
I think this is probably wrong. I don’t know what the interface is, but on my iPad running 14.0.1 this app shows a Routing Table that looks okay to me. https://networktools.he.net/
I should've clarified - it only does this if there is a default route. Funnily enough, whilst the firewalls in the original twitter post would possibly fail to catch this traffic, PF will block it just fine.
This mindset probably explains why I have such issues with Apple products when my connection to the internet goes down, but the internal network infrastructure (including DNS server) are perfectly fine.
I mean that's what a default route is supposed to mean, right? That this machine can route to any address. It might not get there because of a firewall, or because nothing is at a given address but you're at least claiming to know what to do with a packet destined for anywhere.
> Similarly, all macOS machines will test a DHCP supplied default route before applying it by trying to reach something on the internet. So if you happen to have some firewall rules that block internet access, no default route will be applied until the internet check times out.
So if the default route doesn't exist yet since it's still checking for internet, it would let you use the keyboard. DHCP probably runs every time the NIC is turned on (like from sleep), and they could just disable this function if you've set a static default route (since they may not be able to reach their NTP server on that route).
The default route verification is separate from the keyboard issue. I don't know exactly what is going on here, but in the above post what I mean by the system applying a default route is that the route isn't propagated to the system configration's dynamic store and whatever macOS uses for netlink, i.e. the route doesn't show up in `route monitor` until the check finishes. However, I do believe it would still be used at some level, either on the T2 or in the kernel to do the NTP stuff.
When I had the authenticate with watch option enabled, and for some reason the watch lagged, the Mac didn't allow me to log in with my password or finger.
> For instance, during wakeup, your T2 equipped Macbook will wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard.
Aha so this is why I need to put my MacBook back to sleep after waking on a spotty WiFi connection or when it was previously connected to vpn which timed out during sleep!
Would certain go a long way to explain why waking my MBP up after going AFK involves an affair that requires me to undock it from my vertical stand, entering password, and awkwardly trying to place it back into the stand, reconnecting peripherals while slapping the BT keyboard endlessly so it doesn't go back to sleep after login.
> your T2 equipped Macbook will wait for a DNS response and then use said DNS response to synchronize time via NTP before letting the user use the keyboard.
Holy shit, this is why my macbook sometimes won't let me log in for like 15 seconds on my shitty cellular hotspot connection? Absurd. Apple software has fallen so far from just 10 years ago.
"You have to trust Apple", it's said. But I suspect that if you actually knew how much your Apple devices were phoning home to Cupertino, you wouldn't trust Apple anymore. Using Little Snitch (the kernel extension) was a real eye opener for me. Especially when I allowed Little Snitch to block all Apple processes (by disabling the built-in iCloud Services and macOS Services rule groups).
This may be a good time to remind folks of my blog post where I explain how Catalina phones home when you run unsigned executables, including shell scripts! In the article I mentioned that you can prevent this with Little Snitch. But that was the LS kext. Is it even possible anymore?
https://lapcatsoftware.com/articles/catalina-executables.htm...
Let me just quote one comment from the HN discussion of that article: https://news.ycombinator.com/item?id=23278253
"Making this about speed is burying the lede. From a privacy and user-freedom perspective, it's horrifying. Don't think so? Apple now theoretically has a centralized database of every Mac user who's ever used youtube-dl. Or Tor. Or TrueCrypt."
It's all too easy to dismiss the privacy violations that we're not aware of. Out of sight, out of mind.
Why would the most successful company in history—a success gained in no small part through protecting users, selling hardware and services instead of their data, and promoting and enhancing privacy as a first-class feature—do that sort of thing? What possible benefit could such a centralized database serve? How's that gonna make them more money?
I'd love to apply Occam's Razor to Apple's network connections. Those entitles should not be multiplied without necessity. That's why I use Little Snitch!
Seriously though, Tim Cook has been absolutely trashing Apple's hard won reputation by relentlessly pushing (via push notifications no less) TV shows and other garbage "subscriptions" on computer buyers. It's not what I signed up for when I became a Mac user many years ago.
That quote—“Apple now theoretically has a centralized database of every Mac user who's ever used youtube-dl.”—is somewhat misleading.
Apple doesn’t get script contents, it only gets a hash. Of course, if Apple really wanted, they could maintain a DB of hashed contents of every possible version of youtube-dl script, and do their best to match it up with what users execute. However, even that far-fetched scenario falls apart the moment you wrap youtube-dl invocation in a convenience script—as only the hashed content of the script you invoke is submitted for notarization check, not every binary or script further launched by it.
Why are scripts even getting notarization checks when scripts cannot be notarized???
We shouldn't need to tell a story about how it would be difficult for Apple to exploit data they have about us, because they simply shouldn't have this data about us.
The whole "We can trust Apple with our data" line starts with a flawed assumption: that Apple should be allowed to collect data from us. False. And it's important to note that none of this data collection was ever explained or even disclosed to users. We had to discover it by reverse engineering. Extremely shady practice by Apple. It doesn't matter if the "intentions" were good. Secretly collecting data is never acceptable.
And let's never forget, Apple has been actively collaborating with authoritarian governments to shut down pro-democracy activism. That's not just a theoretical possibility, it actually happened.
The very possibility of Macs phoning home for every shell script would have been considered a crazy conspiracy until we discovered that's it's actually a real thing. So it's a bit ironic to suggest that Apple's exploiting this data is just a crazy conspiracy theory.
> And let's never forget, Apple has been actively collaborating with authoritarian governments to shut down pro-democracy activism. That's not just a theoretical possibility, it actually happened.
I wonder why any time I see these claims, they’re never accompanied by anything resembling reliable evidence.
> The whole "We can trust Apple with our data" line starts with a flawed assumption: that Apple should be allowed to collect data from us.
Apple is free to do that, as a private entity in a free market; you on the other hand are free to vote with your wallet and your time by buying their devices and developing for their ecosystem (or not).
You’re entitled to not believe that the end goal (security) is not justified or achieved by the means (notarization, Gatekeeper, etc.), but somehow you are not making that argument.
> I wonder why any time I see these claims, they’re never accompanied by anything resembling reliable evidence.
Because the stories have been on all the news sites, it's common knowledge, and thus it would be superfluous to submit detailed documentation every time it's mentioned? I can't help it if you're not informed about politics and tech.
> you on the other hand are free to vote with your wallet and your time by buying their devices and developing for their ecosystem (or not).
People always say stuff like that, but do they really mean it? It feels like just empty rhetoric to shut down criticism of Apple, not an actual suggestion. I've been a professional Mac developer for over a dozen years, my software has been enjoyed by countless people, and I've also provided many tech insights enjoyed by many people, including this one under discussion, as well as the Google Chrome bug story that's been going around — that's me too! Are you seriously saying I should pack my bags and leave the Apple ecosystem forever and no longer write software for the Mac or write blog posts about it? Is that what you really want? Is that what people in general want, for me to leave the Mac? Don't say it unless you mean it, and are willing to drive away longtime Mac users and/or developers like me.
I hope you'll enjoy your "curated" criticism-less ecosystem with no actual developers who care about the Mac.
> people always say stuff like that, but do they mean it?
no of course not. it's a pointless thing to say, equivalent to "if you don't like the laws in America, move somewhere else." Easier said than done, for starters.
But also, if developers and power users aren't allowed to criticize or give feedback than who is? Apple needs us more than we need it, so of course you should have a voice
> Because the stories have been on all the news sites, it's common knowledge, and thus it would be superfluous to submit detailed documentation every time it's mentioned?
Those are the claims, yet every time I dig deeper I see how from “actively collaborating with authoritarian governments to shut down pro-democracy activism” they are reduced to “complying with local laws” within a single brief conversation.
Sure, in some countries the latter is a superset of the former. In such countries, violation of ethical norms could be required in some situations to comply with local law. However, it doesn’t mean that any instance of the latter always requires the former, nor that Apple had ever faced this choice, nor that if put in this situation Apple would agree to actually do the former as opposed to exiting the market (which, exiting, I suspect is a scenario CCP would very much prefer to avoid).
I will roughly delineate the difference based on two concrete example situations:
1) Complying with the requirement to store encryption keys for Chinese user data on Chinese servers = complying with local laws.
2) Providing personally identifiable information about individual Apple users at request of CCP, or helping CCP representatives hack into Apple devices = collaborating to shut down activism.
If you have any evidence of anything along the lines of (2), I’m all ears (as I’m sure is any tech journalist worth their salt).
> Are you seriously saying I should pack my bags and leave the Apple ecosystem forever and no longer write software for the Mac or write blog posts about it?
I’ll level with you here. I’m not a professional Apple developer making a living from selling my software to end-users, but I dabble, and I am very deep in Apple’s hardware and software, preferring them to any other alternative in the market. It would be an extreme lifestyle change, but if I had reasons to believe that Apple had indeed collaborated with CCP to shut down activism, due to my personal views I would have to exit Apple’s ecosystem and start hacking on a PinePhone or something.
That said, if a country like China doesn’t want its citizens’ data encryption keys to live on servers in a country like the USA, I don’t believe that’s outrageous; if you’re an activist, you’ll be aware of that and make arrangements. There’s a line, but this does not cross that line as far as I’m concerned.
That totally breaks my use case for Little Snitch: working tethered. When I tether my laptop it thinks it has free reign with the bandwidth and all of the little background processes can kill my data in a few minutes. With a firewall, I can grant access to only the processes that I need to get my work done.
Now, I guess I have to run some external firewall between my laptop and my phone. ... or better yet, abandon Apple.
For what it's worth, my hacky solution to this is this script which kills all the background processes that use significant bandwidth. If you're interested in how I came up with the list of processes, I can share the BitBar [1] script I wrote for monitoring per-process network usage (I wrote a small wrapper around nettop that logs to a db, which is read periodically by my BitBar script to show me the per-process usage:
(ps if having an easily installable version of this would be helpful to anyone reading this, please comment or upvote this and maybe I'll prioritize it :) )
I use Trip Mode for that (https://tripmode.ch/). Though, it's not unlikely it'll have the same issues described in the OP, it does seem to block Apple stuff on Mojave.
I had replied to parent as well, but then saw your note. So I deleted, and pasting my agreement here:
> free reign with the bandwidth and all of the little background processes can kill my data in a few minutes
New: TripMode 3, made for macOS 11 Big Sur. Easily control your Mac's data usage on slow or expensive networks.
Drastically optimize your Mac’s data usage by automatically blocking unwanted background updates. Keep control with the new live monitor and data usage reports. Reveal domains where your apps send your data to. Now with a redesigned, easier than ever UI.
Last year Apple introduced 2 flags on the network: “constrained” (the Low Data Mode toggle) and “expensive” (most cellular and personal hotspots). These are intended to let the app make intelligent decisions about what network requests to do. For example, “expensive” networks should disable background or speculative fetches and only fetch what the user asked for.
Presumably Apple apps that bypass the network filter are making use of these flags already, to avoid unnecessary network traffic.
Is there no chance for little snitch to block app store? I just have a demo ver of little snitch and will buy it for blocking all apple service. I always connect the internet through my phone outdoors. The bandwidth is limiting...
If Microsoft did this in windows, or Google did this in chrome, would we see so much defense of this strategy? Or could it be those rose coloured glasses that HN tends to view Apple through.
Or more like "users are literally brain dead and cannot be trusted to change the channels on their TV" coloured glasses. If you only trust your users to watch TV, then get into TVs instead of computers.
We don't fault the maker of a drill when a careless user drills a hole in their hand. We fault the user for being careless. At what point do we start doing the same for computers? The advantage of physical power-tools is that their mechanism of operation is readily apparent, open, understandable, predictable. If Apple really cares about their users, they should start investing in making software open, understandable, predictable. This is a much harder problem, and probably less profitable, than just building another TV, but I'd rather live in that world than this one. I don't need another TV.
Btw, when I've been testing a "kill switch" on Windows (firewall configuration that doesn't allow internet access without a VPN running) using the built-in firewall, I discovered that
- Chrome adds a Firewall rule on installation that grants it access to all networks, bypassing kill switch configurations.
- Microsoft has an "Allow app through Firewall" [1] dialog that manages all of the rules for its apps and services along with some third-party apps. These rules again tend to allow everything, and at least on earlier builds from like 2018 they would reset to allow everything on _every_ update.
I wonder if it would make sense for Little Snitch to continue supporting their kext-based solution in parallel to the new one, possibly only for users who are willing to disable SIP.
You might argue that disabling SIP for a security product defeats the point, but I'm not sure if that's necessarily true. SIP effectively delegates trust away from the user and towards Apple, which is fine as a default—but the calculus may be different for experienced users, like the ones who use Little Snitch.
Kexts are used by Apple internally, so I'd be shocked if they were removed from the OS completely. Third party kexts may be deprecated, but as long as SIP can be disabled it will always be possible to load your own.
It’s my understanding (and I imagine yours is better than mine) that at least at present, the macOS kernel is open source, which would mean that unless they forked it, disabling firmware security and SIP would mean that you could replace it with a compatible one compiled from open sources that skips such a check.
They can, of course, remove that option a number of ways: closed source kernel, disable the disablement of boot security (such as on iOS), et c.
XNU is open source and I have personally used custom kernels, but if it got to that point I definitely don't think it would be worthwhile for Little Snitch to maintain their kernel extension.
I truly don't think it would get to that point though. And even if it does, that day could be years away. We're talking about maintaining an existing product, not starting a new one from scratch.
IMO, the more pertinent question is whether it's worth asking customers to disable SIP. Up until now, commercial Mac software—even software targeting advanced users—has seemingly wanted to avoid that at all costs, whether it's Flavours discontinuing their theming software or nVidia discontinuing their web drivers†.
---
† Note that I'm continually suspicious we don't have the whole story here, but the commonly-cited narrative is that Apple won't sign nVidia's drivers.
The kernel is open source, but compiling it is non-trivial (over the years there's been a couple of hardcore people from the Hackintosh or jailbreaking community who do it, and sometimes Apple engineers write guides from time to time). But if they really wanted to stop this kind of thing they could go the iOS route and make it impossible to load that kernel.
Background: I've written my own kernel extension that works in similar manner to Little Snitch, but does a lot more, including SSL MITM and on-demand packet capture, that I've been using for more than 10 years now.
It's a fact that Apple has continuously moved to lock down macOS in ways that are antithetical to folks that want full control over their operating system. To many of us that moved on from Linux on the desktop, the combination of a stable/uniform/attractive desktop environment with a Unix core that had great developer documentation -no longer the case!- and nicely-designed APIs was too much to resist. Unfortunately, the push towards consumers and Apple's increasingly one-sided my-way-or-the-highway approach (fueled by security concerns that to me are completely irrelevant, if not a huge annoyance and waste of time) means that a lot of us oldschool Unix hackers were left out in the cold.
I don't plan to upgrade past Mojave and at some point in the future I will move back to Linux.
Linux on the desktop and Linux on the laptop (heh) has definitely improved. It _sometimes_ needs a little tweaking to get it right, but KDE/Plasma also happens to offer that level of "tweakability" that should satisfy almost all semi-mainstream users (at least anyone coming from Windows or Mac).
Compared to my first Linux laptop (a Sony Vaio circa 2000), my current XPS 13 works as well as any Mac laptop I have ever owned, and all the hardware that you would "expect" to work (but probably didn't work as smoothly 10 or 20 years ago) Just Works (WiFi, external displays, excellent battery life/sleep, etc...)
Based on the complaints I have heard about Apple hardware and MacOS over the past few years, I'd even argue that Linux-on-the-desktop isn't any less stable or harder to get working than a Mac.
I try the major DEs every few years to see if they fit me, most recently trying the newest KDE and GNOME versions in a VM about a month ago. Both have improved for sure, but they still have a long way to go… GNOME actually came closest but its customizability level is even lower than that of macOS, even factoring in extensions.
Both suffer from a laundry list of minor annoyances that snowball into something that's hard to ignore, and in KDE's case the UX design they employ just doesn't jive with me at all.
It's all enough that I end up coming back to macOS because despite its problems, it fits me in ways that nothing else even comes close to touching. Sometimes it feels like there will never be a macOS alternative that has what it takes for me to switch without feeling a major sense of loss.
> Both suffer from a laundry list of minor annoyances that snowball into something that's hard to ignore
This sounds just like your familiarity. I could have used the exact same sentence to describe how I feel using macOS for work after being used to Linux (GNOME) for 8 years.
When you use something for a while you learn to avoid all the bugs and the UX starts to feel natural. Any switch will end up in you running into new bugs and finding the UX odd, no matter if it is to or from macOS, Windows, GNOME, KDE or otherwise.
I would say that I run into 10x more bugs on macOS than GNOME. But that probably isn't because there are 10x more bugs. There is likely a comparable number on GNOME but I have learned to subconsciously avoid most of them.
Same experience. I tried, but Linux just isn’t ready to be used as a general OS right now.
I’ve dug through message boards and bug reports, and a lot of the features that MacOS has will never be implemented. I’m taking about features released 13+ years ago on OS X 10.4.
Agreed. I've used Linux full time on the desktop, laptop, and on the server for over 10 years now and I have a better experience there than mac (which I had to use on my work machine for 6 months due to employer only allowing macs).
Of course everything is not perfect, but that wasn't true in mac either. I had to hack and shim so many things to get my system to behave the way I wanted to. There were also horrible bugs like where plugging in an external (Apple branded) monitor would cause the laptop screen to go black forever until I held down the power button.
I'd be interested in the features that you were missing as well.
I just bought parts for a desktop that's literally 4x cheaper than a similarly specced Mac Pro with the usual caveats (Ryzen instead of Xeon, non ECC, etc.) It will have to be pretty rough for me to consider investing anything beyond a Mac Mini so I can have access to Xcode once my MBP dies.
In my experience it's mostly "convenience" / "nice to haves" related to "modern things" such as entertainment. Of course, this excludes any specialty software you may need that may be unavailable for Linux, but I suppose that's not your case since you're considering this.
For example changing from a low-resolution (non-hidpi) screen to a hidpi one doesn't work that great. You want to watch netflix or prime video in FHD? Not going to happen (although, admittedly, that's not linux's fault but a DRM-related decision).
I've noticed that, as usual, all this is highly dependent on what one does with the computer. If it's a laptop often used with a high resolution external screen and for on-line media consumption, the experience can be less than ideal. If it's a working computer used in fixed conditions, the experience can be outright great. My "work" computer is a desktop linux with a UHD screen and I absolutely love working on it. But for random hanging around on the internet, watching a movie or whatever, I'll grab my macbook.
A big one I will sorely miss as I transition to Linux (and it's the only one I can think of right now), is the ability to rename and move around files while they are open!
OK here's another, very related: the ability to have apps remember their open files when you quit and re-open them.
These are significant productivity boosters, and I will miss them. It's definitely a trade-off, but now Apple has tipped the scales too much in favour of Linux...for me.
I have, in fact I had it installed directly on one of my towers a few months ago to make sure that no weird VM shenanigans were futzing things up.
It was one of the smoother GNOME distros, and its installer was far more competent than Ubuntu's (mainly, it didn't screw with the boot partitions of every drive in the system like Ubuntu's installer did). Ultimately though, GNOME itself is flawed in its approach to a few things.
Apologies, it's deeper than it seems at first glance. If I were to elaborate, the resulting writeup would be better suited for a blogpost than an HN comment.
Just wanted to add another compliment for KDE (specifically Plasma). I've been using KDE Neon as my daily driver for a few months now and it's amazing. Connects to my android device to share notifications and clipboard content, is heavily customizable and themeable, the whole OS feels very snappy and uniform in terms of UI/UX, and installing alongside Win10 and macOS in a hackintosh setup with full LUKS disk encryption was a snap through the installer GUI. Absolute 10 out of 10.
Same! I purchased a Razer Blade Stealth 13 and put Linux Mint on it end of 2019. I have been really pleased with the entire thing. I don't do anything crazy (web browsing, simple budget spreadsheets, watching videos, viewing family photos) and it works perfectly. I was an avid mac user for many years because of bash/BSD but the march toward locked-down hardware and software really pushed me away. The only thing I miss are the glass trackpads and the fantastic gesture support.
How is desktop search? Spotlight (mac desktop search) is a killer feature for me -- fast, reliable, smooth, all straight out of the box. Meanwhile, I've wasted many hours trying to get desktop search up to the same standard on Windows and Linux. That was years ago (for linux, at least), hopefully things have improved. How is linux desktop search doing today?
I've become a huge fan of Linux Mint. It looks amazing and unlike before now there are no driver related issues (the thing that kept me from using it all this time).
The only thing I miss is Photoshop but I really can't think of a single reason besides that to not use Linux anymore.
Require the user to authenticate, then provide full control? Yes this provides a vulnerability pathway, but it's not like Apple software updates don't already provide this type of access.
> I've written my own kernel extension that works in similar manner to Little Snitch, but does a lot more, including SSL MITM and on-demand packet capture, that I've been using for more than 10 years now.
I'd be interested to read more about this, and maybe even use your kext. I'm currently MITM'ing all of my SSL traffic[1] for a different, esoteric reason: I insist on using a 7-year-old version of macOS, and it doesn't natively support modern SSL ciphers, so I have to add it in with an mitm proxy.
I've run into a handful of issues with various software that I've had to work through as they arise, but if you've been doing this for ten years you've probably seen it all already.
hahaha. I also don’t plan to upgrade past Mojave. To me Catalina was a trainwreck and at this point I think I’m loosing a lot of trust I used to put in Apple.
this is compounded by the fact that I love Little Snitch and it has basically exponentially improved my life when it comes not only to browsing the web but when using any app on mac.
I tried catalina and... why? why did they dumb down mail? This is like the beige apple box era all over again. lame decision after lame decision and everything turns to mud.
The linux desktop experience is still quite in a state. I will likely do the same and suffer Linux, but I think many will go back to windows as WSL continues to improve.
I'll second this sentiment.. After setting up WSL2 I figured I would move between my iMac and my Windows machine, and I honestly haven't touched my iMac in forever for any dev work.
I'll miss some apps like Omnigraffle (not looking for alternate suggestions thanks), but I can live with that if it means using an OS that respects me enough to let me control it the way I want.
I switched back to linux two years ago for exactly the same reason.
It was painful at first, but it's worth it. The only things I still miss are the visual feedback in the UI (lots of little stuff) and the feel of the trackpad.
But the customizability has more than made up for that in productivity. Like being able to edit the source code for the window manager.
A great example of why you need defense in depth. Ideally you'd be running the local firewall on your box, as well as an external firewall.
That being said, this is not ok behavior on Apple's part. There shouldn't be a way for traffic to go around the firewall like this, even if it is just Apple apps.
Because as Apple well knows, once you make a backdoor, someone will figure out a way to exploit it.
> Because as Apple well knows, once you make a backdoor, someone will figure out a way to exploit it.
I can't help but see this as the real reasoning behind the change. With EARN-IT on on the table and antitrust cases looming, they've got every reason to bend over and give governments whatever access they can.
Of course not, which is why this still isn't very cool. If you're super paranoid you can always carry around a small router or a pi to attach to the wifi and be your external router though.
Chrome exempts Google properties from rules? Unacceptable!
macOS exempts Apple apps from rules? Protecting users!
Seriously, it's my machine. I should have top permissions on it, not Apple. If I chose to run an app that intercepts traffic, I want it to intercept _all_ traffic. What's next, making it impossible to hook a debugger to Apple services? Or did they already do that?
As much as I love Mac & iPhone UX, stuff like this will keep me off them and keep me from recommending them to anyone either.
Everyone seems to assume this is true, but are people also confirming this? I installed LittleSnitch recently on Big Sur and I’m constantly getting pop up’s for all of Apple’s internal daemons etc. While I haven’t tried the App Store specifically, I’m wondering if the person didn’t understand how things were configured and was allowing certain traffic thru. I can’t imagine there’s really some big conspiracy here.
The tweeter is Patrick Wardle, security researcher and creator of Objective-See[1] which publishes several macOS security apps, including the LuLu firewall. Given Patrick’s track record, it’s generally safe to assume due diligence was given to the claim and that lack of understanding about configuration doesn’t apply.
As to your specific case, the tweet does mention “many of” Apple’s apps are affected (i.e. not all, not even necessarily the majority).
Confirmed. Someone also found the strings in the network stack, which are tested against the app's bundle identifier to provide these wholes. It's ridiculous.
But has it added pop-up per-app (and then per domain/port/ip) block/allow functionality in the Linux DE GUI yet? Thanks to your whole team for the awesome work.
This is a big breach of trust in terms of Apple always being on the side of user privacy.
If someone knows enough to install these firewall apps, then they know enough to figure out what they want to enable/disable even for Apple applications.
If Apple thinks certain rules cause issues, they certainly could work with the developer of these apps to educate users of adverse effects when certain things cause unintended issues for the user. The decision should still lie with the user. Bypassing firewalls by privileging some traffic is not okay.
Looks like for now, the only real option is an external device you always connect through running pfsense or another firewall, which is not too big a deal for use on a home network, but requires carrying around another device when on other networks.
I would love if there would be a small appliance based on a raspberry pi zero or something of similar size, that could be controlled/configured from an app on your phone. This device would be powered through a usb cable (no data) from your laptop, and act as a WiFi hotstpot that you can use to route all your traffic via the VPN or network of your choice. Even if your laptop would be infected by malware or a rootkit, it would be impossible to avoid the little physical VPN/firewall.
>If someone knows enough to install these firewall apps
Your statement implies that it's difficult to install these apps. Installing Little Snitch is no different than installing any other macOS app. Also, this isn't specifically against Little Snitch, it's about any app that could potentially compromise a user's network traffic. Little Snitch is obviously a desired use of these features but how do you then differentiate it from the undesired uses?
Apple is not going in a great direction for more technical people. Started looking a Linux desktops and r/unixporn . Maybe time to switch, when my Macbook is up for replacement.
This might mean running firewalls on the local networks which block outgoing traffic to Apple. And possibly keeping Apple devices vpned to such a network.
I was looking forward to new Apple devices, but feel uncertain about the "trust Apple but no one else" approach.
Concerns:
1) Apple devices have been configurable to be respectful if not invisible in corporate or client windows networks.
You could use a Mac with a firewall in windows environments without being worried about setting off something on the network for unusual traffic. Especially for environments that don't support some but don't stop it either.
2) Corporate Windows networks can control the monitoring of telemetry and metadata to a higher degree than Apple now seems to. It could be a new gap in Apple when compared to others.
If the above are true, it's not clear if Apple sees few Mac users in any corporate environment as an opportunity to grow, it's only accelerating the consideration of other operating systems.
Apple also appears to be signaling that devices do not belong to the customer. The idea of we will protect your data, but trust your data to our policies, which we can change seems confusing. I'm considering the new iPhone for security, but this workaround seems like an affront to it.
This is upsetting. I currently use macOS with iCloud, FaceTime, iMessage, and App Store all disabled, and use Little Snitch to prevent the machine from communicating with Apple except for on update days, and then limited only to those specific update processes.
It’s possible that this will mean that the next macOS version will be unsuitable on privacy grounds, as I will then have to use a second physical device to prevent such network access. :(
Maybe if you block it randomly renders your OS inoperable and you won’t know why. Example iCloud login, could be a few obscure network calls. You would then call Apple and ask wtf if you are some noob blocking everything. This isn’t old days where there could be zero dependence on the net for critical function.
This is one of the key purposes of the Apple Store. The Genius Bar would help you test on a clean account or do a full wipe — although, Little Snitch is well-known enough that I'd expect an Apple Store employee to recognize it pretty quickly.
I suppose it's theoretically possible they're trying to drive down support costs. But, geez, that would make me much more scared about the direction Apple is taking than anything else.
Really though, Little Snitch is quite explicit about what it does. It's also $40, and it's marketed to a pretty technical audience.
Not a pi-hole user, but what is the plan for pi-hole once encrypted dns is everywhere? Will it just be dead? I can’t really think of a way for it not to be.
The pi-hole software turns the Raspberry Pi into a DNS server, so you can point your own DNS server (i.e. the raspberry pi) at the DNS provider of your choosing so that it can resolve uncached queries.
I don't think encryption matters because you control the sender (your PC), the first hop (the pi-hole), and the next resolution destination (Cloudflare/Quad9/Google/OpenDNS/etc.).
He is referring to the fact that apps will start ignoring local network DNS config and directly talk to their own hard coded DNS IPs.
I'm guessing the solution to that is to firewall various DNS IPs to force the app to use your local DNS. I could forsee apps going to random IPs for DNS and making it look like https, which will be hard to deal with.
> I could forsee apps going to random IPs for DNS and making it look like https, which will be hard to deal with.
DoH isn't really going to look like https, the requests and responses are going to be too small.
If you're serious about it, you don't allow any random IP connections, only allow connections to IPs that were received by DNS, and only return proxy addresses that you NAT to the real thing. It's more work, but it's still trivial.
First, I created my own recursive resolver in the cloud using 'unbound'. You can do this quickly and easily with an EC2 instance or whatever (mine is a FreeBSD jail on my own server).
Second, I got a paid nextdns.io account and enabled the basic blocklists which are, essentially, the same as ublock origin would have locally.
Third, I set my recursive resolver to use the nextdns.io endpoint as its upstream source of DNS.
Finally, I set all of my networks to assign my personal DNS server (and no others) for all DHCP requests and I hardcoded it into my own machines.
So now I control my own dns, globally, and my upstream source of name resolution is "sanitized". Theoretically, I could just remove ublock origin from my browsers now ...
DoT isn't a big problem for a pihole, but it doesn't look like things are going that way. DoH can only be blocked by a mitm proxy. You would have to take a pretty serious security hit to do something like that with a pihole.
My understanding is the concern would be that closed source applications would use a hardcoded DoH resolver and pinned certs to bypass any unwanted blocks of ads/telemetry which could only be resolved with decompilation and patching with varying degrees of difficulty.
> My understanding is the concern would be that closed source applications would use a hardcoded DoH resolver and pinned certs to bypass any unwanted blocks of ads/telemetry which could only be resolved with decompilation and patching with varying degrees of difficulty.
IIRC, the vision with DoH is that eventually even browsers would do DNS as part of a bunch of pipelined HTTP requests. So you call up https://www.example.com/page.html and www.example.com resolves img.example.com for you since it's used on the page. The downside is www.example.com could also resolve tracker.adnetwork.com for you, too.
IIRC, DoH is there to defeat MITM attacks, but stuff like Pi-Hole is basically a MITM attack, so it's kinda collateral damage.
I bet network-level ad-blocking will eventually have to evolve into literal firewall rules on the gateway.
Sure, but if you're worried about them using a specific DNS, aren't you already worried about them not using DNS; resolving `phonehome.evil.co` once per release and shipping the baked-in IP? Stops working if it can't reach that IP, 'xx needs to update', gets new IP?
Whitelisting would make it much more difficult for wildcat DoH. On the gripping hand, whitelisting is extremely annoying and tends to block more work-related-and-useful than software that is actually malicious.
But DoH is just any other HTTP request. This is the downside of networks blocking everything except 80/443 outbound and browsers not supporting SRV records.
I think you're misremembering. This is the most official documentation of the rollout plan for DoH that I can quickly ddg: https://www.chromium.org/developers/dns-over-https - in a gist: If the systems resolver is known to support DoH, the DNS query will get upgraded to DoH. That means chrome will still be using the configured systems resolver, but the connection will be encrypted.
I think you're remembering what firefox is rolling out: Firefox will by default, if DoH is enabled for your country by default use a specific provider that subjects to additional privacy controls. However, firefox respects network level settings (for example a specific canary domain that should resolve) and will disable DoH, even if the default is enabled - unless again, the user has overwritten that in a setting. That means that the network owner is still in full control of the network-wide default and PiHole supports this approach. So a stock firefox in a network that uses pi-hole will not use DoH.
I've been using network-level ad blocking with software like Pi Hole for a while now.
According to the stats, about a year ago, I used to block around ~40% of traffic via DNS. Recently, it's only about ~10% of traffic that gets blocked.
Despite disabling application-level DoH in favor of network-level DoH on every device and app I could, I suspect streaming devices and various Android apps are using DoH at the application-level and are bypassing my DNS entirely.
I don't see how pi-hole get affected by DNS via https, unless you are leaving out the part about computers, tablets, and phones using hard-coded DNS servers that use DNS via https. This is a trend, but a very small one right now.
DNSSEC does not do encryption: DNSSEC is about data origin authentication. Encrypted DNS is DoT or DoH, DNS-over-TLS or DNS-over-HTTPS (and maybe in the future DoQ, DNS-over-QUIC)
I trust Apple a lot more than I trust Google or Facebook, but this clamping down of the Mac without options for power users while officially stating that the Mac will remain a Mac is alarming and distasteful on the part of Apple.
With the transition to Apple’s own chips looming, it seems like the days of “a Mac is a personal computer and not an app console like an iPhone or iPad” will be over by the middle of this decade. All Apple devices locked down completely and Apple decides the limits of what users can do on devices. This model made some sense for mobile (where restrictions were gradually removed or workarounds provided), but the Mac is going in reverse.
People keep saying "I trust company X a lot more than I trust company Y" but is "trust" really something that applies to companies at all? Feels weird to humanize companies in that way. If you trust a company, isn't it really that you trust the humans working at that company? So you should really say "I trust person X who happens to work at X today", as as soon as they leave, the trust went with them.
Companies are not people and cannot be trusted to act in any interest but profits. Any trust you feel towards a company is towards humans in the company, but let's not anthropomorphise companies (yet, until we have better AI at least).
You make a valid point, but it’s also worth considering how the stakeholders’ interests align with your own. Apple is in the premium hardware and value added services business, so its interests are aligned with mine with regards to privacy and producing a quality product. On the other hand, Facebook is in the ad business, so its interests are not aligned with mine on a variety of points.
Think of companies more like nation states than people and it will make more sense.
The organization is still molded heavily by those in power, but it is what the organization “stands for” that you must put your trust in.
For example, the United States is a republic and stands for “freedom and justice for all.”
As we have seen, different people in leadership will interpret these foundational ideas differently and will take actions accordingly.
It’s worth asking again what Apple stands for.
The company has made privacy and thus security core values. However, above that is a goal to make _the best_ products of any company, which as Jobs put it is a matter of “taste.”
So the sentiment of feeling as though Apple’s networking software and developer api choices deviate from your taste has to be measured against one’s support of these other values, and whether one believes Apple’s leadership succession will be measured and protected from weakness.
Not necessarily, you might trust the intangibles that are part of the company, like how do they do business or what kind of internal policies they have in place.
Think how (knowledgeable) people “trust in science”, they don’t trust the humans, they trust the method.
>but is "trust" really something that applies to companies at all?
Of course, It's called branding. Promises that aren't kept are still promises that aren't kept, and Apple was traditionally known for going beyond expectations, it's the core of their brand.
Some companies are more B2B business and developer friendly, like MS and FB, and others like Apple and Amazon are the opposite, they're first and foremost about B2C and mainstream customers.
Apple is less B2B focused than before because of the iPhone.
They don't have to attract devs by giving them the best tools, they can attract them because of their market share among solvent customers on mobile alone.
All of these companies are equally subject to the spying mandates of the US military intelligence community, an organization that no one should trust due to many decades of history operating entirely outside of the law.
Trust Apple, fine. But don’t trust the CIA, which gets access to the whole of Apple’s data, taken by threat of force under spying programs.
Apple's authoritarian control-freak mentality has been around since the original Macintosh of the 80s. It was only a coincidence that moving to x86 opened up some freedom. Now it's just moving in the same direction Apple always was.
I'm not entirely sure what's leading you to this conclusion. The original Macintosh had no privileges system and let apps write to random bits of memory. It was quite problematic for multitasking, in fact.
The original Macintosh had no privileges system and let apps write to random bits of memory
Neither did the PCs of the time, but the difference becomes obvious when you actually try to write an app: PC magazines were filled with BASIC and Asm listings (to be entered with DEBUG), both of which could be immediately used on an IBM PC with DOS, whereas to even start creating --- or for that matter, modifying --- software for the Macintosh was pretty much a non-starter for everyone who didn't want to actually invest plenty of $$$ in it.
Documentation on the system details is barely available (there's Inside Macintosh, but that pales in comparison to the IBM PC Technical Reference series --- the latter including full BIOS source code and schematics, even for the monitor and hard drive), and of course the PC was far more expandable. Apple wanted the whole stack locked down from the beginning.
Looks like one of the answers in the Twitter thread mentions that this might be cached content. Is this confirmed that the network call is actually being made (by router for example?). Cause later down the line it seems that pf blocks the calls just fine.
Hasn't this always been a bit of an issue? Apps with root privileges have been able to get around Little Snitch for as long as I can recall. Some software relies specifically on that ability.
Not OP but one example is bridged networking. I discovered this while trying Parallels Lite from the App Store. I was used to being prompted for every connection attempt VirtualBox was making but I was not getting any when using Parallels. I contacted Little Snitch's support and they acknowledged the issue but said that there's not much they can do because Little Snitch works on "application level" and Parallels uses bridged mode of networking that Little Snitch is unable to intercept. Note that the Lite version of Parallels doesn't require any kernel extensions (even on older macOS releases).
If an application is running as root, you are similarly able to use the lower level APIs and completely "bypass" Little Snitch. I cannot find a good alternative source for this other than the Security and Privacy Guide [0]:
It is worth noting that these firewalls can be bypassed by programs running as root or through OS vulnerabilities (pdf), but they are still worth having - just don't expect absolute protection.
Off the top of my head, I think it was Photoshop or something else along those lines (it's been a few years). It installed itself a little helper tool that ran as root which could talk to the licensing servers without tripping Little Snitch.
I don't run Little Snitch any more, so it may no longer work that way. Some software (games seem to be an egregiously bad offender) insists on communicating with seemlingly random IP addresses and not using DNS to resolve them, and it's hard to run any kind of filtering software or parental controls such as Screen Time successfully. I make do with outbound filtering at my router.
I definitely needed to let Photoshop CS6 through Little Snitch to activate a few years ago. (but frankjr also brought up a situation that I wasn't aware of.)
Does anyone know how this actually works, technically?
Are these apps using some kind of special API? (If yes, what's to stop other people's apps using that API?)
Is it because they are signed with some kind of special entitlement?
Is it due to some combination of both? (Maybe you have to use some magic API, but you need to be signed with some magic entitlement to be allowed to use it?)
In the off chance anyone here is able to answer ... does anyone know how to trace the originating app when Little Snitch detects an outgoing connection from netbiosd? I believe that happens when an app tries to access an smb mount. Some app on my computer is constantly doing that to an AWS-hosted mount, but I can't figure out what.
Apple has been more and more acting on the belief that when you buy one of their devices, you don't buy and own the device. You rather purchase an experience—a service—from Apple. They don't have to let you run your own software on your device or poke around the internals. That is not part of the experience offered. You should use the device as Apple intends it to be used.
i think this is a bug. for instance iCloud photos syncing network traffic, (belongig to nsurlsessiond) doesnt show up in the BigSur native Activity Monitor, but for some reason still gets shown in my Stats app.
Both major consumer OS vendors seem hell-bent on bringing the OS layer under their complete control. As a power user, it's very frustrating. Meanwhile "desktop" Linux still kind of sucks, just like it did 10 years ago. I don't have much hope of seeing a compelling, unified UX out of Linux in my lifetime.
I'm kind of glad Linux doesn't have a "unified UX". I mean, the MacOS of 15+ years ago iron-fisted it, and it was right most of the time, but glaringly not in a few cases (simple examples, the ability to reshape a window by any corner or edge was conspicuously absent on Mac for a long time, as was the right mouse button).
Best to let a bunch of free ideas duke it out.
Currently using Ubuntu 20.10 beta (releases in 2 days!) on ZFS on root, and got all my dev and games working, so I'm pretty happy with it thus far. The ability to roll back to any point at which an apt install was made or attempted via zsys' integration with ZFS snapshots is nice. And ZFS is just... as glorious as an enterprise-class filesystem, basically. And all "for free".
Consistent UI compounds. If every app picked its own keyboard shortcuts and "duked it out", we would lose the thing that makes keyboard shortcuts useful.
Desktop linux still kind of sucks because there aren't enough people writing desktop linux software which does not suck and not enough people paying for that.
Also there are enough people in linux community who still hate/disapprove all the integration efforts (e.g. systemd). And the thing linux sucks the most is integration.
> Also there are enough people in linux community who still hate/disapprove all the integration efforts (e.g. systemd).
This is a fair point, and I'm guilty of complaining about systemd myself. Having said that, I haven't seen any improvements in the Linux UI experience that could be explained by "systemd fixed that". Maybe network management??
There are A LOT of improvements (e.g. session management, dynamically spawned services, networking, bluetooth, thunderbolt) which were made possible by systemd, udev and dbus.
I'm not saying that UI/UX is good. It sucks. It does not improve that much over time. Also Canonical made things worse by rolling out snapd which is unreliable and hard to setup non-ubuntu distros (e.g. it tends to drop its state on Gentoo)
The biggest thing is probably systemd user services and session management with logind. Having your entire user session under a process supervisor that can anything can hook into is good for stability since your "desktop" now has a much more control of what's actually running. They days of logout just failing because your compositor can't kill all the things are pretty much gone. Logind is far far from perfect but it's a breath of fresh air compared to ConsoleKit and it unifies the concept of a session so that GUI/VNC/SSH are all the same kind of thing.
What is it about Adobe software that makes it only work on Windows or macOS? Both of their graphics engines are totally different, so what makes it so difficult for Linux compatibility? It's the only software package that keeps me beholden to Apple (I'll never run Windows of my own decision).
I'm in the same boat, just more from a Photography standpoint.
Oldest Mac I own is a 2012 MBP and I really do not see any appeal in any of the newer machines. I built myself fairly high end Mini ITX Windows machine for a fraction of what a comparable Mac would cost. Only downside is having a somewhat bigger PC on my desk.
For video editing I was very surprised at how quickly I picked up / understood the Free version of Davinci Resolve after looking for a Final Cut replacement for my gaming PC.
The one thing the newer machines have are better discrete GPUs. Everything now will use the GPU from web browsing to full on video/photo editing and color correction. Your 2012 GPU might as well be hanging out with Moses its so old in GPU years. The speed difference you'll see in a photo edit standpoint will justify your upgrade. If you are even halfway serious about using Resolve, you cannot put enough GPU power in a box. (I've built Resolve desktop systems with 3 GPUs in a Mac PCIe external chasis. PCs/Linux Resolve systems can have even more GPUs.)
That's why the 2012 MBP is under my desk 99% of the time collecting dust. I use it mostly for command line applications through homebrew these days. Haven't quite figured out a good way/something comparable for windows. Would love to get another Mac, but what I would need is quite pricey. Would love to see a Mac Pro 1/2. And its hard to justify 2 expensive machines when I have what was at the time of building was a pretty high end PC with an Intel i7 3.70 GHz CPU, GTX 2080 GPU, 16 GB Ram, and 2 SSD's. Interestingly enough Lightroom Classic is still slower than molasses on it, apparently because there is so much legacy code in it. I've recently switched to Capture One which is super fast, but now I have to relearn a bit as it functions very differently than LR.
There's an entire guide provided by BMD that tells you exactly what products are compatible with your OS and particular computer. It even comes as included documentation with the installer. You know, those PDFs in the folder with the install app that nobody looks at? After Apple's nixing Nvidia from their platform, you're limited to AMD GPUs for Mac. For PC, have more options. For Linux, you can go absolutely nuts with the amount of GPU since you can utilize some of the GPU appliances rather than PCIe boards.
That's an obvious drive by answer, but I'm asking a forum of developers for an explanation/guess on what it is about Linux that would make Adobe not care about it.
The small user-base. It's a feedback loop; people don't use Linux because a lot of software isn't there, and developers don't port the software to Linux because people don't use Linux.
The reasons that game developers give should be instructive:
- "Linux" is not a unified desktop environment, there are many different configurations and supporting such variety is difficult. The Linux desktop landscape also changes more frequently than most (eg. Pipewire & Pulseaudio, Xorg & Wayland, Snap & Flatpak & AppImage & native distro package managers) which requires more development resources to keep up with.
- But suppose you try to cut costs by supporting only one blessed Linux configuration and constrain your Linux development budget. You still have another cost that you can't avoid: customer support, which is very expensive. It's especially expensive when you get a lot of Linux users who don't know or care that you technically only support one blessed Linux configuration, they'll have some wacko configuration and they'll take the time to complain to your customer support agents about it. Your constrained Linux development budget will only exacerbate your customer support costs as more users run into Linux bugs more often.
- Which isn't worth it because you know that Linux has a small user base. The actual sales bump you get from Linux support isn't worth the cost of maintaining it.
Frankly, I don't think Linux will ever solve the problem of a small user base. No one working on Linux cares enough about the normal-person-UX of its desktop to make it good enough for a majority of people to use, and many current Linux users even oppose measures that would trade off the power & flexibility that they enjoy now for normal-person-UX. This isn't going to change because Linux is largely a volunteer-led project.
Curious, what sort of things make desktop Linux suck in your opinion? I’ve been on Linux for years as my primary machine and haven’t encountered anything that made me switch back.
Can you select a file in the whatever is the Linux desktop equivalent of Finder and hit the spacebar to get a quick look at the file native to the OS?
Can I run the software I need to be able to make a living?
Can I run multiple HiDPI displays that I can connect/disconnect as needed without causing issues?
I honestly don't know if these are or are not available features. The first question is a muscle memory thing for me and makes me thing Windows Explorer is broken. I know the second question is not possible, so after that it's full stop. Question 3 is something I anecdotally know that has been an issue in the past, but would be problem for me if it is not possible.
> Can you select a file in the whatever is the Linux desktop equivalent of Finder and hit the spacebar to get a quick look at the file native to the OS?
Yes, I use pcmanfm on Linux and the spacebar will open the file in the default program.
> Can I run the software I need to be able to make a living?
Depends on what you do. If it's mostly design work and you require Adobe products then Linux is not a good choice. For software development then Linux is great.
> Can I run multiple HiDPI displays that I can connect/disconnect as needed without causing issues?
I never encountered problems connecting external monitors but also haven't tried connecting to an Apple monitor and makes me think drivers are probably non-existing for that.
>Yes, I use pcmanfm on Linux and the spacebar will open the file in the default program.
That's not what QuickLook does. It allows the user to get a "quick look" at a file without launching a default application. Also, in macOS you get access to QuickLook from inside any application's Open dialog. That's a huge time saver when you have similar files and just need to see which one before doing a full open. Think large image files that you want to place in a layout.
Thumbnails might work for a folder of images. However, QuickLook will also allow you to preview a video, Word Doc, PDF, spreadsheet, and text files including source code. It's honestly my favorite feature of the OS.
Trying to attach a file to an email, but not sure it's the right one? QuickLook allows you to view the document in the Open dialog. Once you use it, it is something you will just accept as natural and only notice it not being available on other OSes.
Linux Mint Cinnamon has this feature, with package `nemo-preview`. It even plays back actual video when spacebar'ing on an MKV file, something I can't do in macOS!
So what if that is their reasoning? Freedom also means the freedom to make mistakes. We don't set a standard of "absolute safety" in many other (arguably more important) areas of our lives, so why do it here?
The fact that you can still disable SIP is a good point and I hope that's always possible. The direction Apple is going thought suggests that an iPad-like experience is the eventual goal.
It needs more people willing to pay software developers, UX designers and testers to improve the Linux desktop, starting with the kernel, graphics drivers, ending in consistent set of apps. This is a (ten) billion dollar endeavor.
I appreciate the sentiment, but I'm not a UX designer or expert. And the problem is not that Linux doesn't have enough UI developers, it's that many of them are working on re-inventing the wheel in different, competing ways. Linux needs a dictatorial BDFL for UI - a Linus Torvalds for the desktop - an idea somewhat antithetical to the distributed nature of open source development.
It doesn't help that organizations that could be leading the charge keep changing direction. Ubuntu went Gnome -> Unity -> Gnome in the span of 15 years or so. And now they're going in hard on Snaps, which introduces breaks in UI uniformity again (Gnome Themes, for example[1]).
Yes it does. All in line with "Computing as a service" rather than "Computing as a product". We're now a guest inside our computers rather than the owner.
Big entities probably make up 99% of the firewall market today, and for those who currently want firewalls, it makes far more sense to have independent hardware.
The use case for an end user managing their firewall experience with a 3rd-party software-based firewall AND who also wish to monitor Apple traffic is very niche.
For the overwhelming portion of the population, I would be more worried about the MacOS security model. Someone's iPad or iPhone experience can only be screwed up so much and can be reset without losing data. For MacOS the stakes are a lot higher, and users are trained to enter credentials for annoying-to-audit vague permissions.
In my view, MacOS is the biggest security hole in Apple's ecosystem. Doesn't this make you wonder how Apple will handle the health app on MacOS?
Was Apple every privacy focused? I think they mostly try to play the good guys to get on users' sides but actually are pretty much the opposite. They know everything about you.
Why was the FBI even able to get access to that person's phone? Sounds like there was a loophole. Not happening if it were an encrypted Android device with a high-entropy password.
Apple also has vastly different policies in different countries. They do cooperate with government privacy invasions but they don't publish that fact in the US. It's a business decision but they are most definitely profit-focused, not privacy-focused.
>Not happening if it were an encrypted Android device with a high-entropy password.
because you have to balance security with usability. iPhones use its security chip to slow/prevent password guessing. that allows you to use a weak password without losing much security, but if that system is compromised you're back to square one. I'm sure if you used a high entropy password on ios, they wouldn't be able to get access either.
> I'm sure if you used a high entropy password on ios
The problem is you don't get this choice in iOS.
A privacy-respecting company would provide you this option -- Android does. You can have a high-entropy passcode in Android if you wish, and choose to sacrifice usability in the interest of privacy, if that is what you'd like.
Just read the german version of that article, and they way the talk, and the way it is represented does not sound professional at all. It often sounds like a parody, for example calling Apple „Big Brother“ for offering a cloud service.
Its sounds really polemic and takes away some of its credibility, because of weird wording, and leaving out some information here and there so some things sound worse than they are.
"You don't need kernel extensions, we'll provide APIs for you! We won't abuse the power that gives us, promise!"
...and now Apple has altered the deal and we must pray they do not alter it further. Disgusting. Predictable, expected, unsurprising -- but still disgusting.
Tim Cook's Apple Inc is really a nightmare. Sure we have sleek shiny laptops and devices that are amazingly powerful but at what cost? I still haven't found a trackpad as good as MagicTrackpad sadly otherwise I'd ditch the MacBook Pro.
To be fair to Apple though, it's their OS, they can do what they want and we agree every time we update MacOS or iOS. It's crazy to me that we basically only have 3 phone device choices, 2.15 environment choices (OS wise... Linux Desktop is crap, but getting better), and only 2 choices in GPU's, CPU's, etc...
I used to be really tied to the Apple trackpad. After switching to Linux and a keyboard-driven window manager I couldn't care less. I'm not going to say Linux Desktop is perfect, but at this point I'd pick it over everything else.
Jobs' Apple created technologies which have rooted deeply in POSIX standards and standard UNIX* conventions. If you knew UNIX(Linux/BSD/whatever), you can find the same data streams on the same places.
OS was obscure but, predictable. Different but, familiar. It had kernel extensions, logs and devices. Nothing was extremely obfuscated. It was a UNIX device but, shinier.
Now it feels like a glorified iOS box with more transparent walls. You can see some gears but can't touch them. There are only limited interfaces to some of those, which you can touch remotely but, not alter completely.
I wonder what will happen to my EXT drivers from Paragon though.
It's perhaps worth noting that iOS and all of its restrictions were created under Steve Jobs. And Jobs absolutely expected iOS devices to eventually replace full computers for most people; as he put it, everyone needs a car but only a few need a truck.
Where I absolutely agree with you is that under Jobs, there were no attempts to make macOS behave more like a car. Lion did borrow a handful of visual elements from iOS, but it was mostly aesthetic. Jobs was also on medical leave for much of Lion's development cycle, so I wonder if he was less involved.
Indeed. I think for all his faults, Jobs was still himself a "power user". He understood why people wanted to be able to tweak things like this because he wanted to be able to this himself (even if most of the time he used an ipad).
It’s been documented how irate he would get over small details. Those small details are really only seen by someone who is a power user and has a vision for what it _should_ be. Not to make excuses for his behavior but he understood technology and wanted to make it simple for everyone. That drive towards simplicity makes you have to make a choice as to what features are left to the user and what features are managed by the system. Increasingly under Cook it’s been the later.
The argument that most of this started under Jobs is valid. True. But like it was commented he was dealing with an illness and it’s unknown just how much involvement he had. This is obviously just my view of the land and my perspective is my own. YMMV.
I intend this with kindness: normally I don’t nitpick on grammar and punctuation, but you’ve got a repeated error here that’s easily corrected. Generally, you want to break your sentences with commas _before_ usage of “but”: “He wanted to buy a pen, but the store had run out.”
If you’re a native speaker, the comma goes where you’d naturally have a brief pause in speech.
If you’re not a native speaker, it may be helpful to remember that the clause with “but” should be able to be removed & what remains should still be a valid sentence: “He wanted to buy a pen.”, not “He wanted to buy a pen but.”
If you’re a native speaker, the comma goes where you’d naturally have a brief pause in speech.
Some speech styles use pause after "but". You can hear it from news reporters and on tv shows in general, when actors read partial sentences from paper or screen. It is not exclusive to english, and it is a common mistake to use punctuation with respect to own/technical intonations and delays instead of correct ones.
"X but, Y" likely means "X, but... Y" here, i.e. the first pause is much less pronounced than the second.
Hey, thanks for your comment. There are no hard feelings and I really appreciate that. I'm not a native speaker but, I try to write and talk as correctly as possible.
I used to put commas before, however some grammar checking tools like grammarly marked them as wrong, and I changed my ways.
Comma rules are complex in both in my native language and English and a good, definitive guide would be really helpful.
I read this as a poetic choice by GP—it evoked Apple's "Think different" tagline in my mind, although now I'm not actually sure why. I could be wrong though!
Don't worry, your instincts are correct. The only time a comma should follow a conjunction is if there is an interrupting phrase that breaks up the sentence. Example:
"He's a nice guy but, to be honest, he smells like a hippopotamus."
Without taking a position on OPs value judgement, the difference between Steve's Apple and Tim Apple's is that services have come to the fore.
Apple has historically always considered itself a hardware company, and now it is a hardware and services company. Small but concrete examples are the Settings page's "Activate your free trial of AppleTV+ today!" and their constant pitching of Apple Card. This is the thin edge, more than likely, of them moving to a model not of monetizing your hardware but rather capturing your data and selling you on a subscription bundle of services.
This transition is in a way necessitated by their declining revenue growth, so they're looking at new ways of monetizing their existing users.
Would you use a good trackpad that connects via USB or bluetooth? Its a real question because I see a lot of comments about people not leaving the Macbook because of the trackpad even though they dislike the rest of the laptop? Seems like something that could be a product?
For me, two things combine to make it feel super responsive: 1. The latency between you moving your finger(s) and seeing movement on the screen feels imperceptible. 2. There isn't any "lost" movement - if you scribble your finger around really quickly and come back to where you start, the cursor or window scroll position will be back to where it started too.
Spaces, the virtual desktop manager, makes it good. A few years ago, multiple desktops were accessible with a 3-finger swipe left or right. Now, when you make an app full-screen, it creates a new space to contain the app, so multiple full-screen apps are easily accessible.
Linux has a virtual desktop manager, and Windows has some 3rd-party apps that provide multiple desktops. None of those apps seem as tightly integrated and useful as this Mac OS feature.
As we(I) go deeper the "let's try linux" route, thousands more papercuts come to the surface. It's fine for specific use cases (e.g. just focusing on backend dev), it becomes worse for wider use cases.
Yes, at least in my experience over the last two years with Arch running Gnome as the DE.
Wayland's trackpad support is excellent, I can switch from my mac for work to my personal machine without noticing.
Multi monitor support is MILES (I literally cannot emphasize how much better it is) better. Different scaling ratios for different monitors, much better automatic detection and configuration.
There are two remaining problems in my opinion
- Screen sharing is still rather hit or miss. Pipewire is functional for me on latest versions of chromium, but does not work for some electron apps that package older versions (Slack, in this case).
- X-Wayland applications still make you feel the hurt from Xorg. Most times I don't care, but the default builds of chromium and chrome both rely on X-Wayland. There are AUR builds of chromium that have moved to Ozone and have native Wayland support, though (https://aur.archlinux.org/packages/chromium-ozone/)
----
Long story short, Wayland is why my personal machine no longer has windows on it. It's genuinely much better, and I don't spend any time at all dicking around with xorg config files (literally not once have I touched a config file related to monitors or user input devices on my current linux box in the last year. It feels very nice.)
Can confirm that my 2016-era XPS 15 model has the best trackpad I've used on a PC. I did have an issue where after a few years it became almost impossible to physically click (still important for click-and-drag operations), though after investigation it turned out that the dying battery was swelling up from below and interfering with the trackpad. So, full marks on the trackpad, but I hope they've ironed out their battery story.
The talos raptor has a power9 cpu. The Ampere is powered by arm. There is an upcoming risc-v based pc by SiFive
That is at least 3 niche entries in addition to the 2 mainstream choices.
Intel wants really badly to be a 3rd player in the GPU space and its integrated graphics are already good enough if you aren't gaming although I have doubts about their upcoming dedicated GPU.
The Linux desktop space is nicer in the keyboard centric simple environments space or at least ditch gnome and switch to KDE running on an distro that actually stays up to date.
The challenge is not mostly using such an environment its setting it up in the first place.
Try to bypass kexts and you’re just asking for kernel stability issues and Mac customer crashes. Pushing these guys out of the kernel lets Apple cheat them and Mac users clean and easy.
any access? On Windows, you can write a driver that would run in kernel mode, but critical sections can't be modified[1]. I'd imagine there's something similar for mac.
KPP is not considered a security boundary. That means, in Windows security jargon, that it's a feature that helps security. But not something that you or anyone else should consider a fail proof solution, or even something that would result in a patch if breached.
If patching the kernel to intercept network requests is sufficiently hard enough that you're forced to use their "approved" way of intercepting network requests, then it's very easy for them to sneak requests through. Even if patching the kernel wasn't an issue, it still turns into a game of whack a mole because apple can sneak as many changes as they want with each macos release. It heavily favors apple, not the developers of such firewalls.
Even if patching the kernel wasn't an issue, it still turns into a game of whack a mole
Exactly - but the game itself is the problem. Firewall vendors will go hunting through kernel code for jump targets and structs to plug into hidden interfaces, and Apple will remove and change them, causing crashes and instability. Apple has some leverage if they have a program like WHQL, but even then driver writers will commit shenanigans.
Push them out of the kernel altogether and now only Apple can engage in shenanigans and break user trust. Which they already have.
There hasn’t been anything like that on macOS. macOS on Apple Silicon will have a form of kernel patch protection, like on iOS, but it’s designed to guard against exploits from userland, not approved kexts. It’s definitely possible for third party kexts to bypass that somehow, but possibly only by disabling Secure Boot; I haven’t looked into it.
It's worth noting the Apple does release the source code to XNU (albeit on a ~6 month delay), and unlike some of their other source releases, there's actually enough tooling for you to build your own kernel. So while there are still gaps, it is overall more open to review.
Don't bother to look to Microsoft Windows for a solution!
For don't forget MS Windows has a 'dial-home-to-Microsoft' link that's hard coded within Windows itself. It bypasses the hosts file altogether, and if I recall correctly, it's been in Windows since XP.
The only solution stop the 'talk-home' connection would be to find the destination IPs numbers and then key them into your external router for blocking.
Sorry WarOnPrivacy, Windows does bypass 3rd-party firewalls and has done so since at least XP onwards (however, I am uncertain if this was the case with Windows 2000).
Microsoft has programmed into Windows dozens of addresses that 'dial home' to Microsoft's servers. As you will be aware, many of these addresses change with the various versions of Windows. Normal program switches can block some of these addresses whilst others are hidden from normal view, but with a little judicious snooping, we can find most of hidden ones and successfully block them with the hosts file.
However, we cannot block all of them, and this has been the case since Windows XP. From my understanding, which I learned from various security experts around 15 or more years ago at the time when the Microsoft 'exploit' was first discovered, Microsoft hard-coded certain dial-home links for the specific purpose of determining which and how many copies of Windows were pirated. (This seemed to have been the consequence of the widespread pirating of certain corporate copies of Windows 2000.)
Whilst the user many have thought he'd secured every talk-home to Microsoft loophole and was safe, nevertheless MS still knew that his O/S was a pirate version. Unlike other activation links that announced an 'illegal copy' status to the user, these links only advised Microsoft of the fact—if you like, there're part of Microsoft's secret surveillance system. Essentially, Microsoft has deliberately sabotaged the DNS client's hosts table lookup functionality by bypassing it with hard coding.
It seems that in recent years, Microsoft has developed this secret system to an even finer art, as these days it gathers much more information other than whether the O/S has been pirated or not.
With having the handle WarOnPrivacy, I gather you're more than just interested in securing your Windows in the usual ways. If I were you, I'd do what I'm doing here and that's to research the details further and then publicize the fact. As will now be obvious, this is not something that Microsoft wants broadcast to the world.
Below are a few links about the matter with a few comments from some of the sites:
" Hey, guess what I just found out: Microsoft have deliberately sabotaged
their DNS client's hosts table lookup functionality. Normally you can override DNS lookup by specifying a hostname and IP directly in the hosts file, which is searched before any query is issued to your dns server; this technique is often used to block ads, spyware and
phone-homes by aliasing the host to be blocked to 127.0.0.1 in your hosts file."
"All the updates can be removed post-installation – but all ensure the OS reports data to Microsoft even when asked not to, bypassing the hosts file and (hence) third-party privacy tools. This data can include how long you use apps, and which features you use the most, snapshots of memory to investigate crashes, and so on."
None of what you've posted has anything to do with firewalls, 3rd party or otherwise. Similarly, bypassing the Hosts file is strictly a DNS resolution issue and - again - has nothing to do with firewalls.
Please feel free to post info about actual firewalls, info that isn't about DNS/Hosts.
1. Firewalls can monitor existing host settings and take them into account.
2. The 'dial-home' mentioned bypasses Windows's firewall.
3. External monitoring has shown that it does bypass firewalls (however, I cannot say whether that's all of them). So does security software such as LoJack (but that's somewhat unusual).
4. This includes ones with kernel drivers.
5. As the code is written to be invisible to other processes, firewall writers would either have to reverse engineer MS's code to stop it or know certain proprietary details about it. I doubt if any legit/reputable developer would risk using info gained from RE (certainty not to stop it functioning as MS intended). Nevertheless, some MS parteners know about it for obvious reasons.
6. From various news reports several weeks ago, it seems that XP's source code has leaked. That means if you are keen enough you can find the 'offending' code and verify the matter for yourself one way or the other (at least as far as XP goes). If you don't, then sooner or later l'm sure others will do so.
If I and others who share this understanding are way off beam, which I doubt having seen evidence, then please let us all know about it in a HN post.
Hear hear. All "just use an alternative" does is temporarily shift the problem. And then tomorrow an article appears highlighting Windows 10's invasive telemetry and people say "yeah just use macOS".
I have been using windows, apple and Linux (KDE) on a daily basis and handle all os' quite well.
KDE is by far my preference and in general I don't think neither windows nor macos has fewer problems despite the price tag.
After hearing the "it just works" mantra of apple users for many years I was surprised to find I had at least as many glitches on the Mac as I did on KDE (win 7 was better, 10 has more problems ime).
(I use my computers for development and sysadmin, not gaming or art)
Engineers and scientists choosing MBPs as a means of getting a POSIX system on nice hardware did more for getting Macs in the workplace than any of the anti-trust actions did.
Except that it’s not an oligopoly - it can’t be by definition.
There is a free alternative which is better in many ways and has an unlimited supply.
The only reason Apple has a lead in software is that they have made their closed source model deliver end-user benefits at a faster rate than the open source alternatives.
There is no reason this needs to remain true, and there are a lot of signs that it will not continue.
Only "free" in terms of literal monetary payments to acquire the operating system. But the choice between Apple's stack and other Linux stacks has many trade-offs in terms of time, support, documentation, complexity, transition cost, etc.
Regulation will never be ahead of corporations. Regulators always play catch-up. Seeing how, at the end of the day, all these company care about is profits, hitting them where it hurts will make a difference.
That being said, Linux is available, and it's perfectly usable by people who would be bothered by Apple's dev policies.
These companies would be happy to lose the customer and the vars that complain. Unless you can convince 100x more people than yourself to loudly and dramatically move to something not as user hostile, just voting with your dollars will not work, there isn't enough competition.
It's a frustrating road we are headed down. Tech companies have gotten so big that they don't really have to work together using standardization anymore. Options are limited, and most are anti-consumer in one way or another.
>No not really, but limited is the mindset of peoples.
I'd argue options really are limited. Your counter argument assumes one can just roll their own OS with the same features and functionality as current-gen OS's. That's quite a leap. Options today are Windows, Mac, or some flavor of Linux if you can get it to work. Linux aside, Windows and Mac both are making it so you no longer own the OS but are "subscribed" to it. Making it easy for them to implement anti-consumer strategies to lock you in.
What's the alternative for the typical user? Windows has its own problems, and let's face it: market forces on this sort of thing or any other practices by the two of them have not driven people to use desktop Linux instead. For most people, there's simply no reasonable option to switch to that would avoid these things or employ market forces to get these companies to change their ways.
Are you saying that because large numbers of typical users have not yet switched to desktop Linux, we can conclude that desktop Linux is not a reasonable option they can switch to?
No, the fact that Linux is not currently a practical option for most users isn't proof that it can't be or never will be.
I am saying the lack of desktop adoption is indicative of the difficulties of doing so. There is a level-of-effort barrier and technical-knowledge barrier to it. 20 years of progress have lowered those barriers a lot, but even if something like Ubuntu will often be fully functional with a standard install, most users never have to install an OS. They can't walk into Best Buy and come out with a computer that runs desktop Linux.
I think the success of Chrome Books show that people would be receptive to alternative operating systems, but we don't have a retail or post-purchase support environment in place to facilitate it, and I don't see that coming on the horizon.
The key thing there is that you installed the OS. You're saying there's little difficulty in using the OS, but that isn't what I mean when I say it's not a practical option. The core problem is that the average person doesn't know how and wouldn't be comfortable taking that step, even if it's pretty easy once you know how. You have also made yourself their support person. They can't bring their computer to Best Buy or call Apple if they have a problem. We don't have the retail & support infrastructure in place for desktop Linux to be a viable option. These are the things I'm talking about when I say it's not a practical option for a typical user.
None of those options are viable for mass market adoption right now. They are niche operations that are practically invisible to anyone outside of the industry. I didn't say you can't buy Linux pre-installed, I said you can't go into a big-box store like Best Buy to do so, and that there's no significant consumer support infrastructure.
There's also the strong possibility that at least some of these places won't exist anymore at some time over the lifetime of the computer. Purism is only a few years old, with ~ $1million in revenue/year. It uses its own flavor of Linux, meaning support options are extremely limited. System76's website is itself half-broken, with 500 errors when I attempt to customize a system.
You cannot point to niche operations and claim it to be a viable mass-market option. I'm not saying it isn't possible to get there, I'm saying it doesn't exist today, which means it is not an option for mass-market consumers. If tomorrow a million Apple users said "Enough! LittleSnitch is the straw that breaks the camel's back!" and decided they wanted to shop for a desktop linux system, the market couldn't handle it.
Remember, I'm not saying Linux can't be successful on the desktop, I'm saying that it is not a mass-market option right now for users frustrated with Windows/OS X.
> It uses its own flavor of Linux, meaning support options are extremely limited.
The difference between PureOS and Debian is practically non-existent.
> System76's website is itself half-broken, with 500 errors
OK, it proves that the company is about to die. We of course never see those errors on big websites /s
>If tomorrow a million Apple users said "Enough! LittleSnitch is the straw that breaks the camel's back!" and decided they wanted to shop for a desktop linux system, the market couldn't handle it.
Although it is true, the good news is that such thing just cannot happen. This is not how the market changes. The change is always smooth enough that the companies can adjust. And I am sure Purism and System76 are able to given reasonable time.
> I'm saying that it is not a mass-market option right now for users frustrated with Windows/OS X.
Many (most?) frustrated users on MacOS are those who can use the options I listed. If they understand the problems like the one in the title, they definitely can order a laptop online. Probably also true with Windows. Such changes typically start with geeks anyway (AFAIK geeks switched to MacOS first).
> You cannot point to niche operations and claim it to be a viable mass-market option.
I did not claim that. I suggest that those complaining about users restrictions should go to Linux. Typical users do not complain about such things.
> I didn't say you can't buy Linux pre-installed, I said you can't go into a big-box store like Best Buy to do so, and that there's no significant consumer support infrastructure.
Now you have a point and I actually do not really understand, why I cannot just enter a big shop and ask for a Linux laptop. I actually tried to ask tens of times and they always say there are no. Sounds like a conspiracy by the big labels to me.
The barrier isn't usability or functionality for most use cases. The barrier is getting it on the computer and supporting it. We don't have the retail & support infrastructure in place for it to be a practical option. If a non-technical person has Linux on their computer, it's probably because some technical relative put it there, and has made themselves the support person for it as well. You can't walk into a Best Buy and walk out with an Ubuntu laptop. The is an effort & technical knowledge barrier to it, and that's what I mean when I say it's not currently a practical option for a typical user.
The alternative is what? System76 makes a decent laptop but they don’t have a repair center in every major city. I buy Apple computers because of the hardware support and integration with iPhone.
Speaking of iPhone, the open options are at best abysmal for privacy (at least orders of magnitudes worse than Apple) and at worst part of planned obsolescence that creates e-waste much faster than Apple devices.
Fun fact, at least for now, you can still buy a Mac and boot Linux. Probably not true once Apple silicon hits but that’s a sad day for anyone who liked boot camp.
Yeah, I don't think so. I fought with technology since my late teens, and I'm just too old for that shit now. I have maybe an hour to spend on freetime every day and I want to spend exactly 0 seconds of it battling with my devices.
Apple gives me that. Ubuntu gives me that these days in some limited sense too, but not when you factor in AppleTV , phone, pad, homepod and airpod and the watch.
I mean I already knew something was weird when I couldnt su into root and do... root things without a bios hack on a Mac. Thats just not how Unix works at all... The whole concept of root is you are root no exceptions.
That's absolutely not true. For instance, the BSDs have the notion of securelevels (https://man.openbsd.org/securelevel.7) which severely limits what even the root user can do. SELinux can do a lot of the same things.
Ah I'm more familiar with Linux so that's my bad, it was still a shocking and annoying observation I had. It doesn't fully bother me cause I never even need full on root on a Mac but this one time I did and having to tell my wife (girlfriend at the time) how to do all of that over the phone was just suspect, just so she could root a tablet that had a kill switch (Nvidia Shield Tablet).
I don't know about bsd, but there's lots of documentation on how selinux works (including source code) and information on how to alter its behavior in a fine-grained fashion. and selinux doesn't leave itself a backdoor (as far as the nsa has told us)
That's a different issue, though. Today, booting into macOS is similar to booting into a BSD with securelevel=1 enabled, or into Linux with SELinux set up not to allow modifying files in /bin or such.
You don't need to hack anything, you just need to use the officially-supported mechanisms Apple provides to grant yourself more permissions (namely, disabling SIP and remounting the root filesystem).
You can't even remove their new bloated system-installed wallpapers (>2GB, with about 3 of them taking almost 300MB each) without rebooting into safe mode and following tons of steps. But they will sell you an SSD upgrade to help hold them for 3X the market price.
That very much depends on what distribution you use. The Fedora/CentOS/RHEL world has had SELinux enabled by default for years. The Debian world has not but AppArmor is pretty popular there and while that's a fairly different system it hits many of the same sandboxing points. Beyond the default configuration, anyone who is following a hardening standard like CIS is going to have SELinux enabled, too.
I bet they have feature flags that are signed and validated by Apple. You wouldn’t be able to run your app without their approval (which they won’t give).
>I don't use iCloud at all. I don't want Apple phoning home unless I specifically, manually check for software updates.
I don't think a valid buyer of macOS computers is the type that doesn't use iCloud and needs to block it.
Sounds like masochism.
They can of course not use iCloud or the App Store. Blocking it? Might as well use another OS.
I don't doubt there are some users like that. I doubt there are many users like that. And I don't believe an OS maker should cater to such a niche demographic...
Realistically, you have two options: to use Linux or to trade your control and freedom for convenience.
In case the control and freedom are important for you, why not to switch to Linux, purchase Pinephone or Librem, use DD-WRT/VyOS/pfSense for your router?
Well, I'd say most Apple users expect the OS and core features (including iCloud, Maps, Mail, App Store, updates, etc) to "just work" -- and if they install some application firewall it's for other apps -- malware, etc.
A good lesson for the anti-FLOSS crowd so heavily present in this website.
I'll be the first to admit Linux desktops are full of flaws (although there are other options), just like every other OS but they could be fixed given enough money or maybe you could be the one that write that code.
But an OS that is not FLOSS will always work against their users and restrict their freedom. It's also a big joke that they have so many ads talking about privacy, when they are just as bad as their rivals. I do understand that not everyone has a choice because specialized software that they need for professional use could be available only in other platforms and that's unfortunately.
I don't expect an utopic world where everything is FLOSS but the OS is too important to be closed. It will only get worse with time.
Some people are smart, informed developers that install a trusted tool to monitor their traffic and have legitimate reasons to want to inspect Apple traffic. They're dismayed.
Most people are the opposite and this move protects the most sensitive data from being easily scooped up or muddled in easily installed apps, or at least easily installed apps that don't use zero days.
Is the world better or worse due to this change? I'd say a touch better, but I don't like the fact that this change was needed in the first place. I trust Apple, but I don't like trusting trust.