Although possible to disable the feature, those steps are crazy complicated, and probably impossible for anyone who isn't a developer. (Apart from anything else, regular users should never be advised to disable SIP.)
The issue is defaults. Personally, I prefer using an open source alternative OS where generally everything is disbled by default. (NetBSD is best exemple I have found.) Commercial OS like the ones created by Apple, Microsoft, Google, etc. have default settings that are opinionated, i.e., some users might not wish to choose these settings. This puts a burden on the user to disable or work around them somehow. Apple iOS and MacOS by default generate a considerable amount of network traffic to Apple servers as soon as they are powered on. When I power on a computer running NetBSD, there is by default no traffic to a corporate mothership.
Given the choice between (a) a corporate OS that requires me to perform some amount of work to "turn off" some "features" the corporation has enabled and (b) a non-corporate OS that requires me to perform some amount of work to "turn on" the "features" that I want to use, I prefer (b).
It seems to me that the issue with this approach is that those commercial OSs have to deal with a way more diverse audience than NetBSD and even Linux.
While most of Linux's audience (and probably practically all of NetBSD's) is rather technically inclined and could possibly be expected to turn on the security features as they need them, most of Windows' and macOS's audience will very likely have no idea that there is even an option to do this.
Also, software companies would probably take the easy route and just assume that since those features aren't enable by default, most people don't enable them and develop their software in a way which could be incompatible with them.
So I think that for an OS like macOS, where most people flock "because it just works and has no viruses", strict defaults are a sane choice. Having people go through hoops and click through warning messages would probably also push companies to better design their software.
In the end, I think the best way is for such features to be the default setup. But those OSs need to have an "escape hatch" for someone who actually wants those features disabled and actually understands the risks of disabling them. While macOS does (for the moment) have this hatch, it looks maybe /too/ complex. But then I think the difficulty of the exercise is in setting the "correct" level of complexity for this operation.
The problem is not the defaults. The problem is choice. When the motto is "just works", the system needs defaults that works. But savvy user needs to be able to change these things.
A more common use case for this kind of choice is corporate laptops. They usually set up their own policy on the laptop before handing it to employees for good reason. Firewalls are especially necessary to avoid leaking confidential information.
The problem is that people who work on some specific fields (music, cinema, graphics) have almost no choice when choosing OS and computer.
Most of them won't even care about sending too much data to a company if that's the price to have the same device everyone else is using in their industry...
> Given the choice between (a) a corporate OS that requires me to perform some amount of work to "turn off" some "features" the corporation has enabled and (b) a non-corporate OS that requires me to perform some amount of work to "turn on" the "features" that I want to use, I prefer (b).
actually default on, is not a problem if it is easy to turn it off in that case.
if apple would have had a button to turn it off, we would be fine.
Defaults are opinionated per definition. You might agree or disagree with them.
I don't believe the defaults related to this issue are a problem; its the lack of transparency about this, coupled with it being difficult to change this. Probably every update you gotta fix that. That's akin to running a Hackintosh. And we all know macOS is moving towards iOS; not Hackintosh/PC.
All you need to do is to know about the linked page and have it open on another computer, disable some initial disk protections, reboot into recovery while holding down some unmentioned key combinations, disable further restrictions by typing in cryptic Terminal commands that don't match the public names of the features they affect, reboot again, type in more cryptic commands as root to modify deeply nested system files and perform filesystem voodoo, and then reboot yet again with an optional prayer. Repeat for every OS update.
The easier it is to opt out, the more likely it is for sketchy developers to guide tech-novice users through that process, the more likely it is for malicious actors to take advantage of those who opted out.
Ugh. I'd love to switch to Linux, but as a designer, I'm stuck. It's not a lack of understanding of how it works— Before I was a designer I was a developer, worked in IT for a while, worked in upper-level support for a while, and Linux was my primary personal and professional OS from the late 90s to like 2010.
Why don't I just run a closed-source OS in a VM? They are fussy. Having some weird graphics tablet driver problem or something can really kill the creative connection between me and my work, and if I'm coming down to the wire on a deadline, it can cost me a contract.
What about tools that work natively on Linux? They generally just don't work for professional design use. Whenever I say that, a billion people always jump in and say "Gimp and VivaDesigner and Natron and XYZ and PDQ" work fine for me," and to my astonishment, they always seem surprised that the same just isn't true in most (any?) professional workflows. Sure, with varying amounts (usually non-trivial) of extra effort I can cobble together a disparate set of tools that might sometimes yield similar results to professional design programs, but it's going to take significantly more work to produce possibly lower-quality results, and that's just not an option for a pro. If you were hiring someone to craft the image of your company in a crowded, competitive marketplace, would you pay them more to take longer and potentially end up with a suboptimal product just because they were only using OSS to do it?
A software developer could feasibly use something like windows notepad or pine to achieve the same results as an IDE, or even a more powerful text editor like SublimeText. For many non-professionals, people just editing a config file, or people making the occasional shell script, it does work fine. Better even, considering that the extra baggage of complex tools would actually slow them down rather than speed them up.
Some things changed for the good the last couple of years.
I am programming on Ubuntu (C#, PHP, Javascript) with Jetbrains software. This works absolutely great.
For 3D work I use Blender.
But for graphical work I agree that there are still alternatives missing.
Figma is a very good alternative for Sketch. Scribus is a good alternative for Indesign. Krita is very good for concept art. But that's about it.
Inscape is a good alternative for Illustrator, but only if you work in RGB.
Gimp can do what Photoshop can but it will take you 3 times as long.
But for me the trade-offs work. I want to own my computer so I choose to work in Gimp instead of Photoshop. I also started to design websites directly with CSS. And I switched from 3DsMax to Blender (which isn't a trade-off anymore).
I think Blender and Figma are good, professional tools. For the rest of them, I'm sure they work fine if you don't need to produce extremely polished stuff at volume— but they're not even close to good for that use case. (which is what my comment was about) I could see a UX Designer who works primarily in wireframes and such things getting by fine with linux, but not someone who works primarily in visuals.
I have tried in 2008 with Ubuntu Studio, after spilling coffee on my Powerbook G4, to work in Linux as a UI designer full time and people don't realised the power of Inkscape at the time. 2017 I have used only Ubuntu LTS with Gnome and Affinity Designer in Win VM, full year.
This time around I think that is possible, and economically solid, the move from Apple to ARM and closed walls of App Store to create conditions for real Linux Desktop Revolution.
At least you’re stuck on a Mac. I do motion design and I’m stuck on windows because of stupid Apple vs nvidia beef and apple only allowing you to have a good gpu if you pay for Mac Pro with Xeon you don’t need and expensive memory you don’t need.
I'm assuming your use case doesn't require that much compute power so maybe you could use an old Mac just for work stuff and a Linux machine for everything else?
get 2 machines then. Who says you need to have a single machine for everything? Get a Mac for your design work, treat it like an appliance, and use Linux for everything else on another machine. Problem solved.
While I like your solution in principle, I can imagine it complicating life awfully...
People email you assets/images for use in your production work: are you going to get that on your 'designer' machine or on your Linux box? Most likely the latter, now you have to transfer it over to the 'work' box. Not technically difficult, but a definite speed-bump in your workflow. Awkward.
Your online document-sharing/demos (say Dropbox, whatever): is that from the work box? the utility box? both? Again, not technically a train-smash, but... awkward. A discontinuity that you'll have to deal with multiple times a day, a detour in your flow.
I can see why many would consider it too much of a hassle.
Why professional users don't complain? I unfortunately need to keep Windows machine for pro tools I use and it took me some time to remove any telemetry plus I can still see with Glasswire some apps are sending traffic. Usually I send an email to the software provider and ask what they send. Unfortunately some don't even reply and there is no OSS alternative, so there you go. I wish pirates went a step further and instead of hacking DRM also removed calls home and telemetry. Should mods should be legal if you have a full version and I would pay for such mods.
I agree that Gimp et al are terrible, but why not use Figma? It’s a great design tool, and thanks to it being browser-based you can use it on any platform, including Linux.
Freedom is hard, and thingsbcosts money if you're not willing to put willpower - more news at 11
Jokes aside you don't have to do it if you're scared, and if you want to try you can always switch back and forth between machines / OSs so you use the most suited environment according to the limits of context and the job you need to do.
Much like you can aim at 0% environment pollution by gradually removing excess stuff instead of going full off the grid, you don't have to do a radical move. Use the tools you need for the job, aiming at result production while keeping a liquid approach.
Depending on your skills, willpower, effort, and willingness to abandon uninventive corporations you can be faster and more efficient. You're just not feeling comfortable investing time and effort, which is a sacred choice.
Please consider that things have changed since 2019, VMs support of tablets and color grading tools are a breeze and using tools that your competitors are scared to use will make you innovative. Godspeed~
I have gotten rid of almost any Apple only tools (OmniGraffle to Figma; OmniFocus, Things3, iA Writer, Ulysses, Alfred App to Emacs+Org, and some more), but there is only only a few left that I can‘t find a replacement for in Linux-land: DEVONthink for managing my thousands of documents (actually I just keep my files in DEVONthink and use the search feature, could end up using just file system), ScanSnap Manager (a driver for my Fujitsu Scanner plus a desktop app for scannning the documents, and Spotlight search that works from within every other app for instantly finding any document.
I guess I need to get a Thinkpad running Linux for slowly finding replacments for my tools, and migrate not within weeks, but spreading my migration process over months.
My most essential tool is Emacs / Org and Lisp, Python plus the terminal with some shell scripting for automating all my workflows.
Yes, I will miss the smoothness that comes from very tight integration of hardware and services, but I absolutely hate the path that Apple is on, slowly taking all freedom from its users, until macOS is as closed as iOS. This is against every conviction I have as a citizen for whose freedom it is essential to have control over the machine that enables me to connect to the world and do my work. We are no toddlers, Apple does not need to put us in a walled garden, a promised land without any malware and danger (that‘s the promise, but in reality they want to control every aspect of their ecosystem, like an emperor that wants to tax every aspect of acting and movement in his land).
If you don't mind, could you elaborate a bit on how you've replaced Alfred?
I use it heavily for:
* snippets (mostly for terminal so Termius might be an option but I also use it for non-terminal things)
* clipboard history (are there up to par alternatives?)
* workflows - mostly launching various websites, like Jira tickets with "<board> <ticket #>" or "c suponer" to conjugate Spanish verbs), but also for launching various shell scripts (like changing nameservers with "ns <provider>"), or keyboard shortcuts for playing specific sounds (for fun)
> I guess I need to get a Thinkpad running Linux for slowly finding replacments for my tools, and migrate not within weeks, but spreading my migration process over months.
I'm in the same boat. I've been eyeballing a Tuxedo Pulse 14, but have been thinking of getting a regular PC keyboard in the meantime for the Mac and play around with Linux in Virtualbox.
> I guess I need to get a Thinkpad running Linux for slowly finding replacments for my tools, and migrate not within weeks, but spreading my migration process over months.
Well, if you actually like to tinker from time to time just for tinkering's sake, this is a great approach I inadvertently took.
My daily driver for 7 years had been a late 2013 mbp, which still works and is plenty powerful for most of what I do. Then during the shelter in place period I installed a Arch on my desktop (which normally runs Windows for Photoshop, etc) just to experiment a little with ZFS on Linux, etc. Then I started using it more and more and now I rarely use my mac again. (note that I'm not new to linux, had been using it both on the desktop and the server for a very long time and my work laptop runs linux).
However, unlike you, I don't use many Apple-only tools mostly just Things and Bear. I haven't found replacements for those, but as they never were a critical part of what I do, it wasn't that big of a deal to just drop them.
Thinkpad T460p on arch linux for me (after getting macbook pro 2017 15 inch keyboard issues followed with cablegate immediately afterwards).
The T460p is a 2016/17 secondhand machine which cost USD235 which I then added a ram upgrade and a new 72Wh battery to. I don't miss the mbp at all and prefer the linux OS anyway.
It probably took me until this moment to realise I was largely falling for marketing in thinking only the best specs would do ...
This seems so negligent it's difficult for me to believe this was a mistake. Perhaps it could be argued that Apple doesn't want applications blocking the network traffic of trusted applications because there is limited upside to doing so and doing so may restrict core functionality such as system updates, etc. But surely the most reasonable explanation here is that Apple wants a back door to guarantee they can monitor your activity / allow intelligence agencies a way to access to your system?
No, that is not the most reasonable expectation. Fails both Occam's Razor and the laugh test.
To believe this, one has to believe that a $2 trillion company did this on purpose, knowing it would be revealed within hours and that it would take a major hit on the very reputation for user privacy and security that they have spent years building.
There are a lot of better explanations available than "Apple decided user security can fuck off and that clumsily collaborating with the bad guys in trivially-detectable ways was a way better plan".
Maybe you're right – I am quite a paranoid person.
I guess I just don't understand how this wasn't flagged as a concern when the feature was being worked on? How is it possible that Apple's engineering team built a backdoor like this without it raising serious security concerns? And if concerns were raised why was this not adequately pen tested prior to release?
I'm not sure what's worse from a reputational perspective... A company that prides itself on privacy but can't get something as basic as a firewall right, or a company that knows how to write secure software but occasionally puts backdoors in them for intelligence agencies?
Ultimately, there's little difference between incompetence and malevolence when acting in this level. Incompetence might actually be slightly worse.
The malevolent act on their best interest which is often predictable and limited. The incompetent simply give away data to every random badguy under the sun.
I'm done with Apple. It's incredibly restrictive for no real gain at this point. I have a really old MB Air I only ever use to compile apps for the App Store for clients, but otherwise there's no clear path towards improvement from them, so I'm voting with my wallet for the foreseeable future.
This reminds me of the old saying that it's impossible to work within an infected system to clean it --- and now that corporations have been "infecting" systems with such telemetry/spyware by default, that's even more true.
I believe Win10 was the first to do something like this --- it ignores the hosts files and firewall for certain hardcoded domain names and IPs.
I built something similar to this[1] for when I'm dealing with hosts I don't have complete control of -- to block outgoing connections. Now it seems there might be a more widespread use case.
Even an external firewall can't easily block everything. Just send telemetry over port 443 to an AWS server and most can't block it. You can't trust a device that need an outgoing firewall.
https://imgur.com/a/y0NPJ2o - DNS activity of my Mac PRO + Big Sur during the last 30 mins. This is a filter on `apple` domain so I'm not sure if I'm seeing everything since they might use other domains but heh - for the curious.
I hope this proof-of-concept is the last straw that gets Apple to walk this design decision back. Because if it doesn’t, I'm not looking forward to whatever it is that does.
I expect Apple to take the opposite path, not immediately, but eventually: disable sideloading and enforce a Mac App Store only policy on macOS, similar to iOS. After all, if all apps are reviewed and approved by Apple, there is no malware that can use this weakness or the future ones.
And I am sure the 30% cut and $100 annual fee has nothing to do with the decision either. Apple only cares about customers, not money. /s
> I expect Apple to take the opposite path, not immediately, but eventually: disable sideloading and enforce a Mac App Store only policy on macOS, similar to iOS
Yep. And when Apple does it, HN will celebrate. There's a certain type of person who's terrified by independence and freedom and who craves the comforting safety of rules and control. macOS will be the OS for that kind of person.
disable sideloading and enforce a Mac App Store only policy on macOS
People have been repeating that for years, since the Mac App Store was announced. It’s not in Apple’s interest to do it. There is a ton of software, open source in particular, that Apple benefits tremendously by. It costs Apple nothing to maintain the status quo.
Going Mac App Store only would drive tons of developers off the platform and do absolutely nothing to increase sales on the Store anyway. It would be widely panned as a ham-fisted move.
There are numerous excellent reasons why that will never happen. And why it’s not in Apple’s interest to do so.
The most obvious reason is that it would utterly destroy the Mac among influencer communities and developers.
But perhaps the most underrated reason is that Apple already has a managed computing platform in the iPad. Rather than the Mac becoming more locked down, I expect the iPad will become ever-more desktop-like and take over more and more market share from traditional computers.
I’d contend that an iMac-like desktop iPad is a more likely future product than a fully locked down Mac.
Readit News
https://tinyapps.org/blog/202010210700_whose_computer_is_it....
And a humorous guide on disabling protections like code signing and notarization:
https://www.naut.ca/blog/2020/11/13/forbidden-commands-to-li...
Given the choice between (a) a corporate OS that requires me to perform some amount of work to "turn off" some "features" the corporation has enabled and (b) a non-corporate OS that requires me to perform some amount of work to "turn on" the "features" that I want to use, I prefer (b).
While most of Linux's audience (and probably practically all of NetBSD's) is rather technically inclined and could possibly be expected to turn on the security features as they need them, most of Windows' and macOS's audience will very likely have no idea that there is even an option to do this.
Also, software companies would probably take the easy route and just assume that since those features aren't enable by default, most people don't enable them and develop their software in a way which could be incompatible with them.
So I think that for an OS like macOS, where most people flock "because it just works and has no viruses", strict defaults are a sane choice. Having people go through hoops and click through warning messages would probably also push companies to better design their software.
In the end, I think the best way is for such features to be the default setup. But those OSs need to have an "escape hatch" for someone who actually wants those features disabled and actually understands the risks of disabling them. While macOS does (for the moment) have this hatch, it looks maybe /too/ complex. But then I think the difficulty of the exercise is in setting the "correct" level of complexity for this operation.
So the right path for consumer OS is ‘sound opinions, easily changed’.
The list is really disappointing.
A more common use case for this kind of choice is corporate laptops. They usually set up their own policy on the laptop before handing it to employees for good reason. Firewalls are especially necessary to avoid leaking confidential information.
Most of them won't even care about sending too much data to a company if that's the price to have the same device everyone else is using in their industry...
actually default on, is not a problem if it is easy to turn it off in that case. if apple would have had a button to turn it off, we would be fine.
I don't believe the defaults related to this issue are a problem; its the lack of transparency about this, coupled with it being difficult to change this. Probably every update you gotta fix that. That's akin to running a Hackintosh. And we all know macOS is moving towards iOS; not Hackintosh/PC.
My point: opting out should be much, much easier.
What could be easier?
Most consumers don't care about security, making it easy to disable just opens the floodgates of their systems.
Fighting the OS you are running is an uphill battle that gets tiresome real quick.
Most users will say yes.
Technical ones at least can say no.
Easier than setting up bluetoooth.
Why don't I just run a closed-source OS in a VM? They are fussy. Having some weird graphics tablet driver problem or something can really kill the creative connection between me and my work, and if I'm coming down to the wire on a deadline, it can cost me a contract.
What about tools that work natively on Linux? They generally just don't work for professional design use. Whenever I say that, a billion people always jump in and say "Gimp and VivaDesigner and Natron and XYZ and PDQ" work fine for me," and to my astonishment, they always seem surprised that the same just isn't true in most (any?) professional workflows. Sure, with varying amounts (usually non-trivial) of extra effort I can cobble together a disparate set of tools that might sometimes yield similar results to professional design programs, but it's going to take significantly more work to produce possibly lower-quality results, and that's just not an option for a pro. If you were hiring someone to craft the image of your company in a crowded, competitive marketplace, would you pay them more to take longer and potentially end up with a suboptimal product just because they were only using OSS to do it?
A software developer could feasibly use something like windows notepad or pine to achieve the same results as an IDE, or even a more powerful text editor like SublimeText. For many non-professionals, people just editing a config file, or people making the occasional shell script, it does work fine. Better even, considering that the extra baggage of complex tools would actually slow them down rather than speed them up.
I am programming on Ubuntu (C#, PHP, Javascript) with Jetbrains software. This works absolutely great.
For 3D work I use Blender.
But for graphical work I agree that there are still alternatives missing.
Figma is a very good alternative for Sketch. Scribus is a good alternative for Indesign. Krita is very good for concept art. But that's about it.
Inscape is a good alternative for Illustrator, but only if you work in RGB.
Gimp can do what Photoshop can but it will take you 3 times as long.
But for me the trade-offs work. I want to own my computer so I choose to work in Gimp instead of Photoshop. I also started to design websites directly with CSS. And I switched from 3DsMax to Blender (which isn't a trade-off anymore).
The choice is yours.
https://www.photopea.com/
This time around I think that is possible, and economically solid, the move from Apple to ARM and closed walls of App Store to create conditions for real Linux Desktop Revolution.
get 2 machines then. Who says you need to have a single machine for everything? Get a Mac for your design work, treat it like an appliance, and use Linux for everything else on another machine. Problem solved.
People email you assets/images for use in your production work: are you going to get that on your 'designer' machine or on your Linux box? Most likely the latter, now you have to transfer it over to the 'work' box. Not technically difficult, but a definite speed-bump in your workflow. Awkward.
Your online document-sharing/demos (say Dropbox, whatever): is that from the work box? the utility box? both? Again, not technically a train-smash, but... awkward. A discontinuity that you'll have to deal with multiple times a day, a detour in your flow.
I can see why many would consider it too much of a hassle.
Jokes aside you don't have to do it if you're scared, and if you want to try you can always switch back and forth between machines / OSs so you use the most suited environment according to the limits of context and the job you need to do.
Much like you can aim at 0% environment pollution by gradually removing excess stuff instead of going full off the grid, you don't have to do a radical move. Use the tools you need for the job, aiming at result production while keeping a liquid approach.
Depending on your skills, willpower, effort, and willingness to abandon uninventive corporations you can be faster and more efficient. You're just not feeling comfortable investing time and effort, which is a sacred choice.
Please consider that things have changed since 2019, VMs support of tablets and color grading tools are a breeze and using tools that your competitors are scared to use will make you innovative. Godspeed~
I am feeling pretty heavily smug that I got rid of my Apple kit earlier this year because I wasn't happy with the direction of the platform.
I guess I need to get a Thinkpad running Linux for slowly finding replacments for my tools, and migrate not within weeks, but spreading my migration process over months.
My most essential tool is Emacs / Org and Lisp, Python plus the terminal with some shell scripting for automating all my workflows.
Yes, I will miss the smoothness that comes from very tight integration of hardware and services, but I absolutely hate the path that Apple is on, slowly taking all freedom from its users, until macOS is as closed as iOS. This is against every conviction I have as a citizen for whose freedom it is essential to have control over the machine that enables me to connect to the world and do my work. We are no toddlers, Apple does not need to put us in a walled garden, a promised land without any malware and danger (that‘s the promise, but in reality they want to control every aspect of their ecosystem, like an emperor that wants to tax every aspect of acting and movement in his land).
I use it heavily for:
* snippets (mostly for terminal so Termius might be an option but I also use it for non-terminal things)
* clipboard history (are there up to par alternatives?)
* workflows - mostly launching various websites, like Jira tickets with "<board> <ticket #>" or "c suponer" to conjugate Spanish verbs), but also for launching various shell scripts (like changing nameservers with "ns <provider>"), or keyboard shortcuts for playing specific sounds (for fun)
> I guess I need to get a Thinkpad running Linux for slowly finding replacments for my tools, and migrate not within weeks, but spreading my migration process over months.
I'm in the same boat. I've been eyeballing a Tuxedo Pulse 14, but have been thinking of getting a regular PC keyboard in the meantime for the Mac and play around with Linux in Virtualbox.
Edit: Found this, seems like there's hope: https://medium.com/curiouscaloo/macos-to-ubuntu-part1-alfred...
Well, if you actually like to tinker from time to time just for tinkering's sake, this is a great approach I inadvertently took.
My daily driver for 7 years had been a late 2013 mbp, which still works and is plenty powerful for most of what I do. Then during the shelter in place period I installed a Arch on my desktop (which normally runs Windows for Photoshop, etc) just to experiment a little with ZFS on Linux, etc. Then I started using it more and more and now I rarely use my mac again. (note that I'm not new to linux, had been using it both on the desktop and the server for a very long time and my work laptop runs linux).
However, unlike you, I don't use many Apple-only tools mostly just Things and Bear. I haven't found replacements for those, but as they never were a critical part of what I do, it wasn't that big of a deal to just drop them.
There are also Linux "commodity" laptops from Linux-focused companies now. E.g.,
https://puri.sm/products/librem-14/
https://system76.com/laptops
iA Writer is available on Windows and Android.
The T460p is a 2016/17 secondhand machine which cost USD235 which I then added a ram upgrade and a new 72Wh battery to. I don't miss the mbp at all and prefer the linux OS anyway.
It probably took me until this moment to realise I was largely falling for marketing in thinking only the best specs would do ...
Have not found a good successor to Devonthink Pro though.
Thinkpad running Manjaro GNOME
Works fine, haven't looked back.
Couldn't be happier.
To believe this, one has to believe that a $2 trillion company did this on purpose, knowing it would be revealed within hours and that it would take a major hit on the very reputation for user privacy and security that they have spent years building.
There are a lot of better explanations available than "Apple decided user security can fuck off and that clumsily collaborating with the bad guys in trivially-detectable ways was a way better plan".
I guess I just don't understand how this wasn't flagged as a concern when the feature was being worked on? How is it possible that Apple's engineering team built a backdoor like this without it raising serious security concerns? And if concerns were raised why was this not adequately pen tested prior to release?
I'm not sure what's worse from a reputational perspective... A company that prides itself on privacy but can't get something as basic as a firewall right, or a company that knows how to write secure software but occasionally puts backdoors in them for intelligence agencies?
This seems a little rudely dismissive. GP's skepticism sounds totally reasonable and healthy to me.
The malevolent act on their best interest which is often predictable and limited. The incompetent simply give away data to every random badguy under the sun.
Deleted Comment
I mean, it is the result of deliberate architecture and design changes to security and networking on macOS.
Dead Comment
I believe Win10 was the first to do something like this --- it ignores the hosts files and firewall for certain hardcoded domain names and IPs.
[1] https://www.badllama.com/content/portable-raspberry-pi-firew...
If you want to block something use a firewall.
I see a lot of iCloud and Software update stuff in there.
Nothing malicious from first glance.
And I am sure the 30% cut and $100 annual fee has nothing to do with the decision either. Apple only cares about customers, not money. /s
Apple - "we want to keep it simple to our users"
Google - "AI doesn't have any control over data we've collected"
Facebook - "Every company is spying on their users"
Amazon - "we control mere 10% of global economy"
Salesforce - "you can ‘easily’ export your data from our completely proprietary platform"
Yep. And when Apple does it, HN will celebrate. There's a certain type of person who's terrified by independence and freedom and who craves the comforting safety of rules and control. macOS will be the OS for that kind of person.
People have been repeating that for years, since the Mac App Store was announced. It’s not in Apple’s interest to do it. There is a ton of software, open source in particular, that Apple benefits tremendously by. It costs Apple nothing to maintain the status quo.
Going Mac App Store only would drive tons of developers off the platform and do absolutely nothing to increase sales on the Store anyway. It would be widely panned as a ham-fisted move.
The most obvious reason is that it would utterly destroy the Mac among influencer communities and developers.
But perhaps the most underrated reason is that Apple already has a managed computing platform in the iPad. Rather than the Mac becoming more locked down, I expect the iPad will become ever-more desktop-like and take over more and more market share from traditional computers.
I’d contend that an iMac-like desktop iPad is a more likely future product than a fully locked down Mac.