← Back to context

Comment by korethr

4 years ago

So the block works for now, but what happens when a) macOS is changed such that Little Snitch doesn't work anymore, whether it is because the architecture changes in some critical way, or Little Snitch iself is blocked by trustd? b) failure of trustd to succeed in its call home becomes a hard failure that blocks execution?

I can kinda see a noble intention behind this: protect system integrity by making sure no "known evil" application runs, like say a ransomware. But I have two problems with it.

First, it seems to assume that the call-home server will always be available, which seems a bad assumption from an engineering standpoint. Even the mighty and holy Apple can suffer outages, for a myriad of possible reasons. Be it a fat-fingering of some parameter during an approved maintenance window, the criticality of of which was heretofore unappreciated, a cascade of on-their-own-innocuous failures transforming into a deadlocked hard-down situation, or the fact that the North-American Fiber-Seeking Backhoe is not and never will be an endangered species, the result is ultimately the same: the mother-may-I server is not available.

The second reason, giving Apple further capability of evil shenanigans is already well covered by other comments here.