Comment by vlunkr
2 years ago
Well, yes, it is less secure. Though Apple has been adding more restrictions around apps having full disk access and stuff.
2 years ago
Well, yes, it is less secure. Though Apple has been adding more restrictions around apps having full disk access and stuff.
And yet no one would ever want or think of locking down MacOS like they have locked down iOS. Turns out that grown ups don't need Apple to babysit them for additional "security" when everybody knows that Apple's real reason is just money+greed and the "security" talking point is just a convenient smokescreen.
>And yet no one would ever want or think of locking down MacOS like they have locked down iOS.
https://www.qubes-os.org/intro/, snapd and BSD jails are all forms of locking down a general computer OS ways similar to the way iOS is locked down, and things that individual users choose to do on their own computers. Sure those users can install anything else they want as well, but then there's also a reason why these things are niche, even within the nice of *nix users. Because the administration and management is a headache and people don't generally want to do that.
>Turns out that grown ups don't need Apple to babysit them for additional "security"
I think you have an over estimation of the average "grown ups" ability to judge the safety and security of their computer or the software they run on it. There are plenty of people out there who do not want or need to understand system security and administration and are much better served by having someone else manage that for them. There's a reason why Windows and MacOS are still more popular than Linux, and there's a reason why in the Linux world, Red Hat, CentOS, Debian and Ubuntu are more popular than Arch. People only have a limited amount of time and energy to dedicate to things and not everyone wants to dedicate theirs to our shared hobby.
You forgot to mention that all those Operating Systems you mentioned allow the user to break free from restrictions if they desire to do so because the machine is their property after all. Mechanisms for "Security" only become a jail if there is absolutely no way to break free.
And having certain restrictions to hide complexity from users to hide complexity is by no means comparable to "security" whose only purpose is to shackle users so they can never escape obscene fees because Apple uses the same strategy as the mafia: "pay us for protection".
If it's not voluntary, what's the difference between Apple's behavior and Tony Soprano's behavior?
6 replies →
I wouldn't want it, but I can see both Apple and heads of a lot of IT departments loving the concept of a locked-down MacOS.
That's a completely different scenario and those IT departments already have their own mechanisms of enforcing lockdowns, they wouldn't want others to impose lockdowns on them (the administrators) too. For devs, such an Apple imposed lockdown on MacOS would destroy the Macbook's popularity, since it would regress and turn into a glorified ipad.
A locked-down MacOS would be awful but at least you’d still have Linux (thanks Asahi).
With an iPhone you are stuck with whatever new decision from Apple with no opt-out. That’s abnormal.
See, I’d be ok to say that Apple can do whatever they want with iOS the day they give me the keys to the boot loader. Until then, they’ll have to assume their role of gatekeeper.
I have no issues with walled gardens as long as you’ve got the key to leave. Here the key to leave is called "throw your $1000 phone to buy another".
1 reply →
> heads of a lot of IT departments loving the concept of a locked-down MacOS
And Airport security loves invasive search - why do people understand one is a violation of privacy, but tolerate the other?
I don’t carry my MacBook around with me everywhere I go, though, so it’s different.
For some people in the world the iphone is the only general purpose computing device they own, so it is even more important that they aren't artificially constrained so Apple can milk users with absurd fees while citing bogus reasons as justification.
Just look at cases where governments abuse Apple's power over users to squash protests and delete important Apps from the Appstore. Without competing Appstores users are left at the mercy of a trillion dollar company which cares about profits and profits only. Not being able to freely install apps from any source the owner of the computing device prefers is outrageous and we can only thank the EU commission for recognizing that.
https://www.npr.org/2019/10/10/768841864/after-china-objects...
This is basically what an iPad with a keyboard attachment is, and iPads sell very well.
And one of the main reasons why people feel the need to upgrade their device to a "real computer" is when the users hit those artificial boundaries which they are not allowed to bypass.
Which iPad owner ever thinks "oh I wish my iPad were even less capable"? Most people are annoyed by its limitations but they accept it as a trade off. I personally would use my iPad much more if it were as capable & open as a Mac.
2 replies →
> And yet no one would ever want or think of locking down MacOS like they have locked down iOS.
https://en.wikipedia.org/wiki/Security-Enhanced_Linux
the delightful irony is you’re literally so wrong they put it right in the name. Security Enhanced.
The military knows damn well that limiting unprivileged users to running a limited selection of vetted and approved apps and restricting their ability to make tools that might aid their ability to jump the sandbox increases security. They literally built the canonical OS extension to do it. It’s not sufficient for security by itself, but it does additively increase security vs a non-policy-enforced environment with higher freedom.
It is, however, necessary for security. Literally every enterprise sysadmin, every single one, windows or Linux or otherwise, knows that letting users set policies on their own devices decreases security. And in the real world, those policies/access control are either: (a) mandatory, or (b) ineffective. If you allow a mechanism for users to opt out - they will opt out 100% of the time, and it’s ineffective. There is no middle ground, if there is a way to go around then users will do it, it's either a matter of policy or it functionally doesn't exist.
Facebook et al will certainly exploit their network power to push users to do that, just like any other attacker. No different than Chinese agents going after a debt-laden private. They literally already got caught using their dev credentials trying to pull a sneaky and tunnel users data via a VPN for data mining purposes.
https://arstechnica.com/gadgets/2019/01/facebook-and-google-...
But I’m sure you know infosec better than the NSA. This is HN after all.
And again - such escape valves already exist. You can sideload apps on an iphone without paying any extra money. Altstore/Appstore++ exist to refresh your app notarization automatically etc.
Almost as if this is really all about the transaction fees and apple's cut of money that tim sweeney sees as rightfully his, and not user freedom at all... but I'm sure there's a very good, very pro-consumer reason Sony and Microsoft exempted themselves from the DMA?
it's amusing how you can miss his point so badly and still think that's he is wrong and not you for applying a false analogy and making the false conclusion.
The example you mentioned is fundamentally different, why? The owner has the option to completely disable anything they dislike or install a different OS, especially on linux which prides itself on maximum user choice. And even then it's asinine to compare features that are for enhanced security and Apple's version of "security" which just limits user choice to products that have to pass Apple's gate so they have to pay a tax to enrich Apple.
[flagged]