Not terribly fair. When Windows decided running everything as administrator was bad and to add a visual sudo-like prompt, Apple made fun of them for it, but it was Microsoft reacting to a changing threat landscape then too.
My first thought was "But back then those prompts were constant, making them almost useless", though maybe that did actually help by making software vendors rely less on admin rights?
I mean it has, but the situation is getting ridiculous, I'm at the point where I'm honestly not sure what special set of magical incantations and rituals I need to do to get this process to work, it seems to change between different bits of software and get more complex with time as if Apple keeps finding proverbial bigger fools who can get through this mess without intending to and so they're solution is to keep making it increasingly more Byzantine
The thing that really irks me is I've got a paid developer account with Apple, I've already done the xcode dance, notarized binaries and all that nonsense, shouldn't this have activated some super special bit on my Apple account that says
“this one needs to do random stuff now and again and after saying, `Hey just checking in, doing this will do X to your computer probably, and maybe set it on fire, but if you say "go for it, I promise I know what I'm doing', I'm gonna trust you champ`, finger guns“
(not sure why in my head the personification of Apple would do "finger guns", but here we are I guess :shrug:)
Hell at this point I'll take a checkbox in my settings that says, ”Some people are into extreme sports, I love to install random binaries, just get out of my way“
It's not an issue of permission, it's an issue of trying to make a computer that's safe for grandma to use. Criminals can and will convince grandma to navigate a byzantine labyrinth of prompts and technical measures in order to drain her bank account. That's the threat model we're dealing with here.
…you don’t, just like you don’t need the bank’s permission to withdraw funds… but they will still try and stop you pulling out $10,000 so you can buy iTunes gift cards to pay off your taxes.
IIRC everything you compile on macOS yourself, possibly only when using Apple’s llvm toolchain, already gets the proper bits set to execute just fine. This also seems to work for rust and go binaries. I’m not sure whether that is because they replicated the macOS llvm toolchain behaviour for the flag or whether another mechanism is at play.
The command line incantation is just a convenience. You can unblock the app that you just tried to run by going to Privacy and Security in system settings and clicking around a bit.
Not terribly fair. When Windows decided running everything as administrator was bad and to add a visual sudo-like prompt, Apple made fun of them for it, but it was Microsoft reacting to a changing threat landscape then too.
Vista gets maligned but UAC is a good feature to have around, and Vista introduced it.
My first thought was "But back then those prompts were constant, making them almost useless", though maybe that did actually help by making software vendors rely less on admin rights?
2 replies →
UAC is not a security boundary. Malware can bypass it if it wants.
It helps to actually enable having to type a password instead of clicking on Yes.
However yes, security is much more than an UAC dialog.
1 reply →
I mean it has, but the situation is getting ridiculous, I'm at the point where I'm honestly not sure what special set of magical incantations and rituals I need to do to get this process to work, it seems to change between different bits of software and get more complex with time as if Apple keeps finding proverbial bigger fools who can get through this mess without intending to and so they're solution is to keep making it increasingly more Byzantine
The thing that really irks me is I've got a paid developer account with Apple, I've already done the xcode dance, notarized binaries and all that nonsense, shouldn't this have activated some super special bit on my Apple account that says
“this one needs to do random stuff now and again and after saying, `Hey just checking in, doing this will do X to your computer probably, and maybe set it on fire, but if you say "go for it, I promise I know what I'm doing', I'm gonna trust you champ`, finger guns“
(not sure why in my head the personification of Apple would do "finger guns", but here we are I guess :shrug:)
Hell at this point I'll take a checkbox in my settings that says, ”Some people are into extreme sports, I love to install random binaries, just get out of my way“
You shouldn't need the company's permission to run whatever you want on your machine.
It's not an issue of permission, it's an issue of trying to make a computer that's safe for grandma to use. Criminals can and will convince grandma to navigate a byzantine labyrinth of prompts and technical measures in order to drain her bank account. That's the threat model we're dealing with here.
20 replies →
…you don’t, just like you don’t need the bank’s permission to withdraw funds… but they will still try and stop you pulling out $10,000 so you can buy iTunes gift cards to pay off your taxes.
And you don't. THIs is not iOS, gatekeeper can be bypassed if you know how.
IIRC everything you compile on macOS yourself, possibly only when using Apple’s llvm toolchain, already gets the proper bits set to execute just fine. This also seems to work for rust and go binaries. I’m not sure whether that is because they replicated the macOS llvm toolchain behaviour for the flag or whether another mechanism is at play.
I don't know about Go, but I think Rust uses the system linker by default.
You used to be able to boot into the rescue mode and disable their security system. Is that not a thing anymore?
The command line incantation is just a convenience. You can unblock the app that you just tried to run by going to Privacy and Security in system settings and clicking around a bit.
You used to be able to, but not anymore.
Yes. The threats are now from Apple and other vendors who increasingly want, build and enforce lock in.