Comment by xp84
14 hours ago
> If they approve, the settings open, then the user has to find the specific little toggle and enable it. Another security prompt then done. Why isn’t this at most 2 prompts?
Answer: Because modern-day Apple has subscribed to a particular brand of mitigation for the "noobs will always click 'Allow' especially if you ask them to first" problem. The mitigation is that Apple just dumps you on step 2 of a little 4-5 step mini sysadmin adventure where you prove, every time, that you're sophisticated enough to deserve an exception to the padded-cell walled garden mode they've sealed off 'for your safety.'
As a complete nerd, you'd think maybe I'd like that I can prove my skills like this, but it comes off as deeply disrespectful to me as the user that I can't disable this.
What's my solution to prevent grandma or a 10-year-old from clicking "Allow full filesystem access and keylogging" to an executable she downloaded from facebook-security-center-and-password-verification-cgi-bin-ab383 dot xyz? IDK, that's their problem, but they should offer a way for those of us who aren't clueless to turn whatever it is off.
> As a complete nerd, you'd think maybe I'd like that I can prove my skills like this, but it comes off as deeply disrespectful to me as the user that I can't disable this.
You seem to have understood the problem. But then you didn't follow. If there was a way to disable this, first thing that the grandma would do is watch a video how to disable that and lose security from then on.
Of course it is not perfect, but their approach here is really decent. And also, if you find yourself needing to go through that often I think that's not a good sign security-wise.
> If there was a way to disable this, first thing that the grandma would do is watch a video how to disable that and lose security from then on.
My grandma absolutely would not watch and follow a video on how to e.g. disable Gatekeeper, nor do I think she’d be able to if she tried.
Your grandma sounds substantially more tech savvy than my grandma. Good for her, she seems to know what she wants. Grown adults should be allowed to knowingly opt into an additional level of risk.
Their approach is not decent. There should be some kind of master key to get full admin access. Leaving al the keys in the hand of a mega corporation is asking for trouble.
It's gone so far that even tech people now think that having root access to a mobile device is somehow scary. Well guess what that root access is still there for the manufacturer. It needs it for stuff like updates. It just shields you from having any kind of input or visibility on what is going on.
And once you've given up your admin control to the mega corporation, your government is going to be next. They'll be demanding backdoors and regulatory bullshit like age verification and snooping backdoors. Even today the EU launched yet another chatcontrol proposal. Eventually they'll manage to get it through when they've paid off enough representatives.
Keeping full control is the only way to prevent this.
Doesn't the government already have root to whatever machine via the NSA? It's the downstream government, the state-level governments that are squeaky wheels with the age verification and other nonsense.
you really underestimate the will of people to not change anything that annoys them about their OS. they will click 1 million times a popup away before even considering that it could be resolved indefinitely by an option change. i think Apple's system works well to keep the average user safe.
This is evidenced by the people who constantly dismissed the Wi-Fi pop-up on iOS. Which is just about everyone I know with an iPhone.
1 reply →
Agreed. It just doesn't occur to most people. To even come up with the idea that maybe there's a setting for something, never mind searching for a tutorial on how to change it, you already have to be a power user for some values of "power".
2 replies →
Could make it disable-able only from the terminal in recovery mode. That one would be too hard / bothersome to fend off most cases I feel like
Did you know that Facebook actually has a message styled with color and different font sizes that pops up in the browser console when you open the inspector for Facebook.com with instruction not to paste things you're told to paste there, with a link to https://www.facebook.com/selfxss for more information?
Never underestimate the ingenuity of a motivated fool.
My litmus test for this sort of thing is Excel - I think we all can agree that Excel is used for way more than it should be, and the most complicated, unhinged uses of it are done by non-technical folks looking to get a task done through desperation.
9 replies →
The solution is that you as the nerd should be able to prove your skills once instead of every time. This is why I’ve personally never had an issue with Gatekeeper—one `spctl --master-disable` and a trip to the Settings menu and you’re done. Why can’t TCC work like this?
That’s likely not quite the reason. It is to make you have to pause to think if this is the action you want to take.
On the flip side, many websites ask if I want to allow notifications. I almost never do. I was looking at settings recently and surprised how often I’d clicked yes by accident (maybe about 5% false click rate?)
>On the flip side, many websites ask if I want to allow notifications
One of the first things I disable on any new Firefox setup. I want zero notifications from websites (or in general, one of the objective improvements of Windows 10 over Windows 7 is that you can just disable notifications entirely, while disabling balloon alerts in Windows 7 was a huge battle that never fully worked)
but the damage of notifications is almost zero compared to keylogger IMHO
Right, that’s why you get a simpler yes/no dialog for notifications, and a conplex “navigate to this settings pane and click a separate button” flow for a keylogger
2 replies →
Notification requests add to decision fatigue, which can lead to bad things.
Depends on what you allow and what your level of sophistication is.
My mother recently had "There are antivirus notifications taking over half the screen, do I need to click on them and renew Norton?"
She'd been somewhere and done something that had allowed an unscrupulous site to flood her with alerts directing her to give payment information to a scam site pretending to be antivirus renewal.
When I finally got over there (she doesn't live on the same continent) I went in and disabled notifications on all of her installed browsers.
As far as I'm concerned the whole 'let this website notify you' feature is an antipattern and yet another example of browser overreach.
2 replies →
I oftentimes think that as a nerd, it's easy to walk around like my shit doesn't stink, but then I realize I too have been the victim of clicking through popups mindlessly and probably have done some 'risky computing stuff' I'm unaware of beyond that.
As nerds, do we have a higher capacity to fix a mess than a grandma? Sure, probably, but that doesn't mean that we don't make messes.
That is a solution. But the underlying problem is that they didn't go far enough. There's no good reason to bundle arbitrary screen recording with window snapshots, or bundle arbitrary keylogging with hotkey activation. Just off the top of my head:
For previews, Apple could provide an API for this very common task. The OS can provide the images, and they could be sampled at refresh rate that makes it unusable for arbitrary recording.
For key chords, they could repurpose the emoji key, which is currently not available for external binding, to effectively allow capture only following that magic sequence. The OS should manage this centrally, allowing a program to define its commands and then delivering only the command without the specific associated keys presses. We get the benefit of centralized management with deconfliction, too, which is a real pain on macos as it stands.
I don't know if these solve every problem, but they solve some. There are probably better ways. Apple has plenty of smart programmers. The product team needs to let them solve the problems that they surely know bother their professional users.
This particular permission is pernicious, ponder for a picosecond the possibilities:
It’s used for writing keyloggers.
That’s it. It’s the permission that lets you write a keylogger. It SHOULD NOT be just a click away. It should require some extra song and dance, because this is an especially dangerous permission, and the extra friction is justified.
All the permissions are treated the same way though. Microphone access. Screen sharing access. etc. Yes, all could be used to spy on you in evil ways, but the replacement of a straightforward "Want to grant this app the following permissions?" with these stupid little spelunks through the garbage app that is Settings irritates me every time.
Apple should throw this whole thing out and replace it with first-launch lists of permissions, with toggles for each. This app 'Zoom' wants "Record the screen, microphone, camera." Then you're done and you don't have to keep searching for it in little lists and relaunching it.
They are not all treated the same. Microphone and even Location or Local Network can be permitted direktly with the dialog.
Honestly, I think the permissions model for desktop and laptop computers is way too permissive to begin with, I think it just kinda sucks and doesn’t do its job. Apple is kind of fixing it but there is a long way to go.
There have been alarm bells ringing in my head for a long time with all these settings, and the fact that they’re buried in the settings app gives me a lot of peace of mind. I’ll click through a lot of boxes and alerts and grant permissions that I shouldn’t. I’m SUPER glad that I won’t accidentally grant, you know, full disk access or accessibility to an app just by clicking on a box that appears at startup.
I remember back in the bad old days when I was constantly making extra user accounts just to run some program. Kinda sucked. Hard truth is, you sometimes want to run code that you don’t fully trust.
2 replies →
The scary thing to me is how Apple makes you jump through hoops to install or use any sort of app, but when it comes to adding items to your login items, they don't even require you to grant permission.
Tried some little throwaway app and realized you don't need it? Sucks for you. It added itself to your login items and it'll start up in the background every single time you turn on your computer. And it won't even tell you. Thought you deleted the app from your Applications folder? If you didn't check your login items, there's probably some little script that deeply installed itself and it'll reinstall it in the background during your next startup.
Adobe is the fucking worst with this. Their Creative Cloud spyware keeps enabling itself and reinstalling itself so long as you use photoshop. And it'll constantly find ways to turn itself back on. Steam also adds itself to login items, which is fucking annoying because you'll reboot and be hit in the face with game ads. At least it respects your decision when you turn it off, but login items should be opt in, never opt out.
I like the app ‘Lingon X’ I think is the name, to help with this. It’s a viewer/editor for all the startup and recurrent background tasks on your Mac. But also it has a feature to notify you of any edits/additions to the startup/background items that I otherwise wouldn’t have known about.
I try to always install with Homebrew. Because then you can uninstall with the --zap option, for example:
Usually it blows away everything associated with the app, including cached files, configuration in ~/Library and ~/.config, etc. Very useful. It'll leave a non-functional login item which isn't active and can't be active.
I like the app uninstaller included in Forklift. You open Applications folder, and delete an app. A window appears with all the associated files Forklift can find (which is extremely accurate, BTW), and you can uninstall everything you want from there.
For .pkg files, there's UninstallPKG which reads the package manifest and properly uninstalls it.
1 reply →
I get notifications that an item has added itself to your login items.
I do as well, but no app should be able to add itself to the login items: ask me or better have me navigate to the login items settings pane and add it manually.
For a long time, I’ve believed that the actual solution is to make the system transparent enough that a compromised system is obvious. Imagine playing hide and go seek in the salt flats
From the time of very early viruses, malware has spent effort modifying the tools that make the system transparent to lie to you. So your approach demands that there must be things that are absolutely impossible to change. I have yet to see a system where that is actually true.
That seems ≈impossible in a world where you're running arbitrary, Turing-complete code. A modern consumer machine can do so many different things—often a bunch at a time—that there is always a massive amount of space to hide bad behavior.
There might be some way to design a system from the ground up to avoid this problem (some kind of declarative, capability-based security?), but retrofitting that onto an existing behemoth of a system does not really work.
I agree, however the fundamental problem here is that transparent systems are on the far side of the axis from user focused systems, think about it, the whole point of building a user interface is to hide and remove choice from the user, to change the system from "A steady hand with a magnetic needle" to "point and grunt" the whole point is to build a shiny facade that hides the inner working of the machine. So while you and I and many other people like to see the machine, the inner workings whirling around in grandiose majesty. Millions of man hours have been spent hiding that stuff away keeping it from view, pretending it does not exist. And thus the transparency of our computing environments have suffered correspondingly to this focus on hiding things.
If I log into my system it's safe. If someone reads my password off my screen post-it and logs into my system it's quite thoroughly compromised. How would you demonstrate which of the two sessions are compromised, during the act?
What does that actually mean?
See https://en.wikipedia.org/wiki/Bonneville_Salt_Flats — the salt flats are extremely flat (as the name implies), and because of all the salt, no vegetation can survive. Look at the pictures: there are no trees, no grass, no hiding places at all. Anyone standing (or even lying prone) on the salt flats is visible to anyone else for miles around.
GP was saying that systems should be "transparent enough that a compromised system is obvious". I'm not entirely convinced that that's possible (On Trusting Trust should have taught us that compromised systems can create places for the compromise to hide), which means that the salt flats analogy is not a great analogy, IMHO. But at least now you understand the analogy.
4 replies →
Ironically, my first thought was using Automator or AutoHotKey (there's a different one for macOS I think? But you get the point) to just identify those dialogs and click yes/allow/whatever.
Even though a bunch of the responses are "well you don't want a keylogger" when the first solutions I can think of are also (potential) keyloggers. :)
Making the prompts understandable helps a lot when it comes to preventing your grandma from installing a keylogger. I don't mind the setting not being obvious exactly because people who don't know computers shouldn't be tricked into toggling them.
But it is funny to see the daily barrage of permission prompts fly through when macOS made an entire ad ridiculing Vista for half the popups and permissions macOS requires these days.
It got restrictive enough that I jumped to Linux with Hyprland and just configured everything the way I actually want
True, I started with Omarchy, but then changed everything to my liking. It's so much nicer if you can change your OS by changing some dotfiles, and don't get distracted by all the nonsense of new features that macOS and Windows are adding. I wrote about my journey https://www.ssp.sh/blog/macbook-to-arch-linux-omarchy/ and what I learned after 8 months: https://www.ssp.sh/blog/linux-omarchy-the-good-bad-and-fixab...
This is the reason I stopped bothering with MacOS, also. Linux just works.
Bring back the "Unix expert" checkbox from NeXTstep?
> but they should offer a way for those of us who aren't clueless to turn whatever it is off.
I'm not sure if it's what you're asking for, but you can disable SIP:
https://developer.apple.com/documentation/security/disabling...
It's been a while since I dumped OSX and went back to Linux, but IIRC, this setting gets reset every time the system updates.
At some point Apple realized the "power user" market was too small, and they were better off treating all of their users like idiots. And that's when I left.
The power user market was never that big for Apple since Mac Classic came to be, that was the target market, the "idiots".
Desktop power users were on the Acorn, Amiga, Atari and PC.
As NeXT "acquired" Apple, Linux users thought OS X was the UNIX experience they were looking for, and since they were never part of Apple culture, keep getting their expectations wrong.
6 replies →
I've had SIP disabled for years, across many updates.
You can make the vast majority of them go away by rebooting into recovery mode, running Terminal and then executing:
csrutil disable
nvram boot-args="amfi_get_out_of_my_way=0x1"
I really wouldn't recommend doing either, but you do you.
And then one that grinds my gears, perhaps more than it should: there's no way to change the default browser without explicit user action or consent.
But do that and the very next thing that happens when you try to open a browser or a link in an email?
"Your browser has been changed from Safari to Chrome. Would you like to use Safari or keep using Chrome?" and for a little salt, the default is "Use Safari".