[HN Gopher] Apple's macOS Ventura - New Security Changes
___________________________________________________________________
Apple's macOS Ventura - New Security Changes
Author : alwillis
Score : 144 points
Date : 2022-06-19 14:51 UTC (8 hours ago)
(HTM) web link (www.sentinelone.com)
(TXT) w3m dump (www.sentinelone.com)
| kemayo wrote:
| Nothing terribly major here, it sounds like. Making login items
| visible is a long-overdue change... but none of these are going
| to have any particular impact on average users or average apps.
|
| On a pettier note, can we get a better source than a website
| that's using JS to change its title when it doesn't have focus to
| try to gain attention? (It toggles about every second between
| "macOS Ventura | 7 New Security Changes to Be Aware Of" and
| "Message from SentinelOne". https://imgur.com/ynPqpvK - it's
| pretty awful.) I don't normally complain about scummy websites on
| here, but this is just annoying.
|
| Interestingly, I went looking for alternative sources for the
| content, and found that identical content is on other sites [1]
| which are also doing the same title-flicker technique. So
| presumably this is part of some content network...
|
| [1]: https://phxtechsol.com/2022/06/13/apples-macos-
| ventura-7-new...
| [deleted]
| servercobra wrote:
| I'm not surprised they're using scummy tactics. Their actual
| software runs like crap, so gotta do whatever they can to get
| users. I had a work MBP and personal MBP with exactly the same
| specs, main difference being the Sentinel One agent. The work
| one was constantly spinning up the fans, S1 was gobbling up
| memory, and support was completely useless in diagnosing. Their
| Linux agent isn't much better with constant memory leaks.
| sys_64738 wrote:
| I noticed it even did that in Reader Mode in Safari. Really
| annoying.
| Ensorceled wrote:
| 5-6 year support for hardware is just too short. I have a Mid
| 2015 Macbook Pro as a "backup" and that computer is still quite
| decent.
| kappuchino wrote:
| See reply below about Open Core Legacy Patcher[1] which enables
| to use older Intel Models to use modern OS Versions. And for
| even older hardware, check out the patchers from Dosdude[2].
| Most likely this will not be possible with the M-Class
| Processors from Apple, which is a shame.
|
| [1]https://dortania.github.io/OpenCore-Legacy-
| Patcher/MODELS.ht...
|
| [2]http://dosdude1.com/
| Kerrick wrote:
| MacOS versions tend to receive security updates for 2
| additional years after they're supplanted, so it's more like
| 7-8 years. Plus, all of the Macs that aren't eligible for
| Ventura can use Bootcamp to install Windows or dual boot into
| Linux if you're not happy with MacOS anymore.
| michaelmrose wrote:
| The newest machine that can't run the new version would be a
| Mac Pro purchased a scant 4 years ago. Potentially for
| several thousand dollars.
|
| Meanwhile there are 10 year old ~$1000 Thinkpads running
| Windows 11 or Linux. If they just wanted to run Linux on it
| they could have saved themselves some money.
|
| 8 years of updates to current version and 10 years of
| security updates should be the absolute minimum for every
| expensive hardware.
| unix_fan wrote:
| I question anyone purchasing a machine with generations old
| hardware in 2018. Especially considering the Mac pro had
| been supplanted by newer macs at that point.
| lostmsu wrote:
| In 2018 CPUs were still stagnating, so a 2013 CPU would
| likely be almost as performant as the latest one.
| nicky0 wrote:
| It's not really about the CPU power, more that by 2018 it
| was well known that the Trashcan Mac Pro was a dead-end
| design and a soon to have radical refresh.
| michaelmrose wrote:
| Absolutely correct it would have been a shitty purchase
| but one which ought to be supported none the less.
|
| Companies ought to love people who give them thousands
| for outdated hardware worth hundreds.
| thewebcount wrote:
| I wonder if it's worse this year than usual because of the
| switchover to AppleSilicon? I have a 2013 Mac Pro that I use
| daily and it's gotten all updates until this one. 9 years is
| pretty good. But I can understand wanting to end support for as
| many Intel machines as quickly as possible.
| djxfade wrote:
| When Apple announced the transition from PPC to Intel, the
| PPC Macs only got two major updates before being EOLed. Even
| the Power Mac G5 (2005) only got two major updates before
| being cut off from support.
| rodric wrote:
| It should be noted, however, that those major updates had
| longer lifespans then. Snow Leopard, the first Intel-only
| version of Mac OS, came out in 2009.
| more_corn wrote:
| They haven't yet released a machine worth upgrading to if
| you're on a 2015 MBP. I recently got a 14" M1 and I think I'll
| just reinstall my 2015 and move back to it.
| ekzy wrote:
| You can't be serious? The m1 is so good, great performance,
| much quieter and doesn't get hot, and the battery life is
| amazing. Also there's not many compatibility issues now
| matthewmacleod wrote:
| I'd wager that the vast majority of people who have made that
| upgrade would disagree with that view; it's a substantial
| step-change in most ways, if you use the device for software
| development or content creation.
| sys_64738 wrote:
| Battery life and speed alone are totally noticeable. This
| doesn't mention that Intel fires up the fans anytime a CPU
| calculation is done. I think you're being disingenuous here.
| Klonoar wrote:
| ...absolutely not. I jumped from a 2015 to an M1 and never
| looked back. It's 100% worth the upgrade.
| stouset wrote:
| That's certainly a hot take. I'm not sure many would share
| that opinion.
| have_faith wrote:
| The 14" M1 is the spiritual successor to the 2015 MBP I
| think. Ports, magsafe charger (with higher quality cable),
| larger screen within a marginally larger footprint, keyboard
| is good unlike the last few years, solidly built, no touch
| bar, finger print login, performance, etc. No complaints
| personally.
| PainfullyNormal wrote:
| I upgraded from a 2015 15" MBP to a 2021 16" MBP. I'm loving
| the upgrade. Fast. Better display. Much better battery life.
| Still has magsafe. The keyboard is acceptable. What do you
| think is missing and/or bad about the new models?
| [deleted]
| DavideNL wrote:
| > " _Passkeys aim to solve the problems with passwords_ "
|
| So are you locked in with Apple if you use this, or can you
| switch all your existing passwords to another "passkey
| provider/service" ?
|
| > " _Wave Goodbye to CAPTCHAS_ "
|
| I assume that's Safari only... so this is bad news for Firefox?
| Shank wrote:
| > So are you locked in with Apple if you use this, or can you
| switch all your existing passwords to another "passkey
| provider/service" ?
|
| Eventually, yes. Not now, but the goal is eventually, yes. It
| requires support to come to Android and at that point, they'll
| build the bridge to bring them together. I don't think the
| system currently exists for this, but they've said Passkeys
| will be a "multi-year industry-wide transition" so I'm inclined
| to believe it'll ship in the coming years.
|
| When you sign in with a passkey, you have the option of
| scanning a QR code from a locally present device running any
| software that can speak the standard (e.g., Android). This
| means that you can login using any software that supports
| Passkeys using any devices that support Passkeys. For example,
| Chrome on Windows (chrome://flags, turn on passkey support)
| with an iPhone is a valid pair.
| anaisbetts wrote:
| Assumedly any service that implements this will let you reset
| your password away from Passkeys, but it's still the soft
| lockin of "Ughhhh I don't want to reset everything".
|
| Sites will never go full Passkeys because that obviously falls
| over if you want to access it from any other device or
| computer, support request costs would go through the ceiling
| philistine wrote:
| I wouldn't be surprised if banks go passkeys only.
| gernb wrote:
| curious too as someone that uses 7 computers running 3 OSes,
| are my passkeys accessable, syncable, across OSes?
| PartiallyTyped wrote:
| > In collaboration with Google, Microsoft and other industry
| players, Apple has been working on a new logon technology for
| web and other remote services called 'passkeys'.
|
| I don't think it will be Apple only. However, I am wondering
| what will happen to services like bitwarden [1] if it is
| available on other OSes as well.
|
| [1] https://bitwarden.com/
| solarkraft wrote:
| What's your concern regarding Bitwarden?
| zenlf wrote:
| Not the original poster, but I think the worry is that how
| can a password manager survive in a passwordless future.
|
| Will major players be too powerful that no competing
| solutions will realistically exist.
| scarface74 wrote:
| This is based on a standard that Apple, Google and Microsoft
| have all agree to and have agreed to a method to transfer keys
| between devices.
| nojito wrote:
| Passkeys are an Open Standard.
|
| https://fidoalliance.org/apple-google-and-microsoft-commit-t...
| jmull wrote:
| > However, the Gatekeeper check here is overridable by users.
|
| This is presented as a flaw, but I'm not sure they are thinking
| through the alternatives. It's hard to give too much credence to
| security experts who are't thinking holistically. Perhaps there
| _is_ a flaw, but I 'm curious to know what it is.
| etchalon wrote:
| Things the user can override are things social engineers can
| convince users to override.
| KerrAvon wrote:
| Yes. Note that thus is the technical argument for disallowing
| sideloading.
| cmg wrote:
| Exactly. Technical measures are important, but if someone
| wants to play a game or do something that's been banned on
| Apple's stores and finds a site that claims to have an
| installer (which is actually malware) with instructions to
| disable Gatekeeper or SIP or what not, social engineering can
| work. Their goal is to do the thing they wanted to do,
| probably not thinking of security in the meanwhile. Popup
| alerts are going to be interpreted as something to get rid of
| so they can do the thing.
|
| It's a difficult balance. Power users, engineers, developers
| - we can (usually) tell when warnings need to be heeded.
| People who use their devices to achieve a goal without really
| understanding or caring about what's happening usually won't.
| macintux wrote:
| I still recall when that viral elf bowling game was showing
| up on _everyone 's_ computers, and it struck me that we
| were all quite fortunate it wasn't secretly malware.
| kybernetyk wrote:
| Security folks tend to have a very myopic view on things. Ever
| wondered why your computer got less and less useable? Security
| people pushing their agenda.
| threeseed wrote:
| > Ever wondered why your computer got less and less useable
|
| Would disagree.
|
| I think the security changes have made the OS more usable
| since I now get visibility into what apps are doing.
|
| And I love the idea that security people pushing their agenda
| of making devices more secure and more private is painted as
| a bad thing.
| pjmlp wrote:
| Yeah, because we get many sad users when their hard drive
| gets encrypted by ransomware, and even more so if it is a
| shared drive.
|
| So the less toys to play, the better.
| dagmx wrote:
| They explain their reasoning right after that statement. Their
| concern is social engineering is still a way to convince people
| to override this.
| Lammy wrote:
| > Gatekeeper's role is to ensure that when users execute some
| code, that code meets the local system policy. The policy
| includes checks such as whether the code is validly signed and
| whether it has been tampered with in certain ways.
|
| Weasel-word alert. I never thought I'd see the day when
| technologists would applaud the gradual death of general-purpose
| computing, but here we are. A decade from now Apple probably
| won't even ship a local version of Xcode, and the transformation
| will be complete as all new development happens in Xcode Cloud
| where no line of code goes unscrutinized by the watchful eye of
| the mother ship. At least we'll be Safe(tm).
| guessmyname wrote:
| It is funny to me to read this because I recently joined the
| Xcode Cloud team to precisely work on this, thinking that I
| could help Apple make developer's life easier in the near
| future, but according to your comment, there are people out
| there who will consider my team's work a regression.
| jcelerier wrote:
| > It is funny to me to read this because I recently joined
| the Xcode Cloud team to precisely work on this, thinking that
| I could help Apple make developer's life easier in the near
| future, but according to your comment, there are people out
| there who will consider my team's work a regression.
|
| how exactly will it be easier than my current workflow of:
|
| - Boot computer
|
| - Press win-key + d
|
| - type the letters "qtc"
|
| - hit enter
|
| - ctrl-alt-shift-<index the project I'm working on>
|
| - ready to code
| zmmmmm wrote:
| Not having to download 10g to edit 1 line of code on a
| computer where you haven't set up XCode should be a win?
|
| Having said that, I agree, the biggest problem here is that
| even if it doesn't seem obvious now, once the cloud
| offering is there the control it offers will make it very
| appealing for Apple to expand its use and eventually offer
| features there that aren't in the real XCode. It can fast
| be a slippery slope to the non-cloud app being deprecated.
| drdaeman wrote:
| There is no problem with a remote compilation. If anything,
| it's good to have options.
|
| The problem if someone decides that it's going to be the only
| option. And another problem is that they can.
|
| So, your work is not regression, and it definitely has a
| positive use case. It's just that it can also make certain
| unethical things possible.
| RONROC wrote:
| There is no more prescient of a take on this news as this one.
|
| Once the singularity is nearly complete you'll know: macOS and
| iOS will merge into one monolithic OS.
| corrral wrote:
| > A decade from now Apple probably won't even ship a local
| version of Xcode, and the transformation will be complete as
| all new development happens in Xcode Cloud where no line of
| code goes unscrutinized by the watchful eye of the mother ship.
|
| Any young folks wondering: yes, this exact same thing was being
| posted ten years ago, all the time.
|
| "Apple's gonna totally lock down macOS without any way around
| it, they hate general purpose computing" and the related
| "Apple's gonna merge iOS and macOS" are the apocalypse cult of
| computer geek forums. They might be right eventually, but only
| after being wrong a hundred times. And they never get the
| timeline right.
| danpalmer wrote:
| I disagree. Before Gatekeeper there was no way to define a
| policy about what code could run, now with Gatekeeper there is.
| Currently, Apple define a default policy. Users can edit this
| themselves if they acknowledge the risks. Admins of Macs can
| also set their own policies.
|
| The ability to have policies is very different from enforcing
| overly strong policies. Apple seems quite clear that they see
| iOS as being a platform with a stronger policy, and macOS as
| being a platform with at least the ability to run a weaker
| policy.
|
| Edit: also Xcode Cloud isn't what you imply it is/could be, and
| Apple's moves with Swift being developed in the open suggest to
| me a very different direction for development. I can't see this
| ever being locked down, either in terms of technology or
| policy.
| kccqzy wrote:
| Gatekeeper was introduced in 2011 in Lion. It has already been
| a decade. I didn't see that transformation happening.
| Lammy wrote:
| The existence of Gatekeeper already causes a huge privacy
| violation by "requiring" my computer to phone home to verify
| the signature the first time it launches an application.
| Everyone should have realized this when Apple's OCSP
| responder went down in November 2020 and nobody could launch
| anything that wasn't built in to the OS.
|
| According to TFA this kind of verification will now occur
| every time an application is launched to deter post-
| verification "tampering" by you, the user. How big of a
| privacy violation would it have to become to bother you, out
| of curiosity? If we let this continue we will end up in a
| future where full "Remote Attestation" of every hardware and
| software component is required to participate in the
| Internet. This isn't hypothetical doom-saying, either: game
| consoles already work like this. I remember my XBOX360 could
| detect modified DVD drive firmware, launches of individual
| pieces of software (e.g. Halo 3 Delta leak), and other types
| of system modifications, then it would permanently ban that
| machine from XBOX LIVE. And that was all 15+ years ago.
|
| Just imagine what a gift this will be to law enforcement, for
| example, once they can go to Apple all like "Hey, Siri, show
| me all users of Tor Browser around the time of
| ${BITCOIN_TRANSACTION_ID}".
| [deleted]
| ramesh31 wrote:
| Am I the only one increasingly frustrated with macOS's naming
| scheme? I have no idea what the latest version is. Ubuntu
| versioning gets this right; you can parse their codenames
| alphabetically to derive the semantic version. But Apple's
| heuristic here seems to be "throw a dart at a map of California".
| eknkc wrote:
| Just use years. You are already releasing shit yearly. Name it
| macOS 22.
|
| These places mean nothing to me.
| philistine wrote:
| The strength of the California brand across the globe is
| crazy good. It's all a bit of marketing.
| vincent-manis wrote:
| Future versions will be named Bakersfield, Weed, and Needles,
| not to mention Oxnard?
| duped wrote:
| Ventura is MacOS 13.0.0.
| tannhaeuser wrote:
| Ah thx, was thinking about Lino Ventura so a place in Italy I
| guess; could be worse eg Ponte Vecchio
| Ruq wrote:
| I just miss the Big Cat names.
| ubercore wrote:
| Hasn't it been this way the whole time? Why is your frustration
| increasing?
| guerrilla wrote:
| Haven't you not been getting food this whole time? Why is
| your frustration increasing?
| russelldjimmy wrote:
| Help me understand how being starved for food is analogous
| to having OS version names that don't reflect the order of
| OS releases.
| guerrilla wrote:
| The irritant becomes with as time goes on as long as its
| present. More and more meaningless names to memorize...
| [deleted]
| itg wrote:
| I imagine as the number of versions increase, there is more
| tracking you have to do when someone doesn't explicitly
| mention the version number.
| saurik wrote:
| That's definitely my issue: over the years, we have
| accumulated more and more and more of these names. When
| someone talks about iOS 4 or iOS 7 in some article I am
| reading, I know what they are talking about and the extent
| to which the version matters; but, when someone talks about
| macOS Gaviota, I have to think "wait, was that the one that
| just came out, or was that one of the ones I haven't had to
| think about in a decade? oh shit... maybe it's the one that
| got announced today and I just haven't heard the name
| yet?!".
|
| (That said, I will also note that frustration is not
| inherently constant even when something is truly static:
| sometimes you get used to something over time and it stops
| bothering you, while other times it slowly drives you mad.)
| jl6 wrote:
| Ubuntu has both a codename and a version number. macOS has a
| version number too (Ventura is 13) but Apple frustratingly
| don't use it prominently.
| jen20 wrote:
| The version number and build number are on the "About this
| Mac" screen and in the output of `sw_vers` - where else would
| you like to see it used?
| jl6 wrote:
| In marketing material, such as here:
|
| https://www.apple.com/uk/macos/macos-ventura-preview/
| jen20 wrote:
| I personally doubt you'll ever see that, though it's a
| possibility since iOS uses version numbers.
| rzzzt wrote:
| Alliterating Antlion
| giantrobot wrote:
| It wasn't much better with big cats. There were two sort of
| semantically related releases, Leopard/Snow Leopard and
| Lion/Mountain Lion. Of those on the Leopard/Snow Leopard I
| thought made sense as Snow Leopard was a "oh shit fix all the
| bugs" release. SL was the first full OS release after the Intel
| transition _and_ 64-bit kernel.
| sharikous wrote:
| Yes but it starts to be difficult to keep 18 names in the
| head, be them cats or California places
| bangonkeyboard wrote:
| I can picture a big cat in my mind. That helped to peg OS X
| releases and enabled me to mentally distinguish and order
| them.
|
| I can't picture "Monterey" or "Ventura" or any other macOS
| names, they have no meaning to me.
| Macha wrote:
| Ventura has a meaning to me.... Ace Ventura, a cartoon from
| my childhood about a egotistical questionably competent
| detective.
|
| I'm not sure that's the image Apple wants to give off
| though...
| rsfinn wrote:
| "Ventura Highway, in the sunshine..." [0]
|
| I may be dating myself somewhat here.
|
| [0] https://en.wikipedia.org/wiki/Ventura_Highway
| mixmastamyk wrote:
| Sunny beach town, Spanish mission, etc.
| philistine wrote:
| themadturk wrote:
| Big Sur, Monterey, Yosemite, El Capitan, Catalina... all
| worked for me because I've either been there or there was a
| screensaver/wallpaper to associate them with their locales.
| I really don't know a thing about Ventura.
| dagmx wrote:
| The marketing names for macOS and OSX have always been random
| other than having a general theme to it.
|
| The OS in most cases just refers to itself by the number and is
| what it will show in a lot of scenarios in addition to the
| marketing name.
| masklinn wrote:
| > The marketing names for macOS and OSX have always been
| random other than having a general theme to it.
|
| Not _entirely_ true: two of the cats were name variations of
| their predecessors to express an intent of limited end-user
| / feature updates and a focus on refinement (even though
| taxonomically the cats have basically no relationships
| outside of being cats, mountain lions aren't even in the same
| genus as lions)
| dagmx wrote:
| That's fair. In a similar vein, there was also Sierra and
| High Sierra.
| Tsiklon wrote:
| In a sense they sort of did continue this style of
| convention with Yosemite and El Capitan (the latter being
| in the former), Sierra and High Sierra.
|
| It's only in the last few releases that the dart board has
| come out
| rsfinn wrote:
| Since they moved macOS off version 10.x (finally),
| "Apple's crack marketing team" left the desert (Mojave)
| for the Pacific coast. Unfortunately, they didn't plan
| the trip carefully, so they started at Big Sur with macOS
| 11, went north to Monterey for macOS 12, then turned
| around and headed back south to Ventura for macOS 13. At
| least those locations are in alphabetical order -- but
| with Ventura they seem to have painted themselves into a
| corner.
|
| So will macOS 14 be further south (Carlsbad?) or back
| north (Eureka?) -- stay tuned...
| [deleted]
| ksec wrote:
| Yes. In Big Cat era, you could at least memorise those names
| which have some meaning to nearly everyone around the world,
| and it always had a version number.
|
| Mac OS X 10.7 "Lion" - 2010
|
| Mac OS X 10.8 "Mountain Lion" - 2012
|
| Now it is only a name I guess only people in US / California
| will know or understand. The same joke From Apple's "crack
| marketing team" and played out by Craig Federighi for something
| like 10 years[1].
|
| But I guess that is post Steve Jobs's Apple for you.
|
| [1] Just guessing since I remember they started using this line
| after Forstall left.
| muterad_murilax wrote:
| Small correction:
|
| Mac OS X 10.7 Lion was released in 2011.
|
| Also, there's no "Mac" in OS X 10.8 Mountain Lion.
| ntoskrnl wrote:
| Let's go back to cats. Since macOS is becoming more and more
| like iOS, we don't have to limit ourselves to big cats
| anymore. Small cats are on the table too. There's gotta be at
| least 100 cat breeds, that should last us a while.
| ranman wrote:
| _nodejs has joined the conversation_
| [deleted]
| sharikous wrote:
| At least two other security changes:
|
| - userspace filesystems: the nail on the coffin for kernel
| extensions. Now we won't need to run in "reduced security" to use
| FUSE and that was the last kernel extension that remained
| popular. Probably kexts will be deprecated shortly - rapid
| security response
|
| - it seems also to include changes in Xprotect and mrt
| dochtman wrote:
| Very curious about userspace filesystems, would be awesome if
| there's finally a fast solution for this that's well-supported
| in the OS.
| pxc wrote:
| > the nail on the coffin for kernel extensions
|
| The OpenZFS implementation on macOS also requires kernel
| extensions, and I don't suppose it can easily be ported to FUSE
| or that that would have desirable performance characteristics.
|
| Special kernel extensions are also required to get some basic
| functionality working on macOS these days, like disabling
| pointer acceleration.
| dagmx wrote:
| Do you have any links on the userspace filesystems? There's a
| few things I'd like to develop in that regard without getting
| into kexts
| sharikous wrote:
| There is that: https://threedots.ovh/blog/2022/06/quick-look-
| at-user-mode-f...
|
| But userspace filesystems are already present in iOS so you
| can find some reverse engineered info on that (e.g. in
| Jonathan Levin's books)
| dagmx wrote:
| Thanks
| jessriedel wrote:
| Mostly off-topic: have Apple and Microsoft completely given up on
| non-trivial changes to desktop operating systems? Will MacOS look
| basically the same in 40 years? Or is the idea that everything
| will be AR/VR by then and there is no use innovating in this
| domain?
| sys_64738 wrote:
| If you look at independent developers working on the Mac OS,
| you find it's pretty much dead. Only the name programs get
| updated nowadays whereas everybody else has moved to
| iPhone/iPad as that's where the money is. Open source still
| chugs along though.
| brundolf wrote:
| Window management has continued to evolve in nontrivial ways,
| imo. More fundamental interactions probably won't and probably
| shouldn't change; those idioms are mature and deeply engrained
| at this point. It would alienate swathes of users to rock such
| an established boat.
| philistine wrote:
| Microsoft tried with Windows on their phones. Look where that
| led them.
| dagmx wrote:
| I guess you'd need to set a goal post of what counts as
| trivial?
|
| Many of the things mentioned in the article aren't trivial.
| They may be smaller in scope, but size (large / small) are
| different than complexity.
|
| You can take a look at what's new in Ventura
| https://www.apple.com/macos/macos-ventura-preview/features/ but
| that's not even getting into the under pinnings.
|
| Similarly Microsoft made fairly significant changes to Windows
| between 10 and 11, and several times to 10 within its life
| cycle.
|
| Unless you're talking purely visual design, in which case what
| kind of changes would you expect without upending people's
| workflow?
| jessriedel wrote:
| We have gotten so use to these trivial changes that our
| expectations have renormalized. Desktop OSs are
| asymptotically approaching a fixed point.
|
| Examples of modest but non-trivial changes:
|
| - eliminate the folder-file system (or at least make it
| completely invisible to the user)
|
| - remove UI distinction (but not necessarily the sandbox
| distinction) between web apps and normal apps.
|
| - seamless mobile-desktop integration, so the user views them
| as just different form factors for accessing the same
| resources.
|
| (There are of course much more radical changes than these
| that one could imagine.)
| dagmx wrote:
| I'm curious as to your background if you consider any of
| the things mentioned in the articles as "trivial" changes.
| Have you worked in systems development before?
|
| I similarly question your definition of "modest". The first
| one alone is incredibly radical, and has been tried several
| times in the past but people keep asking for hierarchical
| file systems. It's far from modest.
|
| 1. How do you propose users organize things?
|
| 2. Already exists today with electron and webview. What
| would you propose an OS provide here? Many apps you use
| today on macOS are web apps within a native context.
|
| 3. This is already growing on macOS with features like
| continuity handofd, universal control, being able to run
| mobile apps on desktop, iCloud sync of projects etc.. Each
| year they've clearly moved towards unifying things.
|
| If these are what you consider modest though, I fear what
| you consider radical without throwing out decades of
| learned user interaction in the process
| jessriedel wrote:
| I'm not using "trivial" as a measure of ease of back-end
| implementation, but rather of how it actually changes
| user experience and productivity. There is no limit to
| how hard it can become to implement trivial changes
| behind the scenes; it would be silly to ignore or
| downplay the ossification of desktop OS capability just
| because software developers continue to expend more and
| more effort to make smaller and smaller improvements.
|
| My reading of your comment is that you aren't actually
| interested in thinking about non-trivial changes here.
| "Didn't you know people have tried eliminating folder
| systems before? It's hard and hasn't succeeded yet" is
| obvious and does not seriously engage with the
| possibility. ("Didn't you know people have been
| attempting to make stylus input work for decades without
| success?") Likewise, the fact that web apps can be
| disguised as native apps is not the same thing as
| eliminating the distinction at the user level, and I
| don't think you would have conflated these if you were
| really interested in it.
|
| So I don't think it will be productive to continue this
| conversation.
| dagmx wrote:
| Again, that's why I'm delineating between scale and
| complexity. Trivial implies complexity, but you seem to
| keep going back to scale of the change.
|
| Saying something is trivial, by definition, implies its a
| simple change. Nothing mentioned so far is simple. None
| of your suggestions were modest.
|
| I understand you're using the word according to how you
| think of it, but I'm trying to point out that you're
| incorrect, and that many of the things you say are modest
| are not so.
|
| You're actively down playing the amount of work and it
| either feels disingenuous to make your point, or divorced
| from the reality of implementation.
| loudermachine wrote:
| Swap "everything will be AR/VR" to "everyone uses mobile as
| primary devices" and I think it's a better guess. Or maybe
| "everyone have at least two computer devices". I feel like the
| goal is to have the most seamless experience between tablets,
| smartphones and desktop, and impactful changes that don't work
| towards that goal are just discarded.
| [deleted]
| zmmmmm wrote:
| Most concerning is Gatekeeper, as I do still routinely run into
| scenarios where it harassess me about applications I am trying to
| run and on the odd occasion I have to manually codesign things.
|
| It will be _super_ annoying if this now starts making developer
| 's life hell because it is nannying binaries they are building,
| sharing or working with as part of their development work.
| Wowfunhappy wrote:
| You can completely disable Gatekeeper if it annoys you:
|
| $ sudo spctl --master-disable
| [deleted]
| dagmx wrote:
| If you're building, you can designate something as a developer
| tool and gatekeeper will ignore it.
| forgotmypw17 wrote:
| Somewhere between Mountain Lion and High Sierra, it became
| impossible to delete or even mark non-executable various annoying
| built-in applications which I never use, e.g. iTunes.app and
| Safari.app, which often open without me asking them to.
|
| Does anyone know how to re-enable this functionality?
| [deleted]
| kappuchino wrote:
| Lets hope the open core project, namely the Open Core Legacy
| Patcher[1] will revive some older models to run Ventura.
| Personally, I'm running a 2014/15 Macbook Air 11" for 7 years
| now[2] and with "Open Core Legacy" on Monterrey with no issues at
| all.
|
| [1] https://dortania.github.io/OpenCore-Legacy-
| Patcher/MODELS.ht...
|
| [2] Except the mainboard, display and shell everything else thats
| modular (wifi card, ssd, battery and keyboard) was
| replaced/repaired at some point.
| ksec wrote:
| May be off topic but this had me thinking.
|
| Will Safari 16 be available on older macOS? Assuming Apple
| doesn't break their tradition it should support two prior OS
| release, Monterey and Big Sur.
|
| While I could do without an OS update on my MacBook Pro 2015. (
| I cant record a single useful feature from all the previous OS
| update other than Universal Clipboard ) That means for MacBook
| Pro 2015 Model users they will only have two more Safari
| Update.
| Synaesthesia wrote:
| In pretty confident it will, the OCLP project has improved a
| lot and is now very capable and stable. My MacBook Pro 2012
| runs Monterey, and it's really fast and stable. Better than any
| previous Mac OS in fact.
|
| You can look on the Macrumors forum and Reddit to see if
| they're already getting the betas to work.
|
| https://forums.macrumors.com/threads/macos-13-ventura-on-uns...
|
| https://www.reddit.com/r/venturapatcher/
|
| Edit: the OCLP team released an official statement, looks like
| they're having quite a few challenges.
| https://github.com/dortania/OpenCore-Legacy-Patcher/issues/9...
| captn3m0 wrote:
| Do the new DNSSEC changes imply anything for local DNS overrides?
| Would Apple refuse to block a site if DNSSEC is enabled and
| PiHole returns a blocking response?
| tptacek wrote:
| Probably not. I haven't been able to dig into what they're
| doing, but I watched the presentation about the feature, and
| it's an opt-in API for applications. I'm not clear on this but
| I have to assume that the macOS/iOS resolver code is still
| leaning on your external recursor to do the DNSSEC validation
| stuff (otherwise, it's going to generate _a lot_ of extra
| lookup traffic), which means it's going to trust whatever your
| PiHole tells it anyways.
| [deleted]
| prpl wrote:
| I'm sure quite a few MBP 2015 users are going to be a little sad
| the end is near.
|
| I loved that machine. I was able to skip the 2017 MBP and go to
| 2019, but honestly I miss the smaller trackpad.
| MrBuddyCasino wrote:
| Still using the 2013 and 2015 MBPs here, had no reason to
| upgrade. Love them to death, still no hardware issues
| whatsoever except a new battery. I also prefer the smaller
| trackpad. Guess its time to gift them to my parents.
|
| Luckily, the M1/M2 is finally a worthy upgrade, after years of
| keyboard issues and unwanted features.
| brundolf wrote:
| Will non-Ventura devices still get vulnerabilities patched, or
| are they dead in the water?
| samcat116 wrote:
| Security updates are N-2 I believe (so current OS and last
| two major versions).
| crest wrote:
| Apple has established a pattern of haphazardly offering
| partial and late security updates for the two more releases
| (e.g. Big Sur, Monterey, Ventura).
| philistine wrote:
| Looking from the outside, it sure does look like every
| security patch is assessed on its difficulty to port to
| older OSes, its severity, and its reach.
|
| It can be maddening.
| IndySun wrote:
| Along with other comments, we have at least 10 fully working
| mbp 2015s. Many with upgraded 2tb storage. All used for audio
| work. Running 10.13 - 10.16. Little to no issues and I still
| buy up any I find online. Absolutely fantastic machines.
| samgranieri wrote:
| I have a 2015 MBP, and still think this machine has legs to
| last a bit longer. Maybe I'll put arch linux on it later on
| sprkwd wrote:
| It's what I'm gonna be doing!!
| gernb wrote:
| agreed the larger trackpad is a net minus. I get all kinds of
| spurious input because of it sensing my palms
| ksec wrote:
| Butterfly Keyboard ( And arguably the new Magic Keyboard )
| with little to no Key travel distance, along with Larger
| Trackpad which create false positive input were two key minus
| design features.
|
| Unfortunately every time I pointed this out most of HN were
| quick to answer this is an user issue and not a design flaw.
| filoleg wrote:
| I can see why most on HN (and actually outside of HN too)
| would say a larger trackpad is great, so I think you might
| indeed be in the minority opinion on this one. Even
| mainstream reviewers tended to list it as a positive.
|
| But butterfly keyboard had been pretty much universally
| decried as a terrible mistake almost everywhere, including
| HN.
| ksec wrote:
| >But butterfly keyboard had been pretty much universally
| decried as a terrible mistake almost everywhere,
| including HN.
|
| That was certainly not the case until the reliability
| problem got magnified in 2018. When the problem has been
| there since 2016. Before that Butterfly was somehow the
| holy grail for touch typist.
| KerrAvon wrote:
| I remember reactions being more mixed. I and others
| always wanted more key travel, but I also knew people who
| loved it.
| oreilles wrote:
| I don't believe it ever was the holy grail of touch
| typist. First, it was incredibly loud, and most people
| complained about it. The key travel distance was mostly
| cited as a con, not a pro. And only then the reliablity
| issues started to arise. But it didn't take 2018. This
| article (https://news.ycombinator.com/item?id=15496745)
| made it to the top of HN in Oct 2017, but people had
| already been complaining for months (See this article
| from February
| https://forums.macrumors.com/threads/some-2016-macbook-
| pro-o...).
| pram wrote:
| The login items panel is such a good change, and also like 20
| years overdue.
| jessriedel wrote:
| Yes, I have been baffled that it was always so difficult for
| the user to manage what's auto-launched on start-up. So many
| apps try to bury into start-up so they can keep collecting data
| and lightly spamming the user.
|
| Can anyone shed light on why it took so long? I had always
| figured the non-existence of a login items panel was a
| purposeful choice.
| nvrspyx wrote:
| It's actually been there for a long time. It's a separate tab
| in "Users & Groups" pre-Ventura.
| yurishimo wrote:
| Apps aren't required to use that screen though. Some of
| them will, but a lot of apps not in the App Store can and
| do register themselves with launchd on their own.
|
| Apple should be proactive and extract those items
| automatically, but in practice, they don't.
| mrtesthah wrote:
| No, the "Login Items" panel that was previously under Users
| & Groups did _not_ include Launch Agents or Launch Daemons.
|
| Launch Daemons in particular are managed directly by
| launchd and can have more sophisticated triggers including
| periodic execution.
| Etheryte wrote:
| This view only includes actual apps that launch on startup,
| it doesn't include agents, daemons etc. Many popular apps
| have one, if not many, that the users are usually not even
| aware of and can't turn off via the UI. To see what I mean,
| try running `launchctl list | grep -v "com.apple"` as the
| user you're logged in with. It will list jobs loaded into
| launchctl not owned by Apple, and that isn't even the only
| way to make things run at startup.
| [deleted]
___________________________________________________________________
(page generated 2022-06-19 23:00 UTC)