[HN Gopher] Apple's macOS Ventura - New Security Changes ___________________________________________________________________ Apple's macOS Ventura - New Security Changes Author : alwillis Score : 144 points Date : 2022-06-19 14:51 UTC (8 hours ago) (HTM) web link (www.sentinelone.com) (TXT) w3m dump (www.sentinelone.com) | kemayo wrote: | Nothing terribly major here, it sounds like. Making login items | visible is a long-overdue change... but none of these are going | to have any particular impact on average users or average apps. | | On a pettier note, can we get a better source than a website | that's using JS to change its title when it doesn't have focus to | try to gain attention? (It toggles about every second between | "macOS Ventura | 7 New Security Changes to Be Aware Of" and | "Message from SentinelOne". https://imgur.com/ynPqpvK - it's | pretty awful.) I don't normally complain about scummy websites on | here, but this is just annoying. | | Interestingly, I went looking for alternative sources for the | content, and found that identical content is on other sites [1] | which are also doing the same title-flicker technique. So | presumably this is part of some content network... | | [1]: https://phxtechsol.com/2022/06/13/apples-macos- | ventura-7-new... | [deleted] | servercobra wrote: | I'm not surprised they're using scummy tactics. Their actual | software runs like crap, so gotta do whatever they can to get | users. I had a work MBP and personal MBP with exactly the same | specs, main difference being the Sentinel One agent. The work | one was constantly spinning up the fans, S1 was gobbling up | memory, and support was completely useless in diagnosing. Their | Linux agent isn't much better with constant memory leaks. | sys_64738 wrote: | I noticed it even did that in Reader Mode in Safari. Really | annoying. | Ensorceled wrote: | 5-6 year support for hardware is just too short. I have a Mid | 2015 Macbook Pro as a "backup" and that computer is still quite | decent. | kappuchino wrote: | See reply below about Open Core Legacy Patcher[1] which enables | to use older Intel Models to use modern OS Versions. And for | even older hardware, check out the patchers from Dosdude[2]. | Most likely this will not be possible with the M-Class | Processors from Apple, which is a shame. | | [1]https://dortania.github.io/OpenCore-Legacy- | Patcher/MODELS.ht... | | [2]http://dosdude1.com/ | Kerrick wrote: | MacOS versions tend to receive security updates for 2 | additional years after they're supplanted, so it's more like | 7-8 years. Plus, all of the Macs that aren't eligible for | Ventura can use Bootcamp to install Windows or dual boot into | Linux if you're not happy with MacOS anymore. | michaelmrose wrote: | The newest machine that can't run the new version would be a | Mac Pro purchased a scant 4 years ago. Potentially for | several thousand dollars. | | Meanwhile there are 10 year old ~$1000 Thinkpads running | Windows 11 or Linux. If they just wanted to run Linux on it | they could have saved themselves some money. | | 8 years of updates to current version and 10 years of | security updates should be the absolute minimum for every | expensive hardware. | unix_fan wrote: | I question anyone purchasing a machine with generations old | hardware in 2018. Especially considering the Mac pro had | been supplanted by newer macs at that point. | lostmsu wrote: | In 2018 CPUs were still stagnating, so a 2013 CPU would | likely be almost as performant as the latest one. | nicky0 wrote: | It's not really about the CPU power, more that by 2018 it | was well known that the Trashcan Mac Pro was a dead-end | design and a soon to have radical refresh. | michaelmrose wrote: | Absolutely correct it would have been a shitty purchase | but one which ought to be supported none the less. | | Companies ought to love people who give them thousands | for outdated hardware worth hundreds. | thewebcount wrote: | I wonder if it's worse this year than usual because of the | switchover to AppleSilicon? I have a 2013 Mac Pro that I use | daily and it's gotten all updates until this one. 9 years is | pretty good. But I can understand wanting to end support for as | many Intel machines as quickly as possible. | djxfade wrote: | When Apple announced the transition from PPC to Intel, the | PPC Macs only got two major updates before being EOLed. Even | the Power Mac G5 (2005) only got two major updates before | being cut off from support. | rodric wrote: | It should be noted, however, that those major updates had | longer lifespans then. Snow Leopard, the first Intel-only | version of Mac OS, came out in 2009. | more_corn wrote: | They haven't yet released a machine worth upgrading to if | you're on a 2015 MBP. I recently got a 14" M1 and I think I'll | just reinstall my 2015 and move back to it. | ekzy wrote: | You can't be serious? The m1 is so good, great performance, | much quieter and doesn't get hot, and the battery life is | amazing. Also there's not many compatibility issues now | matthewmacleod wrote: | I'd wager that the vast majority of people who have made that | upgrade would disagree with that view; it's a substantial | step-change in most ways, if you use the device for software | development or content creation. | sys_64738 wrote: | Battery life and speed alone are totally noticeable. This | doesn't mention that Intel fires up the fans anytime a CPU | calculation is done. I think you're being disingenuous here. | Klonoar wrote: | ...absolutely not. I jumped from a 2015 to an M1 and never | looked back. It's 100% worth the upgrade. | stouset wrote: | That's certainly a hot take. I'm not sure many would share | that opinion. | have_faith wrote: | The 14" M1 is the spiritual successor to the 2015 MBP I | think. Ports, magsafe charger (with higher quality cable), | larger screen within a marginally larger footprint, keyboard | is good unlike the last few years, solidly built, no touch | bar, finger print login, performance, etc. No complaints | personally. | PainfullyNormal wrote: | I upgraded from a 2015 15" MBP to a 2021 16" MBP. I'm loving | the upgrade. Fast. Better display. Much better battery life. | Still has magsafe. The keyboard is acceptable. What do you | think is missing and/or bad about the new models? | [deleted] | DavideNL wrote: | > " _Passkeys aim to solve the problems with passwords_ " | | So are you locked in with Apple if you use this, or can you | switch all your existing passwords to another "passkey | provider/service" ? | | > " _Wave Goodbye to CAPTCHAS_ " | | I assume that's Safari only... so this is bad news for Firefox? | Shank wrote: | > So are you locked in with Apple if you use this, or can you | switch all your existing passwords to another "passkey | provider/service" ? | | Eventually, yes. Not now, but the goal is eventually, yes. It | requires support to come to Android and at that point, they'll | build the bridge to bring them together. I don't think the | system currently exists for this, but they've said Passkeys | will be a "multi-year industry-wide transition" so I'm inclined | to believe it'll ship in the coming years. | | When you sign in with a passkey, you have the option of | scanning a QR code from a locally present device running any | software that can speak the standard (e.g., Android). This | means that you can login using any software that supports | Passkeys using any devices that support Passkeys. For example, | Chrome on Windows (chrome://flags, turn on passkey support) | with an iPhone is a valid pair. | anaisbetts wrote: | Assumedly any service that implements this will let you reset | your password away from Passkeys, but it's still the soft | lockin of "Ughhhh I don't want to reset everything". | | Sites will never go full Passkeys because that obviously falls | over if you want to access it from any other device or | computer, support request costs would go through the ceiling | philistine wrote: | I wouldn't be surprised if banks go passkeys only. | gernb wrote: | curious too as someone that uses 7 computers running 3 OSes, | are my passkeys accessable, syncable, across OSes? | PartiallyTyped wrote: | > In collaboration with Google, Microsoft and other industry | players, Apple has been working on a new logon technology for | web and other remote services called 'passkeys'. | | I don't think it will be Apple only. However, I am wondering | what will happen to services like bitwarden [1] if it is | available on other OSes as well. | | [1] https://bitwarden.com/ | solarkraft wrote: | What's your concern regarding Bitwarden? | zenlf wrote: | Not the original poster, but I think the worry is that how | can a password manager survive in a passwordless future. | | Will major players be too powerful that no competing | solutions will realistically exist. | scarface74 wrote: | This is based on a standard that Apple, Google and Microsoft | have all agree to and have agreed to a method to transfer keys | between devices. | nojito wrote: | Passkeys are an Open Standard. | | https://fidoalliance.org/apple-google-and-microsoft-commit-t... | jmull wrote: | > However, the Gatekeeper check here is overridable by users. | | This is presented as a flaw, but I'm not sure they are thinking | through the alternatives. It's hard to give too much credence to | security experts who are't thinking holistically. Perhaps there | _is_ a flaw, but I 'm curious to know what it is. | etchalon wrote: | Things the user can override are things social engineers can | convince users to override. | KerrAvon wrote: | Yes. Note that thus is the technical argument for disallowing | sideloading. | cmg wrote: | Exactly. Technical measures are important, but if someone | wants to play a game or do something that's been banned on | Apple's stores and finds a site that claims to have an | installer (which is actually malware) with instructions to | disable Gatekeeper or SIP or what not, social engineering can | work. Their goal is to do the thing they wanted to do, | probably not thinking of security in the meanwhile. Popup | alerts are going to be interpreted as something to get rid of | so they can do the thing. | | It's a difficult balance. Power users, engineers, developers | - we can (usually) tell when warnings need to be heeded. | People who use their devices to achieve a goal without really | understanding or caring about what's happening usually won't. | macintux wrote: | I still recall when that viral elf bowling game was showing | up on _everyone 's_ computers, and it struck me that we | were all quite fortunate it wasn't secretly malware. | kybernetyk wrote: | Security folks tend to have a very myopic view on things. Ever | wondered why your computer got less and less useable? Security | people pushing their agenda. | threeseed wrote: | > Ever wondered why your computer got less and less useable | | Would disagree. | | I think the security changes have made the OS more usable | since I now get visibility into what apps are doing. | | And I love the idea that security people pushing their agenda | of making devices more secure and more private is painted as | a bad thing. | pjmlp wrote: | Yeah, because we get many sad users when their hard drive | gets encrypted by ransomware, and even more so if it is a | shared drive. | | So the less toys to play, the better. | dagmx wrote: | They explain their reasoning right after that statement. Their | concern is social engineering is still a way to convince people | to override this. | Lammy wrote: | > Gatekeeper's role is to ensure that when users execute some | code, that code meets the local system policy. The policy | includes checks such as whether the code is validly signed and | whether it has been tampered with in certain ways. | | Weasel-word alert. I never thought I'd see the day when | technologists would applaud the gradual death of general-purpose | computing, but here we are. A decade from now Apple probably | won't even ship a local version of Xcode, and the transformation | will be complete as all new development happens in Xcode Cloud | where no line of code goes unscrutinized by the watchful eye of | the mother ship. At least we'll be Safe(tm). | guessmyname wrote: | It is funny to me to read this because I recently joined the | Xcode Cloud team to precisely work on this, thinking that I | could help Apple make developer's life easier in the near | future, but according to your comment, there are people out | there who will consider my team's work a regression. | jcelerier wrote: | > It is funny to me to read this because I recently joined | the Xcode Cloud team to precisely work on this, thinking that | I could help Apple make developer's life easier in the near | future, but according to your comment, there are people out | there who will consider my team's work a regression. | | how exactly will it be easier than my current workflow of: | | - Boot computer | | - Press win-key + d | | - type the letters "qtc" | | - hit enter | | - ctrl-alt-shift-<index the project I'm working on> | | - ready to code | zmmmmm wrote: | Not having to download 10g to edit 1 line of code on a | computer where you haven't set up XCode should be a win? | | Having said that, I agree, the biggest problem here is that | even if it doesn't seem obvious now, once the cloud | offering is there the control it offers will make it very | appealing for Apple to expand its use and eventually offer | features there that aren't in the real XCode. It can fast | be a slippery slope to the non-cloud app being deprecated. | drdaeman wrote: | There is no problem with a remote compilation. If anything, | it's good to have options. | | The problem if someone decides that it's going to be the only | option. And another problem is that they can. | | So, your work is not regression, and it definitely has a | positive use case. It's just that it can also make certain | unethical things possible. | RONROC wrote: | There is no more prescient of a take on this news as this one. | | Once the singularity is nearly complete you'll know: macOS and | iOS will merge into one monolithic OS. | corrral wrote: | > A decade from now Apple probably won't even ship a local | version of Xcode, and the transformation will be complete as | all new development happens in Xcode Cloud where no line of | code goes unscrutinized by the watchful eye of the mother ship. | | Any young folks wondering: yes, this exact same thing was being | posted ten years ago, all the time. | | "Apple's gonna totally lock down macOS without any way around | it, they hate general purpose computing" and the related | "Apple's gonna merge iOS and macOS" are the apocalypse cult of | computer geek forums. They might be right eventually, but only | after being wrong a hundred times. And they never get the | timeline right. | danpalmer wrote: | I disagree. Before Gatekeeper there was no way to define a | policy about what code could run, now with Gatekeeper there is. | Currently, Apple define a default policy. Users can edit this | themselves if they acknowledge the risks. Admins of Macs can | also set their own policies. | | The ability to have policies is very different from enforcing | overly strong policies. Apple seems quite clear that they see | iOS as being a platform with a stronger policy, and macOS as | being a platform with at least the ability to run a weaker | policy. | | Edit: also Xcode Cloud isn't what you imply it is/could be, and | Apple's moves with Swift being developed in the open suggest to | me a very different direction for development. I can't see this | ever being locked down, either in terms of technology or | policy. | kccqzy wrote: | Gatekeeper was introduced in 2011 in Lion. It has already been | a decade. I didn't see that transformation happening. | Lammy wrote: | The existence of Gatekeeper already causes a huge privacy | violation by "requiring" my computer to phone home to verify | the signature the first time it launches an application. | Everyone should have realized this when Apple's OCSP | responder went down in November 2020 and nobody could launch | anything that wasn't built in to the OS. | | According to TFA this kind of verification will now occur | every time an application is launched to deter post- | verification "tampering" by you, the user. How big of a | privacy violation would it have to become to bother you, out | of curiosity? If we let this continue we will end up in a | future where full "Remote Attestation" of every hardware and | software component is required to participate in the | Internet. This isn't hypothetical doom-saying, either: game | consoles already work like this. I remember my XBOX360 could | detect modified DVD drive firmware, launches of individual | pieces of software (e.g. Halo 3 Delta leak), and other types | of system modifications, then it would permanently ban that | machine from XBOX LIVE. And that was all 15+ years ago. | | Just imagine what a gift this will be to law enforcement, for | example, once they can go to Apple all like "Hey, Siri, show | me all users of Tor Browser around the time of | ${BITCOIN_TRANSACTION_ID}". | [deleted] | ramesh31 wrote: | Am I the only one increasingly frustrated with macOS's naming | scheme? I have no idea what the latest version is. Ubuntu | versioning gets this right; you can parse their codenames | alphabetically to derive the semantic version. But Apple's | heuristic here seems to be "throw a dart at a map of California". | eknkc wrote: | Just use years. You are already releasing shit yearly. Name it | macOS 22. | | These places mean nothing to me. | philistine wrote: | The strength of the California brand across the globe is | crazy good. It's all a bit of marketing. | vincent-manis wrote: | Future versions will be named Bakersfield, Weed, and Needles, | not to mention Oxnard? | duped wrote: | Ventura is MacOS 13.0.0. | tannhaeuser wrote: | Ah thx, was thinking about Lino Ventura so a place in Italy I | guess; could be worse eg Ponte Vecchio | Ruq wrote: | I just miss the Big Cat names. | ubercore wrote: | Hasn't it been this way the whole time? Why is your frustration | increasing? | guerrilla wrote: | Haven't you not been getting food this whole time? Why is | your frustration increasing? | russelldjimmy wrote: | Help me understand how being starved for food is analogous | to having OS version names that don't reflect the order of | OS releases. | guerrilla wrote: | The irritant becomes with as time goes on as long as its | present. More and more meaningless names to memorize... | [deleted] | itg wrote: | I imagine as the number of versions increase, there is more | tracking you have to do when someone doesn't explicitly | mention the version number. | saurik wrote: | That's definitely my issue: over the years, we have | accumulated more and more and more of these names. When | someone talks about iOS 4 or iOS 7 in some article I am | reading, I know what they are talking about and the extent | to which the version matters; but, when someone talks about | macOS Gaviota, I have to think "wait, was that the one that | just came out, or was that one of the ones I haven't had to | think about in a decade? oh shit... maybe it's the one that | got announced today and I just haven't heard the name | yet?!". | | (That said, I will also note that frustration is not | inherently constant even when something is truly static: | sometimes you get used to something over time and it stops | bothering you, while other times it slowly drives you mad.) | jl6 wrote: | Ubuntu has both a codename and a version number. macOS has a | version number too (Ventura is 13) but Apple frustratingly | don't use it prominently. | jen20 wrote: | The version number and build number are on the "About this | Mac" screen and in the output of `sw_vers` - where else would | you like to see it used? | jl6 wrote: | In marketing material, such as here: | | https://www.apple.com/uk/macos/macos-ventura-preview/ | jen20 wrote: | I personally doubt you'll ever see that, though it's a | possibility since iOS uses version numbers. | rzzzt wrote: | Alliterating Antlion | giantrobot wrote: | It wasn't much better with big cats. There were two sort of | semantically related releases, Leopard/Snow Leopard and | Lion/Mountain Lion. Of those on the Leopard/Snow Leopard I | thought made sense as Snow Leopard was a "oh shit fix all the | bugs" release. SL was the first full OS release after the Intel | transition _and_ 64-bit kernel. | sharikous wrote: | Yes but it starts to be difficult to keep 18 names in the | head, be them cats or California places | bangonkeyboard wrote: | I can picture a big cat in my mind. That helped to peg OS X | releases and enabled me to mentally distinguish and order | them. | | I can't picture "Monterey" or "Ventura" or any other macOS | names, they have no meaning to me. | Macha wrote: | Ventura has a meaning to me.... Ace Ventura, a cartoon from | my childhood about a egotistical questionably competent | detective. | | I'm not sure that's the image Apple wants to give off | though... | rsfinn wrote: | "Ventura Highway, in the sunshine..." [0] | | I may be dating myself somewhat here. | | [0] https://en.wikipedia.org/wiki/Ventura_Highway | mixmastamyk wrote: | Sunny beach town, Spanish mission, etc. | philistine wrote: | themadturk wrote: | Big Sur, Monterey, Yosemite, El Capitan, Catalina... all | worked for me because I've either been there or there was a | screensaver/wallpaper to associate them with their locales. | I really don't know a thing about Ventura. | dagmx wrote: | The marketing names for macOS and OSX have always been random | other than having a general theme to it. | | The OS in most cases just refers to itself by the number and is | what it will show in a lot of scenarios in addition to the | marketing name. | masklinn wrote: | > The marketing names for macOS and OSX have always been | random other than having a general theme to it. | | Not _entirely_ true: two of the cats were name variations of | their predecessors to express an intent of limited end-user | / feature updates and a focus on refinement (even though | taxonomically the cats have basically no relationships | outside of being cats, mountain lions aren't even in the same | genus as lions) | dagmx wrote: | That's fair. In a similar vein, there was also Sierra and | High Sierra. | Tsiklon wrote: | In a sense they sort of did continue this style of | convention with Yosemite and El Capitan (the latter being | in the former), Sierra and High Sierra. | | It's only in the last few releases that the dart board has | come out | rsfinn wrote: | Since they moved macOS off version 10.x (finally), | "Apple's crack marketing team" left the desert (Mojave) | for the Pacific coast. Unfortunately, they didn't plan | the trip carefully, so they started at Big Sur with macOS | 11, went north to Monterey for macOS 12, then turned | around and headed back south to Ventura for macOS 13. At | least those locations are in alphabetical order -- but | with Ventura they seem to have painted themselves into a | corner. | | So will macOS 14 be further south (Carlsbad?) or back | north (Eureka?) -- stay tuned... | [deleted] | ksec wrote: | Yes. In Big Cat era, you could at least memorise those names | which have some meaning to nearly everyone around the world, | and it always had a version number. | | Mac OS X 10.7 "Lion" - 2010 | | Mac OS X 10.8 "Mountain Lion" - 2012 | | Now it is only a name I guess only people in US / California | will know or understand. The same joke From Apple's "crack | marketing team" and played out by Craig Federighi for something | like 10 years[1]. | | But I guess that is post Steve Jobs's Apple for you. | | [1] Just guessing since I remember they started using this line | after Forstall left. | muterad_murilax wrote: | Small correction: | | Mac OS X 10.7 Lion was released in 2011. | | Also, there's no "Mac" in OS X 10.8 Mountain Lion. | ntoskrnl wrote: | Let's go back to cats. Since macOS is becoming more and more | like iOS, we don't have to limit ourselves to big cats | anymore. Small cats are on the table too. There's gotta be at | least 100 cat breeds, that should last us a while. | ranman wrote: | _nodejs has joined the conversation_ | [deleted] | sharikous wrote: | At least two other security changes: | | - userspace filesystems: the nail on the coffin for kernel | extensions. Now we won't need to run in "reduced security" to use | FUSE and that was the last kernel extension that remained | popular. Probably kexts will be deprecated shortly - rapid | security response | | - it seems also to include changes in Xprotect and mrt | dochtman wrote: | Very curious about userspace filesystems, would be awesome if | there's finally a fast solution for this that's well-supported | in the OS. | pxc wrote: | > the nail on the coffin for kernel extensions | | The OpenZFS implementation on macOS also requires kernel | extensions, and I don't suppose it can easily be ported to FUSE | or that that would have desirable performance characteristics. | | Special kernel extensions are also required to get some basic | functionality working on macOS these days, like disabling | pointer acceleration. | dagmx wrote: | Do you have any links on the userspace filesystems? There's a | few things I'd like to develop in that regard without getting | into kexts | sharikous wrote: | There is that: https://threedots.ovh/blog/2022/06/quick-look- | at-user-mode-f... | | But userspace filesystems are already present in iOS so you | can find some reverse engineered info on that (e.g. in | Jonathan Levin's books) | dagmx wrote: | Thanks | jessriedel wrote: | Mostly off-topic: have Apple and Microsoft completely given up on | non-trivial changes to desktop operating systems? Will MacOS look | basically the same in 40 years? Or is the idea that everything | will be AR/VR by then and there is no use innovating in this | domain? | sys_64738 wrote: | If you look at independent developers working on the Mac OS, | you find it's pretty much dead. Only the name programs get | updated nowadays whereas everybody else has moved to | iPhone/iPad as that's where the money is. Open source still | chugs along though. | brundolf wrote: | Window management has continued to evolve in nontrivial ways, | imo. More fundamental interactions probably won't and probably | shouldn't change; those idioms are mature and deeply engrained | at this point. It would alienate swathes of users to rock such | an established boat. | philistine wrote: | Microsoft tried with Windows on their phones. Look where that | led them. | dagmx wrote: | I guess you'd need to set a goal post of what counts as | trivial? | | Many of the things mentioned in the article aren't trivial. | They may be smaller in scope, but size (large / small) are | different than complexity. | | You can take a look at what's new in Ventura | https://www.apple.com/macos/macos-ventura-preview/features/ but | that's not even getting into the under pinnings. | | Similarly Microsoft made fairly significant changes to Windows | between 10 and 11, and several times to 10 within its life | cycle. | | Unless you're talking purely visual design, in which case what | kind of changes would you expect without upending people's | workflow? | jessriedel wrote: | We have gotten so use to these trivial changes that our | expectations have renormalized. Desktop OSs are | asymptotically approaching a fixed point. | | Examples of modest but non-trivial changes: | | - eliminate the folder-file system (or at least make it | completely invisible to the user) | | - remove UI distinction (but not necessarily the sandbox | distinction) between web apps and normal apps. | | - seamless mobile-desktop integration, so the user views them | as just different form factors for accessing the same | resources. | | (There are of course much more radical changes than these | that one could imagine.) | dagmx wrote: | I'm curious as to your background if you consider any of | the things mentioned in the articles as "trivial" changes. | Have you worked in systems development before? | | I similarly question your definition of "modest". The first | one alone is incredibly radical, and has been tried several | times in the past but people keep asking for hierarchical | file systems. It's far from modest. | | 1. How do you propose users organize things? | | 2. Already exists today with electron and webview. What | would you propose an OS provide here? Many apps you use | today on macOS are web apps within a native context. | | 3. This is already growing on macOS with features like | continuity handofd, universal control, being able to run | mobile apps on desktop, iCloud sync of projects etc.. Each | year they've clearly moved towards unifying things. | | If these are what you consider modest though, I fear what | you consider radical without throwing out decades of | learned user interaction in the process | jessriedel wrote: | I'm not using "trivial" as a measure of ease of back-end | implementation, but rather of how it actually changes | user experience and productivity. There is no limit to | how hard it can become to implement trivial changes | behind the scenes; it would be silly to ignore or | downplay the ossification of desktop OS capability just | because software developers continue to expend more and | more effort to make smaller and smaller improvements. | | My reading of your comment is that you aren't actually | interested in thinking about non-trivial changes here. | "Didn't you know people have tried eliminating folder | systems before? It's hard and hasn't succeeded yet" is | obvious and does not seriously engage with the | possibility. ("Didn't you know people have been | attempting to make stylus input work for decades without | success?") Likewise, the fact that web apps can be | disguised as native apps is not the same thing as | eliminating the distinction at the user level, and I | don't think you would have conflated these if you were | really interested in it. | | So I don't think it will be productive to continue this | conversation. | dagmx wrote: | Again, that's why I'm delineating between scale and | complexity. Trivial implies complexity, but you seem to | keep going back to scale of the change. | | Saying something is trivial, by definition, implies its a | simple change. Nothing mentioned so far is simple. None | of your suggestions were modest. | | I understand you're using the word according to how you | think of it, but I'm trying to point out that you're | incorrect, and that many of the things you say are modest | are not so. | | You're actively down playing the amount of work and it | either feels disingenuous to make your point, or divorced | from the reality of implementation. | loudermachine wrote: | Swap "everything will be AR/VR" to "everyone uses mobile as | primary devices" and I think it's a better guess. Or maybe | "everyone have at least two computer devices". I feel like the | goal is to have the most seamless experience between tablets, | smartphones and desktop, and impactful changes that don't work | towards that goal are just discarded. | [deleted] | zmmmmm wrote: | Most concerning is Gatekeeper, as I do still routinely run into | scenarios where it harassess me about applications I am trying to | run and on the odd occasion I have to manually codesign things. | | It will be _super_ annoying if this now starts making developer | 's life hell because it is nannying binaries they are building, | sharing or working with as part of their development work. | Wowfunhappy wrote: | You can completely disable Gatekeeper if it annoys you: | | $ sudo spctl --master-disable | [deleted] | dagmx wrote: | If you're building, you can designate something as a developer | tool and gatekeeper will ignore it. | forgotmypw17 wrote: | Somewhere between Mountain Lion and High Sierra, it became | impossible to delete or even mark non-executable various annoying | built-in applications which I never use, e.g. iTunes.app and | Safari.app, which often open without me asking them to. | | Does anyone know how to re-enable this functionality? | [deleted] | kappuchino wrote: | Lets hope the open core project, namely the Open Core Legacy | Patcher[1] will revive some older models to run Ventura. | Personally, I'm running a 2014/15 Macbook Air 11" for 7 years | now[2] and with "Open Core Legacy" on Monterrey with no issues at | all. | | [1] https://dortania.github.io/OpenCore-Legacy- | Patcher/MODELS.ht... | | [2] Except the mainboard, display and shell everything else thats | modular (wifi card, ssd, battery and keyboard) was | replaced/repaired at some point. | ksec wrote: | May be off topic but this had me thinking. | | Will Safari 16 be available on older macOS? Assuming Apple | doesn't break their tradition it should support two prior OS | release, Monterey and Big Sur. | | While I could do without an OS update on my MacBook Pro 2015. ( | I cant record a single useful feature from all the previous OS | update other than Universal Clipboard ) That means for MacBook | Pro 2015 Model users they will only have two more Safari | Update. | Synaesthesia wrote: | In pretty confident it will, the OCLP project has improved a | lot and is now very capable and stable. My MacBook Pro 2012 | runs Monterey, and it's really fast and stable. Better than any | previous Mac OS in fact. | | You can look on the Macrumors forum and Reddit to see if | they're already getting the betas to work. | | https://forums.macrumors.com/threads/macos-13-ventura-on-uns... | | https://www.reddit.com/r/venturapatcher/ | | Edit: the OCLP team released an official statement, looks like | they're having quite a few challenges. | https://github.com/dortania/OpenCore-Legacy-Patcher/issues/9... | captn3m0 wrote: | Do the new DNSSEC changes imply anything for local DNS overrides? | Would Apple refuse to block a site if DNSSEC is enabled and | PiHole returns a blocking response? | tptacek wrote: | Probably not. I haven't been able to dig into what they're | doing, but I watched the presentation about the feature, and | it's an opt-in API for applications. I'm not clear on this but | I have to assume that the macOS/iOS resolver code is still | leaning on your external recursor to do the DNSSEC validation | stuff (otherwise, it's going to generate _a lot_ of extra | lookup traffic), which means it's going to trust whatever your | PiHole tells it anyways. | [deleted] | prpl wrote: | I'm sure quite a few MBP 2015 users are going to be a little sad | the end is near. | | I loved that machine. I was able to skip the 2017 MBP and go to | 2019, but honestly I miss the smaller trackpad. | MrBuddyCasino wrote: | Still using the 2013 and 2015 MBPs here, had no reason to | upgrade. Love them to death, still no hardware issues | whatsoever except a new battery. I also prefer the smaller | trackpad. Guess its time to gift them to my parents. | | Luckily, the M1/M2 is finally a worthy upgrade, after years of | keyboard issues and unwanted features. | brundolf wrote: | Will non-Ventura devices still get vulnerabilities patched, or | are they dead in the water? | samcat116 wrote: | Security updates are N-2 I believe (so current OS and last | two major versions). | crest wrote: | Apple has established a pattern of haphazardly offering | partial and late security updates for the two more releases | (e.g. Big Sur, Monterey, Ventura). | philistine wrote: | Looking from the outside, it sure does look like every | security patch is assessed on its difficulty to port to | older OSes, its severity, and its reach. | | It can be maddening. | IndySun wrote: | Along with other comments, we have at least 10 fully working | mbp 2015s. Many with upgraded 2tb storage. All used for audio | work. Running 10.13 - 10.16. Little to no issues and I still | buy up any I find online. Absolutely fantastic machines. | samgranieri wrote: | I have a 2015 MBP, and still think this machine has legs to | last a bit longer. Maybe I'll put arch linux on it later on | sprkwd wrote: | It's what I'm gonna be doing!! | gernb wrote: | agreed the larger trackpad is a net minus. I get all kinds of | spurious input because of it sensing my palms | ksec wrote: | Butterfly Keyboard ( And arguably the new Magic Keyboard ) | with little to no Key travel distance, along with Larger | Trackpad which create false positive input were two key minus | design features. | | Unfortunately every time I pointed this out most of HN were | quick to answer this is an user issue and not a design flaw. | filoleg wrote: | I can see why most on HN (and actually outside of HN too) | would say a larger trackpad is great, so I think you might | indeed be in the minority opinion on this one. Even | mainstream reviewers tended to list it as a positive. | | But butterfly keyboard had been pretty much universally | decried as a terrible mistake almost everywhere, including | HN. | ksec wrote: | >But butterfly keyboard had been pretty much universally | decried as a terrible mistake almost everywhere, | including HN. | | That was certainly not the case until the reliability | problem got magnified in 2018. When the problem has been | there since 2016. Before that Butterfly was somehow the | holy grail for touch typist. | KerrAvon wrote: | I remember reactions being more mixed. I and others | always wanted more key travel, but I also knew people who | loved it. | oreilles wrote: | I don't believe it ever was the holy grail of touch | typist. First, it was incredibly loud, and most people | complained about it. The key travel distance was mostly | cited as a con, not a pro. And only then the reliablity | issues started to arise. But it didn't take 2018. This | article (https://news.ycombinator.com/item?id=15496745) | made it to the top of HN in Oct 2017, but people had | already been complaining for months (See this article | from February | https://forums.macrumors.com/threads/some-2016-macbook- | pro-o...). | pram wrote: | The login items panel is such a good change, and also like 20 | years overdue. | jessriedel wrote: | Yes, I have been baffled that it was always so difficult for | the user to manage what's auto-launched on start-up. So many | apps try to bury into start-up so they can keep collecting data | and lightly spamming the user. | | Can anyone shed light on why it took so long? I had always | figured the non-existence of a login items panel was a | purposeful choice. | nvrspyx wrote: | It's actually been there for a long time. It's a separate tab | in "Users & Groups" pre-Ventura. | yurishimo wrote: | Apps aren't required to use that screen though. Some of | them will, but a lot of apps not in the App Store can and | do register themselves with launchd on their own. | | Apple should be proactive and extract those items | automatically, but in practice, they don't. | mrtesthah wrote: | No, the "Login Items" panel that was previously under Users | & Groups did _not_ include Launch Agents or Launch Daemons. | | Launch Daemons in particular are managed directly by | launchd and can have more sophisticated triggers including | periodic execution. | Etheryte wrote: | This view only includes actual apps that launch on startup, | it doesn't include agents, daemons etc. Many popular apps | have one, if not many, that the users are usually not even | aware of and can't turn off via the UI. To see what I mean, | try running `launchctl list | grep -v "com.apple"` as the | user you're logged in with. It will list jobs loaded into | launchctl not owned by Apple, and that isn't even the only | way to make things run at startup. | [deleted] ___________________________________________________________________ (page generated 2022-06-19 23:00 UTC)