[HN Gopher] Bug in macOS 14 Sonoma prevents our app from working
___________________________________________________________________
Bug in macOS 14 Sonoma prevents our app from working
Author : eptcyka
Score : 498 points
Date : 2023-09-13 17:05 UTC (5 hours ago)
(HTM) web link (mullvad.net)
(TXT) w3m dump (mullvad.net)
| CharlesW wrote:
| Mullvad has been working _okay_ for me in Sonoma betas (I had to
| click "Connect" twice), and appears to work perfectly in the
| final 14.0 release (23A339). A test with ipleak.net looks normal.
| What am I doing right/wrong?
| [deleted]
| contact9879 wrote:
| it works but requires local network connections to be enabled
| which I assume is the "leak" they note
| thehours wrote:
| I don't know if related, but immediately the last two MacOS
| upgrades I was unable to get my networking to work. I could
| connect to Wi-Fi / Ethernet / Hotspot. But nothing would actually
| connect (e.g. browser, pings, etc) , not even to my router.
|
| The fix both times was to open the Mullvad VPN app just once and
| everything worked again. No idea why just opening the app would
| fix the issue.
| jiripospisil wrote:
| Speaking of macOS's firewall being broken, there's a bug (or
| "feature"?) in the NetworkExtension framework which causes
| connections to get initiated (SYN, leaks your IP address) even if
| there's an explicit rule to deny that connection. This affects
| LittleSnitch, Lulu, and all the other apps building on top of the
| framework. Bug reports have been filed and as usual ignored by
| Apple.
|
| More:
|
| Little Snitch "denied" connections leak your IP address -
| https://lapcatsoftware.com/articles/2023/3/4.html
|
| Follow-up to Little Snitch "denied" connections leak your IP
| address - https://lapcatsoftware.com/articles/2023/3/5.html
|
| Little Snitch "denied" connections leak your IP address:
| Developer response -
| https://lapcatsoftware.com/articles/2023/6/3.html
|
| https://twitter.com/JiriPospisil/status/1679838397983064064
| [deleted]
| Szpadel wrote:
| I don't see any action points in blog post so I'm not sure if
| they do it, but some warning in app when specific version of
| MacOS is detected or even blocking functionality that is known to
| be leaky would be great for anyone that might track blog posts.
| plus maybe link to this blog post in case MacOS resolves issue
| but app will not be updated
| panosv wrote:
| Not completely relevant, but another long standing bug: An 11
| Year Old Bug in the macOS Popen():
| https://news.ycombinator.com/item?id=37238433
| saagarjha wrote:
| If this is your bug, consider also sending in a feedback with
| your patch. The open source projects don't usually take PRs.
| joomooru wrote:
| No wonder, I recently installed the latest sonoma beta and
| couldn't for the life of me get Mullvad to work. Glad to hear
| Mullvad is working on a workaround. I even considered downgrading
| back to Ventura this morning. I feel validated!
| justusthane wrote:
| It doesn't say they're working on a workaround. It says that
| users shouldn't upgrade to Sonoma until Apple fixes the bug.
| [deleted]
| sleepybrett wrote:
| I assume the tailscale/mullvad stuff still works. Might be a
| nice workaround until apple gets it fixed.
| joomooru wrote:
| Went to look at tailscale vpn and didn't realize it was a
| service entirely contained within tailscale, so I can't use
| my existing Mullvad account or credit tailscale with my
| already-purchased Mullvad credits :(
| sleepybrett wrote:
| Aw, that sucks. Maybe possible through Mullvad support?
| ezfe wrote:
| They've said they don't plan on allowing that
| conradev wrote:
| Tailscale works great, yeah.
| Terretta wrote:
| This repro is a thing of beauty.
| coldtea wrote:
| Isn't it merely setting a simple firewall rule and trying a
| query that violates it?
|
| Which is the scope of the bug sure. But doesn't make the check
| particularly elaborate or beautiful!
| jihadjihad wrote:
| > But doesn't make the check particularly elaborate or
| beautiful!
|
| I think GP is saying it's beautiful precisely because it
| needs such a simple and not elaborate test
| jjcm wrote:
| I love how simple it is, but also that it has a cleanup step as
| well! Such a missed element in many of these.
| buildbot wrote:
| Great writeup, very succinct and informative, they even have a
| simple reproduction of the bug.
|
| I love Mullvad!
|
| Tangentially, MacOS has had a lot of weird firewall bugs in the
| last few releases in general, I wonder what drive them to rip up
| and redo (I assume? so much of it recently.
| tiffanyh wrote:
| macOS has attempted to progress its networking stack for years
| but would run into regressions and then revert back.
|
| Old article on the topic.
|
| https://9to5mac.com/2015/05/26/apple-drops-discoveryd-in-lat...
| cptcobalt wrote:
| Drudging up 8 year old architectural decisions that Apple
| rightfully reverted is hardly a charitable comment. A bug can
| just be a bug.
| nhubbard wrote:
| The rewrite was definitely influenced by the mandatory
| migration from kernel extensions to userspace System
| Extensions, specifically NetworkExtension, between Catalina and
| Big Sur:
| https://developer.apple.com/documentation/networkextension
| hulitu wrote:
| One would expect they have a test suite.
| londons_explore wrote:
| One would suspect their test suite is lacking...
| MichaelZuo wrote:
| There are a lot of errors and faults that show up in
| Console on a brand new MacBook just sitting on the
| desktop. And with every version the number seems to
| increase. So it's not even their test suite that's the
| issue.
| dmix wrote:
| I'm curious, why do you look at random OS errors in
| Console to the point you noticed such a thing?
| _jal wrote:
| Some of us who came up on the ops side routinely check
| logs. It is both how you spot problems other monitors
| might miss and partly how you learn how your system works
| (or doesn't). Especially with MacOS, where the
| documentation quality ranges from shit to nonexistent and
| the source is unavailable.
| eptcyka wrote:
| For me, it's a benchmark of a well made system - the
| lower bandwidth of log output you get when a user machine
| is idling, the better. I have seen some Android phones
| produce megabytes of logs just sitting there - you can
| test this by running `<whatever command outputs logs> |
| pv`.
|
| It's also a good metric to signal an anomaly after a
| deployment. On my desktop machines, the current culprit
| for most of the logs is pipewire/alsa, generating
| multiple lines per second.
| MichaelZuo wrote:
| This, plus on MacOS 'faults' specifically indicate events
| where the computer could not gracefully recover, so some
| user noticeable thing happened.
|
| e.g. when the WiFi adaptor faults and has to restart.
| MichaelZuo wrote:
| When my computer can't even stay up for a full week
| without crashing, or suffer an inexplicable lag spike,
| etc., I become more motivated to closely examine
| everything to see what's causing the crash.
| callalex wrote:
| Are you plugging/unplugging monitors or other hardware?
| With macs it's always that for some reason.
| MichaelZuo wrote:
| No, literally just sitting there with no peripherals
| attached, doing nothing more complex then playing a 4k
| video and web browsing.
| isodev wrote:
| It would have been even better if they had included the
| rdar/Feedback number.
| voytec wrote:
| > Great writeup
|
| No. It's a rushed and emotional response bashing OpenBSD's pf
| and not Apple's implementation.
| tick_tock_tick wrote:
| Just because OpenBSD isn't relevant anymore doesn't mean
| anything vaguely related to it as an attack.
| jxf wrote:
| If Apple is shipping that implementation as part of their OS,
| doesn't it make sense to let Apple know they should pick a
| different upstream target?
| monooso wrote:
| > Apple introduced a bug
|
| It seems pretty clear that the article isn't bashing OpenBSD
| in any way whatsoever.
| eptcyka wrote:
| To the best of my knowledge, OpenBSD's pf wouldn't exhibit
| such pathological behavior.
| voytec wrote:
| Exactly - it's a screwup on Apple's part, not OpenBSD's.
| alpaca128 wrote:
| And Mullvad very clearly indicated it's connected to
| Apple/macOS:
|
| > bug in the macOS firewall, packet filter (PF)
| voytec wrote:
| It's not macOS firewall, but Apple's implementation of
| OpenBSD's pf used in Apple's macOS. Mullvad is clearly
| pointing at a bug in OpenBSD's "packet filter",
| mentioning that it's used in macOS.
|
| Mullvad's article lacks proper wording and shits on the
| wrong target.
| bastardoperator wrote:
| Or maybe they're not shitting on anyone in particular and
| just trying to warn their MacOS users about a security
| issue?
| Liquid_Fire wrote:
| There isn't any mention of OpenBSD in the article. It
| says:
|
| > a bug in the macOS firewall, packet filter (PF)
|
| > We believe the firewall bugs must be fixed by Apple.
|
| I don't see how you can interpret that as shitting on
| OpenBSD.
| voytec wrote:
| There's a mention of "packet filter (PF)" which is
| OpenBSD's firewall with a good reputation. It's (mis)used
| by Apple but Mullvad has clearly rushed the article and
| it points at a bug in the firewall itself.
| jonhohle wrote:
| Unless there is an equivalent OpenBSD bug, why would it
| be their issue? Low level components often are patched by
| Apple to work with Xnu. If the same bug isn't showing up
| in OpenBSD, it's more likely Apple's integration or a
| "feature" added by Apple.
| kungfufrog wrote:
| You're way off base and I can see you feel quite
| frustrated by what you perceive as a slight against
| OpenBSD. I know and have used "pf" in OpenBSD. Not once
| while reading the article did I think Mullvad were
| referring to pf as a technology as opposed to the macOS
| implementation of pf where the bug resides.
| SAI_Peregrinus wrote:
| Apple forked PF, but didn't change the name. Apple's fork
| of PF has a bug. The article only mentions Apple's fork.
| Exuma wrote:
| What part is emotional
| sam_goody wrote:
| voytec's comment ;)
| olliej wrote:
| [edit my scanning the article missed that they answered this :D]
|
| The obvious answer question is whether they reported this to
| apple already and are using this post to draw attention to it, or
| if they've found the bug in the betas (which is why betas exist)
| but then not reported it directly (defeating the purpose of
| betas)
| Exuma wrote:
| That is not an obvious question if you read the article
| dinkblam wrote:
| from the article:
|
| we have investigated this issue after the 6th beta was released
| _and reported the bug to Apple_
| finitestateuni wrote:
| If you read the article, they mention that they've reported the
| bug in previous versions of the beta and it has still not been
| fixed in the latest version. They're cautioning their users
| against upgrading in two weeks when the release comes out of
| beta unless there is confirmation that the bug has been fixed.
| rollcat wrote:
| Beware of point 0 releases.
|
| I've had such a bad experience with iOS 13 / macOS 10.15 that
| I'm reluctant with the point 1's as well.
| [deleted]
| FollowingTheDao wrote:
| [flagged]
| [deleted]
| zshrc wrote:
| Just a note, while I experienced issues connecting with the
| Mullvad.app, running a Mullvad Wireguard config in Wireguard.app
| worked fine.
| nvahalik wrote:
| Anyone else get an invalid certificate on this site? What's the
| deal?
|
| ETA: Hm. OpenDNS (family) blocks them...
| ezfe wrote:
| makes sense that blocking software would block VPN software
| mzs wrote:
| https://web.archive.org/web/20230913161315/https://mullvad.n...
| [deleted]
| Pesthuf wrote:
| Normally, when software doesn't have big changes between
| releases, like macOS, there's a feature freeze and devs are
| working on bugfixes.
|
| Yet, macOS seems to get buggier and buggier between releases.
| Something about the way it's being developed right now is going
| very wrong.
| rollcat wrote:
| What's interesting is that there was a PF bug in FreeBSD not
| long ago as well: <https://www.enricobassetti.it/2023/09/cve-20
| 23-4809-freebsd-...>;
| <https://news.ycombinator.com/item?id=37437530>.
| deergomoo wrote:
| I wish they'd just stop with the yearly major releases.
|
| Unlike the iPhone, there's no magic date in September when all
| the year's new Macs drop and require support for all the new
| hardware capabilities. Sure, there are changes to system apps
| on iOS like Notes that want feature parity on the Mac, but you
| could do those in a point release. Or even better, decouple
| those apps from the OS and update them individually via the App
| Store.
|
| They clearly don't have enough resources allocated to macOS
| anymore to have a big yearly release without spending the next
| n months fixings problems. Just release the damn thing when
| it's actually ready. They didn't do yearly releases when the
| Mac was still their major focus, I don't see why they need to
| today.
| pohl wrote:
| I see more and more complaints about bugs, anyway. I use it all
| day every day without issues, though. Not sure what to make of
| that. It's not that I don't believe those who are affected. I'm
| just not sure one can conclude that it's getting more buggy
| with each release. Maybe the number of unusual use cases
| increases with popularity?
| deergomoo wrote:
| For me personally it's not bugs as such. Bugs usually do get
| fixed fairly quickly (though something like this making it
| into a release candidate is concerning).
|
| It's half-baked features that don't get revisited for
| _years_. We all know the new System Settings sucks; Sonoma
| hasn't meaningfully improved it. The Notification Centre
| redesign introduced 3 (?) years ago is so much worse than the
| old design, but it hasn't been touched since. Disk Utility is
| a shadow of its former self.
|
| macOS is an established operating system, I would prefer them
| leave perfectly good features alone unless they can actually
| make them better.
| [deleted]
| hulitu wrote:
| > Yet, macOS seems to get buggier and buggier between releases.
| Something about the way it's being developed right now is going
| very wrong
|
| This is a common trend in the SW development in the last
| decade. Aparently bug fixing is hard and expensive, that's why
| they concentrate on new features or, in extreme cases, complete
| rewrites (GTK).
| steve1977 wrote:
| https://www.jwz.org/doc/cadt.html
| m3kw9 wrote:
| New OSs can sink your company
| dinkblam wrote:
| not surprised. we've filed dozens of bug reports as every new
| macOS release gets worse and worse. i've given up on filing
| reports now, since they won't get fixed or even looked at anyway.
| i see the problem with triaging when around 4k issues are filed
| per day, but it's not like Apple is hurting for cash.
| sccxy wrote:
| Same with iOS bugs.
|
| Release new feature with a lot of bugs.
|
| For example even if they are fixed (takes about a year) in
| webkit they are never merged to safari...
|
| So even if there is bugfix, it will never make it to live
| release.
| riscy wrote:
| how can you know they're not looked at? is there a read
| receipt?
| baz00 wrote:
| They actually fixed 3 bugs I raised!
| bpoyner wrote:
| I reported a bug in the iOS Home app and they fixed it. Seems
| to be hit or miss on what they'll fix.
| superlupo wrote:
| I've basically given up reporting bugs with Apple as they just
| seem to be ignored and either never fixed, or fixed some years
| later when the corresponding component is completely rewritten.
|
| I basically resent filing bugs with companies that have enough
| money to do proper testing, I don't want to work for them for
| free, especially if there is no answer, or a 1st-level answer
| who hasn't even tried the filed repro case. However, I am
| happily reporting bugs with open source projects.
| ezfe wrote:
| I don't put a lot of effort into bug reports, but it's not a
| zero-sum game.
|
| If they never fix the bug, they got no value out of your
| report...
|
| If they fix your bug, then now software you use works
| better...
| planb wrote:
| I raised a bug in the image capture framework which prevented
| scanning from sandboxed apps and it was fixed 3 betas later.
| But probably because Preview.app was also affected and I asked
| all users of my software to file a bug for the Preview app.
| [deleted]
| paws wrote:
| The more macOS seems to break user control of networking, the
| more I wonder what kind of "separate box" solutions are out there
| that can intermediate _outgoing_ traffic. e.g. Something like
| LittleSnitch on a router, where it notifies the Mac when it
| detects a new outgoing connection.
|
| Do things e.g. pfSense support that already? "Hold" an outgoing
| connection from the moment the SYN is observed, notify whatever
| client, and only allow if the user clicks?
| bonestamp2 wrote:
| I think the best you can do in pfSense would be to log it and
| then look at the logs regularly.
| smashed wrote:
| > Do things e.g. pfSense support that already? "Hold" an
| outgoing connection from the moment the SYN is observed, notify
| whatever client, and only allow if the user clicks?
|
| Not that I am aware of.
|
| This is a desktop centric workflow where the user can react
| live to an application that is sending traffic.
|
| Your typical network firewall will apply a set of static rules
| and the decision to log/reject/drop is done ASAP. Waiting for
| user input is impossible.
|
| Some systems can show logs of recent blocked traffic, and allow
| an admin to quickly generate an exception/allow rule for
| blocked traffic but that's pretty much it.
| fiddlerwoaroof wrote:
| Most of the alternatives that aren't marketed to the consumer
| immediately have something. I ran openwrt for years and used
| its firewall to block a bunch of traffic and now I've switched
| to Ubiquiti because of wifi issues.
| meindnoch wrote:
| And how would you decide whether an outgoing connection to a
| random AWS IP is legit or not? You don't know which app is the
| source.
| WirelessGigabit wrote:
| Actually you do. You request a port on which your process
| will listen to the result of the call.
| azinman2 wrote:
| So then you need each device to run software to communicate
| this to your router. This isn't a purely router based
| solution.
| intelVISA wrote:
| If there's a market this could be an interesting weekend
| project.
| [deleted]
| _boffin_ wrote:
| Interesting
| keehun wrote:
| I'm glad Mullvad is raising the public temperature on this! This
| one has definitely been noticed and been very concerning.
| scosman wrote:
| Has this been noted elsewhere? Sounds like Mulvad reported
| after the 6th which is pretty close to the RC.
|
| From source: "we have investigated this issue after the 6th
| beta was released and reported the bug to Apple"
| gorkish wrote:
| MacOS has had a host of these types of issues with their
| network stack over the last few years. They are almost always
| related to some "Magic" technology Apple is introducing such
| as AirDrop (raw wifi frames), Siri (multipath tcp) et. al.
| Essentially Apple have been introducing these new components
| with special elevated privileges which allow them to bypass
| or have priority access to the network stack in order to
| implement whatever brand of cross-protocol hoodoo they may
| require to function. At best, it's maddening, but at worst
| its a huge red flag that Apple seems ready and willing to
| accept these compromises into the functionality of their
| system. It is impossible to achieve total software control
| over the network stack in MacOS today.
| keehun wrote:
| Not publicly that I have seen, but I can assure you
| networking and cybersecurity companies (and others) saw this
| pretty quickly when the bug was first released. I was just
| glad to see a relatively big company calling out this rather
| egregious issue.
| LeoNatan25 wrote:
| Security companies should be much more open about these
| issues, rather than quake the notion that if they go
| public, they'd lose their hush hush secret contacts at
| Apple that give them private entitlements for private
| functionality. (Source: first hand experience)
| [deleted]
| unnouinceput wrote:
| We, the old Windows developers, welcome you, the current Apple
| developers, to the 90's, when Windows was shittier and shittier
| with each version. Get ready for the next decade when workarounds
| and basically underground techniques will be your only
| survivability.
|
| As MacOS becomes more popular, it seems it has to go to this
| shitty phase, as Windows did back in the day. We got rid of this
| phase with Windows XP release, so around 7 years. For you, who
| knows, hopefully shorter.
| whyenot wrote:
| It's been 23 years (to the day!) since the release of the OS X
| public beta, and it's a mature product. I'm not sure it's
| getting "shittier and shittier," I think there are still
| refinements and improvements, they just aren't as big as they
| used to be.
| sumuyuda wrote:
| The UI has definitely gotten shittier and shittier.
| heyoni wrote:
| And system settings panel is so unresponsive! I think it's
| written in react or something?
| whyenot wrote:
| I don't know about that. Aqua with it's pin stripes jewel-
| like buttons and other quirks was significantly worse than
| what we have today.
| BizarreByte wrote:
| I strongly disagree. Tiger was the best Mac OS ever
| looked in my opinion, but this is of course subjective.
| sbuk wrote:
| Tiger was brushed steel, though it still had the
| 'lickable' buttons.
| saltminer wrote:
| I will confess I miss skeuomorphism, but even if Apple
| never embraced flatness, Ventura's System Preferences.app
| is horrendous. I've become reliant upon the search bar to
| find most things in there, which I rarely had to do
| before.
| can16358p wrote:
| Yup. I absolutely hated that skeuomorphic blurry 3D-like
| design.
|
| Flat design looks much, much cleaner.
|
| Same for iOS. iOS 7 was the first version that I actually
| liked looking at.
| Angostura wrote:
| Strongly disagree. Apple's obsession with making things
| like scroll bars and window chrome harder to see has been
| a usability nightmare for me over the last few releases.
|
| Frequently these days, with lots of overlapping windows I
| try to click the top of a window only to find out I've
| clicked on part of the window behind.
|
| Yes having everything one colour is lovely and 'clean'
| but horrible to use
| deergomoo wrote:
| Apple no longer appears to be able to keep a consistent focus
| on the Mac. They have some really great fits and spurts in
| particular areas (e.g. hardware, they're absolutely nailing
| it with Apple Silicon at the minute) but it's far too common
| for widely-reviled issues to linger unaddressed for literally
| years.
|
| The new System Settings is an obvious one; Sonoma hasn't
| really touched that at all despite its glaring issues. But
| Notification Centre has been borderline useless ever since
| they redesigned it back in what, Big Sur? I saw a Mastodon
| post recently [0] that highlighted how bad it is today
| compared to the old design, yet it's barely been touched in 3
| years.
|
| macOS is stable and established and unlike iOS a lot of
| people rely on it to do actual work, I would rather them not
| mess with stuff than half-ass it and leave it unfinished.
|
| [0] https://mastodon.social/@marioguzman/110997716755684188
| Hammershaft wrote:
| For me, it certainly is getting less stable & more
| frustrating to use with each update. even elements of the ux,
| such as the settings app, has degraded over the years
| BizarreByte wrote:
| That's just modern software in a nutshell, nothing is ever
| "good enough" for designers/companies and they must change
| it no matter what.
|
| The settings app for example was perfectly fine, it worked
| well for what...near 20 years with only slight tweaks. Now
| I have to use the search bar for settings, because it's not
| obvious at all where to find a lot of them.
|
| And yet things that would be useful like a volume mixer are
| still nowhere to be found.
| Hammershaft wrote:
| I mean, there were definitely iterative improvements I
| think could have been made to the settings app, as with
| nearly all software. Instead, apple threw out the design
| for a ux that was clearly optimized for palm sized
| screens that you operate by touch in order to unify the
| interface between two entirely disparate forms of
| interaction.
| hulitu wrote:
| Win XP was shittier than 2000.
| xp84 wrote:
| Not really. The biggest unpopular change was the polarizing
| UI that was simple to toggle off for those who hated it.
| Besides that, you just got win2k plus much better
| compatibility with apps written for the 9x series.
| steve1977 wrote:
| > We got rid of this phase with Windows XP release
|
| I assume you were talking about consumer versions like Win 95,
| 98 and Me (the release we don't talk about)?
|
| The NT based ones like NT 4 and Windows 2000 seemed decent when
| they came out. I guess MS realized that as well and started
| using NT for the consumer releases as well with XP.
| unnouinceput wrote:
| The lack of unification between NT and Win9x before XP was
| abysmal. Basically you had to have 2 partitions, one for
| gaming, one for business. NT was unable to have games, Win9x
| was unable to be useful for business due to sheer blue
| screens. So yeah, I include NT 3.5, NT 4.0 and W2k in that
| shitty phase as well. I know it very well because I've lived
| through it. XP ended that. Hence why, after 20+years, you
| still have the majority of ATM's and plenty of other KIOSKs
| around the world still running XP.
| steve1977 wrote:
| I only ever used NT based systems, but then I also never
| used PCs for gaming, so I was probably ,,privileged" in
| some regard.
|
| But I certainly agree that XP was a nice release, as was
| Windows 7 (in my experience).
| scarface_74 wrote:
| Windows is still shitty. After three years of using an M2
| MacBook Pro for work and having my own M2 MacBook Air, using a
| Microsoft Surface laptop is a death by a thousand cuts
|
| https://www.amd.com/en/processors/ryzen-surface-edition
|
| 1. The fans are constantly going.
|
| 2. Everything causes the hourglass cursor to pop up - even just
| clicking on a button in Outlook
|
| 3. It takes awhile for the screen to redraw. Way back in the
| pre - OS X days, I use to be jealous of how fast Windows
| drawing was in comparison.
|
| 4. Every time my laptop goes to sleep, I have to unplug and
| replug my external USB C powered external monitor.
|
| 5. Did I mention the constant humming of the fans?
|
| 6. Even how it handles multiple desktops is inferior to Macs
|
| 7. Hopefully I can run WSL2 on my work computer. I can't
| imagine being stuck with PowerShell/cmd
|
| I don't even want to think about how bad the battery life is
| going to be compared to modern ARM based Macs.
|
| Yes both my MacBook Air and Windows computer have 16 GB RAM
| wkat4242 wrote:
| Yeah I moved to FreeBSD myself because macOS pissed me off too
| much. It's becoming too closed, too opinionated, too much like
| iOS.
|
| What I loved about macOS originally was that it was a great
| Unix style OS but with a consistent UI and major desktop apps.
|
| Also most major headline improvements in recent macOS releases
| rely on iCloud and because I've always been a multi-os person
| these are not something I can use. Some iCloud stuff works on
| windows but most doesn't. And pretty much none of it works on
| Linux or BSD. Any service I use must work on all.
|
| So after years of getting more and more annoyed with Apple
| removing powerful options and replacing them with dumb on/off
| sliders I just can't deal with it anymore. I still use it for
| work but that's it. At the same time KDE is now mature enough
| to work great. And it doesn't eschew lots of configuration
| settings. So it's become my daily driver instead.
| voytec wrote:
| > During the macOS 14 Sonoma beta period Apple introduced a bug
| in the macOS firewall, packet filter (PF).
|
| Ouch, I'd not go with such statement. Maybe "packet filter (PF)
| (mis)configuration" would be a more reasonable thing to write.
| This reads like a flaw in OpenBSD's pf which is untrue.
| thedanbob wrote:
| But it's not a misconfiguration, it's a bug as the article
| explains. And it's not the author's fault that Apple named
| their firewall the same as OpenBSD.
| voytec wrote:
| It's not a case of naming something similarily to other
| software. OSX used FreeBSD's ipfw and around the time they
| renamed the OS to macOS, they switched to OpenBSD's pf.
|
| Now they've screwed up either configuration or implementation
| but to me - it doesn't read like a bug in pf.
| fullspectrumdev wrote:
| It's a bug in the program named pf on macOS.
|
| It's not that deep. Nobody is blaming OpenBSD's pf here.
| Khaine wrote:
| I believe Apple used FreeBSD's implementation of pf, as it
| also has the same syntax. OpenBSD pf has evolved since then
| and their are minor syntactic differences for some rules
| between freebsd pf and openbsd pf.
| callmeal wrote:
| [flagged]
| LeoPanthera wrote:
| This kind of cynicism is tiresome. The test case involves
| pinging Mullvad, not Apple. If Apple wanted no filtering to be
| possible, they would simply remove pf entirely.
| detourdog wrote:
| or the process they expect is to boot oustisde SIP.
___________________________________________________________________
(page generated 2023-09-13 23:00 UTC)