Not terribly fair. When Windows decided running everything as administrator was bad and to add a visual sudo-like prompt, Apple made fun of them for it, but it was Microsoft reacting to a changing threat landscape then too.
replyVista gets maligned but UAC is a good feature to have around, and Vista introduced it.
replyMy first thought was "But back then those prompts were constant, making them almost useless", though maybe that did actually help by making software vendors rely less on admin rights?
replyThat was the whole point.
replyUAC is not a security boundary. Malware can bypass it if it wants.
replyIt helps to actually enable having to type a password instead of clicking on Yes.
replyHowever yes, security is much more than an UAC dialog.
I mean it has, but the situation is getting ridiculous, I'm at the point where I'm honestly not sure what special set of magical incantations and rituals I need to do to get this process to work, it seems to change between different bits of software and get more complex with time as if Apple keeps finding proverbial bigger fools who can get through this mess without intending to and so they're solution is to keep making it increasingly more Byzantine
replyThe thing that really irks me is I've got a paid developer account with Apple, I've already done the xcode dance, notarized binaries and all that nonsense, shouldn't this have activated some super special bit on my Apple account that says
“this one needs to do random stuff now and again and after saying, `Hey just checking in, doing this will do X to your computer probably, and maybe set it on fire, but if you say "go for it, I promise I know what I'm doing', I'm gonna trust you champ`, finger guns“
(not sure why in my head the personification of Apple would do "finger guns", but here we are I guess :shrug:)
Hell at this point I'll take a checkbox in my settings that says, ”Some people are into extreme sports, I love to install random binaries, just get out of my way“
You shouldn't need the company's permission to run whatever you want on your machine.
replyIt's not an issue of permission, it's an issue of trying to make a computer that's safe for grandma to use. Criminals can and will convince grandma to navigate a byzantine labyrinth of prompts and technical measures in order to drain her bank account. That's the threat model we're dealing with here.
replyIs that really true though? It kinda just feels like a way to force people to have to pay $100 per year, own Apple hardware, etc.
replyHow else are you going to have the ability to revoke malware’s signing keys to get it to stop running on every machine immediately?
replyAt a certain point you have to let adults be adults and make adult mistakes.
replydeleted
replyI think a time-lock feature to enable “I know what I’m doing mode” for a year, after a 48h delay would be ok.
replyOr something like that
I like Chrome OS's approach where you essentially choose your security level at initial setup, and need to wipe your machine if you wish to change it.
replyBut what if a scammer walks grandma through backing everything up, unlocking the machine, installing a rootkit, and then restoring from backup? /s
reply(Joke is on you. You thought you'd be given access to app data to back it up? That's against the security model.)
No, that would still suck.
replyAny inmutable distro with Flatpak will solve this forever. No need to restrict anything.
replyWe should have never tried to let grandma on computers. Wait until the genAI revolution is complete (2027) and she can entirely use her voice and an AI agent in natural language to do things. This but unironically. Gate keeping is very good and keeps enshittification at bay. We see what happens when Apple tried to let in too many normies and wouldn't let them get darwin awards.
replyAnswer to Skeltoac: Isaiah 57:1
I helped my mother out with a computer, gave her a mac after she called twic a wee about a windows popup. Eventually she became a grandmother, and later in old age, with dementia she stlll using the mac more or less successfully to google and e-mail.
Intentionality, coordination are important for keeping cognitive faculty.
It all sounds so easy, but letting her send e-mail through voice could create confusing situations.
replyWe are all creeping toward old age. Let’s be kind to our future selves.
replyWho's to say the criminals won't use a genAI agent to call grandma and social-engineer her so they can drain her bank account?
replyThey pretty much already are.
replyThis attitude is worse than Apple’s.
replyNo thanks.
replyApple is the personified Enshitification among Microsoft.
reply…you don’t, just like you don’t need the bank’s permission to withdraw funds… but they will still try and stop you pulling out $10,000 so you can buy iTunes gift cards to pay off your taxes.
replyAnd you don't. THIs is not iOS, gatekeeper can be bypassed if you know how.
replyIIRC everything you compile on macOS yourself, possibly only when using Apple’s llvm toolchain, already gets the proper bits set to execute just fine. This also seems to work for rust and go binaries. I’m not sure whether that is because they replicated the macOS llvm toolchain behaviour for the flag or whether another mechanism is at play.
replyI don't know about Go, but I think Rust uses the system linker by default.
replyThe command line incantation is just a convenience. You can unblock the app that you just tried to run by going to Privacy and Security in system settings and clicking around a bit.
replyYou used to be able to, but not anymore.
reply