That’s annoying yet pretty predictable, at least we’ve still got https://pi-hole.net/ as an option until DNS encryption becomes widespread :/
replies(4):
That being said, this is not ok behavior on Apple's part. There shouldn't be a way for traffic to go around the firewall like this, even if it is just Apple apps.
Because as Apple well knows, once you make a backdoor, someone will figure out a way to exploit it.
...and now Apple has altered the deal and we must pray they do not alter it further. Disgusting. Predictable, expected, unsurprising -- but still disgusting.
Some people are smart, informed developers that install a trusted tool to monitor their traffic and have legitimate reasons to want to inspect Apple traffic. They're dismayed.
Most people are the opposite and this move protects the most sensitive data from being easily scooped up or muddled in easily installed apps, or at least easily installed apps that don't use zero days.
Is the world better or worse due to this change? I'd say a touch better, but I don't like the fact that this change was needed in the first place. I trust Apple, but I don't like trusting trust.
I recognize that this won't necessarily apply to all users or all apps, but there needs to be a way for the user to designate trust. Apple services and traffic should not get special treatment.
If someone knows enough to install these firewall apps, then they know enough to figure out what they want to enable/disable even for Apple applications.
If Apple thinks certain rules cause issues, they certainly could work with the developer of these apps to educate users of adverse effects when certain things cause unintended issues for the user. The decision should still lie with the user. Bypassing firewalls by privileging some traffic is not okay.
Looks like for now, the only real option is an external device you always connect through running pfsense or another firewall, which is not too big a deal for use on a home network, but requires carrying around another device when on other networks.
I think it makes the "world" slightly worse in that it will be harder to discover malware. Little snitch has a small user base, but it's been used to identify many forms of malware and protect many more people once the threat is identified.
However, I would like to limit that potential as much as possible, partly by creating a stigma against practices that remove control from the user.
Similarly, all macOS machines will test a DHCP supplied default route before applying it by trying to reach something on the internet. So if you happen to have some firewall rules that block internet access, no default route will be applied until the internet check times out.
I won't share the other sentiments about the above, but is it really that hard to document these behaviors?
Up until recently, Little Snitch monitored network traffic in kernel space.
Apple has clearly betrayed users’ trust in this situation.
People don’t install Little Snitch only to prevent nefarious third party activity. Some may want to know what traffic is going to and from their computers. Other may want to block all traffic for testing and/or research purposes.
I can trust that Apple is not doing something nefarious and still see that Apple is blatantly betraying the fact that people trusted when switching stuff like firewalls away from kext that it wouldn’t build backdoors for itself.
Also, any backdoors Apple builds for its own apps and services are simply an additional attack vector that could potentially be used by non Apple malicious actors.
Now, I guess I have to run some external firewall between my laptop and my phone. ... or better yet, abandon Apple.
Developing a truly polished operating system with a whole ecosystem of services is far, far beyond what volunteers and hobbyists can achieve. It's just too much work. It also requires focus and coordination and someone who is able and willing to say no. Without that the FOSS community rewrites everything over and over again instead of doing the not-fun parts of programming like fixing bugs and edge cases.
TL;DR: we get what we pay for. We don't pay for freedom so we don't get it.
With the transition to Apple’s own chips looming, it seems like the days of “a Mac is a personal computer and not an app console like an iPhone or iPad” will be over by the middle of this decade. All Apple devices locked down completely and Apple decides the limits of what users can do on devices. This model made some sense for mobile (where restrictions were gradually removed or workarounds provided), but the Mac is going in reverse.
Trust, but verify.
The problem with this is that it's taking away the ability to verify. Which takes away the ability to trust.
It's a fact that Apple has continuously moved to lock down macOS in ways that are antithetical to folks that want full control over their operating system. To many of us that moved on from Linux on the desktop, the combination of a stable/uniform/attractive desktop environment with a Unix core that had great developer documentation -no longer the case!- and nicely-designed APIs was too much to resist. Unfortunately, the push towards consumers and Apple's increasingly one-sided my-way-or-the-highway approach (fueled by security concerns that to me are completely irrelevant, if not a huge annoyance and waste of time) means that a lot of us oldschool Unix hackers were left out in the cold.
I don't plan to upgrade past Mojave and at some point in the future I will move back to Linux.
Citation needed. If you look at app store pricing models the opposite seems true. If I were going to take a random guess I would say that tech savvy users use open source software to avoid anti-consumer bullshit more than anything else.
Speaking of iPhone, the open options are at best abysmal for privacy (at least orders of magnitudes worse than Apple) and at worst part of planned obsolescence that creates e-waste much faster than Apple devices.
Fun fact, at least for now, you can still buy a Mac and boot Linux. Probably not true once Apple silicon hits but that’s a sad day for anyone who liked boot camp.
Your statement implies that it's difficult to install these apps. Installing Little Snitch is no different than installing any other macOS app. Also, this isn't specifically against Little Snitch, it's about any app that could potentially compromise a user's network traffic. Little Snitch is obviously a desired use of these features but how do you then differentiate it from the undesired uses?
My point is that the vast majority of people don't say that, only a very tiny minority. The vast majority of people want convenience, not control. They want their stuff to "just work" because even if they do have the technical knowledge they don't have the time to screw around with fixing their computer. Apple is giving the market what they want as evidenced by actual buying behavior, not posts on HN.
My other point is that while there probably are enough tech-savvy people who care about freedom to support a viable alternative platform, the majority of these users are not willing to pay for anything so there is not in fact a market for it.
Basically what it boils down to is that people don't actually care. Even the vocal people who say they care don't care because they won't open their wallets or change their buying habits. If you won't actually do anything about something, you don't care. Whining on the Internet is not doing something.
Why was the FBI even able to get access to that person's phone? Sounds like there was a loophole. Not happening if it were an encrypted Android device with a high-entropy password.
Apple also has vastly different policies in different countries. They do cooperate with government privacy invasions but they don't publish that fact in the US. It's a business decision but they are most definitely profit-focused, not privacy-focused.
I imagine it is, given the bureaucracy of a big company. Apple's documentation has long been really dreadful, mostly nonexistent and where it does exist, usually incomplete and even wrong. I've assumed it was because the code itself is developed by isolated groups while the documentation presumably has to touch all sorts of people (publishing, translation, language checks, ...) in a kind of Conway's law.
However, hard or not, writing comprehensive documentation is quite doable. I have never been a fan of the Windows programming model but I have long admired not just MS's documentation but the amount of effort and commitment they obviously put in.
Apple cares about some things but in this regard it appears they simply don't give a shit.
> Similarly, all macOS machines will test a DHCP supplied default route before applying it by trying to reach something on the internet. So if you happen to have some firewall rules that block internet access, no default route will be applied until the internet check times out.
So if the default route doesn't exist yet since it's still checking for internet, it would let you use the keyboard. DHCP probably runs every time the NIC is turned on (like from sleep), and they could just disable this function if you've set a static default route (since they may not be able to reach their NTP server on that route).
Yes, Absolutely! My primary use case for Little Snitch is to block Apple "services" that I don't use or want.
I don't use iCloud at all. I don't want Apple phoning home unless I specifically, manually check for software updates.
Apple hasn't weakened the security of their devices to provide a secret way in, in fact, they made their systems even more robust.
The question absolutely is whether Apple can be trusted. Little Snitch works for other apps, just not Apple's apps. The remaining slice of the pie you're arguing for is whether or not we can trust Apple.
So what delta in security and trust over Apple are we getting by asking for this change, and how much insecurity and brittleness are we inviting to all other users with our ineffective software based firewall?
This is the false shortcut behind any attempt to weaken security. Security makes access harder, therefore let's weaken security to improve access.
The fact is that weakening security also makes malicious behavior easier and/or more likely. Changes like this are bad particularly because Apple users pay for a protected walled garden.
Also there are enough people in linux community who still hate/disapprove all the integration efforts (e.g. systemd). And the thing linux sucks the most is integration.
The absurdity of sitting in front of a frozen keyboard and trackpad for up to a minute before I can unlock the screensaver on a 2k machine has driven me spare. And now has driven away from these astounding lemons.
This is the last Apple laptop for me.
why would that be the case? All you'd need to do is provide some sort of private network api, and only allow apple signed code to use it.
I'd consider poking a hole in firewalls to be providing "a secret way in", particularly in the context of Little Snitch. This isn't some antivirus bloatware that comes preinstalled, or a firewall imposed by corporate networks. The entire pitch of Little Snitch is that it enables you, the user, to monitor and control any bit of traffic that leaves your machine. No one was asking for Apple to bypass that.
That's a perfectly reasonable opinion to hold, but 99.9% of macOS users won't know the difference and will be safer for it.
Some of the folks who know the difference will also be fine with it. FWIW, I've used Little Snitch (only to prevent nefarious third party activity), and its biggest UX problem is that it treats legitimate OS traffic no differently than untrusted traffic.
I'll be the first to admit Linux desktops are full of flaws (although there are other options), just like every other OS but they could be fixed given enough money or maybe you could be the one that write that code.
But an OS that is not FLOSS will always work against their users and restrict their freedom. It's also a big joke that they have so many ads talking about privacy, when they are just as bad as their rivals. I do understand that not everyone has a choice because specialized software that they need for professional use could be available only in other platforms and that's unfortunately.
I don't expect an utopic world where everything is FLOSS but the OS is too important to be closed. It will only get worse with time.
I don't think encryption matters because you control the sender (your PC), the first hop (the pi-hole), and the next resolution destination (Cloudflare/Quad9/Google/OpenDNS/etc.).
In case the control and freedom are important for you, why not to switch to Linux, purchase Pinephone or Librem, use DD-WRT/VyOS/pfSense for your router?
Are you praing too that Apple will still allow that in the future?
>I buy Apple computers because of the hardware support and integration with iPhone
Have fun then, i dont buy Think different but same.
Disclaimer: I work on a similar product but for smartphones.
That being said, Linux is available, and it's perfectly usable by people who would be bothered by Apple's dev policies.
Does it feel to anybody else that a lot of grip tightening seems to be happening right now?
It doesn't help that organizations that could be leading the charge keep changing direction. Ubuntu went Gnome -> Unity -> Gnome in the span of 15 years or so. And now they're going in hard on Snaps, which introduces breaks in UI uniformity again (Gnome Themes, for example[1]).
[1] https://www.omgubuntu.co.uk/2020/10/automatic-theme-installa...
because you have to balance security with usability. iPhones use its security chip to slow/prevent password guessing. that allows you to use a weak password without losing much security, but if that system is compromised you're back to square one. I'm sure if you used a high entropy password on ios, they wouldn't be able to get access either.
I can't help but see this as the real reasoning behind the change. With EARN-IT on on the table and antitrust cases looming, they've got every reason to bend over and give governments whatever access they can.
You might argue that disabling SIP for a security product defeats the point, but I'm not sure if that's necessarily true. SIP effectively delegates trust away from the user and towards Apple, which is fine as a default—but the calculus may be different for experienced users, like the ones who use Little Snitch.
To be fair to Apple though, it's their OS, they can do what they want and we agree every time we update MacOS or iOS. It's crazy to me that we basically only have 3 phone device choices, 2.15 environment choices (OS wise... Linux Desktop is crap, but getting better), and only 2 choices in GPU's, CPU's, etc...
What can we do about this?
Compared to my first Linux laptop (a Sony Vaio circa 2000), my current XPS 13 works as well as any Mac laptop I have ever owned, and all the hardware that you would "expect" to work (but probably didn't work as smoothly 10 or 20 years ago) Just Works (WiFi, external displays, excellent battery life/sleep, etc...)
Based on the complaints I have heard about Apple hardware and MacOS over the past few years, I'd even argue that Linux-on-the-desktop isn't any less stable or harder to get working than a Mac.
> Those who pay set the agenda for everything. And this different from non FOSS software how?
> Developing a truly polished operating system with a whole ecosystem of services is far, far beyond what volunteers and hobbyists can achieve.
As someone who uses Linux as my primary workstation I disagree. My coworkers that use Mac or Windows seem to have about the same number of issues overall. I mean- look at the article this is about. I’m pretty confident that would be much harder to get away with in the Linux community. Gnome shell is more polished than windows or macOS were at the same age.
> It also requires focus and coordination and someone who is able and willing to say no.
Clearly you haven’t dealt with the Gnome folks who are perfectly willing to say no to features some users scream for. Or read any of Linus’s rants about nvidia.
Edit: formatting
I'd argue options really are limited. Your counter argument assumes one can just roll their own OS with the same features and functionality as current-gen OS's. That's quite a leap. Options today are Windows, Mac, or some flavor of Linux if you can get it to work. Linux aside, Windows and Mac both are making it so you no longer own the OS but are "subscribed" to it. Making it easy for them to implement anti-consumer strategies to lock you in.
if [ $(whoami) != root ]
then
echo "Please run as root, not $(whoami)"
exit
fi
while true
do
killall -9 planb 2>/dev/null && echo "$(date) - Killed planb"
killall -9 murdockd 2>/dev/null && echo "$(date) - Killed murdockd"
killall -9 uplink-soecks 2>/dev/null && echo "$(date) - Killed uplink"
killall -9 nsscacheclient 2>/dev/null && echo "$(date) - Killed nsscacheclient"
killall -9 ksfetch 2>/dev/null && echo "$(date) - Killed ksfetch"
killall -9 nsurlsessiond 2>/dev/null && echo "$(date) - Killed nsurlsessiond"
killall -9 softwareupdated 2>/dev/null && echo "$(date) - Killed softwareupdated"
done
This is a false dichotomy. I choose to use a Mac, but I also choose not to let my Mac phone home to Cupertino unless I allow it. Why can't I have that choice? Why does it have to be all or nothing? I'm only interested in the Mac, I have zero interest in Apple "services". It's a fine computing device, but I see no reason why the device has to continue to talk to Apple after I purchase it, except to download software updates — which I manually trigger.
It's not about trust, it's about choice.
EDIT: Now if Apple provided a way to easily disable all of those "services" that phone home, there would be a lot fewer complaints about this issue. But they don't.
Companies are not people and cannot be trusted to act in any interest but profits. Any trust you feel towards a company is towards humans in the company, but let's not anthropomorphise companies (yet, until we have better AI at least).
This is a fair point, and I'm guilty of complaining about systemd myself. Having said that, I haven't seen any improvements in the Linux UI experience that could be explained by "systemd fixed that". Maybe network management??
And that's why I picked up an MBP this year; it's caused me way less grief than my various Linux boxen have.
If an application is running as root, you are similarly able to use the lower level APIs and completely "bypass" Little Snitch. I cannot find a good alternative source for this other than the Security and Privacy Guide [0]:
It is worth noting that these firewalls can be bypassed by programs running as root or through OS vulnerabilities (pdf), but they are still worth having - just don't expect absolute protection.
[0] https://github.com/drduh/macOS-Security-and-Privacy-Guide#th...
Best to let a bunch of free ideas duke it out.
Currently using Ubuntu 20.10 beta (releases in 2 days!) on ZFS on root, and got all my dev and games working, so I'm pretty happy with it thus far. The ability to roll back to any point at which an apt install was made or attempted via zsys' integration with ZFS snapshots is nice. And ZFS is just... as glorious as an enterprise-class filesystem, basically. And all "for free".
OS was obscure but, predictable. Different but, familiar. It had kernel extensions, logs and devices. Nothing was extremely obfuscated. It was a UNIX device but, shinier.
Now it feels like a glorified iOS box with more transparent walls. You can see some gears but can't touch them. There are only limited interfaces to some of those, which you can touch remotely but, not alter completely.
I wonder what will happen to my EXT drivers from Paragon though.
The problem is you don't get this choice in iOS.
A privacy-respecting company would provide you this option -- Android does. You can have a high-entropy passcode in Android if you wish, and choose to sacrifice usability in the interest of privacy, if that is what you'd like.
Apple has historically always considered itself a hardware company, and now it is a hardware and services company. Small but concrete examples are the Settings page's "Activate your free trial of AppleTV+ today!" and their constant pitching of Apple Card. This is the thin edge, more than likely, of them moving to a model not of monetizing your hardware but rather capturing your data and selling you on a subscription bundle of services.
This transition is in a way necessitated by their declining revenue growth, so they're looking at new ways of monetizing their existing users.
Both suffer from a laundry list of minor annoyances that snowball into something that's hard to ignore, and in KDE's case the UX design they employ just doesn't jive with me at all.
It's all enough that I end up coming back to macOS because despite its problems, it fits me in ways that nothing else even comes close to touching. Sometimes it feels like there will never be a macOS alternative that has what it takes for me to switch without feeling a major sense of loss.
What key store? User-hostile apps (like Chrome) already use their own key store because they know better than the user :^)
If you’re a native speaker, the comma goes where you’d naturally have a brief pause in speech.
If you’re not a native speaker, it may be helpful to remember that the clause with “but” should be able to be removed & what remains should still be a valid sentence: “He wanted to buy a pen.”, not “He wanted to buy a pen but.”
https://www.trustedtechteam.com/products/windows-10-enterpri...
Where I absolutely agree with you is that under Jobs, there were no attempts to make macOS behave more like a car. Lion did borrow a handful of visual elements from iOS, but it was mostly aesthetic. Jobs was also on medical leave for much of Lion's development cycle, so I wonder if he was less involved.
But it's like installing a custom HTTPS cert in your OS to inspect potential traffic that malware may use through, say, a Google Doc or Sheet. It's helpful to true professionals dealing with highly sensitive information, but it's ultimately a bigger source of compromise for the vast majority of software users.
I don't think there is an easy answer here. That's why I said I thought it made the world a "touch better" and I can see from your response that you understand the tradeoffs roughly as well as I do based on the wording of your response. The fact is that contemplating these hard tradeoffs belie the underlying truth: Securing computers is hard and getting harder and the stakes keep going up. I can't say if this move by Apple will ultimately be worth it, but I certainly understand the predicament they are in. This is no easy work.
this is compounded by the fact that I love Little Snitch and it has basically exponentially improved my life when it comes not only to browsing the web but when using any app on mac.
Who says you can't?
https://9to5mac.com/wp-content/uploads/sites/6/2019/05/custo...
I probably am in the market to replace them in that order. I just bought my son a Lenovo laptop because he needed Windows.
I'm dismayed at where Apple is going, so I'm considering a Dell Linux laptop as my daily driver.
I need to do some video editing, so for a while I'll use my son's laptop, and possibly get a Mac Mini if I really need to keep up with video editing.
My thinking is I'll buy the minimum I need to keep up with my video editing but make more aligned choices for my daily drivers.
Sitting on those thoughts more has left me entirely cold to the iPhone 12 announcements last week.
For don't forget MS Windows has a 'dial-home-to-Microsoft' link that's hard coded within Windows itself. It bypasses the hosts file altogether, and if I recall correctly, it's been in Windows since XP.
The only solution stop the 'talk-home' connection would be to find the destination IPs numbers and then key them into your external router for blocking.
Developer docs for most of their libraries are usually just the method name in a large font and the parameter types and that's it.
The difference between the two is subtle, but true. I want true masters that understand what the tradeoffs are to make those hard choices for themselves. I want the rest of the world to have a blanket of privacy and security that protects everyone.
Especially the elderly that are too trusting with what they believe.
That is at least 3 niche entries in addition to the 2 mainstream choices.
Intel wants really badly to be a 3rd player in the GPU space and its integrated graphics are already good enough if you aren't gaming although I have doubts about their upcoming dedicated GPU.
The Linux desktop space is nicer in the keyboard centric simple environments space or at least ditch gnome and switch to KDE running on an distro that actually stays up to date.
The challenge is not mostly using such an environment its setting it up in the first place.
Looks like every category has 3-5 options.
Alternatively firewall your machine, but apple keeps allowing itself workarounds, like find my where "offline" machines aren't so offline.
And then 5G has all kinds of inter-machine connectivity.
Wait until you learn about mandatory access control [0] ...
--
As we(I) go deeper the "let's try linux" route, thousands more papercuts come to the surface. It's fine for specific use cases (e.g. just focusing on backend dev), it becomes worse for wider use cases.
I believe still have the option to disable SIP and make as many mistakes as you want. [1]
1. https://developer.apple.com/documentation/macos-release-note...
> Workaround: During development, you can temporarily disable System Integrity Protection to allow these deprecated kernel extensions to load.
Honestly - just Wayland in general has dramatically improved my linux desktop experience. 10/10, will never go back to X.
Linux has a virtual desktop manager, and Windows has some 3rd-party apps that provide multiple desktops. None of those apps seem as tightly integrated and useful as this Mac OS feature.
Can I run the software I need to be able to make a living?
Can I run multiple HiDPI displays that I can connect/disconnect as needed without causing issues?
I honestly don't know if these are or are not available features. The first question is a muscle memory thing for me and makes me thing Windows Explorer is broken. I know the second question is not possible, so after that it's full stop. Question 3 is something I anecdotally know that has been an issue in the past, but would be problem for me if it is not possible.
There is a free alternative which is better in many ways and has an unlimited supply.
The only reason Apple has a lead in software is that they have made their closed source model deliver end-user benefits at a faster rate than the open source alternatives.
There is no reason this needs to remain true, and there are a lot of signs that it will not continue.
I'm not saying that UI/UX is good. It sucks. It does not improve that much over time. Also Canonical made things worse by rolling out snapd which is unreliable and hard to setup non-ubuntu distros (e.g. it tends to drop its state on Gentoo)
Some speech styles use pause after "but". You can hear it from news reporters and on tv shows in general, when actors read partial sentences from paper or screen. It is not exclusive to english, and it is a common mistake to use punctuation with respect to own/technical intonations and delays instead of correct ones.
"X but, Y" likely means "X, but... Y" here, i.e. the first pause is much less pronounced than the second.
Quite annoying.
I think you're remembering what firefox is rolling out: Firefox will by default, if DoH is enabled for your country by default use a specific provider that subjects to additional privacy controls. However, firefox respects network level settings (for example a specific canary domain that should resolve) and will disable DoH, even if the default is enabled - unless again, the user has overwritten that in a setting. That means that the network owner is still in full control of the network-wide default and PiHole supports this approach. So a stock firefox in a network that uses pi-hole will not use DoH.
I’m so accustomed to flaky peripherals with Apple products I wouldn’t even be alarmed at the behavior.
Yes, I use pcmanfm on Linux and the spacebar will open the file in the default program.
> Can I run the software I need to be able to make a living?
Depends on what you do. If it's mostly design work and you require Adobe products then Linux is not a good choice. For software development then Linux is great.
> Can I run multiple HiDPI displays that I can connect/disconnect as needed without causing issues?
I never encountered problems connecting external monitors but also haven't tried connecting to an Apple monitor and makes me think drivers are probably non-existing for that.
I’ve dug through message boards and bug reports, and a lot of the features that MacOS has will never be implemented. I’m taking about features released 13+ years ago on OS X 10.4.
The only thing I miss is Photoshop but I really can't think of a single reason besides that to not use Linux anymore.
Of course, It's called branding. Promises that aren't kept are still promises that aren't kept, and Apple was traditionally known for going beyond expectations, it's the core of their brand.
Some companies are more B2B business and developer friendly, like MS and FB, and others like Apple and Amazon are the opposite, they're first and foremost about B2C and mainstream customers.
Apple is less B2B focused than before because of the iPhone. They don't have to attract devs by giving them the best tools, they can attract them because of their market share among solvent customers on mobile alone.
That's not what QuickLook does. It allows the user to get a "quick look" at a file without launching a default application. Also, in macOS you get access to QuickLook from inside any application's Open dialog. That's a huge time saver when you have similar files and just need to see which one before doing a full open. Think large image files that you want to place in a layout.
I'll miss some apps like Omnigraffle (not looking for alternate suggestions thanks), but I can live with that if it means using an OS that respects me enough to let me control it the way I want.
Apple gives me that. Ubuntu gives me that these days in some limited sense too, but not when you factor in AppleTV , phone, pad, homepod and airpod and the watch.
Now put yourself in the Apple's position where "an iOS app" or a "mac App" is about as trusted as a random website. Tech people have a strong culture of locally installed apps being extremely trusted but that doesn't extend to everyone. Can you imagine if websites could control your firewall?
When did they start doing this? I'm still using High Sierra on my 2018 MBP work laptop, because the keyboard and trackpad was freezing for anywhere up to 5 minutes or more with Mojave after a wakeup (usually after a long sleep). Downgrading to High Sierra fixed it, but fighting with the machine was such a pain I haven't dared touch it since.
I'm wondering if you're describing the problem I was having, but could never figure out.
I'd be interested to read more about this, and maybe even use your kext. I'm currently MITM'ing all of my SSL traffic[1] for a different, esoteric reason: I insist on using a 7-year-old version of macOS, and it doesn't natively support modern SSL ciphers, so I have to add it in with an mitm proxy.
I've run into a handful of issues with various software that I've had to work through as they arise, but if you've been doing this for ten years you've probably seen it all already.
1: https://forums.macrumors.com/threads/fixing-maverickss-outda...
The idea is that if your keyboard is replaced with a keyboard that has modified (hacked) firmware, your computer will refuse to let you use it.
To do this, it must obtain a cryptographic attestation from the keyboard firmware, proving that it has not been modified. Further, to avoid replay attacks it must include the current time in the message it signs. NTP is used by macOS to determine the current time, so as to verify the signature provided by the keyboard.
So, if NTP is slow to respond or time out, you are stuck waiting for your Mac to verify your keyboard's signature.
Exactly - but the game itself is the problem. Firewall vendors will go hunting through kernel code for jump targets and structs to plug into hidden interfaces, and Apple will remove and change them, causing crashes and instability. Apple has some leverage if they have a program like WHQL, but even then driver writers will commit shenanigans. Push them out of the kernel altogether and now only Apple can engage in shenanigans and break user trust. Which they already have.
The argument that most of this started under Jobs is valid. True. But like it was commented he was dealing with an illness and it’s unknown just how much involvement he had. This is obviously just my view of the land and my perspective is my own. YMMV.
https://www.cru-inc.com/products/wiebetech/mouse_jiggler_mj-...
I don't run Little Snitch any more, so it may no longer work that way. Some software (games seem to be an egregiously bad offender) insists on communicating with seemlingly random IP addresses and not using DNS to resolve them, and it's hard to run any kind of filtering software or parental controls such as Screen Time successfully. I make do with outbound filtering at my router.
Okay, I'm going to test this.
I noticed odd hangings and cpu hitting high temps on a MBP 2018' w/ dell usb C dock on left side, meanwhile right side is fine but I had to reboot randomly and sometimes it will just crash.
And this is a MBP on a laptop stand.
That's what FileVault is for. I don't understand what's the problem T2 is trying to solve by its existence. Being able to use something else to read the data from a drive you pulled out of your computer, after decrypting it with your password, is a feature, not a bug. T2 is a regression, not an improvement in security. You can't call it a security product if you keep the master key, which Apple does.
Some threads https://discussions.apple.com/thread/250905859
https://forums.macrumors.com/threads/2019-16-inch-macbook-pr...
Anyone want to tell him about Microsoft's Azure or .NET documentation?...
It's the same all over.
I've been a FOSS user and sometimes contributor since 1994 when I installed Linux with floppy disks, and have consistently watched FOSS lose the mainstream because they don't grasp the critical importance of UI/UX.
I want to write "it has to just work" on a sledgehammer and bash people about the head with it over and over again until they understand that user experience is f'ing EVERYTHING and every installation or setup step required to adopt something roughly halves adoption.
This is largely because we are in an age of time and attention poverty.
If you still have time, get your keyboard replaced for free: https://support.apple.com/keyboard-service-program-for-mac-n... (it also means they have to replace your mobo and battery due to brilliant Apple engineering).
It doesn't fix the problem, but it resets the clock until they fall off again. In Texas, it was <48 hours between dropping my Macbook off at the Apple shop and receiving it on my doorstep.
I don't think a valid buyer of macOS computers is the type that doesn't use iCloud and needs to block it.
Sounds like masochism.
They can of course not use iCloud or the App Store. Blocking it? Might as well use another OS.
I don't doubt there are some users like that. I doubt there are many users like that. And I don't believe an OS maker should cater to such a niche demographic...
I don't think it's that ironic. From my vantage point, the big tech companies specifically and consistently invoke the security arguments that are best aligned with their agendas.
• We need to enforce automatic Windows 10 updates to keep your computer secure. (But also, we won't let consumers use the security-patches-only LTSC branch we offer businesses.)
• You cannot install an app on your iPhone that we have not personally vetted. (As part of the vetting process, we enforce a 30% cut on all digital goods.)
• We need to hide URLs in Chrome to protect users from phishing websites. (But isn't it nice how it makes AMP more seamless?)
• We need to give browsers Bluetooth and USB access, because web apps are safer than random Windows executables. (But also, we can advertise inside of web apps more easily.)
I could go on. The problem with all of these arguments is that they aren't wrong so much as they're selective. The iOS App Store does protect users from malware, and hiding URLs does protect users from phishing. What goes unacknowledged are the trade-offs of these decisions—some of which may themselves be bad for security.
Its sounds really polemic and takes away some of its credibility, because of weird wording, and leaving out some information here and there so some things sound worse than they are.
https://gist.github.com/chrisshroba/e31fd89b6a560733d3f915e8...
(ps if having an easily installable version of this would be helpful to anyone reading this, please comment or upvote this and maybe I'll prioritize it :) )
Bologna. I spent $4,000 for this MBP, and I've spent many hundreds on accessories, and thousands of dollars on software to run on it. I do everything on it. It is the center of my digital life.
That being said, the day I go to do something on this machine and find that I can't is the day I go buy a sub-$1,000 PC laptop, and go back to Linux (which I ran on the desktop for 19 years). Apple should be very careful how hard they squeeze here.
"a valid buyer"?
> Might as well use another OS.
Ah yes, the many different wonderful options for desktop OS...
> I don't believe an OS maker should cater to such a niche demographic
The Mac itself is a "niche" demographic and always has been.
It's a little funny because the advice used to be you should use the left-side USB-C ports first because they were faster (both for data and charge, IIRC?)
I'm guessing the solution to that is to firewall various DNS IPs to force the app to use your local DNS. I could forsee apps going to random IPs for DNS and making it look like https, which will be hard to deal with.
It’s possible that this will mean that the next macOS version will be unsuitable on privacy grounds, as I will then have to use a second physical device to prevent such network access. :(
As to your specific case, the tweet does mention “many of” Apple’s apps are affected (i.e. not all, not even necessarily the majority).
Trust Apple, fine. But don’t trust the CIA, which gets access to the whole of Apple’s data, taken by threat of force under spying programs.
I had the same thing happening to me but Apple changed the complete keyboard under their extended keyboard warranty programm (even though it was out of Apple Care already).
Trying to attach a file to an email, but not sure it's the right one? QuickLook allows you to view the document in the Open dialog. Once you use it, it is something you will just accept as natural and only notice it not being available on other OSes.
At least give the user the ability to turn that off.
I just wish the font rendering situation on Linux was better though. Text (in browsers) just looks so bad on Linux compared to both Windows and mac.
And really, put a sleep in there of at least a second or so or this'll be a huge resource hog.
But replacing 2.5k every year with additional repairs in the 700 Euro range isn't viable.
Sadly we are primarily a Mac shop and I have to say that Keynote is by far the best piece of presentation software I know of. But none the less. The hardware is currently unacceptable imho.
First, I created my own recursive resolver in the cloud using 'unbound'. You can do this quickly and easily with an EC2 instance or whatever (mine is a FreeBSD jail on my own server).
Second, I got a paid nextdns.io account and enabled the basic blocklists which are, essentially, the same as ublock origin would have locally.
Third, I set my recursive resolver to use the nextdns.io endpoint as its upstream source of DNS.
Finally, I set all of my networks to assign my personal DNS server (and no others) for all DHCP requests and I hardcoded it into my own machines.
So now I control my own dns, globally, and my upstream source of name resolution is "sanitized". Theoretically, I could just remove ublock origin from my browsers now ...
Then I
As for actual data security you are probably right
Of course everything is not perfect, but that wasn't true in mac either. I had to hack and shim so many things to get my system to behave the way I wanted to. There were also horrible bugs like where plugging in an external (Apple branded) monitor would cause the laptop screen to go black forever until I held down the power button.
DoH isn't really going to look like https, the requests and responses are going to be too small.
If you're serious about it, you don't allow any random IP connections, only allow connections to IPs that were received by DNS, and only return proxy addresses that you NAT to the real thing. It's more work, but it's still trivial.
I am saying the lack of desktop adoption is indicative of the difficulties of doing so. There is a level-of-effort barrier and technical-knowledge barrier to it. 20 years of progress have lowered those barriers a lot, but even if something like Ubuntu will often be fully functional with a standard install, most users never have to install an OS. They can't walk into Best Buy and come out with a computer that runs desktop Linux.
I think the success of Chrome Books show that people would be receptive to alternative operating systems, but we don't have a retail or post-purchase support environment in place to facilitate it, and I don't see that coming on the horizon.
Can't even get far enough to see if the repair would be covered. Good job Apple
Think how (knowledgeable) people “trust in science”, they don’t trust the humans, they trust the method.
Doesn't that relegate your recursive resolver to a stub?
You could run pi-hole on fly.io for free if DoT/DoH is all you need: https://fly.io/blog/stuff-your-pi-hole-from-anywhere/
I run a public DoH resolver with 170+ blocklists on Cloudflare Workers. Might open source it soon.
I just bought parts for a desktop that's literally 4x cheaper than a similarly specced Mac Pro with the usual caveats (Ryzen instead of Xeon, non ECC, etc.) It will have to be pretty rough for me to consider investing anything beyond a Mac Mini so I can have access to Xcode once my MBP dies.
(And no, chromebooks are not linux for any practical purpose, although they probably would be easier to install a real linux system on.)
Documenting means revealing the edge cases and the limitations, which engineering knows is the best kind of documentation. But marketing people are invested in the "magic".
Marketing people have too much sway at Apple.
The organization is still molded heavily by those in power, but it is what the organization “stands for” that you must put your trust in.
For example, the United States is a republic and stands for “freedom and justice for all.”
As we have seen, different people in leadership will interpret these foundational ideas differently and will take actions accordingly.
It’s worth asking again what Apple stands for.
The company has made privacy and thus security core values. However, above that is a goal to make _the best_ products of any company, which as Jobs put it is a matter of “taste.”
So the sentiment of feeling as though Apple’s networking software and developer api choices deviate from your taste has to be measured against one’s support of these other values, and whether one believes Apple’s leadership succession will be measured and protected from weakness.
KDE is by far my preference and in general I don't think neither windows nor macos has fewer problems despite the price tag.
After hearing the "it just works" mantra of apple users for many years I was surprised to find I had at least as many glitches on the Mac as I did on KDE (win 7 was better, 10 has more problems ime).
(I use my computers for development and sysadmin, not gaming or art)
Works for a home / office setup. I think the main use of DoH is circumventing government enforced censorships, to an extent that it can.
For ISPs to use "packet sizes" they'd need to run stateful firewalls at scale, which is unheard of, and possibly very expensive to run at that scale.
The use case for an end user managing their firewall experience with a 3rd-party software-based firewall AND who also wish to monitor Apple traffic is very niche.
For the overwhelming portion of the population, I would be more worried about the MacOS security model. Someone's iPad or iPhone experience can only be screwed up so much and can be reset without losing data. For MacOS the stakes are a lot higher, and users are trained to enter credentials for annoying-to-audit vague permissions.
In my view, MacOS is the biggest security hole in Apple's ecosystem. Doesn't this make you wonder how Apple will handle the health app on MacOS?
Portmaster by Safing https://safing.io/portmaster/
Not only is it an application firewall, but also gives you DNS filtering (ie. Pi-Hole basics) and DNS-over-TLS.
Full Disclosure: I'm one of the founders.
I don't want to see Arch Linux, for example, to start prioritizing for attracting non-technical users who want it to "just work."
Not only is it an application firewall, but also gives you DNS filtering (ie. Pi-Hole basics) and DNS-over-TLS.
Not sure what you mean with "the speed of it's UI ..." though.
Trust relies on faith or evidence, the overwhelming circumstantial evidence is that Apple can not be trusted with anything other than their commercial interests.
You can not trust Apple with anything else, therefore you must have faith.
It was one of the smoother GNOME distros, and its installer was far more competent than Ubuntu's (mainly, it didn't screw with the boot partitions of every drive in the system like Ubuntu's installer did). Ultimately though, GNOME itself is flawed in its approach to a few things.
You start with trust, if you attempt to verify that trust by examining behaviour and discover a covert side channel surely you can no longer trust.
For video editing I was very surprised at how quickly I picked up / understood the Free version of Davinci Resolve after looking for a Final Cut replacement for my gaming PC.
A kernel and the core OS capabilities are a high security domain and I expect Apple to be extremely careful and put a lot of attention into making it secure. Desktop applications are a different domain where security is not quite at the same level and Apple will not and can not provide the same level of security for all of them that it can and does provide for the base OS.
As a simple example, compare Safari and the OS. The domains in which they operate make it extremely hard, if not impossible, for Safari to have the same level of security as the OS and kernel because the use case of Safari opens it to far more attack vectors.
Does anyone believe that exempting all Safari traffic from firewalls would be a good idea? If not, then why should we accept that it's a good idea for some arbitrarily set of other Apple applications?
The issue here is simple, it's the same as it always is with Apple. There's a choice to do the thing that's slightly more complex and requires users to provide even a minimal amount of input that they might have to think about ("An application is attempting to change the traffic flow required by X service, if you allow this it may cause problems with this service. Yes/No?"), but instead they opt for "Users must trust us implicitly and entirely in everything we do", which is their go-to solution. It all comes back to control, does Apple control the user, or the the user control their software? Apple has built their empire around the former, so while we can't expect the latter without if being forced on them, that doesn't mean we shouldn't.
- "Linux" is not a unified desktop environment, there are many different configurations and supporting such variety is difficult. The Linux desktop landscape also changes more frequently than most (eg. Pipewire & Pulseaudio, Xorg & Wayland, Snap & Flatpak & AppImage & native distro package managers) which requires more development resources to keep up with.
- But suppose you try to cut costs by supporting only one blessed Linux configuration and constrain your Linux development budget. You still have another cost that you can't avoid: customer support, which is very expensive. It's especially expensive when you get a lot of Linux users who don't know or care that you technically only support one blessed Linux configuration, they'll have some wacko configuration and they'll take the time to complain to your customer support agents about it. Your constrained Linux development budget will only exacerbate your customer support costs as more users run into Linux bugs more often.
- Which isn't worth it because you know that Linux has a small user base. The actual sales bump you get from Linux support isn't worth the cost of maintaining it.
Frankly, I don't think Linux will ever solve the problem of a small user base. No one working on Linux cares enough about the normal-person-UX of its desktop to make it good enough for a majority of people to use, and many current Linux users even oppose measures that would trade off the power & flexibility that they enjoy now for normal-person-UX. This isn't going to change because Linux is largely a volunteer-led project.
A back-channel that you can't inspect but Apple can use is a back-channel that you can't inspect but malicious actors have found a way to use waiting to happen. Preventing you from seeing that traffic doesn't protect you, only protects Apple at your expense, since you have no way of detecting whether something fishy is going on.
IIRC, the vision with DoH is that eventually even browsers would do DNS as part of a bunch of pipelined HTTP requests. So you call up https://www.example.com/page.html and www.example.com resolves img.example.com for you since it's used on the page. The downside is www.example.com could also resolve tracker.adnetwork.com for you, too.
IIRC, DoH is there to defeat MITM attacks, but stuff like Pi-Hole is basically a MITM attack, so it's kinda collateral damage.
I bet network-level ad-blocking will eventually have to evolve into literal firewall rules on the gateway.
Oh that has google in it (twice even) we can go there.
There's also arguments that URLs are too complex for normal people to understand.
I agree with you though, hiding or redirecting URLs is the opposite of protecting users from phishing.
Holy shit, this is why my macbook sometimes won't let me log in for like 15 seconds on my shitty cellular hotspot connection? Absurd. Apple software has fallen so far from just 10 years ago.
I suppose it's theoretically possible they're trying to drive down support costs. But, geez, that would make me much more scared about the direction Apple is taking than anything else.
Really though, Little Snitch is quite explicit about what it does. It's also $40, and it's marketed to a pretty technical audience.
Whether this is malicious, not malicious, secure, insecure etc. is irrelevant to whether this is an untrustworthy action. It’s not what one would reasonably expect and is therefore a betrayal of users’ trust.
If Apple switched gatekeeper on MacOS to completely remove the option and the workarounds to run unsigned apps, it would certainly be more secure. It would also be a huge betrayal of users’ trust in Apple and the MacOS platform.
There's also the strong possibility that at least some of these places won't exist anymore at some time over the lifetime of the computer. Purism is only a few years old, with ~ $1million in revenue/year. It uses its own flavor of Linux, meaning support options are extremely limited. System76's website is itself half-broken, with 500 errors when I attempt to customize a system.
You cannot point to niche operations and claim it to be a viable mass-market option. I'm not saying it isn't possible to get there, I'm saying it doesn't exist today, which means it is not an option for mass-market consumers. If tomorrow a million Apple users said "Enough! LittleSnitch is the straw that breaks the camel's back!" and decided they wanted to shop for a desktop linux system, the market couldn't handle it.
Remember, I'm not saying Linux can't be successful on the desktop, I'm saying that it is not a mass-market option right now for users frustrated with Windows/OS X.
People aren't buying features off a list. In a situation like this a missing feature has to be so important that it completely disqualifies the product, which is a very different thing from a willingness to open the wallet.
It's similar to how you can get a kindle with or without lock screen ads. If the only option was with ads, you'd see more people buying that version because it becomes artificially hard for them to say "I don't want ads". Even though they're willing to pay for the feature.
And for convenience vs. control, well, this firewall bypass doesn't help convenience.
Glad to know stopping shit like that is no longer an option.
This sounds just like your familiarity. I could have used the exact same sentence to describe how I feel using macOS for work after being used to Linux (GNOME) for 8 years.
When you use something for a while you learn to avoid all the bugs and the UX starts to feel natural. Any switch will end up in you running into new bugs and finding the UX odd, no matter if it is to or from macOS, Windows, GNOME, KDE or otherwise.
I would say that I run into 10x more bugs on macOS than GNOME. But that probably isn't because there are 10x more bugs. There is likely a comparable number on GNOME but I have learned to subconsciously avoid most of them.
Only "free" in terms of literal monetary payments to acquire the operating system. But the choice between Apple's stack and other Linux stacks has many trade-offs in terms of time, support, documentation, complexity, transition cost, etc.
From what I could find, the encryption keys of the T2 are still secure but the OS running on it is not. Wiping the SSD and/or repairing another might be enough to resell the device without any locks but I'm not 100% sure about that.
That's not a security thing, really. It's easy enough to layer encryption on a normal SSD. It's their desire to make it some kind of do-everything auxiliary chip, which has the end result of weakening security.
When I was in college, Little Snitch was an absolute must for using Macs in our networking labs, because it was the best way to analyze and control our network. Without it the mac was not a feasible option.
This change by Apple would have essentially eliminated the macs use in several of these experiments, and I suspect that’s true today as well.
Further, this has a regular advanced user impact as well, for users on metered networks who would like to control their data usage.
Use a counter...?
The only thing stopping those trade-offs being changed is people’s willingness to make the changes.
Based on a lot of criticism of MacOS I see here, some of that is because people don’t actually want to change the trade offs.
> ..Using the checkm8 exploit originally made for iPhones, the checkra1n exploit was developed to build a semi-tethered exploit for the T2 security chip, exploiting a flaw. This could be used to e.g. circumvent activation lock, allowing stolen iPhones or macOS devices to be reset and sold on the black market.
> Since sepOS/BootROM is Read-Only Memory for security reasons, interestingly, Apple cannot patch this core vulnerability without a new hardware revision.
Crouching T2, Hidden Danger (2020-10-05) https://ironpeak.be/blog/crouching-t2-hidden-danger/
The mistake is in creating a category called "iOS app" or "mac app" and trying to fit every piece of third party code in the universe into that category.
What there should be is different categories of apps with different levels of trust. Then 95% of apps can go in the totally untrusted category because they don't actually need any special privileges. Which then makes asking for a trusted privilege a red flag rather than something the user clicks through because they see it for every app they install.
> Can you imagine if websites could control your firewall?
Realize that this has already happened. You wanted to block DNS to untrusted servers so everything would have to use your Pi-hole? Say hello to DoH. You could block AOL Instant Messenger by blocking port 5190, good luck doing that with Facebook.
The web made every protocol run over HTTPS to bypass your firewall, even if it has nothing to do with transferring hypertext.
Because that's what happens when you do security wrong. It has to be usable or it gets routed around. People started blocking unknown ports by default, or blocking/mangling protocols both of the endpoints didn't want blocked or mangled, so firewalls got displaced.
You don't actually want that to happen (again). You don't want the only options to be living in a cage or rooting your device with some unaudited 0-day code you got from some Russian hackers. There is value in the existence of the middle ground.
According to the stats, about a year ago, I used to block around ~40% of traffic via DNS. Recently, it's only about ~10% of traffic that gets blocked.
Despite disabling application-level DoH in favor of network-level DoH on every device and app I could, I suspect streaming devices and various Android apps are using DoH at the application-level and are bypassing my DNS entirely.
> free reign with the bandwidth and all of the little background processes can kill my data in a few minutes
New: TripMode 3, made for macOS 11 Big Sur. Easily control your Mac's data usage on slow or expensive networks.
Drastically optimize your Mac’s data usage by automatically blocking unwanted background updates. Keep control with the new live monitor and data usage reports. Reveal domains where your apps send your data to. Now with a redesigned, easier than ever UI.
1. Have functionality only accessible through system frameworks, so that the OS can be responsible for prompting for informed consent and granting it to a process. This means that the system itself has to have functionality to prompt for that informed consent in a way that users can understand.
2. Require processes which an application cannot script that are technically complicated enough that users might realize they are pulling off the warranty-voiding stickers. A prime example would be rebooting into recovery mode to turn off system integrity protections via a terminal command.
Both of these wind up getting gated in priority, but such is the priority of their system - limiting the ability of arbitrary software to act as an unrestricted agent of the user so that user security and privacy (as well as device operation like battery life and radio reception) can be protected.
[ ] Do not trust Apple, trust only me
I am not a "developer" (nor am I particularly "smart") and yet I monitor traffic to/from computers I own. Maybe some incorrect assumptions are being made about so-called "users". I find it perplexing that any company should be able to prevent me from monitoring traffic to/from computers I own. I own the computers, I pay for the bandwidth. I do not buy Apple computers for the Apple software.
There's an availability consideration here, but that's about it.
Or more like "users are literally brain dead and cannot be trusted to change the channels on their TV" coloured glasses. If you only trust your users to watch TV, then get into TVs instead of computers.
We don't fault the maker of a drill when a careless user drills a hole in their hand. We fault the user for being careless. At what point do we start doing the same for computers? The advantage of physical power-tools is that their mechanism of operation is readily apparent, open, understandable, predictable. If Apple really cares about their users, they should start investing in making software open, understandable, predictable. This is a much harder problem, and probably less profitable, than just building another TV, but I'd rather live in that world than this one. I don't need another TV.
macOS exempts Apple apps from rules? Protecting users!
Seriously, it's my machine. I should have top permissions on it, not Apple. If I chose to run an app that intercepts traffic, I want it to intercept _all_ traffic. What's next, making it impossible to hook a debugger to Apple services? Or did they already do that?
As much as I love Mac & iPhone UX, stuff like this will keep me off them and keep me from recommending them to anyone either.
> At the same time, if you were to not be connected to a network, this kind of verification wouldn't do anything.
Oh, they can. Cross-site scripting and request-forgery attacks aren't dead yet thanks to widespread terrible security practices :)
Neither did the PCs of the time, but the difference becomes obvious when you actually try to write an app: PC magazines were filled with BASIC and Asm listings (to be entered with DEBUG), both of which could be immediately used on an IBM PC with DOS, whereas to even start creating --- or for that matter, modifying --- software for the Macintosh was pretty much a non-starter for everyone who didn't want to actually invest plenty of $$$ in it.
Documentation on the system details is barely available (there's Inside Macintosh, but that pales in comparison to the IBM PC Technical Reference series --- the latter including full BIOS source code and schematics, even for the monitor and hard drive), and of course the PC was far more expandable. Apple wanted the whole stack locked down from the beginning.
And with DNS-over-HTTPS, DNS-over-TLS and encrypted SNI, that makes it all the more harder.
This was solved a decade ago by rendering the 2nd+1st level domains (and sometimes other parts of the URL) in a different style.
> There's also arguments that URLs are too complex for normal people to understand.
That argument is an insulting attempt to justify a form of illiteracy[1]. Most people don't need to know all of the technical features of a URL; they just need to be able to use it as an address and recognize basic features like the hostname.
Street addresses are a good analogy. Most people understand the basics easily even though physical addresses are far more complex[2] than URLs!
watch the 2 security briefings that Apple delivered at black hat. i think they are 3 years apart and each touched on different aspects. i might be misremembering and T2 is covered in just one of them.
Sorry WarOnPrivacy, Windows does bypass 3rd-party firewalls and has done so since at least XP onwards (however, I am uncertain if this was the case with Windows 2000).
Microsoft has programmed into Windows dozens of addresses that 'dial home' to Microsoft's servers. As you will be aware, many of these addresses change with the various versions of Windows. Normal program switches can block some of these addresses whilst others are hidden from normal view, but with a little judicious snooping, we can find most of hidden ones and successfully block them with the hosts file.
However, we cannot block all of them, and this has been the case since Windows XP. From my understanding, which I learned from various security experts around 15 or more years ago at the time when the Microsoft 'exploit' was first discovered, Microsoft hard-coded certain dial-home links for the specific purpose of determining which and how many copies of Windows were pirated. (This seemed to have been the consequence of the widespread pirating of certain corporate copies of Windows 2000.)
Whilst the user many have thought he'd secured every talk-home to Microsoft loophole and was safe, nevertheless MS still knew that his O/S was a pirate version. Unlike other activation links that announced an 'illegal copy' status to the user, these links only advised Microsoft of the fact—if you like, there're part of Microsoft's secret surveillance system. Essentially, Microsoft has deliberately sabotaged the DNS client's hosts table lookup functionality by bypassing it with hard coding.
It seems that in recent years, Microsoft has developed this secret system to an even finer art, as these days it gathers much more information other than whether the O/S has been pirated or not.
With having the handle WarOnPrivacy, I gather you're more than just interested in securing your Windows in the usual ways. If I were you, I'd do what I'm doing here and that's to research the details further and then publicize the fact. As will now be obvious, this is not something that Microsoft wants broadcast to the world.
Below are a few links about the matter with a few comments from some of the sites:
https://slashdot.org/story/06/04/16/1351217/Microsoft-Bypass...
https://bugtraq.securityfocus.narkive.com/a2fZWlAb/microsoft...
" Hey, guess what I just found out: Microsoft have deliberately sabotaged their DNS client's hosts table lookup functionality. Normally you can override DNS lookup by specifying a hostname and IP directly in the hosts file, which is searched before any query is issued to your dns server; this technique is often used to block ads, spyware and phone-homes by aliasing the host to be blocked to 127.0.0.1 in your hosts file."
https://www.theregister.com/2015/09/01/microsoft_backports_d...
"All the updates can be removed post-installation – but all ensure the OS reports data to Microsoft even when asked not to, bypassing the hosts file and (hence) third-party privacy tools. This data can include how long you use apps, and which features you use the most, snapshots of memory to investigate crashes, and so on."
It's sure one of those nice to have features, but there's no good reason why it has to be mandatory like it is. All in all, having a device purposefully retain some information when you factory reset it is user-hostile.
The "lost or stolen" argument also hardly holds for desktop computers like Mac Pro or Mac Mini or iMac, yet they still have T2s in them.
It is too bad - the Mac hit this sweet-spot where it was pretty much my perfect machine for several years - a kickass Unix workstation in a decently built laptop, with a decent GUI, with access to consumer apps, too. It was great while it lasted.
Thing is, this is a reasonable thing for Apple to do. Back when they weren't enormous, it made sense for them to at least make token gestures to the Unix-weenie/developer market - we threw a lot of money at them and made them hip when they were down and out. Now we're in rounding-error territory, and that we got what we wanted for a while was sort of a happy accident, anyway. Building developer dream-machines was never Apple's thing.
I bought my first Mac in 1991, and this one will last a while longer. Can't really complain too much about 30 years of decent-to-awesome tools.
Sometimes when my MBP goes to sleep it loses wifi connection and VPN disconnects. When it wakes up, Tunnelblick asks for password, but it doesn't restore routes (I guess?). Basically no internet until I either enter password or click disconnect. At that moment I'm typing in my OS password and pressing Enter.
What then happens is that it waits for ≈30 seconds and then logs me in, as if it made a network request and waited until it timed out.
Could it be related to the issue you're describing?
This may be a good time to remind folks of my blog post where I explain how Catalina phones home when you run unsigned executables, including shell scripts! In the article I mentioned that you can prevent this with Little Snitch. But that was the LS kext. Is it even possible anymore? https://lapcatsoftware.com/articles/catalina-executables.htm...
Let me just quote one comment from the HN discussion of that article: https://news.ycombinator.com/item?id=23278253 "Making this about speed is burying the lede. From a privacy and user-freedom perspective, it's horrifying. Don't think so? Apple now theoretically has a centralized database of every Mac user who's ever used youtube-dl. Or Tor. Or TrueCrypt."
It's all too easy to dismiss the privacy violations that we're not aware of. Out of sight, out of mind.
that completely breaks any network filtering and is not acceptable.
I would disagree with that statement. The user bought an Apple computer so they clearly trust Apple already. If anything, the new frameworks make the system more secure which strengthens that trust for users. The only people really affected by this change are users who want granular control over everything whether it comes from Apple or not.
You shouldn’t have to carry around another box to keep your computer or phone from spying on you.
Why would the most successful company in history—a success gained in no small part through protecting users, selling hardware and services instead of their data, and promoting and enhancing privacy as a first-class feature—do that sort of thing? What possible benefit could such a centralized database serve? How's that gonna make them more money?
Seriously though, Tim Cook has been absolutely trashing Apple's hard won reputation by relentlessly pushing (via push notifications no less) TV shows and other garbage "subscriptions" on computer buyers. It's not what I signed up for when I became a Mac user many years ago.
No.[1] That's what people need to start understanding.
Even if you decide to trust that someone will attempt to act in your best interests (you really shouldn't, see Google's extinct "do no evil" mantra), you can't trust anyone to do so perfectly.
All this aspirational goodwill that fans express on behalf of their favorite FAANGMUULA is the tech equivalent of flat earthing. The facts are simple: no software is perfect, you can't trust any software.
Security as an industry is generally all about protecting the interests of corporations and governments. Just look at how they react when normal people use subversive technology like encryption. The people in power simply cannot tolerate anything they have no control over.
No, they really don’t. Unsigned software is a little onerous, but signed software can come from outside the Mac App Store.
So no, I don't trust OS providers. I tolerate them and defend myself against them.
It's a touch of hubris to think that we are and will continue to be taste makers, certainly. Maybe Apple won't get burned by alienating this crowd. But it seems a risky strategy for dubious return.
Are these apps using some kind of special API? (If yes, what's to stop other people's apps using that API?)
Is it because they are signed with some kind of special entitlement?
Is it due to some combination of both? (Maybe you have to use some magic API, but you need to be signed with some magic entitlement to be allowed to use it?)
OK here's another, very related: the ability to have apps remember their open files when you quit and re-open them.
These are significant productivity boosters, and I will miss them. It's definitely a trade-off, but now Apple has tipped the scales too much in favour of Linux...for me.
I have also seen many android devices bricked by the same anti theft protections.
We buy things from companies we don't implicitly trust all the time, because we can isolate and verify those things.
I don't always trust the supermarket to sell me non-moldy produce, but I can look at the produce and see whether it's moldy.
I don't trust oil companies not to destroy the environment, but if they sell me bad fuel it will be very clear.
I don't trust OS makers, but I can run firewalls and network sniffers to verify that the OS is behaving reasonably, and isolate it when it isn't. Until I can't.
Technical doesn't mean "unnecessarily complicated", it means "rich, expressive and built for users that are willing to spend some time to learn" (at least it should)
I used to put commas before, however some grammar checking tools like grammarly marked them as wrong, and I changed my ways.
Comma rules are complex in both in my native language and English and a good, definitive guide would be really helpful.
Thanks for your comment again.
If pinning is used then you can't interfere by interposing a middlebox, the connection would just fail. I guess it's possible Apple would find corporate pushback is too strong, but maybe not.
Don't use things you don't trust. If you trust Apple's proprietary software at least you are getting exactly what you signed up for. Apple gets to do whatever they want, which you apparently trust them to do. Will they accidentally let in bad guys? Maybe. You signed up for that too.
Aha so this is why I need to put my MacBook back to sleep after waking on a spotty WiFi connection or when it was previously connected to vpn which timed out during sleep!
Adding exceptions means adding more points of failure, more complexities in code, more opportunities for attackers to bypass restrictions placed on them but not on OS services. Not only that, but you get the upside of having a unified model for Apple and your app developers "for free"–the latter which is of critical importance to Apple in particular, since they have had years of trouble in this area.
For example changing from a low-resolution (non-hidpi) screen to a hidpi one doesn't work that great. You want to watch netflix or prime video in FHD? Not going to happen (although, admittedly, that's not linux's fault but a DRM-related decision).
I've noticed that, as usual, all this is highly dependent on what one does with the computer. If it's a laptop often used with a high resolution external screen and for on-line media consumption, the experience can be less than ideal. If it's a working computer used in fixed conditions, the experience can be outright great. My "work" computer is a desktop linux with a UHD screen and I absolutely love working on it. But for random hanging around on the internet, watching a movie or whatever, I'll grab my macbook.
Wouldn't say I'm that smart. Wouldn't call myself a developer either. But I'm still kind of dismayed. I used to love macOS (or OS X to be precise), but the clock has been ticking for years now. Near every decision made about macOS future goes in the wrong direction (for me). Right now I'm looking at Manjaro. But still, I need the Adobe CC suite to get my work done, so I will have to use two machines. I hate running two computers. But that's probably where I'll end up.
“The market will price this out” doesn’t actually work because it assumes that 1. Apple’s product strategy is done to match market desires perfectly and 2. The decision to buy is solely predicated on this particular thing. The first is false because nobody can do that and the second is because people buy Apple products for other reasons than just that. I personally know many people (although this sample is of course unbiased) that buy Apple devices for a number of reasons (they work well, they look nice, they have good support) but hate that they can’t do thing on them. But their purchase decision doesn’t reflect their opinions on this particular issue.
It was painful at first, but it's worth it. The only things I still miss are the visual feedback in the UI (lots of little stuff) and the feel of the trackpad.
But the customizability has more than made up for that in productivity. Like being able to edit the source code for the window manager.
The difference between PureOS and Debian is practically non-existent.
> System76's website is itself half-broken, with 500 errors
OK, it proves that the company is about to die. We of course never see those errors on big websites /s
>If tomorrow a million Apple users said "Enough! LittleSnitch is the straw that breaks the camel's back!" and decided they wanted to shop for a desktop linux system, the market couldn't handle it.
Although it is true, the good news is that such thing just cannot happen. This is not how the market changes. The change is always smooth enough that the companies can adjust. And I am sure Purism and System76 are able to given reasonable time.
> I'm saying that it is not a mass-market option right now for users frustrated with Windows/OS X.
Many (most?) frustrated users on MacOS are those who can use the options I listed. If they understand the problems like the one in the title, they definitely can order a laptop online. Probably also true with Windows. Such changes typically start with geeks anyway (AFAIK geeks switched to MacOS first).
> You cannot point to niche operations and claim it to be a viable mass-market option.
I did not claim that. I suggest that those complaining about users restrictions should go to Linux. Typical users do not complain about such things.
> I didn't say you can't buy Linux pre-installed, I said you can't go into a big-box store like Best Buy to do so, and that there's no significant consumer support infrastructure.
Now you have a point and I actually do not really understand, why I cannot just enter a big shop and ask for a Linux laptop. I actually tried to ask tens of times and they always say there are no. Sounds like a conspiracy by the big labels to me.
When you rent space in a building, do you get access to every single apartment/office space in the building? No. You get access to specifically what you rented and the front door. The maintenance people for the building will have access to the front door and other maintenance areas, but won't have access to your space. We can clearly conceptualize models like that. We even have something like this on phones.
However, making it impossible to route the traffic of the system apps through a VPN of my choice (whatever the reason), is just broken functionality.
Apple doesn’t get script contents, it only gets a hash. Of course, if Apple really wanted, they could maintain a DB of hashed contents of every possible version of youtube-dl script, and do their best to match it up with what users execute. However, even that far-fetched scenario falls apart the moment you wrap youtube-dl invocation in a convenience script—as only the hashed content of the script you invoke is submitted for notarization check, not every binary or script further launched by it.
However Apple does unlock them if you can prove ownership. You need an invoice with serial number. It's a lot of hassle but it works. The reason for that box is that we didn't get serial numbers on the invoices for a long time :(
It's another one of those things that are supposedly for the benefit of the consumer but also really supports the company's bottom line by having to buy a new product. I'm always a bit dubious of their motives. I do see the benefit of such features. But they should have some kind of workaround for unlocking it. Such as a card with a QR code that you get with the phone and keep on file or something. Because theft isn't the only way you can get locked out. And since the fappening Apple is really difficult with resetting passwords, in some cases people just can't make it happen.
Android is even tougher but our local carrier can send them for repair to unblock them. Also, Samsung KME overrides the lock, which makes sense because it proves the device is company owned. I wish Apple DEP could do this too.
We shouldn't need to tell a story about how it would be difficult for Apple to exploit data they have about us, because they simply shouldn't have this data about us.
The whole "We can trust Apple with our data" line starts with a flawed assumption: that Apple should be allowed to collect data from us. False. And it's important to note that none of this data collection was ever explained or even disclosed to users. We had to discover it by reverse engineering. Extremely shady practice by Apple. It doesn't matter if the "intentions" were good. Secretly collecting data is never acceptable.
And let's never forget, Apple has been actively collaborating with authoritarian governments to shut down pro-democracy activism. That's not just a theoretical possibility, it actually happened.
The very possibility of Macs phoning home for every shell script would have been considered a crazy conspiracy until we discovered that's it's actually a real thing. So it's a bit ironic to suggest that Apple's exploiting this data is just a crazy conspiracy theory.
- Chrome adds a Firewall rule on installation that grants it access to all networks, bypassing kill switch configurations.
- Microsoft has an "Allow app through Firewall" [1] dialog that manages all of the rules for its apps and services along with some third-party apps. These rules again tend to allow everything, and at least on earlier builds from like 2018 they would reset to allow everything on _every_ update.
This was such a pain to deal with.
[1] https://az767233.vo.msecnd.net/images/Security/win8_winfirew...
They can, of course, remove that option a number of ways: closed source kernel, disable the disablement of boot security (such as on iOS), et c.
It was also compounded by the VPN setting I use to disable all traffic until it successfully reconnects. Meaning whether my computer works or not is dependent on my VPN providers reliability.
Now that I know Apple thinks I need an internet connection to wake up my laptop securely I'm quite pissed by this. Brand new $4k laptop is a paperweight if my VPN can't connect.
I truly don't think it would get to that point though. And even if it does, that day could be years away. We're talking about maintaining an existing product, not starting a new one from scratch.
IMO, the more pertinent question is whether it's worth asking customers to disable SIP. Up until now, commercial Mac software—even software targeting advanced users—has seemingly wanted to avoid that at all costs, whether it's Flavours discontinuing their theming software or nVidia discontinuing their web drivers†.
---
† Note that I'm continually suspicious we don't have the whole story here, but the commonly-cited narrative is that Apple won't sign nVidia's drivers.
https://apple.stackexchange.com/questions/375519/how-to-dele...
I actually think the way Apple implemented this downright brilliant. As you say, it can't be done automatically, and it's definitely made to be a bit intimidating. At the same time, it's not difficult or onerous, that's a pretty hard balance to strike.
By contrast, when I try to install unsigned drivers in Windows, I feel as though Microsoft is fighting me, and I get annoyed basically every time. I've never had that feeling with SIP; when I get a new computer, I take off the training wheels I don't need, and move along.
I wonder why any time I see these claims, they’re never accompanied by anything resembling reliable evidence.
> The whole "We can trust Apple with our data" line starts with a flawed assumption: that Apple should be allowed to collect data from us.
Apple is free to do that, as a private entity in a free market; you on the other hand are free to vote with your wallet and your time by buying their devices and developing for their ecosystem (or not).
You’re entitled to not believe that the end goal (security) is not justified or achieved by the means (notarization, Gatekeeper, etc.), but somehow you are not making that argument.
Because the stories have been on all the news sites, it's common knowledge, and thus it would be superfluous to submit detailed documentation every time it's mentioned? I can't help it if you're not informed about politics and tech.
> you on the other hand are free to vote with your wallet and your time by buying their devices and developing for their ecosystem (or not).
People always say stuff like that, but do they really mean it? It feels like just empty rhetoric to shut down criticism of Apple, not an actual suggestion. I've been a professional Mac developer for over a dozen years, my software has been enjoyed by countless people, and I've also provided many tech insights enjoyed by many people, including this one under discussion, as well as the Google Chrome bug story that's been going around — that's me too! Are you seriously saying I should pack my bags and leave the Apple ecosystem forever and no longer write software for the Mac or write blog posts about it? Is that what you really want? Is that what people in general want, for me to leave the Mac? Don't say it unless you mean it, and are willing to drive away longtime Mac users and/or developers like me.
I hope you'll enjoy your "curated" criticism-less ecosystem with no actual developers who care about the Mac.
Yeah, that's why it's running an infinite loop heh
> It'll be simpler to disable the launchDaemons
Simpler that just nuking them with kill -9? No way. Better in literally every other way? Absolutely
> or this'll be a huge resource hog
That's a fair suggestion, but I'm seeing 0.0 CPU and MEM consumption, so I'm not too concerned
no of course not. it's a pointless thing to say, equivalent to "if you don't like the laws in America, move somewhere else." Easier said than done, for starters.
But also, if developers and power users aren't allowed to criticize or give feedback than who is? Apple needs us more than we need it, so of course you should have a voice
I was looking forward to new Apple devices, but feel uncertain about the "trust Apple but no one else" approach.
Concerns:
1) Apple devices have been configurable to be respectful if not invisible in corporate or client windows networks.
You could use a Mac with a firewall in windows environments without being worried about setting off something on the network for unusual traffic. Especially for environments that don't support some but don't stop it either.
2) Corporate Windows networks can control the monitoring of telemetry and metadata to a higher degree than Apple now seems to. It could be a new gap in Apple when compared to others.
If the above are true, it's not clear if Apple sees few Mac users in any corporate environment as an opportunity to grow, it's only accelerating the consideration of other operating systems.
Apple also appears to be signaling that devices do not belong to the customer. The idea of we will protect your data, but trust your data to our policies, which we can change seems confusing. I'm considering the new iPhone for security, but this workaround seems like an affront to it.
There's an entire guide provided by BMD that tells you exactly what products are compatible with your OS and particular computer. It even comes as included documentation with the installer. You know, those PDFs in the folder with the install app that nobody looks at? After Apple's nixing Nvidia from their platform, you're limited to AMD GPUs for Mac. For PC, have more options. For Linux, you can go absolutely nuts with the amount of GPU since you can utilize some of the GPU appliances rather than PCIe boards.
It's not just that tech people are customers, it's that ten other customers will look at what the tech people are carrying and assume they're the ones to know what's good.
And developers write code for the platform they actually use first. And spend time fixing the problems with that platform that are keeping other people from using it. Then more non-developers switch to it because it's improving.
https://www.omgubuntu.co.uk/gnome-sushi-mac-quick-for-ubuntu
I heard it would take weeks and even had a backup laptop ready, so it surprised me when it came <2 days later. It was my original laptop too (had all my data and the same dent).
Oh well, the new models don't have this issue anymore. What a fuck up.
Wayland's trackpad support is excellent, I can switch from my mac for work to my personal machine without noticing.
Multi monitor support is MILES (I literally cannot emphasize how much better it is) better. Different scaling ratios for different monitors, much better automatic detection and configuration.
There are two remaining problems in my opinion
- Screen sharing is still rather hit or miss. Pipewire is functional for me on latest versions of chromium, but does not work for some electron apps that package older versions (Slack, in this case).
- X-Wayland applications still make you feel the hurt from Xorg. Most times I don't care, but the default builds of chromium and chrome both rely on X-Wayland. There are AUR builds of chromium that have moved to Ozone and have native Wayland support, though (https://aur.archlinux.org/packages/chromium-ozone/)
----
Long story short, Wayland is why my personal machine no longer has windows on it. It's genuinely much better, and I don't spend any time at all dicking around with xorg config files (literally not once have I touched a config file related to monitors or user input devices on my current linux box in the last year. It feels very nice.)
Please feel free to post info about actual firewalls, info that isn't about DNS/Hosts.
Objective (sic) proof that Objective Development is lying would certainly be a big deal, and a very good reason not to trust Little Snitch.
Not only is it an application firewall, but also gives you DNS filtering (ie. Pi-Hole basics) and DNS-over-TLS.
If you check it out, we'd love to hear some feedback! (Full UI revamp incoming)
Those are the claims, yet every time I dig deeper I see how from “actively collaborating with authoritarian governments to shut down pro-democracy activism” they are reduced to “complying with local laws” within a single brief conversation.
Sure, in some countries the latter is a superset of the former. In such countries, violation of ethical norms could be required in some situations to comply with local law. However, it doesn’t mean that any instance of the latter always requires the former, nor that Apple had ever faced this choice, nor that if put in this situation Apple would agree to actually do the former as opposed to exiting the market (which, exiting, I suspect is a scenario CCP would very much prefer to avoid).
I will roughly delineate the difference based on two concrete example situations:
1) Complying with the requirement to store encryption keys for Chinese user data on Chinese servers = complying with local laws.
2) Providing personally identifiable information about individual Apple users at request of CCP, or helping CCP representatives hack into Apple devices = collaborating to shut down activism.
If you have any evidence of anything along the lines of (2), I’m all ears (as I’m sure is any tech journalist worth their salt).
> Are you seriously saying I should pack my bags and leave the Apple ecosystem forever and no longer write software for the Mac or write blog posts about it?
I’ll level with you here. I’m not a professional Apple developer making a living from selling my software to end-users, but I dabble, and I am very deep in Apple’s hardware and software, preferring them to any other alternative in the market. It would be an extreme lifestyle change, but if I had reasons to believe that Apple had indeed collaborated with CCP to shut down activism, due to my personal views I would have to exit Apple’s ecosystem and start hacking on a PinePhone or something.
That said, if a country like China doesn’t want its citizens’ data encryption keys to live on servers in a country like the USA, I don’t believe that’s outrageous; if you’re an activist, you’ll be aware of that and make arrangements. There’s a line, but this does not cross that line as far as I’m concerned.
Presumably Apple apps that bypass the network filter are making use of these flags already, to avoid unnecessary network traffic.
2. The 'dial-home' mentioned bypasses Windows's firewall.
3. External monitoring has shown that it does bypass firewalls (however, I cannot say whether that's all of them). So does security software such as LoJack (but that's somewhat unusual).
4. This includes ones with kernel drivers.
5. As the code is written to be invisible to other processes, firewall writers would either have to reverse engineer MS's code to stop it or know certain proprietary details about it. I doubt if any legit/reputable developer would risk using info gained from RE (certainty not to stop it functioning as MS intended). Nevertheless, some MS parteners know about it for obvious reasons.
6. From various news reports several weeks ago, it seems that XP's source code has leaked. That means if you are keen enough you can find the 'offending' code and verify the matter for yourself one way or the other (at least as far as XP goes). If you don't, then sooner or later l'm sure others will do so.
If I and others who share this understanding are way off beam, which I doubt having seen evidence, then please let us all know about it in a HN post.
Even if you believe all the MPs / representatives are trustworthy and intend to act in your best interests, their competence is going to be limited, so we need to checks and balances and a limit on their power.
I blame Apple though for their terrible software.
