[ryannielsen]

> Apple can [sic] starts using the new Trusted Computing[4] features on new CPUs (such as SGX[5]), good luck regaining control.

It seems the apocalypse came to pass a while back, with the Secure Enclave in Apple's A7 processors.

> Of course, they know how to disable the restrictions or install a jailbreak, so these problems don't apply to the technological priesthood - it's normal people that have to live with the restrictions.

Here's the funny thing: normal people benefit from those restrictions. Without them, their devices – the ones you insist they should own – would quickly become someone else's: the attacker's. It would be awesome if people started thinking about long-term consequences.

Honest question: do you hate root? Should all processes run with equal privileges? Does the kernel have an evil and undesired permissions level?

[pdkl95]

> Honest question: do you hate root? Should all processes run with equal privileges?

Of course not. Stop making up straw-man arguments.

> Without them, their devices – the ones you insist they should own – would quickly become someone else's: the attacker's

So users cannot run any program they download? Or are you claiming that programs that run as a user - with no intention of touching system files - cannot harm that same user? Many past exploits and trojans run entirely as the user.

SIP may protect the OS, but it will do very little to protect the user. Unfortunately, while this should be obvious, scaring people into giving up their freedom works, even when the "solution" doesn't actually do much (or anything) to prevent the supposed threat.

[userbinator]

do you hate root? Should all processes run with equal privileges? Does the kernel have an evil and undesired permissions level?

The key difference here is that root is well known to be the all-powerful user, the one that really owns the system, while SIP is Apple's attempt at removing the power that root should have.

[chc]

Given that Apple could have actually taken away root's power if they wanted to, it seems kind of inaccurate to call this an attempt to do so. They have given the user the option to have root on or off with a default of "off." They didn't attempt to disable root and fail.

I understand your concerns about taking away user power, but this doesn't seem to be that. The user still has the power to do the same things, they just have to decide that they want it. You could just as well say that not making the system files world-writable takes away the user's power, but in fact it's just locked behind a door that the user has the power to open.

[justincormack]

Linux can run rootless, in capabilities only mode. Linux has destroyed your ownership of your computer too.