[twir]

Add "System Integrity Protection" to the list of reasons why my next laptop won't be a Mac. Although based on a free operating system, Mac OS is gradually taking away users' control over their own devices. Either the user controls the software, or the software controls the user.

[acdha]

Just as with SELinux or AppArmor, you can ignore it if you think your normal practices keep you safe. That's probably mistaken but it's fully under your control:

https://developer.apple.com/library/content/documentation/Se...

[twir]

I don't mind those features in and of themselves, and I see their value; it's Apple's paternalistic attitude that bothers me. I've used Macs for my entire life and always felt I still had a semblance of control over the hardware and software that I bought, but that feeling of control is going away.

[acdha]

How is a feature you can turn off paternalistic? I’d think that argument is much stronger about iOS.

[twir]

Yes, iOS is a better example. I'm not a big fan of closed platforms in general. I like to be able to decide which software I run on my device, so my most recent laptop and phone purchases have been GNU/Linux devices.

I understand and appreciate the security advantage that comes with protecting users from themselves, but at least SELinux and related software still give users the rope needed to hang themselves if they're into that sort of thing.

[jsjohnst]

> but at least SELinux and related software still give users the rope needed to hang themselves if they're into that sort of thing.

How’s that not possible on macOS too?

[pfranz]

Just one antidotal data point, but I haven't had to think about SIP and I updated my OS soon after it was released (I did wait a few months for any issues to surface). The only near-concern I remember was the directory Homebrew used, which either was a non-issue or was addressed over the course of updates. I didn't do anything. I feel like through the course of work I would have hit corner-cases caused by SIP or other macOS "protections."

Out of all the protections added over the years, I only really regularly encounter GateKeeper. I don't generally mind because I know what it is. I don't feel like I'm limited by these things, they feel more like running as non-root user and having to run "sudo" when needed. It makes sure anything silly I might do is done intentionally.

I've had way more issues with SELinux than anything Apple has added to their OS.