[floatingatoll]

I pay extra money for Apple computers is specifically due to these security controls.

I spent decades building and running my own computers and I’m not interested in doing so anymore. I own the device that I buy, I knew how to turn off these controls and didn’t bother during the outage, and I generally refuse to do so. In return, I don’t have to deal with all the weaknesses of the liberated computing approach that you frame as the only optimal outcome.

Apple’s restrictions liberate me from having to spend time on fully-liberated computing. I’m glad liberated computing exists, but the idealistic view that all computing should be that way is harmful to my life’s priorities.

[_qulr]

> Apple’s restrictions liberate me from having to spend time on fully-liberated computing.

This seems to conflate restrictions with defaults.

It's reasonable for Apple to configure Macs to be safe "out of the box". But it's not clear why it helps you to prevent other Mac users from changing the defaults.

[zepto]

If you are someone who wants and understands how to use a machine with disabled security features, it obviously doesn’t help to have the defaults be unchangable.

For everyone else, it is a very important safeguard against social engineering attacks.

[floatingatoll]

You’re right, “Apple’s out-of-the-box restrictions” is a better phrasing.

I don’t understand your final sentence about “prevent”, and it doesn’t seem to be connected to anything I said. I apologize but as a result I can’t consider or reply to it as stated.

[alpaca128]

How would that be better than all the freedom but with good default settings? You're not forced to tinker with all controls, and if you don't agree with a default you can actually do something about it instead of saying "well, that multi-billion dollar company probably knows better what I need".

[floatingatoll]

What settings are you unable to tinker with in macOS Big Sur?

Are we discussing generic theoreticals or are there actually specific settings you think you don’t have the freedom to modify?

I haven’t seen anyone say “I can’t modify this setting on Big Sur” and have that inability remain unsolved for more than an hour, yet there’s a huge ruckus about lost freedoms, so I’d love to understand where the rubber meets the road here.

[alpaca128]

How about this whole thread's topic? Can you just turn off OCSP so the Mac doesn't ask Apple servers before running any executable? And I don't mean turning off wifi.

[floatingatoll]

Sure, add it to /etc/hosts, ds flush, done. Everyone knew that half an hour into the event, thanks to lap’s tweet, and some knew it years prior to the outage, too.

Or if the loss of Mac App Store access that results bothers you, write a simple http filter proxy that only rejects gatekeeper OCSP and place it into your Network preferences Proxy section.

macOS won’t stop you. This is all basic decades-old Linux admin knowledge, and the only Mac-specific command is know how to flush the DNS resolver cache without rebooting. I am not yet persuaded of your argument.

What other specific instances do you know of where you think macOS won’t let you do something to your own device?