Hacker News new | ask | show | jobs
by hvocode 1812 days ago
Exactly. These are restrictions that have been viewed as favorable for security purposes for decades. It’s nice to see a mainstream OS actually implementing them.

The resistance to them seems to be largely due to lazy developers: it would be EASIER if the system let a developer do whatever they want with a “trust me, I’m smart” justification. But we can’t design for the occasional safe and smart developer: we need to design for the sloppy ones and the malicious ones. The smart and safe ones can find a way to work within the constraints. As for lazy and sloppy ones who can’t adapt to the constraints - adapt.
2 comments
TheOtherHobbes 1812 days ago
It would be more sensible to assume that "trust me, I'm smart" developers will eventually work out what they need to do - possibly after the third or fourth time they lose all their work to ransomware, but more realistically, by following the inevitable online tutorials which will appear.

OS security is generally a shit show anyway. I don't think it's bad to lock down the OS for most users, but it should still be possible for expert users to get expert access.

If there are security consequences, they should be trusted to learn how to deal with them.

Most will - and the rest will have bad experiences.

link
danaris 1811 days ago
> OS security is generally a shit show anyway. I don't think it's bad to lock down the OS for most users, but it should still be possible for expert users to get expert access.

Last I checked, it still is—IIRC, you have to run some specific commands in Recovery Mode to disable the protections, but for "trust me, I'm smart" developers, that shouldn't be a problem.

Personally, I haven't seen any particular need to do that. I can count the number of times I've been blocked by SIP from doing things I wanted to do on one hand, and none of them were critical.

link
indymike 1811 days ago
Usually its not about smart. Its about fixing something that is broken in the OS and SIP is blocking fixing it. A missing monitor geometry. Or an incompatibility in a default cone in. Getting rid of unwanted built in apps like News.app.
link