Hacker News new | ask | show | jobs
by mrkwse 1518 days ago
It's a strange shift and one I've fallen into the trap of. Discord requires kernel extensions for screen sharing and requires the reduced security toggle as a result. I've gladly used screen sharing in the past with presumably the same mechanisms, and not thought twice about it.

Yet for some reason I'm hesitant to reduce the security of my main personal machine, even if that 'reduction' results in a consistent level of security with my old 2015 x64 MacBook. The reality is that I probably need to go and determine if there are a greater volume of more prevalent kernel level exploits to figure out what the factor of risk really is - it may be that these features are exploited more regularly and to greater effect than they were in 2015.
2 comments
saagarjha 1518 days ago
> Discord requires kernel extensions for screen sharing and requires the reduced security toggle as a result.

Are you sure? There are several userspace APIs to do this so a kext would be very concerning and, quite frankly, inappropriate for this usecase.

link
Y-bar 1518 days ago
It's an Electron limitation (because of course it is):

> [...] does not work on macOS for audio capture due to a fundamental limitation whereby apps that want to access the system's audio require a signed kernel extension. Chromium, and by extension Electron, does not provide this.

https://www.electronjs.org/docs/latest/api/desktop-capturer#...

link
moron4hire 1518 days ago
How does Chrome on its own do it?
link
d3nj4l 1518 days ago
Discord only requires this for sharing audio along with screen sharing - I've shared my screen with the Discord app several times before without audio and I've never installed the kext.

And, at any rate, the kext they want you to install is the same one Rogue Amoeba uses for their well known and widely used app, Audio Hijack. Discord licenses it from them; they mention it in the dialogue that prompts you to install it.

link
nottorp 1518 days ago
This is another topic: "why you should learn to do a native app" :)
link
nottorp 1518 days ago
> it may be that these features are exploited more regularly and to greater effect than they were in 2015.

It's not like you allow any kernel extension to run, do you? You still have to approve each of them manually.

Atm I have two usb-serial adapters with different chipsets hanging off the x86 mac mini plus an Arduino that comes with its own usb serial. Is that possible on arm macs?

link