[IshKebab]

Thanks for confirming the nightmare.

[steve_adams_86]

I mean, you can download source if you want to run it. It isn’t a complete nightmare yet. I think we’re still in a grey area. This will help some people still, though it’ll definitely hinder others (myself included).

Once you need to be in the apple developer program to build and run from source or something, that’ll be a legitimate nightmare. But we’re nowhere near that yet.

[ryandrake]

> Once you need to be in the apple developer program to build and run from source or something, that’ll be a legitimate nightmare. But we’re nowhere near that yet.

When Quarantine was released in Leopard, and Gatekeeper in Lion, and System Integrity Protection in El Capitan, and then "Allow from Anywhere" was removed as an option in Sierra... Each time, people were saying similar things. "Yea, it's bad, and it's getting consistently worse with every release, but surely we are nowhere near 'really bad' yet!"

[adastra22]

To me these are clear security improvements; things are not getting worse. And there is absolutely no reason to think they'll be dropping support for endusers running their own compiled software.

[int_19h]

The obvious end point would be the same as iOS, which is to say - you can run it to your heart's content, provided that you shell out for a dev certificate.

[adastra22]

That is not at all obvious.

[int_19h]

The fact that macOS is increasingly becoming iOS-like in both UX and approach to security is not obvious? It's pretty obvious to me from the past few macOS releases.

[IshKebab]

It's very obvious if you're paying attention.

What is the security benefit of removing the command-click shortcut?

[skrrtww]

> Once you need to be in the apple developer program to build and run from source or something, that’ll be a legitimate nightmare. But we’re nowhere near that yet.

This is the case for building and running things with restricted entitlements and system extensions.

Unless you disable system integrity protection entirely, which locks you out of your purchased App Store software, DRM content, etc.

[dur-randir]

>which locks you out of your purchased App Store software, DRM content

Also false. But Apple's glad you believe in that.

[NotPractical]

It does lock you out of iOS apps, Apple Pay, and 4K streaming of DRM content [1]. But that's not so bad I suppose.

[1] https://github.com/cormiertyshawn895/RecordingIndicatorUtili...

[skrrtww]

I was mistaken; I was conflating Permissive Security with SIP. Permissive Security does have those limitations.

[adastra22]

You can no longer disable system integrity protection.

[pcwalton]

You can [1].

[1]: https://www.reddit.com/r/hackintosh/comments/1fh5wez/cant_di...

[NotPractical]

Source?

[adastra22]

The release notes for Sequoia.

[sbuk]

Nope. Not the enterprise release notes or the security content notes either.

[adastra22]

Care to explain the nightmare to someone who seriously doesn't get it?

I can run any open-source software I want. Other people can't run my precompiled binaries unless I opt into an attestation system that lets the OS respond to and pre-emptively block binaries from developers found to be issuing malware. Open source is unaffected.

I seriously fail to see what is wrong here.

[int_19h]

That would kill a lot of old software, though. Especially games.

[adastra22]

I challenge you to find old software that still runs on modern Macs which was never code signed. Note that support for 32-bit applications has been retired, and x86 applications will eventually be sunsetted as well. This isn't Windows.

[int_19h]

Indeed, the current state of affairs on the Mac is the consequence of Apple repeatedly making this kind of choice. That doesn't make it any less frustrating when things that worked before, stop working after.