[righthand]

A user has to use the CLI to turn off the Apple DRM to install software on an Apple laptop. The CLI is often cited as the reason people won't try Linux. This makes the entire user experience on those machines a restricted use case.

[einsteinx2]

My daily driver for the past 20 years or so has been a Mac, doing everything from software development to music production to general computer use.

I’ve never had to use the CLI to turn off Apple DRM to install software. I use the Homebrew package manager to install all types of command line and GUI software and I download and install all manner of software outside the App Store regularly.

The only times I’ve had to do anything is if the app isn’t signed which is rare to come across, and even then it is a couple clicks in the macOS GUI to allow installation (I’ll grant you the fact they’ve made it more cumbersome in the past years by requiring you to go into the settings panel and click a button there, but it never outright prevents installation and never requires CLI use).

I really have to question if you’ve actually used a Mac or if you’re just repeating something you’ve heard because it doesn’t match my daily experience at all nor that of any Mac user I know (all my coworkers for example).

[sillysaurusx]

I think they're referring to disabling system integrity protection, which I've admittedly had to do for some specialized use cases that I can't remember.

[harambae]

SIP is similar to an enhanced secure boot. It's not (at least not primarily) for DRM.

He might be talking about a Gatekeeper override which is available by digging into the system settings? This allows you to run insecure resigned software (like pirated software is a common use case, honestly). But you only have to do this once, it isn't some constant headache.

I'm not sure what exactly he's referencing, actually. But it can almost all be disabled on macOS (the same is not true of iOS).

[tristor]

I've been using a Mac since 2012 for all manner of work and personal use cases. I haven't needed to disable SIP to do anything in quite a long time. I used to need to do this to install kernel extensions for audio, but this is no longer required for systems that support AudioKit.

Basically, I don't see any impediments to doing anything I need to do with SIP enabled at this point. I'm not sure what GP thinks the impediment is.

[righthand]

Regardless you still had to do it. Anyone that doesn’t do it is in a restricted use case for the machine. That’s my point which I made clear in my original comment. Disabling it allows you to use the machine outside of restriction. Fancy that!

[tristor]

I only had to do it years ago. I have a new M5 Max MBP and it has never had SIP disabled, neither did my M1 Max MBP I replaced. That's at least 4-5 years where it's been unnecessary. Never needed it on Apple Silicon devices, although I don't think the SoC arch is related to why.

[prepend]

I’ve had to disable it a few times but for niche stuff. I like to run LittleSnitch and monitor all outgoing network connections.

[sereko]

I’ve used macOS for over a decade and can count on one hand how many times I’ve had to use the CLI to disable DRM. Zero times in the past 5 years.

[righthand]

You never had to disable SIP and Gatekeeper? Then you’re using a restricted machine.

[dagmx]

Could you explain what CLI you think needs to be used to install software on a Mac?

[righthand]

`sudo spctl —-master-disable`

`csrutil disable`

[dagmx]

What do you think that does with regards to DRM? And do you really think most people are running that to use their Mac?

[righthand]

Yes I think enough people run it. To install unsigned code such as macports or homebrew or little snitch or other software:

https://developer.apple.com/forums/thread/670610

I like how Apple related conversations, I can’t make a point about how restrictive the OS has become and how most users are probably using restricted devices without apologists telling me “not enough people need to disable that stuff so it doesn’t count”. I’m sure you will brag about the merits of Apple’s locked down security of the App store, that’s not a restriction right? It’s just “security”.

Wherever you pundits want to move the goal post I guess.

[dagmx]

Nobody is moving the goalposts. You just poorly choose words.

I don’t think you actually understand the problem space of what you’re describing or you wouldn’t call it DRM.

And as such I don’t think you actually have a grasp of what is affected. But you’ve deles that everyone who doesn’t think it’s the same level of issue as you is somehow beneath your intellect based on your other comments.

[righthand]

> I don’t think you actually understand the problem space of what you’re describing or you wouldn’t call it DRM.

Yap yap yap “it’s Apple security!”

> But you’ve deles that everyone who doesn’t think it’s the same level of issue as you is somehow beneath your intellect based on your other comments.

Same to you.

[albedoa]

Enough actual Mac user have asked you wtf you're talking about. I'm more interested to know where you picked up the idea, if you care to speak to that too.

[righthand]

Enough Mac users are restricted users then and definitely not hackers and only one other Mac user has figured out what I’m talking about.

[runjake]

What? No they don't. I work for an org with 4,000 Mac users and zero of them have had to do this to get the apps they want on their Macs.

Edit: Why is this getting downvoted so much? It's 100% accurate. Here's the Apple doc describing the process. Nowhere does it mention the CLI:

https://support.apple.com/en-us/102445

[righthand]

None of them have had to let an app through Gatekeeper? Then you’re restricting the allowed software and they are all restricted device users.

[runjake]

Occasionally, but not often. BUT in no case do they need to use the CLI to do that. When they do need to, they allow the app in System Settings app, under Privacy & Security.

Heck, I am a "power user" who installs all kinds of weird apps and I haven't had to do that, except in my hackintosh days when modifying the system.

Here is the related Apple support article: https://support.apple.com/en-us/102445

[righthand]

Yes but you admit they dont need to do that but they can and probably have. That’s the simple point I’m making between restricted and non restricted devices. You may see them as guard rails or whatever but they’re still restrictions.

As soon as you let macports through Gatekeeper you are breaking through device restrictions. Does macports/homebrew have a UI?? They might not need to use the CLI to do that but they might still use it. Heck their AI assistant even might.

Another example my company doesn’t allow me to adjust OSX notification settings. Another restriction making my device use restricted.