[einsteinx2]

My daily driver for the past 20 years or so has been a Mac, doing everything from software development to music production to general computer use.

I’ve never had to use the CLI to turn off Apple DRM to install software. I use the Homebrew package manager to install all types of command line and GUI software and I download and install all manner of software outside the App Store regularly.

The only times I’ve had to do anything is if the app isn’t signed which is rare to come across, and even then it is a couple clicks in the macOS GUI to allow installation (I’ll grant you the fact they’ve made it more cumbersome in the past years by requiring you to go into the settings panel and click a button there, but it never outright prevents installation and never requires CLI use).

I really have to question if you’ve actually used a Mac or if you’re just repeating something you’ve heard because it doesn’t match my daily experience at all nor that of any Mac user I know (all my coworkers for example).

[sillysaurusx]

I think they're referring to disabling system integrity protection, which I've admittedly had to do for some specialized use cases that I can't remember.

[harambae]

SIP is similar to an enhanced secure boot. It's not (at least not primarily) for DRM.

He might be talking about a Gatekeeper override which is available by digging into the system settings? This allows you to run insecure resigned software (like pirated software is a common use case, honestly). But you only have to do this once, it isn't some constant headache.

I'm not sure what exactly he's referencing, actually. But it can almost all be disabled on macOS (the same is not true of iOS).

[tristor]

I've been using a Mac since 2012 for all manner of work and personal use cases. I haven't needed to disable SIP to do anything in quite a long time. I used to need to do this to install kernel extensions for audio, but this is no longer required for systems that support AudioKit.

Basically, I don't see any impediments to doing anything I need to do with SIP enabled at this point. I'm not sure what GP thinks the impediment is.

[righthand]

Regardless you still had to do it. Anyone that doesn’t do it is in a restricted use case for the machine. That’s my point which I made clear in my original comment. Disabling it allows you to use the machine outside of restriction. Fancy that!

[tristor]

I only had to do it years ago. I have a new M5 Max MBP and it has never had SIP disabled, neither did my M1 Max MBP I replaced. That's at least 4-5 years where it's been unnecessary. Never needed it on Apple Silicon devices, although I don't think the SoC arch is related to why.

[prepend]

I’ve had to disable it a few times but for niche stuff. I like to run LittleSnitch and monitor all outgoing network connections.