[comboy]

> As a complete nerd, you'd think maybe I'd like that I can prove my skills like this, but it comes off as deeply disrespectful to me as the user that I can't disable this.

You seem to have understood the problem. But then you didn't follow. If there was a way to disable this, first thing that the grandma would do is watch a video how to disable that and lose security from then on.

Of course it is not perfect, but their approach here is really decent. And also, if you find yourself needing to go through that often I think that's not a good sign security-wise.

[wolvoleo]

Their approach is not decent. There should be some kind of master key to get full admin access. Leaving al the keys in the hand of a mega corporation is asking for trouble.

It's gone so far that even tech people now think that having root access to a mobile device is somehow scary. Well guess what that root access is still there for the manufacturer. It needs it for stuff like updates. It just shields you from having any kind of input or visibility on what is going on.

And once you've given up your admin control to the mega corporation, your government is going to be next. They'll be demanding backdoors and regulatory bullshit like age verification and snooping backdoors. Even today the EU launched yet another chatcontrol proposal. Eventually they'll manage to get it through when they've paid off enough representatives.

Keeping full control is the only way to prevent this.

[butlike]

Doesn't the government already have root to whatever machine via the NSA? It's the downstream government, the state-level governments that are squeaky wheels with the age verification and other nonsense.

[wolvoleo]

I'm in Europe not the US. But NSA and their likes are a very expensive resource. They're not going to use that for small fry cases. Also, any evidence they obtain is not legal for any purpose so it has limited use.

And even NSA backdoors could be discovered more easily if we had full access to our phones, obviously.

[fsflover]

You can have the full access to your phone. See: Librem 5.

[wolvoleo]

There's nothing you can do with that in daily life if you need apps. Also, purism is American.

And yeah you can root other phones too but then you end up getting blocked in apps, that's the problem. It should be none of their business that my phone is rooted.

Imagine office refusing to work on windows because I logged in with an admin account?

[fsflover]

I do use this phone as a daily driver. I can run Android apps with Waydroid, and I can run any GNU/Linux desktop app.

> Also, purism is American.

So what? The device runs an FSF-endorsed distro, and they even provide its schematics. American is not necessarily the same as evil.

> Imagine office refusing to work on windows because I logged in with an admin account?

This is exactly why I use this phone and support Purism, since they explicitly say they want the users to be in control of their devices: https://news.ycombinator.com/item?id=24463347. And its not just empty words.

[jahller]

you really underestimate the will of people to not change anything that annoys them about their OS. they will click 1 million times a popup away before even considering that it could be resolved indefinitely by an option change. i think Apple's system works well to keep the average user safe.

[Sharlin]

Agreed. It just doesn't occur to most people. To even come up with the idea that maybe there's a setting for something, never mind searching for a tutorial on how to change it, you already have to be a power user for some values of "power".

[carlosjobim]

The grandma is going to follow the video on how to disable system security because scammers are making these videos and she think she has a virus.

Not because she wants to install brew or something.

[Sharlin]

Good point.

[projektfu]

This is evidenced by the people who constantly dismissed the Wi-Fi pop-up on iOS. Which is just about everyone I know with an iPhone.

[xp84]

Which pop-up do you mean?

[projektfu]

It's a setting that iPhones had for a long time, where they would prompt you to join the nearby WiFi networks. I don't currently have one, so I don't know what it's currently like, but a large number of people would pull out their phones, start doing something, dismiss the pop-up, and continue, many times in a day. Probably they almost never actually used it to join a WiFi network at all. You could turn it off in settings but they didn't.

[MoonWalk]

"they will click 1 million times a popup away before even considering that it could be resolved indefinitely by an option change. i think Apple's system works well to keep the average user safe."

I find this reasoning backward. I have been saying what you just said for years, in defense of NOT making changes a giant pain in the ass for knowledgeable users. The vast, vast majority of people will not imagine that there's an option; much less go looking for it. Therefore if the user goes digging around in Settings, everything should be there all the time, with no further hassles required.

By the same logic, a lot of Apple's recent decisions are anti-user stupidity. For example, removing the "Get new mail" button from Mail. If my mom tries to log into her bank account and the site says "We just sent a confirmation code to your E-mail," she's going to go there and try to fetch mail. But nope... now she has to sit there and wait for it to poll the server at some unknown interval.

Apologists rush to say, "Oh but you can simply customize the toolbar and put it back." NO. Give me a break. Why on earth would the average user even imagine that you could customize the fundamental UI of the application, let alone figure out where to perform that task? It's so out of touch with real-world users.

[Wowfunhappy]

> If there was a way to disable this, first thing that the grandma would do is watch a video how to disable that and lose security from then on.

My grandma absolutely would not watch and follow a video on how to e.g. disable Gatekeeper, nor do I think she’d be able to if she tried.

Your grandma sounds substantially more tech savvy than my grandma. Good for her, she seems to know what she wants. Grown adults should be allowed to knowingly opt into an additional level of risk.

[moduspol]

She would ask a grandchild or neighborhood kid to fix it, and then it would be disabled.

[kbelder]

Should she be allowed or forbidden from doing so?

[moduspol]

I think it's reasonably within scope of the threat models considered by operating system creators.

[Wowfunhappy]

I still don't understand the threat. Is it that a user who is not "worthy" of more permissive security may nonetheless be capable of enabling more permissive security?

I can put that more charitably by thinking about it in terms of informed consent, ie does the user understand the risks involved. But if you're concerned that someone following a video tutorial or seeking out a friend has not consented, then I think your standard for what constitutes consent is ludicrously high!

And if it turns out that lots of people are consenting to something, that isn't a failure of design. You asked your users a question, and they gave you an answer.

[moduspol]

The threat is that users who are not sufficiently tech savvy will shoot themselves in the foot, including using methods they don't understand. This is a pattern we've seen play out numerous times. The more secure platforms are overwhelmingly the ones that protect the users from themselves, and (most) users value security over absolute computing freedom.

[freedomben]

I agree with you, but then to me this is a great reason why macOS (and Apple products in general) just aren't made for me. And that's ok, that's the beauty of diversity.

[merlindru]

Could make it disable-able only from the terminal in recovery mode. That one would be too hard / bothersome to fend off most cases I feel like

[Moggie100]

Never underestimate the ingenuity of a motivated fool.

My litmus test for this sort of thing is Excel - I think we all can agree that Excel is used for way more than it should be, and the most complicated, unhinged uses of it are done by non-technical folks looking to get a task done through desperation.

[KoolKat23]

At that point it's a them problem.

[aquariusDue]

Yeah, it always seems weird to me how we deem most adults responsible enough to own a car and not drive into oncoming traffic or how people are allowed to buy actually dangerous tools from big tool stores without a second glance. And sure, there's safety training available and in the case of driving you gotta first prove you're able to follow the rules. But after that? You're on your own, only in computer land do the manufacturers and so on keep holding your hand trying to make sure you're not figuratively cutting it.

With that in mind it ends up being weird to me in a way I can't articulate because after all I can speedrun losing a limb if you left me loose in Harbor Freight or speedrun losing all my money and becoming debt-ridden if you give me a laptop with internet connection.

Anyway, I know there's more nuanced discussion to be had still I sometimes wonder how would the ideal approach actually look like without requiring people to have a digital(ing) license before being allowed to connect to the internet.

[TylerE]

That isn't true at all.

To attack your specific example, cars have added all kinds of things that "hand hold" the user and keep them (and others) safe: Seat belts, air bags, anti-lock brakes, traction control, automatic emergency braking, back up cameras, lane keep assist, blind spot monitors, etc, etc, etc. (Oh, and guess what, per-mile traffic deaths are WAY down from a few decades ago).

[throwup238]

All of which are trivial for a user to override, disable, or ignore completely except the primary airbags, which I believe is the whole point. The user is in control and its all in the owner’s manual to boot.

[BobaFloutist]

And, notably, require a license, a test, insurance, and registration.

[ToucanLoucan]

> You're on your own, only in computer land do the manufacturers and so on keep holding your hand trying to make sure you're not figuratively cutting it.

Well, firstly, newer cars are now equipped with tons of safety features like various kinds of auto-braking, various warning systems which monitor blind spots in the car, and driving aids like lane assist, lane monitoring, what have you. And then they also have advanced telemetry features that don’t keep them safe, but their insurance company hopes will identify them as bad drivers if and when they get into accidents so they can be denied coverage. These could be analogous depending how you look at it.

Additionally while there’s not much out there for tools, I think that’s less to do with it not being an issue and more to do with it being kind of impossible? That said a few tools have things like sensors that detect the presence of fingers near saw blades and will not only stop operating, they’ll usually destroy the tool in the process to ensure the operators safety, because fundamentally, more saws exist, more fingers do not.

Like despite loving track driving, I wouldn’t think that everyone tearing around in V8 monsters with stripped interiors and roll cages is a good idea.

[aquariusDue]

Huh, I always forget about the newer safety features of cars because I generally see older cars around me and I used to drive cars where ABS, ESC and beeping where as far as it went for safety. And sure you could argue that telemetry used this way could be a path to price bad drivers out, if I understood your point correctly, yet while it would be effective when deployed to this goal I still instinctively regard telemetry as an invasion of privacy (in a space I assume by default to be private) but that's veering towards a different discussion.

Generally I have to admit that society is trending towards making things safe(er) by default but as always with every trend some attempts at following or complying are executed poorly (intentionally or unintentionally). Here's where I agree that while some safeties are universally good and people that disable them suffer from overconfidence I have seen some examples like experienced people removing the shields from brush cutters because they can get in the way and increase the risk of a tangle when cutting overgrowth (though you have to be mindful and careful to not fling small rocks around afterwards).

And yeah, I see your last point and generally agree but for fairness sake I would like to present the other extreme end where a person on a bicycle against a pedestrian is also dangerous albeit less so. That said I'm about to accidentally argue in favor of the "guns don't kill people..." rhetoric and I really don't want that so I will concede that for the time being it's better to (thoughtfully) design safe systems instead of relying solely on operator diligence.

Oh how I dislike that objectively I recognize the need for safety yet subjectively I disdain the fact that my tools try to nanny me and I can't reconcile these two views :/

[throw0101a]

> At that point it's a them problem.

Except when it becomes a reputational problem for the OEM: Excel sucks at X (i.e., don't use it for that) and Excel sucks can become equivalent in many people's minds.

Sometimes it is actually a problem of people 'holding it wrong' (as the meme/trope goes). And who gets the blame?

[KoolKat23]

I'd say, the reasonable person test, if the mistake sounds like one a reasonable person would make, then fine.

I guess sadly the press will gloss over all the intricacies for a few clicks.

I also feel that dumbing things down probably just exacerbates this problem as "reasonable folk" have no clue how you actually get from a to b.

[jmye]

*shrug* I bought my mom a specific laptop to prevent "them" problems. I'm sorry that you're mad that every laptop doesn't conform to your use case, but perhaps this is a good time to realize that not every product is for you, and not every product has to conform to your view of the world. Sometimes, you can just not buy things that don't function the way you want.

[KoolKat23]

Easier said than done. Economies of scale.

I suspect you're missing the entire point of my statement however, I also suspect your mother accessing a recovery boot mode intentionally is not on your list of concerns, if you're infantilizing her use to such an extent.

[mikey_p]

Did you know that Facebook actually has a message styled with color and different font sizes that pops up in the browser console when you open the inspector for Facebook.com with instruction not to paste things you're told to paste there, with a link to https://www.facebook.com/selfxss for more information?

[moduspol]

No, it would just become something you ask your tech-savvy nephew to fix for you. Windows is (or used to be) full of things like this.