> The idea being that I could then migrate more easily by copying the whole home directory, and thus all my apps that didn't require "installation" would come over.
Unrelated, but this is what I find so interesting and cool about the drag-and-drop to install method prevalent on macOS. People complain, but what I guess they don't realize is that all they're doing is moving a folder into their `Applications` folder and that the "wizard" way they're used to is far messier.
Granted, since I think it's up to the developers, they often seem to make the user drag and drop into the root `Applications` folder.
That’s fine, but also just means the “real” installer just runs on first launch instead in those cases, whether that is to ask for permissions or setup launch scripts or copy files to more places
But just think about how much fun phone apps could have been if you first installed an installer and than than that downloaded an app to install the side components before launching a configuration program for installing that specific software suite
The problem with the macOS "just drag it to Applications" approach is the uninstall. Deleting the folder will not delete user data (what if it's damaged?), and it won't delete any system stuff the app created on the first run. A typical Windows installer is likely to do the former and will definitely do the latter.
I do agree that uninstallation can be hard on macOS. I think Apple just envisions a future where every app is self-contained and putting the app in the trash really does remove everything because it was all in there.
Maybe that's not realistic, though.
I still think there's something to be said about an installation/uninstallation process that relies purely on moving files around, no custom script execution.
The "drag it to Applications, move to Trash to remove" flow was invented decades ago, possibly even back in NeXTStep [0]. Application bundles are not meant to be writeable, user data cannot be written there. If Apple envisions a future change, they’re really terrible in implementing it.
Just so you know, there is something about dragging that app bundle to /Applications that causes something to happen. Because if you `mv` it in the terminal, the app often doesn't work.
It's been a while since I did this, and I can't remember the details. Sorry. Someone else might.
There is a bit of magic going on in Finder with /Applications. It’s actually two folders, one in the system partition which you can’t write into and one in the data partition where anything you install goes.
No word from them on the payout, yet. They only start deciding on if and how much to pay after the patch. I know for a fact it doesn't fall under the $1,000,000 reward tier as that is for their Private Cloud Compute platform. But it may fall under some of their other categories.
Every time I update an app I have to be told I downloaded it from the Internet and do I trust it. Can this app look on the local network?
Constantly being nagged to the point I don't even check/care anymore.
Exactly what Vista used to do.
This isn't what Vista "used to do". Vista had a single elevation popup dialog / shatter attack prevention screen. Any request that required elevation required this popup.
macOS has not only elevation requests but entitlements. Using the local network is an entitlement. What macOS gets very wrong is any denied entitlements will re-prompt next time you perform that action with the app, which may simply be starting the app. It also does one entitlement at a time, i.e. if you have an app that requires screen sharing and camera, you'll get the first entitlement, restart app, go to do action you wanted again, second entitlement.
Both OSes have MoTW, but Apple goes beyond with the notarization warning/block.
macOS users are going to suffer from prompt fatigue. And the /r/macos "secure cus UNIX!" will be wrong on two points.
Technically you're right. From an end-user standpoint, it's irrelevant. Apple's mock vista ad applies just as well to Ventura: they're all annoying and a security theater if the user is just told to input admin password into any random popup.
FWIW, Vista's level of prompts is the only way to run UAC in any kind of secure fashion. The configuration that has been the default since Windows 7 makes it trivial for a low-privilege application to gain UAC privileges.
Microsoft doesn't regard UAC as a security boundary if you're logged in as an admin (https://learn.microsoft.com/en-us/previous-versions/tn-archi...). You can use UAC as one as part of a defence-in-depth approach by logging in as a non-administrator user (like everyone tells you to do but nobody wants to do) and entering a password for every prompt, but for that to work well you'd need to make sure to turn UAC prompts back to max (read: Vista level or worse). I don't think I'd set up a system like that without a fingerprint reader or Windows Hello facial recognition camera, because typing out the password that often is just a massive pain.
Windows, as configured by default, barely runs any downloaded files. You can pay hundreds of euros for a certificate, sign your installer, and still have users get told off by SmartScreen for daring to open an executable file. I don't think Apple's notarization has done anything useful so far, but their security prompts are a lot less scary than Windows'. I think it's a matter of time before unsigned Windows executables with the MotW simply won't open by default like those on macOS.
Quick clarification on terminology. From a developer perspective, entitlements a static dictionary (or a collection of key-value pairs) attached to the app at code-signing time. The entitlements you mentioned don't "entitle" the app to access resources, as user consent is still required.
The local network popup thing is too overdone in my opinion. However, I do think it is a good choice (in some respects) for Apple to have the "this is a program downloaded from the Internet", even if it can be annoying. It might also be a push to get developers to publish on the App Store (where Apple can be more sure (hopefully) that the apps are safe).
It's a double-edged sword in my opinion. I think it's good that the OS is looking out for the user in a lot of cases. I also understand how it can give the users pop-up fatigue.
> It might also be a push to get developers to publish on the App Store (where Apple can be more sure (hopefully) that the apps are safe).
Apps on macOS need to be signed and notarised. Apple has the exact same capability to scan for malicious behaviour and revoke your keys regardless of how you publish. We all know the real reason they want to push apps towards the app store.
"This is a program downloaded from the internet" isn't a push to the app store. It predates the Mac App Store, iirc.
It's another quick security hack (as they often are in any OS). Many years ago someone noticed that apps can pick any icon they want. And, therefore, if you could convince a browser to download a file to ~/Downloads (not hard), the user might look inside and find what appears to be a harmless JPEG or Word document, double click it and are immediately pwnd because back then there was no app sandboxing of any kind, no SIP etc. macOS in that era was a conventional desktop UNIX.
So the quick hack - make apps that download things mark files with extended attributes, and if the Finder sees that, it pops up the warning and then removes them. Now the user realizes (maybe) that the document-looking-thing was actually an app.
That's a fair point. But did Mac have the same issue as Windows where file extensions were not shown by default? That feels like it would have been the core issue.
There is a "show all file name extensions" option in Finder, but I don't recall if it's on by default or not as I haven't had to set up a fresh macOS install in a while and I've always had it turned on.
But, macOS isn't like Windows - the file extension doesn't matter. I can have a "file.txt" but it's actually a .xlsx excel workbook, and Excel will open it just fine (albeit, with a warning that the file extension doesn't match but that's dependent on the application presenting a warning). Windows actually uses the file extension to determine the type, macOS (and other *nixes) don't, they'll use some other file metadata. You can put whatever extension you want on a file, it doesn't matter except for determining what default app will attempt to open it when double clicking it in Finder.
> It might also be a push to get developers to publish on the App Store (where Apple can be more sure (hopefully) that the apps are safe).
This is exploitation of developers, plain and simple. Apple should secure their runtime, not roleplay as a software rent-a-cop that manually (and fallibly) inspects submissions. The App Store is a blatant moneymaking racket, on mobile and desktop alike. "Security" is a fig leaf for the perverse incentive Apple has to corral developers under their thumb.
I think entitlements are the correct direction to move in. I don't like Apple's implementation. But it gives us that fine-grained control of what an app can and cannot do with things outside of the app's "bubble" (or sandbox). We need Discretionary Access Control.
And to NSO Group's delight, they don't review SMS messages or Safari contents either. The "curated security" shtick is a lie, it does not protect anyone and doesn't function reliably in the first place. Both targeted malware and generic scams are rampant and unrestrained on iOS. Many of them are promoted as iPhone Search Ads, or suggested Siri results.
The knock-on effects it has are even worse. By relying on this game of shuffling private entitlements around, Apple has less incentive to actually review what developers are doing with them. Look at the Uber iPhone app's screenrecord permissions, or when TikTok stole iOS clipboards.
Apple uses "secure" review as an excuse to not review apps or secure their runtime.
Apple's review sucks but you are very confused about your "takedown" of their security practices. It's not meant to protect against everything. Even well-made security boundaries can fail against sophisticated attackers, or be too onerous against generic malware.
Honestly, I think you have a fair point there. I personally don't believe that any system could be 100% secure. But I do think there is a point to be made on the efficacy of securing the runtime compared to individual app inspection.
In macOS 15, there is no GUI bypass. Right click -> Open no longer works. xattr is "the way". I'm sure someone has probably created an Automation or something for it.
There's a small section in System Settings that they don't really tell you about that pops up when the OS blocks a file from opening. You can then override the block there. Yes, it's extremely annoying.
> where Apple can be more sure (hopefully) that the apps are safe
Ha, they'd love to capture the 30% Apple tax on macOS too, I'm sure.
I don't think the mark-of-the-web feature is bad, but I am particularly annoyed that I have to open the system settings app to open an application.
Honestly, when I first tried modern macOS, I was surprised how bad the popups and warnings were. This is exactly what Apple (rightfully) made fun of when Vista came around. I've caught myself mindlessly approving prompts because there are so many of them and most of them don't make much sense at all ("do you want to allow iTerm access to your downloads" after I've explicitly dragged the thing to the special "developer tools" setting? what the heck?).
Slight tangent: Apple TV constantly has MLS (major league soccer) and Apple TV+ in the left-side pop up Home menu, taking up real-estate for something I will never access. So annoying.
Why, as someone from England — with arguably the best football league in the world — would I want to watch American Soccer? I don’t even watch the English league.
The menu is:
———————
* Search
* Home
* Apple TV+
* MLS
* Store
* Library
———————
Title: Channels & Apps
* This is where all the channels I have actually opted for live — separate from the Apple products that I don’t want
———————
Both Apple TV+ and MLS should not be on that menu permanently. And it should be possible to turn them off.
> Why, as someone from England — with arguably the best football league in the world — would I want to watch American Soccer? I don’t even watch the English league.
So you're the type that doesn't watch the Special Olympics I take it? MLS is the geriatric retirement league for super star players, or the not quite good enough to play in the other leagues league. One season, I tried to get into MLS. At one point I tried using a stop watch to clock how much time the ball was out of play in MLS compared to "real" leagues, and it was close to 20% which is not far away from amateur kids level of play.
I don't blame you for not liking the MLS branding. However, I'm guessing they paid a couple of shiny coins for that privilege, so they're naturally going to try to do anything to recoup that money
I don’t watch football at all. If it’s not cricket… well it ain’t cricket!
But even if it was a channel dedicated to test cricket (the greatest sport in the history of sport), I would still resent the foisting. These are clearly anti-competitive practices and that always leads to worse products eventually.
Speaking of installed-by-default, it's even more stupid that you can't even uninstall apps like Photos. Supposedly it's 'required for your Mac to function.' I'm sorry, I do not have a need for a photo library on a computer used exclusively to write software.
> Apple Music is just an advertisement by default and "conveniently" opens every sound file mimetype
Not only that, but you get the advertisement every time it starts and then it doesn't play the actual file. So unless you join the service the process is: try to open the audio file, close the advert, go back to source, open the file again.
Sometimes I consider looking switching back to MacOS (left because OS X 10.7 was becoming too much like iOS and I don't like the idea of apps having to be signed and/or in an app store) and holy shit I am glad I left.
I did Linux for a bit, but I was really impressed with Windows 10 once I disabled all the junk. Good window management, WSL is fantastic, I really like a few windows-specific utilities, and programs. I like having the Adobe suite + a nix env.
That being said, Windows 11 is making me consider jumping back to Linux, along with me being increasingly annoyed by Adobe.
For development work, I honestly prefer Windows. At least WSL knows what you want to do and gets out of the way. Comparatively, making a "correct" shell on MacOS often entails QEMU and local NAS, alt-tabbing between that and your native terminal for version control. Or you build your server software to be MacOS-native for debugging and port it to Linux later like a neanderthal.
Just... no. MacOS looks pretty but the workflow is uglier than Satan's taint. I don't get paid to work around Apple's dysfunction.
> iCloud nags never go away if you don't log into iCloud
I don't get people who buy macs and refuse to login to iCloud.
You don't have to use iCloud for storage or anything else, all that can be disabled in settings.
The biggest benefit of logging into iCloud is protection if your device gets stolen. It means the thiefs can't just wipe and resell your device. It means you can track and remote-wipe it in Find My.
I hear you, but 10y of MacOS usage habit will make that to you, it's easier for me to work around MacOS quirks and Apple's authoritarianism than it is to try and get a Linux distro I like to work perfectly for me for more than 6 months, or worse, go back to win
> The day Apple prevents users from giving sudo access to a third-app app is when the Mac fully becomes a walled garden, and you can expect pages of HN complaints.
I can see this happening, but it probably won't anytime soon. macOS is still open enough, and with the assumption that sometimes processes need root (see third-party Launch Daemons).
It would probably break quite a lot. But I wouldn't be surprised if they eventually gradually move macOS in that direction.
Yeah. I'm guessing there must be some legitimate (internal?) use cases for the behavior I found and they spent all that time working out the kinks to allow those edge cases while also not allowing malicious ones. Or perhaps it wasn't as high on their priority list as it required a higher level of user interaction (the user had to click "Allow"). In any case, though, I do believe that a year is a shockingly long time for them to take.
I mean, at that point and app could just put up a fake prompt using the UI framework. And I think users would be more hesitant to type a full password than just click a button. But if you're talking about a bug similar to mine where an attacker could use the OS's own code against it and make it show a prompt with misleading content, you might be able to report it to Apple Product Security and maybe get a bounty.
I wonder why they don't add a little led to their laptops that would indicate that it really is the system asking for your password. Kind of like the camera led.
When they had the touchbar on the MacBook Pros, they would put the authentication in there since that was something only the OS could take full control over.
That's an interesting idea. I do think it would be nice to have some way of knowing "is this prompt coming from the operating system or some third-party app?". However, I don't think it would have helped in the case of my vulnerability, because it abused a legitimate OS prompt.
I mean, a website could display a crafty popup-appearing box and try to get you to type in your username and password. Not really sure how you can prevent that.
Vista used the “the background dims quite a bit” to try to deal with that.
Problem is most users will not care or understand it. Someone will spoof the dialog without the special icon or phrase and users would still enter the password.
Yeah. I think the key thing in my vulnerability is that it abused a legitimate OS prompt and had the consequences of that prompt be applied to something separate from what the prompt text itself said it would.
This is Apple-specific, though. So there aren't really any other vendors that are relevant to this specific scenario. I will say, they have been quicker with my other reports; taking just a few months as opposed to a full year.
I honestly think this is a good skepticism to have. I generally don't hit "Accept" (or "Allow" or whatever) on any permission pop-up unless I know exactly what it's doing and what I need it for.
Unrelated, but this is what I find so interesting and cool about the drag-and-drop to install method prevalent on macOS. People complain, but what I guess they don't realize is that all they're doing is moving a folder into their `Applications` folder and that the "wizard" way they're used to is far messier.
Granted, since I think it's up to the developers, they often seem to make the user drag and drop into the root `Applications` folder.
reply