Comment by latexr

Comment by latexr 2 days ago

29 replies

View on Hacker News

> Don't you love how hackable everything is? Removing stock apps from the Applications folder is completely safe—nothing will break—and this is your computer, so you should make it your own. You can always restore apps later using Time Machine. Just don't delete System Preferences, or anything in the Utilities folder.

This was pretty funny. “You can do anything, and you should be able to do anything, nothing will break”, then in the same paragraph “but don’t do this specific thing”.

Yes, there is immense value in being able to do whatever we want with our computers without restrictions. But let’s not pretend there isn’t value in being able to set restrictions too. Everything in computers is a tradeoff. Having an immutable signed OS has plenty of advantages, including for hackers: I feel much safer telling people to “just try stuff” when I know there isn’t a risk of them breaking everything and being left with an unbootable machine, leaving them feeling stupid and scared of trying anything else. More advanced tasks can come later.

Kudos for the project in general, though, I’m not throwing shade. I too am discontent with Apple under Tim Cook, but staying on an older version of macOS isn’t an acceptable solution for my use cases, I’d sooner switch to a BSD.

Aurornis 2 days ago

This is a hallmark of having achieved comfortable familiarity within a system: You think you have total freedom because, mentally, you’ve excluded the off-limits things from consideration.

It reminds me of a couple jobs where management would tell us we had so much freedom that we could work on whatever we wanted. Choose your own destiny here! Except when you chose something that wasn’t among the short list of acceptable tasks, you were scolded for choosing something that was obviously not an option (to them). They knew the rules so deeply that the set of acceptable things seemed like the entire frontier of possibilities in their minds.

Like you said, it would be more helpful for everyone if the system actually clarified what was allowed and what was not so we didn’t have to guess. Drop the illusion of total freedom and replace it with clear rules that leave nothing to guessing.

Reply View 0 replies
nutjob2 2 days ago

> This was pretty funny. “You can do anything, and you should be able to do anything, nothing will break”, then in the same paragraph “but don’t do this specific thing”.

I think you're being a bit pedantic. There is no contradiction.

You can indeed delete System Preferences and nothing will break, ditto for utilities, it just makes life difficult if you do. For a locked down system for say a child though it might make sense. Also reversing the problem isn't hard, you can just copy in the apps from elsewhere.

macOS isn't perfect, but it does have a nice, clean, logical implementation in many ways.

One huge demonstration of that is the way it runs on commodity hardware so well (ie Hackintoshes). Apple could have easily baked in very hardware specific support in the OS, but instead they mostly implemented a general system that follows PC standards. Security lock downs are orthogonal to that.

Reply View 9 replies
  • latexr 2 days ago

    > There is no contradiction.

    Neither have I claimed there is one. I understood the point perfectly, I simply found it humorous. Things can be funny without being contradictions, my point was about the tradeoffs inherent to different types of OS lockdown.

    > You can indeed delete System Preferences and nothing will break, ditto for utilities, it just makes life difficult if you do.

    And—surprise!—most people don’t want to make their own lives difficult.

    > Also reversing the problem isn't hard, you can just copy in the apps from elsewhere.

    It is hard for most people. Most of us don’t just have something else at hand to copy from at all times, including the younger OP.

    https://news.ycombinator.com/item?id=44973333

    > For a locked down system for say a child though it might make sense.

    I’m not saying that’s what you’re doing, but most of the time I see a variation on that comment it is attached to a fair bit of condescension. Like with calling something a “toy OS” when it’s used by millions of adults worldwide for productive work. Locked down systems don’t just make sense for children. On the contrary, children might benefit the most from operating systems which are not locked down, because they have the free time and willingness to experiment and won’t yet have a lot of important data. Or maybe you have kids who don’t really enjoy computers and just want to play an occasional game or need to write a school report. That’s OK too.

    Both can also be true of your elderly relative, or your partner, or your cousin, or your friend who doesn’t want to fiddle with the damn machine, they just want to get their shit done without having to worry about screwing up anything. Your other friend will want the freedom to do everything and ask you for help.

    There is no right approach for everyone, and there is no age at which one approach is definitely superior to another.

    Reply View 8 replies
    • Wowfunhappy 2 days ago

      (I know I already replied in a different comment, but just thinking about this more.)

      > Both can also be true of your elderly relative, or your partner, or your cousin, or your friend who doesn’t want to fiddle with the damn machine, they just want to get their shit done without having to worry about screwing up anything. Your other friend will want the freedom to do everything and ask you for help.

      ...you know, this is also why, as much as I love the hackability of Mavericks, I also kind of liked the way Apple initially implemented System Integrity Protection in El Capitan.

      It was easy to turn off! Just boot into recovery mode, open the Terminal, type in a short command, and boom, SIP will never bother you again for the entire life of that computer! The process wasn't onerous, or even difficult as long as you knew how to open a Terminal in recovery mode, or were willing to learn. And if you couldn't do those things, well, you probably shouldn't turn off SIP!

      Where I get annoyed is with the signed system volume stuff, because that consistently gets in your way! It is impossible for any type of user to "unlock" modern macOS.

      Although then again, even going back to the original SIP without SSV... well, we did already have a system for this before SIP, didn't we? It was called UNIX permissions! If you didn't know what you're doing, or didn't want to learn, why were you using an administrator account? Why did your elderly relative ever have superuser privileges in the first place?

      ...the answer is kind of obvious, actually. Administrator accounts are the default, and even if you went out of your way to avoid one, you'd be unable to, for example, install Photoshop.

      I wish that is the problem Apple had solved! Instead of introducing an entirely new layer on top of the UNIX security model, make non-admin accounts the default setting for new users, and then make those accounts a tad more capable (and lean on Adobe to stop being awful).

      Reply View 7 replies
      • latexr 2 days ago

        There is also another layer: when SIPS was introduced, there were tons of articles and videos teaching people to turn it off when they shouldn’t. This ranged from uninformed social media “developers” who confidently spewed dangerous bad advice, to outright bad actors trying to compromise your machine. Non-savvy users could still break their own systems by disabling these features easily.

        But largely I agree with you. I wish Apple had taken longer to fully develop a robust solution from the ground up instead of the status quo of piling on year after year to a semi-broken system.

        Reply View 6 replies
Telemakhos 2 days ago

Is this actually true? I thought Chess.app was, from OSX Lion (prior to Mavericks) yea unto the present, protected from deletion from the Applications folder as somehow intrinsically important to the system. It's apparently load-bearing, not just a holdover from NeXTSTEP but an integral element that the OS must defend at all costs to ensure System Integrity.

Reply View 3 replies
  • philistine 2 days ago

    It's because its in the signed system volume. You cannot modify the system volume in any way. macOS will do all sorts of crazy things to portray that volume as just like the old filesystem, but ultimately there are hard limits. Deleting apps in that volume is one of them it seems.

    Reply View 0 replies
  • Wowfunhappy 2 days ago

    It's absolutely not true on Lion or on Mavericks. You can just delete Chess. I know because I've done it. I've been using the system for five years.

    On Lion—or, well, at least on Mavericks, but I'm assuming this is all Apple did starting in Lion—there is literally just a list of Appications in the Finder binary that, should you try to delete them, Finder will pop up a message stopping you. You can hex edit the Finder binary and the message will go away for the hex-edited app.

    (Newer versions of macOS have signed system volume stuff, I'm not talking about that! This was introduced right around the time I nope'd out and built my current Mavericks computer.)

    Reply View 0 replies
socalgal2 a day ago

> I feel much safer telling people to “just try stuff” when I know there isn’t a risk of them breaking everything and being left with an unbootable machine

On which non-mobile OS is this true? It's certainly NOT safe on Mac/Windows/Linux to "just try stuff". I can trivially delete all of your data and/or upload all your .ssh files and Documents by "just try it"

Reply View 3 replies
  • jchw a day ago

    If you are running an immutable system like Bazzite it is significantly harder to get yourself into an unbootable state by accident, since if your system-wide change does actually break the machine, you can just boot into an older one. NixOS is quite a bit different, but likewise it is really hard to make the system unbootable just by making changes, since I can just boot into an old generation. I haven't used rescue media for my own machines in probably 5 or 6 years now.

    Reply View 0 replies
  • xattt a day ago

    I’ve found a big performance boost by running:

        sudo rm -rf /
    Reply View 0 replies
  • anthk a day ago

    By running libre software exclusively and an encrypted hard disk, just try.

    Reply View 0 replies
giancarlostoro a day ago

> I too am discontent with Apple under Tim Cook

He is a fantastic COO, unfortunately, Apple needs a CEO with vision. They do everything safe. I like Tim Cook because clearly he runs the ship nicely, but we need a visionary at Apple. Apple was always a little different and more daring. Remember the Apple that told you, you were holding your phone wrong? I want that level of energy that pushes for more innovation, it was much more exciting.

Reply View 1 reply
  • RankingMember a day ago

    > Remember the Apple that told you, you were holding your phone wrong?

    When I think of the positive elements of Apple's culture/persona under Steve Jobs, that particular episode is not one of them.

    Reply View 0 replies
bapak 2 days ago

That comment really sounds like how pissed off I was when Windows Vista told me I wasn't allowed to do something.

Funny thing is that you're still allowed to change things in the latest macOS, just disable SIP. On Mavericks you can because there's no SIP at all.

Reply View 1 reply
  • Wowfunhappy 2 days ago

    Unfortunately, you have to do a lot more than disable SIP nowadays because of the signed system volume stuff.

    Reply View 0 replies
Raed667 2 days ago

running a funky chmod command recursively on my root dir and then learning how to fix it, probably taught me more about how linux works than any tutorial or article i've ever read.

have fun! break things!

Reply View 4 replies
  • latexr 2 days ago

    I broke enough things in my early Linux days and learned a lot, but enjoying that, seeing it as a positive, or even having the willingness and time to spend on such fixes is far from universal. Most people have severe mental blocks to doing anything on the command-line for fear of breaking everything. Having an environment where they can’t break anything is a fantastic way to help them build confidence and learn how the computer works.

    There is a time and place for each approach. Recognising which is appropriate for each situation and user is a good skill to cultivate.

    Reply View 0 replies
  • bobbylarrybobby 2 days ago

    One time I somehow set the permissions of the sudo executable to lower than they needed to be (0600?). Fixing that was fun :)

    Reply View 1 reply
    • aspenmayer 2 days ago

      > One time I somehow set the permissions of the sudo executable to lower than they needed to be (0600?). Fixing that was fun :)

      I know very little, admittedly, but without telling us how, it’s just a funny anecdote.

      I would try to switch user to root and su instead of sudo, but I’m not sure if that would actually work. Would it? Probably not on rootless installs, but I don’t know how many of those systems most folks are able to break in the manner described above.

      Reply View 0 replies
  • itsthejb 19 hours ago

    Disk Utility used to have a Repair Permissions tool, at least back in the 00s. Not sure when it was removed

    Reply View 0 replies
Wowfunhappy 2 days ago

> This was pretty funny. “You can do anything, and you should be able to do anything, nothing will break”, then in the same paragraph “but don’t do this specific thing”.

This is fair, but I will say, there's a reason I put this section after "Please enable Time Machine."

...you actually could get rid of System Preferences, if you really wanted to, and use the Terminal to set Preferences instead. The reason I called out System Preferences is because, growing up, my younger brother did delete System Preferences! He didn't have Time Machine, and this didn't come up until we were traveling and he couldn't connect to a new wifi network. So that was a little annoying.

But I'm probably further making your point, and I do largely agree with you! The thing is, my computer is my home--I spend so much time there--and I just can't deal with having my home littered with Apple cruft.

Reply View 0 replies