Comment by Wowfunhappy

Comment by Wowfunhappy 2 days ago

7 replies

View on Hacker News

(I know I already replied in a different comment, but just thinking about this more.)

> Both can also be true of your elderly relative, or your partner, or your cousin, or your friend who doesn’t want to fiddle with the damn machine, they just want to get their shit done without having to worry about screwing up anything. Your other friend will want the freedom to do everything and ask you for help.

...you know, this is also why, as much as I love the hackability of Mavericks, I also kind of liked the way Apple initially implemented System Integrity Protection in El Capitan.

It was easy to turn off! Just boot into recovery mode, open the Terminal, type in a short command, and boom, SIP will never bother you again for the entire life of that computer! The process wasn't onerous, or even difficult as long as you knew how to open a Terminal in recovery mode, or were willing to learn. And if you couldn't do those things, well, you probably shouldn't turn off SIP!

Where I get annoyed is with the signed system volume stuff, because that consistently gets in your way! It is impossible for any type of user to "unlock" modern macOS.

Although then again, even going back to the original SIP without SSV... well, we did already have a system for this before SIP, didn't we? It was called UNIX permissions! If you didn't know what you're doing, or didn't want to learn, why were you using an administrator account? Why did your elderly relative ever have superuser privileges in the first place?

...the answer is kind of obvious, actually. Administrator accounts are the default, and even if you went out of your way to avoid one, you'd be unable to, for example, install Photoshop.

I wish that is the problem Apple had solved! Instead of introducing an entirely new layer on top of the UNIX security model, make non-admin accounts the default setting for new users, and then make those accounts a tad more capable (and lean on Adobe to stop being awful).

latexr 2 days ago

There is also another layer: when SIPS was introduced, there were tons of articles and videos teaching people to turn it off when they shouldn’t. This ranged from uninformed social media “developers” who confidently spewed dangerous bad advice, to outright bad actors trying to compromise your machine. Non-savvy users could still break their own systems by disabling these features easily.

But largely I agree with you. I wish Apple had taken longer to fully develop a robust solution from the ground up instead of the status quo of piling on year after year to a semi-broken system.

Reply View 6 replies
  • Wowfunhappy 2 days ago

    > There is also another layer: when SIPS was introduced, there were tons of articles and videos teaching people to turn it off when they shouldn’t.

    ...see, I actually had the opposite frustration with SIP. So many people were so hesitant to turn it off, even when they had a clear use case.

    This is where the argument looses me. I agree that it's good to protect people from screwing up by accident. But if someone has taken the time to reboot their computer into recovery mode, find the Terminal app, and run a very specific command, that is not an accident! That is a user clearly requesting that the training wheels be removed. And sure, maybe the user was following bad advice, but it wasn't an accident!

    People are allowed to do stupid things, that's how we learn. Again, it's great to have guardrails for people who want them, and it's great to have those guardrails on by default for people who don't want to think about them or even know they exist. But deciding which users are savvy enough to be worthy of disabling SIP feels Gatekeepy to me.

    Reply View 4 replies
    • scarface_74 2 days ago

      Until you install a piece of niche software that corrupts your entire system when installing it with SIP turned off…

      https://support.google.com/chrome/thread/15235262/chrome-upd...

      Reply View 3 replies
      • Wowfunhappy 2 days ago

        Because Google majorly screwed up, in a piece of software that runs with administrator privileges! Why the heck was it running with those privileges in the first place?! It's kind of nuts that Google faced basically no blow-back for rendering people's systems unbootable.

        The Chrome updater could also have had a bug that completely deletes your home directory, and SIP wouldn't protect you. I guess your computer would still boot in that case, but how much would you care? The actual damage would be worse.

        Anyway, this entire incident was notable precisely because it was so unusual—in ~9 years of SIP I'm not aware of any other instances where turning it off caused problems.

        Reply View 2 replies
  • andyzweb 2 days ago

    Correction: SIPS is the scriptable image processing system, SIP is system integrity protection.

    Reply View 0 replies