Posted January 28, 2016
Sorry for bringing up the old thread, however I could not resist ; )
SIP sux.
Because.. why should I care about " the majority of Mac users"?
Meaning, that SIP is very nice and important security feature, however there must be a way to disable it for certain apps.
Oh and sky is falling. How do you disable it remotely? And I don't think disabling SIP is a good idea anyway - because SIP was implemented to address security breaches, not just for kicks. So.. bye-bye Witcher, bye-bye USB3 drivers(or any non-apple drivers), bye-bye some weird internet banking devices, etc.
Example - SELinux. You still have access over everything and it provides much more security than SIP.
Tho, sometimes it is very tricky and hard to configure properly. But it is possible ; )
Now, what Apple does? The same thing they were doing all those years - provide some functionality by 'cutting corners'.
As in - make solution which will suit only part of the user base, granted the majority, but still..
I've been employed as OS X devices system administrator since.. 10.6. And every f*cking new and awesome change makes my hair stand still so it is painfull to sit on my chair ; )
F.e. latest "security" measure - detect if login keychain is unlocked remotely and deny. Yeah.. very secure. Very cool.
But now I need to travel ~1000km to the office or beg users to unlock it..
Apple even managed to fuck up SMB..
On the upside - I earn more, since it takes more time(vs *nix/Win). But I do care about my clients wasting money on nothing..
SIP sux.
Because.. why should I care about " the majority of Mac users"?
Meaning, that SIP is very nice and important security feature, however there must be a way to disable it for certain apps.
Oh and sky is falling. How do you disable it remotely? And I don't think disabling SIP is a good idea anyway - because SIP was implemented to address security breaches, not just for kicks. So.. bye-bye Witcher, bye-bye USB3 drivers(or any non-apple drivers), bye-bye some weird internet banking devices, etc.
Example - SELinux. You still have access over everything and it provides much more security than SIP.
Tho, sometimes it is very tricky and hard to configure properly. But it is possible ; )
Now, what Apple does? The same thing they were doing all those years - provide some functionality by 'cutting corners'.
As in - make solution which will suit only part of the user base, granted the majority, but still..
I've been employed as OS X devices system administrator since.. 10.6. And every f*cking new and awesome change makes my hair stand still so it is painfull to sit on my chair ; )
F.e. latest "security" measure - detect if login keychain is unlocked remotely and deny. Yeah.. very secure. Very cool.
But now I need to travel ~1000km to the office or beg users to unlock it..
Apple even managed to fuck up SMB..
On the upside - I earn more, since it takes more time(vs *nix/Win). But I do care about my clients wasting money on nothing..
Post edited January 28, 2016 by lbr_