Literally this was me this morning after I upgraded last night and went to bed.
I get Apple wants to make people feel their in control of their privacy, but literally every app I use for work prompts me for every permission imaginable.
“Oh the command you’re running in Terminal, it wants permissions to your Downloads folder, is that ok?” ::click yes:: “Guess what? That same command you’re running in Terminal now wants to access you Library folder. Is That cool?” ::click yes:: “hey it’s me again, that Terminal command. It now wants to access your Documents folder. Is that cool?”
I’m a Sys admin prepping all the hoops to make my clients avoid this fiasco. It’s somewhat documented what we should expect, but it’s a lot of prep work and real world testing we need to go through to ensure our users don’t ask, “why am I always being prompted with these pop up questions?”
Also, TV, Podcasts, and FindMy are being disabled in Catalina. Disabling FindMy and logging everyone out of iCloud turns off the risk of the new Tile like features Apple is about to release on the world. I don’t want my users turning their work machines turn into Bluetooth beacons for Apple.
> I get Apple wants to make people feel their in control of their privacy, but literally every app I use for work prompts me for every permission imaginable.
i would guess this has the side-effect of making devs think hard about what really needs access or not, and tightening up where data is stored (say in the app container, not copying files willy nilly over the hd, using entitlements etc)
> Oh the command you’re running in Terminal, it wants permissions to your Downloads folder, is that ok?” ::click yes:: “Guess what? That same command you’re running in Terminal now wants to access you Library folder. Is That cool?” ::click yes:: “hey it’s me again, that Terminal command. It now wants to access your Documents folder. Is that cool?”
yes, that is annoying, but i’m pretty sure that only happens the first time it tries to access those folders... is that correct?
personally, i think that’s good that it checks those, because some scripts can do damage to your data (say. by accident), and you might want to know if it’s trying to say, read your keychain or not
> I don’t want my users turning their work machines turn into Bluetooth beacons for Apple.
Is it really that bad? I get that you always have to consider privacy concerns, but Apple has been pretty good at user privacy compared to, say, Google. And there’s already been a real world case of Apple’s new Bluetooth tracking helping someone find their phone before the stable
version of iOS 13 was even released.
I understand this is chaos, but it's chaos because it has to be. There's no way to move users from an world of opaque "if it's an application, it can do anything it wants" to a world of "applications should ask me when they want to do something" transparency.
The idea that Apple doesn't care about the Mac because it's trying to explicitly improve our privacy and security is … weird.
Yes their recent trend of moving user privacy to the forefront is one of the few really positive trends i've seen out of apple in the past 2-3 years. Ignoring that the questions being asked by the OS are good is very bizarre.
Yes their recent trend of moving user privacy to the forefront is one of the few really positive trends i've seen out of apple in the past 2-3 years.
Apple has moved privacy to the forefront for a much longer time. Apple was the first to roll out end-to-end encryption of messages to hundreds of millions of people (iMessage 2011), the first to roll out end-to-end encrypted (video) calls to hundreds of millions of people (Facetime, 2010). They introduced the secure enclave, which was quickly used throughout the OS with iPhone 5s in 2013.
Whatever reasons they have (and despite their failings), they have been pushing privacy for almost 10 years now.
Second this. It's a major security update that allows you to re-evaluate and more precisely manage access rights that your existing apps have. Not sure what "super user" author is really sad about. No one is keeping him from using windows.
I don’t think that’s intentional though. Otherwise a proper way would simply be to prompt the user with something like « you’ve just upgraded your system, would you like to take this as an opportunity to reevaluate all your applications access rights ? ».
Almost every user clicks no and moves on with their life and then we’re put into a weird situation where apps installed prior to Catalina have a ton of permissions and apps post Catalina have comparably few.
You could say this is fine but it does demonstrate that something bad probably happened because we’re they presented the immediate option for existing apps they would have made a different choice.
Right now I have iOS 13 and it’s been great to see how many apps want but 1000% have no need for Bluetooth access — it’s nice to not have to comb through settings and revoke them manually.
Erm, preferring the old Apple experience (or even a perceived old Apple experience) to the modern Apple experience does not necessarily mean he would prefer the Microsoft experience to the modern Apple experience...
It's a bad onboarding though, full stop, and not very Apple like. For example, I imagine there could be a way to present the user a screen with all apps, and ask the user on one screen to check/uncheck any that it would like to receive notifications for.
Similarly, for the apps requesting access to various things, if I were Apple, I'd wait a bit and then present the user a list with the apps requesting access, explaining why it's happening, etc.
So two simple screens with clear explanations and helpful advice, versus a million baffling popups.
If you have one window, with checkboxes, the window would need to start with the boxes all unchecked. And users, being users, would then demand a way to check all of the boxes. And then what would the point of the notifications and requests be?
If they didn't, people would complain that they had to click all these checkboxes, and then missed one.
Or the window wouldn't have room for applications to explain why they needed that access.
Or they would, and users would maybe read the first one, but skip others.
There is no "better experience" which doesn't sacrifice the point of the prompts.
”I imagine there could be a way to present the user a screen with all apps, and ask the user on one screen to check/uncheck any that it would like to receive notifications for”
All 150+ apps (I don’t know how many are installed by default, but I have 277 on my system), many of which the user won’t even know he has installed? (I just found out I have an “Adobe Air Uninstaller” and two “Abobe Air Application Uninstaller”s, something called “Computer.app”, and 11 different Java 8 updates, for example)
And no, I don’t think such a dialog would be useful because users could delete applications they “don’t use” from there. The average user simply doesn’t know which applications he doesn’t use. I certainly don’t.
I think they could do a bit better, but I don’t think this problem has an easy answer. For example, they could exclude all Apple apps from these questions, but I suspect that would (rightfully) give us “Apple gives its own applications preferential treatment” complaints.
I disagree but only for one major reason: the entire reason this is coming up is because the OP is using an old version of Alfred that wasn't prepped for the new permission settings of Catalina even though there's a fully compatible version that's been released since. The vast majority of users will never, ever get something this obnoxious so it's not a bad on-boarding experience as much as it's a side effect of running old software.
I don't know the numbers, especially as companies have pushed hard to change upgrade habits. But unless they're forced by automatic upgrades, most people wait years to upgrade. Even if they are upgrading because they get new hardware, they run all those migration assistants and such to copy everything over.
I'm sure they do but, as in the case of Alfred, they're notified multiple times that there is a newer version and that their OS may not support all the features of the app and vice versa. You have to explicitly ignore the dialog boxes and install the new OS anyways to get the behavior being demonstrated in the OP.
Apple could have figured out a way to coalesce all the individual pop-ups into a single window. I'm sure they considered it and deemed it not worth the effort since this is a one-time pain... of course it's one-time pain shared by millions of users. :-(
You certainly could, however I guarantee a huge majority of users wouldn't read a lick of what they were agreeing to.
Individual popups don't completely solve this, but it makes more obvious that a specific application is requesting a large amount of permissions. They're a bit more digestible to the crowd that won't bother to read an alert longer than one line.
It shows it at the point of access request. If 2 programs request access 5 minutes apart, how would you show that in a single window?
Do you suspend the first program and wait until another application makes an access request? What happens if another doesn't make a request in a given time period? Will the user wonder why the first application has stopped doing anything useful for 5 minutes?
Honestly, how would you show this in a single window?
An individual window would have completely destroyed the point.
Hardly. Apple could have used the OSX installer to scan two or three common locations for applications and do a bit of static analysis. Apple could have put the permissions notifications in the notification center with an annoying nag screen every hour or two for the first ~30 days turning into an immediate prompt after that (or after all detected programs have been processed).
It’s not like an overwhelming majority of Mac OS users has configured their machine to auto start a vpn, a virtual machine server and all these fragile utilities.
I doubt any regular user is going to see anywhere near this amount of warnings.
I don’t think you read the post properly : all those popups appeared after an OS migration. I don’t see why upgrading the OS would need you to reauthorize apps, and even parts of the OS like icloud shouldn’t require you to relog (unless the security mechanism of icloud itself has been upgraded to a new system with no migration possible of the credentials).
I disagree. The solution to this situation where there are a bunch of dialogs popping all over the screen, asking for some permission, is not to throw up your hands and say "best we could do".
Agree that it is overall an improved experience. After upgrading, I discovered that a VPN app wanted access to my Documents folder. No reason it would need that, so I simply denied it. Lo and behold, the app continues to work just fine as expected. IMO, this alone is a big reason to upgrade to Catalina.
I wonder if maybe it just stores a settings file in there or something?
I've seen similar things with apps that request access to Dropbox or Google Drive just not being scoped granularly enough, so they just ask for access to your entire account to control a single file or folder. Which leads to a shitty situation, either you give up functionality like being able to declaratively override settings and sync them between machines, or you compromise your security and allow access. There's no way the PM for the product actually cares about granular permission scoping, so of course nobody actually implements in a safer way where you don't have to make this choice.
I haven't looked closely at the new MacOS permissions and how granular they can be, but I'm kind of curious how this will turn out. I suspect the average person will just get used to clicking allow on everything, so developers won't actually care about only asking for what they need, and not much will actually improve about security. But I hope to be proven wrong.
Apple provides APIs for saving app settings in the app's sandbox. They require no additional permissions.
You're probably right that it's not nefarious in this app's case, but rather just developer ignorance. But even so, this is the right path to nudge developers towards better security practices.
Also, the permissions are contextual. I didn't see this dialog until I launched the app. Similarly, the first time an app wants to show a notification, the system prompts you to allow / deny it. I'm sure Apple can polish this more over time. But I will take this over the "nearly full-system access by default" paradigms that dominate desktop OS's.
I've seen a number of apps that store settings or presets in Documents. Kind of the same ideas as dotfiles in your home directory, which seems pretty reasonable and I don't think there's one agreed right place for any of this.
A nice benefit of storing them in Documents is that it syncs to icloud automatically even on the free tier, so you can share it between all your computers.
Had the same concern, but the dialog tells you how to change it. Not only that, it'll take you directly to the correct location in system preferences, where all the apps & their permission status are listed.
So what you are saying is that you don't trust the application to access your Documents folder, but you trust it with creating a VPN tunnel to keep your network traffic safe?
uhmm....
To me, it seems that if the Documents permission dialogue in fact caught the app doing anything bad, it should remove all trust for the app and the developer. It's all or nothing, really.
No, what I'm saying is that a VPN application does not need access to my Documents folder, and if it tries to access it, then I'd like to know about it.
Nor do I entrust it with all my network traffic. As to whether it warrants completely removing the app or not, it's up to the user to decide, isn't it?
I expect applications to have access to my desktop. I do not need to be asked. It would be like asking permission to access my clipboard, or use my speakers, or read my keyboard.
If you bombard users with dialogues for every little thing, all you will do is train them to habitually click yes. Now you have lowered security, because users will ignore the more serious warnings too. And you've wasted everyone's time in the process.
This was exactly why UAC dialogues were largely a failure. And to think that UAC appears only once per app...
You expect applications to have access to your desktop?
You should only ever expect the user to have access to the desktop and, even then, the only apps that would ever prompt for access to the desktop are those that aren't updated for High Sierra and above. On the latest versions of macOS, the Desktop folder is shared by iCloud. This is definitely not an instance where security has been lowered nor is this the standard behavior of the new OS.
> You expect applications to have access to your desktop?
Yes! That's what applications do, they read and write files. Most other software is, more likely than not, either a game or a web page.
Does every app need to access my desktop specifically? No. But if we're trying to protect "normal users", I don't think most of them have the wherewithal to think through "what exact locations does and doesn't app X need to access?"
But they should only read and write files that you give it permission to. E.g, Word should only be reading and writing whatever files you open to edit, it shouldn't be able to access all the files in your Applications folder. If it needs temp files it can write those to it's designated section of the file system.
It should read and write whatever files it needs to without bothering me for every little thing. For instance, supposing they want to show you a welcome screen with all of your documents from your Documents folder (or anywhere else) - I don't want some asinine popup asking me for permission. Word is a well-known application. I installed it. I trust it and the corporation that wrote it. That's enough for me.
The alleged problem is not even solved by a permission dialog. I should answer OK to the fact that it needs to access all of my Documents, forever, and that's supposed to be more secure? Why not just ask me for permission to my whole drive so it can scan for documents everywhere? Apps will just start asking for more and more permissions like they do on iOS, which is annoying.
macOS is slowly but surely being turned into iOS. It's software for the lowest common denominator - the average idiot - which I'm not, at least when it comes to technology.
Thankfully, my workstations are all Linux but I still have to deal with both macOS and Windows on a daily basis. But at least on Windows, the permissions annoyances can be avoided by simply not using UWP apps from their app store. I hope there's a way to turn this off on macOS but knowing Apple I doubt there will be because clearly they're on a mission to wipe macOS off the table. Perhaps that would be a good thing though. More people will move to Linux.
For instance, supposing they want to show you a welcome screen with all of your documents from your Documents folder (or anywhere else) - I don't want some asinine popup asking me for permission. Word is a well-known application. I installed it. I trust it and the corporation that wrote it. That's enough for me.
But this is not how it works. Word from the App Store is sandboxed. If you open a document in Word, this is done using the native file opening dialog. This is a separate, privileged process. The file is symlinked into Word's sandbox as a result. This means that Word has access to that file from that point onwards. So, it can show a welcome screen with documents that you have previously opened (which is what applications typically do, very few applications will show all documents).
This is how things have worked ever since Apple required sandboxing for App Store apps. The problem is non-App Store apps that are not sandboxed. They have unfettered access to every file. I guess these extra permissions are to provide a certain level of protection against such apps, which is good.
Word is a well-known application. I installed it. I trust it and the corporation that wrote it.
There are many well-known incidents of trusted applications being compromised and backdoored. E.g.:
To make things worse, the hash was updated in Homebrew cask. So even if you used a package manager, you would have installed a compromised application. Trusting applications may have been ok in the age of shrink-wrapped software. But now that applications are distributed over the web, allowing unfettered access is insanity.
More people will move to Linux.
The Linux ecosystem is also moving towards immutable base systems (Fedora Silverblue, NixOS) and restricted, sandboxed applications (Flatpak). Sure, it will always be possible to install a 70ies UNIX-style distribution. But the world is moving to sandboxing and putting up more restrictions, because the computing world became more hostile.
macOS is slowly but surely being turned into iOS.
This is getting tired and old. People said the same thing ten years ago and yet here we are, macOS is still an OS for 'general purpose computing'. I think Apple is finding a nice balance between securing the average user through sandboxing and SIP, while keeping giving the knobs to disable protections to advanced users. I say this as someone who currently uses Linux 95% of the time, but I wish Linux was as far as macOS with application sandboxing and system integrity protection.
> People said the same thing ten years ago and yet here we are, macOS is still an OS for 'general purpose computing'.
Well, the "slow" part can be slower than ten years. It might just still not be there, but compared to how macOS was 10 years ago, it does have more iOS-like restrictions nowadays even if it isn't full-on iOS.
> An app-scoped bookmark provides your sandboxed app with persistent access to a user-specified file or folder.
But all of that isn't really relevant to what I was saying. You're bringing up technical details about how sandboxed apps work. I'm saying that sandboxes suck and I don't want them, particularly from Apple who will just use security as an excuse to take away more of my freedoms.
> I guess these extra permissions are to provide a certain level of protection against such apps, which is good.
I would rather not trade my freedom and liberty for even more annoying and absolutely useless security measures. You see the top comment on this thread now right? It's about how useless these dialogs are and how Apple has actually argued against them in the past.
> There are many well-known incidents of trusted applications being compromised and backdoored.
So? Don't update right away if your OS manufacturer can't be bothered to run a properly curated package management system that vets packages before anyone installs them.
> But now that applications are distributed over the web, allowing unfettered access is insanity.
I've been using desktop software for 30 years and for 25 of them, I've been downloading it from the Internet. My simple security measure are to verify sources, turn off automatic updates, don't update right away and read the news. Haven't had a problem yet.
> The Linux ecosystem is also moving towards immutable base systems (Fedora Silverblue, NixOS) and restricted, sandboxed applications (Flatpak).
Some Linux distributions are moving towards that. Anyway, I'm fine with immutable base systems. I'm even fine with sandboxed apps, as long as the permissions request infrastructure isn't annoying as it is in iOS and now macOS. And, as long as I can still install non-sandboxed apps without any further useless annoyance.
> This is getting tired and old.
No it's not. It's getting one tick closer with every release and if you want, we can certainly detail each time that macOS has changed to become more like an iPhone. Some part of you must realize that this is exactly what Apple would love to do as quickly as possible but they won't risk alienating users just yet. Do you really not see how Apple has been moving towards a less general purpose computer?
I mean, I wouldn't even call macOS "general purpose" to begin with because you can only really install it on Apple hardware. Right from the very start with Apple, their OS has always been more like "Apple purpose" - software that you can only use for Apples purposes.
> macOS is still an OS for 'general purpose computing'.
Yes, for now. Just a little bit less with each release.
> I wish Linux was as far as macOS with application sandboxing and system integrity protection.
No thanks. The world needs less security theater, more actual security and more freedom to use our own bodies and properties as we wish.
Sure, if applications are able to do things in the exact way Apple imagines. Unfortunately, the real world is almost always more messy—there's always at least one exception that isn't provided for by Apple's sandbox. Look at how many Mac apps offer both stripped-down Mac App Store releases and separate, more robust versions if you buy from their official websites.
I'm by no means against Sandboxing, by the way. I think it's great that if you want to buy and use sandboxed apps—and are willing to accept more limited functionality as an occasional consequence—the Mac App Store provides that option for you. However, there needs to also be an alternate path, by which I can say "this is an application I trust, please let it do its job."
There should, of course, be several different permission levels—Parallels needs its own kernel extension, most applications don't. Permission prompts are an important part of enforcing that. And that's precisely why prompts need to be use sparingly—if you bombard the user with too many of messages, they'll ignore all of them.
Applications do not need permission. The user that is currently controlling the application needs to be able to use that application to read and write files but there's no reason that the application needs access when it's not in focus and, with the sandbox model in Catalina, applications have the ability to ask for explicit read/write permissions without prompting the user if they've already given access to install it.
The biggest protection here is that the folder is shared via iCloud in most instances. Asking for explicit permission is really the only way to do that safely.
The typical desktop for most user is a dumping ground for whatever it is they are currently working on. Or in some cases more or less anything they've been working on for the past years. A dumping ground full of potentially sensitive documents, work-in-progress files that are not supposed to leak beyond the computer, etc.
Do you really think any application on your computer should be allowed to read and write them because "that's what applications do"? 90% of the 'applications' on my computer I didn't even install myself, like uninstallers, updaters, helper applications, background services, whatever. These have no business looking at files in my Desktop folder. And particularly not if its on iCloud and shared with other devices like my phone.
Applications can write files perfectly fine without the ‘can access the desktop’ permission. When you tell the application to open a file using the system dialogs, the system automatically grants the application access to read and write the file.
The permission is needed only when the application wants to go around the normal way of opening files.
> I expect applications to have access to my desktop. I do not need to be asked. It would be like asking permission to access my clipboard, or use my speakers, or read my keyboard.
I would like to know if an application:
- Is scanning the contents of my documents or desktop outside of files I specifically selected or it previously created
- Is monitoring data going on the clipboard
- Wants permission to make alert sounds or play other audio even if my sound is silenced/muted
- Wants to listen to my microphone
- Wants to monitor sound being output by other applications, such as VOIP
- Is monitoring for keystrokes even when it is not in the foreground.
> If you bombard users with dialogues for every little thing, all you will do is train them to habitually click yes. Now you have lowered security, because users will ignore the more serious warnings too. And you've wasted everyone's time in the process.
If the new permissions were about security, they would all be denied and applications would have to figure out how to cope. They are about user privacy.
> If the new permissions were about security, they would all be denied and applications would have to figure out how to cope. They are about user privacy.
As I see it, those are the same things within this context. The effect is the same. Users are just going to click yes. They aren't going to think through "what other files are on my desktop right now?"
This is precisely why I chose those examples. My keystrokes contain sensitive information—the ability to read them comes with enormous potential for misuse. However, if my keystrokes can't be read, my keyboard isn't useful for much.
At some point, the only way to be truly secure is to switch off the computer—that's why voting should be done on paper ballots! Once a computer is switched on and connected, everything is a tradeoff between usability and security. Personally, I have work to get done.
At what point is Apple the only one able to make useful software? And by the way, while Apple is pretty good at user privacy, they are by no means at the top of my list, particularly after the whole Siri debacle.
The "privacy" dialog popups are just marketing. Sure, there may have been an issue with a few bad apps, but Apple found a way to continuously remind you that they are the only ones that 'care about your privacy'TM. Meanwhile, they still happily take Google's money to make it the default search engine in Safari.
I don't know about this somehow being proof that "Apple doesn't care about the Mac" or something, but I remember distinctly when Apple themselves, and the fanboys, were ragging on Microsoft for UAC (which really only asks you to confirm occasional administrative operations).
As for the general quality of Catalina, there seems to be a deluge of amateur-hour flaws that affect real workflows for real users.
Not being asked to grant all permissions that an application wants up front (before you even get a chance to use the app) has a positive impact on the user experience.
If the application asks for permission to access my contacts only after I select an option to share information with others, for instance, I can feel more confident about granting that permission.
Asking for all permissions up front is the permissions model that Google just abandoned.
Instead of the OS displaying an annoying prompt when the application tries to use a privilege, the application embeds an OS-drawn access control gadget inside its UI, such that the user interacting with the UI grants the privilege.
macOS does something similar already for file open/save dialogs: they’re drawn by a trusted OS component instead of directly by the app, and the user’s act of selecting a file grants the app permission to access that file without an additional dialog.
Actually not far from how it works on macOS. Usage of a system "open file" dialog automatically creates a permission for the application to access that file from inside its container.
Why? Sometimes pointing out a flaw, even if you don't necessarily have an answer can open the channel for someone else to contribute something that may help you.
Very sad to agree with this entire post. I hate to essentialize it to an already checked and problematic mythology of Jobs-Ives, but it seems like all of the air left the sails after Jobs passed. The OS versions are getting unreservedly worse, likewise with the hardware -- it's active regression rather than stagnation.
When it comes to having a quality laptop and OS to get work done, I would at least be happy with stagnation if the stagnation point occurred around the era of the best MBPs -- late model MBPr 15s, ~2012 to 2015-2016. I'm typing this one one right now. It's a little long in the tooth, but I'm horrified to update to a newer one and have to get the whole bottom panel replaced, yet again.
I'm hoping to defer this decision by a year or two, but I'm sure I'll have to bite the bullet eventually, and every year, I hope that it's not going to be worse, so that it'll at least be good enough. Sadly, it looks like that hope may yet be naive.
Why do you think the hardware and software versions are getting worse? My late 2017 15 inch rMBP is a lot better than my 2011 MBP. I also like the recent releases of MacOS. Dark mode, stacks on desktop, seeing Meta data in preview, and the new screenshot tool are a few Mojave features I like.
Memory compression in Mavericks was also something I feel is great. Although I never dealt with it directly as a programmer, only a user.
On the hardware side: keyboard, touchbar, touchpad to keyboard ratio.
On the software side: slowness but more importantly a general decrease of opinionated cohesion, and an increase in odd UX decisions. Facetime calls to my iPhone trigger alerts on all of my devices, even if I'd prefer it to just be my phone (I rarely use Facetime on my machine). Beyond that, there are too many useless popups that interrupt me in what I'm doing that I have to X out of that I end up with a screen that looks like the topic post -- hence the pejorative "10.15 Vista" which is how a lot of folks about Windows Vista when it was released after the relatively sleek and polished UX of Windows 2000 and XP.
2017 may be significantly better that 2011, but it's NOT significantly better than the early 2015 Retina's.
The problem Apple has is that the early-2015 Macbook Pro Retina's really hit the balance point with the physical form factor. Enough heft to feel solid without too much weight. Enough battery life to do real work. A solid set of ports: HDMI. Magsafe. USB 3.0 ports. A keyboard that doesn't break due to random micron-sized dust particles.
So, a LOT of people want a 2015 Macbook Pro but with ONLY the tweaks to bring it forward to 2019 technically (memory, CPU, display, change to the two Thunderbolt 2 connectors to USB-C Thunderbolt 3) while leaving it in 2015 physically.
What really irks me is the touchbar. It's never going away, not because people like it, but because so many would lose face if they admitted it was a bad idea.
I don't understand why people feel this way. Apple's doing away with 3D Touch because of the data that says that people don't use it. What makes you think they wouldn't do the same with the Touch Bar?
Despite that, I love the Touch Bar. I do tons of video and audio editing and it's super-convenient for me. It seems like HN just has a higher noise ratio against the TB because it's mostly programmers and a high percentage of them are tied to a physical escape key. As a front-end dev myself who uses VS Code, I feel like that audience is just going to keep shrinking while the percent of people that will find benefits to the TB will probably grow.
MacRumors has been hinting that the touchbar is being phased out, but we’ll see. If you’re one of the people that actually gets value out of the touchbar, that’s great.
Forcing it on all 15 in. MBPs and maxed-out 13 in. models was the biggest FU to Mac users and an insanely user-hostile decision. But they’ve been really good at pulling those lately, so I’m not getting my hopes up.
What irks me is that it's an added cost for not much functionality for like 90% of people on top of an already expensive laptop with other compromises (namely base storage and memory). If it was just an option, you wouldn't hear all this bitching on the internet.
Yeah, this was basically my experience. Not a good first impression, but I’m assuming I won’t be asked this stuff again for the same apps. So, oh well.
This is kind of the same as the first time you enable Little Snitch. IMO it’s good to reveal that you’re running dozens of applications with basically full access to all your files.
I’d rather give additive permissions to applications, since I’ve seen evidence time and again that security is one of the lowest priorities for most development shops.
It’s annoying the first time after upgrading (I haven’t done it yet), but it is infrequent after that.
Except for the Safari 13 download authorization prompt for every domain. That is a little more annoying to me.
LS is probably my favorite app after iTerm2. The hardest part is definitely the first few months of CONSTANT dialogues. So worth it though.
Maybe it’s just me, but I feel a certain sense of comfort in seeing explicit privacy dialogues that make sense, coupled with a deep feeling of control when I press that “Deny” button.
Using Little Snitch is an explicit choice. It would be weird of Apple to assume that users want to see all those messages and peek into the clockwork at the first occasion.
Yes, but that took nearly 2 years (1.5 if you're only counting from individual public sales) and the launch was terrible. I'm glad that Vista happened because it very much needed to but they really shit the bed on its release.
At least for me, there's really no good reason to upgrade to Catalina. Most of the new "features" are things that I can't or won't use (e.g. desktop Siri). However Catalina causes a lot of problems with things that I do care about (32 bit apps, hardware drivers)
I won't pretend you have the same interests as me but one of the reasons I personally look(ed) forward to Catalina was the ability to essentially "run iOS apps" (recompiled for macOS).
I can't wait to get rid of some of my Electron apps in favor of proper native ones. That feature alone would be worth the upgrade in my opinion.
But that's not to say I agree with how they've implemented the permissions dialogs. As a developer who had to deal with them I found several glaring bugs in Mojave, not to mention a sub-par UX. I'm sad if they haven't improved on that.
Developers can use Catalyst to build their iPad/iOS apps for Mac. New thing with the new OS version. And sort of a path forward towards the idea of Swift UI and one UItoolkit to rule them all I guess.
The day before Catalina was released, I found myself looking for the Podcasts app on macOS. I've become a big fan of it on iOS and couldn't remember if it was one those early iOS-to-macOS apps, like News. It wasn't. Bummer.
Upgraded to Catalina without a second thought after seeing that Podcasts was included.
It's tiny, but it's things like that that make this feature cool. Just a little less friction between the platforms.
You know, this is a pretty apt analogy. Vista (apparently) was considered terrible primarily because it ripped off the band-aid and made a bunch of inconvenient but important-for-security-in-the-long-term changes. [0]
Well, that, plus the fact that it was resource-heavy. This was compounded by the fact that a lot of hardware was sold as being 'Vista-ready' while in reality being incapable of running the overly-fancy graphics-heavy 'glass' shell. It also had a number of performance problems (e.g. slow file copy) which only got sorted out in Windows 7. Oh, let's not forget the fact that Vista was supposed to be Longhorn, the OS of the future with a database file system and all sorts of fancy stuff which was either dropped due to performance problems or never left the lab in the first place.
> Oh, let's not forget the fact that Vista was supposed to be Longhorn, the OS of the future with a database file system
This sounded interesting when I first heard about it, long before Vista came out. Now when I see it I wonder what they were trying to do. A file system is a database, with a well understood user API. So what were they going to add? Tagging? Application level views of the system? None of t hat seems like something that would require anything more than an extension that handled additional metadata.
Lots of file systems at the time were hierarchical databases, but the file-system Microsoft was working on was to be more a hybrid with the ability to find files based on specific criteria right away, rather than having a search process walk the tree looking for something.
The point of a database is probably to index via arbitrary columns, allowing for fast lookups and filters of files. The current model is to find something you more or less have to walk the directory tree.
A file system is a database, with a well understood user API.
Yes, a terrible API which works poorly for most home use cases.
You probably have music on your computer. In your hierarchical filesystem, do you organize it by Genre/Artist/Album or Artist/Album? Do music videos live in the same Artist directory or in a separate "video" folder?
Chances are you don't know/care because you're using an app like iTunes that builds a custom database on top of the filesystem. And something like Photos that reinvents a totally different custom database. And more database reinventions for email, ebooks, games, karaoke files, voice memos, calendar appointments, etc... all proprietary file formats without published APIs.
Data doesn't want to be organized in a single static hierarchy.
"Data doesn't want to be organized in a single static hierarchy."
Data has no feelings.
In the case of file system, it makes perfect sense to be stored in a single static hierarchy because that perfectly reflects the concept of a paper file in a filing cabinet, in a little binder.
Even a relational database system that lets you query tables for data based on set ordering has a single method of storing the data on disk - that's a clustered index. You can't get away from having that, despite being able to support additional nonclustered indexes. In that case, the table and its rows really is organised in a static hierarchy too.
As it stands, NTFS has plenty of features that lets you attach a secondary data stream to a file anyway, and all manner of metadata. The Windows Internals book on NTFS is very informative on this.
These features don't exist on APFS though, as it's not as good despite being brand new, it seems!
I take it you missed the part where I said " None of t hat seems like something that would require anything more than an extension that handled additional metadata"? I'm not saying don't add additional data that can be fast indexed and trackable, I'm just not sure why it requires a rewrite from the ground up and isn't additional data that is tracked tacked onto the file metadata. I mean, what is that not going to be able to support that just the new metadata would? The difference is whether you also have a hierarchical location stored or not.
The only thing that comes to mind is ACL tracking and it getting a bit complex from different access types, but I can think of a few options to work with that already.
So you want to take existing filesystem technology, and build additional indexing and query capabilities so that it can handle nonhierarchical data? Sounds like a great idea. Let's call it "Longhorn".
I think you mean WinFS. Longhorn is a whole release codename, which encompassed many new features.
Given that a beta WinFS eventually was made available as a separate download years after even it's beta was slated to be released[1], I suspect they did what I outlined above - eventually. Otherwise, I'm not sure why a bolt on component to the system would require so long and miss deadlines like it did.
I remember friends bitching about Vista's UAC prompts but I never really had an issue with it. I suspect that was because their main experience was with Windows XP, which pretty much did everything with admin rights.
Disagree wholeheartedly. It definitely has "hints" of Vista band-aid rips in the same way that shit like La Croix has "hints" of flavor but Vista was one of the worst OS releases I ever had the pleasure of being part of, only behind Windows ME. It took Vista a really long time to be a stable, fully-usable OS and, while I'm glad for the steps they took with it, their execution was terrible.
On top of that, this is completely due to the user.
Because, in this particular case, the user was using software (Alfred 3) that he knew wasn't going to work right on Catalina prior to upgrading it. Newer versions of Alfred exist that support the newer permissions model in Catalina. He knew that version wasn't fully compatible with Catalina and chose to install it anyways. A normal user isn't going to get that.
Uh, okay. Now explain all the other software requesting permissions:
- Acorn
- HazelHelper
- Plex Media Server
- Keyboard Maestro
- Parallels Access
- Bartender 3
- Arq Agent
- Nextcloud
- Tweetbot
- 1Password
- Spark
- Drafts
- OmniFocus
- Dash
- Bear
- iCloud
If you have dozens of apps asking for permission, then you need to have a better system of displaying those requests than one off popups/notifications.
This is not on the user. Don't victim blame. This is what any other person upgrading would see, maybe not to the same extent but I'm not sure it'd be that far off.
Except that's not true at all unless every single one of these is an old version of the software that hasn't been updated since High Sierra. Any app that was developed using the sandboxing paradigm from High Sierra (and nearly every app in that list has been updated to support this) would not need to ask for all those permissions.
This would not be common for the vast majority of users and it's only caused by someone explicitly ignoring warnings and notices. It may be a little more common for power users but the average user may get 1 or 2 of those prompts and nothing more. The OP is only in the situation they're in because they either upgraded the OS without updating the individual apps or they purposely ignored a prior prompt to give access.
Did you actually look at the article you're replying to?
I literally took the screenshot that was posted and enumerated every application asking for permissions. If it happened to them, it'll happen to many, many users. Especially if those apps are updating outside of MAS.
Only every outdated application asking for permissions. The author of that post already explained why he was getting so many of those prompts. He admitted that it probably wasn't reflective of what the typical install will look like specifically because he was purposely using older versions of software.
I think I was the only person I know who actually liked Vista, mainly because of these. I was on the fence about installing Catalina but this blog post paradoxically convinced me to do so.
I’m surprised they didn’t ask for a password too, after clicking OK on each dialog. I’m not surprised at the UX though, Apple has always done a pretty terrible job of that for power users.
The problem with "power users" is fairly simple: defining what a power user is, isn't trivial, and different people have different ideas as to what is good. Then you have being a "power user" does not mean "I want any app on my system to be able to do anything".
As for not asking for their password: This actually makes a lot of sense. Users already hit "ok" fairly quickly (I assume the inclusion of the readable name + icon in the dialog is to make noticing what is being asked more immediately obvious). Requiring a password would have the effect of making every new app ask for a password, so you are training a user to (effectively) grant root access for any software they install.
Compare the outcome: user auto clicks "give this app access to your contacts", app can access and/or encrypt the user's contacts. User auto-enters their account password: app can access and/or encrypt everything.
Note that even power users run into malware - they're not magically immune - and if you download "vscode" and it asks for access to your contacts, email, etc you might go "huh" and re-examine it.
This isn't ideal, but it also looks to be because there's a ton of power user stuff installed, which is going to require lots of permissions. And you really do need to ask the user individually.
The biggest annoyance I've had here is that it makes some apps just plain not work if they're using something symlinked from ~/Library to ~/Documents (for Mackup or other syncing solutions), though some work fine, so it may just be exposing apps that are doing something weird with file access in the first place.
Since I was quite young I'd play pranks using a computer. I switched the Mac Classic bootup picture with a bomb, causing my father to freak out. I gave my grandparents a free cupholder out of their cd rom drive they used for years. A decade later they were still thanking me for the upgrade.
I then once pulled up winrg.swf and fullscreened it. I told my grandmother I had upgraded her computer for her. She took a look at it for about 15 seconds then started crying.
Since then I've been a bit more cautious. Windows Really Good edition is still pretty great though.
It's crazy to me that when Microsoft does this kind of thing (via Vista), it's considered terrible but when Apple does it, the thread fills with people saying it's the best way forward.
I just wanna tell you guys a wonderful feature for 10.15 - I use `OmniDiskSweeper` to moving a hidden file to the Trash than I can't either empty or access the Trash with Terminal. Yes, this hidden file lay in my Trash as a zombie. I like zombie stuff including zombie gaming zombie film and now I got a zombie OS, it's cooooool.
Fine grained privacy control is not the same as being notified 14 times about the same thing by Windows, even though you said you didn't want notifications already.
I recently tried again at setting up Ubuntu on my 2013 Macbook, after multiple attempts over the years that didn't pan out due to Wifi issues, battery life, graphics drivers, touchpad etc.
As of 2019, it's flippin' fantastic. Most issues above are gone and Docker development experience in particular is vastly improved over Docker for Mac.
With the direction Apple is going, I don't see a road back soon.
Disclaimer - everyone's mileage varies, just sharing my odometer.
Huh, that's quite the contrary to my Mac Mini 2012 experience. My Raspberry Pi wasn't here yet and I wanted a web server.
Yea, Wifi didn't immediately work, but with some Googling you figure out how to find the right driver and use modprobe (or whatever it was) to load it in.
Though, I do have my fair share of Ubuntu install horror stories, so I guess I'm simply lucky when it comes to Mac and Ubuntu.
This isn’t a “step forward in user privacy” or whatever the others here are saying. It’s a mess and very poorly executed UX.
Users will tend to feel overwhelmed and just click through modals when they are presented in this way. Displaying stacks of modals is an anti-pattern.
The right thing to do would have been to create a migration UX that allows quick review and audit of application permissions, presented in a table, sorted by applications that are requesting the most permissions. With a clear explanation of what’s happening and why a review is now needed. That would be a step forward in user privacy and informed consent.
Anyone defending such an abomination of UX should have their software designing license revoked.
But that's a one time thing. When you're doing an OS upgrade, I guess you're expecting some extra work. Your also have to reinstall xcode, update other apps etc.
For one, it needs to install the SDK's for the new deployment target you just installed (be it macOS or iOS), and update the toolchain so it can build for it.
It's mildly annoying, but the alternative would be to let you continue using the old version pegged to an older deployment target, and let you figure out all the incompatibilities at once when you decide you want release your app to the app store. IMO this would be much more annoying than just getting a coffee once while you wait for the upgrade.
For example, Xcode 11, which has 10.15 SDK target, can be installed on Mojave. This has been the case for years, the new Xcode can run on the n-1 OS release. So why reinstall it, after the system is updated?
Another alternative would be to upgrade xcode as part of the OS upgrade so all of my apps continue to work without me having to figure out this extra undocumented step. I'm not even using xcode. I just need the latest command-line tools for everything else to work.
That's why I never upgrade a system. I'm always reinstalling it from scratch. First: I'm going happy path and not encountering any migration issues, which might be buried deep below. Second: I'm getting rid of unused apps and files. Third: I'm testing my backups and ensuring that things are good. Fourth: I just love to see pristine clean system.
FWIW, every program looks like one that usually is set to start at startup; the intent is to have the dialogue only show up when you start an app for the first time. Since so many background apps were running at startup they all slowly needed to ask for their permissions.
> create a migration UX
Might not be possible if the previous MacOS isn't full-on tracking what folders a program is accessing, and it still would likely encourage allowing all permissions if the user has more than 30 different programs accessing enough folders.
If you were ok running your previous apps you should also be ok with gathering usage data for a week before the OS attempts to do a hard cut-over to a more secure model.
It seems like this would be very difficult to implement securely. You basically would have to preserve the old, unsafe mode and hope that nobody circumvents whatever restrictions you put in place to make sure that it only applies to the pre-migration apps .
If all of 10.14 were tracking it there probably wouldn't be much issue, but i'll bet the average MacOS user doesn't have more than 5 startups apps that would show this dialogue; that combined with this happening exactly once during the upgrade process means it's not a big priority for Apple to address.
Have a migration tool window with table where all requests are appended instead of popup being displayed. Blink that tool anytime a new requests comes in, have explanations on migration tool window. Apps who ask for permission will be hanging in background until you approve/deny permissions from migration tool. You can do migrations on your time when you need particular app, and not be forced to choose permissions for all apps at once.
Areas that come to mind that are legal-liability driven would be things like health-care, aircraft flight control systems, etc. In those industries, they do have strict software regulations already.
Maybe we have different understandings of how that UI would work, but I imagine it to be totally possible:
Take all the windows/notifications from OP's screenshot, map each of them to a row in a table, group by application. Show all this info in 1 modal, call it Migration Assistant.
The notification is thrown at the point of need. Some will appear when the application is first started, but some will only appear if the app is directed to a specific state by the user.
Still you can direct user to one list of apps/permissions each time those needs to be tuned, where user can review all permissions associated with particular app and decide whether to turn them on or off. How can you do that with endless dialogs and how can you review what you've allowed later, after dialog disappeared ...
You can review later by going to System Preferences / Security & Privacy / Privacy, then looking at the various permissions to see what apps have been allowed.
If there are all new permissions, then it should be technically possible to create a list of ALL those new permissions and present that list to the user with apps requiring those permissions. What is so "not technically possible" there ... ? Actually in iOS you have list of apps with permissions in settings. At least something like that would be better then endless popups, which should be prohibited completely in _any_ interface, if you ask me. I am making effort to avoid any jumping dialogs in my apps,but now OS itself does it for me ... sad
It's a huge step forward, because some of the bad actors that have ruined mobile by abusing every possible API to read whatever they can get their hands on are also developing for the desktop.
The article is a pathological example anyway, because I got zero prompts even on my work machine.
And Vista was a good step forward also back then, but people can't be bothered to take care of their data.
This is why security work is such a slog, you're dealing with motivated, well funded attackers that only need to succeed once, while the people controlling the key to the castle are mostly nincompoops.
Any chance you work in corporate IT security? Sounds about right. Treat your users like dummies, maybe shove a dozen “security” dialogs in their faces, and have no qualms about disrupting their workflows or providing crappy experiences.
But what experience would you recommend here instead? If 2 programs that require access start 5 minutes apart, do you stop/suspend the first one until another program starts and then show a dialog listing both for a good "experience"? What happens if another doesn't start for a while? Do you show the dialog after a certain time period? How can it see into the future and know what other program you are going to run in order to show the items in a nice neat single-window list?
Or do you show multiple dialog prompts (like in the screenshot) because there is no way of knowing what disparate applications will access at any given time?
My experience of corporate IT (having been a subject of someone else's policies) was to have my machine locked down to the maximum because someone somewhere once ran a random EXE they'd been emailed or downloaded and it contained ransomware and encrypted everything it could access (network servers too). As irritating as it was, what would you do to stop that happening again? It was a developer that ran that...
This includes "professional" users who saw Edge or IE as "the Internet" and would get "IT" to add an ODBC entry for a database server, despite having worked there for 10 years. Most of my colleagues didn't know the difference between a database server and a terminal server. And this included management.
The article is asking the wrong question. He’s asking “Why is Apple doing this to me?” when Apple is just the messenger. He should be asking “Why on earth are all these little 3rd party utilities running at startup and asking for all of this access?”
Personally, if I encountered this mess, I’d be shamed, inspired to meditate a bit on my own personal computing hygiene.
I'm astounded with some of the user security dialogs that Macs display. I got one today: "VSCode wants to make some changes. Deny or Allow." That was the exact wording.
Seriously? THIS. BENEFITS. NO. ONE.
The only thing I can figure is that, somehow, Mac has required applications to display something to the user to get their permission to make some substantial system-level changes. But the application is, I guess?, allowed to fill in the message dialog. I can't believe that wording came from Apple; I assume it was Microsoft, who I do trust as much as anyone, so I'll approve it, but this leaves a lingering question:
Either Apple actually did write that, or they allow applications published by "whoever" to fill in "whatever" messaging they want to get the user to click Yes. It's absolutely unacceptable behavior.
I'd say I'm done with Apple, but there isn't a personal computing platform who gets this right. Every Apple employee reading this article should be ashamed. Every Microsoft employee should be ashamed. Everyone just Needs To Do Better.
What is Better? I don't know, off-hand. It's not easy, but I'd imagine why that's why these companies are paid billions of dollars. For starters: If I install around your centralized certificate signing authority to install something, I Trust That Application. It doesn't need to alert me every time it makes a change. And if I install it through your store, then I also trust it, because you trust it. So why do I get so many damn "Approve This Change" notifications? I should get ZERO after the install.
I get that most users aren't as savvy as me, but that's why you're making it so hard to bypass that central certificate signing authority, and I'm fine with that. It's the lingering notifications that make zero sense. Fix your shit, Apple, because I haven't encountered anyone that's ecstatic with anything you've released in the past 18 months.
I think the poster above is arguing that dialogs like "this app needs permissions, deny or allow" are effectively giving root-level system access for all intents and purposes, for almost all users -- exactly because users have no basis on which to make that decision and saying "deny" probably prevents the app from doing what it was the user wanted it to do.
So users almost always click "allow". What's the point of the dialog then?
Really, the dialog should be explicit about what's needed and why it's needed and what click "allow" does (i.e., always allow this action, for this purpose? Or always allow any root-level action from this app? Or something else?)
Only then will users actually be able to make a decision beyond "do I trust Microsoft and do I want to do this thing I just asked Word to do?"
I always err on the side of "deny" and trying to fix it afterwards, particularly on Android. Typically well-written apps will alert you that you are about to receive a system prompt and explain the reasons why.
My favorite are the dialogs whose only options are "Do the thing we want" or "Learn more about the thing we want" with no option to dismiss. Slightly less terrible are the daily dialogs that give the options "Do the thing we want" or "Bug me tomorrow". More and more, Apple devs seem to have contempt for the idea that the user should be in control.
They haven't quite descended to Microsoft levels of "We're restarting your computer now kthxbye", but it's a grim, user hostile path they're on, at least with notifications.
Just as I've read this comment, I got a 60 second restart countdown notification for untold software updates. Like what if I got up to do something found all my shit locked up behind an update that to date cannot report an accurate timeframe (why bother reporting one at all if they haven't been right since my first mac with tiger). I'm not even on catalina yet, so maybe that's it.
I don't know what's with microsoft and apple. When I'm in the middle of using my computer is not the time to close everything and lock the machine down for 30+ minutes for an update. I'm going to say no every single time.
Haha I guess that was bound to happen, given the number of HNers. I don't remember the last time I saw that one, though, whereas my Windows box is always trying to restart itself (despite frequently succeeding). I'm currently beating back iCloud notifications.
Man, I miss Snow Leopard. I think that was peak OS X for me.
Miss Snow Leopard too, last sane release ... everything was in a much better balance and care. I keep it in one machine as reference point to make sure I am writing good apps.
You can't just Give Up and live a life without any Trust. That's like experiencing a bad breakup then deciding that you never want to be in a relationship again, because being vulnerable is too uncomfortable.
Computing is strikingly similar. You're vulnerable when you use any service where any level of personal information or even code execution is passed to a third party. You're vulnerable even when you buy a VM from DigitalOcean, or when you edit a document on Google Drive, or when you install some binary from a company. But that's alright; to be vulnerable is to be human, and there are tons of very tangible benefits to allowing yourself to be vulnerable.
There are alternatives. You can live like RMS and be so scared of vulnerability that you lock yourself in a self-imposed computing exile. I don't trust the code; I need to see it. I don't trust the authors; I need to be able to make changes. I don't trust my contributors; they need to open-source what they make. I don't trust service providers; I need to host my own servers. That's a very sad outlook on life.
Facebook fucked up. In fact, they've fucked up so much that they aren't deserving of my trust anymore. Everyone is allowed to have different opinions about who they trust, but Apple, Google, Microsoft, and many other companies have not fucked up to the same degree, and are still deserving of my trust. I don't love Google especially, and tend to think that they're headed down the same path, but they still do a lot right. Maybe I'll be burned someday. But that's alright.
I've lost faith in Apple leadership. After 10 years of being a diehard, I recently jumped ship. Got myself a System 76 Oryx Pro and an Pixel 3a phone. Still working out the kinks but so far so good. The apple tax was only worth it when was the clearly superior choice. It ain't anymore.
I’m at the same position now. If macOS converges to Windows then Windows is a better alternative, the reason I started with Apple was that Windows was a mess, now Linux feels like the most sane alternative for power-users
I for one am super happy for these permission dialogs. They help me know which apps are doing what and tell them, no, you can't do that!
Going from the old model, a native app can do almost anything to the new model, a native app has to ask permission means that yes, there is a one time issue of having to give all apps the permissions you want them to have. That happens just once though on this transition. Normally it would happen once or twice a month as you install new apps.
I'm all for them as well. Forced me to reconsider some of the apps I have installed having not previously known what they were doing. Example, bartender needs screen recording. While Im sure it's 100% safe, I still don't trust giving an app that permission if its going to be running all the time. Just seems like an unnecessary attack vector.
Seeing some people say 'if you were fine with it before...' - well that's the thing, I wouldn't have been fine with it before if I had known.
321 comments
[ 2.0 ms ] story [ 382 ms ] threadI get Apple wants to make people feel their in control of their privacy, but literally every app I use for work prompts me for every permission imaginable.
“Oh the command you’re running in Terminal, it wants permissions to your Downloads folder, is that ok?” ::click yes:: “Guess what? That same command you’re running in Terminal now wants to access you Library folder. Is That cool?” ::click yes:: “hey it’s me again, that Terminal command. It now wants to access your Documents folder. Is that cool?”
I’m a Sys admin prepping all the hoops to make my clients avoid this fiasco. It’s somewhat documented what we should expect, but it’s a lot of prep work and real world testing we need to go through to ensure our users don’t ask, “why am I always being prompted with these pop up questions?”
Also, TV, Podcasts, and FindMy are being disabled in Catalina. Disabling FindMy and logging everyone out of iCloud turns off the risk of the new Tile like features Apple is about to release on the world. I don’t want my users turning their work machines turn into Bluetooth beacons for Apple.
i would guess this has the side-effect of making devs think hard about what really needs access or not, and tightening up where data is stored (say in the app container, not copying files willy nilly over the hd, using entitlements etc)
> Oh the command you’re running in Terminal, it wants permissions to your Downloads folder, is that ok?” ::click yes:: “Guess what? That same command you’re running in Terminal now wants to access you Library folder. Is That cool?” ::click yes:: “hey it’s me again, that Terminal command. It now wants to access your Documents folder. Is that cool?”
yes, that is annoying, but i’m pretty sure that only happens the first time it tries to access those folders... is that correct?
personally, i think that’s good that it checks those, because some scripts can do damage to your data (say. by accident), and you might want to know if it’s trying to say, read your keychain or not
I haven't updated to Catalina, but some recent macOS (Mojave?) I didn't get those prompts in Terminal until I ran `find .` So I think you're right.
For Cocoa apps this mostly shouldn't happen ("power boxes" that do file open/close dialogs, etc)
Is it really that bad? I get that you always have to consider privacy concerns, but Apple has been pretty good at user privacy compared to, say, Google. And there’s already been a real world case of Apple’s new Bluetooth tracking helping someone find their phone before the stable version of iOS 13 was even released.
The idea that Apple doesn't care about the Mac because it's trying to explicitly improve our privacy and security is … weird.
Apple has moved privacy to the forefront for a much longer time. Apple was the first to roll out end-to-end encryption of messages to hundreds of millions of people (iMessage 2011), the first to roll out end-to-end encrypted (video) calls to hundreds of millions of people (Facetime, 2010). They introduced the secure enclave, which was quickly used throughout the OS with iPhone 5s in 2013.
Whatever reasons they have (and despite their failings), they have been pushing privacy for almost 10 years now.
You could say this is fine but it does demonstrate that something bad probably happened because we’re they presented the immediate option for existing apps they would have made a different choice.
Right now I have iOS 13 and it’s been great to see how many apps want but 1000% have no need for Bluetooth access — it’s nice to not have to comb through settings and revoke them manually.
Similarly, for the apps requesting access to various things, if I were Apple, I'd wait a bit and then present the user a list with the apps requesting access, explaining why it's happening, etc.
So two simple screens with clear explanations and helpful advice, versus a million baffling popups.
If they didn't, people would complain that they had to click all these checkboxes, and then missed one.
Or the window wouldn't have room for applications to explain why they needed that access.
Or they would, and users would maybe read the first one, but skip others.
There is no "better experience" which doesn't sacrifice the point of the prompts.
All 150+ apps (I don’t know how many are installed by default, but I have 277 on my system), many of which the user won’t even know he has installed? (I just found out I have an “Adobe Air Uninstaller” and two “Abobe Air Application Uninstaller”s, something called “Computer.app”, and 11 different Java 8 updates, for example)
And no, I don’t think such a dialog would be useful because users could delete applications they “don’t use” from there. The average user simply doesn’t know which applications he doesn’t use. I certainly don’t.
I think they could do a bit better, but I don’t think this problem has an easy answer. For example, they could exclude all Apple apps from these questions, but I suspect that would (rightfully) give us “Apple gives its own applications preferential treatment” complaints.
This Mac notion of "if your software/hardware wasn't purchased this week, it's unsupported" is not a good look.
The point was to make you aware of what permissions the applications you use require access to.
And to get explicit permission from the user.
Individual popups don't completely solve this, but it makes more obvious that a specific application is requesting a large amount of permissions. They're a bit more digestible to the crowd that won't bother to read an alert longer than one line.
It shows it at the point of access request. If 2 programs request access 5 minutes apart, how would you show that in a single window?
Do you suspend the first program and wait until another application makes an access request? What happens if another doesn't make a request in a given time period? Will the user wonder why the first application has stopped doing anything useful for 5 minutes?
Honestly, how would you show this in a single window?
Hardly. Apple could have used the OSX installer to scan two or three common locations for applications and do a bit of static analysis. Apple could have put the permissions notifications in the notification center with an annoying nag screen every hour or two for the first ~30 days turning into an immediate prompt after that (or after all detected programs have been processed).
Indeed, almost as bad as popping up countless dialogs per application.
So what's the point then? To inflict more pain?
It will just know that the program will open a file of some kind, not the location of said file.
I doubt any regular user is going to see anywhere near this amount of warnings.
Users were already "owned" before Catalina, so waiting 5 minutes to avoid spamming 100 popups isn't a major risk.
I've seen similar things with apps that request access to Dropbox or Google Drive just not being scoped granularly enough, so they just ask for access to your entire account to control a single file or folder. Which leads to a shitty situation, either you give up functionality like being able to declaratively override settings and sync them between machines, or you compromise your security and allow access. There's no way the PM for the product actually cares about granular permission scoping, so of course nobody actually implements in a safer way where you don't have to make this choice.
I haven't looked closely at the new MacOS permissions and how granular they can be, but I'm kind of curious how this will turn out. I suspect the average person will just get used to clicking allow on everything, so developers won't actually care about only asking for what they need, and not much will actually improve about security. But I hope to be proven wrong.
You're probably right that it's not nefarious in this app's case, but rather just developer ignorance. But even so, this is the right path to nudge developers towards better security practices.
Also, the permissions are contextual. I didn't see this dialog until I launched the app. Similarly, the first time an app wants to show a notification, the system prompts you to allow / deny it. I'm sure Apple can polish this more over time. But I will take this over the "nearly full-system access by default" paradigms that dominate desktop OS's.
A nice benefit of storing them in Documents is that it syncs to icloud automatically even on the free tier, so you can share it between all your computers.
It's often not straight forward and often getting in some system settings somewhere. Android has this problem.
uhmm....
To me, it seems that if the Documents permission dialogue in fact caught the app doing anything bad, it should remove all trust for the app and the developer. It's all or nothing, really.
Nor do I entrust it with all my network traffic. As to whether it warrants completely removing the app or not, it's up to the user to decide, isn't it?
If you bombard users with dialogues for every little thing, all you will do is train them to habitually click yes. Now you have lowered security, because users will ignore the more serious warnings too. And you've wasted everyone's time in the process.
This was exactly why UAC dialogues were largely a failure. And to think that UAC appears only once per app...
You should only ever expect the user to have access to the desktop and, even then, the only apps that would ever prompt for access to the desktop are those that aren't updated for High Sierra and above. On the latest versions of macOS, the Desktop folder is shared by iCloud. This is definitely not an instance where security has been lowered nor is this the standard behavior of the new OS.
Yes! That's what applications do, they read and write files. Most other software is, more likely than not, either a game or a web page.
Does every app need to access my desktop specifically? No. But if we're trying to protect "normal users", I don't think most of them have the wherewithal to think through "what exact locations does and doesn't app X need to access?"
The alleged problem is not even solved by a permission dialog. I should answer OK to the fact that it needs to access all of my Documents, forever, and that's supposed to be more secure? Why not just ask me for permission to my whole drive so it can scan for documents everywhere? Apps will just start asking for more and more permissions like they do on iOS, which is annoying.
macOS is slowly but surely being turned into iOS. It's software for the lowest common denominator - the average idiot - which I'm not, at least when it comes to technology.
Thankfully, my workstations are all Linux but I still have to deal with both macOS and Windows on a daily basis. But at least on Windows, the permissions annoyances can be avoided by simply not using UWP apps from their app store. I hope there's a way to turn this off on macOS but knowing Apple I doubt there will be because clearly they're on a mission to wipe macOS off the table. Perhaps that would be a good thing though. More people will move to Linux.
But this is not how it works. Word from the App Store is sandboxed. If you open a document in Word, this is done using the native file opening dialog. This is a separate, privileged process. The file is symlinked into Word's sandbox as a result. This means that Word has access to that file from that point onwards. So, it can show a welcome screen with documents that you have previously opened (which is what applications typically do, very few applications will show all documents).
This is how things have worked ever since Apple required sandboxing for App Store apps. The problem is non-App Store apps that are not sandboxed. They have unfettered access to every file. I guess these extra permissions are to provide a certain level of protection against such apps, which is good.
Word is a well-known application. I installed it. I trust it and the corporation that wrote it.
There are many well-known incidents of trusted applications being compromised and backdoored. E.g.:
https://blog.malwarebytes.com/threat-analysis/mac-threat-ana...
To make things worse, the hash was updated in Homebrew cask. So even if you used a package manager, you would have installed a compromised application. Trusting applications may have been ok in the age of shrink-wrapped software. But now that applications are distributed over the web, allowing unfettered access is insanity.
More people will move to Linux.
The Linux ecosystem is also moving towards immutable base systems (Fedora Silverblue, NixOS) and restricted, sandboxed applications (Flatpak). Sure, it will always be possible to install a 70ies UNIX-style distribution. But the world is moving to sandboxing and putting up more restrictions, because the computing world became more hostile.
macOS is slowly but surely being turned into iOS.
This is getting tired and old. People said the same thing ten years ago and yet here we are, macOS is still an OS for 'general purpose computing'. I think Apple is finding a nice balance between securing the average user through sandboxing and SIP, while keeping giving the knobs to disable protections to advanced users. I say this as someone who currently uses Linux 95% of the time, but I wish Linux was as far as macOS with application sandboxing and system integrity protection.
Well, the "slow" part can be slower than ten years. It might just still not be there, but compared to how macOS was 10 years ago, it does have more iOS-like restrictions nowadays even if it isn't full-on iOS.
Yes, that is how it works. Sandboxed apps can absolutely request access to an entire folder. See here:
https://developer.apple.com/library/archive/documentation/Se...
> An app-scoped bookmark provides your sandboxed app with persistent access to a user-specified file or folder.
But all of that isn't really relevant to what I was saying. You're bringing up technical details about how sandboxed apps work. I'm saying that sandboxes suck and I don't want them, particularly from Apple who will just use security as an excuse to take away more of my freedoms.
> I guess these extra permissions are to provide a certain level of protection against such apps, which is good.
I would rather not trade my freedom and liberty for even more annoying and absolutely useless security measures. You see the top comment on this thread now right? It's about how useless these dialogs are and how Apple has actually argued against them in the past.
> There are many well-known incidents of trusted applications being compromised and backdoored.
So? Don't update right away if your OS manufacturer can't be bothered to run a properly curated package management system that vets packages before anyone installs them.
> But now that applications are distributed over the web, allowing unfettered access is insanity.
I've been using desktop software for 30 years and for 25 of them, I've been downloading it from the Internet. My simple security measure are to verify sources, turn off automatic updates, don't update right away and read the news. Haven't had a problem yet.
> The Linux ecosystem is also moving towards immutable base systems (Fedora Silverblue, NixOS) and restricted, sandboxed applications (Flatpak).
Some Linux distributions are moving towards that. Anyway, I'm fine with immutable base systems. I'm even fine with sandboxed apps, as long as the permissions request infrastructure isn't annoying as it is in iOS and now macOS. And, as long as I can still install non-sandboxed apps without any further useless annoyance.
> This is getting tired and old.
No it's not. It's getting one tick closer with every release and if you want, we can certainly detail each time that macOS has changed to become more like an iPhone. Some part of you must realize that this is exactly what Apple would love to do as quickly as possible but they won't risk alienating users just yet. Do you really not see how Apple has been moving towards a less general purpose computer?
I mean, I wouldn't even call macOS "general purpose" to begin with because you can only really install it on Apple hardware. Right from the very start with Apple, their OS has always been more like "Apple purpose" - software that you can only use for Apples purposes.
> macOS is still an OS for 'general purpose computing'.
Yes, for now. Just a little bit less with each release.
> I wish Linux was as far as macOS with application sandboxing and system integrity protection.
No thanks. The world needs less security theater, more actual security and more freedom to use our own bodies and properties as we wish.
I'm by no means against Sandboxing, by the way. I think it's great that if you want to buy and use sandboxed apps—and are willing to accept more limited functionality as an occasional consequence—the Mac App Store provides that option for you. However, there needs to also be an alternate path, by which I can say "this is an application I trust, please let it do its job."
There should, of course, be several different permission levels—Parallels needs its own kernel extension, most applications don't. Permission prompts are an important part of enforcing that. And that's precisely why prompts need to be use sparingly—if you bombard the user with too many of messages, they'll ignore all of them.
The biggest protection here is that the folder is shared via iCloud in most instances. Asking for explicit permission is really the only way to do that safely.
Do you really think any application on your computer should be allowed to read and write them because "that's what applications do"? 90% of the 'applications' on my computer I didn't even install myself, like uninstallers, updaters, helper applications, background services, whatever. These have no business looking at files in my Desktop folder. And particularly not if its on iCloud and shared with other devices like my phone.
The permission is needed only when the application wants to go around the normal way of opening files.
I would like to know if an application:
- Is scanning the contents of my documents or desktop outside of files I specifically selected or it previously created
- Is monitoring data going on the clipboard
- Wants permission to make alert sounds or play other audio even if my sound is silenced/muted
- Wants to listen to my microphone
- Wants to monitor sound being output by other applications, such as VOIP
- Is monitoring for keystrokes even when it is not in the foreground.
> If you bombard users with dialogues for every little thing, all you will do is train them to habitually click yes. Now you have lowered security, because users will ignore the more serious warnings too. And you've wasted everyone's time in the process.
If the new permissions were about security, they would all be denied and applications would have to figure out how to cope. They are about user privacy.
As I see it, those are the same things within this context. The effect is the same. Users are just going to click yes. They aren't going to think through "what other files are on my desktop right now?"
You mean the place where your mom stores her confidential banking statements ?
> It would be like asking permission to access my clipboard,
You mean the place where you often copy paste passwords ?
> or read my keyboard.
You mean the place where you type your sensitive infos ?
At some point, the only way to be truly secure is to switch off the computer—that's why voting should be done on paper ballots! Once a computer is switched on and connected, everything is a tradeoff between usability and security. Personally, I have work to get done.
At what point is Apple the only one able to make useful software? And by the way, while Apple is pretty good at user privacy, they are by no means at the top of my list, particularly after the whole Siri debacle.
If you click deny, BEHOLD, the application is denied that permission.
As for the general quality of Catalina, there seems to be a deluge of amateur-hour flaws that affect real workflows for real users.
If the application asks for permission to access my contacts only after I select an option to share information with others, for instance, I can feel more confident about granting that permission.
Asking for all permissions up front is the permissions model that Google just abandoned.
This looks like a pretty good alternative:
https://www.andrew.cmu.edu/user/bparno/papers/user-driven.pd...
Instead of the OS displaying an annoying prompt when the application tries to use a privilege, the application embeds an OS-drawn access control gadget inside its UI, such that the user interacting with the UI grants the privilege.
https://developer.apple.com/library/archive/documentation/Se... (search for "Powerbox")
Why not make the user know what applications do: which files, ports, devices it has to access, and what data it emits, to begin with?
When it comes to having a quality laptop and OS to get work done, I would at least be happy with stagnation if the stagnation point occurred around the era of the best MBPs -- late model MBPr 15s, ~2012 to 2015-2016. I'm typing this one one right now. It's a little long in the tooth, but I'm horrified to update to a newer one and have to get the whole bottom panel replaced, yet again.
I'm hoping to defer this decision by a year or two, but I'm sure I'll have to bite the bullet eventually, and every year, I hope that it's not going to be worse, so that it'll at least be good enough. Sadly, it looks like that hope may yet be naive.
Memory compression in Mavericks was also something I feel is great. Although I never dealt with it directly as a programmer, only a user.
On the software side: slowness but more importantly a general decrease of opinionated cohesion, and an increase in odd UX decisions. Facetime calls to my iPhone trigger alerts on all of my devices, even if I'd prefer it to just be my phone (I rarely use Facetime on my machine). Beyond that, there are too many useless popups that interrupt me in what I'm doing that I have to X out of that I end up with a screen that looks like the topic post -- hence the pejorative "10.15 Vista" which is how a lot of folks about Windows Vista when it was released after the relatively sleek and polished UX of Windows 2000 and XP.
2. Open the Preferences menu.
3. De-select the "Calls from iPhone" checkbox.
4. Done.
The problem Apple has is that the early-2015 Macbook Pro Retina's really hit the balance point with the physical form factor. Enough heft to feel solid without too much weight. Enough battery life to do real work. A solid set of ports: HDMI. Magsafe. USB 3.0 ports. A keyboard that doesn't break due to random micron-sized dust particles.
So, a LOT of people want a 2015 Macbook Pro but with ONLY the tweaks to bring it forward to 2019 technically (memory, CPU, display, change to the two Thunderbolt 2 connectors to USB-C Thunderbolt 3) while leaving it in 2015 physically.
The marketplace has become much more competitive as innovation has pretty much stalled.
I'm thinking of moving back to Mac OS after being on Windows for the last six years.
Despite that, I love the Touch Bar. I do tons of video and audio editing and it's super-convenient for me. It seems like HN just has a higher noise ratio against the TB because it's mostly programmers and a high percentage of them are tied to a physical escape key. As a front-end dev myself who uses VS Code, I feel like that audience is just going to keep shrinking while the percent of people that will find benefits to the TB will probably grow.
Forcing it on all 15 in. MBPs and maxed-out 13 in. models was the biggest FU to Mac users and an insanely user-hostile decision. But they’ve been really good at pulling those lately, so I’m not getting my hopes up.
Citation needed. I would venture to say that more people use it than you think.
I’d rather give additive permissions to applications, since I’ve seen evidence time and again that security is one of the lowest priorities for most development shops.
It’s annoying the first time after upgrading (I haven’t done it yet), but it is infrequent after that.
Except for the Safari 13 download authorization prompt for every domain. That is a little more annoying to me.
Maybe it’s just me, but I feel a certain sense of comfort in seeing explicit privacy dialogues that make sense, coupled with a deep feeling of control when I press that “Deny” button.
I can't wait to get rid of some of my Electron apps in favor of proper native ones. That feature alone would be worth the upgrade in my opinion.
But that's not to say I agree with how they've implemented the permissions dialogs. As a developer who had to deal with them I found several glaring bugs in Mojave, not to mention a sub-par UX. I'm sad if they haven't improved on that.
https://developer.apple.com/mac-catalyst/
Upgraded to Catalina without a second thought after seeing that Podcasts was included.
It's tiny, but it's things like that that make this feature cool. Just a little less friction between the platforms.
That was launched alongside macOS Sierra.
[1]: https://www.apple.com/macos/catalina/docs/Voice_Control_Tech...
[0]: https://twitter.com/swiftonsecurity/status/85185740489147187...
This sounded interesting when I first heard about it, long before Vista came out. Now when I see it I wonder what they were trying to do. A file system is a database, with a well understood user API. So what were they going to add? Tagging? Application level views of the system? None of t hat seems like something that would require anything more than an extension that handled additional metadata.
Yes, a terrible API which works poorly for most home use cases.
You probably have music on your computer. In your hierarchical filesystem, do you organize it by Genre/Artist/Album or Artist/Album? Do music videos live in the same Artist directory or in a separate "video" folder?
Chances are you don't know/care because you're using an app like iTunes that builds a custom database on top of the filesystem. And something like Photos that reinvents a totally different custom database. And more database reinventions for email, ebooks, games, karaoke files, voice memos, calendar appointments, etc... all proprietary file formats without published APIs.
Data doesn't want to be organized in a single static hierarchy.
Data has no feelings.
In the case of file system, it makes perfect sense to be stored in a single static hierarchy because that perfectly reflects the concept of a paper file in a filing cabinet, in a little binder.
Even a relational database system that lets you query tables for data based on set ordering has a single method of storing the data on disk - that's a clustered index. You can't get away from having that, despite being able to support additional nonclustered indexes. In that case, the table and its rows really is organised in a static hierarchy too.
As it stands, NTFS has plenty of features that lets you attach a secondary data stream to a file anyway, and all manner of metadata. The Windows Internals book on NTFS is very informative on this.
These features don't exist on APFS though, as it's not as good despite being brand new, it seems!
The only thing that comes to mind is ACL tracking and it getting a bit complex from different access types, but I can think of a few options to work with that already.
Given that a beta WinFS eventually was made available as a separate download years after even it's beta was slated to be released[1], I suspect they did what I outlined above - eventually. Otherwise, I'm not sure why a bolt on component to the system would require so long and miss deadlines like it did.
1: https://en.wikipedia.org/wiki/WinFS#Development
Disagree wholeheartedly. It definitely has "hints" of Vista band-aid rips in the same way that shit like La Croix has "hints" of flavor but Vista was one of the worst OS releases I ever had the pleasure of being part of, only behind Windows ME. It took Vista a really long time to be a stable, fully-usable OS and, while I'm glad for the steps they took with it, their execution was terrible.
On top of that, this is completely due to the user.
What? All the user did was install Catalina and leave it alone for a few hours. How is this all "due to the user"?
- Acorn
- HazelHelper
- Plex Media Server
- Keyboard Maestro
- Parallels Access
- Bartender 3
- Arq Agent
- Nextcloud
- Tweetbot
- 1Password
- Spark
- Drafts
- OmniFocus
- Dash
- Bear
- iCloud
If you have dozens of apps asking for permission, then you need to have a better system of displaying those requests than one off popups/notifications.
This is not on the user. Don't victim blame. This is what any other person upgrading would see, maybe not to the same extent but I'm not sure it'd be that far off.
This would not be common for the vast majority of users and it's only caused by someone explicitly ignoring warnings and notices. It may be a little more common for power users but the average user may get 1 or 2 of those prompts and nothing more. The OP is only in the situation they're in because they either upgraded the OS without updating the individual apps or they purposely ignored a prior prompt to give access.
I literally took the screenshot that was posted and enumerated every application asking for permissions. If it happened to them, it'll happen to many, many users. Especially if those apps are updating outside of MAS.
Only every outdated application asking for permissions. The author of that post already explained why he was getting so many of those prompts. He admitted that it probably wasn't reflective of what the typical install will look like specifically because he was purposely using older versions of software.
As for not asking for their password: This actually makes a lot of sense. Users already hit "ok" fairly quickly (I assume the inclusion of the readable name + icon in the dialog is to make noticing what is being asked more immediately obvious). Requiring a password would have the effect of making every new app ask for a password, so you are training a user to (effectively) grant root access for any software they install.
Compare the outcome: user auto clicks "give this app access to your contacts", app can access and/or encrypt the user's contacts. User auto-enters their account password: app can access and/or encrypt everything.
Note that even power users run into malware - they're not magically immune - and if you download "vscode" and it asks for access to your contacts, email, etc you might go "huh" and re-examine it.
I run some of them, but I'm fine with hard transitions.
https://www.youtube.com/watch?v=YbEYOaO9kp4
I then once pulled up winrg.swf and fullscreened it. I told my grandmother I had upgraded her computer for her. She took a look at it for about 15 seconds then started crying.
Since then I've been a bit more cautious. Windows Really Good edition is still pretty great though.
As of 2019, it's flippin' fantastic. Most issues above are gone and Docker development experience in particular is vastly improved over Docker for Mac.
With the direction Apple is going, I don't see a road back soon.
Disclaimer - everyone's mileage varies, just sharing my odometer.
Yea, Wifi didn't immediately work, but with some Googling you figure out how to find the right driver and use modprobe (or whatever it was) to load it in.
Though, I do have my fair share of Ubuntu install horror stories, so I guess I'm simply lucky when it comes to Mac and Ubuntu.
Users will tend to feel overwhelmed and just click through modals when they are presented in this way. Displaying stacks of modals is an anti-pattern.
The right thing to do would have been to create a migration UX that allows quick review and audit of application permissions, presented in a table, sorted by applications that are requesting the most permissions. With a clear explanation of what’s happening and why a review is now needed. That would be a step forward in user privacy and informed consent.
Anyone defending such an abomination of UX should have their software designing license revoked.
It's mildly annoying, but the alternative would be to let you continue using the old version pegged to an older deployment target, and let you figure out all the incompatibilities at once when you decide you want release your app to the app store. IMO this would be much more annoying than just getting a coffee once while you wait for the upgrade.
For example, Xcode 11, which has 10.15 SDK target, can be installed on Mojave. This has been the case for years, the new Xcode can run on the n-1 OS release. So why reinstall it, after the system is updated?
> create a migration UX
Might not be possible if the previous MacOS isn't full-on tracking what folders a program is accessing, and it still would likely encourage allowing all permissions if the user has more than 30 different programs accessing enough folders.
Dang it, I never filed for one.
Hey Clippy, where do I get one of those...
> Hi I'm Clippy! It looks like you're trying to make a joke. Do you need some assistance?
Clippy would like permission to invade your screen after you summoned him.
/s
Otherwise, free market baby.
- ks
So there is no database of applications that need access to read/write Documents or Pictures.
So a UI like you are suggesting is not technically possible to create.
Take all the windows/notifications from OP's screenshot, map each of them to a row in a table, group by application. Show all this info in 1 modal, call it Migration Assistant.
The article is a pathological example anyway, because I got zero prompts even on my work machine.
And Vista was a good step forward also back then, but people can't be bothered to take care of their data.
This is why security work is such a slog, you're dealing with motivated, well funded attackers that only need to succeed once, while the people controlling the key to the castle are mostly nincompoops.
Or do you show multiple dialog prompts (like in the screenshot) because there is no way of knowing what disparate applications will access at any given time?
My experience of corporate IT (having been a subject of someone else's policies) was to have my machine locked down to the maximum because someone somewhere once ran a random EXE they'd been emailed or downloaded and it contained ransomware and encrypted everything it could access (network servers too). As irritating as it was, what would you do to stop that happening again? It was a developer that ran that...
This includes "professional" users who saw Edge or IE as "the Internet" and would get "IT" to add an ODBC entry for a database server, despite having worked there for 10 years. Most of my colleagues didn't know the difference between a database server and a terminal server. And this included management.
What would you do instead then??
Clearly you've never seen a "user". Dummy is tame, I would have described them differently.
Personally, if I encountered this mess, I’d be shamed, inspired to meditate a bit on my own personal computing hygiene.
Seriously? THIS. BENEFITS. NO. ONE.
The only thing I can figure is that, somehow, Mac has required applications to display something to the user to get their permission to make some substantial system-level changes. But the application is, I guess?, allowed to fill in the message dialog. I can't believe that wording came from Apple; I assume it was Microsoft, who I do trust as much as anyone, so I'll approve it, but this leaves a lingering question:
Either Apple actually did write that, or they allow applications published by "whoever" to fill in "whatever" messaging they want to get the user to click Yes. It's absolutely unacceptable behavior.
I'd say I'm done with Apple, but there isn't a personal computing platform who gets this right. Every Apple employee reading this article should be ashamed. Every Microsoft employee should be ashamed. Everyone just Needs To Do Better.
What is Better? I don't know, off-hand. It's not easy, but I'd imagine why that's why these companies are paid billions of dollars. For starters: If I install around your centralized certificate signing authority to install something, I Trust That Application. It doesn't need to alert me every time it makes a change. And if I install it through your store, then I also trust it, because you trust it. So why do I get so many damn "Approve This Change" notifications? I should get ZERO after the install.
I get that most users aren't as savvy as me, but that's why you're making it so hard to bypass that central certificate signing authority, and I'm fine with that. It's the lingering notifications that make zero sense. Fix your shit, Apple, because I haven't encountered anyone that's ecstatic with anything you've released in the past 18 months.
So users almost always click "allow". What's the point of the dialog then?
Really, the dialog should be explicit about what's needed and why it's needed and what click "allow" does (i.e., always allow this action, for this purpose? Or always allow any root-level action from this app? Or something else?)
Only then will users actually be able to make a decision beyond "do I trust Microsoft and do I want to do this thing I just asked Word to do?"
They haven't quite descended to Microsoft levels of "We're restarting your computer now kthxbye", but it's a grim, user hostile path they're on, at least with notifications.
I don't know what's with microsoft and apple. When I'm in the middle of using my computer is not the time to close everything and lock the machine down for 30+ minutes for an update. I'm going to say no every single time.
Man, I miss Snow Leopard. I think that was peak OS X for me.
You mean like how Facebook trusted the Cambridge Analytica apps which then went on to steal huge amounts of data.
Or how about all of the legitimate apps which include metrics libraries which have then gone on to steal huge amounts of data.
You simply can't trust the original signing process these days.
Computing is strikingly similar. You're vulnerable when you use any service where any level of personal information or even code execution is passed to a third party. You're vulnerable even when you buy a VM from DigitalOcean, or when you edit a document on Google Drive, or when you install some binary from a company. But that's alright; to be vulnerable is to be human, and there are tons of very tangible benefits to allowing yourself to be vulnerable.
There are alternatives. You can live like RMS and be so scared of vulnerability that you lock yourself in a self-imposed computing exile. I don't trust the code; I need to see it. I don't trust the authors; I need to be able to make changes. I don't trust my contributors; they need to open-source what they make. I don't trust service providers; I need to host my own servers. That's a very sad outlook on life.
Facebook fucked up. In fact, they've fucked up so much that they aren't deserving of my trust anymore. Everyone is allowed to have different opinions about who they trust, but Apple, Google, Microsoft, and many other companies have not fucked up to the same degree, and are still deserving of my trust. I don't love Google especially, and tend to think that they're headed down the same path, but they still do a lot right. Maybe I'll be burned someday. But that's alright.
This breaks in 10.15. Do you have a work around?
Going from the old model, a native app can do almost anything to the new model, a native app has to ask permission means that yes, there is a one time issue of having to give all apps the permissions you want them to have. That happens just once though on this transition. Normally it would happen once or twice a month as you install new apps.
Seeing some people say 'if you were fine with it before...' - well that's the thing, I wouldn't have been fine with it before if I had known.