Ask HN: How to Block Apple's Spyware on BigSur?
With BigSur, Apple is getting a hash of every executable you run, and it's changing the way kernel extensions work and VPNs work to prevent blocks from happening.
Immediately, I think the quick answer is to block outgoing requests to apple's server using an external firewall, but how does one identify which requests are carrying the spyware?
On the Mac system, how can we remove the spyware functionality?
44 comments
[ 3.2 ms ] story [ 105 ms ] threadJust switch to something else.
If I use the same mouse and headset on my Dell Precision 5520 I don't suffer from these issues.
Granted. Except it's useless from my perspective because:
* keyboard-centric tiling workflow + mouse
- is faster than-
* a standard K&M stacked windows workflow
- is mostly faster than-
* keyboard-centric tiling workflow + any trackpad
- is faster than -
* the standard macOS experience with a trackpad
It's an exercise in frustration whenever I have to get help from or help out a peer which uses a touchpad for everything (Mac user or otherwise, but more common in Mac users precisely because of its good trackpad) because it makes every operation slow as molasses. And if you care about a responsive desktop, the trackpad is mostly irrelevant because you'll be using a tiling setup which relies on a keyboard and simple mouse/trackpad usage.
> build quality
A computer that throttles at max frequency does not have good build quality. A computer with a keyboard that falls apart with specks of dust does not have good build quality.
Macs have great screens and are slim, but they're far from the only ones with those qualities.
> stability
Except this is a meme. macOS stability is an absolute gamble like all other OSes, it will depend on your configuration macOS will behave or not, as is the case for both Windows and Linux. And macOS releases are known to be stability shitshows, Catalina being a big example and now Big Sur not being able to start applications because an Apple server is unresponsive.
Macs are pretty popular among musicians and producers. When El Capitan dropped, pretty much all audio hardware and software stopped working. I remember that you couldn't use Native Instruments plugs and the majority of pro audio interfaces stopped working.
This was fixed after a while, but it took at least half a year for everything to work again for 50% of users and a full year for everything to work for 90% of users.
If you upgraded by accident and didn't have backups, you were in trouble. Even if you had backups, you could still have issues.
Here's a link from back in the day:
https://macprovideo.com/article/audio-software/5-reasons-mus...
Now, did something similar ever happen on Linux or Windows?
I can safely say that a lot of people lost some revenue because of that upgrade (there were also issues for video production software), at least until the word spread that you shouldn't upgrade.
Except for a few very specific workloads and iDevices development, most things can be done on windows or Linux equally well.
In the meantime, have fun with your dumbed down is where you can only run apple-approved things.
Hey now, WRT the topic at hand Windows is no better [0]
https://www.oo-software.com/en/shutup10
The entire desktop experience on macOS feels WAY more cohesive than windows (which I have used since early 90s), or any of the DE i have tried on linux/bsd (which i have used extensively for over 20 years). Additionally the quality of the hardware (specification/cost aside) far exceeds the alternatives.
I HATE the way that apple are going. Their products are absolutely fantastic, but it is evident that the direction is to lock-down the "computer" as they have done their mobile ecosystem. I hope that legislation and regulation will tear their walled garden (and others!) apart. Then we can get back to bashing peoples OS for being not our own - rather than for being the authoritarian minefield they have become.
I know I could use Inkscape over Sketch for example but I can't see how I would be as productive as the clone functionality isn't comparable to the symbols functionality of Sketch e.g. you can create a reusable web page header element that you can paste in multiple locations with the colours + text changed via simple parameters where the rest is kept in sync with the original. Is there something similar?
https://github.com/akiraux/Akira
You sure about that logic?
Related, any one know of any brilliant engineers who deeply understand what they're using that use/love apple products?
No they don't. There are statistics. What you see in the Bay isn't common.
In the USA/UK/Canada startup land maybe? I very much doubt that most developers use a Mac. For one it is extremely expensive in "non first world" countries.
I HATE my piece of crap MBP and would take a small pay cut to go back to Ubuntu/Arch.
This kind of weird elitism is getting very old.
https://insights.stackoverflow.com/survey/2020#technology-de...
If I’d have to switch to another platform I prefer to quit programming at all.
Make that “Starting with Catalina” (https://lapcatsoftware.com/articles/catalina-executables.htm...)
You can also find some blogs and forums that discuss what applications are not critical and that you can "launchctl unload -wF" safely to minimize chatter and improve battery life. Ensure the sites specifically call out the version of MacOS you are on, as these things change with each release.
[1] - https://www.obdev.at/products/littlesnitch/index.html
LittleSnitch 4 can continue to work (with the kext) on Big Sur following this: [1]
LittleSnitch 5 can block all protected MacOS processes by following this: [2]
Murus can use PF and block IPs for Apple services: [3]. This isn't per process, and is really just a UI for the built-in PF process.
If you'd like to block the notarization check, you can block trustd (/usr/libexec/trustd) access to ocsp.apple.com (on both system and user process ownership in LittleSnitch).
Hope this helps. It's really not as bad as you think, there's a few solutions depending how thoroughly you want to block things.
[1] - https://www.obdev.at/support/littlesnitch/245913651253917
[2] - https://tinyapps.org/blog/202010210700_whose_computer_is_it....
[3] - https://www.murusfirewall.com
Technically speaking, OCSP and notarization are two different things. The notarization check is actually to https://api.apple-cloudkit.com by /usr/libexec/syspolicyd