macOS needs its grid back

Posted by ranebo 15 hours ago

macOS needs its grid back(blog.hopefullyuseful.com)

359 points | 231 comments

xp84 15 hours ago|

> If they approve, the settings open, then the user has to find the specific little toggle and enable it. Another security prompt then done. Why isn’t this at most 2 prompts?

Answer: Because modern-day Apple has subscribed to a particular brand of mitigation for the "noobs will always click 'Allow' especially if you ask them to first" problem. The mitigation is that Apple just dumps you on step 2 of a little 4-5 step mini sysadmin adventure where you prove, every time, that you're sophisticated enough to deserve an exception to the padded-cell walled garden mode they've sealed off 'for your safety.'

As a complete nerd, you'd think maybe I'd like that I can prove my skills like this, but it comes off as deeply disrespectful to me as the user that I can't disable this.

What's my solution to prevent grandma or a 10-year-old from clicking "Allow full filesystem access and keylogging" to an executable she downloaded from facebook-security-center-and-password-verification-cgi-bin-ab383 dot xyz? IDK, that's their problem, but they should offer a way for those of us who aren't clueless to turn whatever it is off.

comboy 10 hours ago||

> As a complete nerd, you'd think maybe I'd like that I can prove my skills like this, but it comes off as deeply disrespectful to me as the user that I can't disable this.

You seem to have understood the problem. But then you didn't follow. If there was a way to disable this, first thing that the grandma would do is watch a video how to disable that and lose security from then on.

Of course it is not perfect, but their approach here is really decent. And also, if you find yourself needing to go through that often I think that's not a good sign security-wise.

freedomben 2 minutes ago|||

I agree with you, but then to me this is a great reason why macOS (and Apple products in general) just aren't made for me. And that's ok, that's the beauty of diversity.

wolvoleo 2 hours ago||||

Their approach is not decent. There should be some kind of master key to get full admin access. Leaving al the keys in the hand of a mega corporation is asking for trouble.

It's gone so far that even tech people now think that having root access to a mobile device is somehow scary. Well guess what that root access is still there for the manufacturer. It needs it for stuff like updates. It just shields you from having any kind of input or visibility on what is going on.

And once you've given up your admin control to the mega corporation, your government is going to be next. They'll be demanding backdoors and regulatory bullshit like age verification and snooping backdoors. Even today the EU launched yet another chatcontrol proposal. Eventually they'll manage to get it through when they've paid off enough representatives.

Keeping full control is the only way to prevent this.

butlike 1 hour ago||

Doesn't the government already have root to whatever machine via the NSA? It's the downstream government, the state-level governments that are squeaky wheels with the age verification and other nonsense.

wolvoleo 27 minutes ago||

I'm in Europe not the US. But NSA and their likes are a very expensive resource. They're not going to use that for small fry cases. Also, any evidence they obtain is not legal for any purpose so it has limited use.

And even NSA backdoors could be discovered more easily if we had full access to our phones, obviously.

jahller 8 hours ago||||

you really underestimate the will of people to not change anything that annoys them about their OS. they will click 1 million times a popup away before even considering that it could be resolved indefinitely by an option change. i think Apple's system works well to keep the average user safe.

Sharlin 7 hours ago|||

Agreed. It just doesn't occur to most people. To even come up with the idea that maybe there's a setting for something, never mind searching for a tutorial on how to change it, you already have to be a power user for some values of "power".

carlosjobim 5 hours ago||

The grandma is going to follow the video on how to disable system security because scammers are making these videos and she think she has a virus.

Not because she wants to install brew or something.

Sharlin 5 hours ago||

Good point.

projektfu 2 hours ago|||

This is evidenced by the people who constantly dismissed the Wi-Fi pop-up on iOS. Which is just about everyone I know with an iPhone.

xp84 2 hours ago||

Which pop-up do you mean?

Wowfunhappy 1 hour ago||||

> If there was a way to disable this, first thing that the grandma would do is watch a video how to disable that and lose security from then on.

My grandma absolutely would not watch and follow a video on how to e.g. disable Gatekeeper, nor do I think she’d be able to if she tried.

Your grandma sounds substantially more tech savvy than my grandma. Good for her, she seems to know what she wants. Grown adults should be allowed to knowingly opt into an additional level of risk.

moduspol 33 minutes ago||

She would ask a grandchild or neighborhood kid to fix it, and then it would be disabled.

merlindru 9 hours ago|||

Could make it disable-able only from the terminal in recovery mode. That one would be too hard / bothersome to fend off most cases I feel like

moduspol 32 minutes ago|||

No, it would just become something you ask your tech-savvy nephew to fix for you. Windows is (or used to be) full of things like this.

mikey_p 1 hour ago||||

Did you know that Facebook actually has a message styled with color and different font sizes that pops up in the browser console when you open the inspector for Facebook.com with instruction not to paste things you're told to paste there, with a link to https://www.facebook.com/selfxss for more information?

Moggie100 8 hours ago|||

Never underestimate the ingenuity of a motivated fool.

My litmus test for this sort of thing is Excel - I think we all can agree that Excel is used for way more than it should be, and the most complicated, unhinged uses of it are done by non-technical folks looking to get a task done through desperation.

KoolKat23 8 hours ago||

At that point it's a them problem.

aquariusDue 7 hours ago|||

Yeah, it always seems weird to me how we deem most adults responsible enough to own a car and not drive into oncoming traffic or how people are allowed to buy actually dangerous tools from big tool stores without a second glance. And sure, there's safety training available and in the case of driving you gotta first prove you're able to follow the rules. But after that? You're on your own, only in computer land do the manufacturers and so on keep holding your hand trying to make sure you're not figuratively cutting it.

With that in mind it ends up being weird to me in a way I can't articulate because after all I can speedrun losing a limb if you left me loose in Harbor Freight or speedrun losing all my money and becoming debt-ridden if you give me a laptop with internet connection.

Anyway, I know there's more nuanced discussion to be had still I sometimes wonder how would the ideal approach actually look like without requiring people to have a digital(ing) license before being allowed to connect to the internet.

TylerE 5 hours ago|||

That isn't true at all.

To attack your specific example, cars have added all kinds of things that "hand hold" the user and keep them (and others) safe: Seat belts, air bags, anti-lock brakes, traction control, automatic emergency braking, back up cameras, lane keep assist, blind spot monitors, etc, etc, etc. (Oh, and guess what, per-mile traffic deaths are WAY down from a few decades ago).

throwup238 3 hours ago||

All of which are trivial for a user to override, disable, or ignore completely except the primary airbags, which I believe is the whole point. The user is in control and its all in the owner’s manual to boot.

TylerE 14 minutes ago||

Many are not, and ma y of the ones in the pipe line, like speed limiters and drunk driver detection are going to be legally mandated to be nondisableable..

ToucanLoucan 6 hours ago|||

> You're on your own, only in computer land do the manufacturers and so on keep holding your hand trying to make sure you're not figuratively cutting it.

Well, firstly, newer cars are now equipped with tons of safety features like various kinds of auto-braking, various warning systems which monitor blind spots in the car, and driving aids like lane assist, lane monitoring, what have you. And then they also have advanced telemetry features that don’t keep them safe, but their insurance company hopes will identify them as bad drivers if and when they get into accidents so they can be denied coverage. These could be analogous depending how you look at it.

Additionally while there’s not much out there for tools, I think that’s less to do with it not being an issue and more to do with it being kind of impossible? That said a few tools have things like sensors that detect the presence of fingers near saw blades and will not only stop operating, they’ll usually destroy the tool in the process to ensure the operators safety, because fundamentally, more saws exist, more fingers do not.

Like despite loving track driving, I wouldn’t think that everyone tearing around in V8 monsters with stripped interiors and roll cages is a good idea.

aquariusDue 5 hours ago||

Huh, I always forget about the newer safety features of cars because I generally see older cars around me and I used to drive cars where ABS, ESC and beeping where as far as it went for safety. And sure you could argue that telemetry used this way could be a path to price bad drivers out, if I understood your point correctly, yet while it would be effective when deployed to this goal I still instinctively regard telemetry as an invasion of privacy (in a space I assume by default to be private) but that's veering towards a different discussion.

Generally I have to admit that society is trending towards making things safe(er) by default but as always with every trend some attempts at following or complying are executed poorly (intentionally or unintentionally). Here's where I agree that while some safeties are universally good and people that disable them suffer from overconfidence I have seen some examples like experienced people removing the shields from brush cutters because they can get in the way and increase the risk of a tangle when cutting overgrowth (though you have to be mindful and careful to not fling small rocks around afterwards).

And yeah, I see your last point and generally agree but for fairness sake I would like to present the other extreme end where a person on a bicycle against a pedestrian is also dangerous albeit less so. That said I'm about to accidentally argue in favor of the "guns don't kill people..." rhetoric and I really don't want that so I will concede that for the time being it's better to (thoughtfully) design safe systems instead of relying solely on operator diligence.

Oh how I dislike that objectively I recognize the need for safety yet subjectively I disdain the fact that my tools try to nanny me and I can't reconcile these two views :/

ToucanLoucan 3 hours ago||

> And sure you could argue that telemetry used this way could be a path to price bad drivers out, if I understood your point correctly, yet while it would be effective when deployed to this goal I still instinctively regard telemetry as an invasion of privacy (in a space I assume by default to be private) but that's veering towards a different discussion.

A discussion on which I think we'd absolutely agree. But yeah, it's a thing, whether we agree with it or not.

> Generally I have to admit that society is trending towards making things safe(er) by default but as always with every trend some attempts at following or complying are executed poorly (intentionally or unintentionally). Here's where I agree that while some safeties are universally good and people that disable them suffer from overconfidence I have seen some examples like experienced people removing the shields from brush cutters because they can get in the way and increase the risk of a tangle when cutting overgrowth (though you have to be mindful and careful to not fling small rocks around afterwards).

Oh 100%. I would argue most safety features, even when implemented well, will encumber those who were already skilled, which is why you rub against the ones in MacOS. It just... I don't think there's a way around that, you know? Think it's just an immovable law of the universe.

> Oh how I dislike that objectively I recognize the need for safety yet subjectively I disdain the fact that my tools try to nanny me and I can't reconcile these two views :/

I struggled with this for a long time too, but for me, it kinda resolves with the following reasoning:

On balance, safer... everything... makes for a better society, because it enables more average people to do more things, to go more places, to use more technology, to make their lives better. And the fact is, for more experienced people, we can get around this.

Like the security constraints in MacOS are a great example: they are fucking ANNOYING when you're configuring a new Mac, completely agreed, because every last thing requires so many steps. However how often do you really find yourself needing those options in daily driver use? I can count on a hand the number of times I needed system access the last couple of weeks (and usually it's just an app update where I have to give the app the go ahead by typing in my password). The last time I had to open security options and do that whole procedure... it would have to be weeks at minimum, perhaps even months.

throw0101a 6 hours ago|||

> At that point it's a them problem.

Except when it becomes a reputational problem for the OEM: Excel sucks at X (i.e., don't use it for that) and Excel sucks can become equivalent in many people's minds.

Sometimes it is actually a problem of people 'holding it wrong' (as the meme/trope goes). And who gets the blame?

KoolKat23 1 hour ago||

I'd say, the reasonable person test, if the mistake sounds like one a reasonable person would make, then fine.

I guess sadly the press will gloss over all the intricacies for a few clicks.

I also feel that dumbing things down probably just exacerbates this problem as "reasonable folk" have no clue how you actually get from a to b.

Wowfunhappy 1 hour ago|||

The solution is that you as the nerd should be able to prove your skills once instead of every time. This is why I’ve personally never had an issue with Gatekeeper—one `spctl --master-disable` and a trip to the Settings menu and you’re done. Why can’t TCC work like this?

manwe150 15 hours ago|||

That’s likely not quite the reason. It is to make you have to pause to think if this is the action you want to take.

On the flip side, many websites ask if I want to allow notifications. I almost never do. I was looking at settings recently and surprised how often I’d clicked yes by accident (maybe about 5% false click rate?)

MiddleEndian 10 hours ago|||

>On the flip side, many websites ask if I want to allow notifications

One of the first things I disable on any new Firefox setup. I want zero notifications from websites (or in general, one of the objective improvements of Windows 10 over Windows 7 is that you can just disable notifications entirely, while disabling balloon alerts in Windows 7 was a huge battle that never fully worked)

syabro 14 hours ago|||

but the damage of notifications is almost zero compared to keylogger IMHO

mrpippy 13 hours ago|||

Right, that’s why you get a simpler yes/no dialog for notifications, and a conplex “navigate to this settings pane and click a separate button” flow for a keylogger

setopt 10 hours ago||

I’d like a dialog where you are simply asked to repeat a sentence like «yes, record my screen» or «yes, record what I type» into a text field to approve. Straightforward but still makes you think.

rswail 9 hours ago||

AWS Console has that, but it's infuriating that it has different prompts for different resources, it asks you to type "delete" or "confirm" or the name of the resource.

But like most of the AWS Console, each service is different in a unique way.

greazy 14 hours ago||||

Notification requests add to decision fatigue, which can lead to bad things.

Nursie 12 hours ago|||

Depends on what you allow and what your level of sophistication is.

My mother recently had "There are antivirus notifications taking over half the screen, do I need to click on them and renew Norton?"

She'd been somewhere and done something that had allowed an unscrupulous site to flood her with alerts directing her to give payment information to a scam site pretending to be antivirus renewal.

When I finally got over there (she doesn't live on the same continent) I went in and disabled notifications on all of her installed browsers.

As far as I'm concerned the whole 'let this website notify you' feature is an antipattern and yet another example of browser overreach.

swiftcoder 10 hours ago|||

> As far as I'm concerned the whole 'let this website notify you' feature is an antipattern and yet another example of browser overreach.

It's a symptom of the whole "we converted our document platform into an application platform" debacle that typifies the modern web.

Notifications make no sense for the majority of websites, but if you use, say, a web-based email client, then you probably do want them.

xp84 2 hours ago|||

> 'let this website notify you' feature is an antipattern and yet another example of browser overreach.

Yes and no. Prompting for it modally the way they do now is for sure wild, but for some webapps (e.g. Slack) it makes plenty of sense. I think Firefox used to have a UI they used for some things where they'd inject a non-modal bar with a couple of buttons inside the content area. This sounds like the right type of UI, maybe at the bottom of the viewport.

  site.com can send notifications when you're not on this site.  (Get Notifications from site.com) (Dismiss)

klodolph 15 hours ago|||

This particular permission is pernicious, ponder for a picosecond the possibilities:

It’s used for writing keyloggers.

That’s it. It’s the permission that lets you write a keylogger. It SHOULD NOT be just a click away. It should require some extra song and dance, because this is an especially dangerous permission, and the extra friction is justified.

xp84 14 hours ago||

All the permissions are treated the same way though. Microphone access. Screen sharing access. etc. Yes, all could be used to spy on you in evil ways, but the replacement of a straightforward "Want to grant this app the following permissions?" with these stupid little spelunks through the garbage app that is Settings irritates me every time.

Apple should throw this whole thing out and replace it with first-launch lists of permissions, with toggles for each. This app 'Zoom' wants "Record the screen, microphone, camera." Then you're done and you don't have to keep searching for it in little lists and relaunching it.

zuhsetaqi 12 hours ago|||

They are not all treated the same. Microphone and even Location or Local Network can be permitted direktly with the dialog.

klodolph 14 hours ago|||

Honestly, I think the permissions model for desktop and laptop computers is way too permissive to begin with, I think it just kinda sucks and doesn’t do its job. Apple is kind of fixing it but there is a long way to go.

There have been alarm bells ringing in my head for a long time with all these settings, and the fact that they’re buried in the settings app gives me a lot of peace of mind. I’ll click through a lot of boxes and alerts and grant permissions that I shouldn’t. I’m SUPER glad that I won’t accidentally grant, you know, full disk access or accessibility to an app just by clicking on a box that appears at startup.

I remember back in the bad old days when I was constantly making extra user accounts just to run some program. Kinda sucked. Hard truth is, you sometimes want to run code that you don’t fully trust.

xp84 1 hour ago||

> I think the permissions model for desktop and laptop computers is way too permissive to begin with

Well, if you feel that way, they do make platforms that sound like a better fit: iPad, iOS, even Android kinda fits that mold. I would call them "toy computers" but that is my bias. It's not a real computer to me if I am not even in control of what code runs on it.

klodolph 1 hour ago||

Ah, I can see what you’re getting at. There is actually a system which is a better fit for me, which is the Mac. I can still run the software I want on it, and even though the security model isn’t tight enough, it’s improving.

Linux is also doable, but there’s extra work involved with setting up separate user accounts for running specific pieces of software, configuring namespaces for those processes, that sort of thing. But this is backwards. I’d rather start with a secure default state and have to configure exceptions. Back in the day I could get that from SELinux strict policies but it seems like those have fallen by the wayside.

ibejoeb 5 hours ago|||

That is a solution. But the underlying problem is that they didn't go far enough. There's no good reason to bundle arbitrary screen recording with window snapshots, or bundle arbitrary keylogging with hotkey activation. Just off the top of my head:

For previews, Apple could provide an API for this very common task. The OS can provide the images, and they could be sampled at refresh rate that makes it unusable for arbitrary recording.

For key chords, they could repurpose the emoji key, which is currently not available for external binding, to effectively allow capture only following that magic sequence. The OS should manage this centrally, allowing a program to define its commands and then delivering only the command without the specific associated keys presses. We get the benefit of centralized management with deconfliction, too, which is a real pain on macos as it stands.

I don't know if these solve every problem, but they solve some. There are probably better ways. Apple has plenty of smart programmers. The product team needs to let them solve the problems that they surely know bother their professional users.

butlike 1 hour ago|||

I oftentimes think that as a nerd, it's easy to walk around like my shit doesn't stink, but then I realize I too have been the victim of clicking through popups mindlessly and probably have done some 'risky computing stuff' I'm unaware of beyond that.

As nerds, do we have a higher capacity to fix a mess than a grandma? Sure, probably, but that doesn't mean that we don't make messes.

kdheiwns 12 hours ago|||

The scary thing to me is how Apple makes you jump through hoops to install or use any sort of app, but when it comes to adding items to your login items, they don't even require you to grant permission.

Tried some little throwaway app and realized you don't need it? Sucks for you. It added itself to your login items and it'll start up in the background every single time you turn on your computer. And it won't even tell you. Thought you deleted the app from your Applications folder? If you didn't check your login items, there's probably some little script that deeply installed itself and it'll reinstall it in the background during your next startup.

Adobe is the fucking worst with this. Their Creative Cloud spyware keeps enabling itself and reinstalling itself so long as you use photoshop. And it'll constantly find ways to turn itself back on. Steam also adds itself to login items, which is fucking annoying because you'll reboot and be hit in the face with game ads. At least it respects your decision when you turn it off, but login items should be opt in, never opt out.

bartvk 12 hours ago|||

I try to always install with Homebrew. Because then you can uninstall with the --zap option, for example:

  $ brew uninstall --zap aerospace

Usually it blows away everything associated with the app, including cached files, configuration in ~/Library and ~/.config, etc. Very useful. It'll leave a non-functional login item which isn't active and can't be active.

bayindirh 10 hours ago||

I like the app uninstaller included in Forklift. You open Applications folder, and delete an app. A window appears with all the associated files Forklift can find (which is extremely accurate, BTW), and you can uninstall everything you want from there.

For .pkg files, there's UninstallPKG which reads the package manifest and properly uninstalls it.

xp84 2 hours ago||

I would like to take this moment to rage against Apple for shipping that package installer, literally 25 years ago, and never once having apparently even considered a native, out of the box way to uninstall programs that were installed that way.

Speaking of packages, even more embarrassing, Microsoft Windows literally beat them to shipping a first-party package manager. I feel like Apple lives in a fantasy land that the drag’n’drop app install method from the classic macOS is some kind of platonic ideal — never mind that they can’t stop half the apps out there from going outside that paradigm and installing their crap all over the place.

radicality 1 hour ago||||

I like the app ‘Lingon X’ I think is the name, to help with this. It’s a viewer/editor for all the startup and recurrent background tasks on your Mac. But also it has a feature to notify you of any edits/additions to the startup/background items that I otherwise wouldn’t have known about.

deafpolygon 11 hours ago|||

I get notifications that an item has added itself to your login items.

volemo 10 hours ago||

I do as well, but no app should be able to add itself to the login items: ask me or better have me navigate to the login items settings pane and add it manually.

joshspankit 14 hours ago|||

For a long time, I’ve believed that the actual solution is to make the system transparent enough that a compromised system is obvious. Imagine playing hide and go seek in the salt flats

hibikir 2 hours ago|||

From the time of very early viruses, malware has spent effort modifying the tools that make the system transparent to lie to you. So your approach demands that there must be things that are absolutely impossible to change. I have yet to see a system where that is actually true.

tikhonj 13 hours ago||||

That seems ≈impossible in a world where you're running arbitrary, Turing-complete code. A modern consumer machine can do so many different things—often a bunch at a time—that there is always a massive amount of space to hide bad behavior.

There might be some way to design a system from the ground up to avoid this problem (some kind of declarative, capability-based security?), but retrofitting that onto an existing behemoth of a system does not really work.

somat 13 hours ago||||

I agree, however the fundamental problem here is that transparent systems are on the far side of the axis from user focused systems, think about it, the whole point of building a user interface is to hide and remove choice from the user, to change the system from "A steady hand with a magnetic needle" to "point and grunt" the whole point is to build a shiny facade that hides the inner working of the machine. So while you and I and many other people like to see the machine, the inner workings whirling around in grandiose majesty. Millions of man hours have been spent hiding that stuff away keeping it from view, pretending it does not exist. And thus the transparency of our computing environments have suffered correspondingly to this focus on hiding things.

refactor_master 13 hours ago||||

If I log into my system it's safe. If someone reads my password off my screen post-it and logs into my system it's quite thoroughly compromised. How would you demonstrate which of the two sessions are compromised, during the act?

thfuran 14 hours ago|||

What does that actually mean?

rmunn 13 hours ago||

See https://en.wikipedia.org/wiki/Bonneville_Salt_Flats — the salt flats are extremely flat (as the name implies), and because of all the salt, no vegetation can survive. Look at the pictures: there are no trees, no grass, no hiding places at all. Anyone standing (or even lying prone) on the salt flats is visible to anyone else for miles around.

GP was saying that systems should be "transparent enough that a compromised system is obvious". I'm not entirely convinced that that's possible (On Trusting Trust should have taught us that compromised systems can create places for the compromise to hide), which means that the salt flats analogy is not a great analogy, IMHO. But at least now you understand the analogy.

ileonichwiesz 10 hours ago||

I don’t think the analogy was the issue. What does it mean for a system to be so transparent that it’s obvious when it’s compromised?

butlike 1 hour ago|||

I was thinking it would even go so far as to make the background red if it failed some heuristics.

coldtea 7 hours ago||||

That what apps have permission to access/record what at what times they use it, shouldn't be hidden or scaterred across several Settings panels.

volemo 9 hours ago|||

I can’t speak for the ancestor, but I think making every screen recording app prominently visible in the status bar would fit the bill.

osjdiwnfiwjfi 18 minutes ago|||

> As a complete nerd, you'd think maybe I'd like that I can prove my skills like this

As a self proclaimed complete nerd I expect you to be insufferable about this—lo and behold...

Let’s not pretend these security practices have no use, please. This “I’m such a greybeard, screw modernity” playacting is so tiresome it’s not even quaint any longer.

jeroenhd 9 hours ago|||

Making the prompts understandable helps a lot when it comes to preventing your grandma from installing a keylogger. I don't mind the setting not being obvious exactly because people who don't know computers shouldn't be tricked into toggling them.

But it is funny to see the daily barrage of permission prompts fly through when macOS made an entire ad ridiculing Vista for half the popups and permissions macOS requires these days.

harrisi 8 hours ago|||

Ironically, my first thought was using Automator or AutoHotKey (there's a different one for macOS I think? But you get the point) to just identify those dialogs and click yes/allow/whatever.

Even though a bunch of the responses are "well you don't want a keylogger" when the first solutions I can think of are also (potential) keyloggers. :)

meszmate 9 hours ago|||

It got restrictive enough that I jumped to Linux with Hyprland and just configured everything the way I actually want

articsputnik 5 hours ago|||

True, I started with Omarchy, but then changed everything to my liking. It's so much nicer if you can change your OS by changing some dotfiles, and don't get distracted by all the nonsense of new features that macOS and Windows are adding. I wrote about my journey https://www.ssp.sh/blog/macbook-to-arch-linux-omarchy/ and what I learned after 8 months: https://www.ssp.sh/blog/linux-omarchy-the-good-bad-and-fixab...

marssaxman 2 hours ago|||

This is the reason I stopped bothering with MacOS, also. Linux just works.

js2 14 hours ago|||

> but they should offer a way for those of us who aren't clueless to turn whatever it is off.

I'm not sure if it's what you're asking for, but you can disable SIP:

https://developer.apple.com/documentation/security/disabling...

jlarocco 13 hours ago||

It's been a while since I dumped OSX and went back to Linux, but IIRC, this setting gets reset every time the system updates.

At some point Apple realized the "power user" market was too small, and they were better off treating all of their users like idiots. And that's when I left.

pjmlp 12 hours ago|||

The power user market was never that big for Apple since Mac Classic came to be, that was the target market, the "idiots".

Desktop power users were on the Acorn, Amiga, Atari and PC.

As NeXT "acquired" Apple, Linux users thought OS X was the UNIX experience they were looking for, and since they were never part of Apple culture, keep getting their expectations wrong.

thewebguyd 12 hours ago|||

Apple also kind of accidentally won the power user/developer market. When macbooks became synonymous with SV devs, Windows sucked for everything that wasn't Win32 development, and Linux on the desktop wasn't quite there yet (workable, but no where near the state its in today). Your only other choice was mac. It was UNIX, could dual boot windows if you needed it, so it checked the boxes is nice looking hardware (this was around 2008-2012 era, PC hardware at the time was complete crap).

They never set out to build the ultimate power user machine, their target was still general consumers. They just happened to have the right product at the right time when everything else just failed to compete.

Had desktop linux been in a better state, or had MS built WSL earlier, things might look a lot different today.

linguae 11 hours ago|||

Apple did openly court Unix users during the early days of Mac OS X. As a teenager during this era, Macs of this era were my dream machines due to Mac OS X, and I was so happy to buy an 2006 MacBook the summer after my freshman year of college with money earned from a summer research internship.

Here's a Titanium PowerBook G4 ad that says "Sends other Unix boxes to /dev/null": https://www.reddit.com/r/vintageunix/comments/b4kojo/sends_o...

Here's a snapshot of the software solutions page for the aluminum PowerBook G4 from November 2004, proudly touting Unix and even X11:

https://web.archive.org/web/20041126011836/http://www.apple....

Some quotes from the Power Mac G5 page (https://web.archive.org/web/20041126015955/http://www.apple....) from the same era:

"With the Power Mac G5, a researcher can now run both productivity applications and high-performance UNIX applications on a single system. Mac OS X Panther includes 64-bit optimized system math, vector and image libraries that take maximum advantage of the 64-bit G5 processor."

There was also a cluster in Virginia made of Power Mac G5s, which Apple also touted.

https://en.wikipedia.org/wiki/System_X_(supercomputer)

pjmlp 10 hours ago||

Yes, as they were fighting for getting out of bankruptcy and were reverse acquired by NeXT.

I also attended a marketing session at CERN, when they came to visit our IT department in 2003, when there were still people using Sun pizza boxes as their desktops (aka SPARCstation).

Anyone that has been around Apple long enough can recognise the old Apple (pre-OS X), on current Apple, now that they can be their old self.

Any good biography on Steve Jobs, like The Next Big Thing, Folkore or Cult of Mac, will show that underlying culture.

pjmlp 11 hours ago|||

Or even had they acquired Be instead.

Microsoft had "WSL" earlier, only badly.

The only reason I started with Linux at home back in 1995, was the half hearted UNIX subsystem on Windows NT.

Had they been serious about it I am sure GNU/Linux would never taken off.

As shown by Apple sales of folks buying POSIX instead.

kalleboo 3 hours ago||||

I don't think Apple was ever really strong with the "idiots" market until the iPhone halo effect came into being, as much as they may have tried in their marketing.

That market always bought the cheapest machine (or "best value", by specs/$) they could find (or, if they were really an "idiot", the machine that Best Buy had the highest commission on), which would be a PC.

In the beige days, Apple's bread was buttered in the publishing market, once they moved to OS X, they got the "professional nerds who wanted UNIX but not doing sysadmin at home".

coldtea 7 hours ago|||

>The power user market was never that big for Apple since Mac Classic came to be, that was the target market, the "idiots".

I'd call the power user market that - the kind of idiocy that's more interested in the process than the results.

The actual target market was "people that have a life outside computers".

valleyer 11 hours ago|||

I've had SIP disabled for years, across many updates.

jlarocco 52 minutes ago||

Could have been something else then, but (in the past, at least) they would definitely reset some of the settings on every major upgrade.

WillAdams 4 hours ago|||

Bring back the "Unix expert" checkbox from NeXTstep?

cmsj 8 hours ago|||

You can make the vast majority of them go away by rebooting into recovery mode, running Terminal and then executing:

csrutil disable

nvram boot-args="amfi_get_out_of_my_way=0x1"

I really wouldn't recommend doing either, but you do you.

FireBeyond 15 hours ago||

And then one that grinds my gears, perhaps more than it should: there's no way to change the default browser without explicit user action or consent.

But do that and the very next thing that happens when you try to open a browser or a link in an email?

"Your browser has been changed from Safari to Chrome. Would you like to use Safari or keep using Chrome?" and for a little salt, the default is "Use Safari".

jimrandomh 15 hours ago||

Prior to MacOS 10.11, Mission Control was good: you would swipe up with four fingers and it would show you a preview of all of your spaces. Then in 10.11, for no discernable reason, they changed it to suck: rather than showing you a preview, the bar just says "Desktop 1", "Desktop 2", etc until you mouse over it; the practical effect is that using spaces is disorienting and requires memorization.

Some third-party software pretends to restore this functionality, but they do it by repositioning the mouse to simulate a hover, which introduces a delay and doesn't integrate correctly with the animation. Someone wrote a patch that works by disabling SIP and injecting code (https://github.com/briankendall/forceFullDesktopBar), but eventually stopped maintaining it.

A decade later, I doubt anyone at Apple remembers that this bit of user interface used to be good.

willtemperley 14 hours ago||

> rather than showing you a preview, the bar just says "Desktop 1", "Desktop 2"

I never noticed that behaviour because I only use mission control in full-screen mode. If you swipe up with three (or four) fingers from a full-screen window the previews are visible immediately. I have no idea why we need a different preview for desktop vs full screen however.

The part of this UX that annoys me is the spaces get re-ordered for no apparent reason. I usually have a few IDE windows open and it's tiring to have to double-check the window hasn't moved.

jimrandomh 13 hours ago|||

The full-screen mode handling might be a clue about what went wrong: if you swipe up from a space that contains a full screen app, it has an animation where the app goes into a slot in the preview strip, but that animation doesn't make sense visually for a non-full-screen space. So, perhaps someone was implementing that animation, didn't want to implement an alternate animation for the non-fullscreen case, and decided to minimize the preview strip instead? And because this was after Steve Jobs had died, there was no one left in charge of UX to explain why that was a bad idea?

willtemperley 12 hours ago||

The animation for the full-screen case serves a useful purpose: drawing the eye to the window in the preview.

The non-fullscreen (desktop) case uses an animation for the same purpose, locating the current app window in a sea of others.

So what would the preview be in the swipe-from-desktop case? A preview of the window-sea, or the desktop as is? What should the animation be? I suspect those questions are why they chose to just name the desktop.

I think it would be more consistent if the tab based preview only existed for the desktop window-sea and transitioned to the actual space previews when swiping between spaces.

perilunar 9 hours ago||||

> If you swipe up with three (or four) fingers from a full-screen window the previews are visible immediately.

Previews are also visible immediately if you set Mission Control as a hot-corner action. In never see the title-only spaces — i forgot it even did that until this discussion.

I also wish I could name the Spaces. "Desktop N" is pretty useless.

fragmede 14 hours ago|||

that's a setting you can turn off. settings -> desktops and spaces -> reorder spaces

71bw 5 hours ago|||

Does it work nowadays? Back in High Sierra days whenever I tried turning this off it did absolutely nothing and still reordered my shit.

willtemperley 4 hours ago||

Turning off "Automatically rearrange Spaces based on most recent use" keeps the spaces in the order I left them. That's nice. Three finger swipe between spaces when not using the preview seems to work.

However, swiping beetween the previews, it sometimes jumps to random places in the order - which is not nice.

Possibly a bug, but I might as well just write this as a letter to Santa because it's got more chance of being read than a feeback.

willtemperley 14 hours ago||||

Ah thanks!

The setting is "Automatically rearrange Spaces based on most recent use" which explains why the behaviour felt so intermittent.

ebbi 14 hours ago||

Agree! That "Desktop 1", "Desktop 2" view is so annoying, and given we have higher res monitors now, it serves no purpose if the intention was to save space.

josho 12 hours ago||

I loathe that I can't even rename the desktops.

Wouldn't it be great to have them named "Design", "Dev", "Productivity", "Games". Or whatever makes sense given your needs, instead of simply desktop #.

jeroenhd 9 hours ago||

Windows has had the rename feature for ages and I don't know why Apple can't just copy that. They've copied plenty of other stuff, why stick with the weirdly restrictive desktop naming scheme?

leojfc 7 hours ago||

Yes, and I'd go a step further: OSes in general need a concept of a 'project' or 'task' or whatever, which a) cuts across apps and b) integrates deeply with windowing and spaces.

Multitasking and context switching has been increasing for years, instant messaging boosted them again, and agent-based workflows are only going to push further in that direction. The OS needs to support that, and it's not an app-level concern: I use the same apps in each of my tasks.

IDEs can help with this of course: they tend to have workspace/project primitives and can restore code and terminal contexts from those. But there's always a bunch of other connected stuff that can't be linked: web pages (some IDEs are starting to manage those too), agents which don't reside in the IDE, relevant chats with colleagues, project management apps and so on.

This is clearly an OS-level concern, not an app-level concern.

Some of the iPad experiments with alternative window organisation looked kind of promising, but they’re just not powerful or intuitive enough IMO.

lobofta 20 minutes ago||

I use Niri workspaces that way. I name my spaces (usually after branches) and have a browser, editor and usually a few terminals open on a workspace. It's also great that a workspace has infinite space so that I can never have to think about creating workspaces just because some workspace has run out of room.

npilk 1 hour ago|||

I feel like Arc nailed this perfectly with the vertical tabs and multiple "spaces", and since almost everything happens in-browser these days, this was 99% good enough. I can't understand why more power users don't find this setup ideal. I'm hoping Zen Browser can become a solid replacement.

paularmstrong 28 minutes ago||

Zen has been working as a full replacement for Arc for me since the Atlassian acquisition. There are only minor things that I miss from Arc ("development mode").

kps 1 hour ago|||

KDE tries to do this with Activities¹ (I personally haven't found it useful).

¹https://blogs.kde.org/2026/01/17/streamline-plasma-with-acti...

ubercore 7 hours ago||

I make a version of this happen with Aerospace on macOS.

boronine 1 hour ago|||

For anyone wondering, you can use Aerospace purely as a workspace switching solution without the tiling: https://www.boronine.com/2025/02/09/Instant-Workspace-Switch...

joenot443 4 hours ago||||

Thrilled to see it's FOSS.

https://github.com/nikitabobko/AeroSpace

leojfc 7 hours ago|||

Oh nice, looks awesome, I will give it a go!

zimmund 1 hour ago||

The window (miss)management of MacOS is what's holding me from switching to Mac. I've already tried Aerospace and similar solutions, but I can't replicate the fast and unobstructed experience I have with i3wm.

Sadly wm in MacOS is like notifications on iOS: with enough time you get used to the unproductive mess they are, but you'll be missing out on better solutions. And since probably all MacOS devs are using Mac, they won't see/understand other (better) approaches.

ahofmann 52 minutes ago|

I switched to MacOS a few months ago from sway and I really try to be as open as possible to the mac way of life, because I don't want to fight my OS. But, boy, mission control is unusable crap. I was really shocked how dumb everything around this feature was made. Things that were possible a few years ago, are not possible anymore. Like switching to desktops/workspaces by keyboard. Or the grid.

With the app "AltTab" I can at least switch between my apps without using the mouse and with raycast I can position windows, but it is painful how much slower switching and positioning things in MacOS is, than in any tiling window manager.

drob518 2 hours ago||

I’m convinced that the biggest threat to good UIs are the majority of professional UI designers. Think of it this way… Half of all UI designers are below the median. These people chose UI design as a career. You don’t advance your career by simply defending the status quo year after year. To advance you need to design something new. So, you do. You do whether whatever was there before is working well or not. Because what are you going to do, sit on your hands year after year? And because half of all UI designers are below the median, a new UI design has even odds of being a step backwards. And then you’re on stage yammering about Liquid Glass at an Apple launch event. One thing that makes me sad is that a lot of designers seem to focus on visuals and don’t seem to understand anything about usability. How many designers entering the workforce know what Fitts’s Law is, for instance? How many designers were standing in the breach against all of Liquid Glass’s usability issues, most of which were quite obvious? Honestly, with rare exceptions, the designers are the issue.

bitexploder 2 hours ago|

This assumes that every designer is on the bell curve at the big tech firms in the roles that can influence this. I am not defending modern UI/UX, but that is quite an assumption.

drob518 1 hour ago||

You're right, it is a big assumption, but it's not unfounded. I've worked at F50 companies and founded my own startup. It's a lot easier to get two really great designers from the far right side of the bell curve when you're a small startup. As an organization reaches even 1000 people, you're now starting to draw from the middle of the bell curve. In fact, you have to. If you try to hire only from the far right of the bell curve for all positions, you end up with a lot of egos that will clash. In the best case, you hire leaders from the far right of the bell curve and followers from the middle. But at some point those mediocre followers start asking for promotions and your hotshot leader leaves for greener pastures. Controlling for that in your hiring practices at a large organization is virtually impossible, particularly if you have standard (middle of the bell curve) HR people. BTW, this is exactly why startups out-execute large companies every day of the week. A small startup can carefully control its hiring, select from the right side of the bell curve, and avoid all the large company HR crap. But as soon as it starts to scale, the bell curve becomes a looming threat.

bitexploder 3 minutes ago||

On the other hand, just working at big tech doesn't mean you are especially great. Conformance and criteria other than raw skill matter. As you say, promotion games, etc... I would just lump all of that under conformance. So, you aren't wrong.

However, why startups outperform big companies isn't just the skill gap. Even if you have the most amazing leadership in big tech it is monumentally difficult to move the needle on some problems purely because of size not because of incompetence. All I am saying is don't overindex on perceived intelligence. A big org can start looking pretty dumb even though it is still far right of the bell curve compared to even a startup (hypothetically). Org size and the constraints that brings are a significant factor.

mortenjorck 13 hours ago||

I can never prove it, but I like to think I'm the one to credit/blame for inspiring Apple to "inexplicably restrict [spaces] to a horizontal line only" in Leopard. I produced a concept video in 2009 that prominently featured a linear window manager with gestural navigation, and while it's mostly forgotten today, it was covered by all the tech press at the time and inspired a few attempts at adapting some of its idioms into proofs-of-concept in the early 2010s.

While linear window management is clearly not to everyone's taste, I still think it's a valid idea! It was heartening to see this launch and its reception, as I'm actually working on something in the same area right now...

willtemperley 56 minutes ago||

I like the concept. Assuming you were the inspiration for this (very possible) how do you feel about the usability?

I spent an hour today trying to get it working the way I’d expect and it still does odd things, like after disabling automatic reordering based on usage the order is different when 3 finger swiping previews as opposed to actual windows. The visual order is as expected but the swipe order is not linear.

nsagent 3 hours ago|||

PaperWM is the closest to this approach. There's also a macOS port:

https://github.com/mogenson/PaperWM.spoon

airstrike 2 hours ago|||

FWIW your video is amazing. make it 2D and add hotkeys to go to spaces and I'll use it right away

wodenokoto 11 hours ago|||

Is the video still around? Share a link!

quadhome 7 hours ago|||

https://www.youtube.com/watch?v=tf03YBxCyGI

jadeopteryx 3 hours ago|||

Ah, I remember that video, seeing it as the future of window control. Very nice.

Shorel 5 hours ago||

Thank you for confessing!

I hate that design and what it has done to Gnome.

A grid was so much better.

1xn 25 minutes ago||

I still miss MacOS classic vibes, even System 7 was great to me. I'm not totally a fan of the whole new MacOS system, its amazing of course, not saying it's not. But I miss the simplicity of MacOS9 and how we customized our desktops with nice pixelart 32x32 icons!

alsetmusic 3 hours ago||

I genuinely could not believe it when they took away vertical spaces. Having to jump over extra screens made the feature useless to me. I stopped using it. It's impractical.

felixding 14 hours ago||

Slightly off-topic: the old Aqua UI looks so much better. Not only it was much easier to see what's a control and what's text, but it also looked visually nicer (subjective, I know).

andrewl-hn 2 hours ago||

To be fair, so are many other UIs. Windows 95-style boxy buttons and bevels make the content look organized. Every possible action gets its button that looks like a button. You often see the total set of available actions by looking at a toolbar. You don't need to second-guess whether some piece of content itself is clickable / editable or not.

Also, everything has excessive padding now. Modern Windows control panel UIs often feel like a multicolumn wall of text with lots of empty space and a few switches dropped in, and to fit the same amount if options as the older UI they had to either hide some toggles because "known needs them anymore" or introduce extra intermediary navigation steps. As a result the new Control Panel feels bloated and less useful.

ido 13 hours ago||

Funnily enough when Aqua was new i remember thinking Platinum looked so much better.

wpm 12 hours ago||

That is correct. Platinum still looks fantastic, carefully hewn out of the HIG. Early Aqua is a bit ostentatious and at the very least indulgent. Still better than the fucking flat-slop plus glarse vomit we have to put up with now.

black_knight 9 hours ago||

We dont have to put up with it. At some point the collective “we” could consider using some other machines with other, more free, operating systems.

pwg 14 hours ago|

> Two decades ago I had a better Mac desktop experience than I have today.

Two decades ago was 2006. I have the same desktop experience today as I had two decades ago (Fvwm2) and have had the grid virtual desktop layout this author misses so much for the entire time via the Fvwm2 (and Fvwm before that) virtual desktops feature. One of the reasons I switched to Fvwm (I no longer remember when, but sometime in the mid to late 1990's) was the grid virtual desktops feature. So I've had gridded virtual desktops for longer than twenty years. Fvwm2's configuration has been tweaked and adjusted slightly along the way, but at no time did a corporate designer decide that I no longer should have a feature I had previously been using.

Proprietary software does not have your interests at heart, it has its stock price or next quarters sales numbers at heart, nothing more.

keyle 13 hours ago||

Yeah okay. But at least we have decent font rendering.

SSLy 7 hours ago||

so does linux since when infinality-lite was ported into fontconfig, harfbuzz, and friends.

regexorcist 13 hours ago||

Reading the article as a Linux user was almost infuriating. I can't imagine having my workflow, something I've refined for my needs over the years, taken away from me at the wish of a company. Before I switched to Plasma and Wayland I ran XFCE with the exact same config for maybe 15 years, unbothered by updates.

Mashimo 10 hours ago|||

> I can't imagine having my workflow taken away from me

You never ever had a single software change its workflow?

davkan 9 hours ago||

People have been using emacs for how many decades? Or vim and terminal? Linux DEs rarely change entirely without the ability to run old versions, with the notable exception being gnome 3 which is still divisive to this day in large part because of it. And even then it was still possible to keep your workflows with MATE, the continuation of gnome 2. Libre office just recently implemented the ribbon and you can still disable it.

Radical workflow changes with no recourse is the standard in proprietary software, not so much in FOSS.

Mashimo 9 hours ago||

KDE 4.0 has entered the chat.

Jokes aside: yes, I can see how it's technically possible to never experience a workflow change. But also using the same tools at work, your kids school, family you help etc. I just find not very probable.

davkan 8 hours ago||

I think GP was more talking about having your main workflows changed out from underneath you not so much never having to interface with something outside it. I haven’t had the luxury of a non windows workplace but if I worked in a Linux shop I’d be matching my home workflows. I see plenty of anecdotes on here about users who haven’t worked outside of emacs in decades. Not a probable scenario though I’ll agree with that.

Nursie 10 hours ago|||

> I can't imagine having my workflow, something I've refined for my needs over the years, taken away from me at the wish of a company.

The great Gnome 3 rollout did this for me... to be fair I guess that was a decision of the distributions, but it was in concert with the developers who decided to make a hard changeover, EOL the gnome 2 line there and then, and (deliberately?) scupper the possibility of installing both 2 and 3 on the same system.

Either way it sucked and that pushed me to Xfce, which I still use on linux. But it goes to show it can happen in FOSS.

More comments...