Mac users - be aware

Sandman wrote:

In article , sid wrote:

sid:
That's the point isn't it? Why then are Apple
removing the ability to do as you will with your
system, all in the name of your security, if there is no
perceivable threat?

Sandman:
There have been zero break-ins into my home. That
doesn't mean I will remove my home alarm, or leave my door
unlocked when away.

sid:
That's an incorrect analogy. Apple aren't removing
anything they are adding, more like you installing a razor
wire fence with savage rottweillers patrolling the boundary
at your home.

nospam:
there's nothing incorrect about it.

sid:
Are you insane?

nospam:
in both cases, it's making things more secure.

sid:
how does "remove my home alarm, or leave my door unlocked when
away" in any way make things more secure?

Sandman:
The analogy is that I added a home alarm and lock my door to make
it more secure.

But that is not what you wrote.

But that could be inferred,

But *very* unlikely to be.

since few houses are built with an alarm, it
is usually added later by the resident.

You're just digging now!

--
sid

Alan Browne wrote:

On 2015-08-11 18:57, sid wrote:
Sandman wrote:

With El Capitan, no matter how elevated your privileges, you can
not edit, add or remove files in the locations /System, /bin,
/sbin, or /usr (except /usr/local).

Only Installer and Software Update can do that, and only using
Apple-signed developer packages.

There is no "real root".

The real root user is the one that signs the packages if they are
the only things that can write anywhere.

No, as I said - there is no "real root". The system is built so that no
user privileges, including root, can write files to specific locations
unless they are being installed using a specific application using a
signed certificate.

Which is just what I have been saying. Even if you log on as root you
can't actually write everywhere, ergo you are not really root. And to be
clear I am using the term root as it would traditionally be used not how
it is being misused in the upcoming OSX

Then you're missing some key elements of the world as it is in 2015.

I don't think so.

The owners of OS X, who license it only for use on the computers they
sell, have every right to limit its functionality in any way they see
fit. They probably did not come asking your opinion and you have the
right to abstain from using their OS.

Apple spend a mountain of cash on the OS. Apple are faced with doing a
reasonable job in protecting ordinary users from attack by malware
makers. They generally do a good job in their own plodding manner. If
they have come to the conclusion that putting up greater barriers to
accessing the most sensitive parts of the OS is good for the users and
by extension good for them, then that is their decision. You want the
updated features, you have to accept the security barriers they've added.

Yes.

There are a lot of things about Apple's decisions that I don't like.
But then the choices out there tend to make me run to Apple in any case.

If asked for an opinion by an average computer user I will recommend a Mac
for the same reasons, anything is better than windows.

And it will still be the root account. Just less than what you're
familiar with or "approve".

https://en.wikipedia.org/wiki/Superuser

--
sid

In article , sid wrote:

sid:
That's the point isn't it? Why then are Apple
removing the ability to do as you will with your
system, all in the name of your security, if there
is no perceivable threat?

Sandman:
There have been zero break-ins into my home.
That doesn't mean I will remove my home alarm, or
leave my door unlocked when away.

sid:
That's an incorrect analogy. Apple aren't removing
anything they are adding, more like you installing a
razor wire fence with savage rottweillers patrolling the
boundary at your home.

nospam:
there's nothing incorrect about it.

sid:
Are you insane?

nospam:
in both cases, it's making things more secure.

sid:
how does "remove my home alarm, or leave my door
unlocked when away" in any way make things more secure?

Sandman:
The analogy is that I added a home alarm and lock my
door to make it more secure.

sid:
But that is not what you wrote.

Sandman:
But that could be inferred,

But *very* unlikely to be.

Depends on whether the person reading is a troll or not I suppose.

Sandman:
since few houses are built with an alarm, it is usually added
later by the resident.

You're just digging now!

Coherent and mature, as always.

--
Sandman

In article , sid wrote:

Sandman:
With El Capitan, no matter how elevated your
privileges, you can not edit, add or remove files in the
locations /System, /bin, /sbin, or /usr (except
/usr/local).

Only Installer and Software Update can do that, and only
using Apple-signed developer packages.

There is no "real root".

sid:
The real root user is the one that signs the packages
if they are the only things that can write anywhere.

Sandman:
No, as I said - there is no "real root". The system
is built so that no user privileges, including root, can write
files to specific locations unless they are being installed
using a specific application using a signed certificate.

sid:
Which is just what I have been saying. Even if you log on as
root you can't actually write everywhere, ergo you are not
really root.

Sandman:
And this is where we have corrected you - you ARE "really" root.
There is no other root that the root account.

You're basically saying that if tomorrow the president lost his
power to launch missiles, he's not "really" president.

Well if you stretch the missiles bit to 'any important decisions'

I didn't, just as root in El Capitan isn't "no important privileges".

then yes, who ever actually makes those decisions is really in
charge, regardless of the name you give to either.

Not regardless, in the analogy, he would no longer be the president according
to you. According to you, the title "President" is defined as having the
privilege to launch missiles, so if it was decided that he no longer has that
power (and perhaps no one has, or its distributed or whatever), then he would
no longer be President.

Weird.

sid:
And to be clear I am using the term root as it would
traditionally be used not how it is being misused in the
upcoming OSX

Sandman:
There is no "misuse" or "traditional" use.

http://www.linfo.org/root.html

"root Definition"

"root is the user name or account that by default has access to all
commands and files on a Linux or other Unix-like operating system.
It is also referred to as the root account, root user and the
superuser.

Root privileges are the powers that the root account has on the
system. The root account is the most privileged on the system and
has absolute power over it (i.e., complete access to all files and
commands). Among root's powers are the ability to modify the system
in any way desired and to grant and revoke access permissions
(i.e., the ability to read, modify and execute specific files and
directories) for other users, including any of those that are by
default reserved for root."

See also

https://en.wikipedia.org/wiki/Superuser

I.e. no misuse.

sid:
Being "rooted" doesn't mean only access to a users home
directory has been achieved does it?

Sandman:
Indeed, and in El Capitan, these locations can't be
"rooted".

I'm unsure whether you don't know how the root account works
in unix

sid:
I do.

Sandman:
As I said, I'm not so sure, given what you've said thus far.

or if you don't know how OSX works right now.

sid:
Which bit in particular?

Sandman:
Are you asking me what parts of OSX you are ignorant about?

No.

What was the use of that question mark, then?

--
Sandman

Sandman wrote

sid:
Which is just what I have been saying. Even if you log on as
root you can't actually write everywhere, ergo you are not
really root.

Sandman:
And this is where we have corrected you - you ARE "really" root.
There is no other root that the root account.

You're basically saying that if tomorrow the president lost his
power to launch missiles, he's not "really" president.

Well if you stretch the missiles bit to 'any important decisions'

I didn't,

Well then the rest of your argument is just made up clap trap.

sid:
And to be clear I am using the term root as it would
traditionally be used not how it is being misused in the
upcoming OSX

Sandman:
There is no "misuse" or "traditional" use.

http://www.linfo.org/root.html

"root Definition"

"root is the user name or account that by default has access to all
commands and files on a Linux or other Unix-like operating system.
It is also referred to as the root account, root user and the
superuser.

Root privileges are the powers that the root account has on the
system. The root account is the most privileged on the system and
has absolute power over it (i.e., complete access to all files and
commands). Among root's powers are the ability to modify the system
in any way desired and to grant and revoke access permissions
(i.e., the ability to read, modify and execute specific files and
directories) for other users, including any of those that are by
default reserved for root."

See also

https://en.wikipedia.org/wiki/Superuser

I.e. no misuse.

Incorrect.

or if you don't know how OSX works right now.

sid:
Which bit in particular?

Sandman:
Are you asking me what parts of OSX you are ignorant about?

No.

What was the use of that question mark, then?

It was an opportunity for you to add a veiled insult.

--
sid

Sandman wrote:

In article , sid wrote:

sid:
That's the point isn't it? Why then are Apple
removing the ability to do as you will with your
system, all in the name of your security, if there
is no perceivable threat?

Sandman:
There have been zero break-ins into my home.
That doesn't mean I will remove my home alarm, or
leave my door unlocked when away.

sid:
That's an incorrect analogy. Apple aren't removing
anything they are adding, more like you installing a
razor wire fence with savage rottweillers patrolling the
boundary at your home.

nospam:
there's nothing incorrect about it.

sid:
Are you insane?

nospam:
in both cases, it's making things more secure.

sid:
how does "remove my home alarm, or leave my door
unlocked when away" in any way make things more secure?

Sandman:
The analogy is that I added a home alarm and lock my
door to make it more secure.

sid:
But that is not what you wrote.

Sandman:
But that could be inferred,

But *very* unlikely to be.

Depends on whether the person reading is a troll or not I suppose.

No it depends on whether you can read English or not.

What you wrote is like saying

There have been no virus infections on OSX. That does not mean removing the
firewall and having no login password.

What is actually happening

There have been no virus infections on OSX. Therefore we are adding razor
wire and guard dogs, and taking away the keys to your bathroom and bedroom.

Sandman:
since few houses are built with an alarm, it is usually added
later by the resident.

You're just digging now!

Coherent and mature, as always.

You didn't understand what I meant, then, did you?

--
sid

In article , sid wrote:

sid:
But *very* unlikely to be.

Sandman:
Depends on whether the person reading is a troll or not I suppose.

No it depends on whether you can read English or not.

What you wrote is like saying

There have been no virus infections on OSX. That does not mean
removing the firewall and having no login password.

What is actually happening

There have been no virus infections on OSX. Therefore we are adding
razor wire and guard dogs, and taking away the keys to your
bathroom and bedroom.

You're using the word "therefore" incorrectly.

Sandman:
since few houses are built with an alarm, it is
usually added later by the resident.

sid:
You're just digging now!

Sandman:
Coherent and mature, as always.

You didn't understand what I meant, then, did you?

I rarely do.

--
Sandman

In article , sid wrote:

sid:
Which is just what I have been saying. Even if you log
on as root you can't actually write everywhere, ergo you
are not really root.

Sandman:
And this is where we have corrected you - you ARE
"really" root. There is no other root that the root account.

You're basically saying that if tomorrow the president lost
his power to launch missiles, he's not "really" president.

sid:
Well if you stretch the missiles bit to 'any important
decisions'

Sandman:
I didn't,

Well then

Indeed. Snip and run, it's what you do best.

Sandman:
I.e. no misuse.

Incorrect.

Incorrect.

Sandman:
or if you don't know how OSX works right now.

sid:
Which bit in particular?

Sandman:
Are you asking me what parts of OSX you are ignorant
about?

sid:
No.

Sandman:
What was the use of that question mark, then?

It was an opportunity for you to add a veiled insult.

So you used a question mark incorrectly and failed to obtain the result you
desired. Weird.

--
Sandman

In article , sid wrote:

nospam:
no they don't.

Oh yes they do! Is this another of your complete brain malfunctions?

Tell me how these two sentences mean the same thing

"nobody is restricting access to the entire computer."

I.e. the entire system is not restricted, users still have access to the vast
majority of the system, the entire system is not restricted.

It's a fun example of what I think is called a "dangling modifier".

"certain key system files are restricted from being altered and for
very good reasons."

Certain things are restricted, thus the entire system isn't restricted. Dangle,
dangle

sid:
What *are* you on about you idiot. The whole point of your
blathering is that things outside the norm won't be allowed so
as to protect everybody from themselves. Are you changing your
mind now?

nospam:
i haven't changed my mind and that's not what i said.

You're right, Jonas said it.

You're lying again.

nospam:
yep. all it takes is $99 to register as a developer.

unsigned software can still be used, but the user just has to
override the warnings that the app is from an unknown developer.
such software is not always malware but the chances are *much*
higher.

So after all your blustering you're now saying none of it will make
any difference because unsigned software can still be used?
Brilliant.

None is so deaf as he who will not listen.

sid:
Quote me saying "it's a bad idea" Oh, you can't. Just more ****.

nospam:
so are you now saying it's a good idea?

If you think it's a good idea then I'm sure it must be so. For the
record I don't care one way or the other what happens in future OSX
as I will not be using it at all. I just asked how they were going
to be doing it.

So is it a good idea or a bad idea?

--
Sandman

On 2015-08-12 04:36, sid wrote:
Alan Browne wrote:

On 2015-08-11 18:57, sid wrote:
Sandman wrote:

With El Capitan, no matter how elevated your privileges, you can
not edit, add or remove files in the locations /System, /bin,
/sbin, or /usr (except /usr/local).

Only Installer and Software Update can do that, and only using
Apple-signed developer packages.

There is no "real root".

The real root user is the one that signs the packages if they are
the only things that can write anywhere.

No, as I said - there is no "real root". The system is built so that no
user privileges, including root, can write files to specific locations
unless they are being installed using a specific application using a
signed certificate.

Which is just what I have been saying. Even if you log on as root you
can't actually write everywhere, ergo you are not really root. And to be
clear I am using the term root as it would traditionally be used not how
it is being misused in the upcoming OSX

Then you're missing some key elements of the world as it is in 2015.

I don't think so.

Yes: You want 1990 Unix in 2015. Apple have changed what their
deployment of Unix is.



The owners of OS X, who license it only for use on the computers they
sell, have every right to limit its functionality in any way they see
fit. They probably did not come asking your opinion and you have the
right to abstain from using their OS.

Apple spend a mountain of cash on the OS. Apple are faced with doing a
reasonable job in protecting ordinary users from attack by malware
makers. They generally do a good job in their own plodding manner. If
they have come to the conclusion that putting up greater barriers to
accessing the most sensitive parts of the OS is good for the users and
by extension good for them, then that is their decision. You want the
updated features, you have to accept the security barriers they've added.

Yes.

There are a lot of things about Apple's decisions that I don't like.
But then the choices out there tend to make me run to Apple in any case.

If asked for an opinion by an average computer user I will recommend a Mac
for the same reasons, anything is better than windows.

And it will still be the root account. Just less than what you're
familiar with or "approve".

https://en.wikipedia.org/wiki/Superuser

Clearly Apple don't take guidance from Wikipedia articles. And of
course that article will eventually be edited to reflect "Superuser" in
the OS X 10.11 context. Nice thing about Wikipedia - it adapts as times
change.