Why would a person turn off a feature they don't understand? Besides the only people who have issues with or even know what SIP is, are technical people. The average mac osx user doesn't even know about the hidden directories that SIP is protecting or what dtrace even is. If apple made it so SIP could not be turned off I would be with you on this, but you can turn off SIP.

Also what war on general computing? If a person want's full control of their operating system they can use one of the free open source ones like FreeBSD, one of the thousands of Linux distros, illumos, OpenBSD, NetBSD, etc, etc.

This doesn't have a damn thing to do with dtrace. This is about Apple asserting that they own your computer, de facto, not you.

Assumptions you're making:

* That the ability to disable SIP will always be available, forever, even though Apple has incentives to continue making their products more an "applicance" and less a "computer". I already said there are hardware features in new CPUs that are specifically designed to make that impossible. (see previous [5])

* That SIP will continue, forever into the future, to protect only those hidden directories.

* That Apple always knows what is better for the user, and won't exploit that power.

> turned off

Why is it that any time someone starts grabbing for power, there are always people that say we should ignore it because there is some workaround, or it's only an insignificant amount of power? Power is accumulated in small steps, with the hope that nobody notices until iti is too late.

As an analogy, you might say that I'm warning you that someone seems to be placing some gas cans around your property, and you might want to stop them before they decide to light a match. Meanwhile, you (and quite a few other people) are saying it's no big deal because you can just step over those gas cans - they aren't blocking the walkway much.

Apple is taking your root access away, and you're fine with it. They are saying that they de facto own your computer, not you. Yet you're fine with it.

> Also what war on general computing?

I'm somewhat shocked. All I can say is you have quite a bit of catching up to do. For the answer to that question, see my previous [1] and [2]. For [1], I linked to Doctorow's essay, but he links to his original lecture at 28C3 if you prefer. That lecture introduces the War, while [2] continues with a discussion of why we need to solve this problem now, as the ramifications extend much further than Apple and the ability to gain root.

Again, you might want to think long and hard about the long-term consequences of giving up root access to Apple. Security can be provided for the user without handing control over to Apple.

They don't assert ownership, they set a default setting to prohibit a potential security hole. This is the same principal as a master key, if there is a hole you can exploit, there exists a hole which someone else may exploit.

>That the ability to disable SIP will always be available, forever, even though Apple has incentives to continue making their products more an "applicance" and less a "computer". I already said there are hardware features in new CPUs that are specifically designed to make that impossible. (see previous [5]) That SIP will continue, forever into the future, to protect only those hidden directories. * That Apple always knows what is better for the user, and won't exploit that power.*

All the assumptions he's making are about what ACTUALLY happens, today.

All your assumptions are about uncertain future events and "what ifs".

Who do you think makes make sense?

So you're saying we should inductively reason that Apple will never change their behavior even though they already restrict the iphone? This is a large claim.

Do you want a warning about the possible arsonist who seems to be stacking gas cans near your house? Do you want to insist that he isn't a problem because he hasn't burned your house down yet?

Both of those are claims about the future. I'm basing mine of Apple's history with the iphone and the direction their actions have taken over the last decade. The claim you describe as being "about what ACTUALLY happens today" is really a claim about Apple's behavior into the future. I see no contract guaranteeing they won't change SIP. What I do see is a lot of people seeing what they want to see.

>So you're saying we should inductively reason that Apple will never change their behavior even though they already restrict the iphone? This is a large claim.

No, I'm saying that what IS has more substance than the myriads of things that we're worried that CAN BE.

And, for this specific question mentioning the iPhone, I'm also saying that restricted, special purpose devices, which were ALWAYS sold as such (like mobile phones ever since the early nineties) are not the same as PCs which have other uses cases and history.

>Do you want a warning about the possible arsonist who seems to be stacking gas cans near your house?

Not when the only reason to think of them as "arsonist" is for stacking gas cans, when that also has another very logical explanation (e.g. he's building a gas station).

In the case of Apple, they're improving the security of OS releases, the same way Microsoft and other do. Sandboxes, secure modes, signed apps, are all standard things security researchers have been advising for years.

In all those years since they introduced signed and sandboxes apps, they never removed the ability to run non sandboxed and/or non-signed apps. So I also doubt they'll remove the ability to turn off SIP, as it's still needed for various use cases.

But even if they do change the SIP, no big deal for 99% of their customers. The rest can always use another platform, unless they value the (then) convenience, virus-tolerance etc of OS X more than they value the "do everything with them" openness of other platforms.

Just because some people started with a 'assemble yourself' kit PC in the 80s, it doesn't mean that the essence of having a PC is all about custom rigging it. And even more so, that was never the allure of Apple PCs (neither implicit or advertised). It was "it just works".

> This doesn't have a damn thing to do with dtrace. This is about Apple asserting that they own your computer, de facto, not you.

Dtrace is one of the features that is limited by SIP so yes this has something to do with dtrace.

> That the ability to disable SIP will always be available, forever, even though Apple has incentives to continue making their products more an "applicance" and less a "computer". I already said there are hardware features in new CPUs that are specifically designed to make that impossible.

Yes apple could get rid of the ability to turn off SIP, I don't believe they will. Doing so would anger developers and technical users, these people have a huge amount of say on what technology get used in their organization.

> That SIP will continue, forever into the future, to protect only those hidden directories.

I don't assume that it will only protect those hidden directories, because it protects other system resources as well. I also hope apple keeps adding to the list of protected resources, to continue securing Mac OSX and IOS.

> Why is it that any time someone starts grabbing for power, there are always people that say we should ignore it because there is some workaround, or it's only an insignificant amount of power? Power is accumulated in small steps, with the hope that nobody notices until iti is too late.

This is not a power grab, this is a company securing their products for their users. Even if this somehow is a power grab by apple, so what. No one is forced to buy apple's products, and if apple wants to do things that make there products less desirable, again so what, people might start switching to a competitor. It's not like apple is the government, nor is it a monopoly.

> Apple is taking your root access away, and you're fine with it. They are saying that they de facto own your computer, not you. Yet you're fine with it.

Apple has not taken root access from me, I can still do whatever I want on my Mac Pro.

> Again, you might want to think long and hard about the long-term consequences of giving up root access to Apple. Security can be provided for the user without handing control over to Apple.

Again I still have root on my laptop, yes I had to boot into recovery mode first, but afterwards I can sudo away. To me it seems like you haven't heard of Mandatory Access Controls, Operating systems have had the ability to reduce the privileges of root for a long time. Thats all SIP is a application of Mandatory Access Controls, SIP is built on top of the TrustedBSD MAC framework that FreeBSD, IOS, and MAC OSX all share. The MAC framework has been in IOS and Mac for a decade and apple have been slowly using it to hardened there operating systems and SIP is just a progression of this. You would think you would be happy that apple is trying to improve the security of their products.

> I don't believe they will.

Aka, an assumption.

So tell me the equivalent method to gain complete root access on an iphone. Not a jailbreak or unofficial firmware, an actual supported method by which you can become root and change anything on the device. Unless I am badly misinformed, this doesn't exist.

Your faith in Apple to not lock out SIP (or otherwise continue their trend of turning their products into appliances) requires ignoring that Apple already did that on other products.

> anger developers and technical users

So all Apple (or whomever) has to do to take away features is to make sure they have a way to satisfy or distract most of the developers and technical users. As this is not a large group of people, if they have a workaround, it does not change much.

I already said that this technological priesthood that knows how to work around these problems don't matter, as the average users are the people who will pay for this in practice.

Why would it hurt users? Because this kind of feature tends to always expand in scope when there is a financial incentive to do so. You even acknowledge this.

> I also hope apple keeps adding to the list of protected resource, to continue securing Mac OSX and IOS.

Securing for who? The owner of the computer? Or the vendors of their app store and music store?

> Apple has not taken root access from me, I can still do whatever I want on my Mac Pro.

Sometimes this isn't about YOU. This kind of selfish attitude is what allows corporations to continue taking advantage of other people.

> switching to a competitor

How many competitors are there for people to switch to? Are you stretching the definition and including competitors that are not compatible and would require re-purchasing software because the software they already paid for isn't compatible?

There is a huge cost to switching... which is why Apple absolutely is guilty of monopolizing (which is what the anti-trust laws ban, not a "monopoly" by some arbitrary market share).

> Again I still have root on my laptop,

Of course. Apparently you didn't read the part where I discussed this was a warning about the future, as power is taken in small increments.

More importantly, I find it interesting that you completely ignored the topic of the War On General Purpose Computing, which is central to this discussion. Doctorow's 28C3 talk directly address these problems and refutes many of your replies. Do you want to learn about this problem, which has been going on for many years, or are you an apparatchik that believes Apple can do no wrong?

> So tell me the equivalent method to gain complete root access on an iphone. Not a jailbreak or unofficial firmware, an actual supported method by which you can become root and change anything on the device. Unless I am badly misinformed, this doesn't exist

There isn't one, and there has never been a way to officially gain full root on an iphone. Which is fine, iphones were never marketed as a general computing device, it's a smartphone.

> Your faith in Apple to not lock out SIP (or otherwise continue their trend of turning their products into appliances) requires ignoring that Apple already did that on other products.

I could care less what apple does, it's not my primary operating system, FreeBSD is.

> So all Apple (or whomever) has to do to take away features is to make sure they have a way to satisfy or distract most of the developers and technical users. As this is not a large group of people, if they have a workaround, it does not change much.

SIP isn't taking away features, it is a feature. Secondly if apple has a well documented workaround for their more restrictive features, then yes this is the best of both worlds. As the OpenBSD crowd has shown, security features need to be on by default or they are rarely used. Apple can't rely on most of their user's to turn on the various security features. Most Linux user's turn off selinux because it's hard to setup, and I would wager Linux users are more technical on average then Mac users. And by allowing a way to turn off these security features for those who need to, it allows for people to do whatever they want with their Mac.

> How many competitors are there for people to switch to? Are you stretching the definition and including competitors that are not compatible and would require re-purchasing software because the software they already paid for isn't compatible?

There's plenty of competition in both mobile phones and personal computer markets. For mobile phones you can get smartphones from Apple, Samsung, HTC, Microsoft, BlackBerry, and a few more. As for personal computers there's Apple, HP, Dell, Lenovo, Asus, Toshiba, etc, etc. I also would like to add that even if these various products are not compatible it does not mean they are not competitors. Blenders from two different manufacturers are not compatible, but they are most definitely competing for customers.

> Sometimes this isn't about YOU. This kind of selfish attitude is what allows corporations to continue taking advantage of other people.

When it's about me and my laptop, Only thing I care about is whether I'm satisfied. And I think it's strange that you think this is an example of Apple taking advantage of people, when Apple has done far worse things to people, such as their use of cheap labour when they could easily afford to pay those people more. SIP is a good thing.

> Sometimes this isn't about YOU. This kind of selfish attitude is what allows corporations to continue taking advantage of other people.

The reason corporations do as they please is because people don't hold politicians accountable. Secondly I would like to say, have you thought whether YOU are being selfish? You want a company YOU don't own to change their product to satisfy YOUR view on how they should make their product. Especially considering this feature protects users from various types of attacks such as, loading rootkits, and hooking library functions.

> More importantly, I find it interesting that you completely ignored the topic of the War On General Purpose Computing, which is central to this discussion. Doctorow's 28C3 talk directly address these problems and refutes many of your replies. Do you want to learn about this problem, which has been going on for many years, or are you an apparatchik that believes Apple can do no wrong?

I ignored it because it was late and I was tired, but again reading through that first article, it seems like another case of people telling others how they run their business. The MPAA and RIAA, infuriate me, as well as DRM, So you know what I did, I stopped purchasing products that I knew had DRM, and I stopped going to the movie theater. As for the abuses of the DMCA law by John Deer and others people should be simultaneously not purchasing their products while lobbying their representative about changing this broken law.

And from my point of view there is no war on general computing, this is not the 80's and 90's where most software was proprietary. Computer user's have more choices for free, open source software then they ever did. Now were even seeing a open hardware movement!