> This doesn't have a damn thing to do with dtrace. This is about Apple asserting that they own your computer, de facto, not you.
Dtrace is one of the features that is limited by SIP so yes this has something to do with dtrace.
> That the ability to disable SIP will always be available, forever, even though Apple has incentives to continue making their products more an "applicance" and less a "computer". I already said there are hardware features in new CPUs that are specifically designed to make that impossible.
Yes apple could get rid of the ability to turn off SIP, I don't believe they will. Doing so would anger developers and technical users, these people have a huge amount of say on what technology get used in their organization.
> That SIP will continue, forever into the future, to protect only those hidden directories.
I don't assume that it will only protect those hidden directories, because it protects other system resources as well. I also hope apple keeps adding to the list of protected resources, to continue securing Mac OSX and IOS.
> Why is it that any time someone starts grabbing for power, there are always people that say we should ignore it because there is some workaround, or it's only an insignificant amount of power? Power is accumulated in small steps, with the hope that nobody notices until iti is too late.
This is not a power grab, this is a company securing their products for their users. Even if this somehow is a power grab by apple, so what. No one is forced to buy apple's products, and if apple wants to do things that make there products less desirable, again so what, people might start switching to a competitor. It's not like apple is the government, nor is it a monopoly.
> Apple is taking your root access away, and you're fine with it. They are saying that they de facto own your computer, not you. Yet you're fine with it.
Apple has not taken root access from me, I can still do whatever I want on my Mac Pro.
> Again, you might want to think long and hard about the long-term consequences of giving up root access to Apple. Security can be provided for the user without handing control over to Apple.
Again I still have root on my laptop, yes I had to boot into recovery mode first, but afterwards I can sudo away. To me it seems like you haven't heard of Mandatory Access Controls, Operating systems have had the ability to reduce the privileges of root for a long time. Thats all SIP is a application of Mandatory Access Controls, SIP is built on top of the TrustedBSD MAC framework that FreeBSD, IOS, and MAC OSX all share. The MAC framework has been in IOS and Mac for a decade and apple have been slowly using it to hardened there operating systems and SIP is just a progression of this. You would think you would be happy that apple is trying to improve the security of their products.
So tell me the equivalent method to gain complete root access on an iphone. Not a jailbreak or unofficial firmware, an actual supported method by which you can become root and change anything on the device. Unless I am badly misinformed, this doesn't exist.
Your faith in Apple to not lock out SIP (or otherwise continue their trend of turning their products into appliances) requires ignoring that Apple already did that on other products.
> anger developers and technical users
So all Apple (or whomever) has to do to take away features is to make sure they have a way to satisfy or distract most of the developers and technical users. As this is not a large group of people, if they have a workaround, it does not change much.
I already said that this technological priesthood that knows how to work around these problems don't matter, as the average users are the people who will pay for this in practice.
Why would it hurt users? Because this kind of feature tends to always expand in scope when there is a financial incentive to do so. You even acknowledge this.
> I also hope apple keeps adding to the list of protected resource, to continue securing Mac OSX and IOS.
Securing for who? The owner of the computer? Or the vendors of their app store and music store?
> Apple has not taken root access from me, I can still do whatever I want on my Mac Pro.
Sometimes this isn't about YOU. This kind of selfish attitude is what allows corporations to continue taking advantage of other people.
> switching to a competitor
How many competitors are there for people to switch to? Are you stretching the definition and including competitors that are not compatible and would require re-purchasing software because the software they already paid for isn't compatible?
There is a huge cost to switching... which is why Apple absolutely is guilty of monopolizing (which is what the anti-trust laws ban, not a "monopoly" by some arbitrary market share).
> Again I still have root on my laptop,
Of course. Apparently you didn't read the part where I discussed this was a warning about the future, as power is taken in small increments.
More importantly, I find it interesting that you completely ignored the topic of the War On General Purpose Computing, which is central to this discussion. Doctorow's 28C3 talk directly address these problems and refutes many of your replies. Do you want to learn about this problem, which has been going on for many years, or are you an apparatchik that believes Apple can do no wrong?
> So tell me the equivalent method to gain complete root access on an iphone. Not a jailbreak or unofficial firmware, an actual supported method by which you can become root and change anything on the device. Unless I am badly misinformed, this doesn't exist
There isn't one, and there has never been a way to officially gain full root on an iphone. Which is fine, iphones were never marketed as a general computing device, it's a smartphone.
> Your faith in Apple to not lock out SIP (or otherwise continue their trend of turning their products into appliances) requires ignoring that Apple already did that on other products.
I could care less what apple does, it's not my primary operating system, FreeBSD is.
> So all Apple (or whomever) has to do to take away features is to make sure they have a way to satisfy or distract most of the developers and technical users. As this is not a large group of people, if they have a workaround, it does not change much.
SIP isn't taking away features, it is a feature. Secondly if apple has a well documented workaround for their more restrictive features, then yes this is the best of both worlds. As the OpenBSD crowd has shown, security features need to be on by default or they are rarely used. Apple can't rely on most of their user's to turn on the various security features. Most Linux user's turn off selinux because it's hard to setup, and I would wager Linux users are more technical on average then Mac users. And by allowing a way to turn off these security features for those who need to, it allows for people to do whatever they want with their Mac.
> How many competitors are there for people to switch to? Are you stretching the definition and including competitors that are not compatible and would require re-purchasing software because the software they already paid for isn't compatible?
There's plenty of competition in both mobile phones and personal computer markets. For mobile phones you can get smartphones from Apple, Samsung, HTC, Microsoft, BlackBerry, and a few more. As for personal computers there's Apple, HP, Dell, Lenovo, Asus, Toshiba, etc, etc. I also would like to add that even if these various products are not compatible it does not mean they are not competitors. Blenders from two different manufacturers are not compatible, but they are most definitely competing for customers.
> Sometimes this isn't about YOU. This kind of selfish attitude is what allows corporations to continue taking advantage of other people.
When it's about me and my laptop, Only thing I care about is whether I'm satisfied. And I think it's strange that you think this is an example of Apple taking advantage of people, when Apple has done far worse things to people, such as their use of cheap labour when they could easily afford to pay those people more. SIP is a good thing.
> Sometimes this isn't about YOU. This kind of selfish attitude is what allows corporations to continue taking advantage of other people.
The reason corporations do as they please is because people don't hold politicians accountable. Secondly I would like to say, have you thought whether YOU are being selfish? You want a company YOU don't own to change their product to satisfy YOUR view on how they should make their product. Especially considering this feature protects users from various types of attacks such as, loading rootkits, and hooking library functions.
> More importantly, I find it interesting that you completely ignored the topic of the War On General Purpose Computing, which is central to this discussion. Doctorow's 28C3 talk directly address these problems and refutes many of your replies. Do you want to learn about this problem, which has been going on for many years, or are you an apparatchik that believes Apple can do no wrong?
I ignored it because it was late and I was tired, but again reading through that first article, it seems like another case of people telling others how they run their business. The MPAA and RIAA, infuriate me, as well as DRM, So you know what I did, I stopped purchasing products that I knew had DRM, and I stopped going to the movie theater. As for the abuses of the DMCA law by John Deer and others people should be simultaneously not purchasing their products while lobbying their representative about changing this broken law.
And from my point of view there is no war on general computing, this is not the 80's and 90's where most software was proprietary. Computer user's have more choices for free, open source software then they ever did. Now were even seeing a open hardware movement!
Dtrace is one of the features that is limited by SIP so yes this has something to do with dtrace.
> That the ability to disable SIP will always be available, forever, even though Apple has incentives to continue making their products more an "applicance" and less a "computer". I already said there are hardware features in new CPUs that are specifically designed to make that impossible.
Yes apple could get rid of the ability to turn off SIP, I don't believe they will. Doing so would anger developers and technical users, these people have a huge amount of say on what technology get used in their organization.
> That SIP will continue, forever into the future, to protect only those hidden directories.
I don't assume that it will only protect those hidden directories, because it protects other system resources as well. I also hope apple keeps adding to the list of protected resources, to continue securing Mac OSX and IOS.
> Why is it that any time someone starts grabbing for power, there are always people that say we should ignore it because there is some workaround, or it's only an insignificant amount of power? Power is accumulated in small steps, with the hope that nobody notices until iti is too late.
This is not a power grab, this is a company securing their products for their users. Even if this somehow is a power grab by apple, so what. No one is forced to buy apple's products, and if apple wants to do things that make there products less desirable, again so what, people might start switching to a competitor. It's not like apple is the government, nor is it a monopoly.
> Apple is taking your root access away, and you're fine with it. They are saying that they de facto own your computer, not you. Yet you're fine with it.
Apple has not taken root access from me, I can still do whatever I want on my Mac Pro.
> Again, you might want to think long and hard about the long-term consequences of giving up root access to Apple. Security can be provided for the user without handing control over to Apple.
Again I still have root on my laptop, yes I had to boot into recovery mode first, but afterwards I can sudo away. To me it seems like you haven't heard of Mandatory Access Controls, Operating systems have had the ability to reduce the privileges of root for a long time. Thats all SIP is a application of Mandatory Access Controls, SIP is built on top of the TrustedBSD MAC framework that FreeBSD, IOS, and MAC OSX all share. The MAC framework has been in IOS and Mac for a decade and apple have been slowly using it to hardened there operating systems and SIP is just a progression of this. You would think you would be happy that apple is trying to improve the security of their products.