Edit: Guys I didn’t write the headline; the subtitle that I added, I’ve now fixed tho

Edit: Also, the information about there being no escape is out of date – here’s a quick guide to how to fix the problem in the modern day

31 points

The version of macOS that was released today, 11.0, also known as Big Sur…

Good thing we’re on top of things here on the fediverse.

permalink
report
reply
22 points

This is from 2020. You absolutely can use Little Snitch or a similar firewall to block this traffic.

https://eclecticlight.co/2021/02/23/how-to-run-apps-in-private/

permalink
report
reply
1 point

Little Snitch

Little Snitch won’t work because they use the Apple-blessed content filter which apparently doesn’t allow blocking this.

Pointing it to localhost in the hosts file does work, as indicated in that article.

permalink
report
parent
reply
3 points

Added in an edit

permalink
report
parent
reply
6 points
*

Can you though? LS now operates in user mode, which means it can no longer block traffic sent to Apple via a kernel thread.

It’s all a bit pointless though, as a LOT of hardware now calls home as well, and it doesn’t matter what OS to run on top of it unless you’re running something like TempleOS. Vanilla Linux is not going to protect you by itself. And if you’re using a repository system for software updates, that’s going to be reporting your software too — and many web browsers also report the URLs you go to (or even consider going to) and what extensions you have loaded.

But that article points at a solution for macOS users: it’s the certificates that are being checked. Any non-bog-standard software I run is not notarized or signed, and it functions just fine and has nothing to send back to Apple’s servers. First time I run it I need to right click and select Open to run the app, and this bypasses the entire signer system.

permalink
report
parent
reply
23 points
*

This is from 2020. You absolutely can use Little Snitch or a similar firewall to block this traffic.

We agree how sinister and dystopian it is to need to work against your hardware/os vendor for something like this though, right?

Shutup 10 exists, but that doesn’t make it OK that Windows users have to continuously be on guard for MS to try snooping on them, either.

permalink
report
parent
reply
2 points

Spending time to this is waste of life, it used be you setup the PC and it was good, now it is maintenance. I could not justify it any longer… made that switch.

permalink
report
parent
reply
103 points
*

Don’t want to sound like I’m proselytizing, but unless you run Linux, your computer really isn’t yours (closed firmware aside).

Microsoft is just as bad at treating your hardware as theirs that they so graciously allow you to use (in between forced updates, criticizing your browser choices, and trying to trick you into storing everything you do in one drive)

permalink
report
reply
26 points

Don’t want to sound like I’m proselytizing, but there are other free operating systems not based on Linux: FreeBSD, FreeDOS or ReactOS in example. I wish, I could add GNU/Hurd to the list, but from what I know, its unusable at the moment. Redox is also a new OS written in Rust, but it’s not ready yet (I think).

Now, are these real alternatives to a regular Linux based OS? In some cases they are (FreeBSD and their family), but most probably would just use Linux for their PC. They aren’t even suited for gaming I guess, the likes of Steam. I was just “Acktually”-ing around that you don’t “need” Linux for owning your computer. I mean, you mentioned closed firmware, so technically I was allowed to. :D

permalink
report
parent
reply
4 points
*
spoiler

asdfasdfsadfasfasdf

permalink
report
parent
reply
4 points
*
Deleted by creator
permalink
report
parent
reply
5 points

The Hurd hasn’t done anything properly in, what, 3 decades? I am actually surprised someone even remembers it.

permalink
report
parent
reply
7 points
*

Yeah, I know people running FreeBSD as their daily driver; totally left that one out haha.

The rest of them are either niche (e.g. FreeDOS for retrogaming) or not quite ready for daily driving (e.g. ReactOS – which I’ve been rooting for for a while now).

There’s also TempleOS lol

When we’re talking FOSS, feel free to “ackshually” all day. Worst case is I learn something new/cool.

permalink
report
parent
reply
3 points

I would absolutely run FreeBSD on my laptop if the WiFi wasn’t awful. It doesn’t matter which chipset, max is like 20 Mbps. Rouuugh.

On the server side of things, Docker/Podman is so convenient, and keeps me from blowing so much time on “maintenance.”

Hopefully, some day, I can daily a BSD. Until then- NixOS!

permalink
report
parent
reply
4 points
*
Deleted by creator
permalink
report
parent
reply
14 points

Yeah my position is really to recommend any FOSS OS in the large over proprietary ones. However, since my experience is primarily with Linux distributions, and I do think that Linux makes sense for a lot of use cases, I usually start by talking about “Linux” first.

But, from my experience, if a “solution” to a problem “forces” the user to make a choice, then they’ll stick with what “currently works” over having to make a choice. So when I talk to people about Linux IRL, I typically direct them to Linux Mint directly, even though other distros exist and it actually doesn’t fit my use cases. Once they’re comfortable in the Linux ecosystem, they can switch to a different distro or OS family if they feel the need to do so.

permalink
report
parent
reply
3 points
*
Deleted by creator
permalink
report
parent
reply
48 points

Forced updates are a good thing for most people, though. The general population doesn’t know or care about infosec, so they’ll put off updates for months or years.

permalink
report
parent
reply
32 points
*
Deleted by creator
permalink
report
parent
reply
9 points

I’d be fine with what you describe in the second paragraph, but that’s not what’s meant by “forced.” That’s opt-out. Forced is what’s really objectionable, especially when it’s abused, as discussed in the article and elsewhere in these comments.

permalink
report
parent
reply
2 points

Hard agree to disagree.

permalink
report
parent
reply
6 points

Which part exactly are you disagreeing with? Do you think that we should force people to never be allowed to run an OS that enforces a strict update regimen? Because I think you probably actually think that the user should be allowed to choose how they update; whether that be mandatory and automatic, or manual and optional. The reality is, the vast majority of people will opt for the former, and I think we both agree that they should be allowed that choice.

The real issue is transparency: what is being installed and executed, why, and is any data being collected. As long as all that can be audited at will, I don’t see any issue with the existence of an OS that insists on being updated for the people who want that.

permalink
report
parent
reply
11 points

No.

A notification, in the tray and elsewhere across the OS, with a short description like “Updates are crucial to the security of you and your device, they also provide the freshest experience.” would get the point across. What would be even better is if there was a one-click NQA button to initiate the update, perhaps even included on the notification.

permalink
report
parent
reply
20 points

Those notifications have existed for years. People don’t give a shit.

All you have to do is restart your computer every so often and nothing will be forced.

permalink
report
parent
reply
10 points

The problem is Microsoft have abused it. Now they claim an update is for security, but instead it just reverts settings to promote their other products.

permalink
report
parent
reply
5 points

Let’s have the authorities force us to eat salad and exercise while we’re at it, it’s better for us

permalink
report
parent
reply
24 points
*

Oh Christ, that’s not the same thing and you know it.

permalink
report
parent
reply
6 points

Updates forced at inconvenient (or inapropriate) times aren’t a good thing though.

Don’t interrupt my work right bloody now.

You can update later when I’m done doing what I’m in the middle of.

permalink
report
parent
reply
5 points

The forced updates are usually after the system has bugged the shit out of you to update for a week or two.

Plus, you can easily disable it.

permalink
report
parent
reply
1 point

That’s their problem though. If they wanna get hacked, go for it.

But there should be a way to turn it off for us power users at least (without having to build a whole domain controller)

permalink
report
parent
reply
1 point

The problem is when those systems become part of a botnet.

Plus, you can just disable the update service if you want to leave your computer vulnerable to attacks.

permalink
report
parent
reply
8 points

Don’t want to sound like I’m proselytising but do you have a few minutes to talk about our Lord and Saviour, Linus Torvalds?

permalink
report
parent
reply
33 points

My computer runs Linux.

permalink
report
reply
2 points

I haven’t noticed Akamai traffic recently; has Apple moved to another contractor, or do they import these hashes internally now?

permalink
report
reply

Technology

!technology@beehaw.org

Create post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

Community stats

  • 2.8K

    Monthly active users

  • 2.9K

    Posts

  • 54K

    Comments