Lets hope the open core project, namely the Open Core Legacy Patcher[1] will revive some older models to run Ventura. Personally, I'm running a 2014/15 Macbook Air 11" for 7 years now[2] and with "Open Core Legacy" on Monterrey with no issues at all.
In pretty confident it will, the OCLP project has improved a lot and is now very capable and stable. My MacBook Pro 2012 runs Monterey, and it's really fast and stable. Better than any previous Mac OS in fact.
You can look on the Macrumors forum and Reddit to see if they're already getting the betas to work.
Interesting that you say that it's faster and more stable. My 2013 Air is on Monterey and it's "good enough" for my needs still, but slipping towards not quite good enough. Very tempted to give OCLP a try if it extends the life of the machine a bit more.
Will Safari 16 be available on older macOS? Assuming Apple doesn't break their tradition it should support two prior OS release, Monterey and Big Sur.
While I could do without an OS update on my MacBook Pro 2015. ( I cant record a single useful feature from all the previous OS update other than Universal Clipboard ) That means for MacBook Pro 2015 Model users they will only have two more Safari Update.
Short answer: you'll get all of new web platform features (Container Queries, Subgrid, etc.); you may not get certain Safari-specific features that require a feature only present in macOS Ventura.
You can get Safari Technology Preview for Monterey and Big Sur that has those new web platform features right now [1].
- userspace filesystems: the nail on the coffin for kernel extensions. Now we won't need to run in "reduced security" to use FUSE and that was the last kernel extension that remained popular. Probably kexts will be deprecated shortly
- rapid security response
- it seems also to include changes in Xprotect and mrt
The OpenZFS implementation on macOS also requires kernel extensions, and I don't suppose it can easily be ported to FUSE or that that would have desirable performance characteristics.
Special kernel extensions are also required to get some basic functionality working on macOS these days, like disabling pointer acceleration.
Too bad for them, Apple has already stated multiple times that the long term roadmap is that all third party stuff will only be available as userspace drivers.
The plan being, each kext has one year timeframe to migrate to the new userspace API after its introduction, and the year thereafter the kernel API gets dropped from the new OS release.
Maybe my intuition is wrong, and System Extensions support enough functionality that the ZFS port will still work well with the System Extensions interface, and my impression of userspace filesystems as slow is due to quirks of the FUSE implementation on Linux. I hope so.
That no longer worked, the last few times I tried it. The only thing that works now are these drivers that implements a different type of pointing device (CursorSense and SteerMouse) from Plentycom: http://www.plentycom.jp/en/index.html
Yes, I have been baffled that it was always so difficult for the user to manage what’s auto-launched on start-up. So many apps try to bury into start-up so they can keep collecting data and lightly spamming the user.
Can anyone shed light on why it took so long? I had always figured the non-existence of a login items panel was a purposeful choice.
Maybe because it was not a common feature in the market. In Windows for example it's even more of a mess because there's a ton of places for autostarting software to run from. There this excellent tool from sysinternals called autostarts but it's not an OS feature despite sysinternals now being owned by Microsoft.
And in Linux? No great way of managing systemd via the GUI either afaik.
And Apple has always been one for hiding technical complexity from the user. It's only that security became prio #1 that they're doing this. 2010 Apple would not have presented the user with these popups for example.
Apple at that time really didn't care as much about security as they do now, it was before the fappening, before wannacry etc. They were more obscure as an OS so there was not as much malware. Security was not as much on the radar as it is now.
This view only includes actual apps that launch on startup, it doesn't include agents, daemons etc. Many popular apps have one, if not many, that the users are usually not even aware of and can't turn off via the UI. To see what I mean, try running `launchctl list | grep -v "com.apple"` as the user you're logged in with. It will list jobs loaded into launchctl not owned by Apple, and that isn't even the only way to make things run at startup.
Apps aren’t required to use that screen though. Some of them will, but a lot of apps not in the App Store can and do register themselves with launchd on their own.
Apple should be proactive and extract those items automatically, but in practice, they don’t.
> However, the Gatekeeper check here is overridable by users.
This is presented as a flaw, but I'm not sure they are thinking through the alternatives. It's hard to give too much credence to security experts who are't thinking holistically. Perhaps there is a flaw, but I'm curious to know what it is.
Security folks tend to have a very myopic view on things. Ever wondered why your computer got less and less
useable? Security people pushing their agenda.
Exactly. Technical measures are important, but if someone wants to play a game or do something that's been banned on Apple's stores and finds a site that claims to have an installer (which is actually malware) with instructions to disable Gatekeeper or SIP or what not, social engineering can work. Their goal is to do the thing they wanted to do, probably not thinking of security in the meanwhile. Popup alerts are going to be interpreted as something to get rid of so they can do the thing.
It's a difficult balance. Power users, engineers, developers - we can (usually) tell when warnings need to be heeded. People who use their devices to achieve a goal without really understanding or caring about what's happening usually won't.
I still recall when that viral elf bowling game was showing up on everyone's computers, and it struck me that we were all quite fortunate it wasn't secretly malware.
It's not a balance. There must be a way to override it.
I really don't want Apple to decide what I can have on my computer like they do with iOS. It'll be more secure but also a lot less free and functional.
To which my answer is — being alive is risky, get over it and stop treating all people like idiots that need constant oversight lest they do something potentially dangerous.
This is overboard. Defaults matter a LOT. Requiring users to override defaults to deliver ad/malware is a losing proposition and ad/malware creators know this.
Along with other comments, we have at least 10 fully working mbp 2015s. Many with upgraded 2tb storage. All used for audio work. Running 10.13 - 10.16. Little to no issues and I still buy up any I find online. Absolutely fantastic machines.
Still using the 2013 and 2015 MBPs here, had no reason to upgrade. Love them to death, still no hardware issues whatsoever except a new battery. I also prefer the smaller trackpad. Guess its time to gift them to my parents.
Luckily, the M1/M2 is finally a worthy upgrade, after years of keyboard issues and unwanted features.
Butterfly Keyboard ( And arguably the new Magic Keyboard ) with little to no Key travel distance, along with Larger Trackpad which create false positive input were two key minus design features.
Unfortunately every time I pointed this out most of HN were quick to answer this is an user issue and not a design flaw.
I can see why most on HN (and actually outside of HN too) would say a larger trackpad is great, so I think you might indeed be in the minority opinion on this one. Even mainstream reviewers tended to list it as a positive.
But butterfly keyboard had been pretty much universally decried as a terrible mistake almost everywhere, including HN.
>But butterfly keyboard had been pretty much universally decried as a terrible mistake almost everywhere, including HN.
That was certainly not the case until the reliability problem got magnified in 2018. When the problem has been there since 2016. Before that Butterfly was somehow the holy grail for touch typist.
I don't believe it ever was the holy grail of touch typist. First, it was incredibly loud, and most people complained about it. The key travel distance was mostly cited as a con, not a pro. And only then the reliablity issues started to arise. But it didn't take 2018. This article (https://news.ycombinator.com/item?id=15496745) made it to the top of HN in Oct 2017, but people had already been complaining for months (See this article from February https://forums.macrumors.com/threads/some-2016-macbook-pro-o...).
A lot of us hated the butterfly keyboard from the beginning. Both here on HN and in other community situations. The noise interfered with calls when taking notes. I made a lot more typing mistakes due to the space being reduced between keys. I’ve typed on lots of keyboards over the years and got used to most of them but never could get used to that.
When they skipped or doubled keypresses started it was just the cherry on top.
Looking from the outside, it sure does look like every security patch is assessed on its difficulty to port to older OSes, its severity, and its reach.
> In collaboration with Google, Microsoft and other industry players, Apple has been working on a new logon technology for web and other remote services called ‘passkeys’.
I don't think it will be Apple only. However, I am wondering what will happen to services like bitwarden [1] if it is available on other OSes as well.
> So are you locked in with Apple if you use this, or can you switch all your existing passwords to another "passkey provider/service" ?
Eventually, yes. Not now, but the goal is eventually, yes. It requires support to come to Android and at that point, they'll build the bridge to bring them together. I don't think the system currently exists for this, but they've said Passkeys will be a "multi-year industry-wide transition" so I'm inclined to believe it'll ship in the coming years.
When you sign in with a passkey, you have the option of scanning a QR code from a locally present device running any software that can speak the standard (e.g., Android). This means that you can login using any software that supports Passkeys using any devices that support Passkeys. For example, Chrome on Windows (chrome://flags, turn on passkey support) with an iPhone is a valid pair.
Passkey's (and webauth2's) major value proposition for software/service providers is for people to stop sharing accounts. This will result in more sales/subscriptions, and better tracking of preferences/activity.
That it also happens to provide better security is just more cheese on the trap.
Considering that the three control all of the popular operating systems for computers and devices, and most popular browsers who else would it be? It’s an open standards.
Assumedly any service that implements this will let you reset your password away from Passkeys, but it's still the soft lockin of "Ughhhh I don't want to reset everything".
Sites will never go full Passkeys because that obviously falls over if you want to access it from any other device or computer, support request costs would go through the ceiling
I don't think number 2 (specifically the complaint that the user can override gatekeeper) in their list is really an issue for enterprises. If they want they can already turn off the gatekeeper user override through a profile. I do exactly that on our Macs.
And for consumers I don't think it's a good idea to remove this option altogether. The owner should have full control if they desire it.
The constant check for modifications is great though. I'm surprised that wasn't the case before.
Most concerning is Gatekeeper, as I do still routinely run into scenarios where it harassess me about applications I am trying to run and on the odd occasion I have to manually codesign things.
It will be super annoying if this now starts making developer's life hell because it is nannying binaries they are building, sharing or working with as part of their development work.
Probably, I would need to see the message to be sure what you're referring to. But LaunchServices will for example still warn you the first time you open a downloaded application. You used to be able to get rid of that with `defaults write com.apple.LaunchServices LSQuarantine -bool false` but I don't know if the syntax has changed.
Am I the only one increasingly frustrated with macOS's naming scheme? I have no idea what the latest version is. Ubuntu versioning gets this right; you can parse their codenames alphabetically to derive the semantic version. But Apple's heuristic here seems to be "throw a dart at a map of California".
> The marketing names for macOS and OSX have always been random other than having a general theme to it.
Not entirely true: two of the cats were name variations of their predecessors to express an intent of limited end-user / feature updates and a focus on refinement (even though taxonomically the cats have basically no relationships outside of being cats, mountain lions aren’t even in the same genus as lions)
Since they moved macOS off version 10.x (finally), "Apple's crack marketing team" left the desert (Mojave) for the Pacific coast. Unfortunately, they didn't plan the trip carefully, so they started at Big Sur with macOS 11, went north to Monterey for macOS 12, then turned around and headed back south to Ventura for macOS 13. At least those locations are in alphabetical order -- but with Ventura they seem to have painted themselves into a corner.
So will macOS 14 be further south (Carlsbad?) or back north (Eureka?) -- stay tuned...
I think you overestimate the knowledge most people have of California. I've been to Cali a bunch of times and none of the names they picked mean anything to me except Big Sur, but that's pretty obscure. I wouldn't expect anyone around me to know what or where it is unless they happened to be really big into the tech scene.
US tech firms have a long history of using US place names as code names for operating system releases. Windows 95 was Chicago, if I recall correctly.
It wasn't much better with big cats. There were two sort of semantically related releases, Leopard/Snow Leopard and Lion/Mountain Lion. Of those on the Leopard/Snow Leopard I thought made sense as Snow Leopard was a "oh shit fix all the bugs" release. SL was the first full OS release after the Intel transition and 64-bit kernel.
Big Sur, Monterey, Yosemite, El Capitan, Catalina... all worked for me because I've either been there or there was a screensaver/wallpaper to associate them with their locales. I really don't know a thing about Ventura.
Yes. In Big Cat era, you could at least memorise those names which have some meaning to nearly everyone around the world, and it always had a version number.
Mac OS X 10.7 "Lion" – 2010
Mac OS X 10.8 "Mountain Lion" – 2012
Now it is only a name I guess only people in US / California will know or understand. The same joke From Apple's "crack marketing team" and played out by Craig Federighi for something like 10 years[1].
But I guess that is post Steve Jobs's Apple for you.
[1] Just guessing since I remember they started using this line after Forstall left.
Let's go back to cats. Since macOS is becoming more and more like iOS, we don't have to limit ourselves to big cats anymore. Small cats are on the table too. There's gotta be at least 100 cat breeds, that should last us a while.
That's definitely my issue: over the years, we have accumulated more and more and more of these names. When someone talks about iOS 4 or iOS 7 in some article I am reading, I know what they are talking about and the extent to which the version matters; but, when someone talks about macOS Gaviota, I have to think "wait, was that the one that just came out, or was that one of the ones I haven't had to think about in a decade? oh shit... maybe it's the one that got announced today and I just haven't heard the name yet?!".
(That said, I will also note that frustration is not inherently constant even when something is truly static: sometimes you get used to something over time and it stops bothering you, while other times it slowly drives you mad.)
Do the new DNSSEC changes imply anything for local DNS overrides? Would Apple refuse to block a site if DNSSEC is enabled and PiHole returns a blocking response?
Probably not. I haven't been able to dig into what they're doing, but I watched the presentation about the feature, and it's an opt-in API for applications. I'm not clear on this but I have to assume that the macOS/iOS resolver code is still leaning on your external recursor to do the DNSSEC validation stuff (otherwise, it's going to generate _a lot_ of extra lookup traffic), which means it's going to trust whatever your PiHole tells it anyways.
> Gatekeeper’s role is to ensure that when users execute some code, that code meets the local system policy. The policy includes checks such as whether the code is validly signed and whether it has been tampered with in certain ways.
Weasel-word alert. I never thought I’d see the day when technologists would applaud the gradual death of general-purpose computing, but here we are. A decade from now Apple probably won’t even ship a local version of Xcode, and the transformation will be complete as all new development happens in Xcode Cloud where no line of code goes unscrutinized by the watchful eye of the mother ship. At least we’ll be Safe™.
It is funny to me to read this because I recently joined the Xcode Cloud team to precisely work on this, thinking that I could help Apple make developer’s life easier in the near future, but according to your comment, there are people out there who will consider my team’s work a regression.
> It is funny to me to read this because I recently joined the Xcode Cloud team to precisely work on this, thinking that I could help Apple make developer’s life easier in the near future, but according to your comment, there are people out there who will consider my team’s work a regression.
how exactly will it be easier than my current workflow of:
- Boot computer
- Press win-key + d
- type the letters "qtc"
- hit enter
- ctrl-alt-shift-<index the project I'm working on>
Not having to download 10g to edit 1 line of code on a computer where you haven't set up XCode should be a win?
Having said that, I agree, the biggest problem here is that even if it doesn't seem obvious now, once the cloud offering is there the control it offers will make it very appealing for Apple to expand its use and eventually offer features there that aren't in the real XCode. It can fast be a slippery slope to the non-cloud app being deprecated.
I disagree. Before Gatekeeper there was no way to define a policy about what code could run, now with Gatekeeper there is. Currently, Apple define a default policy. Users can edit this themselves if they acknowledge the risks. Admins of Macs can also set their own policies.
The ability to have policies is very different from enforcing overly strong policies. Apple seems quite clear that they see iOS as being a platform with a stronger policy, and macOS as being a platform with at least the ability to run a weaker policy.
Edit: also Xcode Cloud isn't what you imply it is/could be, and Apple's moves with Swift being developed in the open suggest to me a very different direction for development. I can't see this ever being locked down, either in terms of technology or policy.
The existence of Gatekeeper already causes a huge privacy violation by “requiring” my computer to phone home to verify the signature the first time it launches an application. Everyone should have realized this when Apple’s OCSP responder went down in November 2020 and nobody could launch anything that wasn’t built in to the OS.
According to TFA this kind of verification will now occur every time an application is launched to deter post-verification “tampering” by you, the user. How big of a privacy violation would it have to become to bother you, out of curiosity? If we let this continue we will end up in a future where full “Remote Attestation” of every hardware and software component is required to participate in the Internet. This isn’t hypothetical doom-saying, either: game consoles already work like this. I remember my XBOX360 could detect modified DVD drive firmware, launches of individual pieces of software (e.g. Halo 3 Delta leak), and other types of system modifications, then it would permanently ban that machine from XBOX LIVE. And that was all 15+ years ago.
Just imagine what a gift this will be to law enforcement, for example, once they can go to Apple all like “Hey, Siri, show me all users of Tor Browser around the time of ${BITCOIN_TRANSACTION_ID}”.
I thought all UNIX heads longed for the days we used to telnet or startx into the UNIX development server, everyone had their $HOME configured with noexec, and the tooling configured by the BOFH team.
> A decade from now Apple probably won’t even ship a local version of Xcode, and the transformation will be complete as all new development happens in Xcode Cloud where no line of code goes unscrutinized by the watchful eye of the mother ship.
Any young folks wondering: yes, this exact same thing was being posted ten years ago, all the time.
"Apple's gonna totally lock down macOS without any way around it, they hate general purpose computing" and the related "Apple's gonna merge iOS and macOS" are the apocalypse cult of computer geek forums. They might be right eventually, but only after being wrong a hundred times. And they never get the timeline right.
Started kinda late on macOS/OSX (in my career, and in the life of Apple) but have still been using it for 11ish years, and developing, off and on, for iOS.
Somewhere between Mountain Lion and High Sierra, it became impossible to delete or even mark non-executable various annoying built-in applications which I never use, e.g. iTunes.app and Safari.app, which often open without me asking them to.
Does anyone know how to re-enable this functionality?
As of Big Sur it's impossible. The entire OS is now a single cryptographically signed image that's verified on boot, which is great for security but it includes some things that don't particularly need to be locked down.
See reply below about Open Core Legacy Patcher[1] which enables to use older Intel Models to use modern OS Versions. And for even older hardware, check out the patchers from Dosdude[2]. Most likely this will not be possible with the M-Class Processors from Apple, which is a shame.
I wonder if it’s worse this year than usual because of the switchover to AppleSilicon? I have a 2013 Mac Pro that I use daily and it’s gotten all updates until this one. 9 years is pretty good. But I can understand wanting to end support for as many Intel machines as quickly as possible.
When Apple announced the transition from PPC to Intel, the PPC Macs only got two major updates before being EOLed. Even the Power Mac G5 (2005) only got two major updates before being cut off from support.
It should be noted, however, that those major updates had longer lifespans then. Snow Leopard, the first Intel-only version of Mac OS, came out in 2009.
MacOS versions tend to receive security updates for 2 additional years after they’re supplanted, so it’s more like 7-8 years. Plus, all of the Macs that aren’t eligible for Ventura can use Bootcamp to install Windows or dual boot into Linux if you’re not happy with MacOS anymore.
The newest machine that can't run the new version would be a Mac Pro purchased a scant 4 years ago. Potentially for several thousand dollars.
Meanwhile there are 10 year old ~$1000 Thinkpads running Windows 11 or Linux. If they just wanted to run Linux on it they could have saved themselves some money.
8 years of updates to current version and 10 years of security updates should be the absolute minimum for every expensive hardware.
I question anyone purchasing a machine with generations old hardware in 2018. Especially considering the Mac pro had been supplanted by newer macs at that point.
It's not really about the CPU power, more that by 2018 it was well known that the Trashcan Mac Pro was a dead-end design and a soon to have radical refresh.
They haven’t yet released a machine worth upgrading to if you’re on a 2015 MBP. I recently got a 14” M1 and I think I’ll just reinstall my 2015 and move back to it.
You can’t be serious? The m1 is so good, great performance, much quieter and doesn’t get hot, and the battery life is amazing. Also there’s not many compatibility issues now
The 14" M1 is the spiritual successor to the 2015 MBP I think. Ports, magsafe charger (with higher quality cable), larger screen within a marginally larger footprint, keyboard is good unlike the last few years, solidly built, no touch bar, finger print login, performance, etc. No complaints personally.
I upgraded from a 2015 15" MBP to a 2021 16" MBP. I'm loving the upgrade. Fast. Better display. Much better battery life. Still has magsafe. The keyboard is acceptable. What do you think is missing and/or bad about the new models?
I’d wager that the vast majority of people who have made that upgrade would disagree with that view; it’s a substantial step-change in most ways, if you use the device for software development or content creation.
Battery life and speed alone are totally noticeable. This doesn't mention that Intel fires up the fans anytime a CPU calculation is done. I think you're being disingenuous here.
Nothing terribly major here, it sounds like. Making login items visible is a long-overdue change... but none of these are going to have any particular impact on average users or average apps.
On a pettier note, can we get a better source than a website that's using JS to change its title when it doesn't have focus to try to gain attention? (It toggles about every second between "macOS Ventura | 7 New Security Changes to Be Aware Of" and "Message from SentinelOne". https://imgur.com/ynPqpvK - it's pretty awful.) I don't normally complain about scummy websites on here, but this is just annoying.
Interestingly, I went looking for alternative sources for the content, and found that identical content is on other sites [1] which are also doing the same title-flicker technique. So presumably this is part of some content network...
I'm not surprised they're using scummy tactics. Their actual software runs like crap, so gotta do whatever they can to get users. I had a work MBP and personal MBP with exactly the same specs, main difference being the Sentinel One agent. The work one was constantly spinning up the fans, S1 was gobbling up memory, and support was completely useless in diagnosing. Their Linux agent isn't much better with constant memory leaks.
Mostly off-topic: have Apple and Microsoft completely given up on non-trivial changes to desktop operating systems? Will MacOS look basically the same in 40 years? Or is the idea that everything will be AR/VR by then and there is no use innovating in this domain?
I'm curious as to your background if you consider any of the things mentioned in the articles as "trivial" changes. Have you worked in systems development before?
I similarly question your definition of "modest". The first one alone is incredibly radical, and has been tried several times in the past but people keep asking for hierarchical file systems. It's far from modest.
1. How do you propose users organize things?
2. Already exists today with electron and webview. What would you propose an OS provide here? Many apps you use today on macOS are web apps within a native context.
3. This is already growing on macOS with features like continuity handofd, universal control, being able to run mobile apps on desktop, iCloud sync of projects etc.. Each year they've clearly moved towards unifying things.
If these are what you consider modest though, I fear what you consider radical without throwing out decades of learned user interaction in the process
I’m not using “trivial” as a measure of ease of back-end implementation, but rather of how it actually changes user experience and productivity. There is no limit to how hard it can become to implement trivial changes behind the scenes; it would be silly to ignore or downplay the ossification of desktop OS capability just because software developers continue to expend more and more effort to make smaller and smaller improvements.
My reading of your comment is that you aren’t actually interested in thinking about non-trivial changes here. “Didn’t you know people have tried eliminating folder systems before? It’s hard and hasn’t succeeded yet” is obvious and does not seriously engage with the possibility. (“Didn’t you know people have been attempting to make stylus input work for decades without success?”) Likewise, the fact that web apps can be disguised as native apps is not the same thing as eliminating the distinction at the user level, and I don’t think you would have conflated these if you were really interested in it.
So I don’t think it will be productive to continue this conversation.
Again, that's why I'm delineating between scale and complexity. Trivial implies complexity, but you seem to keep going back to scale of the change.
Saying something is trivial, by definition, implies its a simple change. Nothing mentioned so far is simple. None of your suggestions were modest.
I understand you're using the word according to how you think of it, but I'm trying to point out that you're incorrect, and that many of the things you say are modest are not so.
You're actively down playing the amount of work and it either feels disingenuous to make your point, or divorced from the reality of implementation.
Swap “everything will be AR/VR” to “everyone uses mobile as primary devices” and I think it’s a better guess. Or maybe “everyone have at least two computer devices”. I feel like the goal is to have the most seamless experience between tablets, smartphones and desktop, and impactful changes that don’t work towards that goal are just discarded.
Window management has continued to evolve in nontrivial ways, imo. More fundamental interactions probably won't and probably shouldn't change; those idioms are mature and deeply engrained at this point. It would alienate swathes of users to rock such an established boat.
To 10% market share in Europe right before they decided to drop it all.
It was starting to become the alternative to Android for many of us.
Had they provided a proper migration path from Windows Phone 7 into 8, and then from 8.x UA model into 10 UWP, and more Win developers would have followed along, instead of hating them for all the rewrites.
If you look at independent developers working on the Mac OS, you find it's pretty much dead. Only the name programs get updated nowadays whereas everybody else has moved to iPhone/iPad as that's where the money is. Open source still chugs along though.
[1] https://dortania.github.io/OpenCore-Legacy-Patcher/MODELS.ht...
[2] Except the mainboard, display and shell everything else thats modular (wifi card, ssd, battery and keyboard) was replaced/repaired at some point.