This. Tweakability isn't the issue. Simply catering to pro users is the issue. I moved from Linux to OS X in 2004 and am now on the fence about moving back.
When OS X came out, Steve Jobs promised an OS that would cater to pro users as well as amateurs. He literally said so in one of his keynotes. But around 2006, Apple started focusing on the upcoming iPhone and downprioritized OS X development. Nowadays it's all about making OS X more and more like iOS. They no longer care about pro users.
Case in point: If you're doing pentesting you need a machine that stays silent when connected to a network. With OS X you always have mDNSResponder blaring out. Prior to 10.6 you'd just solve this with a simple "launchctl unload" and be done with it. From 10.6 however, unicast DNS resolution was moved into mDNSResponder, so you need to keep it running or you lose the ability to resolve anything in the DNS. Of course it's possible to filter the multicast DNS announcements with pf, but it turns out that mDNSResponder will occasionally resolve various apple.com and Akamai addresses and that can't be disabled.
Same with IPv6 link-local addressing, it used to be possible to disable it completely, now that's no longer possible because they've dumbed down the UI. And when you use WiFi, OS X will regularly send 802.1X EAPOL messages out. That can't be disabled even with pf because pf doesn't filter on layer 2. Under these circumstances I find OS X to be unusable for pentesting.
And don't get me started on the laughable HFS filesystem and the non-existence of a package manager.
> But around 2006, Apple started focusing on the upcoming iPhone and downprioritized OS X development. Nowadays it's all about making OS X more and more like iOS. They no longer care about pro users.
This is a very compelling narrative, but the set-up simply does not support the conclusion.
Making OSX more like iOS (sandboxing, for instance) is an incredibly welcome feature for pro users and newbs alike.
The other changes you point out are not related to the iOS-ification of the OS, and are not specifically "this isn't for pro users" sorts of changes as much as they are rearchitectures of the subsystems... it doesn't seem related to some "ignore the pro users" push.
I suggest you buy a usb network interface and pass the device through to a VM (Vagrant+VirtualBox is great for this) for your pentesting - then you get the best of both worlds.
When OS X came out, Steve Jobs promised an OS that would cater to pro users as well as amateurs. He literally said so in one of his keynotes. But around 2006, Apple started focusing on the upcoming iPhone and downprioritized OS X development. Nowadays it's all about making OS X more and more like iOS. They no longer care about pro users.
Case in point: If you're doing pentesting you need a machine that stays silent when connected to a network. With OS X you always have mDNSResponder blaring out. Prior to 10.6 you'd just solve this with a simple "launchctl unload" and be done with it. From 10.6 however, unicast DNS resolution was moved into mDNSResponder, so you need to keep it running or you lose the ability to resolve anything in the DNS. Of course it's possible to filter the multicast DNS announcements with pf, but it turns out that mDNSResponder will occasionally resolve various apple.com and Akamai addresses and that can't be disabled.
Same with IPv6 link-local addressing, it used to be possible to disable it completely, now that's no longer possible because they've dumbed down the UI. And when you use WiFi, OS X will regularly send 802.1X EAPOL messages out. That can't be disabled even with pf because pf doesn't filter on layer 2. Under these circumstances I find OS X to be unusable for pentesting.
And don't get me started on the laughable HFS filesystem and the non-existence of a package manager.