Archive for November 24, 2020

Tuesday, November 24, 2020 [Tweets] [Favorites]

Black Friday 2020

My apps are on sale for Black Friday and Cyber Monday, and here are some other good deals that I found:

Lists of deals:

Previously:

M1 Macs Add Hurdles for Audio Plug-ins

Rogue Amoeba (via Peter Steinberger, Jeff Johnson, Paul Kafasis):

In MacOS 11 (Big Sur), the initial installation of ACE requires a bit more set-up. The in-app installer provides an overview of the process, and is likely all you need. This page lists the full sequence of steps to install ACE and get Airfoil working.

[…]

Click the lock in the lower left corner, then enter your Administrator password. The Security & Privacy system preference will then be unlocked, and you’ll be able to make changes. From here, click the Enable system extensions… button to permit ACE to run on your Mac.

[…]

Boot to the Mac’s “Recovery” environment by pressing and holding down the Touch ID or power button on your Mac.

[…]

The default configuration is pictured above. Switch to Reduced Security and enable the first checkbox, “Allow user management of kernel extensions from identified developers”.

[…]

Despite the name of this setting, ACE is not a kernel extension. Instead, it’s a standard audio plug-in, which receives enhanced privileges to access your system’s audio. MacOS simply uses the kernel extension verification system to allow ACE to load as well.

[…]

Now, you need to allow ACE to run on your Mac, by authorizing it in the Security & Privacy system preference.

Keep in mind that you have to go through all of this even though the app has already been notarized. The last few versions of macOS have been a disaster for apps that do anything off the beaten path. Apple keeps adding hoops for users to jump through, scaring potential customers away. Developers have to spend time engineering mitigations for the bad user experience, working around bugs in the new security features, and providing support for customers who have trouble with the hoops. Apple talks about how it loves the Mac and innovation, but each step of the way it does more to discourage the development and success of interesting apps.

Previously:

Update (2020-11-25): Jason Snell:

The good news for Rogue Amoeba’s customers is that their stuff works, and once you do the reboot two-step, you shouldn’t need to do it again. It’s a multi-step process, but it’s over fast and then you can get on with your work.

But it really shouldn’t work this way, and that’s on Apple. One reboot is bad, but two is ridiculous. Surely there’s a way, at the very least, to pre-approve an extension before rebooting to adjust the security setting? I know that Apple is trying to protect users from bad actors, but when a list of instructions like these are required to install Mac software, something’s really gone wrong.

See also: Reddit.

Update (2020-11-27): Dave Mark:

I’ve jumped through these hoops, and they are both intimidating and cryptic. Neither are Rogue Amoeba’s fault. If I want to use Audio Hijack, I have to jump through the cryptic hoops, and trust that it’s OK to accept “reduced security”.

I get it. I just hate that this is where we’ve landed.

Apple Security Hampers Detection of Unwanted Programs

Thomas Reed (tweet):

One of the common sub-groups of PUPs we detect are antivirus programs that show unwanted behaviors meeting certain criteria. As an example, a program that requires payment, but the antivirus engine it uses is available for free from another company, would be a likely candidate for detection.

Unfortunately, antivirus programs are also candidates for the system extension and EndpointSecurity entitlements. Anyone can apply for these entitlements, but you stand a much better chance of getting them if you are—or appear to be—a security company.

We’ve now seen a case where two different companies with a long history of making PUPs—including junk antivirus programs—have gotten these entitlements. Those programs now have a system extension, which cannot be removed by Malwarebytes or any other software.

[…]

However, it is starting to look like antivirus developers will have to play by increasingly limiting rules, and that now means not being able to protect users against certain things. Worse, Mac users will be unable to manually remove those things without contortions that the average person will find quite cumbersome.

Previously:

Understanding 5G

Glenn Fleishman:

I hate to be a downer when it comes to improved technology that actually does what it says on the tin. 5G networks will provide substantial improvements in throughput and availability that we will notice—in a year or maybe two. Until then, not so much.

Previously:

Update (2020-12-08): Julio Ojeda-Zapata:

What coverage you’ll find depends on your carrier—AT&T, T-Mobile, or Verizon in the US—and where you live. The vast majority of 5G users across the country will not see eye-popping 5G speeds on par with what I experienced in Rice Park, and many will have no 5G access at all even if they have 5G phones.

So, while I had a blast recently testing T-Mobile and Verizon 5G on an iPhone 12 and an iPhone 12 Pro, I came to realize how far we are from ubiquitous 5G coverage.