Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If the user want remote code execution (auto updates are) in kernel space, let them.

Apple sell the whole hardware stack. I don't think limeting drivers would fly on Windows or Linux.




Pretty sure there's an exception for drivers but requires at minimum notarisation from Apple, but more likely a review as well.


They just developed a new framework that allows drivers to work just in user space https://developer.apple.com/documentation/driverkit


Well - recognition where it's due - that actually looks pretty great. (Assuming that, contrary to prior behavior, they actually support it, and fix bugs without breaking backwards compatibility every release, and don't keep swapping it out for newer frameworks, etc etc)


Ok what if they sold it off by default but there was a physical switch that could turn it on, that required hardware access?

Good compromise?


That’s exactly how macOS works (except it’s not a physical switch). You can disable SIP if you have hardware access to a machine.


I would be fine with jumpers, ye.


No.

Go buy a different product if you want that functionality. I'm sticking with my Apple phone so outages like this are much less likely to affect me.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: