luckman212 2 hours ago | next |

So a timestamp per app bundle (name) is being saved somewhere on disk apparently. Anyone know where? Rather than muck around with my system clock (which can cause other problems I'd rather not deal with) I'd love to just poke the right values into whatever sqlite db they are probably storing this in.

What a miserable change this is. Apple is having its "Vista" moment.

iszomer 9 hours ago | prev | next |

Wow, tinyapps.org is still around? Having a nostalgia moment when I downloaded their curated apps onto my ZIP100 to try on my home computer running Windows 95.

And who still remembers analogx.com?

__jonas 4 hours ago | prev | next |

Now that I've seen the wording of this prompt, it sound like there is another API that can be used that will not trigger this prompt? The "system private window picker"? Sounds like a way to allow an app access to a record a single window, but built into macOS, is that true? I can't find anything about it with this wording.

kranner 2 hours ago | root | parent |

AFAIK use of Apple's more recent ScreenCaptureKit should not have been triggering this alert—as opposed to the use of the deprecated Core Graphics APIs for screen capture—but it does. (I just tested this in an Xcode playground that uses SCScreenshotManager.captureImage)

If there's another "system private window picker" I haven't heard of it.

skrrtww 8 hours ago | prev | next |

This prompt is not even tied into the underlying TCC system; it's basically purely decorative. Failing to respond to the prompt, or responding "Open System Settings" to the prompt, does not even revoke the existing permission.

The prompt is also not even tied to the application bundle's code signature; tampering with the signature will not re-trigger the prompt. Nor will the prompt be re-triggered even if the application's entire bundle ID (com.example.example) changes.

No; the only way to re-trigger this prompt for an application is to rename the app bundle itself. That's right. Renaming Test.app to Test-dumb.app will trigger the prompt when nothing else will.

This isn't really worth criticizing that much because the prompt I think is designed as purely like a "don't forget about this" type of measure, and not one tied into actual security. But also that speaks greatly to the design challenges facing the TCC system more broadly, that this type of thing is seen as necessary.

pantulis 4 hours ago | root | parent |

> I think is designed as purely like a "don't forget about this" type of measure

I believe this to be the correct way to see the "feature". While annoying, it's not bad to be reminded of sensitive shit you have installed. A month seems reasonable to me, but perhaps and override ("don't ever remind me any more") should be available.

Brajeshwar 9 hours ago | prev | next |

I thought this was a good thing. I want to know what I missed when removing/disabling things that open at logins, run in the background, and have extensive permissions.

mmcnl 3 hours ago | root | parent | next |

It's only a good thing if you can disable it, and you can't. I know which apps I granted permission, don't bug me about it. This is terrible UX design.

I really hate how every year I have to hope macOS won't introduce annoying new features (this annoying nagging screen), break compatibility with existing third-party apps (Intune VPN was broken for months after the release of Sonoma) or just remove existing functionality entirely altogether (subpixel aliasing was removed a few years ago resulting in awful font rendering on non-retina displays).

How can I justify spending an extraordinary amount of money on a MacBook Pro when the operating system introduces breaking changes _every year_? And on top of that, I can't even choose to run my own operating system? Very annoying.

CodeWriter23 6 hours ago | root | parent | prev | next |

> I want to know what I missed when removing/disabling things that open at logins,

All the permission grants are summarized in system preferences. Much more elegant to go do your own audit than have to respond to nag screens.

The nag screens are an inferior Windows security feature (think UAC) no doubt manifested as a result of The Bozo Explosion which Jobs managed to fend off for about a decade or so.

nox101 7 hours ago | root | parent | prev | next |

AFAICT, Apple excludes all their own apps. Seems like a way to try to get people to use Apple's apps over everyone else's. Just to check, I pick the Quick Time Player. I pick "New Screen Recording". No prompt.

EE84M3i 7 hours ago | root | parent | next |

I thought all apps using the new window picker API were excluded and that includes most of Apple's apps?

angulardragon03 6 hours ago | root | parent |

This is correct - the mechanism seems like it’s primarily for shaming developers that don’t use the new API

kranner 2 hours ago | root | parent | next |

I'm getting this alert even for code that uses only the new ScreenCaptureKit framework, specifically the SCScreenshotManager class introduced in WWDC23. Hopefully this is a bug and Apple meant to show this only for apps that still use deprecated functions like CGWindowListCreateImage.

appendix-rock 6 hours ago | root | parent | prev |

Don’t let facts get in the way of Apple bashing. Apple already does so many legitimately anticompetitive things (see: iOS EU blah blah), so resorting to this low-quality complaining is very lazy.

zimpenfish 4 hours ago | root | parent | prev | next |

> I pick "New Screen Recording". No prompt.

But that's also you performing a positive action to start the (presumably time-limited) recording which is different from something in the background passively recording your screen over a long period (Bartender, etc.)

(I do not like the permission prompts but I understand where they're coming from)

fastball 4 hours ago | root | parent | prev |

Apple presumably knows their own apps aren't malware?

If Apple wants to record your screen they don't need to use Quick Time Player to do it. They can bake it into the firmware.

If you don't trust Apple not to randomly record with Quick Time Player, you shouldn't be using macOS.

Onavo 8 hours ago | root | parent | prev |

Too many notifications and you get fatigued which is not good either. Maybe in future the on-device AI will decide whether to notify you. (Hmm this could be an idea, can you use a RPA tool to click those notifications on mac?)

szszrk 7 hours ago | root | parent | next |

Allowing that to be automated outside of users control is just another security problem to solve. Why not go all in on this and let the apps approve all privileges for themselves, right? So convenient for the user... That just contradicts the very idea of any approvals from user.

I actually think UAC on Windows has this done more clearly and is harder to go around. Wonder how that would work if it was extended for more granular permissions that apps can trigger on demand.

Brajeshwar 7 hours ago | root | parent | prev |

I agree with reducing notifications, but not at the expense of critical notifications. For more than a decade, I have eliminated all forms of notifications and have been selectively allowing the ones that need to notify me. I believe that this falls under the "OK to notify."

avazhi 5 hours ago | prev | next |

Sequoia sure looks annoying.

Nagware and AI shit I never asked for? I'll stay on Sonoma, thanks.

Wish I could use Snow Leopard again at this point.

wkat4242 4 hours ago | root | parent |

Me too. Snow leopard got out of the way and didn't try to nag you about cloud services ("warning: you didn't finish setting up Apple pay!")

It also left far more decision-making with the user. It's why I left macos a few years ago. An opinionated OS only works if you agree with all the vendor's opinions.

slig 3 hours ago | root | parent |

Just found out recently that even DHH abandoned macOS and is promoting Ubuntu with his own customizations.

wkat4242 2 hours ago | root | parent |

I went the opposite way, I went FreeBSD as I found the commercial Linuxes getting too opinionated for me too. Ubuntu constantly pushing their snaps, RedHat pushing things like systemd. And in general just the huge commercial involvement into Linux. Almost everyone working on Linux works for one of the big tech names.

I decided I wanted to make my own choices and definitely don't want any commmercial involvement. I miss how Linux was when it was really a grassroots project without any commercial agendas. I tried alpine and Amelie linux for a while but I wasn't too happy with them either.

I'm quite happy with FreeBSD on the desktop. There's some issues with WiFi and Bluetooth but I hate laptops anyway. I only use NUCs and there I have everything wired. Besides that it works perfectly and I can set everything the way I want, and still run a full KDE. ZFS on root is amazing and the ports collection is really great. But you do notice it is maintained by a handful of people only. Really good people though!

Not saying that I'd recommend it to anyone else but for me it's great.