Codesigning for SIP enabled!

Discussion in 'Mac / Hackintosh' started by Mauwurf, Mar 18, 2024.

  1. Emma Evi

    Emma Evi Ultrasonic

    Joined:
    Nov 12, 2021
    Messages:
    140
    Likes Received:
    34
    how do you run a script with safari on a remote mac via the internet ?

    ChatGPT Fact check:
     
  2. Dan Fuerth

    Dan Fuerth Kapellmeister

    Joined:
    Nov 2, 2017
    Messages:
    99
    Likes Received:
    43
    It is those same "exaggerations" that allowed Meltdown and Spectre to be used because everyone ignored it and thought it was impossible, until it blew on everyone's faces.

    You do realize that China, Israel, USA, Europe have access to MacOS, IOS, Windows Server-Desktop source code? So having said that someone will leak something eventually out of their conscience or due to financial ties.

    If the Snowden saga did not teach us anything then we are lost.
     
  3. Emma Evi

    Emma Evi Ultrasonic

    Joined:
    Nov 12, 2021
    Messages:
    140
    Likes Received:
    34
    This latest response touches on a valid concern regarding security vulnerabilities and the potential for state-level actors to exploit software systems. However, it also includes misunderstandings and exaggerations. Let’s break it down:



    1. Meltdown and Spectre Comparison:



    True, but misleading: Meltdown and Spectre were indeed major vulnerabilities affecting nearly all modern processors, including those used in macOS, Windows, and Linux systems. These hardware-level vulnerabilities exploited speculative execution—a core performance optimization technique in CPUs—and allowed attackers to access sensitive data.

    • However, comparing these vulnerabilities to general issues with macOS or SIP is misleading. Meltdown and Spectre were processor-specific vulnerabilities that impacted all operating systems, not specific issues related to macOS or Apple’s security architecture. They were widely believed to be theoretical for a long time until proof-of-concept attacks were demonstrated, forcing all major OS vendors to implement mitigations. The commenter is right in pointing out that underestimating risks can lead to disastrous consequences, but their analogy is not directly applicable to the specifics of macOS and SIP.



    2. Access to macOS, iOS, Windows Source Code:



    True in some cases, but not inherently problematic: It is known that governments and intelligence agencies in certain countries may have access to proprietary operating system source code through official partnerships or due to legal requirements (for example, Microsoft’s Government Security Program gives certain governments access to source code for security auditing purposes).

    However: Having access to source code doesn’t automatically imply vulnerabilities are being exploited. It’s possible, but major tech companies like Apple and Microsoft implement strict security protocols to prevent unauthorized use or leaking of their source code. The possibility of malicious actors or “leaks” is always a concern, but this doesn’t equate to a widespread, inevitable breach of macOS or iOS systems.

    • Additionally, having access to the source code doesn’t necessarily mean the system is insecure. Security through obscurity is a weak defense; most security experts agree that systems should be secure even if their source code is visible.



    3. Snowden’s Revelations:



    Valid Point: The commenter mentions the Edward Snowden saga, which exposed how intelligence agencies (especially the NSA) were able to exploit software vulnerabilities, tap into communication networks, and gain access to private information. Snowden’s leaks did reveal that governments had significant capabilities to bypass many commercial security measures.

    However: The Snowden revelations primarily concerned government surveillance programs and vulnerabilities in encryption and communication systems, rather than flaws in macOS or iOS source code specifically. Snowden’s case teaches us about the potential for mass surveillance, but it doesn’t directly relate to vulnerabilities like those the commenter is concerned with in macOS and SIP.



    4. Risk of Leaked Vulnerabilities:



    True: The risk of someone leaking vulnerabilities or exploits due to “conscience” or “financial ties” is always present in the cybersecurity world. There have been cases where hackers, whistleblowers, or even employees have disclosed vulnerabilities, either to the public or malicious actors.

    However: While this is a legitimate concern, it doesn’t imply that Apple’s SIP or macOS is fundamentally flawed or that such leaks are inevitable. The cybersecurity world is a constant arms race, with new vulnerabilities being discovered and patched all the time.



    Conclusion:



    The commenter is using valid historical events (like Meltdown/Spectre and Snowden) to raise concerns about the general security environment, but they are applying these examples in an exaggerated and somewhat misdirected way to the specific topic of macOS and SIP. The risks of state-sponsored exploitation and leaks of vulnerabilities are real, but they are not new or unique to macOS. These risks apply across all major operating systems and require constant vigilance, but they don’t invalidate the security measures like SIP, which still serve an important role in protecting everyday users.



    It’s important not to conflate hardware vulnerabilities (like Spectre and Meltdown) or surveillance exploits (like those revealed by Snowden) with specific features like SIP that are designed to protect the integrity of the operating system itself.
     
  4. Emma Evi

    Emma Evi Ultrasonic

    Joined:
    Nov 12, 2021
    Messages:
    140
    Likes Received:
    34
    Since I don’t use any cracked software, there’s no need for me to even consider disabling SIP. I would, however, question why some crackers want you to disable it while others don’t.
     
    • Interesting Interesting x 1
    • List
  5. Peek

    Peek Ultrasonic

    Joined:
    May 1, 2016
    Messages:
    79
    Likes Received:
    30
    This is the right question, in my opinion. The teams who cracked Cubase for Mac should answer it, and they should do so in a very specific way, stating technically what areas of the system need a write concession in permissions.

    Regarding your questions for ChatGPT, I believe they're fine if you want to expand the scope of information you need to develop your own insights.
    But I would not be impressed by his "True" and "False" answers. Who is judging what is true and false? Who.
    Question to yourself, in your opinion, Who, where and how is ChatGPT getting the info it's giving you?
    And (in case you wanted to approach the reflection from this point of view) what model of logic is it using? Human? Terrestrial? Martian? Pleiadian? Romulan? Forgive the regression, but you know what I mean!, right?
     
  6. Emma Evi

    Emma Evi Ultrasonic

    Joined:
    Nov 12, 2021
    Messages:
    140
    Likes Received:
    34
    I don’t trust anyone but myself :) I use ChatGPT to gather information and insights that I can evaluate myself. ChatGPT also functions as a smart search engine since it can look up information, and sources can be easily verified.


    The concern is that disabling SIP might lead to future errors—there’s no way to know for sure.

    If issues arise, who would you contact for resolution? Steinberg?
    With a compromised system and traces of VR or R2R everywhere?!

    When you send a system report, it lists all the software you’ve installed.
    (unless you manually clear it in Terminal).


    I’d rather receive legitimate support and resolve issues than continuously try new software without any support


    [​IMG]
     
    Last edited: Oct 8, 2024
  7. Emigê

    Emigê Newbie

    Joined:
    Aug 15, 2024
    Messages:
    4
    Likes Received:
    2
    Excuse, i've done everything as it said here successfully, but spectralayers doesn't start, it keeps saying i have to install the activation manager, and i already did this too, but, anyway, the app doesnt work on my end with sip enabled. Thnx for the guide anyway, i just faced doubts when i had to make my certificate trustable, wich i did installing some apple intermediate ones.
     
Loading...
Similar Threads - Codesigning enabled Forum Date
Codesigning doesn't work anymore Mac / Hackintosh Feb 14, 2024
Cubase 13 (OSX) SIP enabled Cubase / Nuendo Feb 10, 2024
NI VSTs crashing when Windows graphics scaling enabled? Samplers, Synthesizers Aug 24, 2023
KVR MPE Month: Enter to win over $3500 worth of MPE enabled products Giveaways Mar 5, 2022
Latest waves r2r only works when network in enabled? Software May 5, 2017
Loading...