I see a whole string of paranoia going around with Apple arming their chips to spy on users, little snitch+ even sold out by allowing all OCSP to take place over the net even after people cried about it, so with iloks, key engines requiring Virtual PCs, terminal commands, turning off SIP, Gatekeeper, 3rd party VPM etc etc in what order and what apps would you use to protect your personal privacy?

-Turn off Gatekeeper
-Turn off SIP (restart required)
-Deep code singing and how?

Utilities+
-Transmission torrent app
-Apple X-Code
-Application assistant apps to trash anything attached to un wanted apps going to trash.
-Firewall reporting app (Lulu little snitch ect)
-VPN app
-Carbon Copy Cloner and extra 1TB SSD to clone backups incase

Interestingly there are unique things about the M1 Macs infrastructure, example:

=did i miss anything?
=What are the steps you guys use?

 

Last edited: Sep 26, 2022

Codesigner, BatChMod, PermissionsReset2. You worry about privacy, but then disable SIP for code from VR? hmm. Find a nice hosts file which will block many known unwanted destinations.

 

Last edited: Sep 27, 2022

its why I am asking, I'm new to m1 and Monterey, I had no time at all with BigSur so I am not familiar with their platform...
how ever I am familiar with Catalina and spent hundreds of wasted hours before finally figuring out how to re install and re migrate a user with everything identically as I left it......which is good cause Catalina builds this cache space which takes hundreds of gigs up and you can't delete it.

I have no idea what your talking about, would love to know more, thanks!

 

Last edited: Sep 27, 2022

use Codesigner Beta. the guy or company who made this took it off their website for whatever reason. here is a copy of it.
https://mega.nz/file/sV4wXQQQ#GgV1gF7S38E09nCCAmzWszCR3GQc9PwQP4nOnLFmQ2Y

it can deep code sign from simple gui. it's faster and more accurate than typing out terminal commands.


The hosts file, you can just find a host file which will contain a huge list of domains and ip addresses which you do not want your computer sending outbound data to. People have shared them on the forums even. This is sometimes a better solution because software may be able to sneak data past something like LuLu or Little Snitch.

 

Last edited: Sep 27, 2022

thank you, its very important to prevent any backdoor outbound or inbound traffic..ok so you find a host file or file with all the addresses to block....I shut off wifi when I reboot cause I know backdoors are open, I even heard this from developers for little snitch ( I edited this to shorten my post)

In Monterey there ate two host files
hosts

and
hosts-e

Here is what I see by both of them:

##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost



I see YouTube videos on how to add hosts

im still looking for viable info, I seen it before..

 

Last edited: Sep 27, 2022

This short article is pretty clear reading: https://www.inmotionhosting.com/support/edu/software/how-to-edit-your-hosts-file-on-a-mac/

Step 4 is where the information about connections you want blocked is added. After you reboot, the changes to your hosts file will be in effect.

This is the most secure way of blocking outbound solicitations/data and what is also frequently called " Home-Calling" by plugins and programs. The downside is, once you block a domain this way; it will not connect to that domain AT ALL. Including using your web browser. And you need to know what to block. Some programmers who add "Home Calling" to their programs can be tricky, using web domains that look completely unrelated to their company or product. Because they know we block them this way.

 

thanks, always wondered why I was getting emails from developers I never subscribed too.
ill check the info out asap

 

Just noticed I had requested version code signer 0.9.4, THANKS!!!!

Do know of any decent 2022 host address list
and if this host editing app is worth $5
https://apps.apple.com/us/app/ihosts-etc-hosts-editor/id1102004240?mt=12 ?

 

Last edited: Oct 2, 2022

speaking of SIP I know someone who had problems with it on, but then I found out they had created symlinks to external drives of system files like vst etc and to do this in ventura yu need to shut SIP off then turn it back on when your done but this girl forgot to remove her admin permissions to those folders before turning it back on which allowed anyone (such as developers who have the password during install) to re enter and make trouble.

 

Recently purchased a used Mac Mini M1 (16Gb/512Gb) to see what all the fuss was about. Nice little machine, and fast! I like the machine but don't care for all of Apple's restrictions on the Silicon machines. Some really shitty design choices by Apple, for instance, if your internal drive shits the bed you are screwed because Apple won't allow you to boot off any other device if the internal drive is screwed. So you either have to send it to Apple to replace the motherboard since the SSD is soldered to it, or junk the machine and buy another. I'm sure Apple will charge some insane amount for the motherboard replacement. My advice is for any future M1/M2 etc... owners to definitely buy AppleCare+ for their systems. Yes, and I'll bet this was a way for Apple to get more folks purchasing it!

 

You most certainly can boot off of an external drive.

 

All of this is spoken like a PC expert. Because you are assuming that a SSD installed by Apple is going to fail. Get an external also then. Do not let Logic write to the internal for everything, because SSD failure can be attributed to constantly writing to them, as opposed to a mechanical drive where you wait for a mechanical failure instead. i'd worry more about knocking it off a desk or something.

 

You're mistaken, not with regard to Silicon machines. Apple has a bug in their ASR routine that prevents it. I know you don't believe me so I'll provide proof! You do know who Mike Bombich is right? This is from his Blog:

Apple Software Restore isn't quite ready for the new Apple Silicon Mac storage
When Apple introduced Apple Silicon Macs, we discovered another snag. The "Apple Fabric" storage in these Macs offers per-file encryption keys (like the storage in iOS devices), and for months, ASR didn't work with it. Apple partially resolved that in macOS 11.3, but even now using ASR to clone the system back to the internal storage of these Macs doesn't quite work – it causes a kernel panic.

Back in December I had a conference call with Apple about the reliability and functionality of ASR on macOS and regarding Apple Silicon Macs in particular. They indicated that they were working to resolve the ASR/Apple Fabric issue, but they made it very clear that copying macOS system files was not something that would be supportable in the future. Many of us in the Mac community could see that this was the direction Apple was moving, and now we finally have confirmation. Especially since the introduction of APFS, Apple has been moving towards a lockdown of macOS system files, sacrificing some convenience for increased security.

An Apple Silicon Mac won't boot if the internal storage has failed
If you were making your backups bootable in case of hardware failure, then that's an extra logistical chore that you can now retire from your backup strategy.
What did come as a surprise, however, was a very subtle logistical change noted in a Product Security document published in February(link is external) regarding the new Apple Silicon Macs. A footnote at the very end of the document notes that, regardless of where the boot device is physically located, the boot process is always facilitated by a volume on the internal storage. The lightweight operating system on that volume ("iBoot") evaluates the integrity of the boot assets and authenticates the OS on that external device, then proceeds with the boot process from that external device. What does all of that mean? In theory it means that Apple Silicon Macs cannot boot at all if the internal storage fails. Lacking a Mac whose internal storage I was willing to damage to prove this, I contacted the authoritative experts within Apple in April and they unambiguously confirmed that that is the actual result – you can't boot an Apple Silicon Mac if the internal storage has died.

Apple has made clear that they will continue to support "external boot" on Apple Silicon Macs, but the reality is that it will be more limited in what it can do. If you were making your backups bootable in case of hardware failure, then that's an extra logistical chore that you can now retire from your backup strategy.

 

If you decide to do factory reset, do come prepared for pkdownload error and work on workarounds immediately, have bootable installation drive ready if server decides your internet connection isn't up to his spec, learned that the hard way. Luckily internet connection of my close friend did the job after second try, first try was stuck on less than a minute for 20 minutes, another try did it, don't know how it took, I gave up at that point, just heard laptop powering back on and all that fun stuff. Spend day before losing my nerves, see there's like 7 hours to wait and suddenly it throws error at some point. Messed with internet router, connections and all that, nothing helped. That's really lame thing from Apple, this stuff should work. All that was starting from Monterey from Recovery, found out there was actual bug in Big Sur concerning that error, really stupid stuff.

 

I can testify to this, I had to reset a m1 MacBook from 2020 due to issues caused from trying to boot off external.
here is the solution to space
1-get a external HD or ssd for sample libraries, library files symlinks etc
2-get a external ssd for an external user
3-get a external ssd for projects

when you create an external user SSD yu simply create an admin internally, make the second admin user bubtu inside the internal SSD, then drag drop the intended external home folder unto the external SSD, open the users prefs in the internal admin account, control click -right advance and point to the external SSD or simply create, log in and your done, start installing from the external ssd but to save yourself issues disable SIP etc, change permissions of folders in the system to admin read and write, cause your gonna have to create symlinks.

as you install large libraries, example Arturia, Ni Instruments etc, create a symlink using the terminal and place them on a ext SSD, Arturia, ni instruments etc should be installed internally, then dragged unto the external HD or SSD, then linked via symbolic links.

If you guys do this you will have a monster set up, access to everything, there are only two issues with this set up
1-Pro Tools plugins get insertion errors, this was supposed to be fixed last week after updating to m1, but nothing changed.
2-the most obvious issue is if you start up with the external SSD unplugged (disconnected or accident) you will have to again log into your internal SSD user, (just like switching users) and when pointing to the external SSD (after reconnecting) just cancel and log in to the user.

So far I tested this method on 4 Mac m1s and one m2, I had nothing but success aside pro tools plugin issues., everything from waves, Arturia, NI Instruments, etc etc works perfect...space is the biggest issue unless you want to dish out 2.5 K for a 2TB internal m1 Mac., infact the best part about this is that WAVES had recently spilled the milk on how to remove the most nortorious suspected background apps..which has been the main issue for those e installing newer waves from offline images.

here is what WAVES told people to do to totally remove ALL traces of their apps as they suggested its the same for many apps installing background junk such as WAVES INC located in your m1 Ventura system prefs/General/Login Items/Allow in background (not the above where you can remove them).

To remove the Waves Inc item from the list, please follow these steps:

1. Go to Mac HD > Library > LaunchDaemons and remove all the files related to Waves. If a file doesn't include the name "Waves", please don't remove it.
2. Go to Mac HD > Library > LaunchAgents and remove all the files related to Waves.
3. Do the same on the User library on your Mac:
   • In Finder, on Apple's top menu select the "Go" tab. A drop-down menu will open.
   • Hold down Alt\Opt key on your keyboard, and select the hidden Library folder.
   • Go to the LaunchAgents folder, and remove all of the Waves-related files (if they exist).

Once all the Waves files are removed from these folders, please fully quit the System Settings app, and restart the computer.

Then, reopen it and go to Genreal > Login Items. You might see the Waves Inc file for a few seconds before it disappears.

 

This is precisely what keeps thing simple with Apple. And their supply chain too. Everything is streamlined. No time for replaceable parts and all that BS. That said you can still boot from a drive, and TimeMachine too.

Buy the largest internal SSD drive as you can (8TB will cost you a fortune but it's a real luxury that most producers, graphic designers, hi-res video editors, etc. will need) and make sure to use TimeMachine (on multiple drives, rotating their location from time to time in case someone steals your laptop or there's a fire/burglary in your flat), that way you're safe. And Dropbox of course on top of it all, to create another layer of real-time backup.

 

factory reset on m1 is identical to iPhone and iPads., your basically using the same procedure..hope Tim Crooks is reading this..I just want to say he is a B1tch!, you see, I met Steve Jobs back in the 90s, and later he contacted me about how bankers were out to get him, everyone knows this but its been covered dup outside the Silicon Valley communities, and Mr Crook who was the expert at replacing apple product parts in last quarter batches with faulty everything has been doing this for the same bank investors now..

the throw away litter product model is illegal in Europe, but apple did not comply, they took the abuse a step further by soldering SSD drives unto mother boards so you thro the whole computer away now., maybe everyone will be able to afford tools to un solder re solder SSDs themselves...its way expensive now.

 

Last edited: Apr 3, 2023

I think all M1 macs including the mini have the SSD soldered. It's still very small so I get it. I also get that they could easily have done it removable. If you consider this a plus you're a fanboy.

 

codesigning, dequarantine, editing hosts files etc... is all done via Terminal, which you can script with Apple's Automator, just learn it and forget about those bullshit paid scamware apps,
note: CodeSigner and DeQuarantine are free utilities shared at MSJ, if someone is making money of it, fuck them off

"problem" with Apple Silicon is, Apple Silicon, everything requires ARM-native code to work properly, Rosetta2 being mediocre translation layer,
forget about using Windows via Bootcamp, forget about simple booting MacOS from external drive, forget about simple recovery or full reinstall of MacOS,
everything is soldered into motherboard and tied to SoC, you can't even replace basic components without making Mac unbootable (just search YouTube for rant about replacing macbook close lid sensor - TLDR you can't replace 1$ piece on $3000 device),

if you're concerned about privacy, good luck configuring full-featured network-wide firewall on your network...

if you want test ARM-native code, you have no other option, not quite sure what's the point of this thread

 

Why are you taking it personally? I have criticized the policies of the company. And anyway, I will happily spend my life with Windows. Thanks to R2R.

 

Last edited: Apr 3, 2023