Source? We're not talking about improving security and user space drivers. Linux has done it forever. We're talking about locking down the system. Show me the Linux where I can't add whatever I want.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Begins Warning Users That 'Legacy System Extensions' Won't Work With a Future Version of macOS
- Thread starter MacRumors
- Start date
- Sort by reaction score
This isn't about customers using their hardware in whichever way they want. How many customers write their own kexts? And if they want to keep running apps that require kexts... they don't upgrade. It's a very old story. Change happens, people adapt. Some will adapt sooner, others will delay that change for as long as possible.
This is about protecting the vast majority of customers from malicious or poorly-written software. The functionality provided by third-party kexts is being moved elsewhere; it's just a change of architecture. If there's functionality that can't be executed in some other way, I'd be interested to know what it is
Third party software shouldn't need access to the kernel.
They are modernizing the OS and closing major security vulnerabilties.
Ooops I think I was in error. The OEM Apple Ethernet/USB driver is embedded in the OS somehow.
The one that is giving problems is a common USB Ethernet driver, mine is made my J5Create. The chipset is made by ASIX Electronics, and the driver is the AX88179. <— very common!!
More info: https://lorenzo.mile.si/ax88179-usb-ethernet-and-macos-10-13-high-sierra/617/
^^^ So above was the first instance of macOS getting upset about these extensions, now we know they’ll be completely deprecated soon.
Logitech Options for their mouse & keyboard is getting the message also about future OS support... Guess Logitech has some work to do...
TotalSpaces already doesn't work in 10.14+ without SIP permanently disabled, which is the sole reason I haven't upgraded past 10.13. The author is supposedly looking into a workaround for a future version, although I'm not sure if he's bypassing kernels completely and going another direction.
I assume you didn't read that Little Snitch will be updated to support the new system extension requirements.
Apple will always have your back when it comes to security and privacy. Developers must behave responsibly and adapt to solutions that make these platforms safer and more robust for all users.
Linux is worse than Windows in that it purposely makes it difficult to add kernel modules/drivers without having the driver source code at the time the kernel is compiled. This is because Linux does not have a stable kernel-space ABI.
Look at nVidia drivers, for example. To install them, you need the kernel source and a C compiler to build the exact right interface module. Another example is Red Hat, who, for this reason, uses the same frozen kernel version for pretty much a decade, backporting patches onto it. (Today, they're shipping the exact same kernel version they did in 2013)
It is designed this way due to free software politics: it is to force you to release the source of your drivers under the GPL and ultimately donate your IP into the Linux source tree.
And practically, all modern distros only allow distribution-signed kernel modules to be installed due to Secure Boot. You have to specifically go disable kernel signing validation and Secure Boot to load third-party code. This is worse than Windows which allows signed third-party code to load.
Last edited:
Total dummy question here - but wouldn't this be helpful in changing platforms from Intel to Axx whatever?
Apple has a responsibility to protect all of its users through improved security.
Since you implied you are a developer, you can adapt the software you develop, or be left behind.
apple can protect sheep however they like, just give me option to disable this ****
Quoting myself here, but another USB to Gigabit Ethernet adapter driver that has this extension problem is the StarTech US1GC30B, which uses a Realtek RTL815x driver.
Please don't pipe up if you have nothing useful to say.
OF COURSE this is about security. kexts are a security disaster --- running with kernel privileges, access to all kernel address space, no sandboxing...
There is also a larger program in play here. It is obvious to even the dimmest monkey that we are past the multi-core era and heading into the many-core era. If we want better utilization of all those cores, one part of that is we need the OS to be split into smaller parts that can operate independently and with only loose coupling. Moving ever more OS functionality out of the OS proper and into dedicated processes is one part of that larger goal of a more decoupled, more parallel, OS.
hate legacy status for os that has worked ok and you get better using it
then bam - announcement of no future support
my experience is windows xp was just fine
windows 7 is ok still on 2 laptops
now fumbling through win 10 on 2 newer lappies
what ever happened to "sustaining engineering"
brings back memories when i was a wiz with win xp - so sad when had to say bye bye baby
then bam - announcement of no future support
my experience is windows xp was just fine
windows 7 is ok still on 2 laptops
now fumbling through win 10 on 2 newer lappies
what ever happened to "sustaining engineering"
brings back memories when i was a wiz with win xp - so sad when had to say bye bye baby
SIP already did that. What they do now is the possibility for third party developer to control drivers and the system from user space. So it is the opposite of what you are projecting.
To add to the above, you can then sort by "Obtained from" to filter out all the non-Apple items (which are presumably the ones of interest)
One that are marked Notarized are probably being maintained by developers who know what they are doing.
Ones not marked Notarized should probably either be updated, or you should accept that they have been abandoned.
(There's actually, at least on my system, a lot of junk there! I saw maybe 20 items that are clearly way past their expiry date, just persisting one update after the next. Time to do some house cleaning...)
No it has nothing to do with this. It is a change to the kernel and how the user space interacts with it. It is mostly agnostic to cpu architecture.