argh moved to sequoia on my macs

[David Presotto]

And now I can't get at machines on the local network with my binaries.  Binaries started from the terminal still work on the amd machine but on the M3 even that doesn't work. For both machines, any binaries I start from /Library/LaunchDaemons has no local network access.

There is a setting for apps (in system settings->privacy and security->local networks that lets apps access the network (had to find it for chrome).  Unfortunately it is only for apps built using apple tools.  You can't add any to the few that are there, they just get added automatically by popups that show when they try to access the local net.

I could still get to 192.168.1.1 so they probably made an exception for the gateway machine.

/usr/bin/curl seems to be blessed somehow so there must be a way to bless binaries in general (/usr/bin/nc is not).  But I can't find any way to do it just searching.  Wish I had a source in apple.

Anyone know how to bless go binaries?

[David Presotto]

...and Terminal.app is blessed so I can start up binaries under Terminal to access the local net.  What a crock of shit.

[Aram Hăvărneanu]

"Modern" computing is almost an insult. The amount of hoops one has to
jump through just to use their own computer is inconceivable. I swear
computers used to work better in the past.

> --
> You received this message because you are subscribed to the Google Groups "Upspin" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to upspin+un...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/upspin/CAC_Z_pSPVUY8_NxBogDBFb2RBEbKMs7LhnjgcWFNhDnU8yuxFw%40mail.gmail.com.



--
Aram Hăvărneanu

[David Presotto]

Righto.  I got the same results.  When I rebooted the first time, the launchd started my program and it failed to reach the network.  But when I logged in, when my prog next accessd the network macos popped up a box asking me if I wanted to give it network access and from then on it works across reboots.  The build was:

go build -ldflags="-linkmode=external"

I assume I'll have to go through this "mother may I" every time I make a new binary.

Thanks much Rodrigo.

Now I have to figure out how to do that for plan9port...  Would be nice to have 9term blessed in the same way.

On Sun, Oct 6, 2024 at 12:01 PM Rodrigo Schio <rodrig...@gmail.com> wrote:

I was able to reproduce the problem, I didn’t notice that before because I was using Tailscale and probably my local network was not recognized as local…

The flag didn’t worked on terminal, but did work using the LaunchDeamons. I restarted the Mac and I was asked to enable local network permission to the Deamon and it worked (using the go flag to build).

The only way I was able to access the local network via terminal was using an app with local network permission, though I don’t know how to invoke the dialog asking for permission…

--

- Rodrigo Schio

On 6 Oct 2024, at 13:47, David Presotto <pres...@gmail.com> wrote:

Thanks.  Added that load flag on my go build.  Doesn't change things when running under 9term but maybe will help from a LaunchDaemon.  I'll try that next.  

For now, my x86 running sequoia doesn't have the problem if I start from 9term or a crontab so I've moved my daemons there and stopped using launchd.  I'm impressed that the same MacOS version on my M3 has different protections than my x86 mac.

Fuck shit damn.  Guess its time to buy some cheap linux boxes.

On Sun, Oct 6, 2024 at 10:26 AM Rodrigo Schio <rodrig...@gmail.com> wrote:

Maybe this is related: https://forums.developer.apple.com/forums/thread/761001

--

- Rodrigo Schio

[David Presotto]

Argh.  That worked on my M3 but not on my amd MacOS...  

[Filip Filmar]

This is a tangent. Feel free to disregard.

I just thought it needed to be said. The quoted message was also a tangent so I might just as well.

On Sun, Oct 6, 2024 at 10:41 AM Aram Hăvărneanu <ara...@mgk.ro> wrote:

"Modern" computing is almost an insult. The amount of hoops one has to
jump through just to use their own computer is inconceivable. I swear
computers used to work better in the past.

Our relationship with software has changed over time in a way that makes "modern" computing tricky.

• In the really early days, you would connect the wires in a computer yourself. You probably made your own computer anyways.
• At some point it was possible to program your computer. You would then usually run a program you wrote yourself. (Presumably some of the computing legends frequenting this list are born around this time.)
• A while later you could also exchange programs with a colleague. (No personal computers yet. You are probably at a well endowed US university, or a well endowed US private high school; your colleagues across the pond don't have computers just yet.)  (For some weak reference, I was born around this time.)
• A little bit later, you would run programs from "reputable" vendors. (In my imagination, this is about where personal computing started, so we're somewhere in the late 80s now)
  
• The Internet happens. People embrace it, but also a cottage industry of viruses is born. Legitimate and malicious actors alike realize the potential of this technology.
• Today, you run programs you don't trust, on a computing platform you don't trust, both made using processes and technology beyond a single human's comprehension. With all sorts of malicious actors salivating at the opportunity to get a piece of your data given the chance. Some probably embedded deeply in the supply chain that gave you your programs, and/or your computing platform. If your attention slips, I promise you will be running someone's illicit bitcoin miner in no time, and not know it. Or worse.

That's one reason why "modern" computing is hard.

 

F

[David Presotto]

OK, to my last email for a while on the subject.

On any Sequoia, running a binary from the Terminal.app grants it access to the local network.  With no other action running it from 9term doesn't allow access to any local network IP (except the gateway).

on Sequoia 15.0.1 on M3

    - if I run my code as a launch daemon AND built with -ldflags="-linkmode=external" then when the system starts (or I launchctl load it) a window pops up asking me if I want to allow local network access.  Answering yes doesn't necessarily allow it but does put any entry in 'system settings->Privacy & Security->Local Network' that I can check to turn on local network access for my program.  This is sticky so I can run it from a 9term shell prompt, or fork/execed from anything, and it still can access.  Looks like a permanent omnipresent blessing.

on Sequoia 15.0.1 on x86

   - the above ldflags raises a warning but does indeed set the uuid.  However, it seems to have no effect, i.e. I never get a window to pop up asking if I want permission not do I end up getting an entry in 'system settings->Privacy & Security->Local Network'.  However, if I make it a LaunchDaemon that runs as root, it can indeed access the local network, no questions asked.

I don't really know if running as root on the M3 would also work minus the blessing but I'm not tired of this game.

Why this discrepancy I can't answer.  Most likely the implementation is a royal hack job in the networks interface and done differently for the different architectures.

On Sun, Oct 6, 2024 at 12:24 PM David Presotto <pres...@gmail.com> wrote: