The advent of SIP was another step into the walled garden that Apple wants its users to dwell in, doing not much more as pondering how to best spend more money on Apple products.
If Sierra would have been a well designed and developed OS then SIP might have been actually a welcome hardening aspect towards a more secure OS.
Unfortunately that does not seem to be the case. SIP seems to be more of a hassle for you to take control of your machine, your setup and the OS you have to use.
Sierra keeps growing the list of background processes and 'cool features', introduces new bugs and rarely fixes old ones.
There are numerous bugs and way too many processes that are having some of these bugs running all the time. They suck up CPU cycles, available RAM and battery. They phone home and cost you on your metered internet.
Best of all, some of them do that on your hardware because they try to use 'cool' features of this OS despite your hardware being really not capable or simply blacklisted by Apple. Examples for that might be HandOff, Continuity, AirDrop, Airplay and the like.
Fanboys keep telling us that Apple really tests their hardware and software so that they play so well together like no other.
Since this customisation is only rarely possible to achieve with Sierra's own GUI tools I want to list several convenience options to make that OS behave itself and disable as much of the useless, the broken, the scary, the dangerous, the unwanted stuff that Apple deems cool to have on marketing check boxes.
This might/will break some things behind the scene. But breakage should be kept to a minimum and is most of the time intentional. So do not apply any of these tools blindly but check every step along the way.
What keeps missing is an up-to-date and live version of a thorough documentation of what all these processes are intended to do, like it used to be here (dead link):
http : / / triviaware . com / macprocess /
General guide, but for El Capitan, some advice still applies:
https://github.com/ernw/hardening/b...m/osx/10.11/ERNW_Hardening_OS_X_EL_Captain.md
Available tools, GUI editors for launchd:
Lingon (non-free):
https://www.peterborgapps.com/lingon/
LaunchControl (non-free):
http://www.soma-zone.com/LaunchControl/
Available tools, pre-made scripts and guides to automate disabling certain aspects:
Disable bunch of #$!@ in Sierra (Version 2.1):
https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3
## The list of disabled services there is a nice starting point for the cautious to unload those daemons one by one with one of the above GUI tools
A practical guide to securing macOS:
https://github.com/drduh/macOS-Security-and-Privacy-Guide
Up to date successor to osxlockdown:
https://github.com/kristovatlas/osx-config-check
Nicely commented "Simple shell script to fix macOS privacy issues and remove mostly useless macOS calls to cupertino":
https://goo.gl/Mk19Lo
Only small portions really applicable here but still some unique items:
https://gist.github.com/brandonb927/3195465
If you have other suggestions to minimise the foot print of the Sierra juggernaut, please post below.
If Sierra would have been a well designed and developed OS then SIP might have been actually a welcome hardening aspect towards a more secure OS.
Unfortunately that does not seem to be the case. SIP seems to be more of a hassle for you to take control of your machine, your setup and the OS you have to use.
Sierra keeps growing the list of background processes and 'cool features', introduces new bugs and rarely fixes old ones.
There are numerous bugs and way too many processes that are having some of these bugs running all the time. They suck up CPU cycles, available RAM and battery. They phone home and cost you on your metered internet.
Best of all, some of them do that on your hardware because they try to use 'cool' features of this OS despite your hardware being really not capable or simply blacklisted by Apple. Examples for that might be HandOff, Continuity, AirDrop, Airplay and the like.
Fanboys keep telling us that Apple really tests their hardware and software so that they play so well together like no other.
Since this customisation is only rarely possible to achieve with Sierra's own GUI tools I want to list several convenience options to make that OS behave itself and disable as much of the useless, the broken, the scary, the dangerous, the unwanted stuff that Apple deems cool to have on marketing check boxes.
This might/will break some things behind the scene. But breakage should be kept to a minimum and is most of the time intentional. So do not apply any of these tools blindly but check every step along the way.
What keeps missing is an up-to-date and live version of a thorough documentation of what all these processes are intended to do, like it used to be here (dead link):
http : / / triviaware . com / macprocess /
General guide, but for El Capitan, some advice still applies:
https://github.com/ernw/hardening/b...m/osx/10.11/ERNW_Hardening_OS_X_EL_Captain.md
Available tools, GUI editors for launchd:
Lingon (non-free):
https://www.peterborgapps.com/lingon/
LaunchControl (non-free):
http://www.soma-zone.com/LaunchControl/
Available tools, pre-made scripts and guides to automate disabling certain aspects:
Disable bunch of #$!@ in Sierra (Version 2.1):
https://gist.github.com/pwnsdx/d87b034c4c0210b988040ad2f85a68d3
## The list of disabled services there is a nice starting point for the cautious to unload those daemons one by one with one of the above GUI tools
A practical guide to securing macOS:
https://github.com/drduh/macOS-Security-and-Privacy-Guide
Up to date successor to osxlockdown:
https://github.com/kristovatlas/osx-config-check
Nicely commented "Simple shell script to fix macOS privacy issues and remove mostly useless macOS calls to cupertino":
https://goo.gl/Mk19Lo
Only small portions really applicable here but still some unique items:
https://gist.github.com/brandonb927/3195465
If you have other suggestions to minimise the foot print of the Sierra juggernaut, please post below.
