SIP

I love my Tesla Model S. It's a fabulous car and there are many fabulous and ultimately very boring things that I could say about it. It's fast and quiet and makes you feel like you're sitting in the captain's chair of the USS Enterprise every time you get into the thing on your way to work in the morning. It has many commendable features, but after driving the thing for the better part of two years I've come to the realization that the main problem with the whole man-Tesla symbiotic relationship is that I am, in fact, an idiot.

This manifests itself in many ways, but most of them boil down to some variation on the theme of Oh-No-Where-Are-The-Damn-Keys. You see, as long as you have the keys somewhere about your person then you're able to waltz up to the drivers door and it'll unlock itself and let you in and away you go. However, when you get out of the car you need to push a button on the fob to lock up, which in my case results in a frantic patting of pockets, examining of bags, and occasional spelunking with a flashlight in the darker recesses of the cabin.

Systems and security are only good to a point, and that point is the one at which they're actually both useful and usable.

A couple of years ago Apple came up with the bright idea of SIP (System Integrity Protection), which scored lots of points on the useful scale but not so much on the usable side. SIP locked off access to a slew of places on your Mac that could ostensibly be targets for malicious code, and while the whole thing was a little Big-Brothery it was an undeniably good idea. If you wanted to circumvent it then you could do so relatively simply using the healing power of a relevant Google search, but it probably provided a lot of solid protection for a huge percentage of people who weren't going to fiddle around with the plumbing of their computers and who probably didn't even notice it was there. Like the whole Tesla key thing, it was a little frustrating but demonstrably pretty cool, and you took the former for the sake of the latter.

Which is why it's peculiar that it now--as of macOS Sierra--seems to be switched off by default. Don't believe me? Go on. Try firing up the Terminal and banging in "csrutil status" and see what you end up with.

SIP is a great doorlock, but leaving it wide open by default is at best puzzling and at worst unconscionable...