Are you using the standard xattr command that’s built into macOS? IIRC there’s another program out there by the same name with completely different syntax. Try running type xattr; it should say something like “xattr is /usr/bin/xattr” if you’re using the standard one.

I am going to blame Microsoft, because “works out of the box” shouldn’t conflict with “secure out of the box.”

And while I won’t blame Linus for insecure-by-default Linux configs, I will blame whoever integrated the distro/dockerfile/etc.

I remember when the local Safeway had one of these! I’m pretty sure that was in the '70s, though. It’s just slightly possible that I might be old.