Login shell

Ken Cunningham ken.cunningham.webuse at gmail.com
Sun May 10 05:54:27 UTC 2020 

If you look back a few days earlier in this list, you'll see my 
experiences in installing Ubuntu on older MacOS hardware -- I just went 
through the process and documented it there -- and there are various 
resources on the web that weren't too hard to find. I'm typing this on 
Ubuntu running on a MacBook 2,1 now.


It has some nice features. But there are warts.


Ken




On 2020-05-09 10:05 p.m., Dmitri Zaitsev wrote:
> I would be very interested to learn how to avoid the insecure MacOS 
> software replacing it with that from Linux land. Any good source to 
> read about it?
>
> On Sun, May 10, 2020, 07:47 Daniel J. Luke <dluke at geeklair.net 
> <mailto:dluke at geeklair.net>> wrote:
>
>     On May 7, 2020, at 3:34 PM, Ken Cunningham
>     <ken.cunningham.webuse at gmail.com
>     <mailto:ken.cunningham.webuse at gmail.com>> wrote:
>     >> there are large closed-source surface areas that you aren't
>     going to be able to keep updated.
>     >
>     > You have said that before, and I listened, but:
>     >
>     > all my systems live behind a firewall, and none are exposed to
>     the open web.
>     > I don’t use any MacOS-era software to access anything outside
>     the network. Only, really, MacPorts stuff (all with up-to-date
>     security) and TenFourFox (also built with MacPorts stuff, also
>     with all up to date security).
>
>     ... and they're probably all linked with versions of Libsystem
>     that don't have the most recent patches from Apple (you could
>     probably be backporting them, but I doubt you're doing that :) ).
>
>     > I just don’t see the vulnerability, TBH.
>     >
>     > If you know of any, please give me an example. I don’t want to
>     be stupid about things.
>
>     It's risky - the majority of bugs that Apple releases security
>     patches for are in components that exist in previous Mac OS
>     versions. Maybe those versions don't have those problems (but they
>     probably do). Maybe no one is exploiting them.
>
>     If you are firewalling and monitoring both inbound and outbound
>     traffic, maybe you've set things up so that you can run a
>     vulnerable system safely. Most people aren't capable of doing
>     that. These kinds of things are hard to do well - if you've got a
>     strong perimeter, but vulnerable systems inside - it just takes
>     one problem with your perimeter security and an attacker has
>     access to everything you thought was secured by your perimeter
>     security.
>
>     > The time daemon, maybe? I heard there was something about that
>     daemon,
>
>     yeah, it's had a bunch of problems.
>
>     > but it just checks Apple’s time server.
>
>     how do you know? (hint: ntp uses udp and also bgp-interdomain
>     routing is still largely insecure).
>
>     > I could replace that too, I guess...
>
>     At that point, if you're not using any MacOS software - why are
>     you running Mac OS at all? That hardware can run an OS that's
>     still getting security patches and run all of the unix-y software
>     that's in Macports without the risk.
>
>     (Of course, Mac OS UI and hardware drivers are generally better,
>     so I understand there may be reasons why people might want to do
>     this - but I think it's too easy to overlook the potential downside).
>
>     [This is probably off-topic for macports, so I'll refrain from
>     typing more]
>     -- 
>     Daniel J. Luke
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macports.org/pipermail/macports-users/attachments/20200509/e8de4cff/attachment.html>

More information about the macports-users mailing list