Login shell

Sun May 10 06:21:58 UTC 2020

Is this the post you are referring to?
https://lists.macports.org/pipermail/macports-users/2020-April/048223.html

When I tried Ubuntu on Mac Pro, I couldn't get any sound and trying to
look for help online it felt like another rabbit hole to jump in :(
Old problems solved, new ones created :(

I was reading this and thought it referred to using
no-mac-era-software from within macOS:
>> > I don’t use any MacOS-era software to access anything outside the network.

I'd be interested in any experience running Linux software directly on
macOS, without installing Linux.

On Sun, May 10, 2020 at 12:54 PM Ken Cunningham
<ken.cunningham.webuse at gmail.com> wrote:
>
> If you look back a few days earlier in this list, you'll see my experiences in installing Ubuntu on older MacOS hardware -- I just went through the process and documented it there -- and there are various resources on the web that weren't too hard to find. I'm typing this on Ubuntu running on a MacBook 2,1 now.
>
>
> It has some nice features. But there are warts.
>
>
> Ken
>
>
>
>
> On 2020-05-09 10:05 p.m., Dmitri Zaitsev wrote:
>
> I would be very interested to learn how to avoid the insecure MacOS software replacing it with that from Linux land. Any good source to read about it?
>
> On Sun, May 10, 2020, 07:47 Daniel J. Luke <dluke at geeklair.net> wrote:
>>
>> On May 7, 2020, at 3:34 PM, Ken Cunningham <ken.cunningham.webuse at gmail.com> wrote:
>> >> there are large closed-source surface areas that you aren't going to be able to keep updated.
>> >
>> > You have said that before, and I listened, but:
>> >
>> > all my systems live behind a firewall, and none are exposed to the open web.
>> > I don’t use any MacOS-era software to access anything outside the network. Only, really, MacPorts stuff (all with up-to-date security) and TenFourFox (also built with MacPorts stuff, also with all up to date security).
>>
>> ... and they're probably all linked with versions of Libsystem that don't have the most recent patches from Apple (you could probably be backporting them, but I doubt you're doing that :) ).
>>
>> > I just don’t see the vulnerability, TBH.
>> >
>> > If you know of any, please give me an example. I don’t want to be stupid about things.
>>
>> It's risky - the majority of bugs that Apple releases security patches for are in components that exist in previous Mac OS versions. Maybe those versions don't have those problems (but they probably do). Maybe no one is exploiting them.
>>
>> If you are firewalling and monitoring both inbound and outbound traffic, maybe you've set things up so that you can run a vulnerable system safely. Most people aren't capable of doing that. These kinds of things are hard to do well - if you've got a strong perimeter, but vulnerable systems inside - it just takes one problem with your perimeter security and an attacker has access to everything you thought was secured by your perimeter security.
>>
>> > The time daemon, maybe? I heard there was something about that daemon,
>>
>> yeah, it's had a bunch of problems.
>>
>> > but it just checks Apple’s time server.
>>
>> how do you know? (hint: ntp uses udp and also bgp-interdomain routing is still largely insecure).
>>
>> > I could replace that too, I guess...
>>
>> At that point, if you're not using any MacOS software - why are you running Mac OS at all? That hardware can run an OS that's still getting security patches and run all of the unix-y software that's in Macports without the risk.
>>
>> (Of course, Mac OS UI and hardware drivers are generally better, so I understand there may be reasons why people might want to do this - but I think it's too easy to overlook the potential downside).
>>
>> [This is probably off-topic for macports, so I'll refrain from typing more]
>> --
>> Daniel J. Luke
>>

-- 
Dmitri Zaitsev
School of Mathematics
Trinity College Dublin

WWW:  http://www.maths.tcd.ie/~zaitsev/