[TUHS] Maintenance mode on AIX
Will Senn
will.senn at gmail.com
Thu Jan 19 03:21:16 AEST 2023
Wow, we're all over the place on this thread. I stopped updating my Mac
with Mojave. Occasionally, I flirt with more recent incarnations and
much like with recent Windows incarnations, I scurry back pretty quickly
to the stable and fast. ... and Mojave support 32 bit apps, which is
nice. It's fast, responsive, and locked down the way I like it.
The mutually exclusive goals represented by security/it lockdown
obsession and OS phone homeitis is ridiculous. One hopes that this is
not a permanent set of affairs. I would prefer my OS to be under my
control and secure my information, for me.
Lately, I've been doing work with SculptOS on Genode - a capabilities
based OS running on a microkernel (trusted computing base). Sculpts got
a ways to go, but I like the way the architects are thinking.
Will
On 1/18/23 11:08 AM, segaloco via TUHS wrote:
> Apple's unreasonable hardening has been the latest deterent to my ever
> wanting to use macOS as a personal driver. I've got a Mac as my daily
> driver for work, it can happily stay with work until I can decide how
> the filesystem is laid out and what folders I, as the root user, can
> and can't interact with from user land. I own my machine, not Apple.
>
> - Matt G.
> ------- Original Message -------
> On Wednesday, January 18th, 2023 at 8:59 AM, Clem Cole <clemc at ccc.com>
> wrote:
>
>>
>>
>> On Wed, Jan 18, 2023 at 11:39 AM Larry McVoy <lm at mcvoy.com> wrote:
>>
>> Someone once told me that if they had physical access to a Unix
>> box, they
>> would get root. That has been true forever and it's even more
>> true today,
>> pull the root disk, mount it on Linux, drop your ssh keys in
>> there or add
>> a no password root or setuid a shell, whatever, if you can put
>> your hands
>> on it, you can get in.
>>
>> A reasonable point, but I think it really depends on the UNIX
>> implementation I suspect. Current mac OS is pretty well hardened from
>> this, with their current enclaves and needing to boot home to Apple
>> to get keys if things are not 100% right. Not saying you or I can
>> not, but basically means the same cracking tricks you need to use for
>> iPhones. It's not as easy as you describe.
>>
>> The ubiquitous Internet/WiFi changed the rules - as you can start to
>> keep some set of keys somewhere else and then encrypt the local
>> volumes. In fact, one of the things they do if mac OS boot detects
>> that root has been modified (it has a crypto index stored away when
>> it was made read-only), the boot rolls back to the last root snapshot
>> -- since they are all read-only that works. In fact, it is a PITA to
>> update/fix things like traditional scripts (for instance the scripts
>> in the /etc/periodic area). Basically, they make it really unnatural
>> to change the root files system, make a new snapshot and index (I
>> have yet to see it documented although, with much pain, I previously
>> created a procedure that is close -- i.e. it once worked on my
>> pre-Ventura Mac - but currently -- fails, so I need to some more
>> investigation when I can bring this back to the top of the
>> importance/curiosity stack (I have a less than satisfying end around
>> for now so I'm ignoring doing it properly).
>>
>> Clem
>> ᐧ
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20230118/fced3d5a/attachment.htm>
More information about the TUHS
mailing list