From: Will Senn <will.senn@gmail.com>
To: segaloco <segaloco@protonmail.com>, Clem Cole <clemc@ccc.com>
Cc: tuhs@tuhs.org
Subject: [TUHS] Re: Maintenance mode on AIX
Date: Wed, 18 Jan 2023 11:21:16 -0600 [thread overview]
Message-ID: <1315c448-c8e8-1ae5-ef34-0f7ba3fbb8a7@gmail.com> (raw)
In-Reply-To: <zpdIicuX7AbN-y6hYho0eLOnHgzRs4iHa1UD6bxUyiTZhqZkg3Ha8TKWVASxWkDZitFw0JIopRVh7BRC2PzLFrF_Gjsb2yCi-uxJ3Yr3AtE=@protonmail.com>
[-- Attachment #1: Type: text/plain, Size: 3359 bytes --]
Wow, we're all over the place on this thread. I stopped updating my Mac
with Mojave. Occasionally, I flirt with more recent incarnations and
much like with recent Windows incarnations, I scurry back pretty quickly
to the stable and fast. ... and Mojave support 32 bit apps, which is
nice. It's fast, responsive, and locked down the way I like it.
The mutually exclusive goals represented by security/it lockdown
obsession and OS phone homeitis is ridiculous. One hopes that this is
not a permanent set of affairs. I would prefer my OS to be under my
control and secure my information, for me.
Lately, I've been doing work with SculptOS on Genode - a capabilities
based OS running on a microkernel (trusted computing base). Sculpts got
a ways to go, but I like the way the architects are thinking.
Will
On 1/18/23 11:08 AM, segaloco via TUHS wrote:
> Apple's unreasonable hardening has been the latest deterent to my ever
> wanting to use macOS as a personal driver. I've got a Mac as my daily
> driver for work, it can happily stay with work until I can decide how
> the filesystem is laid out and what folders I, as the root user, can
> and can't interact with from user land. I own my machine, not Apple.
>
> - Matt G.
> ------- Original Message -------
> On Wednesday, January 18th, 2023 at 8:59 AM, Clem Cole <clemc@ccc.com>
> wrote:
>
>>
>>
>> On Wed, Jan 18, 2023 at 11:39 AM Larry McVoy <lm@mcvoy.com> wrote:
>>
>> Someone once told me that if they had physical access to a Unix
>> box, they
>> would get root. That has been true forever and it's even more
>> true today,
>> pull the root disk, mount it on Linux, drop your ssh keys in
>> there or add
>> a no password root or setuid a shell, whatever, if you can put
>> your hands
>> on it, you can get in.
>>
>> A reasonable point, but I think it really depends on the UNIX
>> implementation I suspect. Current mac OS is pretty well hardened from
>> this, with their current enclaves and needing to boot home to Apple
>> to get keys if things are not 100% right. Not saying you or I can
>> not, but basically means the same cracking tricks you need to use for
>> iPhones. It's not as easy as you describe.
>>
>> The ubiquitous Internet/WiFi changed the rules - as you can start to
>> keep some set of keys somewhere else and then encrypt the local
>> volumes. In fact, one of the things they do if mac OS boot detects
>> that root has been modified (it has a crypto index stored away when
>> it was made read-only), the boot rolls back to the last root snapshot
>> -- since they are all read-only that works. In fact, it is a PITA to
>> update/fix things like traditional scripts (for instance the scripts
>> in the /etc/periodic area). Basically, they make it really unnatural
>> to change the root files system, make a new snapshot and index (I
>> have yet to see it documented although, with much pain, I previously
>> created a procedure that is close -- i.e. it once worked on my
>> pre-Ventura Mac - but currently -- fails, so I need to some more
>> investigation when I can bring this back to the top of the
>> importance/curiosity stack (I have a less than satisfying end around
>> for now so I'm ignoring doing it properly).
>>
>> Clem
>> ᐧ
>
[-- Attachment #2: Type: text/html, Size: 6811 bytes --]
next prev parent reply other threads:[~2023-01-18 17:22 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-18 9:43 [TUHS] AIX moved into maintainance mode arnold
2023-01-18 14:46 ` [TUHS] " Phil Budne
2023-01-18 14:55 ` Ralph Corderoy
2023-01-19 14:42 ` Liam Proven
2023-01-19 15:04 ` Warner Losh
2023-01-19 15:15 ` Liam Proven
2023-01-18 15:13 ` arnold
2023-01-18 15:14 ` Larry McVoy
2023-01-18 16:10 ` segaloco via TUHS
2023-01-18 16:19 ` Stuff Received
2023-01-18 16:19 ` Larry McVoy
2023-01-18 16:27 ` [TUHS] Maintenance mode on AIX Ron Natalie
2023-01-18 16:38 ` [TUHS] " Larry McVoy
2023-01-18 16:59 ` Clem Cole
2023-01-18 17:08 ` segaloco via TUHS
2023-01-18 17:21 ` Will Senn [this message]
2023-01-18 19:50 ` David Barto
2023-01-19 14:25 ` Liam Proven
2023-01-18 20:34 ` Arno Griffioen via TUHS
2023-01-18 20:50 ` Brad Spencer
2023-01-18 16:36 ` [TUHS] Re: AIX moved into maintainance mode Will Senn
2023-01-18 16:42 ` Larry McVoy
2023-01-18 16:57 ` Will Senn
2023-01-18 17:16 ` Larry McVoy
2023-01-18 17:25 ` Will Senn
2023-01-18 21:09 ` segaloco via TUHS
2023-01-18 21:18 ` Kevin Bowling
2023-01-19 1:13 ` Joseph Holsten
2023-01-19 15:04 ` Liam Proven
2023-01-18 19:25 ` Dave Horsfall
2023-01-19 15:02 ` Liam Proven
2023-01-19 15:12 ` arnold
2023-01-19 17:46 ` Steffen Nurpmeso
2023-01-19 18:24 ` Doug McIntyre
2023-01-19 19:44 ` Chet Ramey
2023-01-20 13:09 ` Liam Proven
2023-01-20 14:37 ` Harald Arnesen
2023-01-18 16:48 ` segaloco via TUHS
2023-01-19 0:54 ` Adam Thornton
2023-01-19 1:09 ` Larry McVoy
2023-01-20 18:38 ` Theodore Ts'o
2023-01-20 18:57 ` Dan Cross
2023-01-20 19:48 ` John Cowan
2023-01-20 20:04 ` Dan Cross
2023-01-20 19:08 ` Kevin Bowling
2023-01-19 1:17 ` Marc Donner
2023-01-19 1:26 ` Joseph Holsten
2023-01-20 15:53 ` Marc Donner
2023-01-19 14:45 ` Liam Proven
2023-01-19 15:05 ` Dan Cross
2023-01-19 16:59 ` Bakul Shah
2023-01-19 19:33 ` [TUHS] The death of general purpose computers, was - " Will Senn
2023-01-19 20:09 ` [TUHS] " segaloco via TUHS
2023-01-19 20:59 ` Rich Morin
2023-01-19 21:11 ` segaloco via TUHS
2023-01-20 13:30 ` Liam Proven
2023-01-20 15:51 ` segaloco via TUHS
2023-01-20 15:56 ` Rich Morin
2023-01-20 16:24 ` segaloco via TUHS
2023-01-20 18:21 ` G. Branden Robinson
2023-01-20 18:33 ` segaloco via TUHS
2023-01-18 18:58 ` [TUHS] " Steve Nickolas
2023-01-19 8:02 ` arnold
2023-01-19 15:04 ` Larry McVoy
2023-01-19 15:20 ` Warner Losh
2023-01-19 15:23 ` Larry McVoy
2023-01-19 16:40 ` Dan Cross
2023-01-19 16:58 ` Warner Losh
2023-01-19 23:16 ` Theodore Ts'o
2023-01-20 0:37 ` Warner Losh
2023-01-20 1:22 ` Steve Nickolas
2023-01-19 17:02 ` Steve Nickolas
2023-01-19 17:19 ` Adam Thornton
2023-01-19 18:22 ` segaloco via TUHS
2023-01-19 19:07 ` Kevin Bowling
2023-01-19 21:08 ` Joseph Holsten
2023-01-19 20:01 ` [TUHS] The era of general purpose computing (Re: " Bakul Shah
2023-01-19 22:23 ` [TUHS] " Luther Johnson
2023-01-20 1:10 ` John Cowan
2023-01-20 1:15 ` Luther Johnson
2023-01-21 18:12 ` arnold
2023-01-21 18:43 ` Luther Johnson
2023-01-19 22:29 ` Rich Salz
2023-01-19 22:39 ` Luther Johnson
2023-01-19 22:41 ` Luther Johnson
2023-01-19 22:40 ` Jon Steinhart
2023-01-19 23:24 ` segaloco via TUHS
2023-01-19 23:44 ` Rich Salz
2023-01-19 23:51 ` segaloco via TUHS
2023-01-20 0:20 ` [TUHS] owner maintenance (Re: " Charles H Sauer (he/him)
2023-01-20 0:36 ` [TUHS] " Larry McVoy
2023-01-20 0:47 ` [TUHS] " Yeechang Lee
2023-01-20 0:55 ` George Michaelson
2023-01-20 1:05 ` Rich Salz
2023-01-20 1:10 ` George Michaelson
2023-01-20 2:27 ` Dan Cross
2023-01-18 21:20 ` [TUHS] " Theodore Ts'o
2023-01-18 21:27 ` Kevin Bowling
2023-01-19 2:17 ` Jim Carpenter
2023-01-19 21:15 ` Will Senn
2023-01-19 21:34 ` Drew Diver
[not found] <zpdIicuX7AbN-y6hYho0eLOnHgzRs4iHa1UD6bxUyiTZhqZkg3Ha8TKWV ASxWkDZitFw0JIopRVh7BRC2PzLFrF_Gjsb2yCi-uxJ3Yr3AtE=@protonmail.com>
2023-01-18 20:04 ` [TUHS] Re: Maintenance mode on AIX Joseph J. Mankoski ***PSI***
2023-01-19 3:56 ` steve jenkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1315c448-c8e8-1ae5-ef34-0f7ba3fbb8a7@gmail.com \
--to=will.senn@gmail.com \
--cc=clemc@ccc.com \
--cc=segaloco@protonmail.com \
--cc=tuhs@tuhs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).