Wow, we're all over the place on this thread. I stopped updating my Mac with Mojave. Occasionally, I flirt with more recent incarnations and much like with recent Windows incarnations, I scurry back pretty quickly to the stable and fast. ... and Mojave support 32 bit apps, which is nice. It's fast, responsive, and locked down the way I like it. The mutually exclusive goals represented by security/it lockdown obsession and OS phone homeitis is ridiculous. One hopes that this is not a permanent set of affairs. I would prefer my OS to be under my control and secure my information, for me. Lately, I've been doing work with SculptOS on Genode - a capabilities based OS running on a microkernel (trusted computing base). Sculpts got a ways to go, but I like the way the architects are thinking. Will On 1/18/23 11:08 AM, segaloco via TUHS wrote: > Apple's unreasonable hardening has been the latest deterent to my ever > wanting to use macOS as a personal driver.  I've got a Mac as my daily > driver for work, it can happily stay with work until I can decide how > the filesystem is laid out and what folders I, as the root user, can > and can't interact with from user land. I own my machine, not Apple. > > - Matt G. > ------- Original Message ------- > On Wednesday, January 18th, 2023 at 8:59 AM, Clem Cole > wrote: > >> >> >> On Wed, Jan 18, 2023 at 11:39 AM Larry McVoy wrote: >> >> Someone once told me that if they had physical access to a Unix >> box, they >> would get root. That has been true forever and it's even more >> true today, >> pull the root disk, mount it on Linux, drop your ssh keys in >> there or add >> a no password root or setuid a shell, whatever, if you can put >> your hands >> on it, you can get in. >> >> A reasonable point, but I think it really depends on the UNIX >> implementation I suspect. Current mac OS is pretty well hardened from >> this, with their current enclaves and needing to boot home to Apple >> to get keys if things are not 100% right. Not saying you or I can >> not, but basically means the same cracking tricks you need to use for >> iPhones. It's not as easy as you describe. >> >> The ubiquitous Internet/WiFi changed the rules - as you can start to >> keep some set of keys somewhere else and then encrypt the local >> volumes. In fact, one of the things they do if mac OS boot detects >> that root has been modified (it has a crypto index stored away when >> it was made read-only), the boot rolls back to the last root snapshot >> -- since they are all read-only that works. In fact, it is a PITA to >> update/fix things like traditional scripts (for instance the scripts >> in the /etc/periodic area). Basically, they make it really unnatural >> to change the root files system, make a new snapshot and index (I >> have yet to see it documented although, with much pain, I previously >> created a procedure that is close -- i.e. it once worked on my >> pre-Ventura Mac - but currently -- fails, so I need to some more >> investigation when I can bring this back to the top of the >> importance/curiosity stack (I have a less than satisfying end around >> for now so I'm ignoring doing it properly). >> >> Clem >> ᐧ >