The Unix Heritage Society mailing list
 help / color / mirror / Atom feed
From: "Joseph J. Mankoski ***PSI***" <>
Cc: segaloco <>,
Subject: [TUHS] Re: Maintenance mode on AIX
Date: Wed, 18 Jan 2023 12:04:19 -0800	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <zpdIicuX7AbN-y6hYho0eLOnHgzRs4iHa1UD6bxUyiTZhqZkg3Ha8TKWV>

Hello --

        Regarding "appliance-ization" (locking down / dumbing down) of commercially-available computer systems, and returning to the history of Unix (in the context of our current era), I am reminded of Ken Thompson's (excellent and humorous) panel presentation at the ACM Turing 100 conference I attended in 2012, imagining Alan Turing being brought to our time and given a current-generation computer system, etc.

        The webcast links for the "Systems Architecture" session, etc., on the main conference site,, seem to be broken, however the video at this link works for me:

        (Ken's part starts at ~0:09:28.)

                                <<<>>> writes:
>  ----------------------------------------------------------------------
>  Message: 1
>  Date: Wed, 18 Jan 2023 17:08:00 +0000
>  From: segaloco <>
>  Subject: [TUHS] Re: Maintenance mode on AIX
>  To: Clem Cole <>
>  Cc:
>  Message-ID: <zpdIicuX7AbN-y6hYho0eLOnHgzRs4iHa1UD6bxUyiTZhqZkg3Ha8TKWV
>  Content-Type: multipart/alternative;
>  	boundary="b1_7WKJsCnT0P2jggZLBLwbL2iRavDFXPykjXdIMPRs"
>  Apple's unreasonable hardening has been the latest deterent to my ever wanting to use macOS as a personal driver. I've got a Mac as my daily driver for work, it can happily stay with work until I can decide how the filesystem is laid out and what folders I, as the root user, can and can't interact with from user land. I own my machine, not Apple.
>  - Matt G.
>  ------- Original Message -------
>  On Wednesday, January 18th, 2023 at 8:59 AM, Clem Cole <> wrote:
>> On Wed, Jan 18, 2023 at 11:39 AM Larry McVoy <> wrote:
>>> Someone once told me that if they had physical access to a Unix box, they
>>> would get root. That has been true forever and it's even more true today,
>>> pull the root disk, mount it on Linux, drop your ssh keys in there or add
>>> a no password root or setuid a shell, whatever, if you can put your hands
>>> on it, you can get in.
>> A reasonable point, but I think it really depends on the UNIX implementation I suspect. Current mac OS is pretty well hardened from this, with their current enclaves and needing to boot home to Apple to get keys if things are not 100% right. Not saying you or I can not, but basically means the same cracking tricks you need to use for iPhones. It's not as easy as you describe.
>> The ubiquitous Internet/WiFi changed the rules - as you can start to keep some set of keys somewhere else and then encrypt the local volumes. In fact, one of the things they do if mac OS boot detects that root has been modified (it has a crypto index stored away when it was made read-only), the boot rolls back to the last root snapshot -- since they are all read-only that works. In fact, it is a PITA to update/fix things like traditional scripts (for instance the scripts in the /etc/periodic area). Basically, they make it really unnatural to change the root files system, make a new snapshot and index (I have yet to see it documented although, with much pain, I previously created a procedure that is close -- i.e. it once worked on my pre-Ventura Mac - but currently -- fails, so I need to some more investigation when I can bring this back to the top of the importance/curiosity stack (I have a less than satisfying end around for now so I'm ignoring doing it properly).
>> Clem
>> ᐧ-------------- next part --------------
>  ------------------------------

       reply	other threads:[~2023-01-18 20:05 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <zpdIicuX7AbN-y6hYho0eLOnHgzRs4iHa1UD6bxUyiTZhqZkg3Ha8TKWV>
2023-01-18 20:04 ` Joseph J. Mankoski ***PSI*** [this message]
2023-01-19  3:56   ` steve jenkin
2023-01-18  9:43 [TUHS] AIX moved into maintainance mode arnold
2023-01-18 15:13 ` [TUHS] " arnold
2023-01-18 15:14   ` Larry McVoy
2023-01-18 16:10     ` segaloco via TUHS
2023-01-18 16:19       ` Larry McVoy
2023-01-18 16:27         ` [TUHS] Maintenance mode on AIX Ron Natalie
2023-01-18 16:38           ` [TUHS] " Larry McVoy
2023-01-18 16:59             ` Clem Cole
2023-01-18 17:08               ` segaloco via TUHS
2023-01-18 17:21                 ` Will Senn
2023-01-18 19:50                   ` David Barto
2023-01-19 14:25                   ` Liam Proven
2023-01-18 20:34             ` Arno Griffioen via TUHS
2023-01-18 20:50               ` Brad Spencer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).