Is this the post you are referring to? https://lists.macports.org/pipermail/macports-users/2020-April/048223.html
When I tried Ubuntu on Mac Pro, I couldn't get any sound and trying to look for help online it felt like another rabbit hole to jump in :( Old problems solved, new ones created :( I was reading this and thought it referred to using no-mac-era-software from within macOS: >> > I don’t use any MacOS-era software to access anything outside the network. I'd be interested in any experience running Linux software directly on macOS, without installing Linux. On Sun, May 10, 2020 at 12:54 PM Ken Cunningham <[email protected]> wrote: > > If you look back a few days earlier in this list, you'll see my experiences > in installing Ubuntu on older MacOS hardware -- I just went through the > process and documented it there -- and there are various resources on the web > that weren't too hard to find. I'm typing this on Ubuntu running on a MacBook > 2,1 now. > > > It has some nice features. But there are warts. > > > Ken > > > > > On 2020-05-09 10:05 p.m., Dmitri Zaitsev wrote: > > I would be very interested to learn how to avoid the insecure MacOS software > replacing it with that from Linux land. Any good source to read about it? > > On Sun, May 10, 2020, 07:47 Daniel J. Luke <[email protected]> wrote: >> >> On May 7, 2020, at 3:34 PM, Ken Cunningham <[email protected]> >> wrote: >> >> there are large closed-source surface areas that you aren't going to be >> >> able to keep updated. >> > >> > You have said that before, and I listened, but: >> > >> > all my systems live behind a firewall, and none are exposed to the open >> > web. >> > I don’t use any MacOS-era software to access anything outside the network. >> > Only, really, MacPorts stuff (all with up-to-date security) and TenFourFox >> > (also built with MacPorts stuff, also with all up to date security). >> >> ... and they're probably all linked with versions of Libsystem that don't >> have the most recent patches from Apple (you could probably be backporting >> them, but I doubt you're doing that :) ). >> >> > I just don’t see the vulnerability, TBH. >> > >> > If you know of any, please give me an example. I don’t want to be stupid >> > about things. >> >> It's risky - the majority of bugs that Apple releases security patches for >> are in components that exist in previous Mac OS versions. Maybe those >> versions don't have those problems (but they probably do). Maybe no one is >> exploiting them. >> >> If you are firewalling and monitoring both inbound and outbound traffic, >> maybe you've set things up so that you can run a vulnerable system safely. >> Most people aren't capable of doing that. These kinds of things are hard to >> do well - if you've got a strong perimeter, but vulnerable systems inside - >> it just takes one problem with your perimeter security and an attacker has >> access to everything you thought was secured by your perimeter security. >> >> > The time daemon, maybe? I heard there was something about that daemon, >> >> yeah, it's had a bunch of problems. >> >> > but it just checks Apple’s time server. >> >> how do you know? (hint: ntp uses udp and also bgp-interdomain routing is >> still largely insecure). >> >> > I could replace that too, I guess... >> >> At that point, if you're not using any MacOS software - why are you running >> Mac OS at all? That hardware can run an OS that's still getting security >> patches and run all of the unix-y software that's in Macports without the >> risk. >> >> (Of course, Mac OS UI and hardware drivers are generally better, so I >> understand there may be reasons why people might want to do this - but I >> think it's too easy to overlook the potential downside). >> >> [This is probably off-topic for macports, so I'll refrain from typing more] >> -- >> Daniel J. Luke >> -- Dmitri Zaitsev School of Mathematics Trinity College Dublin WWW: http://www.maths.tcd.ie/~zaitsev/
