undefined | Better HN

0 pointseinr1mo ago0 comments

It’s not the tooling for me, macOS is just bad as a server OS for many reasons. Weird collisions with desktop security features, aggressive power saving that you have to fight against, root not being allowed to do root stuff, no sane package management, no OOB management, ultra slow OS updates, and generally but most importantly: the UNIX underbelly of macOS has clearly not been a priority for a long time and is rotting with weird inconsistent and undocumented behaviour all over the place.

0 comments

wolfhumble1mo ago

> Weird collisions with desktop security features

Linux is not immune to BIOS/UEFI firmware attacks either. Secure Boot, TPM, and LUKS can work well together, but you still depend on proprietary firmware that you do not fully control. LogoFAIL is a good example of that risk, especially in an evil maid scenario involving temporary physical access. I think Apple has tighter control over this layer.

MrDrMcCoy1mo ago

You completely misunderstood the quoted remark you responded to. The desktop security features in MacOS that interfere with unblessed binaries and libraries loading is a huge pain in the ass, especially for headless server use.

functional_dev1mo ago

Yeah... attacks like LogoFAIL hit during the DXE and BDS phases when the firmware is acting as its own 'mini OS' before the handoff

Easier to comprehend here - https://vectree.io/c/uefi-firmware-architecture-principles

j / k navigate · click thread line to collapse