Subject: [OT] OS X Shell, was Re: webmin
From: Michael A. Peters (Moonglue@141.com )
Date: Fri Aug 11 2000 - 15:43:55 MDT
>You are talking like this version of UNIX is new, and Apple (including Next)
>knows nothing about making a secure OS. This OS has been around longer than
>Linux, and I've never heard of any security issues with Openstep beyond what
>would be issues for any other UNIX platform.
Perhaps, but its not Openstep- they've done quite a bit to it
(including hfs+ compatability yada)
Maybe that's not the issue, I said (and emphasized) that it was
speculation- but its the kind of thing that wouldn't surprise me.
You have too much faith in Apple (my perception). They have done bad
things before. Really bad things- I could name some if you like.
>
>If Apple does this, it would be to keep users from tampering with areas they
>don't understand. Mac users are not very savvy, so giving them access to the
>guts would be dangerous. Sometimes just letting them touch the system is
>dangerous.
I hear that sort of thing from the NT people at work all the time.
That's Microsoft talk. Yes, it makes it harder for a user to bugger
their system, but it also makes it harder- MUCH harder- for a good
sys admin to put a wrapper on a bug or exploit until the vendor gets
their act together and provides a patch.
Maybe as a desktop OS that's not as much of an issue, but its still an issue.
>
>Apple already does that with OS 9. There are extra installs for
>administrator tools on the CD.
>
>Even if you are right, the best security measure for keeping unwanted users
>out, would be to not give them a doorway to get in.
True- which is why I like suns idea- where they have a rootless
operating system. You can't compromise root 'cause there IS NO root.
But there is still a shell, and there is need for one. I think its
called trusted solaris.
I like having a shell, its very useful for piping and what not, which
you could do with compiled code- but again, as soon as you compile
something you increase maintenance of the code.
Indeed- the tcl extension "expect" was written to deal with that very
problem! Take away a shell, and you can't use expect- not in its
fullest capacity anyway (yes, I know there already is both tcl and
expect for Mac OS, but its severely limited)
The shell solves a LOT of problems and I think most users are gonna
end up installing it anyway- cause those of us that are "lazy" will
simply make it a requirement of anything we do that we'd rather do
with a shell. Especially if the shell is the right way to do it.
UNIX administrators frequently have a big collection of shell
scripts, some they wrote- some that others wrote- that they keep and
use from unix flavor to flavor to flavor to flavor with very minimal
changes ever needed. Makes the job easier. Makes us look "lazy" too,
I suppose, but hey- that's why we get paid more than the less lazy NT
admins... right?
Apple would be wise to keep the shell. It's a great way to glue
applications together into a truly fluid environment. C code can do
the same, but as stated before- it becomes instantly less portable
and higher maintenance. The user need not see the shell (unless they
want to) but it should be there.
In case you haven't noticed- I *really* like the shell... and I grew
up with Mac OS! (first mac was a 512k "fat mac" which replaced our
TRaSh 80 coco 2)
-=-=-=-=-=-=-
But- this is a YDL list, and afaik YDL intends on keeping the shell-
so I'm happy. I have choice, if Mac OS X isn't my cup of tea (and it
sounds like its not) I'll just stick to what I like, including
development. Problem solved. Call me lazy.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Michael A. Peters-- http://24.5.29.77/Linux_Pages/
http://www.omnilinux.com/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This archive was generated by hypermail 2a24 : Sat Aug 12 2000 - 01:20:48 MDT