When looking at entitlements on pycharm CE for macOS, it shows many serious security exceptions. Here are its entitlements:
<dict> <key>com.apple.security.cs.allow-jit</key> <true/> <key>com.apple.security.cs.allow-unsigned-executable-memory</key> <true/> <key>com.apple.security.cs.allow-dyld-environment-variables</key> <true/> <key>com.apple.security.cs.disable-library-validation</key> <true/> <key>com.apple.security.cs.disable-executable-page-protection</key> <true/> </dict>
Why does pycharm uses such lax security? Is it necessary?
I tried to look into pycharm’s source code, and I saw this commit:
Add macOS notarization script
VladRassokhin authored and intellij-monorepo-bot committed on Jun 5, 2019 commit 631c91b
But I couldn’t find a clear reason why pycharm would need these security gaps. Can anyone with knowledge of pycharm’s code can shed light on this?
I want to run an application on macOS, but preventing it from making any type of network access, or any type of internet access.
I have seen the following possibilities:
Use the built-in firewall. Unfortunately, this blocks only inbound connections, not outbound.
I have seen Little Snitch. However, it feels uncomfortable from a security standpoint to install a closed-source software on my system that has so deep an access to everything I do.
Ideally, I would like to do that myself. Is it possible to restrict an app’s access to network ressources on macOS ? Maybe start it in a sandbox mode somehow?
I can see a few options for open source macOS password manager:
Is any of these 3 more secure than the others?
I tried to browse for a while, but I couldn’t find anything meaningful on this subject. Does anyone technically competent have an opinion on this subject?
I’m reading a lot about entropy of macOS…
I know it doesn’t use Yarrow anymore but as per this FIPS 140-02 doc a NIST compliant DRBG.
I read a lot:
https://github.com/briansmith/ring/pull/398 How can I measure (and increase) entropy on Mac OS X? https://stackoverflow.com/questions/5832941/how-good-is-secrandomcopybytes http://serverascode.com/2014/03/04/yarrow.html https://stackoverflow.com/questions/3170500/random-number-generator-dev-random https://stackoverflow.com/questions/42197958/secrandomcopybytes-provider-sha1prng-or-nativeprng-type-in-objc
Even mailed Craig F: https://apple.stackexchange.com/questions/362531/does-macos-still-use-yarrow-as-its-cryptographically-secure-pseudorandom-number
I see that
SecRandomCopyBytes is now effectively using:
I have much old code using
/dev/urandom, on Catalina is it still valid to use `/dev/urandom/ for key material, is it cryptographically secure?
I don’t want to port everything to a macOS specific lib.
libsodium seems to use
/dev/random, so I guess it’s ok?
Mac OS Mojave:
▶ gpg --list-keys Warning: Failed to set locale category LC_NUMERIC to en_GR. Warning: Failed to set locale category LC_TIME to en_GR. Warning: Failed to set locale category LC_COLLATE to en_GR. Warning: Failed to set locale category LC_MONETARY to en_GR. Warning: Failed to set locale category LC_MESSAGES to en_GR. /Users/pkaramol/.gnupg/pubring.kbx ---------------------------------------------- pub rsa2048 2019-07-04 [SC] [expires: 2021-07-03] 1DA2A2434A38D1192A3EA4523FEF5E3944A2F025 uid [ultimate] pkaramol <firstname.lastname@example.org> sub rsa2048 2019-07-04 [E] [expires: 2021-07-03] ~/Desktop ▶ ls ~/.gnupg openpgp-revocs.d private-keys-v1.d pubring.kbx pubring.kbx~ trustdb.gpg
From what I understand, the public key is :
How can I find out what is the corresponding private key?
I need to install macOS on a VM. I don’t want to download a macOS from torrent or hackintosh websites. Is there a way I can verify a macOS image’s signature so I know it came from apple?
I am trying to port scan a .onion website using nmap. I ran the following command:
proxychains4 nmap -Pn -sT -v example.onion
But I got the following error:
[proxychains] config file found: /usr/local/etc/proxychains.conf [proxychains] preloading /usr/local/Cellar/proxychains-ng/4.14/lib/libproxychains4.dylib dyld: could not load inserted library ‘/usr/local/Cellar/proxychains-ng/4.14/lib/libproxychains4.dylib’ because no suitable image found. Did find: /usr/local/Cellar/proxychains-ng/4.14/lib/libproxychains4.dylib: mach-o, but wrong architecture /usr/local/Cellar/proxychains-ng/4.14/lib/libproxychains4.dylib: stat() failed with errno=1
Why is it doing this, and how can I fix it?
luser is a word play ( loser <-> user ) and a command, that can control the clueless users on a system who (mis)use or abuse the *UX system or external devices.
I tried to find it with
whereis but output was a blank newline.
Is there a reason why bash on MacOS doesn’t support luser?
I understand how FIDO works with yubikey: Yubikey device has a symmetric key and it uses appId, nonce and symmetric key to generate key pair for a website. And the device gives back public key and keyHandle (which can used to generate private key) to the RP.
But U2F works on chrome in Mac with Touchbar without yubikey. Does it mean MAC OS implemented U2F protocol? (But U2F doesn’t work on safari!!!)
Who is generating and verifying the keyhandle in case of MAC?
I need to have macos as a guest OS on vmware workstation player and it installed and everything works great except my iphone that the guest cannot recognize it correctly, according to following image the OS has identified it on USB2 but iTunes doesn’t recognize it as iphone device connected!
as a matter of fact there is no issue if i use windows as host instead ubuntu but i prefer ubuntu over windows and looking for a solution.
macos identify the device