I will never use Homebrew again because I'm still sore that they dropped support for a Mac OS version that I was still using and couldn't upgrade because Apple didn't support my hardware anymore.
Any decent project should have a way to install without Homebrew. It's really not necessary.
I wish mac users would stop using homebrew and use a real package manager with actual dependency management.
At the very least, replace homebrew with something like devbox which has `devbox global` for globally managing packages, it uses nix under the hood, and it's probably the simplest most direct replacement for homebrew.
I use MacPorts because of older versions of Homebrew having a weird and insecure design. [1] I think some of those design issues may have been fixed, but I’m wary of Homebrew.
It's not really any different than downloading a binary from a website, which we've been doing for 30 years. Ultimately, it all comes down to trusting the source.
>> Attacks like this are not helped by the increasingly-common "curl | bash" installation instructions ...
> It's not really any different than downloading a binary from a website, which we've been doing for 30 years.
The two are very different, even though some ecosystems (such as PHP) have used the "curl | bash" idiom for about the same amount of time. Specifically, binary downloads from reputable sites have separately published hashes (MD5, SHA, etc.) to confirm what is being retrieved along with other mechanisms to certify the source of the binaries.
Which is why package managers with well-maintained repositories are the civilized solution to software disruption. Unfortunately the Linux world has been dedicating a lot of energy to making Windows-style "download and run the exe" possible on Linux.
>Which is why package managers with well-maintained repositories are the civilized solution to software disruption.
How does that model work with distros like debian, where they freeze package versions and you might not get claude code until 2027 (or whenever the next release is)?
I've heard this time and time again from new Linux users: "I don't want to learn the command line, I just want to be able to install and run whatever I want"
That wouldn't really help, it could be more naughty and use pastejacking so you don't even realize what's happening. That might end up catching a lot of people because as far as i know by default bash doesn't use bracketed paste, so you think you're copying a real command and it ends up sending your secrets before you know what happened.
Disabling JS + bracketed paste seems to be the only good solution.
Btw OP article uses a weird setup, why would they use `bash -c "$(curl $(echo qux | base64))"` instead of just "curl | bash"
Maybe tools like https://github.com/vet-run/vet could help with these projects that would rather you use their custom install script instead of complying to distro-specific supply chains.
> Never follow a shortened link without expanding it using a utility like Link Unshortener from the App Store,
I am unfamiliar with the Apple ecosystem, but is there anything special about this specific app that makes it trustworthy (e.g: reputable dev, made by Apple, etc.)? Looking it up, it seems like an $8 app for a link unshortener app.
In any case, there have been malicious sites that return different results based on the headers (e.g: user agent. If it is downloaded via a user-agent of a web browser, return a benign script, if it is curl, return the malicious script). But I suppose this wouldn't be a problem if you directly inspect and use the unshortened link.
> Terminal isn’t intended to be a place for the innocent to paste obfuscated commands
Tale as old as time. Isn't there an attack that was starting to get popular last year on Windows of a "captcha" asking you to hit Super + R, and pasting a command to "verify" your captcha? But I suppose this type of attack has been going on for a long, long, time. I remember Facebook and some other websites used to have a big warning in the developer console, asking not to paste scripts users found online there, as they are likely scams and will not do what they claim the script would do.
---
Side-Note: Is the layout of the website confusing for anyone else? Without borders on the image, (and the image being the same width of the paragraph text) it seemed like part of the page, and I found myself trying to select text on the image, and briefly wondering why I could not do so. Turning on my Dark Reader extension helped a little bit, since the screenshots were on a white background, but it still felt a bit jarring.
You're referring to [Sandboxing] Mandatory Access Controls [0]. Windows doesn't implement MAC in the same way, instead using Mandatory Integrity Controls [1].
Could the dataset of the LLMs that made these recommendations have been poisoned by, let's say, a Honeypot website specifically designed to cause any LLM that trains on it to recommend malware?
lol, is this serious? The final straw with Mac for me was when I accidentally hit “No” when asked if I wanted to give my terminal access to the file system. All of a sudden I was starting my work day without a working terminal. Obviously there was a solution, probably an easy one, but I didn’t even look for it.
> Obviously there was a solution, probably an easy one, but I didn’t even look for it
It's hard to take this seriously. It's the most obvious setting possible. Settings > Privacy & Security > Full Disk Access > tick the apps you want to have it.
What's even the complaint here? That Mac has solid app permissions, but you can't be bothered to open the settings?
I said it was likely an easy solution. Glad to see my intuition was correct!
I also said it was the “final straw”. No worries at all if you’re not familiar with that expression. It means that there were lots of similar slights previously, and that the event I mentioned, while minor, was the one that finally pushed me to make the decision I made.
This sucks because the web should be the perfect, safe platform for this kind of application, but it isn't. Technically all the features exist in the browser such that you could write a homedir cleaner, space analyzer, etc purely in a browser tab, but because of the misguided (in my opinion) way that browsers refuse to do open a homedir, it's impossible.
I'm not sure letting a webapp access your home is a good idea. You're basically YOLOing random remote code to run on your machine. Maybe we can have it access some specific folder for its own data.
And then there's also Apple which won't allow functional web apps, lest it affects their app store 30% cut.
The web already has these APIs, it can be granted read-only permissions to designated directories. But the browsers will refuse to allow you to delegate even read-only access to, for example, the macos ~/Applications folder, on the pretty shaky basis of it being "system files". Because of that policy the API is not useful for the application of a space analyzer.
> browsers will refuse to allow you to delegate even read-only access to, for example, the macos ~/Applications folder, on the pretty shaky basis of it being "system files"
If you want to trash your system I believe nothing prevents you from giving Firefox full-disk access.
Actually… I think this be solved by AI answers. I don’t look up commands on random websites, instead I ask an LLM for that kind of stuff. At the very least, check your commands with an LLMs.
What we used to have, 15 years ago, was a really well functioning google. You could be lazy with your queries and still find what you wanted in the first two or three hits. Sometimes it was eerily accurate and figuring out what you were actually searching for. Modern google is just not there even with AI answers which is supposed to be infinitely better at natural language processing.
I think that played a somewhat smaller role than Google seemingly gradually starting to take its position for granted and so everything became more focused on revenue generation and less focused on providing the highest quality experiences or results.
Beyond result quality it's absurd that it took LLMs to get meaningful natural language search. Google could have been working on that for many years, even if in a comparably simple manner, but seemingly never even bothered to try, even though that was always obviously going to be the next big step in search.
We used to have an endless supply of new search engines, so "SEO" was not viable. Then Google got a monopoly on search, DoubleClick reverse-acquired Google, and here we are.
Yesterday I was debugging why on Windows, my Wifi would randomly disconnect every couple hours (whereas it worked on Linux). Claude decided it was a driver issue, and proceeded to download a driver update off a completely random website and told me to execute it.
Don’t the LLMs get their information from these random websites? They don’t know what is good and what is malware. Most of the time when I get an AI answer with a command in it, there is a reference to a random reddit post, or something similar.
LLMs will allow Mal to sneak in backdoors in the dataset. Most of the popular LLMs use some kind of blacklisting instead of a smaller specific/specialised dataset. The latter seems more akin to whitelisting.
that sounds an awful lot like "I've been this club many times and I was never raped" or "I've walked down that alley many times and I've never been mugged" or "I speed all the time and I've never been in a car accident"
> sounds an awful lot like "I've been this club many times and I was never raped" or "I've walked down that alley many times and I've never been mugged"
I have been to many clubs many times and never suffered violence. I’ve also walked down alleys without concern. I did them in safe places where that wasn’t a material concern.
Windows is Detroit. MacOS is Palo Alto. What’s good practice in one is wasteful or dangerous for the other.
Endpoint security software on the Mac, if it's worth the hit to system resources that is, inspect every call to exec and fork that occur in the kernel and also inspect those for known attack vectors, malicious scripts, etc. The one I have installed on my work Mac will kill reverse shell attempts before they are run. Will stop keychain attacks. Infostealing (as they can also get every file system op as they are happening in the kernel).
Gatekeeper and Xprotect are good, but there's only so much they can do.
No, that narrative died around 2010. The existence of malware targeting Macs has driven many macOS security improvements since, many of which are taken personally by HN readers.
XProtect (Apple's built-in antimalware) is usually all you need, as long as you're at least somewhat savvy (and sometimes even if you aren't). I believe installing any additional antimalware on a Mac is a waste of resources.
A solution would be to stop shipping macs with the terminal app\s. Computers are now used by a wide variety of people, some without technical knowledge, maybe a default switch on macOS that displays warnings on rather trivial attacks would help.
Attacks like this are not helped by the increasingly-common "curl | bash" installation instructions (e.g. the new "native" Claude Code install)...
Publish through homebrew like a civilized person, please!
I will never use Homebrew again because I'm still sore that they dropped support for a Mac OS version that I was still using and couldn't upgrade because Apple didn't support my hardware anymore.
Any decent project should have a way to install without Homebrew. It's really not necessary.
I guess I ran into the same thing. I try to install anything with Homebrew and it takes forever then breaks.
Seems reasonable to not support an OS apple doesn’t support anymore
Apple only supports for 3 years
I wish mac users would stop using homebrew and use a real package manager with actual dependency management.
At the very least, replace homebrew with something like devbox which has `devbox global` for globally managing packages, it uses nix under the hood, and it's probably the simplest most direct replacement for homebrew.
I use MacPorts because of older versions of Homebrew having a weird and insecure design. [1] I think some of those design issues may have been fixed, but I’m wary of Homebrew.
[1]: https://saagarjha.com/blog/2019/04/26/thoughts-on-macos-pack...
It's not really any different than downloading a binary from a website, which we've been doing for 30 years. Ultimately, it all comes down to trusting the source.
>> Attacks like this are not helped by the increasingly-common "curl | bash" installation instructions ...
> It's not really any different than downloading a binary from a website, which we've been doing for 30 years.
The two are very different, even though some ecosystems (such as PHP) have used the "curl | bash" idiom for about the same amount of time. Specifically, binary downloads from reputable sites have separately published hashes (MD5, SHA, etc.) to confirm what is being retrieved along with other mechanisms to certify the source of the binaries.
Which is why package managers with well-maintained repositories are the civilized solution to software disruption. Unfortunately the Linux world has been dedicating a lot of energy to making Windows-style "download and run the exe" possible on Linux.
>Which is why package managers with well-maintained repositories are the civilized solution to software disruption.
How does that model work with distros like debian, where they freeze package versions and you might not get claude code until 2027 (or whenever the next release is)?
I've heard this time and time again from new Linux users: "I don't want to learn the command line, I just want to be able to install and run whatever I want"
That wouldn't really help, it could be more naughty and use pastejacking so you don't even realize what's happening. That might end up catching a lot of people because as far as i know by default bash doesn't use bracketed paste, so you think you're copying a real command and it ends up sending your secrets before you know what happened.
Disabling JS + bracketed paste seems to be the only good solution.
Btw OP article uses a weird setup, why would they use `bash -c "$(curl $(echo qux | base64))"` instead of just "curl | bash"
Maybe tools like https://github.com/vet-run/vet could help with these projects that would rather you use their custom install script instead of complying to distro-specific supply chains.
A homebrew tap is really a lateral move from a safety perspective and still usually invoked by pasting into the command line.
What's the security benefits of using homebrew? Isn't it just another layer of redirection before downloading the software?
Homebrew also installs through curl | bash but since recent they also offer a .pkg installer.
And donate to Homebrew, like a civilised person
As if homebrew is any more secure. The only reason to use homebrew is convenience.
Meanwhile, homebrew install instructions:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/inst...)"
Then it prompts user for admin previledges. Also, it does not support installing as a local non-admin user.
I would agree if it was the only way to install Homebrew, but it is not.
You can install it via a .pkg here: [0]
[0] https://github.com/Homebrew/brew/releases/tag/5.0.13
> Never follow a shortened link without expanding it using a utility like Link Unshortener from the App Store,
I am unfamiliar with the Apple ecosystem, but is there anything special about this specific app that makes it trustworthy (e.g: reputable dev, made by Apple, etc.)? Looking it up, it seems like an $8 app for a link unshortener app.
In any case, there have been malicious sites that return different results based on the headers (e.g: user agent. If it is downloaded via a user-agent of a web browser, return a benign script, if it is curl, return the malicious script). But I suppose this wouldn't be a problem if you directly inspect and use the unshortened link.
> Terminal isn’t intended to be a place for the innocent to paste obfuscated commands
Tale as old as time. Isn't there an attack that was starting to get popular last year on Windows of a "captcha" asking you to hit Super + R, and pasting a command to "verify" your captcha? But I suppose this type of attack has been going on for a long, long, time. I remember Facebook and some other websites used to have a big warning in the developer console, asking not to paste scripts users found online there, as they are likely scams and will not do what they claim the script would do.
---
Side-Note: Is the layout of the website confusing for anyone else? Without borders on the image, (and the image being the same width of the paragraph text) it seemed like part of the page, and I found myself trying to select text on the image, and briefly wondering why I could not do so. Turning on my Dark Reader extension helped a little bit, since the screenshots were on a white background, but it still felt a bit jarring.
GitHub too https://iboostup.com/blog/ai-fake-repositories-github
At least macos has file access permissions.
You're referring to [Sandboxing] Mandatory Access Controls [0]. Windows doesn't implement MAC in the same way, instead using Mandatory Integrity Controls [1].
[0] https://developer.apple.com/library/archive/documentation/Se...
[1] https://learn.microsoft.com/en-us/windows/win32/secauthz/man...
Windows implements ACLs in a far more granular way than macOS and most other Unicies, however (with the exception of Slowaris).
Comparing to DOS or what? No one runs Win10/11 on FAT now, while NTFS has access permissions and ACLs.
I remember that Win32 apps on Windows 10 and 11 can do whatever they want with the users personal files. Has that changed?
What does that even mean? NTFS file access permissions (35 years old at this point) are far more powerful than 1970s-era Unix permissions model.
It's referring to the fact that Terminal doesn't have free access to all your files and folders, despite what the traditional file access perms say.
Windows has this too, but it's off by default. I forgot what it's called, that's how often it gets used.
He’s talking about sandboxing and permissions prompts
Could the dataset of the LLMs that made these recommendations have been poisoned by, let's say, a Honeypot website specifically designed to cause any LLM that trains on it to recommend malware?
Careful out there.
Thanks for reminding me to turn off Full Disk Access for Terminal. I'm not sure why I had that one turned on.
Probably because you can’t even properly `ls` system directories without it.
depends which directories…
What would you do in the terminal without it?
Because it is useless without?
lol, is this serious? The final straw with Mac for me was when I accidentally hit “No” when asked if I wanted to give my terminal access to the file system. All of a sudden I was starting my work day without a working terminal. Obviously there was a solution, probably an easy one, but I didn’t even look for it.
> The final straw with Mac
> Obviously there was a solution, probably an easy one, but I didn’t even look for it
It's hard to take this seriously. It's the most obvious setting possible. Settings > Privacy & Security > Full Disk Access > tick the apps you want to have it.
What's even the complaint here? That Mac has solid app permissions, but you can't be bothered to open the settings?
I said it was likely an easy solution. Glad to see my intuition was correct!
I also said it was the “final straw”. No worries at all if you’re not familiar with that expression. It means that there were lots of similar slights previously, and that the event I mentioned, while minor, was the one that finally pushed me to make the decision I made.
The solution is to enable Full Disk Access in settings.
Are you sure? This felt like it was specific to iTerm. Like I’d have to scroll a list of apps, find it, and modify what it’s allowed to access.
Another reason to avoid Medium like cold grits.
This sucks because the web should be the perfect, safe platform for this kind of application, but it isn't. Technically all the features exist in the browser such that you could write a homedir cleaner, space analyzer, etc purely in a browser tab, but because of the misguided (in my opinion) way that browsers refuse to do open a homedir, it's impossible.
I'm not sure letting a webapp access your home is a good idea. You're basically YOLOing random remote code to run on your machine. Maybe we can have it access some specific folder for its own data.
And then there's also Apple which won't allow functional web apps, lest it affects their app store 30% cut.
Seems like a great idea for something to just run inside a chroot jail (or the modern equivalent, a container).
The web already has these APIs, it can be granted read-only permissions to designated directories. But the browsers will refuse to allow you to delegate even read-only access to, for example, the macos ~/Applications folder, on the pretty shaky basis of it being "system files". Because of that policy the API is not useful for the application of a space analyzer.
> browsers will refuse to allow you to delegate even read-only access to, for example, the macos ~/Applications folder, on the pretty shaky basis of it being "system files"
If you want to trash your system I believe nothing prevents you from giving Firefox full-disk access.
Actually… I think this be solved by AI answers. I don’t look up commands on random websites, instead I ask an LLM for that kind of stuff. At the very least, check your commands with an LLMs.
What we used to have, 15 years ago, was a really well functioning google. You could be lazy with your queries and still find what you wanted in the first two or three hits. Sometimes it was eerily accurate and figuring out what you were actually searching for. Modern google is just not there even with AI answers which is supposed to be infinitely better at natural language processing.
15 years ago there were fewer content farms trying to get your clicks.
I think that played a somewhat smaller role than Google seemingly gradually starting to take its position for granted and so everything became more focused on revenue generation and less focused on providing the highest quality experiences or results.
Beyond result quality it's absurd that it took LLMs to get meaningful natural language search. Google could have been working on that for many years, even if in a comparably simple manner, but seemingly never even bothered to try, even though that was always obviously going to be the next big step in search.
We used to have an endless supply of new search engines, so "SEO" was not viable. Then Google got a monopoly on search, DoubleClick reverse-acquired Google, and here we are.
Google was such a revelation after the misery of Alta Vista and kin. I miss the days when I liked them.
Yesterday I was debugging why on Windows, my Wifi would randomly disconnect every couple hours (whereas it worked on Linux). Claude decided it was a driver issue, and proceeded to download a driver update off a completely random website and told me to execute it.
My point is, this is not solved by AI answers.
Claude didn’t simply “proceed to download a driver update off a completely random website and told me to execute it”
You had to disable permissions or approve some of that.
Don’t the LLMs get their information from these random websites? They don’t know what is good and what is malware. Most of the time when I get an AI answer with a command in it, there is a reference to a random reddit post, or something similar.
LLMs will allow Mal to sneak in backdoors in the dataset. Most of the popular LLMs use some kind of blacklisting instead of a smaller specific/specialised dataset. The latter seems more akin to whitelisting.
FTFA: “This is almost identical to the previous attack via ChatGPT.”
Are we still pushing the myth that anti-malware on Mac isn't necessary?
What anti-malware would have stopped this, exactly?
I support quite a few Mac users and never recommend it myself. Also own a couple Mac’s and don’t use it.
I do occasionally use an app to clean somebody’s Mac of an irritating browser search hijack. I’ve never seen anything else.
Why should I change my mind?
that sounds an awful lot like "I've been this club many times and I was never raped" or "I've walked down that alley many times and I've never been mugged" or "I speed all the time and I've never been in a car accident"
> sounds an awful lot like "I've been this club many times and I was never raped" or "I've walked down that alley many times and I've never been mugged"
I have been to many clubs many times and never suffered violence. I’ve also walked down alleys without concern. I did them in safe places where that wasn’t a material concern.
Windows is Detroit. MacOS is Palo Alto. What’s good practice in one is wasteful or dangerous for the other.
How does antivirus software protect users who paste malicious commands they find online into the terminal?
By scanning downloaded binaries for known viruses?
A text command pasted into the terminal isn't a binary.
Convincing a Linux user to paste rm -rf / into the terminal is not malware. It's social engineering.
Scanning binaries for known malware is already built into the OS.
Endpoint security software on the Mac, if it's worth the hit to system resources that is, inspect every call to exec and fork that occur in the kernel and also inspect those for known attack vectors, malicious scripts, etc. The one I have installed on my work Mac will kill reverse shell attempts before they are run. Will stop keychain attacks. Infostealing (as they can also get every file system op as they are happening in the kernel).
Gatekeeper and Xprotect are good, but there's only so much they can do.
> Scanning binaries for known malware is already built into the OS.
Clearly it isn't. XProtect is a joke. It's 2004-era ClamAV level of protection.
The article specifically mentions that the methodology here is to trick users into running an obfuscated CLI command…that downloads and runs a binary
Terminal commands have the ability to do dangerous things, like deleting all the user's files.
In this case, the user is warned that the command wants to do something dangerous and must manually allow or deny the action.
No, that narrative died around 2010. The existence of malware targeting Macs has driven many macOS security improvements since, many of which are taken personally by HN readers.
XProtect (Apple's built-in antimalware) is usually all you need, as long as you're at least somewhat savvy (and sometimes even if you aren't). I believe installing any additional antimalware on a Mac is a waste of resources.
It is necessary. That’s why Apple ships a free invisible one bundled into the OS that you never have to think about, see, or update.
a docs entry point - https://support.apple.com/en-mide/guide/security/sec469d47bd...
A solution would be to stop shipping macs with the terminal app\s. Computers are now used by a wide variety of people, some without technical knowledge, maybe a default switch on macOS that displays warnings on rather trivial attacks would help.
How is that a solution? These attacks would just tell you to install terminal if you don't already have it.