Electrical-Forenics Home ray@RayFranco.com                       601.529.7473
   © Dr. Ray Franco, PhD, PE  -  208 Fairways Dr., Vicksburg, MS 39183

MacOS

Apple Services

Add link for Apple Services for the Enterprise

vim - Visual Improved editor

You must belong to the sudo group in order to edit a .vimrc (vim runtime configuration) file.

My .vimrc file for the Mac and Raspberry Pi:

.vimrc

Accessing Network Attached Storage (NAS) Drives

NAS drives can be accessed via:

Finder/Go/Connect to Server

Enter the server name and password:

smb://192.168.0.x/Shared_Folder_Name and password

Check the box and the MacOS will remember the password in its key-chain. You do not need an iCloud account for this. You can also save the server name as a Favorite Server in the Connect_to_Server dialog box.

Folders and files can be copied, moved, deleted, etc. via the Finder Windows.

To access the shared NAS folder from the terminal:

cd /Volumes/Shared_Folder_Name

Work Flow

For editing html files, I use vim, and to manipulate the files, I use the Finder Windows.

Security

To keep documents, applications and servers from displaying recent items go to: System Preferences/General/Recent Items.

MacOS's default shell is Zsh instead of Bash

The reason that MacOS uses Zsh as its default shell, is that Bash is licensed as open source software and MacOS is not open source software. Zsh is close to Bash. The version of Bash that is on the MacOS is old (10 or more years).

Apple Services - Open TCP and UDP Ports

The number of ports that Apple wants you to keep open to use Apple services is unbelievable. As will be shown in the next section, one of the Apple services wants to connect to Apple (phone home) every time you open any application! It does its best to bypassed firewalls. This is the primary reason that I want to run Linux on my Apple Mac's.

Apple Tracks Every MacOS Application You run

Online Certificate Status Protocol (OCSP)

Every time an application (program) is opened, MacOS calls home to verify the checksum and certificate of the authority. It does this via the Online Certificate Status Protocol (OCSP). This was discovered on November 12 2020, due to problems one of Apple's OSCP servers. At the time it was discovered, the protocol was unencrypted, and apple logged the time and the user's IP address. Because of pressure from Privacy advocates Apple made three promises: 1) to use an encrypted protocol, 2) strong protection against OCSP server failures and 3) to allow users a way to opt out. Apple claimed that the OCSP never record the user's Apple ID or the identity of the their device. Furthermore, Apple said that it will no longer collect IP addresses, and the IP addresses will be removed from the logs. As of June 23, 2022, Apple still has not provided a way for users to opt out.

TSS Protocol

The Tatsu Signing Server (TSS) is a collection of services provided by Apple.

Apple collects your ARM's Exclusive Chip ID (ECID) on every single OS update.