I think I may have to end my years long love affair with Apple and their products. As someone who purchased 100 Apple shares at $12 each when Steve Jobs returned, I can tell you I have profited from them. But that might be over with the release of High Sierra.
Apple in all their “infinite” wisdom has decided to remove Telnet and FTP from their command line tools. Now this is so brain dead, I can’t believe it! I read a few forums where people were like, “Well use SSH and SFTP instead. Telnet is not secure.” Who the F**K are you to tell me what tool to use? I work with devices every day that have nothing but telnet and don’t have SSH on them! Apple has basically decided to screw developers and cripple their Unix.
I seriously cannot believe the nanny-like attitude of Apple and some posts I read, “Oh Telnet is not secure. You shouldn’t use it. Use SSH” Then what the F#$(* pray tell do I use to connect to my LAN devices that only use Telnet you security goodie-two-shoes? Not every bit of network traffic HAS to be secure. Not EVERY bit of network traffic traverses the public internet!
Give me a break and quit trying to protect me from myself!
The majority of the users wouldn’t care, and others (like you and me) would know (or find out) how to install it ourselves, so yes it’s inconvenient, but I don’t see that it’s that big a deal. If they prevented it from working under any circumstances, that would be problem, but it sounds like that’s not the case.
There are plenty of examples of Apple’s “nannyism,” I’m just not sure this is one of them.
Well, High Sierra is bad, but Sierra itself has its quicks. It appears Sierra has broken my Fonts Manager 3 program. Now I have to scramble and try to repair it as a customer in the MAS is waiting.
As far as Telnet is concerned, this seems to fall in the constant “Apple protects you from yourself” philosophy. No more http under iOS, so probably the same idea under iOS disguised in macOS. Telnet has been frowned upon for years because of security.
As someone who thinks about system and network security a lot, I thought Id put my two cents in here…
My suspicion is that Apple is trying to protect all of their users from insecure protocols which could potentially unknowingly reveal their passwords (or other data) over an insecure connection. Its entirely possible that theyve discovered apps in the MAS doing this and the easiest way to prevent it was to remove the tools by default.
I suspect youre not alone, but Ive also heard about all kinds of things using telnet interfaces that should never have been exposed to the internet in the first place… things like internet routers… and power station nodes (ya know, the ones that connect our towns to the national power grid)… and corporate backup generators.
Telnet was used 30 years ago because all youd ever use was a portable connected to the device through an RS232 cable. Today, even if the device manufacturers do make a firmware update (as most of the affected devices probably use PRAM or something similar) getting the users to update is darn near impossible. Dont get me started on the issue of passwords on these devices.
Anyway, my point is that because Apples target market users tend to be less technical than other platforms, my feeling is that they do have some responsibility to protect users from doing stupid things and from others doing it to them. Im actually surprised they hadnt done this sooner. Most current Linux distributions havent had telnet or ftp installed by default for a long time.
Jon, I totally get your frustration. I haven’t actually noticed this yet, but I do occasionally need telnet and I’m sure I would have realized this in some situation where I needed it for some kind of urgent troubleshooting, maybe without an internet connection, and I’m sure my initial reaction would have been the same as yours.
However, given that it’s pretty easy to install tools to handle those functions, and how many people could be exposing themselves to inadvertent harm using insecure tools like telnet and ftp, I get why they would do it.
I have been trying to remove or update anything that I interact with on a regular basis that doesn’t offer SSH or another secure protocol for communication to try and mitigate the potential hacking risk on the networks I manage. Seeing everything that does get hacked these days, it’s important. And it’s not really Apple that is to blame, it’s all the people with bad intentions.
For what’s it’s worth, I’ve been telling people for years not to use Yahoo because all their accounts were hacked. I’ve gotten so many spam and phishing emails from people I know with Yahoo accounts, and many multiple times after they updated passwords etc., that I’ve assumed for years someone or multiple someones were living inside their network some how. I don’t think anyone I tried to get off yahoo actually did though. They would just change the password and get hacked again later.
One person I know had to go through and change passwords on every account they own after multiple accounts were compromised through their emails.
Security is very important, so I think Apple is doing the right thing, and we should take the hint and try to follow suit.
Thanks for posting though. Going to install telnet right now.
I havent used telnet to actually telnet into anything in a decade. But I use it all the time as a test connection to some socket in order to see what data is sent, or to just verify that something is listening and type a few chars into it. There are several devices around the house that have a telnet connection open for sending config info on the local network.
I could throw together a Xojo app to do as much as I use telnet for in a few minutes, but having to do that because apple doesnt want you to use telnet for anything at all is rather frustrating. If they want to remove incoming telnet connection capability thats one thing… oh wait We havent had that in even longer… so its completely pointless and frustrating.
Interestingly enough they left the man page behind, but took the binary away.
Not every bit of network traffic HAS to be secure[/quote]
Not sure why you would say that? There’s all kinds of LAN traffic that doesn’t need to be secure (and yes, there is some that should be secured in corporate networks and all). But I’ve seen people demand to use SSH on networks that are completely isolated from the internet (ie: not physically connected to a router in any way - just a switch with devices and an isolated computer). Most of the time it’s because it’s “policy” but it doesn’t make sense.
Anyone using Telnet and knowing what it is and how to access it on a command line interface, knows better than to use it to connect to their bank (if the bank even has port 23 open)! All the examples of people here saying, “I haven’t used Telnet is years.” is proof that the main connectivity methods in the net are way beyond telnet. It’s “died” because no one is using it for most purposes. Websites effectively killed telnet for most people. So the non-technical person doesn’t even know what it is or how to access it.
That said, the devices I work with are Linux busy box based, have minimal memory, run on an ARM-9 embedded CPU and on some of them, the main function of the device (video stream processing) takes up 95% of the CPU time. So there’s no space, room, etc, to run an SSH server nor is there a need. If someone hacked into one of these devices, the owner of the network has much bigger problems on their hands.
Fortunately, it’s easy in Xojo to open a TCP/IP connection to port 23 (that is until Xojo decides we need to be protected from ourselves and disables this capability like they disabled all the old TLS capabilities).
and it even seems to be part of the default install. So I dont have to recompile and install something. Thats good. Its still extra work for no good reason though. Who uses telnet anymore except for legacy support or the kind of thing I mentioned? This counts as security theater and not actually improving things.
While I understand the frustration, if Telenet is indeed not secure, I can understand why Apple would choose to not encourage its use. A quick search for “is telenet secure” reveals many articles saying that it’s not and that you should use SSH instead.
No offense but that shows you have drank the cool-aid as well.
Not every network device/appliance that sits on a LAN has an SSH server on it. Nor does communication to those devices need to be secure. So if I follow your login, then I can’t possibly access those devices!
This “I’m afraid” mindset has sunk into everyone and everything and it’s replaced being smart and careful about what one does or does not do. Apple has so buttoned down their OS it’s a pain and all for a problem that does not yet exist.
Not every bit of communication on a network goes over the public internet. That’s such a distorted mindset.