Advice Please: What To Do With Mac Mini mid2011???

[BeautifulWoman_1984]

It was a different world, home computer security wise, back in the early 2000's. People were still often being hooked up to the internet with those old Motorola Surfboard modems (the single ethernet jack ones) and having that directly connected to their computer. That allowed direct attacks to be done against their computer. In addition, MS shipped Windows XP back then with services running by default that were NOT secure (such as uPnP). That led to the depressing situation of people, right after OS install, downloading security patches to fix those holes while at the same time the computer was being attacked (and exploited) with those holes

The modern situation is massively better. Nearly everyone anymore is using a router (or router+modem combination). The router normally has a simple firewall that protects everything on the network in your house. Also, both Windows & MacOS now have more risky services disabled by default and have a personal firewall active by default on your computer. In addition, both OS's have patched their other holes. While no security is 100%, there's a good reason you heard those stories 15+ years ago but you haven't heard much about those kinds of attacks any time recently

Note: If you want to improve this portion of security, then you'll need to read up about firewalls. Keep in mind that most people don't really need ANY ports open into their network, just the ports open to go outside of their network. (IOW, your computer can reach out for things, but outside computers can't reach in)

One other thing: In the last 5 years or so, MacOS showed up with a couple of security holes that Apple rated at a high severity level. They not only patched them for supported OS releases, but also for the last major unsupported. In this case, that would still be High Sierra. The reason Apple did this, is because a lot of corporate customers were still running the unsupported OS. No idea if they'll do it again, but it's likely

Keep in mind this: in recent security conferences, EVERY OS has been hacked. Every last one of them. That includes the latest Windows 10, MacOS Catalina, iOS, Android, and every major version of Linux. MacOS High Sierra is basically as secure as any of them. What you need to depend on is hardening what I mentioned before: email, browser, any other applications installed, and maybe the firewall in the router. Do that, and attackers won't be able to reach your computer in the first place

Thank you so much for your in-depth reply!

I didn't realise security had come such a long way since that 2003/2004 era...

I always thought that the installed OS(MacOS or Windows or Linux) was more important than the web browser and other apps that were installed.

I'll keep doing research into the great advice you mentioned!

 

[BeautifulWoman_1984]

I couldn't agree more! Mojave runs wonderfully on this 2011 Mac mini. If a reason arose that I needed to put Mojave on my personal 2011 Mac mini, I would not hesitate for second to do so.

I appreciate all the feedback, but running the "Dosdude patcher" isn't an option for me because of my worries about security and stability in the future I may find when using my Mac Mini mid2011.

I agree, the 2011 Mini is a great machine with a lot of useful life left in it and runs Mojave just fine! Literally everything works.

I agree 100%!

I'd love to keep running the Mac Mini mid2011 with the most recent MacOS as its performance is great for me, but I'm leaning towards installing Linux or Windows on the Mac Mini mid2011.

 

[CooperBox]

Personally, I would look for a used 2014 mini and sell the 2011 to cover the purchase price.

I'm playing devil's advocate here, but doing what you suggest - getting a used 2014 Mac Mini, I could well imagine the OP worrying about insecurity once OS Catalina is no longer supported, which may be not too many years away for a 2014 machine if Apple stick with their unfortunate all-too frequent major OS changes.?

 

[macmini53]

You can do one of three things:

1. Use dosdude's patcher ( http://dosdude1.com/software.html ) and install a more current version of macOS.
2. Install a different OS, like linux. Which is what I did with my 2011 Mac mini.
3. Recycle the machine and get a new one.

How did you get the Wifi adapter to work out of the box? I tried Ubuntu on this machine but failed to get Wifi broadcom i think to work.

I resorted to making this my Windows 10 machine...now I am regretting doing this--the fan noise on Win 10 is unbearable, I want to go back to Lion or Linux (retrying with newer 20.04 LTS release this week.

Update: I installed Kubuntu 20.04 LTS daily release (21-04-2020) and everything works out of the box...happy camper with this 2011 Mac Mini 5,3. Thanks for the suggestions.

 

[mr.steevo]

I'm playing devil's advocate here, but doing what you suggest - getting a used 2014 Mac Mini, I could well imagine the OP worrying about insecurity once OS Catalina is no longer supported, which may be not too many years away for a 2014 machine if Apple stick with their unfortunate all-too frequent major OS changes.?

Sure, but but buying a 2014 Mini for $300 and selling the 2011 for ~$200 seems simpler than running a hack/patch

Besides, the 2014 Mini was replaced late 2018 so theoretically it should have several years of support.

If it was me and I didn’t know much about computers & software I’d be more comfortable with upgrading to the 2014 Mini for $50-$100

Has anyone forgotten that Apple used to charge $129 just for an OS X upgrade? Eg 10.4

Heck, I remember having to pay $10 to upgrade my iPod touch to iPhone 2.0

 

[iAssimilated]

Has anyone forgotten that Apple used to charge $129 just for an OS X upgrade? Eg 10.4

Heck, I remember having to pay $10 to upgrade my iPod touch to iPhone 2.0

Then I am glad I missed those days. I wasn't involved in the Apple ecosystem years 1997 thru 2015. I ran Windows because I had to (IT admin) and linux starting in 1997. I got back into Apple because my wife got her first Mac for video editing and a change of duties at work, at which point I bought the 2014 mini to relearn the system. It is not a bad machine, but I never enjoyed it enough to want to use it 100% of the time. I still used linux primarily and Windows when I needed games (on a custom PC box I built "a long while ago"). With my 2018 mini + eGPU I left everything else behind. I very much enjoyed using mojave, everything has been rock solid and fast). I still run my KDE neon box, mainly to utilize my 2011 mini for something. The 2014 is my headless content caching and backup server.

I bought my first smart phone when I got my SE in early 2017 (again, mostly for work) but have enjoyed the Apple experience since. I like how I can easily access everything from each device.

To be honest, if I had to choose between a 2014 mini running mojave vs a patched 2011 mini, I would choose the 2014 mini. Less headaches and more enjoyment!

 

[BeautifulWoman_1984]

I'm playing devil's advocate here, but doing what you suggest - getting a used 2014 Mac Mini, I could well imagine the OP worrying about insecurity once OS Catalina is no longer supported, which may be not too many years away for a 2014 machine if Apple stick with their unfortunate all-too frequent major OS changes.?

CooperBox, you're 100% correct. I don't want to buy a used Mac Mini as I'm very much worried about security!

If I buy a Mac Mini I'm only interested in buying a new Mac Mini even though it'll be expensive: I'll need to try and save money in another area of my life...

 

[LovingTeddy]

I appreciate all the feedback, but running the "Dosdude patcher" isn't an option for me because of my worries about security and stability in the future I may find when using my Mac Mini mid2011.



I agree 100%!

I'd love to keep running the Mac Mini mid2011 with the most recent MacOS as its performance is great for me, but I'm leaning towards installing Linux or Windows on the Mac Mini mid2011.

You can download the official macOS Catalina dmg files from Apple and use dosdude patcher. The only thing they modified installer so it can boot and added some kext files for unsupported Mac. This is pretty much similar with how you modify macOS installation file and mess around clover configurator for text and boot options.

If you want look at the source code to verify, you can go to their github page. There are lots of people, including me, running Catalina on unsupported Mac via Dosdude patcher. If there are serious security implications, people will be all over with it on the forum.
[automerge]1587820133[/automerge]

CooperBox, you're 100% correct. I don't want to buy a used Mac Mini as I'm very much worried about security!

If I buy a Mac Mini I'm only interested in buying a new Mac Mini even though it'll be expensive: I'll need to try and save money in another area of my life...

What has security to do with used Mac? If you worrying to much about security, you could just stripe out the hard drive and install your own. It is not like hacker can modify bootrom or anything.

I simply do not understand why are you worrying about something that is completely nonsense.
[automerge]1587820428[/automerge]

Then I am glad I missed those days. I wasn't involved in the Apple ecosystem years 1997 thru 2015. I ran Windows because I had to (IT admin) and linux starting in 1997. I got back into Apple because my wife got her first Mac for video editing and a change of duties at work, at which point I bought the 2014 mini to relearn the system. It is not a bad machine, but I never enjoyed it enough to want to use it 100% of the time. I still used linux primarily and Windows when I needed games (on a custom PC box I built "a long while ago"). With my 2018 mini + eGPU I left everything else behind. I very much enjoyed using mojave, everything has been rock solid and fast). I still run my KDE neon box, mainly to utilize my 2011 mini for something. The 2014 is my headless content caching and backup server.

I bought my first smart phone when I got my SE in early 2017 (again, mostly for work) but have enjoyed the Apple experience since. I like how I can easily access everything from each device.

To be honest, if I had to choose between a 2014 mini running mojave vs a patched 2011 mini, I would choose the 2014 mini. Less headaches and more enjoyment!

There is literally zero effort to get the bootable USB installer and install Catalina on 2011 mini. The only one issue i have is that I have to unplug USB keyboard and mouse every time macOS boots. Other than that, there are literally zero issue And performance is great for such old machine.

However, that being side, I still think Apple should give old mac longer support. If Windows 10 runs perfectly on same era PC (I mean 2011 Mac are using Sandy Bridge Intel processor, it is still very capable machine. Lots of budget gaming towers are using this era processor with much modern graphic card). macOS Catalina runs great on 2011 mini and there is no reason that Apple not support this machine.

 

[Fishrrman]

If price is an issue, buy from the Apple refurbished online store.

There's no real difference between the "2018" and the "2020" Minis, other than the size of the SSD inside...

 

[CUDA_Switch]

You can download the official macOS Catalina dmg files from Apple and use dosdude patcher. The only thing they modified installer so it can boot and added some kext files for unsupported Mac. This is pretty much similar with how you modify macOS installation file and mess around clover configurator for text and boot options.

If you want look at the source code to verify, you can go to their github page. There are lots of people, including me, running Catalina on unsupported Mac via Dosdude patcher. If there are serious security implications, people will be all over with it on the forum.

That's really good to know - one reservation I had with using the patcher is not knowing what it's doing under the hood. From a security standpoint, it helps a lot that the source code is posted and you can build it from scratch. However, I wonder how many people do that versus download and install the precompiled dmg. Does anyone know whether the dmg is digitally signed, or if a hash exists anywhere that you could use to validate the dmg? If not, that in my opinion is not good because there's no way to know whether the download is legit.

 

[LovingTeddy]

That's really good to know - one reservation I had with using the patcher is not knowing what it's doing under the hood. From a security standpoint, it helps a lot that the source code is posted and you can build it from scratch. However, I wonder how many people do that versus download and install the precompiled dmg. Does anyone know whether the dmg is digitally signed, or if a hash exists anywhere that you could use to validate the dmg? If not, that in my opinion is not good because there's no way to know whether the download is legit.

You can really just google dosdude patcher. It is literally just the first Google search result. The dmg is digitally signed and it has has exist. It is right on its website.

• Current Version: 1.4.3
• SHA1: fb145378f798d2d11e07ea0a2466eb347aa13532
• Alternate Download

All you need to do is compare the SHA1 and you should able to verify the download. However, I would just go the official website and download from there.

I really don't think security has been comprised here. It is literally just make it bootable and install few kext or patches so that Catalina is able to boot. If this patcher is security concern, then you are going to hate to build hackintosh PCs, which I did (Core i3 9100F+Gigabyte B360M D3H + 16GB DDR4 + AMD RX570+500GB NVME Drive).
[automerge]1587867364[/automerge]

If price is an issue, buy from the Apple refurbished online store.

There's no real difference between the "2018" and the "2020" Minis, other than the size of the SSD inside...

I do not know the availability of refurbished Mac mini at Apple US site. But here in Canada, refurbished Mac mini is constantly out of stock. Even if Mac mini is in stock, you might not find the storage option you want. Since the 2018 Mac mini has non-user upgradable storage, you are stuck with the storage capacity.

 

[CUDA_Switch]

You can really just google dosdude patcher. It is literally just the first Google search result. The dmg is digitally signed and it has has exist. It is right on its website.

• Current Version: 1.4.3
• SHA1: fb145378f798d2d11e07ea0a2466eb347aa13532
• Alternate Download

All you need to do is compare the SHA1 and you should able to verify the download. However, I would just go the official website and download from there.

I really don't think security has been comprised here. It is literally just make it bootable and install few kext or patches so that Catalina is able to boot. If this patcher is security concern, then you are going to hate to build hackintosh PCs, which I did (Core i3 9100F+Gigabyte B360M D3H + 16GB DDR4 + AMD RX570+500GB NVME Drive).
[automerge]1587867364[/automerge]

Cool, that's a good thing that helps too. My reservation with the patcher is not wanting to disable SIP, since I value the security benefit it provides. But it's a moot point for me personally since I'm not running macOS these days anyway - my 2010 Mac Mini runs Pihole on Debian (a cool use of an old Mac Mini if you've got one lying around). And no, I'm not a Hackintosh hater at all. It's an interesting project, but one I never tried due to lack of time.

 

[avz]

Cool, that's a good thing that helps too. My reservation with the patcher is not wanting to disable SIP, since I value the security benefit it provides. But it's a moot point for me personally since I'm not running macOS these days anyway - my 2010 Mac Mini runs Pihole on Debian (a cool use of an old Mac Mini if you've got one lying around). And no, I'm not a Hackintosh hater at all. It's an interesting project, but one I never tried due to lack of time.

I am wondering how did you managed to survive before the SIP was introduced? Did you get a lot of viruses before the El Capitan era?
You seemed to miss the point about the Hackintosh: it requires much more kext replacements than unsupported Mac. According to your logic using a Hackintosh is a big no-no due to security concerns.

 

[CUDA_Switch]

Obviously SIP isn't some kind of magic bullet, and there are other places malware can get installed besides the areas SIP is protecting. However, I like SIP because it's a free and built-in way to help protect your OS from threats that try to modify files in core OS directories. One thing I don't like about it is that isn't any visual indication when SIP blocks something, so it's tough to know what it's doing for you. It would be great if it let the user know that it stopped a given threat.

You seemed to miss the point about the Hackintosh: it requires much more kext replacements than unsupported Mac. According to your logic using a Hackintosh is a big no-no due to security concerns.

I understand how a Hackintosh works, and I can still admire the technical achievement without participating in it. At the end of the day, people should make whatever choices they're comfortable with. I'm sympathetic to those who want to keep their older Macs updated - they are not cheap machines and it's obvious that the support cutoff is arbitrary. I understand Apple's a hardware company and that software support costs money so it's a business decision. But I think it's a real shame that people who want to run a supported OS on their older Mac have no way to get that directly from Apple, and basically have to fight Apple by using the patcher. Sure, some people don't care if their OS is supported but others obviously do.

 

[avz]

I understand how a Hackintosh works, and I can still admire the technical achievement without participating in it. At the end of the day, people should make whatever choices they're comfortable with. I'm sympathetic to those who want to keep their older Macs updated - they are not cheap machines and it's obvious that the support cutoff is arbitrary. I understand Apple's a hardware company and that software support costs money so it's a business decision. But I think it's a real shame that people who want to run a supported OS on their older Mac have no way to get that directly from Apple, and basically have to fight Apple by using the patcher. Sure, some people don't care if their OS is supported but others obviously do.

Technical achievement??? It is only a common sense that a certain hardware requires certain drivers to work in a certain environment.
You are still getting the macOS directly from Apple even with a patcher, this is where you display your lack of understanding. I don't mean to go hard on you as I understand that most people are not technical, but the words "supported/unsupported" have no meaning at all for an engineer. If you look around the forum, you will see that it is mostly people with supported machines that seem to have a lot of "issues".

 

[BeautifulWoman_1984]

This is a message that Cuda_Switch sent to me. I asked for his permission to post this thread and he said it was okay.

The reason I'm posting is this is that I think it'll be helpful to the MacRumors community as it contains some great security information!

Cuda_Switch

Having a secured and patched browser is a very good thing, but the operating system is just as important. Let me explain why through this scenario: someone with a fully-patched browser clicks a link that causes malicious code to be downloaded. If the code was designed to exploit a bug that was patched in the browser, it would fail. But let's say that the malware targets some other software and not the browser at all. In that case, the browser is just being used to deliver the malware. It's just doing what it's been told to do, which in this case is download that file and execute it.

Also, it's worth mentioning that the web browser is just one way that malicious code could find its way onto your PC. Any software that connects to the Internet could potentially download malicious code - email is another common one for example. Even an infected USB flash drive could spread malware.

So let's say that malicious code gets onto the PC in one of the ways above. Any software could potentially be exploited, and common targets include the Microsoft Office products and software like Adobe Flash and Acrobat/Reader for PDFs. But the operating system itself is critical to protect, because the PC is guaranteed to have one and it's easy to identify. The web browser knows what it is, and this can be abused to deliver an exploit that's more likely to work on a given OS. So let me play devil's advocate for a second and say: if a newer, supported OS is important then why not run the dosdude patcher? It's because you are running non-Apple code that modifies the core OS in unknown ways, and you have to run it every time an OS patch is released to keep it working. This is why it requires SIP to remain disabled, because the purpose of SIP is to protect the OS from unauthorized modification - exactly what the dosdude patcher is doing. The code is also unsigned, meaning that it could have been modified by someone who's not dosdude and no one would know. Either way, I wouldn't use the patcher on my own machine. My apologies for the long response, but I believe in being thorough

EDIT:
Just made it clear that it was Cuda_Switch's intelligence and not mine!

 

[avz]

This is a message that Cuda_Switch sent to me. I asked for his permission to post this thread and he said it was okay.

The reason I'm posting is this is that I think it'll be helpful to the MacRumors community as it contains some great security information!



EDIT:
Just made it clear that it was Cuda_Switch's intelligence and not mine!

I like how you were smart enough to distance yourself from this "intelligence" at the end of your post. Good on you.

Apple is well aware of the patcher and does not consider it to be a security treat. For example Apple does consider an iOS jailbreaking to be a security treat. Patcher is not the same.

 

[jasoncarle]

But that's not how MacOS operates...

Sure if there is a bug then perhaps code could be executed, otherwise Mac OS, even when ran in administrator mode, will stop and ask for a password and permission to install whatever. Heck my browser even asks me if I want to download something from such and such a site if I have not been to that site before to download anything. SO he is right, that is how a PC works, but not a Mac.

 

[BeautifulWoman_1984]

I like how you were smart enough to distance yourself from this "intelligence" at the end of your post. Good on you.

Apple is well aware of the patcher and does not consider it to be a security treat. For example Apple does consider an iOS jailbreaking to be a security treat. Patcher is not the same.

Thank you avz, but even if you're correct about Apple not considering the "Dosdude patcher" to not be a security thread I'm still not willing to consider using it as I want to use official Apple MacOS software releases.

 

[avz]

Thank you avz, but even if you're correct about Apple not considering the "Dosdude patcher" to not be a security thread I'm still not willing to consider using it as I want to use official Apple MacOS software releases.

I am not here to sell the patcher. I understand that you can only make decisions in accordance with your current level of knowledge and experience. This is why any decision that you make will be the right one at this point in time.
You are already doing a good job by asking questions and researching.

 

[BeautifulWoman_1984]

I am not here to sell the patcher. I understand that you can only make decisions in accordance with your current level of knowledge and experience. This is why any decision that you make will be the right one at this point in time.
You are already doing a good job by asking questions and researching.

Thank you.

I really appreciate you for giving your advice, but I don't want to take a risk and use the "dosdude patcher" so it's not an option for me.

 

[richmond62]

I have been using a whole slew of 2006 iMacs (2xG5, 1xIntel 32-bit, 2xIntel 64-bit) almost constantly since 2012 when
I bought the whole bunch of them (+ another one I threw at a desperate, penniless friend) for 25 Euros each.

 

[BeautifulWoman_1984]

I couldn't agree more! Mojave runs wonderfully on this 2011 Mac mini. If a reason arose that I needed to put Mojave on my personal 2011 Mac mini, I would not hesitate for second to do so.

But there must be a reason why Mojave isn't officially supported by Apple for the Mac Mini mid2011? Things would be so much easier for me if Apple continued to provide updates for my Mac Mini mid2011 past September 2020... ?

If price is an issue, buy from the Apple refurbished online store.

There's no real difference between the "2018" and the "2020" Minis, other than the size of the SSD inside...

My current Mac Mini mid2011 with 8GB of RAM still gives me more than enough performance so I don't need more hardware grunt, but I'm very nervous about there being some spyware/malicious App installed on a Mac from the Apple refurbished store...

EDIT:
Fixed text

 

[iAssimilated]

But there must be a reason why Mojave isn't officially supported by Apple for the Mac Mini mid2011? Things would be so much easier for me if Apple continued to provide updates for my Mac Mini mid2011 past September 2020... ?

I think part of the reason the 2011 mini was dropped from support is some models came with AMD graphics that don't work well with Metal 2. Where as the 2012 mini (and newer) offered only integrated Intel graphics that do work with Metal 2.

 

[richmond62]

If you are fussed about security find some use for it without it being connected to the internet.

Plenty of those.