Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Linux Should I?
- Thread starter Washac
- Start date
- Sort by reaction score
You might as well, if you're not using it for anything else. At least you'll have a modern OS running on it; you can keep updating Linux until the device physically can't run it anymore (unlike the the planned obsolescence of MacOS or Windows).
Why not, but what are you planning to do with it anyway?
I too have an old i7 quad core 2012 mini laying unused.
I could install Linux on it, but I figured I just don’t need another (slower) computer to maintain for no reason whatsoever.
I too have an old i7 quad core 2012 mini laying unused.
I could install Linux on it, but I figured I just don’t need another (slower) computer to maintain for no reason whatsoever.
You already have Unix running on your Mac, so what is it that you want to do with the box that it cannot do? I think answering that will help you make your decision.
I don't know anything about the 2009 Mac Pro myself but according to Apple, depending on the model, it burns between 115 and 146 watts at idle and a max between 263 - 309 watts (without a screen or peripherals). If you just ran it for one hour a day at the minimum 115w level, that would be about 3.5 kwh of electricity per month.
IMHO, it doesn't make sense to keep using that machine at all unless you have a good reason.
IMHO, it doesn't make sense to keep using that machine at all unless you have a good reason.
I don't trust Linux from security standpoint, at all. At least on the desktop.
(A server running in a well protected and monitored environment with a bare minimum OS install is a different animal).
But as long as you don't do banking or access sensitive information on it, why not.
I ran Linux on a 2009 (firmware updated to (5,1)) Mac Pro for years. I had it up to 24 GB memory and replaced the original 4-core Nehalem CPU with a 6-core, somewhat faster W3680. I finally sold it for maybe $50 because I could get more performance out of an inexpensive Ryzen (Zen 2) build that would run cooler and quieter. The Mac Pro did good work for well over 10 years, though, and for many of those years paid the mortgage as a software development machine.
So it's perfectly doable if you want to put the effort into it, and don't mind paying a bit extra in terms of electricity as compared to a newer box.
So it's perfectly doable if you want to put the effort into it, and don't mind paying a bit extra in terms of electricity as compared to a newer box.
Last year, I installed Linux Mint on an 2011 iMac, and it worked pretty well. I am currently using Debian since I want a distro with Wayland on it.
I would say do it. Besides giving you machine a new life, it’s worth it for the virtue of trying it & having fun.
I would say do it. Besides giving you machine a new life, it’s worth it for the virtue of trying it & having fun.
I don't get the reasoning behind this. At least in Linux I can easily see what's going on inside of my system and its networking. You shouldn't have to worry about doing banking on it??
I have a i7 2012 mini as well and it's currently running Linux very well I must say. A lot lighter on the system compared to any modern version of macOS, no waiting around for most software to load. I imagine OP's MP wouldn't be slow either.
Linux is a mess of hundreds of millions lines of code submitted by tens of thousands of coders, many of them anonymous. Nobody sufficiently qualified really checks most of that code for vulnerabilities or especially deliberate inserted malicious code. Linus himself has a rather dismissive attitude towards security.
Here’s what Graphene OS developer has to say about Linux security (read more towards the middle of page)
If I was in charge of a government espionage agency, I’d plant a group of highly qualified hackers behind an .edu address at some well regarded college, have them submit high quality code to the Linux foundation or various other open source components like drivers for a few years until they develop a good trust based relationship with maintainers, then inject a carefully hidden malicious code. And if I can think of this - definitely the right people in the US, Russia, China or North Korea aren’t any dumber than me. Surely this could happen on Windows and MacOS too, but the free-for-all nature of Linux code contribution makes this a whole lot easier. As the fairly recent UMN scandal very nicely illustrated, the entire ecosystem largely runs on trust. And the spy agencies have been caught abusing this.
The anatomy of suspected top-tier hidden NSA backdoor
Bvp47 of yore said to have used BPF to conceal comms in network traffic
Now, you may say “well spy agencies aren’t after my data, I’m not a big enough target for them”. But North Korea, Russia, Iran and other sanctioned regimes are employing large groups of hackers to steal money anywhere they can - including private accounts - because these funds can’t be traced back to them and thus make it easier to subvert the sanctions.
North Korean hackers use newly discovered Linux malware to raid ATMs
Once, FASTCash ran only on Unix. Then came Windows. Now it can target Linux, too.
arstechnica.com
And of course it’s not only the spies, it’s could also be criminals or even some malicious person with patience and good enough coding skills. Linux makes it much easier to inject your own code than either Windows or Mac.
This makes sense to me but really what is stopping this same action from being employed at Apple or Microsoft and quadrupling the target platform? Are you saying that as a for profit Private enterprise, background checks would catch these would be thieves so are more secure by default or the profit motive drives dollars to prevention or the argument of open source vs closed? I mean, if private enterprise and closed source stopped this outright, we'd have no need for security software or security IT folks (who are amazing when you consider the scale of the threat out there). Surely in the same way, fake employment records can be created, so the threat is in reality quite similar I think and the stakes would be pretty high to make those records realistic and HR verifiable to get in on some tasty international espionage. I agree that the HR hiring process is one more layer of scrutiny but certainly Enterprise infrastructure and the private systems they run and are accessed (MS/Windows) on is a likelier and more valuable target than Linux? Im not saying you're not right but the argument you pose seems like it can be applied across multiple purely for profit OS with bigger rewards.Linux is a mess of hundreds of millions lines of code submitted by tens of thousands of coders, many of them anonymous. Nobody sufficiently qualified really checks most of that code for vulnerabilities or especially deliberate inserted malicious code. Linus himself has a rather dismissive attitude towards security.
Here’s what Graphene OS developer has to say about Linux security (read more towards the middle of page)
If I was in charge of a government espionage agency, I’d plant a group of highly qualified hackers behind an .edu address at some well regarded college, have them submit high quality code to the Linux foundation or various other open source components like drivers for a few years until they develop a good trust based relationship with maintainers, then inject a carefully hidden malicious code. And if I can think of this - definitely the right people in the US, Russia, China or North Korea aren’t any dumber than me. Surely this could happen on Windows and MacOS too, but the free-for-all nature of Linux code contribution makes this a whole lot easier. As the fairly recent UMN scandal very nicely illustrated, the entire ecosystem largely runs on trust. And the spy agencies have been caught abusing this.
The anatomy of suspected top-tier hidden NSA backdoor
Bvp47 of yore said to have used BPF to conceal comms in network trafficwww.theregister.com
Now, you may say “well spy agencies aren’t after my data, I’m not a big enough target for them”. But North Korea, Russia, Iran and other sanctioned regimes are employing large groups of hackers to steal money anywhere they can - including private accounts - because these funds can’t be traced back to them and thus make it easier to subvert the sanctions.
North Korean hackers use newly discovered Linux malware to raid ATMs
Once, FASTCash ran only on Unix. Then came Windows. Now it can target Linux, too.
And of course it’s not only the spies, it’s could also be criminals or even some malicious person with patience and good enough coding skills. Linux makes it much easier to inject your own code than either Windows or Mac.
One aspect to Linux that I like is the repositoried nature of the apps and updates. Where .exe files are hosted in a decentralized fashion across countless sites, the curated repository, seems like a great way for a community to monitor app quality and locate & remove malicious content and when you consider Ubuntus parent company Canonical, they reported 175m in revenue in 2021 and 253m in 2023 with a market push towards enterprise solutions, so they have a vested financial *for profit* interest/motive in preventing what you describe in a similar ways purely private enterprise does.
I have yet to run into any malicious code/apps from Canonical repos anyhow. It seems to me like this threat is everywhere lol, not just Linux distros, so with similar risks requires similar security.
Last edited:
There’s no such thing as 100% security.
Windows and Mac absolutely can be - and are being - targeted. However they have better control over access to the code, they can afford to hire top security talent and pay them to check the code full time, and they are taking security extremely seriously (which for Microsoft took some embarrassing failures to do).
To me, Windows and Mac are like a house with a bolted front door, security alarm and private security on the grounds. This setup doesn’t prevent break-ins but it does make them harder and less frequent.
Linux is like a house where the door is rarely locked and when it is, the key is left under the door mat. A neighbor may check up on the house every now and then, but generally it’s expected that the guests are nice people and will behave.
Linux has represented less than 3% of desktop OS share, and just recently grew to over 4%. There hasn’t been as much scrutiny.
I’ve used Windows since the 90s and only got hit with a virus once - around ‘99 or so.
Last edited:
This makes sense to me. Undoubtedly a walled garden approach that limits access to source code naturally limits creation of malicious code because not everyone has access to it. Conversely it also limits & delays finding that malicious code or a security gap and patching it. The strategy of Linux and the Debian repos that Ubuntu uses for example is that you have a community of millions of users (210m which is 4% of world usage as of 2024) looking at identifying concerns and then others in that 210m population quickly patching them, hence fast identification and patching providing consistent weekly updates (more eyeballs on it yanno?). Compare this to Windows sometimes taking years to find and fix security gaps simply because it is the same small group of people looking at it or Apple for that matter and early stumbles with iOS. So as non intuitive as this approach may be, it has worked well for Linux to date. Still to your point, no OS is 100% secure, so education and quick fixes are key security. Im not trying to convince anyone of anything but I found Linus's strategy to be interesting and definitely not an intuitive one (at least to me it wasn't) At the end of the day though we choose the brand or brands we trust and the expert teams that support those brands and we hope/trust they will serve our needs best.
I too have been using Windows since 95 really (well 98se in earnest with the discovery of Quake and other FPSs of the time) and ran into malware a few times over the early years as I learned proper internet hygiene & habits. Of the OSs I daily, if I had to *trust* one, Id say I leverage my MBP running sequoia for sensitive transactional needs but in the context of information security, I am quickly aligning to Linux and the Ubuntu/Lubuntu derivatives I daily on some of my older macs as theire track record for not harvesting my data and usage patterns is pretty excellent.
Anyhow, thanks for the thoughtful responses. Always good to read where everyone is coming from.
I've heard this so many times. The two questions I always ask are:
- Are you qualified to perform forensic investigations of code in search of carefully designed and hidden vulnerabilities / backdoors, or do you personally know someone who is ? Do you have that high level of skill ?
- Have you or that qualified person actually performed any code investigation ?
Guess what, I've never had anyone say "yes I am qualified and yes I reviewed the code".
This is the biggest fallacy in FOSS world. Just because you, I, my niece, my mother, your lawn maintenance guy, or hundreds of millions other people can inspect the code doesn't make it any safer. It needs to be inspected by the people who have the right qualifications and experience. The number of these people is small. And not all of them are good guys.
And here's the kick... there's two kinds of qualified researchers, the "good guys" and "bad guys". The "bad guys" have strong financial incentive to be searching for vulnerabilities because they can sell them on the darknet or to some interested government, so they can invest time into looking for vulnerabilities (or designing their own). The "good guys" have no financial incentive, and they need to work for living, which limits the amount of time they can spend on validating OSS code. So the open nature of code actually benefits the "bad guys" more, both by making it easier to inject the code via submittals, and by making it easier to find "naturally occurring" vulnerabilities (that is, not deliberate). The "good guys" can't spend anywhere close to the same amount of time on inspecting the code, unless someone pays them to do it.
Now who do you think has the money to pay the "good guys" - Linux Foundation, Canonical, or Microsoft and Apple ?
And the last point - the amount of code submitted to FOSS projects is astronomical, there's simply no way these security experts can inspect all of it. And on top of legacy code going 30 years back, there's new code sumitted every year. For every line of code that gets reviewed by the security experts each year (either "good" or "bad") there's probably thousands of lines that they can't possibly keep up with. The code coming in is the Niagara Falls, and they look at the amount of water coming out of a kitchen sink.
These numbers are meaningless. Most of these millions of people don't have the skill and experience necessary to find a carefully designed and hidden backdoor designed by some of the best talent that CIA, FSB or Chinese intelligence can hire. Those who do are too busy with paid work.
Windows definitely has had and still has its share of issues. However, there were Linux vulnerabilities found after 15 (!) years in the open.
Likewise.