just interested

[alexachucarro]

Apple and fans rave on about how easy (with a little recompiling) it is to get a UNIX or LINUX app to run in X. But how easy is it? What does the UI look like and 'does my bum look big in this?'

 

[chenly]

When Mac OS X pundits assert the reality that many UNIX/Linux applications need only mild recompiling to run under OS X, three things must be understood as implied:

1. Straight command-line applications require just recompiling and will run just fine.

2. X-windows applications need X-windowing software such as XFree86, XTools, XDarwin, etc..., but this software itself has been recompiled and is freely available.

3. Recompiling is *NOT* computing for the rest of us. Computing for the rest of us is .pkg files which are installed (and uninstalled) by Apple's Installer.app. Recompiling is, in my opinion, best left to experts--witness Apple's seamless inclusion of Apache, the world's best (and, inconsequentially, most popular) HTTP serving software in OS X. It runs perfectly--just try to recompile the Apache binaries yourself for ANY platform. THE BENEFIT IS THAT ONCE ONE EXPERT SUCCESSFULLY RECOMPILES AN APPLICATION AND SHARES IT, NO ONE ELSE NEED DO IT--WE CAN ALL BENEFIT FROM ONE RECOMPILATION.

That being said, get XDarwin and Orobor for OS X on your machine--there are TONS of great X-windows titles just waiting for you!

 

[nkuvu]

Well said, t h.

 

[kilowatt]

Originally posted by t h


This is incorrect. One compiles code in their own way to enable certain features and disable others, optimized for your particular system and needs.

For example, if Kerberos support is not needed, it shouldn't be compiled into your OpenSSH. Various OpenSSH security bulletins warning about vulnerabilities have gone out, most of which deal with certain features being enabled during compilation.

Another really important example: the Linux kernel provided by most distributions is modular and a huge assortment of kernel modules are provided. Security pundits argue that the kernel should be monolithic and not accept loadable kernel modules, to lower the risk of some bad person sticking in rogue code into your kernel. Thus, you should compile the kernel from scratch, with only the necessary support for your particular situation (e.g., if you don't need NFS support, don't include it in the kernel). Some features aren't enabled in the default kernel (e.g., ReiserFS support) or are not configured (e.g., enabling TCP SYN cookies).

Also, complex pieces of software like the Linux kernel often have patches for both A.) fixing bugs, and B.) adding functionality. By compiling your own software, you can get A.) better security, B.) added functionality, and C.) improved performance.

Of course, this depends on the specific piece of software, its compilation time options, and your particular needs. Therefore, *you* will be the one who must examine each case and decide whether or not the pre-compiled binary is adequate in terms of features, security, and performance, or whether compiling from the source is warranted.

Does this require you to be an expert? Yes, if you want truly optimized performance and tight security. Are there good places to learn about this for Mac OS X? No. As far as I can tell, there are no books nor sites that really cover this stuff well. Almost everything on this planet for Mac users are the simplistic hand-holding scraps of info about using a handful of basic UNIX commands (which are adequately covered in books and manpages). There is no website nor publicly available document that teaches system performance tuning and production-grade security for Mac OS X.

Yes, the pre-compiled binary is probably adequate for Joe Average Computer User and might not be a performance-crippled, over-featured heap of steaming skankware riddled with massive security holes like some applications (hmmm, let's say, IIS or Outlook).

Note that security experts will insist on compiling their own kernels and security-related (and network-related) software (OpenSSL, OpenSSH, mail transfer agent, web server software, nmap, Nessus, PortSentry, etc.).

Like he said, for the experts. Most people are not 'security experts'. And a properly compiled binary is first tested for security problems before it is sent out to the general public in the form of a .pkg. My mother will never compile a program on Mac OS X or any other platform. So, should she start learning now? No! I compile for her, and send her .pkg files.

 

[chenly]

The UNIX/Linux codebase, of which Darwin, but not the rest of OS X, is a part, is freely configurable, sourceable, compilable, etc... We get all the great BSD UNIX applications that only need BSD, or BSD + X-windows, without any trouble at all (except for installing X-windows; XDarwin is wonderful and free). Porting a program from, say, IRIX to Macintosh is ORDERS OF MAGNITUDE easier than it used to be, but that in and of itself does not mean that Joe and Suzy Six-pack should be recompiling X-windows freeware coded for Sun Microsystems' UltraSPARC III servers running Linux! It just means that, for experts, the task of porting applications consumes fewer resources to the point that it's worthwhile.