State Farm Security Fail

On State Farm’s security page, they say “The Security of Your Personal Information is a Priority at State Farm” and “We work hard to make sure your account information stays secure. Learn more about how to protect yourself and how State Farm protects you.”

That’s all well and good to say, but the reality is not so simple.

State Farm supports 2FA on your account, which is good-ish. They don’t support Google Authenticator, or Duo. They do support SMS messages and email, in a way in which enabling 2FA enables both and you can’t disable SMS in the settings. This is not so good, as current industry advice is to avoid SMS as 2FA due to SIM swapping attacks and SS7 hacks.

But then it gets worse. The devil is in the details, or in this case the following sentences: “Use a verification code or answer public based questions every time I log in.” “Selecting Two-Factor Authentication means you’ll receive a unique verification code by email or text or you will answer a series of public based questions each time you log in.” This is where things get really scary. Verification by ‘public based questions’ is an absolute favorite for identity thieves. They can sit at their computer with a copy of your credit report and answer these with a high degree of success.

I tried complaining about lapse in security practice to State Farm, and they seem to have fully drunk the LexisNexis kool-aid on this. They stand by their use of a vulnerable verification tool that puts my accounts at risk.

Time to find a new insurance provider.

Installing MacPorts on MacOS 10.15 Catalina

Update: I always appreciate the traffic, but the folks at MacPorts have their official installer for Catalina available now. You should use it:
https://www.macports.org/install.php

Updated on 2019/10/09 to work with the public release of Catalina.

Another year, another round of “Oh, shit! My software doesn’t run on the latest version of MacOS!” While MacOS steadily marches towards being a consumer friendly OS that alienates the hardcore users, we continue to try to beat back the tide with tools like MacPorts. I’ll be curious to see how things go with future versions of MacOS, now that there are reports that upgrading to Catalina will wipe out a users /opt/ folder.

Below you will find my steps for getting MacPorts compiled by hand on MacOS 10.15 Catalina. I am working on a clean install of Catalina and Xcode 11. If you are trying an upgrade, or using a different version, your experience may be different. If you run into problems post a comment and I’ll do what I can to help out.

And so, without further ado…

  1. Install MacOS Catalina
  2. Install XCode 11
  3. Launch XCode
    1. Agree to the license agreement.
    2. Enter your password when the authentication dialog box opens.
    3. Wait for it to finish installing components.
    4. Quit XCode
  4. Open a terminal window.
    (CMD-Space terminal <return>)
  5. sudo xcode-select --install
    (enter your user password)
  6. When the pop-up opens asking for permission to install the command line tools, click “Install”.
  7. Agree to the license agreement, despite what it says will happen to your first-born.
  8. Back to your terminal window, inscribe these arcane incantations:
  9. sudo xcode-select -s /Applications/Xcode.app/Contents/Developer
  10. sudo xcodebuild -license
    (Space through the document, and then type ‘agree'<return> – The ghost of Steve Jobs will not start haunting you until at least New Years.)
  11. cd ~/Desktop
    (A window will pop up asking for access to your desktop folder. Grant it, lest the imps be released.)
  12. curl -O https://distfiles.macports.org/MacPorts/MacPorts-2.6.1.tar.gz
  13. tar -xzvf MacPorts-2.6.1.tar.gz
  14. cd MacPorts-2.6.1
  15. ./configure
  16. make
  17. sudo make install
    (Enter your user password if prompted. You may not be prompted if you get through the above steps quickly.)
  18. echo "export PATH=/opt/local/bin:\$PATH" >> ~/.zshrc
  19. source ~/.zshrc
  20. sudo port -v selfupdate
    (Enter your user password if prompted. You may not be prompted if you get through the above steps quickly.)

At this point you are pretty much ready to start installing ports. I say pretty much, because there are two ‘optional dependencies’ that will make your life easier:

  1. Install Java from https://www.java.com/en/download/mac_download.jsp
  2. Install XQuartz X11 from https://www.xquartz.org/

OK, now you are really, really ready to install ports. 🙂

Take your fresh Catalina install out for a spin and let us know how it goes!

If this worked for you, could I ask a favor? Share a link to this article somewhere you think people would find it useful. Thanks!

Installing MacPorts on MacOS 10.14 Mojave

Update 10.15: If you are looking for instructions on how to install MacPorts on Catalina, try here.

Another year, another OS X update.  (Yes, I do copy a fair chunk of the text from previous year’s posts.)  I assume you are here because you downloaded the Mojave Beta/GM from Apple, and were disappointed that there isn’t a MacPorts installer yet.  While I am sure they will release it soon, perhaps we can get you over the hump so you can beat up Mojave before the official drop date.  If you are comfortable compiling software by hand, we should be able to get thru this easy-peasy.

I am doing this on a clean install of Mojave. If you are attempting an upgrade from any previous version, your process may vary in unexpected ways.  If you did an upgrade install, you will want to make sure you’ve downloaded the latest version of Xcode, and you should probably follow the MacPorts uninstall instructions so you have less cruft around that could interfere with the process.  If you have an upgrade issue, please comment here and I’ll do my best to help you out and improve the instructions.

This is my first pass at getting it running.  I’m going to share all my steps.  One or two things I do might be unnecessary, and could be removed later if I refine the process; but I promise I wouldn’t have hit the Publish button if the overall process didn’t work.

  1. Install MacOS "Mojave"
  2. Connect to the internet
  3. Install Xcode 10 from the App Store.
  4. Launch Xcode:
    1. Agree to the license.
    2. Let it install the extra components it says it needs.
    3. Quit xcode.
  5. Open a terminal window:
  6. sudo xcode-select --install
  7. When the pop-up launches, install the command line tools.
  8. cd ~/Desktop
  9. mkdir macports
  10. cd macports
  11. curl -O https://distfiles.macports.org/MacPorts/MacPorts-2.5.3.tar.gz
  12. tar -xzvf MacPorts-2.5.3.tar.gz
  13. cd MacPorts-2.5.3
  14. ./configure
  15. make
  16. sudo make install
  17. echo export\ PATH=/opt/local/bin:/opt/local/sbin:\$PATH >> ~/.profile
  18. source ~/.profile
  19. sudo port -v selfupdate

There’s one extra step I find worth doing that isn’t strictly required for installing the MacPort installer tools.  I find it useful to install Java on my machine before I install any ports.  Otherwise you will be plagued with pop-up windows recommending you install Java while compiling ports like rsync.

At this point, you should be ready to start reinstalling your ports! Wee!

After manually installing MacPorts with the above instructions I was able to install rsync, wget, git, python27, which are my usual first validation tests.  Those packages, combined with their dependencies, result in around  75 installed packages; which does a pretty good job of verifying MacPorts is working.  🙂

Updated 2018/09/26 – Tightened up my sloppy use of a root privileged shell after barrykn called me out on it on reddit.  🙂

Updated 2018/10/02 – Fixed the smart-quote thing, so #17 should work now without needed to have the quotes tweaked. Crap! Smart quotes are back. Stupid theme updates…