An RCE in GNU's telnetd has no relationship to the sunsetting of telnet. Something could equally likely happen with SSH (but not really because the OpenBSD folks are paranoid by nature).

Apple removing the telnet client from OS X was a stupid move. How can you call yourself UNIX and not have a telnet client? It's like removing grep or ed.

▲

p_ing 19 hours ago | parent | next [-]

Thats what the mystery exceptions for the Open Group macOS UNIX certification was for!

▲

epcoa 18 hours ago | parent [-]

telnet has never been in POSIX though.

▲

p_ing 17 hours ago | parent [-]

It's a joke and a poke that macOS isn't certified UNIX as shipped.

	▲	RupertSalt 16 hours ago \| parent [-]
		https://www.opengroup.org//openbrand/register/ To actually pass the certification test suite on a real system, Apple sometimes needs to apply special configurations (e.g., disabling System Integrity Protection (SIP), using case-sensitive filesystem, enabling certain legacy services, etc.). telnet(1) is not required by POSIX (nor is nc or ssh required!) Ironically, telnet(1) did not begin as a "Unix" utility but an ARPANET protocol suite program. It was available cross-platform. It is unclear whether all editions of Unix included a client, but BSD for sure was the point where telnet and TCP/IP became essential integrations for the systems.

▲

badc0ffee 18 hours ago | parent | prev | next [-]

There's always nc hostname 23 unless you need authentication

▲

paulddraper 18 hours ago | parent | prev [-]

There's no UNIX requirement for telnet.

Ubuntu does not include it by default (starting 16.04?). Most most distros don't.

▲

tokyobreakfast 18 hours ago | parent | next [-]

Two wrongs don't make a right.

Apple still includes uucp for some unknown reason.

The saving disk space argument makes no sense because telnet was one of the smaller binaries in /usr/bin.

Telnet continues to be widely used for select use cases and being told we're naughty by not including it feels punitive and just adds extra steps. What are you supposed to do, trash a $1m piece of industrial equipment because Apple wants to remind you Telnet is insecure?

New devices are still being released with Telnet where SSH is impractical or unnecessary.

▲

mmh0000 18 hours ago | parent | next [-]

There are many things I want to say in reply to this. So I’ll bullet point them:

* yes, do not buy equipment that has acquired so much tech debt that it still requires telnet.

* there are a million telnet clients out in the world. And ones far better than the default OS one. Apple not shipping one standard is not the end of the world or really anything more than a mild inconvenience for the small handful of people who need actual “Telnet” as opposed to Netcat or socat, both of which are far better than base Telnet.

▲

tokyobreakfast 18 hours ago | parent [-]

> yes, do not buy equipment that has acquired so much tech debt that it still requires telnet.

No, you already own this capital equipment. It's the laptops running macOS that are ephemeral and disposable.

I don't care for excuses or workarounds; why did they do it?

It was an explicit decision whilst leaving a lot more—arguably more useless—garbage in.

Every OS that removed telnet did so for a symbolic reason, not because it was helpful technically.

	▲	theParadox42 18 hours ago \| parent [-]
		It seems rather typical for Apple. The removal of the headphone jack obsoleted thousands of consumer devices.

▲

paulddraper 6 hours ago | parent | prev | next [-]

You can have it, it’s not on the base install.

99% of Mac users never use it, directly or indirectly. Asking that they have it anyway is a self centric view.

▲

18 hours ago | parent | prev | next [-]

[deleted]

▲

its_magic 18 hours ago | parent | prev [-]

Ubuntu and derivates removing telnet from the default install, along with other basic tools like traceroute etc, was one of the driving factors toward me creating my own distro. I'm sick of basic stuff being omitted because somebody just decided it's not needed anymore.

▲

jmb99 16 hours ago | parent | next [-]

How on god’s green earth is `sudo apt install telnet` sufficiently challenging to be a driving factor to creating your own distro??

▲

its_magic 14 hours ago | parent [-]

Because I go long periods of time without internet access, and I don't want to have to "sudo apt install" a fucking thing, ever. Especially not a tiny utility that is all of 172k in size, that I might need for something. Understand?

I want EVERYTHING that I might use installed AT ALL TIMES, FROM DAY ONE, so that I can IMMEDIATELY USE IT when required.

This is only one of many reasons why I abandoned the giant dumpster fire that is mainstream Linux. I do not agree with their idiotic philosophy, on practically every level.

You've now discovered that there are sections of God's Green Earth that you never knew existed! One of many benefits of stepping outside the Matrix for a moment.

▲

RupertSalt 7 hours ago | parent | next [-]

I would never ever install your distro for this reason alone.

Someone has already pointed out that old/deprecated/obsolete software like a telnet client represent tech debt.

Removing the telnet client was, in part, a recognition that its complementary server was deprecated and unsafe. If everyone was transitioned to ssh and nc, [and custom MUD clients], why keep telnet around?

Any software like this represents tech debt and a support burden for the upstreams and distros which carry them. You have unnecessarily assumed a burden in this way.

Furthermore, ask the maintainers of OpenBSD or any hardened OS about attack surfaces. The more software that you cram into the default distribution, the more bundled features an OS or system has, you are multiplying your potential vulnerabilities, your zero-days, and your future CVE/patch updates.

Especially in the face of growing supply-chain attacks and LLM-automated vulnerability disclosure. Your focus should be on limiting attack surface in every regard.

It is good practice for everyone to uninstall unnecessary apps and software. Whether you use Android, iOS, Mac, Linux, BeOS or Plan9 or Inferno. Do not install and maintain software that you do not use or need. It will come back to bite you.

	▲	its_magic 4 minutes ago \| parent [-]
		> I would never ever install your distro for this reason alone. And you are? Completely mystified as to why you'd think I would care. I built this distro for me and my people, not you. That's the whole point. We're getting off this ride. > Someone has already pointed out that old/deprecated/obsolete software like a telnet client represent tech debt. Not a subscriber to this religion. There is nothing about new software that inherently makes it safe, and nothing about old software that inherently makes it vulnerable. New flaws are introduced all the time, and old bugs do get found and fixed. I can patch old code. I can't guarantee that new code doesn't contain bugs. The ONLY way to ensure code is flawless is through validation--mathematical proof. When you have devised a proof framework that I can use across my distro, get back to me. At this time you're nowhere near that level, and are therefore unqualified to lecture anyone about security. > Removing the telnet client was, in part, a recognition that its complementary server was deprecated and unsafe. Unsafe? On my personal LAN? I think not. You don't get to just 'deprecate' things that I might need, or want to use for perfectly valid reasons. That's the entire point of my distro: computing the way I WANT IT, not the way Ubuntu wants it. > If everyone was transitioned to ssh and nc, [and custom MUD clients], why keep telnet around? Because it's 172 kilobytes. Contrast with the giant bloated carcass of everything else they shove in there that's oh-so-needed by the herd. > Any software like this represents tech debt and a support burden for the upstreams and distros which carry them. You have unnecessarily assumed a burden in this way. I'm a distro maintainer. Hello? Telnet represents ZERO maintenance burden for me. There are no operators standing by on hotlines to "support" any of this. It's a 172 kilobyte utility. > Furthermore, ask the maintainers of OpenBSD or any hardened OS about attack surfaces. The more software that you cram into the default distribution, the more bundled features an OS or system has, you are multiplying your potential vulnerabilities, your zero-days, and your future CVE/patch updates. Nobody can magically teleport themselves inside my computer and compromise my telnet client. Nobody is injecting packets into my LAN. > Especially in the face of growing supply-chain attacks and LLM-automated vulnerability disclosure. Your focus should be on limiting attack surface in every regard. You're concerned about supply chain attacks, so your mitigation is...doubling down on getting the Latest Updates to everything? Because new code is inherently good. Telnet has to go--way too risky to keep that around--but KDE/Gnome/systemd/dbus/etc stays? 'traceroute' is useless and dangerous, but let's keep the giant QT framework with its vendored copy of Chromium? (That's QT5 and QT6, each with a vendored Chromium, mind you.) Chromium, by the way, itself represents tens of gigabytes of code/data now inside its repository, with 'third party' directories vendored three or even four levels deep. But a 72k traceroute utility is likely to be packed with security flaws and should be avoided. > It is good practice for everyone to uninstall unnecessary apps and software. Whether you use Android, iOS, Mac, Linux, BeOS or Plan9 or Inferno. Do not install and maintain software that you do not use or need. It will come back to bite you. Completely wrong and misleading theory of security you are proposing here. I devised this new distro exactly because I was tired of my computing experience being shaped and controlled by clueless kids with intellectually bankrupt arguments and/or wolves in sheeps' clothing.

▲

paulddraper 6 hours ago | parent | prev [-]

The easiest way to make your own “distro” is apt-get install stuffiwant…

▲

7 hours ago | parent | prev [-]

[deleted]

▲

anthk 12 hours ago | parent | prev [-]

Netcat works as a telnet client. GAWK can do that too with a dumb loop. So can con(1) under 9front.

	▲	1718627440 11 hours ago \| parent [-]
		Using netcat results in showing Unicode replacement symbols, instead of answering to telnet options. I doubt it implements telnet at all, because this is just not its job.