I feel deeply for the developer who develops iTerm for relatively very little money, and already took a lot of criticism for the AI integration, far more than was warranted.
I am also also deeply concerned about my use of iTerm now.
I access HPC environments where I may have access for a short period of time. I am expected to take responsibility to clear out my data after use and don't expect there to be any data leakage. If I had been manipulating PII research data in the past year and using iTerm's SSH integration I would be in a bit of a bind and have to send some really embarrassing emails asking sysadmins to see if these logs exist, and if they belong to me, followed by disclosing data had been leaked.
I use some of the more advanced features but at this point wonder if I should be using any features beyond the basic, and then I may as well be using another terminal. I haven't found a cross-platform editor that feels as native on MacOS as iTerm, ghostty included.
I tried WezTerm recently but I unfortunately could not type backslashes on an ISO keyboard. There were other minor annoyances such as new tabs always opening on the last directory I was at and not my home directory (this was something that could be configured, but I never managed to do it). Ultimately, it was the problem with the backslashes that drove me back to iTerm.
Why switch to another terminal, after 1 issue, in all this time since it exists?
It’s like throwing away your car after having a flat tire… perhaps iTerm is still the best option available, considering all the plus points / features it has.
Fwiw, it's not your responsibility to maintain a secure computing environment (assuming you're a researcher). If you, personally, have to vet the whole system and all the software you use for security, then they have none.
A competent system administrator with a knowledge of system security can easily configure a host so that when you SSH in, files you create are not given world-readable permissions by default. They can add other lock-down mechanisms that isolates all the users' files entirely. And they can simply disable all world-writeable folders like /tmp/.
So in case anyone gives you (or anyone else) a load of crap about using insecure software, ask them why their systems are so insecure.
Still not your responsibility. If they don't cough up the cash to properly manage the security, they can't expect any. Just because a trucking company doesn't want to pay for a mechanic, doesn't mean they can expect their drivers to repair blown engines.
- all input ports are blocked. Kinda provides security. Works fine as if things are so dire most academia would be hacked.
- these are not valuable like data from SSN or bank. So fewer attacks.
- if something gets f*ked - it gets bad name - people laugh it off. No one will get fired.
I know uni presidents that keep passwords on excel sheets. Life is like that.
Let's be honest corporate says training, retraining, testing - IT will install 3 different malware scanners and 2 AV to HOG CPU etc but some idiot will approve MFA/TOTP (okta) or like solarwinds. So everyone has their stupidity.
Because that's the only way Apple allows apps to stay open in the background on iOS so your SSH connection doesn't disconnect after 10 minutes. And the Mac app is a universal app with iPhone/iPad so it has the same permissions. If you never enable the "Connection Keeper" feature it never requests the permission.
A lot of photo sync apps also have to use this workaround to be able to sync your photos in the background, it's been a long-standing issue with Apple's platform.
And App Store rules means they have to justify the location permissions so they add a totally unrelated "make a log of your location throughout the day!" feature in the app just to get App Review to approve it, even though everyone knows that's not actually why they need it.
I am also also deeply concerned about my use of iTerm now.
I access HPC environments where I may have access for a short period of time. I am expected to take responsibility to clear out my data after use and don't expect there to be any data leakage. If I had been manipulating PII research data in the past year and using iTerm's SSH integration I would be in a bit of a bind and have to send some really embarrassing emails asking sysadmins to see if these logs exist, and if they belong to me, followed by disclosing data had been leaked.
I use some of the more advanced features but at this point wonder if I should be using any features beyond the basic, and then I may as well be using another terminal. I haven't found a cross-platform editor that feels as native on MacOS as iTerm, ghostty included.