I recently needed to do some MacOS development. Thank god for Scaleway. I
opened a ticket with AWS to get my mac2.metal quota limit raised from 0 to 2.
It's been two days without getting access to the service, but Scaleway had a
simple clickthrough. I'm happy to pay to play. This isn't some rocket science,
I just want to simulate my "runner" while also being able to troubleshoot it in
realtime.
That aside, I found it interesting that someone on the Scaleway team scheduled a copy of Fail2Ban utilizing Python 2.7 into the image. Seems like a really weird route to go.
i 0 365 1 0 12:31AM ?? 0:08.57 /opt/local/Library/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python /opt/local/Library/Frameworks/Python.framework/Versions/2.7/bin/fail2ban-server -s /opt/local/var/run/fail2ban/fail2ban.sock -p /opt/local/var/run/fail2ban/fail2ban.pid -b
Honestly, I have to laugh. In mid-2025, spinning up a macOS cloud instance and finding Fail2ban running under Python 2.7 feels a bit like discovering a floppy drive welded onto a Cybertruck. Python 2.7’s been dead for years (official EOL: January 2020), and any security-conscious admin has nightmares about legacy interpreters lurking in the shadows.
Let’s review what this means: Fail2ban itself is a solid piece of software for blocking sketchy login attempts, but the moment it’s paired with an unsupported interpreter, all bets are off security-wise. There's a non-zero chance—let's be honest, it's nearing 100%—that the shipped Fail2ban version is also years out of date, missing critical patches.
It feels like someone at Scaleway just went with whatever the MacPorts default was... sometime in 2018? Maybe the maintenance scripts just keep copying the same disk image release-to-release, propping up Python 2.7 like a weekend-at-Bernie’s sysadmin situation.
To be clear, I’m all for turnkey dev-VMs. But if you’re selling a premium service to folks presumably handling code and secrets, maybe press that update button once a decade? Or try, I don’t know, Python 3—if only for the faint illusion of caring about security.
Meanwhile, I’ll take it as a reminder to verify everything on any cloud box, no matter how shiny or expensive. “Works out of the box” should never mean “shipped straight fuck it YOLO running as root.”
Again though! At the end of the day Scaleway wins because they didn't get in my way, they just handed me a machine which needed XCode Command Line updates and a bit of screwing around with Homebrew to get to a solid state.
Now I can go back to working on crosstool-ng.