Weekly News Summary for Admins — 2023-06-09

Wow, what a week!


(Sponsor: vast limits)

uberAgent Logo

Provide productive AND secure digital employee experiences

uberAgent is an innovative digital employee experience monitoring and endpoint security analytics product for macOS and Windows. uberAgent helps enterprise IT provide fast, reliable, and secure devices & applications that boost employee productivity while strengthening cybersecurity. Try for yourself and get your free 100-user community license at uberagent.com.


If you think your company or product is a good fit to sponsor this newsletter, please contact me!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

WWDC 2023

WWDC 23 is on and started with an amazing keynote. When they introduce three new Mac models, including the new Apple silicon based Mac Pro in the first 20 minutes, then you know it’s going to be in for quite ride. After 80 minutes, there was a moment where it wasn’t quite certain there was going to be a “One more thing…” and I thought I would have been happy if they had stopped there. New Macs, Apple silicon transition completed, many good new features for macOS, iOS, and watchOS.

But they didn’t stop and introduced the ‘Vision Pro,’ which is neither a ‘VR’ nor a ‘AR headset’, but a ‘spatial computer’ with a ‘spatial operating system.’ Whatever Apple calls it, this was the preview, mainly for the developers and it will not be available until next year and even then only in the US, so I will take my time until I make my judgement about this. This opinion is a step up from my former opinion of any VR/AR/spatial computer from Apple (or anyone), which can only be described as ‘indifferent.’

The potential of the Vision Pro and concept of ‘spatial computing’ seems great. The question whether Apple can achieve that potential remains. The price point and limited availability are clear signs that Apple is aware that this platform is maybe ‘not quite ready yet.’ But other platforms, like the Apple TV, iPhone, iPad, Apple Watch, and back in the day, even the Mac and the first PowerBooks took a few years to really find and define their purpose, too.

Sessions for MacAdmins

Apple has released more than 170 sessions for WWDC. Most of those sessions are focused on developers and not people who manage and deploy Macs and other Apple devices. Here is a list of sessions that I think MacAdmins should watch.

If you haven’t seen either of these, you really should. They give an excellent overview of what Apple thinks is relevant for the upcoming platforms. You might have other priorities, and that is fair, but getting the overview picture and an impression of where Apple is heading is important.

Don’t miss this

Always a great overview of what is will happen for Mac and iOS management. Covers many topics that don’t quite merit their own session.

Business & Education

Apple has a “Business & Education” topic in the developer app. These will be in-depth explanations of some specific new features.

Other interesting sessions

While these sessions will likely be very focused on developer topics, they often contain interesting explanations of how to use and sometimes how to manage these features.

And now, on to the news…

Apple devices

macOS Sonoma and iOS 17

Community

News and Opinion

Social Media

  • mikeymikey:open 'x-apple.systempreferences:com.apple.Software-Update-Settings.extension?action=showBetaUpdates'” (Thread)

Security and Privacy

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-06-02

This is the Friday before WWDC. Next week we will know more about Apple’s plans for the upcoming platforms, and whether the virtual headset is real or continues to be vaporware. Will there be new Macs? Finally a Apple Silicon Mac Pro!?


(Sponsor: vast limits)

uberAgent Logo

Provide productive AND secure digital employee experiences

uberAgent is an innovative digital employee experience monitoring and endpoint security analytics product for macOS and Windows. uberAgent helps enterprise IT provide fast, reliable, and secure devices & applications that boost employee productivity while strengthening cybersecurity. Try for yourself and get your free 100-user community license at uberagent.com.


Next week Friday we will also have seen the “What’s new for Enterprise” session that is probably hiding behind all those (admittedly quite funny) made up session names in the WWDC Slack for now. This will be the really interesting session for us Apple admins.

But the most interesting things released next week will be the beta of all the platforms. Check your AppleSeed for IT logins. Warm up your internet lines for the gigabytes of downloads. Get Apple Configurator ready in case you need to downgrade devices. Backup important data on the devices you want use for testing. Get the Developer app on your devices updated, so you can watch the videos.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Focus

I will be presenting at the JamfNation Live events in Wiesbaden and Amsterdam. (Be sure to checkout the events in London and Paris, as well. You can still register.) Attendees to the German event will have the honor of listening to me presenting in German for the first time in nearly two decades. The language for the Amsterdam event will be English, in case you were wondering if it might be worth crossing a border to go there.

We took the opportunity to do our Benelux MacAdmins Meetup the evening before the Amsterdam JNL event (June 19). The event is free but requires registration as the seats are limited and filling up quickly. I will be taking part in a panel discussion on Patch Management. Dean Hager (Jamf CEO) will be the special guest.

Later this year, I will also be presenting at MacSysAdmin in Göteborg, Sweden. The program isn’t published yet, but you can already register!

When you run across me at any of these events, feel free to say hi! I will have some Scripting OS X stickers for those who know to ask…

News and Opinion

Security and Privacy

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-05-26

Less than two weeks until WWDC. The keynote will be on June 5, as usual at 10am PDT.


(Sponsor: vast limits)

uberAgent Logo

Provide productive AND secure digital employee experiences

uberAgent is an innovative digital employee experience monitoring and endpoint security analytics product for macOS and Windows. uberAgent helps enterprise IT provide fast, reliable, and secure devices & applications that boost employee productivity while strengthening cybersecurity. Try for yourself and get your free 100-user community license at uberagent.com.


If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Focus

Running any blog for twenty years is an amazing achievement, let alone one that has had so much positive impact on the MacAdmins community. DerFlounder was one of the inspirations for me to start my own blog, a mere 12.5 years ago. Congratulations, Rich!

News and Opinion

Security and Privacy

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-05-19

Release week! We got the macOS 13.4, iOS 16.5 updates (and the other platforms, too, of course). It wasn’t released until yesterday, with another round of release candidates earlier this week. As usual, you can find all the relevant links in this summary.


(Sponsor: vast limits)

Provide productive AND secure digital employee experiences

uberAgent Logo

uberAgent is an innovative digital employee experience monitoring and endpoint security analytics product for macOS and Windows. uberAgent helps enterprise IT provide fast, reliable, and secure devices & applications that boost employee productivity while strengthening cybersecurity. Try for yourself and get your free 100-user community license at uberagent.com.


In the run-up to WWDC, Apple has has published information on future accessibility features, a new concert discovery feature in Music and Maps, and an update on fraud in the AppStore.

WWDC is not the only conference coming up. MacAD.uk in Brighton, UK is next week. MacDevOps YVR will be in Vancouver, Canada, later in June and PSU MacAdmins Conference in July. After the summer we will have JamfNation User Conference in Austin, Texas in September and MacSysAdmin in Göteborg, Sweden in October.

The MacAdmins Foundation has established a new grant for conference attendance for those who cannot otherwise attend. The deadline for applications is May 28. You will find details on their page.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Focus

macOS Ventura 13.4 and iOS 16.5

macOS

iOS and iPadOS

Other Platforms

Applications

Guides

Community

Social Media

  • Craig Hockenberry: “To disable movie, PDF, and other useless previews, but still maintain the image on the icon, use this from Terminal: $ defaults write com.apple.finder QLInlinePreviewMinimumSupportedSize -int 512 Then relaunch the Finder.”

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-05-12

This is the time of the year where Apple makes the announcements that didn’t fit in the WWDC Keynote anymore. This week they announced iPad versions of Final Cut Pro and Logic Pro which will be released next week, probably coinciding with the releases of iOS/iPadOS 16.5 and macOS 13.4.


(Sponsor: Mosyle)

Mosyle Logo

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.


Apple also released release candidates for those updates this week (two of them). This will be the last update of iOS 16/macOS 13 before we get the betas of the next major releases at WWDC in June. There usually are two more minor updates before the release of the next major versions in the Fall, but those rarely add major changes.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

🦣Social Media

  • Ricky Mondello: “Passkeys will be importable and exportable, cross-device, and across passkey managers. They aren’t at this time, but they will be. It’s something that’s being defined and designed.”
  • Timothy Perfitt: “Adding in an interesting feature to XCreds 3. When you lock the screen, it will automatically Fast User switch to the login window, keeping the session active but requiring a cloud login. This means that the IdP (like Azure) can log the login and do conditional access on it as well.”

🔐Security and Privacy

🔨Support and HowTos

🤖Scripting and Automation

🍏Apple Support

♻️Updates and Releases

📺To Watch

🎧To Listen

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

MacAdmins Slack: a highly opinionated guide (2023)

I wrote the original opinionated guide to the MacAdmins Slack in 2018, nearly five years ago. I thought it was time for a new, updated guide.

MacAdmins Slack?

I love MacAdmins Slack. I am logged in most workdays. I use it for research, solving problems, camaraderie, and just plain fun. The community there is wonderful. If you are new to Slack or similar chat/community apps, it can be a little strange.

The MacAdmins Slack also stands out due to its unusual size. As of this writing, there are more than 50,000 accounts on the MacAdmins Slack and more than 5000 weekly active users. There are also far more than 1000 channels.

You might be new to Slack, or new to a public Slack of this size. You might also be new to managing Apple devices and have not encountered the MacAdmins community before. The community in the MacAdmins Slack is amazing, but there are also a few things that are particular to this Slack. So, I tried to put this guide together to help new members get some orientation.

This is, as the title says, highly opinionated. The community is large and diverse and you will find differing opinions on nearly everything.

Note: I have also recently had the honor to join the admins group in the MacAdmins Slack. Nevertheless, this post will often reflect my opinion. The Code of Conduct, however, is “important and enforceable. The Mac Admins Slack Admin Team will enforce this code throughout all channels within the Slack.”

What is Slack?

Slack is a popular message board application. It’s a cross between a bulletin board system and a chat room.

Slack has a web interface and clients for most operating systems. The user interface can differ between the different platforms. Instructions in this post will be for the Mac standalone app version, though most advice will be valid for Slack across all platforms.

The MacAdmins Slack is a particular instance which specializes on topics relevant to Apple Administrators. (macOS and iOS, despite the name) You can sign up here. Please read the Code of Conduct here, as well.

The MacAdmins Slack started out in 2015 as an employee sponsored instance, but since 2022 it is funded by the MacAdmins Foundation.

The Lingo

There are a few terms particular with Slack which might be confusing at first.

Slack help has a helpful general glossary, which can be helpful.

An organization can set up a Slack “Workspace.” You can be a member of and logged into multiple workspaces. You may have a workspace for your job, the MacAdmins Slack and maybe some other social workspaces. You will have a different login and username for each workspace.

Channels

Within a workspace, Slack is separated into “channels.” Channels can be public or private. Channel names are prefixed with the symbol #.

When you sign in for the first time, you are be added to the #general and #announcements channels by default.

In the left sidebar at the top of the list, you will find an option labeled “More” and in that submenu is a “All Channels” item that allows you to browse and search existing channels. You can also use the search field at the top of the window to search for channels (and everything else).

When you are typing a message and start a word with the # character Slack will treat this as a link to a channel. When you start typing the channel name Slack will suggest auto-completions. If a channel with the name exists, the word will be linked and users can click it to be taken to that channel.

Public channels in MacAdmins Slack are either on a generic subject (e.g. #security), particular technology (#ios and #macos, and each incarnation, such as #ventura and #monterey), software (e.g. #jamfnation, #microsoft-office, or #adobe), open source projects (#munki, #autopkg, #swiftdialog, or #installomator), regions or countries (#anzmac, #london, #benelux, or #macadminsfr), events (#psumac or #wwdc) or pretty much everything else.

The language on MacAdmins is usually English, though regional channels are often in that region’s language. Be aware that English is not everyone’s first or main language. While this can make communication frustrating on both sides, please remain polite, patient and friendly.

All channels can have a topic which is displayed at the top next to its name. Many channels will use the topic to lay some rules particular for this channel. When you join a channel make sure to read and respect the topic.

To be honest, there are way #toomanychannels. The reason for this is that anyone can create a channel. Before you create a new channel, you should browse and search and maybe ask if there is already a channel for that particular purpose or topic. #general is usually a good place to ask if you can’t find something obvious in the channel browser.

In addition there are private channels, which work basically the same, but cannot be searched and only joined on invitation.

Special Channels

There are a few channels that have special roles or uses:

#general: the “anything” channel, as long as the topic is somewhat MacAdmin related. Questions asked here may are often answered directly or you will be referred to a different channel.

#announcements: used by the team of admins to… well… make announcements. You cannot post in this channel and you cannot leave this channel.

#ask-about-this-slack: for questions to the admins about the MacAdmins Slack (not a support channel on Slack in general)

#gettingstarted: for people new to managing Apple devices. There are quite a few ‘seasoned’ people in this channel ready to answer question you might deem to basic for other channels.

#jobs-board and jobs-chat: The ‘board’ channel is for offering or seeking for jobs. This channels rules state that any discussion about the post and work in general should happen in #jobs-chat. There are some more channels that have this dichotomy, e.g. #blog-feed and #blog-chat.

Emojis

Emojis are an important part of Slack..

You can just insert an Emoji when typing with the standard macOS or iOS emoji picker. You can also type an emoji name or ‘code’ between colon characters:. So :grin: will turn into the grinning smiley. This is usually more convenient than the system pickers.

When you see an emoji, you can hover the mouse over it to learn its name or code.

Reactions

You can react to a post with an emoji with the reaction button. (the smiley with the + symbol). Then the emoji will be shown attached to the post.

Multiple reactions by different users will be shown next to each other, and they will be counted up. When you hover your mouse over a reaction, it will show which users added that particular reaction.

Be generous with reactions: it never hurts to show appreciation.

Special Reactions

Some emojis/reactions are unique to Slack or carry special meaning:

:+1: displays as the ‘thumbs up’ emoji, which is commonly used to show approval or support, though some prefer :plus1: or :heavy_plus_sign:

:protip: highlights a great tip; a bot gathers all posts with this reaction in the #protips channel

:raccoon: notify that an ongoing discussion might be better suited for another channel (Why is it a raccoon?)

:dolphin: when leaving a channel states that you are merely leaving to prune your channel list and not because something has upset you. It is a reference to Douglas Adam’s “So long and thanks for all the fish.” You do not have to use this every time you leave a channel. In high volume channels, it would be very annoying. Save this emoji for situations where it makes sense

Custom Emojis

You can upload your own emoji. Or add new names for existing ones.

To Thread or not to Thread

You can reply to a post directly in a channel’s timeline or create a ‘thread’ where the replies are collapsed or sorted with the original post. Use the speech bubble icon to create a thread. When replying in a thread, you have the option to show the reply in the channel’s main timeline as well.

Replying in a thread has the advantage of keeping the message timeline of the channel clean, especially in busy channels where multiple discussions on different topics may be going on at the same time. You can also reply to your own post to supply more detail on your post when you don’t want to clutter the main timeline.

You will be notified of new replies to a thread when you wrote the original post, replied to it, or were mentioned in it. You should be aware of this, especially when the discussion in the thread drifts away from the original question. Be mindful of all the people in the thread that will be getting notifications for something they may no longer be interested in and consider moving the discussion to a new thread. You can turn off notifications for a particular thread you not interested in anymore.

In the MacAdmins Slack there is no general rule on whether you should reply in threads or not. In general, you should prefer replying in threads in busy channels and avoid them in quieter channels. Mostly, you want to follow the lead of other channel members.

Notifications

Set up Do not Disturb

To avoid excessive notifications, you can set Slack to ‘Do not Disturb‘ mode by clicking on the bell icon next to the Workspace name. You can snooze the Slack for a certain and setup a recurring schedule to mute notifications overnight.

A user who mentions you while have the ‘Do not Disturb’ mode enabled will be informed why you may not be reacting.

Manage your Notifications

Aside from the ‘Do not Disturb’ feature you can further manage the notifications Slack can send to you.

In addition to be notified when you are mentioned (@ed) you can add certain keywords that may be interesting to you. (e.g., I have keywords for my books and some of the projects)

Use the ‘@’ Wisely

You can ‘mention‘ another user with the @ symbol and their username. With Slack’s default setting the user will get notified of a mention. When you use @scriptingosx in a post, it will notify me, even when I am not in the channel.

This can be very useful to ‘summon’ someone into a channel, because they might be interested or able to contribute to a discussion. Be very mindful with mentions. Remember that you may be ringing all of someone’s devices with it.

Slack is not Email

The MacAdmins Slack can get very busy. You may have the urge to keep up with every message in every channel you follow. This may be possible when you are in just a few channels. However, I have gotten used to just hitting ‘shift-escape’ (Mark all as read) in the morning and maybe again in the afternoon. I try to keep up with discussions and threads I am part of, and have learnt to be ok with missing most others.

You can prune the list of channels to a manageable size, but even so there will probably be more than you can read. You can also sort the channels into customized sections in the sidebar, which can help a bit.

Formatting Posts

You can use a simplified MarkDown-like syntax to format your posts. Enclosing a word or sentence in underscores _ will turn it italic, asterisks * will turn it bold.

If you have trouble remembering the syntax, you can also see the most common formatting options in small text under the message entry field.

Posting Code

Since MacAdmins Slack is a technical forum, posting commands or pieces of code will be fairly common. When you enclose a sequence of words with single backticks it will be shown in monospace font, which others will usually understand to be a command.

When you use triple backticks, Slack will interpret the text in between as a code block. Other special characters and white space (multiple space, tabs, new lines) will be shown as is. This is useful to share short code blocks or log sections.

You can also use the code and code block options from the formatting toolbar.

To share full scripts or longer log files, use Slack Snippets. You can create a snippet with the big ‘+’ button next to the text entry or by just dragging a script or text file into the slack window.

Editing and deleting

Other Slack workspaces may allow you to delete your own posts or edit them indefinitely. In the MacAdmins Slack, you cannot delete posts and only edit them for a short time after they have been created. The goal is to reduce trolling and gaslighting.

When you accidentally posted information you want to be removed, like the password you entered in the wrong app or personal information in a screen shot, you can ping one of the @admins for help.

Asking questions

We all use Slack to ask for help when we are stuck. The willingness to help each other out it one of the strengths of the MacAdmin community. However, when you do have to ask for help, there are a few common courtesies you should follow. (These hold true for any request for help, like a support incident.)

Don’t just say “Help, XYZ is broken!” Don’t ask if “anyone knows ABC?”

Vague questions will, at best, yield vague or very generic replies. But usually it will not receive any reply. Most readers of this questions will be careful to reply. Once you reply to a question, even if it just with the request for clarification, there is an expectation that you will follow-up with a proper reply. But if the question is vague, I cannot judge how much effort that will add up to be, or maybe the question might move out of my area of competence entirely… It is far less effort to not reply at all.

Don’t ask permission to ask a question. Just ask.

Be respectful

Keep in mind that everyone on the MacAdmins Slack has a job, which is not answering your questions. We are all volunteering our time to help each other out.

Don’t @ or DM people just because they have helped you before, unless you want to follow-up on something very specific and/or they have made it clear you are welcome to do so. This also applies to prominent contributors or owners of tools and projects.

There is a much larger audience of potential helpers in the relevant channel. There is a much higher likelihood of a response when you are not annoying.

Keep your question relevant

Sometimes a question might just drown in another ongoing conversation. Sometimes, especially on the less busy channels, no-one will be around to answer. Be patient before you start cross-posting to other channels. When you feel you have to cross-post to another channel, you can share or forward the original post to another channel. This has the benefit that a discussion will not be split between two channels with two different audiences and avoid repetition and redundancy.

If you feel your question drowned in some other discussion, it’s ok to repeat your question, once the ongoing discussion subsides. You can share or forward the original post with a remark to the same channel. But don’t spam, maybe it’s just that no-one really has an answer. Maybe try re-formulating the question with more detail. Or ask if there is another, more appropriate channel to share the question with.

Watch the (world) clock

While there are MacAdmins logging in from around the world, the MacAdmins Slack is still busiest during North American office hours. Keep that in mind when posting questions, especially if you are hoping for a specific person to reply. Be aware of time zones when you post in regional channels, as well.

You can see a user’s local time in their profile. This might give you an idea of when they might be online or not. You can get to any user’s profile by clicking on their icon.

Be Descriptive and Specific

Explain what you are trying to achieve, in which context. Show what you already tried to fix the problem. (you did try to solve it yourself first, didn’t you?) I find, that often the act of formulating the question properly helps me figure out the solution myself, or at least get closer to a solution.

People who want to help you will follow-up with those questions, but will be more likely to help when the request is well formulated and has (most of) the necessary context. Don’t make people have to guess or make assumptions.

Examples:

Bad:

Does anyone know policy scripts?

or

My policy script does not work! Can anybody help?

Better:

I am trying to build a policy script that prompts the user for a computer name and sets it. I am using osascript, but it is failing with a strange error and I don't understand why?

Even better: add the script (or the relevant part of the script) and errors you are seeing.

What do you want to accomplish?

Even when you ask questions properly and with detail, you may get the the counter-question: “What is it you actually want to accomplish?” or some similar phrase. This is a recurring question on the MacAdmins Slack.

When you get this question, someone believes that you may be narrowing down on a dead end and a completely different approach may be more appropriate. They want to get your ‘big picture’ to understand the context. The problem of focussing on a detail of the solution rather than the actual problem is also called the “XY Problem.”

Take this time to step back, explain your goals and let the MacAdmins community help you gain some new perspective. It may be hard to let go of what you are doing but resist the temptation to double down on the vexing detail. This question can lead to the most interesting discussions.

Provide the solution

Sometimes you might ask a question and then figure out the solution yourself before someone answers. That’s great. But be sure to let people know you have solved the problem and share the solution you found. When someone searches the Slack for the same question, they might just find your solution!

Join the Slack and Enjoy!

Overall I feel the MacAdmins Slack is a great place to share and receive knowledge for MacAdmins. I you still haven’t signed up, go and do it here!

If you already are a member, I hope you learnt something useful here. If you think I missed something important, then let me know! (My user name on the MacAdmins Slack is @scriptingosx.)

Weekly News Summary for Admins — 2023-05-05

WWDC starts in one month. Do you feel that you and macOS Ventura are ready for the next version of macOS?


(Sponsor: Mosyle)

Mosyle Logo

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.


This week Apple published the first Rapid Security Response (RSR) for macOS, iOS, and iPadOS. Even though RSRs were tested during the beta phase, there were some hiccups. Overall, the actual release seems to have gone as planned by Apple.

The reception in the MacAdmins community was… not enthusiastic.

The support article for the RSR contains no information on which software or CVEs was patched and the Apple security updates page has no entry for the RSR either. It is not unprecedented or even unusual for security documentation to be published or amended after the release of updates. Since the point of RSRs is to be released quickly, there might still be embargoes in place, CVEs might not even exist, or documentation simply takes second priority. We should expect to see documentation with the release of the macOS 13.4 and iOS 16.5 updates, which will include the issues fixed in the RSR. (It would be nice if Apple pointed out which were fixed in the RSR.)

Because they can be removed, RSRs introduce a new “extra” addition to the version number. This one is 13.3.1 (a). Even though RSRs were announced at WWDC and could be tested during the beta phase, not all management systems, security and monitoring tools are ready to gather the information. Even when your tools are ready, most admins have not yet adjusted or even prepared their workflows for this new piece of information.

There are also (of course) some issues with the management of RSRs. Configuration profiles and MDM commands don’t quite work as advertised. Tools that exist to work around the many shortcomings of the software update workflow will need to be adapted to incorporate RSRs

For a change, Apple announced this well ahead of time. But then, why are (some) MacAdmins still reacting with so much frustration?

I believe, there was some expectation that RSRs might be a fix, or at least a bandaid, for macOS software update. It was implied they wouldn’t require reboots, but most will. You cannot update directly from an older version of macOS to the RSR version, so a user may need two successive installations and reboots to get ‘fully patched.’

Instead of replacing (security) updates, it now looks as if RSRs will happen in addition to the traditional update cycle, increasing the number of updates users and admins have to manage.

RSRs do not solve any of the multitude of issues prevalent with software update. Whether that hope was overly optimistic, misguided, or misinformed, MacAdmins were hoping for some relief with managing software updates. Instead, we are now are facing yet another thing to manage; more and new workflows to build, fix, and adapt.

The burden was increased, rather than reduced. The lack of detailed information, even though it has good reasons, obscures their benefit. We can’t even tell why we have to do this, except for a nebulous “trust us, this is important!”

At Apple, the rollout of RSRs might justifiably be considered a success. They solve a problem they had internally that kept them from responding swiftly to security issues. RSRs improve the overall security of the platforms, which is something Apple obviously and correctly cares about. You have to appreciate that.

This mismatch in the requirements and expectations from the MacAdmins community and Apple isn’t new and there will always be friction here. Nevertheless, Apple needs to directly address the issues with software update in a way that does not increase the workload of users and MacAdmins.

Maybe at WWDC? (ever the optimist)

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

macOS and iOS Updates and Responses

念Social Media

  • Pepijn Bruienne: “It’s not an industry-first for a patch mechanism like RapidSecurityResponse to fire without having a CVE on hand.”
  • Tom Bridge: “I’m gonna rant for just a minute. As IT Professionals, we have to deal with risk and insufficient information a lot. I need you to understand: you cannot eliminate risk, and you cannot know everything. What you can do, though, is be prepared and be paying attention.”
  • Jason Broccardo: “TIL that passkeys won’t sync across OSes”

Security and Privacy

Support and HowTos

烙Scripting and Automation

Apple Support

♻️Updates and Releases

To Listen

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-04-28

Another fairly quiet week. I expect more news as WWDC approaches.


(Sponsor: Mosyle)

Mosyle Logo

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.


If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

🔐Security and Privacy

🔨Support and HowTos

🤖Scripting and Automation

🍏Apple Support

♻️Updates and Releases

🎧To Listen

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-04-21

For change, this was a week without an update, security or otherwise. MacAdmins have still been busy doing and sharing their research. Thank you all so very much for all the great articles.


(Sponsor: Mosyle)

Mosyle Logo

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.


If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

🦣Social Media

  • Graham Gilbert on Mastodon: “This week my team was discussing ways to make it less painful on users to keep our macOS fleet up to date. They’re rightly fed up with the backlash every time we need to enforce an update. But guess what? macOS is our second largest platform. We do not get any complaints from our Chrome OS or Windows users. The update stories on those platforms simply work. This shouldn’t be on IT professionals to solve. Apple is failing its customers in not providing adequate tools to keep them secure.”
  • MacAdmins Conference: “2023 MacAdmins Conference – Workshops announced! Registration is now OPEN!

🔐Security and Privacy

🔨Support and HowTos

🤖Scripting and Automation

♻️Updates and Releases

📺To Watch

🎧To Listen

🎈Just for Fun

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2023-04-14

Generally, Friday is a good day for a news summary. But sometimes things happen after. Like last week, where Apple pushed a security update for macOS Ventura and iOS/iPadOS, followed by updates for Big Sur, Ventura, iOS/iPadOS 15, tvOS, Safari, and (maybe?) HomePod, earlier this week.


(Sponsor: Mosyle)

Mosyle Logo

The only Apple Unified Platform for Business

Mosyle is the only solution that fully integrates Enhanced MDM, Endpoint Security, Internet Privacy & Security, Single Sign-On, and Application Management on a single Apple-only platform.

Click here to learn why Mosyle is all you need to work with Apple.


If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

🌼macOS and iOS Updates

🦣Social Media

🔐Security and Privacy

🔨Support and HowTos

🤖Scripting and Automation

🍏Apple Support

🎧To Listen

🎈Just for Fun

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!