Year: 2019

Weekly News Summary for Admins — 2019-06-07

WWDC! And what a firework it is this year!

We got new previews of all of Apple’s operating systems, including a new, stand-alone, more powerful iPadOS. We got a look at the new Mac Pro with a high-end new 6K display. We got Marzipan… er Project Catalyst. And we got a quick peak at a new Swift-native user interface framework.

There were tons of interesting pieces for MacAdmins already. Apple is switching the default shell to zsh, will stop bundling scripting frameworks with the system, has released new management documentation, is moving to a read-only system partition, and more… And there will be more today when ‘What’s new in Managing Apple Devices’ is presented.

It will take weeks and months to sort through all the changes. Make sure to subscribe to the developer program for the earliest betas, AppleSeed for IT (ask your Apple representative), or the public beta, so you can start testing early and often! And keep reading this news summary, so you know what to look out for.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

WWDC and macOS 10.15 Catalina

Apple Newsroom

Apple Preview Pages

Release Notes

More Notes

MacAdmin reactions and posts

On Scripting OS X

  • Moving to zsh
  • If you are using the Exit Code prompt setup from my post last week: co-worker Mattias found an embarrassing error that may have resulted in all exit codes being a happy green checkmark. The code in the post is now fixed (only the last line changed). On the other hand I will be posting how to do that with zsh soon.
  • After finishing the first ‘Scripting macOS’ class at Pro Academy last week, we have new dates on October 23 and 24 for the next class here in our training rooms in Amsterdam. I will be busy updating the class for macOS Catalina. There will also be a ‘Supporting macOS’ class on September 18 and 19. If you are interested, then please contact us through the form on the website. You can also use the contact form if you are interested but the dates do not fit your schedule. We will consider your preferences for further scheduling.

News and Opinion

MacAdmins on Twitter

  • Michael Palermiti: “Pssst. Hey, I’ve got some exciting news for our enterprise customers… Shared Mailbox support is now in TestFlight for @Outlook for iOS! We need your help to try it out and give us feedback. And before anyone asks, yes, Android support is not far behind!”
  • Nick Takayama: “Shouldn’t it be called the WWDC Beer Zsh Now?”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

To Watch

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Moving to zsh

Apple has announced that in macOS 10.15 Catalina the default shell will be zsh.

In this series, I will document my experiences moving bash settings, configurations, and scripts over to zsh.

zsh (I believe it is pronounced zee-shell, though zish is fun to say) will succeed bash as the default shell. bash has been the default shell since Mac OS X 10.3 Panther.

This series has grown into a book: reworked and expanded with more detail and topics. Like my other books, I plan to update and add to it after release as well, keeping it relevant and useful. You can order it on the Apple Books Store now.

Why?

The bash binary bundled with macOS has been stuck on version 3.2 for a long time now. bash v4 was released in 2009 and bash v5 in January 2019. The reason Apple has not switched to these newer versions is that they are licensed with GPL v3. bash v3 is still GPL v2.

zsh, on the other hand, has an ‘MIT-like’ license, which makes it much more palatable for Apple to include in the system by default. zsh has been available as on macOS for a long time. The zsh version on macOS 10.14 Mojave is fairly new (5.3). macOS 10.15 Catalina has the current zsh 5.7.1.

Is bash gone!?

No.

macOS Catalina still has the same /bin/bash (version 3.2.57) as Mojave and earlier macOS versions. This change is only for new accounts created on macOS Catalina. When you upgrade to Catalina, a user’s default shell will remain what it was before.

Many scripts in macOS, management systems, and Apple and third party installers rely on /bin/bash. If Apple just yanked this binary in macOS 10.15 Catalina or even 10.16. Many installers and other solutions would break and simply cease to function.

Users that have /bin/bash as their default shell on Catalina will see a prompt at the start of each Terminal session stating that zsh is now the recommended default shell. If you want to continue using /bin/bash, you can supress this message by setting an environment variable in your .bash_profile or .bashrc.

export BASH_SILENCE_DEPRECATION_WARNING=1

You can also download and install a newer version of bash yourself. Keep in mind that custom bash installations reside in a different directory, usually /usr/local/bin/bash.

Will bash remain indefinitely?

Apple is strongly messaging that you should switch shells. This is different from the last switch in Mac OS X 10.3 Panther, when Apple switched the default to bash, but didn’t really care if you remained on tcsh. In fact, tcsh is still present on macOS.

Apple’s messaging should tell us, that the days of /bin/bash are numbered. Probably not very soon, but eventually keeping a more than ten year old version of bash on the system will turn into a liability. The built-in bash had to be patched in 2014 to mitigate the ‘Shellshock’ vulnerability. At some point Apple will consider the cost of continued maintenance too high.

Another clue is that a new shell appeared on macOS Catalina (and is mentioned in the support article). The ‘Debian Almquist Shell’ dash has been added to the lineup of shells. dash is designed to be a minimal implementation of the Posix standard shell sh. So far, in macOS (including Catalina),sh invokes bash in sh-compatibility mode.

As Apple’s support article mentions, Catalina also adds a new mechanism for users and admins to change which shell handles sh invocations. MacAdmins or users can change the symbolic link stored in /var/select/sh to point to a shell other than /bin/bash. This changes which shell interprets scripts the #!/bin/sh shebang or scripts invoked with sh -c. Changing the interpreter for sh should not, but may change the behavior of several crucial scripts in the system, management tools, and in installers, but may be very useful for testing purposes.

All of these changes are indicators that Apple is preparing to remove /bin/bash at some, yet indeterminate, time in the future.

Do I need to wait for Catalina to switch to zsh?

No, zsh is available Mojave and on older macOS versions. You can start testing zsh or even switch your default shell already.

If you want to just see how zsh works, you can just open Terminal and type zsh:

$ zsh
MacBook%

The main change you will see is that the prompt looks different. zsh uses the % character as the default prompt. (You can change that, of course.) Most navigation keystrokes and other behaviors will remain the same as in bash.

If you want to already switch your default shell to zsh you can use the chsh command:

$ chsh -s /bin/zsh

This will prompt for your password. This command will not change the current shell, but all new ones, so close the current Terminal windows and tabs and open a new one.

How is zsh different?

Like bash (‘Bourne again shell’ ), zshderives from the ‘Bourne’ family of shells. Because of this common ancestry, it behaves very similar in day-to-day use. The most obvious change will be the different prompt.

The main difference between bash and zsh is configuration. Since zsh ignores the bash configuration files (.bash_profile or .bashrc) you cannot simply copy customized bash settings over to zsh. zsh has much more options and points to change zsh configuration and behavior. There is an entire eco-system of configuration tools and themes called oh-my-zsh which is very popular.

zsh also offers better configuration for auto-completion which is far easier than in bash.

I am planning a separate post, describing how to transfer (and translate) your configurations from bash to zsh.

What about scripting?

Since zsh has been present on macOS for a long time, you could start moving your scripts from bash to zsh right away and not lose backwards compatibility. Just remember to set the shebang in your scripts to #!/bin/zsh.

You will gain some features where zsh is superior to bash v3, such as arrays and associative arrays (dictionaries).

There is one exception where I would now recommend to use /bin/sh for your scripts: the Recovery system does not contain the /bin/zsh shell, even on the Catalina beta. This could still change during the beta phase, or even later, but then you still have to consider older macOS installations where zsh is definitely not present in Recovery.

When you plan to use your scripts or pkgs with installation scripts in a Recovery (or NetInstall, or bootable USB drive) context, such as Twocanoes MDS, installr or bootstrappr, then you cannot rely on /bin/zsh.

Since we now know that bash is eventually going away, the only common choice left is /bin/sh.

When you build an installer package, it can be difficult to anticipate all the contexts in which it might be deployed. So, for installation pre- and postinstall scripts, I would recommend using /bin/sh as the shebang from now on.

I used to recommend using /bin/bash for everything MacAdmin related. /bin/sh is definitely a step down in functionality, but it seems like the safest choice for continued support.

Summary

Overall, while the messaging from Apple is very interesting, the change itself is less dramatic than the headlines. Apple is not ‘replacing’ bash with zsh, at least not yet. Overall, we will have to re-think and re-learn a few things, but there is also much to be gained by finally switching from a ten-year-old shell to a new modern one!

Next

In the next part we will look at the configuration files for zsh.

Weekly News Summary for Admins — 2019-05-31

Between Memorial Day in the US, Ascension Day in parts of Europe, and WWDC looming next week, this was a quiet news week.

Apple did have one more thing to get out before WWDC: the iPod touch was updated with the A10 processor.

Now, only the Mac Pro remains as a device that has not been updated in the last two years. (MacBook barely makes the two years limit with its last update in June 2017.)

In other news, the first “Scripting macOS” class took place this week. The attendees (and I) believe it went really well! You can still sign up for the next class here. If the next date doesn’t suite you, please use the contact form and let us know when you would like a class. We will be scheduling additional classes soon and your input will be considered.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Headlines

On Scripting OS X

News and Opinion

MacAdmins on Twitter

  • Graham Pugh: “IBM SPSSStatistics 26 still needs Java installed in order to get installed on Mac, but installs a JRE as part of the installation. How hard would it be to put the JRE in the installer itself?”
  • Timo Perfitt: “Right Click->Open to Install?… ” (Click for image)
  • Tom Bridge: “So, I’ve spent a little time with Mosyle + Google SSO + DEP tonight, and I gotta hand it to the team at @mosyle_biz : That’s a helluva beta. I can see that being HIGHLY useful.”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Show Exit Code in your bash Prompt

I prefer a minimal bash prompt. Recently, however, I saw an oh-my-zsh prompt, that I thought would be useful.

The intriguing prompt displayed a symbol indicating whether the previous command exited successful (exit code zero) or failed (non-zero exit code).

You can always get the exit code of the previous command from the $? variable, but seeing it right there and in color, is more direct.

While I find fish andzsh quite intriguing, I am still unwilling to move my setup for just a single feature. “This has to be possible in bash,” I thought… And it is, though the implementation was a bit more complex than I expected. But I learned a lot more about how the bash prompt worked.

The trick for changeable or dynamic prompts in bash is to create a bash function that assembles the PS1 variable, on every prompt. You can enable that function by setting the PROMPT_COMMAND environment variable to your custom function.

Obviously, you should not overload your function with time intensive processes, but with modern processing power, a lot can be done in a short time.

After a lot of experimentation, I settled on this setup:

Update: there was an error in the code that would prevent the prompt from ever showing a red exit code. I fixed it now, the change is in the last line. (Thanks to co-worker Mattias for pointing that out.)

You can add this code to your .bash_profile or .bashrc. (If you do not know what that means, read this post.)

I experimented with special characters and even Emoji to signify the exit code, but then settled on colors and the square root symbol (option-V on the US and international keyboard, looks like a checkmark) for success and the question mark ? with the exit code for errors.

Obviously, you can use a modified prompt command to show all kinds of other statuses as well. Enjoy!

Weekly News Summary for Admins — 2019-05-24

No quiet before the storm with this year’s WWDC. After macOS 10.14.5 and iOS 12.3 dropped last week, we got new MacBooks Pro with a decent speed bump this week. Their keyboard only got minor changes, but Apple has also announce a Keyboard Service program.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

MacAdmins on Twitter

  • Timo Perfitt: “If you are interested in the Twocanoes MDS slides, exercises, or links from my roadshow, this tweet is for you! https://t.co/AZ8rJcafCD”
  • tlark: “Want to try to get rid of Adobe products? It may not be possible, but there are alternatives… ”
  • Edward Marczak: “Or you can go all in and just not allow 32-bit execution: sudo nvram boot-args="-no32exec"… ”
  • John C. Welch: “I was just thinking, at random about Macworld Expo, and I realized why its end, and the end of end-user/consumer-focused computer shows in general are a bad thing. What happens when all computer shows are for devs or industry “insiders”?” (Long thread)
  • Minko Gechev: “A bash function I use constantly on airports: function changeMac() { local mac=$(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//') sudo ifconfig en0 ether $mac sudo ifconfig en0 down sudo ifconfig en0 up echo "Your new physical address is $mac" } Unlimited WiFi ”
  • Timo Perfitt: “Turns out that the plural form of ”Mac“ is ”a murder of Mac computers“.”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-05-17

This Monday, macOS 10.14.5 (and all the related updates) dropped. The timing was surprising, but became clearer when the news on a new group of Intel CPU vulnerabilities arrived as well.

10.14.5 brings some mitigations to these vulnerabilites, but to be sure, you would have to disable Hyperthreading on your CPU(s) which brings up to 40% performance hit.

With 10.14.5 the new notarization rules for applications and kernel extensions arrive as well. All of this is once again demonstrating the importance (and the challenges) of IT being able to quickly roll-out and support system updates.

There are still a few spots left for the “Introduction to Scripting macOS” class on May 27/28!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

News and Opinion

Apple Updates

Articles

Tweets

  • mikeymikey: “macOS Mojave 10.14.5 (18F132)… ”
  • Jason Broccardo on Twitter: “#macadmins n.b. the both the 10.14.5 and iTunes Device Support Update updates have trailing spaces when you are looking at the CLI softwareupdate listing. If you want to CLI install you’ll need to account for that.”
  • Marnin: “When using the Time Server payload on earlier version of macOS 10.14, the time zone was not getting set properly.”
  • Ken Case: “Today Apple released macOS Mojave 10.14.5, which fixes a CoreAnimation drawing issue that was affecting customers using large OmniOutliner and OmniPlan documents. If you’re a Mac customer using Mojave, I strongly recommend updating!”

MDS/Zombieload

MacAdmins on Twitter

  • Caleb Coy: “Was just reminded that the #macadmins Slack community turns 4 this weekend. I don’t know about y’all, but a lot has happened for me in that time and having this community has helped so much.”
  • Daniel Jalkut: “Heads up Mac developers: the ”codesign –preserve-entitlements=runtime“ parameter does not actually preserve the runtime flag. Radar #50697511.”
  • Timo Perfitt: “Interesting that the additional recovery partition key combos are only available if you have installed 10.12.4 or later at least once.”
  • Adam Codega: “A configuration profile is never late. Nor is it early; it arrives precisely when it means to.”
  • Kitzy: “macOS Mojave 10.14.5 has been out for over 48 hours now. Still no sign of it in Jamf’s patch management. It’s frustrating that Jamf finally got the mechanics of patch management down but crippled it by making us all rely on Jamf for patch definitions that are slow to update.”
  • Ricky Mondello: “Did you know that you can drag Safari’s Downloads popover by its title into being a detached, free-standing window, so you can more easily monitor your long-running downloads?”

Bugs and Security

Support and HowTos

Scripting and Automation

Updates and Releases

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Open Apps with custom Shortcuts in macOS

Someone on the MacAdmins Slack recently asked how you could assign a global keyboard short cut to open Terminal on macOS.

Note: alternative terminal applications such as iTerm2 may have this built-in.

macOS has an option to assign custom global keystrokes to pretty much anything, but it is not obvious how to get there.

  • First, open the Automator application. In the chooser for a new Workflow, choose ‘Quick Action’ (on Mojave) or ‘Service’ on earlier versions of macOS.
The new Workflow chooser in Mojave
The new Workflow chooser in Mojave
  • In the new workflow configure the input to be ‘no input’ and the application to be ‘any application.’
  • Then search for ‘Launch Application’ action in the library pane on the left and add it to your workflow by double-clicking or dragging.
  • The popup menu where you can slect an application in the action will only show applications from the /Applications folder. Choose ‘Other…’ and select Terminal in the ’/Applications/Utilities` folder.
Configure your workflow
Configure your workflow
  • Save the workflow. Give it a meaningful name such as ‘Open Terminal.’ Since you chose Quick Action or Service, this workflow will be saved in ~/Library/Services.
  • Open System Preferences > Keyboard. Click the ‘Shortcuts’ tab and select ‘Services’ from the list on the left side. (Even on Mojave, it is still called ‘Services’.)
  • Scroll all the way down the list of services under the ‘General’ heading, you should find the service you just created. Select it and click ‘Add Shortcut’ to assign a global shortcut.
Keyboard Shortcut Preferences
Keyboard Shortcut Preferences
  • You are done!

When the active application uses the same keystroke, the application’s definition will precede your global shortcut.

Of course, you don’t have stop at launching applications. You can assign a global keyboard shortcut to any Automator workflow this way. Since Automator workflows can include AppleScript, Python or shell scripts, you can do pretty much anything this way!

However, most Apple users don’t bother with shortcuts to launch apps. Just invoke Spotlight with command-space and start typing term and hit return.

Weekly News Summary for Admins — 2019-05-10

More 10.15 and iOS13 rumors (or previews), Microsoft goes Terminal and open source and leaks the Chromium-based Edge browser for Mac, Mac admins continue to explore the effects of the 10.14.5 notarization requirements, and Adobe ‘unauthorizes’ old versions.

In additonal news, I will be giving Scripting Classes at Pro Warehouse in Amsterdam. The first class is a two-day “Introduction to Scripting macOS.” If you are interested, you can get more information and register here!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

News and Opinion

MacAdmins on Twitter

  • mikeymikey: “Just sharing this out here – because I didn’t know this detail – and codesign and spctl don’t show this particular reason for Gatekeeper rejection”
  • William Smith: “Download Microsoft Edge (Canary) for Mac, Reference the chromium.org key/value pairs here: www.chromium.org/administrators/policy-list–3 Use “com.microsoft.Edge.Canary” domain to manage (plist or configuration profile).”
  • Patrick Fergus: “I annotated Adobe’s “authorized” applications table with “marketing” versions. Note “if an Adobe product is not listed in the table below, all versions continue to be authorized.””

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Learn Scripting at Pro Warehouse!

I am really excited about this!

Pro Warehouse is extending their services with training for Mac IT specialists. We call it the ‘Pro Academy.’ As part of that, we are going to offer two-day Scripting macOS classes!

The first class is “Introduction to Scripting macOS.”

The point of this class is to overcome the first hurdles of a very daunting and complex topic. You will learn the basics of bash scripting (and debugging). The goal you can start scripting and gain experience on your own, without getting into too much trouble. The class is designed specifically for Mac adminstrators, so most of the examples and exercises will have direct application for Mac system management. You will learn both scripting and some useful adminstration tools.

Later, we will also offer an “Advanced Scripting macOS” class, that builds on the first, which will go deeper and address more complex topics.

The Scripting classes are designed and held by myself. I do have to thank the entire team at Pro Warehouse for the amazing effort everybody put in to make this happen.

The Scripting classes (and our other management classes) will be offered in our new training facility at the Pro Warehouse offices in Amsterdam! Classes will be offered in English, so international participants are welcome!

Register here!

I am looking forward to seeing you there!

On Smart Quotes and Terminal

Typography is a wonderful art and has a long history. When humans turned from manual typesetting to machines, type writers and then computers, some compromises had to be made. One of these compromises was to use simple straight quote symbols for opening and closing the quote, rather than different quote symbols for opening and closing.

Note: which kind of quotes are used for opening and closing dependent on the language or and some convention. English uses upper quotes “…”, German opens with a lower quote: „…“, French uses ‘guillemets:’ «…», and Japanese uses hooks: 「…」

Quotation Marks have funny names in many languages. Germans call them “Gänsefüßchen,” or “little goose feet.”

See this Wikipedia article for more details.

macOS, iOS and other modern operating systems have a feature which replaces the simple or straight quote symbols with the typographic quotes. So, you type "Hello!" and the quotes are automatically replaced with the proper (depending on localization) typographic quotes. This is called “smart quotes.”

This is pretty nice, but can be troublesome when dealing with Terminal and text editors. Scripting languages and shells always use straight quotes, and cannot deal with typographic quotes.

Now, if someone sends you a command or a script that uses quotes, and it goes through an app that replaces them with smart quotes, then bash and Terminal will fail miserably.

There is not much you can do, other than be aware of this and check pasted code carefully. There is something you can do to make this easier, though.

The default monospace font used in Terminal on macOS are ‘Menlo’ or ‘SF Mono,’ depending on the macOS version. Now these are fine typefaces, but their typographic quotes are not very curly at all, making them very hard to distinguish from the ‘dumb’ straight quotes that Terminal expects. The classic ‘Monaco’ typeface on the other hand has beautiful curly typographic quotes, making them very distinct from the the straight quote.

My favorite mono space typeface ‘Source Code Pro’ also has nice curly typographic quotes. I have built this table with many common monospace typefaces and their quotes.

Quotation Mark Comparison
Quotation Mark Comparison

Now this shouldn’t be your only criteria in choosing your Terminal font, but it may be something that helps avoid quote errors.