Author: ab

Mac Admin, Consultant, and Author

Weekly News Summary for Admins — 2018-08-10

Summer is progressing. Fall is nigh. Mojave beta 6 dropped. The first Mojave posts are appearing.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS Mojave

MacAdmins on Twitter

  • mikeymikey: “This thread contains a good reminder of one of the few things I’ll tell you mobileconfig profiles are great at… ”
  • Scott Knight: “I created an osquery extension so #MacAdmins could query 32-bit usage across their fleet once 10.14 is released. Hopefully this makes it even easier to identify software that needs to be upgraded prior to 10.15.”
  • macshome: “Oh cool! The Apple developer docs now go all the way back to 1985! Presenting Technical Note OS01”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2018-08-03

Briefly resurfacing from vacation. Much has happened in the last three weeks. This is a long one: find a nice sunny (or shady) spot to settle down, read, and enjoy.

(Vacation time isn’t over. Updates will remain irregular until the end of August.)

Mojave and iOS 12 are now at beta 5. There may be Photoshop on iPad. Apple had a record quarter (once again) and is the first company to be traded at a market cap of 1 trillion USD. They also cancelled the affiliate program for Apps on iOS and macOS.

About the last topic: I use affiliate links for apps and books in this newsletter and other posts on the weblog. I don’t make much money from them – it adds up to be enough to afford a movie on iTunes every month or so. The affiliate rate for books remains unchanged (for now). Only Apple has the full insight to the numbers involved, but this still seems like a petty move from Apple.

In this time of free services and apps, writing a review or article that convinces someone to part with their money is not easy. If you can pull that off, affiliate links can be a way to earn money from writing (or podcasts, or videos) without filling up your site with obnoxious ads that are not under your control.

Doing so on a scale that the payout is actually worth the effort is incredibly hard. You have to build up a reputation and trustworthiness with your writing (or videos or podcasts). This takes a lot of time and effort. In the end, Apple and the producer (developer, author, etc.) profit from a good review or recommendation. This should have been a win-win-win situation.

Of course, Apple can do what they want and is not and has never been obliged to provide or continue this program. But I am sad that the affiliate program for Apps is going away, as many sites that I enjoy and appreciate will suffer from it. I believe this is a wrong step for the community and eco-system.

If you want to support this newsletter and my weblog (so I can keep buying new movies), buy my books!

In other book- and milestone-related news: This week I sold my 1000th book on the iBooks Store.

A huge “thank you” to everyone who put enough trust in my writing to buy one or more of my books. Even more thanks to those who recommend the books on Slack, conferences, in personal discussion and with reviews on the store. (Seriously, please leave a review!) Writing and publishing continues to be an exhilarating, rewarding and humbling experience.

On to the next book and the next 1000 sales!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Headlines

On Scripting OS X

News and Opinion

macOS Mojave

MacAdmins on Twitter

  • William Smith: “After two days of trying to reformat PDF text and pictures on my #psumac slides to fit all my presenter notes, a simple 2-minute AppleScript fixes my problem. tell application ”Keynote“ to set size of presenter notes of every slide of front document to 18 #voilà”
  • Nigel Kersten: “It’s been a long time since I last made the NVRAM claw. ⌘ ⌥ O F Never Forget.”
  • Tim Perfitt: “Ok, so after many tried, this works reliably: power down, then power up. As soon as the apple appears, press control option on left side and shift on right along with power. Keep holding until the machine powers down and a bit more. It then goes into DFU.” (Thread)
  • Nikolaj Schlej: “macOS 10.13.6 update brings (limited) UEFI SecureBoot support for iMac Pro, so now if SecureBoot is enabled, Windows detects that and acts accordingly. PK, KEK, db and dbx are read-only (hence limited), configured to trust MS 1st-party CA only.…”
  • Emily St: “Extremely cool macOS information for mega-nerds: If you’re wondering what iCloud Drive is up to in a given moment, a command will tell you all the transactions it’s running: brctl log --wait --shorten Recommend piping that to less because it’s a huge log of output.”
  • Ryan Govostes: “Early screenshot of System Integrity Protection, MacOS 8.0 (1997)… ”
  • Jordan Morgan: “A fun bit of #macOS development history I stumbled upon today, Apple Tech Note 2034. Essentially it included a bunch of guidelines and tips on macOS development but contained such inflammatory assertions that Apple straight up pulled it down (2033/5 are still there)!” (Thread)

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

macOS Installation Book – Update!

When I published my new book on “macOS Installation” I was very aware of the fact that I was trying to capture a moving target. The good thing about digital books is that they are software and, as such, can be easily updated.

Today, I pushed the first update to “macOS Installation” to include some extra information from the last few weeks.

I am somewhat surprised that neither of the two 10.13 updates since the book was released or the news about macOS Mojave (10.14) at WWDC has led to major changes.

Even the release of the 2018 MacBook Pro last week confirmed our expectations rather than surprising them. Nevertheless, the updates and other new information have added up to the point where I thought it was time for an update. I have listed the changes here. You can also find the list of changes (with links to the relevant sections within the book) in the ’Version History) section of the book itself.

  • Updated Secure Boot sections to include the 2018 MacBook Pro
  • Added a few notes on Recovery and Content Caching changes with 10.13.5
  • Restructured and re-wrote the first section of Chapter 5. It is now two sections with some new figures.
  • Older macOS Versions: added a link to El Capitan download
  • APFS: replaced mentions of ‘Flash’ drives with ‘solid-state storage (SSD)’, added a note of Apple’s APFS plans in macOS Mojave
  • corrected the description of non-removable MDM profiles in ‘Avoiding DEP’

Most of the changes are in anything related to Secure Boot (because of the new MacBook Pro). I also re-wrote and clarified the first section of Chapter 5, the ‘Strange New World’ section and added a few new figures to visualize the workflows better. (You can sample read the original version.)

If you have bought the book, the update is free and you should be notified about it in the iBooks app. If you have not purchased the book yet, you can get in the iBooks Store!

Thank you!

Weekly News Summary for Admins — 2018-07-13

This week started off with the release of the macOS 10.13.6 and iOS 11.4.1 updates – quite unusually posted on a Monday.

Later this week, with another weird scheduling, Apple released new MacBook Pros. The 15“ MacBook Pro can now be configured with a six-core i9, up to 32GB of RAM and up to 4TB of SSD. The 13” MacBook Pro can now be configured with a quad-core, but retains the 16Gb max RAM limit. It also includes the T2 system controller which was so far exclusive to the iMac Pro.

The T2 chip is what controls (among other things) the Secure Boot process and controls the booting off external drives. Apple has updated the support articles and it is official:

Mac computers that have the Apple T2 chip don’t support starting up from network volumes.

(Not surprising, but surprisingly clear.)

Now, Apple has upgraded their flagship product to Secure Boot. Even when so far admins could ignore the limitations of the expensive iMac Pro, soon Secure Boot will be everywhere. Installation-based deployment workflows should be already in place or a top priority for every Mac Admin.

Read about the background and the options “macOS Installation for Apple Administrators” (Sample section: Strange New World)

And finally, this newsletter and my website will be going into vacation mode for the next five weeks. That means no newsletters and much fewer blog posts. I hope you all get time to enjoy some summer vacation as well. I will keep gathering interesting links that I find during that time and restart with a summary of the summer time in late August.

See you then!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Headlines

On Scripting OS X

News and Opinion

MacAdmins on Twitter

  • Ben Markowitz: “BRB, making Harry Potter spells into Siri Shortcuts.… ”
  • Rich Trouton: “When and how do you really know that you built a robust deployment solution? When you essentially stop paying attention to it for a month, while it’s in daily 24–7 use by others, and that’s OK; everything worked fine.”
  • Victor (groob): “Yes, for both commands InstallApplication and InstallEnterpriseApplication no longer appear to have concurrency issues.… ”
  • Victor (groob): “You thought one @micromdm_io was enough? Not a photoshop #macadmins… ”
  • Filippo Valsorda: “For when you want to figure out how to apply some macOS preference from the command line, without Googling for hours for out-of-date defaults commands: $ defaults read | pbcopy # make changes in System Preferences.app $ diff -u -F ’^ ”’ <(pbpaste) <(defaults read)”
  • Graham R Pugh: “I improved my macOS Erase-Install script. Now it can cache macOS installer ready for later use, and it automatically selects the current production version of macOS: https://github.com/grahampugh/erase-install”
  • Ross Derewianko: “Thanks to @zoocoup here’s the macOS builds if it matters to you 10.11.6 + SecUpdate 2018–004 = 15G22010 10.12.6 + SecUpdate 2018–004 = 16G1510 10.13.6 = 17G65”
  • John C. Welch: “if you’re on mojave beta 3 and your script menu scripts silently fail, resave them as apps. Then you get the “authorize” dialog. Bug filed.”
  • Rene Ritchie: “I don’t look at it as buying an app (or song or book or whatever). I look at it as supporting creators who make things I value. If I don’t do that, I risk it becoming unsustainable and not getting the next update or app (or game or movie or whatever.) It’s an investment.… https://t.co/llpRFSZniM”

Support and HowTos

PSU MacAdmin

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book as well!

Hasta la Vista, Imaging…

New MacBook Pros! With T2 chips!

The new features, improved RAM and SSD capacity, keyboard (!) and screens are all nice and interesting. Even more remarkable is that Apple mentions the T2 chip in the headline.

Of course, the T2 chip means, that like the iMac Pro, the 2018 MacBook Pros will not NetBoot (at all) or boot from external devices (without going through a convoluted setup process).

So far, it was possible to downgrade 2017 MacBook Pros to Sierra and keep using the same imaging procedures as before. Now, Apple has now moved their flagship Mac model to the new architecture.

If you do not have an installation based deployment based workflow prepared yet, it is high time to get one in place. I explain what you can do and some examples of how you can do it in my new book: “macOS Installation for Apple Administrators” (sample chapter here).

Weekly News Summary for Admins — 2018-07-06

Beta 3 for iOS12 and macOS Mojave have dropped for developers. And Apple is strategically releasing more and more news, like new Maps data.

The first users are getting access to Siri Shortcuts beta on iOS and it looks really promising.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

News and Opinion

macOS Mojave

MacAdmins on Twitter

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book as well!

Parsing dscl Output in Scripts

On macOS dscl is a very useful to access data in the local user directory or another directory the Mac is bound to. For example you can read a user’s UID with:

$ dscl /Search read /Users/armin UniqueID
UniqueID: 501

This output looks easy enough to parse, you can just use cut or awk:

$ dscl /Search read /Users/armin UniqueID | cut -d ' ' -f 2
501
$ dscl /Search read /Users/armin UniqueID | awk '{print $2;}'
501

However, dscl is a treacherous. Its output format changes, depending on the contents of an attribute. When an attribute value contains whitespace, the format of the output has two lines:

$ dscl /Search read /Users/armin RealName
RealName:
 Armin Briegel

With attributes like the UID, it is fairly safe safe to assume that there will be no whitespace in the value. With other attributes, such as RealName or NFSHomeDirectory, you cannot make that prediction with certainty. Real names may or may not have been entered with a space. A user (or management script) may have changed their home directory to something starting with /Volumes/User HD/... and your script may fail.

To remove this output ambiguity, dscl has a -plist option which will print the output as a property list:

 $ dscl -plist . read /Users/armin RealName
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>dsAttrTypeStandard:RealName</key>
    <array>
        <string>Armin Briegel</string>
    </array>
</dict>
</plist>

The resulting property list is a dict containing a key with the native attribute name and an array containing the values, even when there is only one value.

Having a property list is nice, but parsing property lists in a shell script is challenging. I have found two solutions

Xpath

You can use the xpath tool extract data from the XML output:

$ dscl -plist . read /Users/armin RealName | xpath "//string[1]/text()" 2>/dev/null
Armin Briegel

Note that the xpath output does not include a final new line character, which makes it look a bit strange.

The xpath argument in detail means:

  • //string[1]: the first of any string element
  • /text() the text contents of that stringobject

This syntax makes a lot of assumptions about the property list input. I believe they are safe with the dscl output. (Please test)

If you want to play around with xpath syntax, I recommend using an interactive tool. I used this one from Code Beautify which worked well enough, but frankly I just randomly chose one from the list of search results for ‘xpath tester’. (If you can recommend a great one, let us know in the comments.)

PlistBuddy

As I said, the xpath solution makes a lot of assumptions about the layout of the property list. A safer way of parsing property lists would be a dedicated tool, such as PlistBuddy. However, PlistBuddy does not read from stdin. At least not voluntarily.

A few weeks ago Erik Berglund shared this trick on Mac Admins Slack which makes PlistBuddy read the output from another command. We can adapt this for our use case:

$ /usr/libexec/PlistBuddy -c "print :dsAttrTypeStandard\:RealName:0" /dev/stdin <<< $(dscl -plist . read /Users/armin RealName)
Armin Briegel

Note that you have to escape the : in the attribute name, since PlistBuddy uses the colon as a path separator.

You can use this in scripts to assign the value to a variable with

realName=$(/usr/libexec/PlistBuddy -c "print :dsAttrTypeStandard\:RealName:0" /dev/stdin <<< $(dscl -plist . read /Users/$username RealName))

This uses nested command substitution with the $(... $(...) ...) syntax which is not possible using backticks.

Either way, you can get a safe value from dscl in shell script, whether it contains whitespace or not.

Weekly News Summary for Admins — 2018-06-29

The iOS 12 and macOS Mojave public beta dropped this week. They are the same as the developer beta 2. Have you dared install it on your main Mac and iPhone yet!? (you have a backup, right?)

Erik Berglund’s app Profile Creator is in beta! The feature set is still limited, but I am very excited about this.

Finally, I have added Scripting OS X as a channel to Apple News. You can search for ‘Scripting OS X’ among the channels. (I have not yet figured out how to link to a channel directly.) There are still a few things I need to figure out. For example, Apple News does not seem to like something about the Weekly News posts, so for now it’ll be the ‘article’ posts only.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

🏜 macOS Mojave

🐦MacAdmins on Twitter

🐞Bugs and Security

🔨Support and HowTos

🍏Apple Support

♻️Updates and Releases

📺To Watch

📚Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2018-06-22

MacAdmins are gearing up for the summer imaging… er… installation season and we have a bunch of interesting and useful articles to prepare us!

Apple is releasing some of the software they didn’t have time for at WWDC. New Numbers, Pages and Keynote updates dropped last Friday just after I had finished up the last newsletter, and GarageBand 10.3 dropped yesterday. Can we have at least some new Macs next!?

Also, a few new security related posts and remember to catch up with all the WWDC sessions and MacDevOps YVR videos before PSU MacAdmins Conf posts theirs!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

#! On Scripting OS X

📰News and Opinion

🐦MacAdmins on Twitter

🐞Bugs and Security

🔨Support and HowTos

🤖Scripting and Automation

🍏Apple Support

🎧To Listen

📚Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Prefs Tool

Preferences or defaults on macOS seem easy, but their subtleties can grow complex very quickly.

The main reason for confusion is that preferences can be stored in many places and on many levels. The defaults system composites all of the keys and values from all locations to a process or application.

In my book “Property Lists, Preferences and Profiles for Apple Administrators”, I list 17 possible domains or levels where preferences can be stored and read from. The most common domains are:

Domain Location
User/Application ~/Library/Preferences/identifier.plist
User/Application/Computer ~/Library/Preferences/ByHost/identifier.xyz.plist
Computer/Application /Library/Preferences/identifier.plist
Configuration Profile n/a

To add to this confusion, Apple’s documentation keeps mixing up terms like ‘domain’ and ‘identifier’. I use the term ‘domain’ to designate the level or location a setting is stored in, and ‘identifier’ for the name of the preference (i.e. com.apple.screensaver).

The defaults command, which is the proper tool to interact with preferences files, does not properly work with different levels or domains. When you run 

$ defaults read com.apple.screensaver

The output will be from the User/Application domain only, i.e. the data stored in the file ~/Library/Preferences/com.apple.screensaver.plist.

But the ScreenSaver process stores more data in the ByHost domain. You can read this domain or location with defaults as well:

$ defaults -currentHost read com.apple.screensaver

However, you must remember to check and read the ByHost domain as well as the standard domain. To access the computer level domain you have to use 

$ defaults read /Library/Preferences/com.apple.screensaver

(The ScreenSaver process does not use this domain, so you will get an error saying that it does not exist. However, you won’t know this domain is empty until you try.)

Defaults cannot tell you when a setting is set or overridden by a configuration profile, or what its value is in that case. You cannot get the full composited view of defaults with the defaults command.

Greg Neagle wrote a short python script a while back which could give you the effective result for an identifier and a specific key. His script will also show where the value is coming from.

I have found Greg’s script to be very useful, but I wanted it to do a bit more. My version, Prefs Tool, can now show you all keys set for a specific application identifier, including those managed by configuration profiles.

$ ./prefs.py com.apple.screensaver
idleTime <int>: 0L (User/ByHost)
CleanExit <string>: u'YES' (User/ByHost)
askForPassword <bool>: True (Managed)
askForPasswordDelay <int>: 0L (Managed)
moduleDict <dict>: {
    moduleName = iLifeSlideshows;
    path = "/System/Library/Frameworks/ScreenSaver.framework/Resources/iLifeSlideshows.saver";
    type = 0;
} (User/ByHost)
showClock <bool>: True (User/ByHost)
PayloadUUID <string>: u'AAAAAAAA-BBBB-CCCC-DDDD-EEEEEEEEEEEE' (Managed)
tokenRemovalAction <int>: 0L (User/ByHost)
PrefsVersion <int>: 100L (User/ByHost)

The script has a few more tricks up its sleeve. There is also still lots of work to be done. See the Github repository and its ReadMe for details.