Weekly News Summary for Admins — 2019-06-21

Happy Solstice, everyone!

Things are calming down after the WWDC storm. This week we got some more WWDC reactions, a major Firefox exploit with fix, and some more information on Catalina notarization.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

News and Opinion

MacAdmins on Twitter

  • Victor (groob): “Working on the next release of MicroMDM and added an important documentation section I felt was missing for too long. MicroMDM is not a product! Link

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-06-14

First week post-WWDC and people are slowly catching up with the firehose of information. Lot’s of opinion pieces and podcasts to catch up with.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

#! On Scripting OS X

News and Opinion

MacAdmins on Twitter

  • macshome: “With so many people running macOS in a VM right now here is a ProTip for Fusion on a TouchID Mac. Set: board-id.reflectHost = "FALSE" Now your auth dialog spins are gone!”
  • Craig Hockenberry: “I know a lot of developers who have been working with Apple’s products for decades. The overwhelming consensus is that we’re seeing something that will change our lives for decades to come. 1976 -> 1984 -> 1996 -> 2008 -> 2019”
  • Daniel Jalkut: “Apple has been doing hardware penance lately. I hope they realize that exiting the personal networking market (Airport) was as as misguided as exiting pro Mac, pro displays, etc. We’re ready for the big comeback.”
  • Derek Fulmer: “With the impending changes to macOS in 10.15, I’m giving zsh a go. Really digging its customizability. Feels way more modern. But, I’m still sentimental about bash.”

Bugs and Security

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

  • Erik Schwiebert: “Microsoft Office, macOS 10.15 Catalina, and You: @mrexchange explains our support plans for the beta and final OS release.”

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-06-07

WWDC! And what a firework it is this year!

We got new previews of all of Apple’s operating systems, including a new, stand-alone, more powerful iPadOS. We got a look at the new Mac Pro with a high-end new 6K display. We got Marzipan… er Project Catalyst. And we got a quick peak at a new Swift-native user interface framework.

There were tons of interesting pieces for MacAdmins already. Apple is switching the default shell to zsh, will stop bundling scripting frameworks with the system, has released new management documentation, is moving to a read-only system partition, and more… And there will be more today when ‘What’s new in Managing Apple Devices’ is presented.

It will take weeks and months to sort through all the changes. Make sure to subscribe to the developer program for the earliest betas, AppleSeed for IT (ask your Apple representative), or the public beta, so you can start testing early and often! And keep reading this news summary, so you know what to look out for.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

WWDC and macOS 10.15 Catalina

Apple Newsroom

Apple Preview Pages

Release Notes

More Notes

MacAdmin reactions and posts

On Scripting OS X

  • Moving to zsh
  • If you are using the Exit Code prompt setup from my post last week: co-worker Mattias found an embarrassing error that may have resulted in all exit codes being a happy green checkmark. The code in the post is now fixed (only the last line changed). On the other hand I will be posting how to do that with zsh soon.
  • After finishing the first ‘Scripting macOS’ class at Pro Academy last week, we have new dates on October 23 and 24 for the next class here in our training rooms in Amsterdam. I will be busy updating the class for macOS Catalina. There will also be a ‘Supporting macOS’ class on September 18 and 19. If you are interested, then please contact us through the form on the website. You can also use the contact form if you are interested but the dates do not fit your schedule. We will consider your preferences for further scheduling.

News and Opinion

MacAdmins on Twitter

  • Michael Palermiti: “Pssst. Hey, I’ve got some exciting news for our enterprise customers… Shared Mailbox support is now in TestFlight for @Outlook for iOS! We need your help to try it out and give us feedback. And before anyone asks, yes, Android support is not far behind!”
  • Nick Takayama: “Shouldn’t it be called the WWDC Beer Zsh Now?”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

To Watch

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-05-31

Between Memorial Day in the US, Ascension Day in parts of Europe, and WWDC looming next week, this was a quiet news week.

Apple did have one more thing to get out before WWDC: the iPod touch was updated with the A10 processor.

Now, only the Mac Pro remains as a device that has not been updated in the last two years. (MacBook barely makes the two years limit with its last update in June 2017.)

In other news, the first “Scripting macOS” class took place this week. The attendees (and I) believe it went really well! You can still sign up for the next class here. If the next date doesn’t suite you, please use the contact form and let us know when you would like a class. We will be scheduling additional classes soon and your input will be considered.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

Headlines

On Scripting OS X

News and Opinion

MacAdmins on Twitter

  • Graham Pugh: “IBM SPSSStatistics 26 still needs Java installed in order to get installed on Mac, but installs a JRE as part of the installation. How hard would it be to put the JRE in the installer itself?”
  • Timo Perfitt: “Right Click->Open to Install?… ” (Click for image)
  • Tom Bridge: “So, I’ve spent a little time with Mosyle + Google SSO + DEP tonight, and I gotta hand it to the team at @mosyle_biz : That’s a helluva beta. I can see that being HIGHLY useful.”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-05-24

No quiet before the storm with this year’s WWDC. After macOS 10.14.5 and iOS 12.3 dropped last week, we got new MacBooks Pro with a decent speed bump this week. Their keyboard only got minor changes, but Apple has also announce a Keyboard Service program.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

MacAdmins on Twitter

  • Timo Perfitt: “If you are interested in the Twocanoes MDS slides, exercises, or links from my roadshow, this tweet is for you! https://t.co/AZ8rJcafCD”
  • tlark: “Want to try to get rid of Adobe products? It may not be possible, but there are alternatives… ”
  • Edward Marczak: “Or you can go all in and just not allow 32-bit execution: sudo nvram boot-args="-no32exec"… ”
  • John C. Welch: “I was just thinking, at random about Macworld Expo, and I realized why its end, and the end of end-user/consumer-focused computer shows in general are a bad thing. What happens when all computer shows are for devs or industry “insiders”?” (Long thread)
  • Minko Gechev: “A bash function I use constantly on airports: function changeMac() { local mac=$(openssl rand -hex 6 | sed 's/\(..\)/\1:/g; s/.$//') sudo ifconfig en0 ether $mac sudo ifconfig en0 down sudo ifconfig en0 up echo "Your new physical address is $mac" } Unlimited WiFi ”
  • Timo Perfitt: “Turns out that the plural form of ”Mac“ is ”a murder of Mac computers“.”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-05-17

This Monday, macOS 10.14.5 (and all the related updates) dropped. The timing was surprising, but became clearer when the news on a new group of Intel CPU vulnerabilities arrived as well.

10.14.5 brings some mitigations to these vulnerabilites, but to be sure, you would have to disable Hyperthreading on your CPU(s) which brings up to 40% performance hit.

With 10.14.5 the new notarization rules for applications and kernel extensions arrive as well. All of this is once again demonstrating the importance (and the challenges) of IT being able to quickly roll-out and support system updates.

There are still a few spots left for the “Introduction to Scripting macOS” class on May 27/28!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

News and Opinion

Apple Updates

Articles

Tweets

  • mikeymikey: “macOS Mojave 10.14.5 (18F132)… ”
  • Jason Broccardo on Twitter: “#macadmins n.b. the both the 10.14.5 and iTunes Device Support Update updates have trailing spaces when you are looking at the CLI softwareupdate listing. If you want to CLI install you’ll need to account for that.”
  • Marnin: “When using the Time Server payload on earlier version of macOS 10.14, the time zone was not getting set properly.”
  • Ken Case: “Today Apple released macOS Mojave 10.14.5, which fixes a CoreAnimation drawing issue that was affecting customers using large OmniOutliner and OmniPlan documents. If you’re a Mac customer using Mojave, I strongly recommend updating!”

MDS/Zombieload

MacAdmins on Twitter

  • Caleb Coy: “Was just reminded that the #macadmins Slack community turns 4 this weekend. I don’t know about y’all, but a lot has happened for me in that time and having this community has helped so much.”
  • Daniel Jalkut: “Heads up Mac developers: the ”codesign –preserve-entitlements=runtime“ parameter does not actually preserve the runtime flag. Radar #50697511.”
  • Timo Perfitt: “Interesting that the additional recovery partition key combos are only available if you have installed 10.12.4 or later at least once.”
  • Adam Codega: “A configuration profile is never late. Nor is it early; it arrives precisely when it means to.”
  • Kitzy: “macOS Mojave 10.14.5 has been out for over 48 hours now. Still no sign of it in Jamf’s patch management. It’s frustrating that Jamf finally got the mechanics of patch management down but crippled it by making us all rely on Jamf for patch definitions that are slow to update.”
  • Ricky Mondello: “Did you know that you can drag Safari’s Downloads popover by its title into being a detached, free-standing window, so you can more easily monitor your long-running downloads?”

Bugs and Security

Support and HowTos

Scripting and Automation

Updates and Releases

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-05-10

More 10.15 and iOS13 rumors (or previews), Microsoft goes Terminal and open source and leaks the Chromium-based Edge browser for Mac, Mac admins continue to explore the effects of the 10.14.5 notarization requirements, and Adobe ‘unauthorizes’ old versions.

In additonal news, I will be giving Scripting Classes at Pro Warehouse in Amsterdam. The first class is a two-day “Introduction to Scripting macOS.” If you are interested, you can get more information and register here!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

On Scripting OS X

News and Opinion

MacAdmins on Twitter

  • mikeymikey: “Just sharing this out here – because I didn’t know this detail – and codesign and spctl don’t show this particular reason for Gatekeeper rejection”
  • William Smith: “Download Microsoft Edge (Canary) for Mac, Reference the chromium.org key/value pairs here: www.chromium.org/administrators/policy-list–3 Use “com.microsoft.Edge.Canary” domain to manage (plist or configuration profile).”
  • Patrick Fergus: “I annotated Adobe’s “authorized” applications table with “marketing” versions. Note “if an Adobe product is not listed in the table below, all versions continue to be authorized.””

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-05-03

The big news this week was that Apple has started removing certain iOS applications which allow fine-grained parental controls for their children’s iPhones and iPads. The first post on this in the New York Times speculated that Apple was removing products that compete with Screen Time. However, Apple clarified that these companies are using MDM (Mobile Devices Management servers) to get the features, which is a “guideline violation.”

Since this discussion involves MDM, I believe it is very relevant to Mac and iOS administrators.

You could discuss whether these services should be using MDM to get the feature set their customers desire. You could have (the ever repeating) discussion on how Apple reverses years’ worth of approvals because they now suddenly realize the app has been in violation all along. You could question how fair and reasonable the 30 days ultimatum for an updated app without MDM was, since there is no other API with a similar feature set, and how well the ultimatum was communicated.

But I want to point out that MDM enrollment, both on iOS and macOS, has to be manually initiated the user, and approved with a passcode. This required user approval, is a big hurdle for automated delpoyments, something which administrators are longing for.

The workaround for this, according to Apple is Automated Device Enrollment (formerly known as DEP) where the chain of possession from Apple, through a reseller, to the purchasing organisation is proven and logged in Apple’s servers. Even with DEP, user approval of the management features is necessay at first boot.

There have been cases where malware has installed MDM profiles on iOS and Macs and supposedly user approval should protect from these cases. Yet, when a service or application, which promises a solution the user desires, asks for approval, the user will click anything.

Users are trained to approve these security dialogs. The more dialogs the system throws at the user, the more they are trained to quickly approve and authorize them without really reading or understanding. Too much user approval can be detrimental to its purpose.

MDM servers need certificates from Apple to work. They need to register with the push notification service to communicate with the clients. The client applications that are distributed through the iOS and Mac App Stores, need developer certificates from Apple.

Apple would have many options to control and block malicious actors in this field without hurting legitimate services and administrators seeking automation.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

Parental Control Apps/MDM

🐦MacAdmins on Twitter

  • mikeymikey: “Different techniques, different goals. Internet recovery has been modified multiple times over the years (example change in 10.12.4), whereas netboot was a device independent standard that would have needed a total overhaul for Secure Boot.”
  • Steve Troughton-Smith: “Just 35 days to WWDC! 35 days to iOS apps on the Mac, 35 days to multi-window iPad homescreen revamp, 35 days to Dark Mode on iOS”
  • Steve Troughton-Smith: “Dashboard isn’t the only thing gone in 10.15 — so is 32-bit app & plugin support, Carbon, Ink, QuickTime 7 & QuickTime plugins, PPTP, and hardware RAID. You will get Python 3.7 and Ruby 2.6, at least” (Python 3 alongisde the soon-to be EOL’ed Python 2.7 would be good news.)
  • Emily kw, ph.d.: “Hello. I’m a Sr. Systems Engineer for a Fortune 25 company. I am not interested in your Technical Support Specialist job offers. Goodbye.”

🐞Bugs and Security

🔨Support and HowTos

🤖Scripting and Automation

🍏Apple Support

♻️Updates and Releases

🎈Just for Fun

📚 Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-04-26

I am traveling with just my iPad this week, so this is the first time that I am assembling the newsletter entirely on iOS. It has been an interesting challenge. I built a shortcut which copies a page from Safari in Markdown format, something that Byword on Mac does automatically on drag’n drop, but Byword on iOS does not.

If there are any errors or differences in this week’s newsletter because of that, please be tolerant. Since I am traveling and somewhat distracted, there may have been a post or news that I missed. Please tell me and I will add it next week! (Contact info at the end of the letter.)

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

MacAdmins on Twitter

  • Bertrand Pourcel: “Command-IT : la conférence pour les pros du monde Apple”
  • William Lam: “Been getting asked about our progress with ESXi on new 2018 Apple Mac Mini Here’s quick summary …”
  • Ben Toms: “Kernel extensions signed after April 7th, 2019 must be notarized in order to load on macOS 10.14.5.”
  • Kitzy: “So @SlackHQ, an app specifically aimed for enterprise use, doesn’t support enterprise deployment.”
  • Eric Holtam: “TIL about wdutil and sudo wdutil info for showing wireless info.”

Bugs and Security

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

Just for Fun

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2019-04-19

The video for my MacADUK Presentation “Modern Deployment Workflows for Business” is online! You can find the link, the slides and the notes on the permanent presenation page. There is also a link to the entire MacADUK 2019 playlist. There are many great presentations worth watching.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

MacAdmins on Twitter

  • Tim Perfitt: “Grab any corner of a window of an app in macOS and drag while holding the option key. The window will expand around the center point. Add in shift (so it is now command-shift) and it expands around the center and keeps the aspect ratio.” (Original tweet wrongly states ‘command’ key instead of the correct ‘option’ key.)
  • Joe Bourne: “Support for OS X Mojave has come to Azure Pipelines hosted agents and it includes Xcode 10.2! If you’re using the ‘Hosted macOS’ pool, your pipelines will already start running on Mojave. YAML customers can use ‘macos–10.14’ for their pool VM Image (Link)”
  • Steve Troughton-Smith: “RIP Dashboard, 2005–2019 You will be missed”
  • Rich Trouton: “If you’re a user of First Boot Package Install, there’s a new version available. Same great functionality, but now it’s signed and notarized!”
  • Thomas Reed: “Think Macs can’t get infected with malware? Or that they only get infected with adware and junk software? Think again. Here’s a story involving supply chain attacks, millions of dollars stolen… and Mac malware.”
  • Tim Perfitt: “Adding Munki server and automatic munki client provisioning into MDS 1.7. Also added MunkiAdmin to the toolbar so you can setup, manage and deploy Macs using MDS + Munki without ever touching the command line.…”

Bugs and Security

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

To Listen

Support

There are no ads on my webpage or this newsletter. If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!