Weekly News Summary for Admins — 2022-02-18

For a change, only few changes or announcements this week. Apple followed up last week’s 12.2.1 update with 11.6.3 and a security update for Catalina. But we still got a lot of interesting posts and updates!

(Sponsor: vast limits)

uberAgent: application usage monitoring

uberAgent Logo

uberAgent is an innovative user experience monitoring product for macOS and Windows. uberAgent’s highlights include detailed information about application performance, network reliability drill-downs, application usage metering, browser performance, and web app metrics. Try for yourself and get your free 100 user community license at uberagent.com.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS and iOS Updates

Security and Privacy

Support and HowTos

Scripting and Automation

Updates and Releases

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2022-02-11

A new beta, a surprising security update (which also fixes a Bluetooth battery drain issue on Monterey), an announcement on the AirTag tracking. Apple sure was busy this week. But everyone else seems to be really busy, too. Lots of news, updates and releases this week.

(Sponsor: vast limits)

uberAgent: application performance monitoring

uberAgent Logo

uberAgent is an innovative user experience monitoring product for macOS and Windows. uberAgent’s highlights include detailed information about application performance, network reliability drill-downs, application usage metering, browser performance, and web app metrics. Try for yourself and get your free 100 user community license at uberagent.com.

Another emerging topic is Apple’s treatment of the App Store ecosystem and the developers. There have been a few lawsuits and decisions around the world and I believe that Apple’s reactions might shape the company’s future and their public perception more than any VR/AR products that might be announced.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS 12 Monterey and iOS 15

macOS and iOS Updates

MacAdmins on Twitter

  • Guilherme Rambo: “Thoughts on iOS sideloading. Apple (and people who defend Apple no matter what) make it out as being a big deal that’s going to completely destroy the security of the platform and harm a huge number of innocent users. The reality is way less exciting…” (Thread)
  • mikey: “iOS 15.3.1 and macOS 12.2.1 patch a WebKit use after free (UAF) (CVE-2022-22620). Apple aware that it may have been exploited in the wild”
  • James Rath: “Just a bummer that there aren’t many tracking alternatives for blind folks. Airtags and precision finding are incredibly accessible with VoiceOver support. And we’re a an audience who benefit significantly from things like AirTags. I tried Tile & the app was inaccessible.”

Security and Privacy

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Update: Installomator v9.0

We have updated Installomator to version 9.0. This brings Installomator to 404 labels (390 apps). This update also brings with it many changes in behavior:

  • We have moved the root check to the beginning of the script, and improved DEBUG handling with two different modes. DEBUG=0 is still for production, and 1 is still for the DEBUG we previously knew downloading to the directory it is running from, but 2 will download to temporary folder, will detect updates, but will not install anything, but it will notify the user (almost as running the script without root before).
  • Added option to not interrupt Do Not Disturb full screen apps like Keynote or Zoom with INTERRUPT_DND="no". Default is "yes" which is how it has worked until now.
  • pkgName in a label can now be searched for. An example is logitechoptions, where only the name of the pkg is given, and not the exact file path to it.
  • LSMinimumSystemVersion will now be honered, if the Info.plist in the app is specifying this. That means that an app that has this parameter in that file and it shows that the app requires a newer version of the OS than is currently installed, then we will not install it.
  • New variable RETURN_LABEL_NAME. If given the value 1, like RETURN_LABEL_NAME=1 then Installomator only returns the name of the label. It makes for a better user friendly message for displaying in DEPNotify if that is integrated.
  • Changed logic if IGNORE_APP_STORE_APPS=yes. Before this version a label like microsoftonedrive that was installed from App Store, and that we want to replace with the “ordinary” version, Installomator would still use updateTool, even though IGNORE_APP_STORE_APPS=yes. So we would have to have INSTALL=force in order to have the app replaced, as updateTool would be used. But now if IGNORE_APP_STORE_APPS=yes then updateTool will be not set, and the App Store app will be replaced. BUT if the installed software was not from App Store, then updateTool will not be used, and it would be a kind of a forced install (in the example of microsoftonedrive), except if the version is the same (where installation is skipped).
  • Added variable SYSTEMOWNER that is used when copying files when installing. Default 0 is to change owner of the app to the current user on the Mac, like this user was installing this app themselves. When using 1 we will put “root:wheel” on the app, which can be useful for shared machines.
  • Added option curlOptions to the labels. It can be filled with extra headers need for downloading the specific software. It needs to be an array, like curlOptions=( ). See “mocha”-software-labels.

Logging

  • Introducing variable LOGGING, that can be either of the logging levels
  • Logging levels:
    0: DEBUG Everything is logged
    1: INFO Normal logging behavior
    2: WARN
    3: ERROR
    4: REQ
  • External logging to Datadog
  • A function to shorten duplicate lines in installation logs or output of longer commands
  • Ability to extract install.log in the time when Installomator was running, if further investigations needs to be done to logs

Fixes

  • Fixed a problem with pkgs: If they were mounted with .pkg in the name, then we would find the directory and not the pkg file itself.
  • Minor fix for a check for a pkgName on a DMG. We used ls that would throw an error when not found, so the check was corrected.

Many thanks to Søren Theilgaard who did most, if not all, of the heavy lifting for this release. Also many thanks to everyone else who contributed a new label, issue or other help.

You can get Installomator from the GitHub repo.

Weekly News Summary for Admins — 2022-02-04

Another weighty news summary. After Apple released their updates last week, it seems as if the MDM vendors are following suite. Also MacAdmins are preparing for the demise of Python 2 in macOS 12.3 with many tools updates.

(Sponsor: Mosyle)

Mosyle Fuse logo

The Fusion of Apple MDM, Identity, Patching & Security.

Mosyle Fuse is the first and only product to bring a perfect blend of an Enterprise-grade MDM, an innovative solution for macOS Identity Management, automated application installation and patching, and purpose-built multi-layer endpoint security, all specially designed for Apple devices used at work at a price point that’s almost unexplainable.

Click here to learn more!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS and iOS Updates

MacAdmins on Twitter

  • Rich Trouton: “If you’re using my AutoPkg recipes for Microsoft Defender ATP, Microsoft Defender ATP has changed its name to Microsoft Defender. Please use the new Microsoft Defender recipes.”
  • Nathaniel Strauss: “Friday IT fun. macOS Monterey 12.2 breaks printing in some environments using a Windows print server with modified RPC security settings. Specifically RpcAuthnLevelPrivacyEnabled. Feel free to reference my case 101616149128.”

Security and Privacy

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Update: quickpkg 1.0beta

QuickPkg is one of those tools that I built for myself a long time ago and has remained useful (at least to me) without many updates.

Since Apple will be removing the pre-installed Python 2 binary from macOS 12.3, I was forced to pull the code out, dust it off and update it to Python 3. I chose to use the MacAdmins “Managed Python” since it provides a nice bundle of libraries which should be useful for some other tools I have (and still need to migrate). It should (probably) work with other Python 3 distributions, as well, but I did not test this at all.

Thankfully, quickpkg did not require very many code changes. I could even remove all the code from Greg Neagle’s FoundationPlist. Python 2 plistlib could not read binary plist files, so that extra functionality was required. But Python 3 plistlib can read and write binary plists and I could save a lot of code.

The script has worked with all of my tests, but I probably have not explored all the weird edge cases yet. So I am releasing it as a beta. Please file issues and/or pull requests on the GitHub repo if you run into any problems.

Update: pkgcheck

The macOS Monterey 12.3 beta release notes say that the Python 2.7 binary (located in /usr/bin/python) will be removed. Since you follow this blog, this should not come as a surprise. We have been warned about this since Catalina. (Or longer)

That said, the removal of Python 2 in a minor macOS release is surprising. Minor updates should not have breaking changes or removals. Admins and developers may not expect removals and other breaking changes in a minor update and therefore not be paying as much attention to changes. Also, the time a minor update is in beta is usually 6-8 weeks, which leaves us and developers much less time to find and fix problems than a major update beta phase, which is usually 4-5 months.

Nevertheless, we have to work with what Apple deals to us. MacAdmins have been investigating their own tools and scripts since the Monterey release or earlier to avoid the prompts. But when you get vendor pkgs, these might contain anything. While you can inspect pkgs with tools like pkgutil, Pacifist or Suspicious Package, it can get tedious with many packages.

A while back I built a script called pkgcheck to automate this check. Since I (and many others) have started using it again in the recent days, I have added a few more checks to it.

The earlier version would flag files in the installer’s resources that had a /bin/bash, /usr/bin/python, /usr/bin/ruby, or /usr/bin/perl shebang. (the first line with the #!) I have now also added check for a shebang with /usr/bin/env [python|ruby|perl] because when run from an installer pkg, this will also resolve tousing the built-in, deprecated runtimes. Also, using python in the shebang will now be shown as a red error, rather than a yellow warning.

The script will now also grep for use of python in installation scripts and show those scripts. This might generate a few false positives. You will have to use your judgement. For example using python3 in an installation script will also trigger this. But then, it probably should, since python3 is not installed on macOS by default. (What you see in /usr/bin/python3 is a shim that prompts you to install the Command Line Developer Tools, unless they or Xcode are already installed.)

I hope this is useful!

Weekly News Summary for Admins — 2022-01-28

Emails and web pages don’t really have weight, but the news summaries in the weeks with macOS and iOS updates always feel heavier. Lots of links for the macOS Montery 12.2, iOS 15.3 and related updates.

(Sponsor: Mosyle)

Mosyle Fuse logo

The Fusion of Apple MDM, Identity, Patching & Security.

Mosyle Fuse is the first and only product to bring a perfect blend of an Enterprise-grade MDM, an innovative solution for macOS Identity Management, automated application installation and patching, and purpose-built multi-layer endpoint security, all specially designed for Apple devices used at work at a price point that’s almost unexplainable.

Click here to learn more!

In addition to the release updates, Apple also published the first beta for macOS 12.3 and iOS 15.4 It looks like these will be the “Spring” updates from Apple, which means they will have more changes and new features than a “normal” update. Aside from some things we have been waiting for since WWDC (Universal Control! New Emojis!), macOS 12.3 will remove Python 2.7.

We’ve been warned about this since the macOS Catalina beta release two-and-a-half years ago. I have written about this before. More than once. Quite a lot, actually. I warned about this at MacSysAdmin in 2018. I am not looking for credit for prescience here. This was not a hard prediction to make.

It is also not a hard prediction, that several installers and tools will still not be prepared and break on macOS 12.3. Start testing now.

Way back then, I wrote a script that will expand pkgs and check the shebangs of the installation scripts. You can use that to search for installers that might break with macOS 12.3. Or, now that we have the beta you can just start testing your deployment workflows there and see what breaks.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS Monterey 12 and iOS 15

macOS 12.2 and iOS 15.3

macOS Monterey 12.2

iOS 15.3 and iPadOS 15.3

watchOS 8.4

tvOS 15.3

Apps

Support

MacAdmins

MacAdmins on Twitter

  • Paul Haddad: “I just downloaded the print application for my label maker. It’s a DMG with an App inside that prompts for an EULA and ends up displaying a button to download the app from the App Store…. Feels like a few steps could be skipped.”
  • Dana Sibera: “Some of the iconic Apple names didn’t last all that long. Apple used ‘Quadra’ from October 91 to October 95 – suiting the name, a span of 4 years. Just 4 years. ‘Performa’ lasted from September 92 to Jan 1997, 4 years 9 months.” (Fun Thread)

Security and Privacy

Support and HowTos

Scripting and Automation

Updates and Releases

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2022-01-21

It seems like the year has not even properly started yet, but Apple already released the macOS 12.2 and iOS 15.3 release candidate. So a likely release next week. Are you ready?

(Sponsor: Mosyle)

The Fusion of Apple MDM, Identity, Patching & Security.

Mosyle Fuse logo

Mosyle Fuse is the first and only product to bring a perfect blend of an Enterprise-grade MDM, an innovative solution for macOS Identity Management, automated application installation and patching, and purpose-built multi-layer endpoint security, all specially designed for Apple devices used at work at a price point that’s almost unexplainable.

Click here to learn more!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS and iOS Updates

MacAdmins on Twitter

  • Mr. Macintosh: “1/23/22 will mark 90 days since Monterey was released. If you have an 90 day MDM deferral profile deployed, Monterey will start showing up as an available upgrade On 1/14/22 Apple added “macOS Installer Notification” to the software update catalog.” (Thread)

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2022-01-14

Happy New Year!

With Christmas Day, Boxing Day, and New Year’s Day on week-ends, this was not a good season for employees. However, it did turn out to be a long break for people who write their newsletters on Fridays. After what seems like forever, the Scripting OS X News Summary is back, ready for whatever 2022 might bring for Apple admins.

(Sponsor: Mosyle)

Mosyle Fuse logo

The Fusion of Apple MDM, Identity, Patching & Security.

Mosyle Fuse is the first and only product to bring a perfect blend of an Enterprise-grade MDM, an innovative solution for macOS Identity Management, automated application installation and patching, and purpose-built multi-layer endpoint security, all specially designed for Apple devices used at work at a price point that’s almost unexplainable.

Click here to learn more!

Apple is also back from vacation. We got the third round of beta releases for macOS 12.2 and iOS 15.3 and siblings.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

MacAdmins on Twitter

  • Andrew MacKenzie: “My life be like for thething in this that theotherthing ; do Installomator.sh $thething ; done
  • William Smith: “For Jamf customers who are still running their Jamf Pro servers on Macs, March 2022 is the tentative date to retire support for this installer. Reach out to Jamf Support for information about migrating to Jamf Cloud or another server platform.”

Security and Privacy

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!