Save up to 25% pkg file size with this weird Monterey trick!

macOS 12 Monterey brings with it a lot of new features, both for admins and users. You will probably be busy learning and experimenting with them right now, unless you already did that during the beta phase.

But, as usual, there are also many undocumented new changes and features hidden away in the update. I discovered one in the pkgbuild man page. pkgbuild, as the name implies, is used by developers and admins to build installer packages, or pkg files. Even when you are using a tool like munki-pkg or AutoPkg, it is probably using pkgbuild to assemble the installer package.

If you want to learn more about pkgbuild and creating installer packages, read my book: “Packaging for Apple Administrators

Large Payloads and Minimum Versions

“Discovered” is a strong word here. I stumbled over this as I was looking for a different new option for pkgbuild in Monterey. In a converstation with the ever awesome Duncan McCracken, he mentioned that the tool had gained an new option, --large-payload, which allows for individual files in the payload to be larger than 8GB.

This is a significant change to the pkg file format, so pkg installers created with this option will not work on systems older than 12.0. “This option requires the user to pass --min-os-version 12.0 or later to acknowledge this requirement.” (quote from the man page)

This comment led me to look for the description of the --min-os-version option and right between --large-payload and --min-os-version I stumbled over --compression.

There is no indication that these are new options in the man page. There is also no mention of any of these new options in the Developer Release Notes or the AppleSeed for IT release notes.

Payload Compression

The description for the --compression option reads:

--compression compression-mode
Allows control over the compression used for the package. This option does not affect the compression used for plugins or scripts. Not specifying this option will leave the chosen compression algorithm up to the operating system. Two compression-mode arguments are supported:

• legacy forces a 10.5-compatible compression algorithm for the package.

• latest enables pkgbuild to automatically select newer, more efficient compression algorithms based on what is provided to [--min-os-version <version>].

With this new option, in combination with the --min-os-version option, we can influence the compression algorithm used for the payload inside the pkg file. Other than that, we are left in the dark. What kind of compression algorithms? And which minimum macOS versions use which compression algorithms?

The man page is silent on this, so we need to experiment!

Lots of pkgs

After some less organized experimentation, I put together this one-liner:

for x in 10.{5..15} 11 12; do caffeinate time pkgbuild --component /Applications/Numbers.app --min-os-version $x --compression latest Numbers-min$x.pkg; done 

This is very, well, compressed, so I will explain it in steps:

Brace expansion

for x in 10.{5..15} 11 12; do

If I used for x in 10 11 12; do the shell would loop through the list using the values 10, 11, and 12. However, I also need eleven versions starting with 10. so I use the ‘brace expansion:’ 10.{5..15} will expand to 10.5, 10.6, 10.7, … until 10.15.

Brace expansion is rarely used but a very useful shell feature.

This for loop will loop through 10.5 through 10.15, and then 11 and 12, as well.

caffeinate

I did not want the MacBook I was testing on to fall asleep during the test. The caffeinate will prevent a Mac from sleeping. Most people use this command as a standalone command where it will prevent the Mac from sleeping indefinitely. Maybe you have used caffeinate -t 3600 to prevent sleep for a certain time.

But you can also use caffeinate together with a second command, and then caffeinate will prevent sleep for as long as the second command is running. For example:

caffeinate system_profiler

will prevent the Mac from falling asleep while system_profiler does its thing, which always seems like it takes ages.

The default mode of caffeinate will only prevent system sleep. The display may still dim, sleep, or even lock. If you want to prevent that as well, use caffeinate -di.

time

I was interested in the duration each pkgbuild run would take. The time command will give you that information. For example, when you run time system_profiler the system_profiler command will run, showing all its output, but the time command will add this at the end:

system_profiler  11.64s user 7.35s system 53% cpu 35.493 total

The first number (sometimes called the ‘real’ time) is the time that elapsed on the clock from the start to end of the process. The ‘user’ is also interesting as it gives the cpu time the process itself was actively running (and not waiting for other processes). Confusingly, the user time may be larger than the real time. This means the process was running on multiple cpus at once.

pkgbuild

And then we have the actual pkgbuild command using the --compression and the --min-os-version to build a pkg installer from the Numbers application on my system. I chose Numbers.app because it is fairly large (589MB) so the compression algorithm has something to do.

Results

I ran this on a MacBook Air M1 with 8GB of RAM. While pkgbuild was doing its work, I kept doing other tasks on the Mac. You can see that the run times vary by a few seconds. The system was experiencing memory pressure as the commands ran. This test wasn’t really very accurate, but the quality of the output, as you will see, is good enough to yield conclusions.

After running the above command I had 13 pkg files. and I created a chart with the output from the time command and the pkg file sizes.

When you chart the resulting filesize against the --min-os-version you see a distinct change in 10.10:

The filesizes will vary by a few bytes, but I presume that stems from different timestamps and a different minimum OS version set in the metadata of each package.

The same chart with the time required to create the pkg file:

When you use a --min-os-version value of 10.10 or higher, the file size drops by about 24% but the creation time (the ‘real’ value) nearly doubles. The ‘user’ time value increases nearly ten-fold and you may wonder how the user time can be so much higher than the ‘real’ time elapsed. The explanation is that the legacy compression algorithm uses only a single core, while the 10.10+ compression algorithm uses all available cores.

From 10.10 (Yosemite) on, the numbers stay fairly constant, all the way to 12.0, so my assumption is the compression algorithm stays the same.

Compression Algorithm

So which compression algorithms are actually used?

To figure this out, I first wanted to know if the file type of the pkg file file itself changed:

> file *.pkg    
Numbers-min10.5.pkg:   xar archive compressed TOC: 709, SHA-1 checksum, contains zlib compressed data
...
Numbers-min11.pkg:     xar archive compressed TOC: 706, SHA-1 checksum, contains zlib compressed data
Numbers-min12.pkg:     xar archive compressed TOC: 708, SHA-1 checksum, contains zlib compressed data
Numbers-minLegacy.pkg: xar archive compressed TOC: 708, SHA-1 checksum, contains zlib compressed data

As you can see the format of the wrapping archive of the pkg installer remains the same. This is probably necessary so that old versions of macOS can read the metadata inside the pkg.

But inside the pkg, is another compressed archive. You can see this when you run

> pkgutil --expand Numbers-min10.5.pkg 10.5Pkg
> ls 10.5Pkg
Bom         PackageInfo Payload
> file 10.5Pkg/Payload    
10.5Pkg/Payload: gzip compressed data, from Unix, original size modulo 2^32 594074112

Up to and including 10.9 the Payload is a gzip archive. From 10.10 upward the file command returns only data:

> file 10.10Pkg/Payload 
10.10Pkg/Payload: data

On an educated guess, I tried to list the contents of the 10.10 payload with the aa command which reads and writes the poorly documented ‘Apple Archive’ format:

> aa list -i 10.10Pkg/Payload    
.
./Numbers.app
./Numbers.app/Contents
./Numbers.app/Contents/_CodeSignature
./Numbers.app/Contents/_CodeSignature/CodeResources
...

(Note: the aa command is available on macOS Big Sur and higher.)

Expanding

When I saw how much more compute intensive the compression was, I was a bit concerned the decompression might be compute intensive on old hardware. To see if that would be a problem I used my 2012 Mac mini (the server model) running Catalina 10.15.7.

Catalina does not have the aa command line tool, (it was added in Big Sur) but pkgutil has an undocumented --expand-full option which will expand the pkg and the payload. So, I used that as a comparison:

> time pkgutil --expand-full Numbers-min10.10.pkg 10.10ExpandFull/

The M1 MacBook Air took 8.97 seconds for this operation, the 2012 Mac mini took 15.46. While that is slower, it is not a dramatic difference.

For comparison, expanding a legacy compressed file took 1.76 seconds (M1 MacBook Air) and 3.98 seconds (Mac mini 2021). The decompression is about four times slower using the new compression.

But what about productbuild?

For admins, component pkgs built with pkgbuild, are sufficient for most tasks, but sometimes developers require distribution packages. Developers generally prefer to build distribution packages.

For details on the differences of the package types and when you need which type, watch my MacDevOps YVR 2021 presentation: The Encyclopedia of Packages

The productbuild command line tool builds distribution packages. Since distribution pkgs can be far more complex than component packages, this tool has many more options. (Read my Packaging book for details.) But it has a similar mode to quickly build a distribution pkg from an app bundle:

> caffeinate time productbuild --component /Applications/Numbers.app NumbersDistDefault.pkg
productbuild: Adding component at /Applications/Numbers.app
productbuild: Inferred install-location of /Applications
productbuild: Wrote product to NumbersDistDefault.pkg
productbuild: Supported OS versions: [Min: 11.0, Before: None]
       28.85 real        22.43 user         3.42 sys

From the timing, we can guess that is creating a legacy compressed payload.

When we dig into the man page for productbuild on Monterey, we find a --component-compression option, which sounds promising. It has three options: legacy, auto, and default. The man page states that default behaves the same as legacy but that “may change in future releases of OS X.”

> caffeinate time productbuild --component /Applications/Numbers.app --component-compression auto NumbersDist.pkg
productbuild: Adding component at /Applications/Numbers.app
productbuild: Inferred install-location of /Applications
productbuild: Wrote product to NumbersDist.pkg
productbuild: Supported OS versions: [Min: 11.0, Before: None]
       44.87 real       207.40 user         8.70 sys

In this case the time suggests this uses the Apple Archive compression. But we didn’t have to provide a minimum OS version. The trick here is in the last output line of productbuild. There we see that productbuild automatically determined a minimum OS version from the application bundle. It reads the LSMinimumSystemVersion key from the app bundle’s Info.plist for this.

This is even more flexible than generically setting a min OS version of 10.10.

However, this will only work with the --component option of productbuild. Usually you have to build the components individually with pkgbuild and combine them with productbuild and in that workflow you will have to provide the minimum OS version for each component. Or determine it dynamically from the source, which is even more flexible.

Conclusion

We have learned that when you use the --compression latest with a --min-os-version of 10.10 or higher the pkg creation uses the Apple Archive compression for the payload, leading to smaller pkg file sizes. I did a few more tests with some other apps and the file compression improvements were between 20% and 25%.

When I set out to explore this, I did not expect a new compression algorithm to be present except maybe in the lastest macOS releases. This would have meant admins (who usually need to support at least two or three versions back) would have had to wait a few years before we could use a new compression algorithm, unless they were pushing the bleeding edge. However, a minimum macOS version of 10.10 means that a large majority of Apple Admins should be able to use this.

Most of the software deployed will have higher system requirements than OS X Yosemite. The minimum OS version for the package should be determined dynamically from the contents, pkgbuild and productbuild will then use the appropriate compression. The --component-compression auto option for productbuild has this dynamic behavior, but it should not be too complicated to add similar logic to your package creation workflows.

You might ask if a ~20-25% reduction in file size is really worth the extra effort of updating your packaging workflows. Since many management systems are now hosted in the cloud, every bit you can save in up- and download might have a noticeable price, if not in bandwidth costs, then in time saved for user downloading the pkg. The savings will be multiplied by the number of clients, which adds up quickly with large fleets.

I think that most effective application of this knowledge would be to have an option in your packaging workflow to use this better compression. For that, the packaging workflow will have to run on Monterey. AutoPkg is the best example of such a workflow, but there are other tools, like Packages.app or munki-pkg which could profit from this, as well.

News Summary for Admins — 2021-10-22

We finally got those Apple Silicon based MacBooks Pro this week. And they do look very nice! You have probably already read all about them. To prepare for the new M1 Pro and Max goodness, we will also get macOS 12 Monterey (and iOS 15.1 and siblings) on next Monday, October 25. Do you feel ready?

I have decided to call the 16″ a “MacBook Pro Max,” just to sow confusion.


macOS Terminal and Shell Book Cover

Support this weekly news summary

macOS Terminal and Shell:
You have always wanted to ‘learn Terminal,‘ right? This book teaches how (and why) to use the command line on macOS. Get it on Apple Books!

(If you have already bought the book, please leave a review on the Apple Books Store. Thank you!)


If you think your company or product is a good fit to sponsor this newsletter, please contact me!

In preparation for the OS releases next week, we got not just one, but two realease candidates. Unfortunately, it does not look like there will be a full installer of either RC, so no final deployment testing workflows. (There is an IPSW for Apple Configurator, so you can test those.)

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

New MacBooks Pro with M1 Pro and Max

macOS 12 Monterey and iOS 15

macOS and iOS Updates

MacAdmins on Twitter

  • Rich Trouton: “If you want an Intel processor in your new Mac, here are your options: 21.5 inch iMac, 27 inch iMac, Mac Pro. All other Mac models are now Apple Silicon Macs.” (Mac mini added in a later tweet)
  • Brian Stucki: “FYI: There was one small addition in the macOS SLA for Monterey. (highlighted in the image) It’s especially helpful for those who run virtual machines on their Mac. Thanks!” (Highlighted passage: “run up to two (2) additional copies of the Apple Software, or any prior macOS or OS X operation system software or subsequent release of the Apple Software”)

Security and Privacy

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Watch

To Listen

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2021-10-15

Apple has announced the next live event for Monday (Oct 18). The expectation is they will show new Apple Silicon Macs and announce the publishing date for macOS Monterey.


(Sponsor: vast limits)

uberAgent: per-application network monitoring

uberAgent Logo

uberAgent is an innovative user experience monitoring product for macOS and Windows. uberAgent’s highlights include detailed information about application performance, network reliability drill-downs, application usage metering, browser performance, and web app metrics. Try for yourself and get your free 100 user community license at uberagent.com.


We also got a new series of betas for macOS 12 Monterey (beta 10) and iOS 15.1 (beta 4) and siblings.

MacSysAdmin concluded last week, but the sessions are still online. I still have some catching up to do. On top of that, Objective-by-the-Sea have posted their sessions on YouTube, as well!

Watch those sessions quickly, because next week is Jamf Nation User Conference, which will bring even more sessions to feel guilty because you have not watched them yet. You can still register for free. I will be in a Panel on Patch Managemet with Ryan Ball and Ben Toms, and I have a presentation on Installomator.

We also learned some dates for some of the conferences next year. I have updated my conference page, which also has links to session archives (where available).

If you think your company or product is a good fit to sponsor this newsletter, please contact me!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS 12 Monterey and iOS 15

MacAdmins on Twitter

  • Patrick Wardle: “Really seems that malware (adware) authors have no problem getting their malicious creations notarized by Apple…unless this is really a legitimate/required Flash Player update!?”
  • Patrick Wardle: “~1 hr later (on a Saturday no less), Apple has revoked the notarization/certificate!”
  • William Smith: “Attention MacAdmins: Today’s release of Microsoft Office for Mac 16.54 is the last version to support macOS Mojave 10.14.x. November’s release of 16.55 will require a minimum of macOS Catalina 10.15.”
  • Edward Marczak: “Instead of blocking the Next Major OS: – Prep, test, and be ready to roll it out day 1 – Communicate your upgrade policy If there is some breaking change, communicate this to your user base, and people that upgrade just earn themselves a trip to the re-imaging station.” (Thread)

Security and Privacy

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Installomator update: v0.7

We have published an update for Installomator. It is now at version 0.7 and has over 340 labels!

Here are the changes in detail:

  • default for BLOCKING_PROCESS_ACTIONis now BLOCKING_PROCESS_ACTION=tell_user and not prompt_user. It will demand the user to quit the app to get it updated, and not present any option to skip it. In considering various use cases in different MDM solutions this is the best option going forward. Users usually choose to update, and is most often not bothered much with this information. If it’s absoultely a bad time, then they can move the dialog box to the side, and click it when ready.
  • script is now assembled from fragments. This helps avoid merging conflicts on git and allows the core team to work on the script logic while also accepting new labels. See the “Assemble Script ReadMe” for details.
  • We now detect App Store installed apps, and we do not replace them automatically. An example is Slack that will loose all settings if it is suddenly changed from App Store version to the “web” version (they differ in the handling of settings files). If INSTALL=force then we will replace the App Store app. We log all this.
  • Change in finding installed apps. We now look in /Applications and /Applications/Utilities first. If not found there, we use spotligt to find it. (We discovered a problem when a user has Parallels Windows installed with Microsoft Edge in it. Then Installomator wanted to update the app all the time, becaus spotlight found that Windows version of the app that Parallels created.)
  • Added bunch of new labels, and improved others.
  • Renamed buildCaseStatement.sh to buildLabel.sh and improved it a lot. It is a great start when figuring out how to create a new label for an app, or a piece of software. Look at the tutorials in our wiki.
  • Mosyle changed their app name from Business to Self-Service

I have explained the changes to building the script in the beta release post and in the readme document on the repository. If you want to build your own labels, this is very important, be sure to read that first.

Weekly News Summary for Admins — 2021-10-08

MacAdmins are waiting for Apple to announce another Keynote event where we expect new Macs and the release date for macOS 12 Monterey. Not this week though. Instead, Apple had a beautiful video paying tribute to Steve Jobs.

Celebrating Steve – October 5 – Apple (YouTube)


(Sponsor: vast limits)

uberAgent: web app monitoring

uberAgent Logo

uberAgent is an innovative user experience monitoring product for macOS and Windows. uberAgent’s highlights include detailed information about application performance, network reliability drill-downs, application usage metering, browser performance, and web app metrics. Try for yourself and get your free 100 user community license at uberagent.com.


We did get new betas for macOS 12 Monterey, iOS 15.1 and a release candidate for the macOS 11.6.1 update. Also firmware updates for AirPods Pro and Max.

This week also featured MacSysAdmin Online. Every day a few videos from great presenters in the MacAdmin space were released. You can find them all here, along with links to the slides and/or resource pages. Access is free, and today is the last day you can purchase a T-shirt to support the online conference.

Many, many thanks to Patrik Jerneheim and everyone involved in making this happen. Huge kudos to all the speakers, I will have re-watch every one of the sessions to be able to process all the information and wisdom there-in. I am so proud to be a part of this. I am crossing my fingers to see you all in Göteborg next year!

If you think your company or product is a good fit to sponsor this newsletter, please contact me!

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS 12 Monterey and iOS 15

MacAdmins on Twitter

  • William Smith: “Advice to my past self… Don’t learn a device management system. Learn how to manage devices. Likewise, don’t learn an MDM. Learn MDM. Don’t learn how to support an operating system. Learn how to support your users. The rest will follow.”
  • Rands: “Ok. We’re in a meeting together. Rad. Here’s the mental checklist of what I’m doing in the first couple of minutes.” (Thread)

Security and Privacy

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

To Listen

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

MacSysAdmin Online 2021 is live!

The first set of sessions for the MacSysAdmin Online sessions are… well… online!

There is an introduction video from Patrik Jerneheim, a session on Time Machine by Howard Oakley, Rich Trouton demonstrates AutoPkg in the cloud and Charles Edge celebrates Scandinavian contributions to computing. Oh, and I talk about building tools with Swift and SwiftUI.

You can find the links to all the videos from today on the MacSysAdmin website. More sessions will be published every day this week at 09:30 CEST (UTC+2).

You can find the links and resources for my Swift session here.

You can still support MacSysAdmin Online by purchasing a T-Shirt. The store will remain open until Friday.

Many thanks to Patrik Jerneheim and the team for putting this on. Also to all the presenters for building these sessions.

News Summary for Admins — 2021-10-01

We got some really nice updates for the Pages, Keynote, and Numbers apps this week, across all platforms. A new beta for macOS 12 Monterey and iOS 15.1 (and siblings).


(Sponsor: vast limits)

uberAgent: application usage monitoring

uberAgent Logo

uberAgent is an innovative user experience monitoring product for macOS and Windows. uberAgent’s highlights include detailed information about application performance, network reliability drill-downs, application usage metering, browser performance, and web app metrics. Try for yourself and get your free 100 user community license at uberagent.com.


We are all looking with some envy towards Hawaii where the Objective-by-the-Sea conference is happening.

Next week Tuesday is the start of MacSysAdmin Online!. It is, yet again, painful that we cannot meet in person. The sessions will be available for free every day according to the program. You can still support the conference by purchasing a T-shirt. When you do so you will get a small surprise from Scripting OS X, as well.

And then we have JNUC later this month. This conference is also free to participate, but requires registration. It is not too late!

More links at my overview of the most important MacAdmin conferences.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

📰News and Opinion

🐟macOS 12 Monterey and iOS 15

⚙️macOS and iOS Updates

🐦MacAdmins on Twitter

  • Nathaniel Strauss: “iPadOS15 does not respect allowEraseContentAndSettings. Anyone can go into Settings > General > Transfer or Reset and erase the device. The option isn’t grayed out. Please file cases and feel free to reference my own case number 101500664636″
  • Rich Trouton: “TIL that Apple’s profile settings for Time Zone (timeZone) requires an underscore if something is two words: Right: America/New_York Wrong: America/New York If set incorrectly, the time zone defaults to using UTC.”
  • Andrew Laurence: “OH: “Managing macOS Software Update is like building a house with cooked spaghetti.” “

🔐Security and Privacy

🔨Support and HowTos

🤖Scripting and Automation

🍏Apple Support

♻️Updates and Releases

🎧To Listen

📚Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Weekly News Summary for Admins — 2021-09-24

iOS 15, iPadOS 15, watchOS 8 and the other related updates were published this week. On top of that the first iPhones 13 and new iPad mini are arriving today. I only linked to two reviews – you will know where to get opinions from your favorite bloggers and streamers.


(Sponsor: vast limits)

uberAgent: application performance monitoring

uberAgent Logo

uberAgent is an innovative user experience monitoring product for macOS and Windows. uberAgent’s highlights include detailed information about application performance, network reliability drill-downs, application usage metering, browser performance, and web app metrics. Try for yourself and get your free 100 user community license at uberagent.com.


We also got more security updates for iOS 12 and Catalina. And a new macOS 12 Monterey beta, as well as the first round of iOS 15.1 betas.

Last week’s newsletter dropped just a bit before the good news of the 11.6 full installer being available. Keep providing that feedback!

We have two major MacAdmin conferences coming up, both are online.

First is MacSysAdmin Online which will release sessions starting October 5 through October 8. You can still order a T-shirt to support the conference. The amazing speaker list is online. I will be presenting a session on Swift.

Later is Jamf Nation User Conference (JNUC) which is (again) entirely online and entirely free. You can still register and already look at the session list. I will be presenting a session on Installomator and participate in a panel on patch management.

There is always my overview of the most important upcoming conferences.

Also, in personal news: I am now working at Jamf. But this should not affect this news summary at all.

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

iOS 15 and siblings

Apple Support

macOS 12 Monterey

macOS and iOS Updates

MacAdmins on Twitter

  • Patrick Fergus: “Hey Everyone, Adobe Admin Console packages that include Acrobat should no longer fail when Safari is open.”
  • Eric Boyd: “Hi there @Apple device owners! We are mere hours away from the next major OS release for iPhones, iPads, Apple TV’s and iPods. So, what can you do to ensure the best experience with your upgrades? I have a few best practices that I follow and recommend for almost everyone.” (Thread)
  • Rich Trouton: “Every so often, I have a packaging task that I’m not sure AutoPkg can handle. I keep being wrong about that because AutoPkg just needs me to write the right recipe.”

Security and Privacy

Support and HowTos

Scripting and Automation

Updates and Releases

To Watch

To Listen

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!

Working at Jamf…

On a personal note: today is my first day working at Jamf as a Consulting Engineer.

I have been working with Jamf for more than a decade. Back then it was called Casper. Over the years, I have experienced the product and the company as a partner, as a customer and admin, and as a consultant. Working from the inside seemed like a logical next step. I will be joining a great team where I already know many people and I am looking forward to getting to know everyone else!

But don’t be afraid, this weblog and the weekly newsletter will continue as usual!

Weekly News Summary for Admins — 2021-09-17

So, we got a surprise update this week. macOS 11.6 and iOS 14.8 and despite the version numbers it does look as if they are “merely” security updates. They patch fairly serious vulnerabilities and there seem to be no other fixes or features, but the version numbering seems odd for a security update.


(Sponsor: Mosyle)

The Fusion of Apple MDM, Identity, Patching & Security.

Mosyle Fuse logo

Mosyle Fuse is the first and only product to bring a perfect blend of an Enterprise-grade MDM, an innovative solution for macOS Identity Management, automated application installation and patching, and purpose-built multi-layer endpoint security, all specially designed for Apple devices used at work at a price point that’s almost unexplainable.

Click here to learn more!


Even worse, there was no full installer, even after waiting a day or so. At first the communication from Apple was that there would be no full installer. This is problematic because the full installer is the best or only way to automate updates on Big Sur. Surprisingly, that message changed, “due to overwhelming feedback.” So great job on the feedback, everyone! (And keep providing it through all your available channels.)

Also in security, a malware-laden version of iTerm2 appeared this week. Apple has since revoked the certificate in question and most Malware tools should recognize it. This is a reminder that it can be fairly easy to be tricked into installing something malevolent.

Oh, and yes, there was an Apple Event with new iPhones, Watch, and iPads. Is it weird that the new iPad mini excites me most!?

If you would rather get the weekly newsletter by email, you can subscribe to the Scripting OS X Weekly Newsletter here!! (Same content, delivered to your Inbox once a week.)

News and Opinion

macOS 12 Monterey and iOS 15

macOS and iOS Updates

MacAdmins on Twitter

  • Darren Wallace: “TIL if you have two Jamf Pro instances linked to the same Intune instance, and enrol a device fully via Jamf Pro ‘A’ you need to trash the computer record in Jamf Pro ‘A’ before you can register the device in Intune properly through Jamf Pro ‘B'”
  • Peter Bukowinski: “Working in a remote shell with a tool that writes binary files (e.g. tcpdump) and don’t have an easy way to transfer files locally? bzip2 -9 filename; base64 filename.bz2 Copy the resulting text. Then in a local shell, echo "[PASTED_TEXT]" | base64 -d &gt; filename.bz2
  • Howard Oakley: “Also worth noting that, among others, SMB is updated from 3.6 to 3.6.1. How significant that might be is something Apple doesn’t seem to want to explain.”
  • Felipe Baez: “If you try installing an application that requires Rosetta on a M1 Mac, make sure you’re online otherwise you’ll get a very deceiving message from Apple. They should definitely rephrase that error.” (Image)
  • John Opdenakker: “The plural of regex is regrets.” (via Andrew Laurence)
  • Derek Parker: “I once read a tweet which explained tar commands in the form of two mnemonics: Need to untar? -xzf— “extract ze files” Need to tar? -czf— “compress ze files” And I think about it every single time I use tar. Wish I knew who to attribute this to, but it’s really great.”

Security and Privacy

Support and HowTos

Scripting and Automation

Apple Support

Updates and Releases

To Listen

Just for Fun

Support

If you are enjoying what you are reading here, please spread the word and recommend it to another Mac Admin!

If you want to support me and this website even further, then consider buying one (or all) of my books. It’s like a subscription fee, but you also get a useful book or two extra!