Category Archives: Apple

2019 new-start Mac users

Posted on by

If you are joining the School as a PGR or PDRA in the 2019-20 academic year and are being issued a MacBook then the information below will be of use. Please review it before making an appointment to come see the School IT staff to collect the Mac.

All new machines are registered with the Apple Device Enrolment Program (DEP) which means that they will mostly set themselves up when turned on and connected to the network. You should review this video which gives you an overview of what to expect. Please note that the video features a Thunderbolt 3 docking solution which we are not giving out this year – instead we are issuing a USB-C hub for most users. In addition, when the registration wizard is running, do not use accented characters when entering your name – at best they will be ignored, more likely the wizard will hang.

Once the basic setup has completed, you will find yourself at the Mac desktop. If you’re not familiar with macOS then you should review the information available from macOS Help option under Help. You may also find this link useful.

If you are familiar with macOS, you’ll need to know about the way we run our systems.

Device Management

Posted on by

To enhance our management capabilities for Windows, macOS, and iOS systems we are deploying some new device management systems over the coming months.

For Windows systems are are upgrading our existing Chocolatey installation from the free release to Chocolatey for Business. Most of the changes from this will be transparent to end users, but there will be a user-accessible private App Store which will allow automated installation and updates for selected packages.

We are also participating in the University-wide roll-out of KACE systems management for Windows, which provides us with reporting facilities which all allow us to ensure that Windows and Office patches are deployed in a timely manner.

On the Apple side of things we have just commissioned a Jamf Pro installation which will complement the existing Munki infrastructure for macOS, and provide new management capabilities for iOS. It will also allow us to use the Apple Device Enrollment Program (DEP) to auto-configure new devices, and gives us access to remote lock and wipe capabilities for lost systems.

Initial deployments of Jamf Pro are commencing with Astrophysics machines and will then spread to the rest of Physics, before finally assimilating the Mathematicians.

The goal for these deployments is to enhance both our security posture and user experience. Many changes will be transparent to users, but where user action is needed instructions will be available from this page.

Mac security updates

Posted on by

This article, while mostly click-baiting troll fodder, does raise a reasonable point.

The release notes for OS X Mavericks list a large number of security issues which are resolved in 10.9 only. A month on from the release of Mavericks no equivalent updates have been posted for Snow Leopard, Lion, or Mountain Lion. Absent official comment from Apple it seems that since the update to Mavericks is free, that’s your security patch.

Given the problems that come with any major system update this seems an utterly unreasonable approach, especially for cases where we’re dealing with complex third-party software which needs to be validated on each update. It’s bad enough that new Macs can never have older versions of the OS installed on them, but this is affecting machines which are currently running properly and now one has to choose between security and application stability. I’m at a loss to suggest the less bad option. Various applications require new versions to work on Mavericks, and not all of these updates are free.

This also absolutely reinforces my relief that I am no longer using OS X Server for anything apart from an illustration of why Linux or even Windows is a better server OS…

Kernel? Panic!!!

Posted on by

An interesting Mac problem today, one I’ve never seen before in all my years of messing about with Apples.

The user had applied some system updates from the App Store, and rebooted the MacBook Air as usual. Immediately on boot there was a kernel panic, with white text on a black background showing up over the grey boot screen. This happened even when trying to boot into safe mode (holding down Shift) though Recovery mode worked OK.

A quick google for the main text of the error – Unable to find driver for this platform: \”ACPI\”. – showed this was something others had seen at various times over the years when an update failed. The most common recommendation was to boot to recovery mode and reinstall OS X, though some other users suggested reapplying the most recent Combo updater to the affected machine. 

Combo updaters have all the files needed to update a machine from any point release of OS X to the latest, eg. 10.8.3 to 10.8.5 directly; the delta updaters only upgrade from one release to the next. Applying the combo updater is often a cure for small errors which seem to happen in incremental updates, as they replace a lot of files with fresh copies, eliminating small errors that can creep in over time.

I booted the afflicted Mac into Thunderbolt Target Disk mode, and plugged it into my MacBook – the disk showed up as expected. I downloaded the 10.8.5 Combo updater from Apple, and tried to run it. My grand plan fell apart at this point as my MacBook was running Mavericks, and the Combo updater plain refused to run, even to be applied to an external drive. After a quick look for a Mac running Mountain Lion which had a Thunderbolt port (my Mountain Lion iMac doesn’t sadly) I repeated the process, which took about 10 minutes to apply the full updater, and rebooted the Mac. Thankfully at that point it booted up perfectly fine, and afterwards had more updates applied from the App Store without problem.

So, lessons learned? Firstly, I need to keep some Mountain Lion machines around for the foreseeable future. Secondly, some people swear by always downloading the Combo updates from Apple and running those instead of the Delta updates from Software Update/App Store; I’m not at that point yet but I do start to see the attraction, and it does illustrate the utility of the Combo update for solving bizarre glitches.

Waiting for Mavericks.1

Posted on by

Things which I observed Mavericks cause problems with today:

  1. 2013 MacBook Airs discharging their batteries as they can’t maintain a sleep state.
  2. Keynote ’09 showing font problems – some fonts lose their spacing information and end up showing text bunched together. This happens on two machines. So the old Keynote is now broken (by a bug) while the new one is broken by design.
  3. Similarly Pages does not care for those fonts, but seems to overspace as opposed to squishing together.

In summary, wait for Mavericks.1 or Mavericks.2 if you possibly can…

Happy Halloween

Posted on by

Here’s a little Halloween computer story which is quite possibly real and most definitely concerning.

Add in another story involving Adobe incompetence.

I have a pretty poor opinion of Adobe software. Flash and Reader are two of the worst security problems on any computer, and my honest advice is not to install either.

These days there are few things one really needs Reader for. Macs, Windows 8, and Linux systems all come with perfectly competent PDF reader applications; under Windows 7 there is the well regarded Foxit reader which is free and has a better track record. The only times I have ever needed Adobe Reader are

  • reading encrypted PDFs used for inter-library loans
  • printing some Royal Mail prepaid mail envelopes

so I tend to think that most people are fine without it. If you must install Reader, make sure it’s not the default PDF reader and stop it from installing its web browser plugin. On the Mac this is a tedious manual process – you have to manually remove it from /Library/Internet Plug-ins/ after each update. Another reason to avoid it!

Flash is known as a security disaster, and hopefully its failure on mobile devices will lead to its eventual demise. However for the moment it’s still out there and at times necessary. My preferred solution for some time was to use Safari as my default browser, with no Flash plugin installed, and have Google Chrome as the backup browser. Chrome has its own internal Flash install which is sandboxed and auto-updates. Even then I would use a plugin blocking extension so that Flash objects would only work when clicked on.

Newer versions of Safari on the Mac now have more granular control on which websites can use plugins, so combined with the ClickToPlugin Safari extension a Safari-only option is more tolerable. Under OS X Mavericks Safari also sandboxes Flash, which will help, but is not a universal panacea as sandboxes can be broken too.

In case you’re wondering why I’m so paranoid, a common infection vector for malware is the insertion of exploit code in either Flash objects, or even tiny PDFs, embedded in web pages. These can affect perfectly legitimate sites too – either the site is hacked, or a third party advert or content service the site uses is compromised; either way you could end up with these malicious objects running when you visit a web page. Hence it’s best to minimise the attack ‘surface area’ as much as possible!

In a future post I’ll talk about some more security matters, including passwords. Meanwhile, as they used to say on Hill Street, Let’s be careful out there.

Newer is not always better

Posted on by

My most recent excitement has come from the most recent Apple software updates:

  • Mac OS X 10.9 Mavericks
  • iOS 7
  • iWork – specifically Keynote 6

I’ve not had much time with Mavericks as yet. I’ve installed it on a test laptop and it seems about par for the course for a .0 release of OS X – interesting but with some rough edges. I give it a week or so until 10.9.1 pops out. I’ve not seen anything mindblowingly awesome so far, but have found a few glitches. I’m keeping track of these on my wiki page.

For those interested, Ars Technica has a thorough analysis of Mavericks.

I installed iOS 7 on my work iPad Mini last week. It seems mostly OK though I’m not enamoured with the new look icons. The recent update to 7.03 means that one can remove not only the parallax effect, but also remove the folder closing animations. Thankfully they didn’t make me feel ill, but I did think they were a waste of time. I have not yet been inclined to install on my iPhone or home iPad but I’ll probably come around in time.

A big part of the Mavericks launch was the announcement that iWork will be free with all new Macs and iOS devices. I’m a big fan of Keynote, the presentations app in iWork, and use it instead of Powerpoint as it does things that make Powerpoint fall over in a sobbing heap. Sadly the update removes quite a few features in the name of parity between the Mac and iOS releases. One I use quite a bit is the option to embed a web page in a presentation which can be dynamically updated when the slide shows. Apple removed this from the main user interface a while ago, but existing embeds worked just fine and could be edited & copied to new presentations. Sadly Keynote 6 opens the presentation, converts the website with a static image, and then autosaves the file to the new Keynote 6 format overwriting your old file unless you cancel the import. All in all quite vexing.

This has set me thinking about how to replace that functionality. PowerPoint doesn’t do it either – you can link to a site, but that’s no use on a display board. So I’m looking at various HTML5 display frameworks which let you write a presentation with HTML and CSS. Several look impressive, so over the next few weeks I’ll be trying out a few, such as

After all, if most of the content you’re displaying is text, images, and web pages, what’s better than HTML to wrap it all up?