Category Archives: iOS

Device Management

Posted on by

To enhance our management capabilities for Windows, macOS, and iOS systems we are deploying some new device management systems over the coming months.

For Windows systems are are upgrading our existing Chocolatey installation from the free release to Chocolatey for Business. Most of the changes from this will be transparent to end users, but there will be a user-accessible private App Store which will allow automated installation and updates for selected packages.

We are also participating in the University-wide roll-out of KACE systems management for Windows, which provides us with reporting facilities which all allow us to ensure that Windows and Office patches are deployed in a timely manner.

On the Apple side of things we have just commissioned a Jamf Pro installation which will complement the existing Munki infrastructure for macOS, and provide new management capabilities for iOS. It will also allow us to use the Apple Device Enrollment Program (DEP) to auto-configure new devices, and gives us access to remote lock and wipe capabilities for lost systems.

Initial deployments of Jamf Pro are commencing with Astrophysics machines and will then spread to the rest of Physics, before finally assimilating the Mathematicians.

The goal for these deployments is to enhance both our security posture and user experience. Many changes will be transparent to users, but where user action is needed instructions will be available from this page.

Security patches

Posted on by

At the end of last week a disturbing security issue was acknowledged in iOS and OS X Mavericks – the effect was that SSL certificates were not properly authenticated, so people were vulnerable to man-in-the-middle attacks. The flaw affected iOS6, iOS7, and OS X 10.9 Mavericks; third party testing suggested OS X 10.8 Mountain Lion and earlier OS X releases were fine.

Patches were released last week for iOS6 and iOS7, though the iOS6 update only worked on devices which were not capable of running iOS7 – this was enough to make me update my iPhone and iPad to iOS7, which I had resisted on grounds of taste to this point (aside – iOS7 ain’t so bad after all)

Today (Tuesday) Apple released OS X Mavericks 10.9.2, which includes fixes for the problem along with a lot of other issues – while it’s good to have the fix, it’s unfortunate that it’s rolled in with the general system update. Nonetheless Mavericks users should update as soon as possible (after making proper backups).

Interestingly Apple also released updates for Lion (10.7) and Mountain Lion (10.8) to address the SSL issue and other bugs which had already been fixed in Mavericks. The ongoing lack of fixes for these bugs is something I wrote about before and was what led me (and others) to assume that the Lions had been abandoned in favour of Mavericks. Of course, as soon as I finish rolling Mavericks out to a number of people Apple issues the long-awaited security patch… Thanks guys.

There are also updates for Safari to address various security bugs, but notably there is nothing for OS X 10.6 (Snow Leopard), apparently confirming earlier suspicions that Apple no longer supports 10.6; a definitive statement would be useful but clearly isn’t going to happen. Anyway, if you’re still using Snow Leopard on a machine which you can update to Mavericks (or Mountain Lion) you should do so; if the Mac won’t support Lion and later then I’m afraid it’s time for a new Mac, right now.

Anyway, after all this patching you might assume that you’re safe. Sorry. Now there’s evidence of a flaw in iOS7 which allows a malicious app to monitor keystrokes. So far this is a proof of concept only – there’s no evidence this is being exploited in the wild, but the PoC app did get published in the App Store, so malicious apps may already be out there. Yay. One assumes there will be another iOS patch very soon.

I’m reminded of the quip about thermodynamics – you can’t win; you can’t break even; you can’t even quit the game.

Lest Windows users start to feel smug, it turns out that the EMET hardening toolkit on Windows can be bypassed, and Microsoft also rolled out a patch for flaws in Windows Update which has to be applied outside of Windows Update, so probably most people will never even hear about it…

Finally, there are urgent updates for Flash (what else is new?) which once more illustrates the importance of limiting your Flash use as much as possible though the use of Click-to-run extensions, even if you only have Flash via Google Chrome.

Newer is not always better

Posted on by

My most recent excitement has come from the most recent Apple software updates:

  • Mac OS X 10.9 Mavericks
  • iOS 7
  • iWork – specifically Keynote 6

I’ve not had much time with Mavericks as yet. I’ve installed it on a test laptop and it seems about par for the course for a .0 release of OS X – interesting but with some rough edges. I give it a week or so until 10.9.1 pops out. I’ve not seen anything mindblowingly awesome so far, but have found a few glitches. I’m keeping track of these on my wiki page.

For those interested, Ars Technica has a thorough analysis of Mavericks.

I installed iOS 7 on my work iPad Mini last week. It seems mostly OK though I’m not enamoured with the new look icons. The recent update to 7.03 means that one can remove not only the parallax effect, but also remove the folder closing animations. Thankfully they didn’t make me feel ill, but I did think they were a waste of time. I have not yet been inclined to install on my iPhone or home iPad but I’ll probably come around in time.

A big part of the Mavericks launch was the announcement that iWork will be free with all new Macs and iOS devices. I’m a big fan of Keynote, the presentations app in iWork, and use it instead of Powerpoint as it does things that make Powerpoint fall over in a sobbing heap. Sadly the update removes quite a few features in the name of parity between the Mac and iOS releases. One I use quite a bit is the option to embed a web page in a presentation which can be dynamically updated when the slide shows. Apple removed this from the main user interface a while ago, but existing embeds worked just fine and could be edited & copied to new presentations. Sadly Keynote 6 opens the presentation, converts the website with a static image, and then autosaves the file to the new Keynote 6 format overwriting your old file unless you cancel the import. All in all quite vexing.

This has set me thinking about how to replace that functionality. PowerPoint doesn’t do it either – you can link to a site, but that’s no use on a display board. So I’m looking at various HTML5 display frameworks which let you write a presentation with HTML and CSS. Several look impressive, so over the next few weeks I’ll be trying out a few, such as

After all, if most of the content you’re displaying is text, images, and web pages, what’s better than HTML to wrap it all up?