Category Archives: Mac

2019 new-start Mac users

Posted on by

If you are joining the School as a PGR or PDRA in the 2019-20 academic year and are being issued a MacBook then the information below will be of use. Please review it before making an appointment to come see the School IT staff to collect the Mac.

All new machines are registered with the Apple Device Enrolment Program (DEP) which means that they will mostly set themselves up when turned on and connected to the network. You should review this video which gives you an overview of what to expect. Please note that the video features a Thunderbolt 3 docking solution which we are not giving out this year – instead we are issuing a USB-C hub for most users. In addition, when the registration wizard is running, do not use accented characters when entering your name – at best they will be ignored, more likely the wizard will hang.

Once the basic setup has completed, you will find yourself at the Mac desktop. If you’re not familiar with macOS then you should review the information available from macOS Help option under Help. You may also find this link useful.

If you are familiar with macOS, you’ll need to know about the way we run our systems.

Device Management

Posted on by

To enhance our management capabilities for Windows, macOS, and iOS systems we are deploying some new device management systems over the coming months.

For Windows systems are are upgrading our existing Chocolatey installation from the free release to Chocolatey for Business. Most of the changes from this will be transparent to end users, but there will be a user-accessible private App Store which will allow automated installation and updates for selected packages.

We are also participating in the University-wide roll-out of KACE systems management for Windows, which provides us with reporting facilities which all allow us to ensure that Windows and Office patches are deployed in a timely manner.

On the Apple side of things we have just commissioned a Jamf Pro installation which will complement the existing Munki infrastructure for macOS, and provide new management capabilities for iOS. It will also allow us to use the Apple Device Enrollment Program (DEP) to auto-configure new devices, and gives us access to remote lock and wipe capabilities for lost systems.

Initial deployments of Jamf Pro are commencing with Astrophysics machines and will then spread to the rest of Physics, before finally assimilating the Mathematicians.

The goal for these deployments is to enhance both our security posture and user experience. Many changes will be transparent to users, but where user action is needed instructions will be available from this page.

Security patches

Posted on by

At the end of last week a disturbing security issue was acknowledged in iOS and OS X Mavericks – the effect was that SSL certificates were not properly authenticated, so people were vulnerable to man-in-the-middle attacks. The flaw affected iOS6, iOS7, and OS X 10.9 Mavericks; third party testing suggested OS X 10.8 Mountain Lion and earlier OS X releases were fine.

Patches were released last week for iOS6 and iOS7, though the iOS6 update only worked on devices which were not capable of running iOS7 – this was enough to make me update my iPhone and iPad to iOS7, which I had resisted on grounds of taste to this point (aside – iOS7 ain’t so bad after all)

Today (Tuesday) Apple released OS X Mavericks 10.9.2, which includes fixes for the problem along with a lot of other issues – while it’s good to have the fix, it’s unfortunate that it’s rolled in with the general system update. Nonetheless Mavericks users should update as soon as possible (after making proper backups).

Interestingly Apple also released updates for Lion (10.7) and Mountain Lion (10.8) to address the SSL issue and other bugs which had already been fixed in Mavericks. The ongoing lack of fixes for these bugs is something I wrote about before and was what led me (and others) to assume that the Lions had been abandoned in favour of Mavericks. Of course, as soon as I finish rolling Mavericks out to a number of people Apple issues the long-awaited security patch… Thanks guys.

There are also updates for Safari to address various security bugs, but notably there is nothing for OS X 10.6 (Snow Leopard), apparently confirming earlier suspicions that Apple no longer supports 10.6; a definitive statement would be useful but clearly isn’t going to happen. Anyway, if you’re still using Snow Leopard on a machine which you can update to Mavericks (or Mountain Lion) you should do so; if the Mac won’t support Lion and later then I’m afraid it’s time for a new Mac, right now.

Anyway, after all this patching you might assume that you’re safe. Sorry. Now there’s evidence of a flaw in iOS7 which allows a malicious app to monitor keystrokes. So far this is a proof of concept only – there’s no evidence this is being exploited in the wild, but the PoC app did get published in the App Store, so malicious apps may already be out there. Yay. One assumes there will be another iOS patch very soon.

I’m reminded of the quip about thermodynamics – you can’t win; you can’t break even; you can’t even quit the game.

Lest Windows users start to feel smug, it turns out that the EMET hardening toolkit on Windows can be bypassed, and Microsoft also rolled out a patch for flaws in Windows Update which has to be applied outside of Windows Update, so probably most people will never even hear about it…

Finally, there are urgent updates for Flash (what else is new?) which once more illustrates the importance of limiting your Flash use as much as possible though the use of Click-to-run extensions, even if you only have Flash via Google Chrome.

What the *beep* is *beep* you *beep*

Image

As part of the Stargazing Live event at Cultra last week I was giving my talks on sci-fi weapons. To fit in with the event schedule I had to split what is normally one talk into four, which at least let me cover more material. Turns out I could fill another few lectures quite easily.

Being guardians of public virtue, the BBC were very concerned about scaring or offending some of the audience, so I had to do some bleeping on the soundtracks of clips from Aliens amongst others. I thought this would be easy. It wasn’t, though I admit I may well have missed the obvious.

After a few false starts, I found that the open source Audacity package was the best option for me. Export the soundtrack as an m4a file, import to Audacity and use its tone generator over the offending clip, then save and remerge using Quicktime 7 Pro. Hardly the most elegant option but it did work in the end.

One good thing about these lectures is that all the rewriting gave me a good opportunity to use the new Keynote for a while. So far I have no complaints, but I didn’t use the most complex features of the old release!

Disclaimer notice

Mac security updates

Posted on by

This article, while mostly click-baiting troll fodder, does raise a reasonable point.

The release notes for OS X Mavericks list a large number of security issues which are resolved in 10.9 only. A month on from the release of Mavericks no equivalent updates have been posted for Snow Leopard, Lion, or Mountain Lion. Absent official comment from Apple it seems that since the update to Mavericks is free, that’s your security patch.

Given the problems that come with any major system update this seems an utterly unreasonable approach, especially for cases where we’re dealing with complex third-party software which needs to be validated on each update. It’s bad enough that new Macs can never have older versions of the OS installed on them, but this is affecting machines which are currently running properly and now one has to choose between security and application stability. I’m at a loss to suggest the less bad option. Various applications require new versions to work on Mavericks, and not all of these updates are free.

This also absolutely reinforces my relief that I am no longer using OS X Server for anything apart from an illustration of why Linux or even Windows is a better server OS…

Kernel? Panic!!!

Posted on by

An interesting Mac problem today, one I’ve never seen before in all my years of messing about with Apples.

The user had applied some system updates from the App Store, and rebooted the MacBook Air as usual. Immediately on boot there was a kernel panic, with white text on a black background showing up over the grey boot screen. This happened even when trying to boot into safe mode (holding down Shift) though Recovery mode worked OK.

A quick google for the main text of the error – Unable to find driver for this platform: \”ACPI\”. – showed this was something others had seen at various times over the years when an update failed. The most common recommendation was to boot to recovery mode and reinstall OS X, though some other users suggested reapplying the most recent Combo updater to the affected machine. 

Combo updaters have all the files needed to update a machine from any point release of OS X to the latest, eg. 10.8.3 to 10.8.5 directly; the delta updaters only upgrade from one release to the next. Applying the combo updater is often a cure for small errors which seem to happen in incremental updates, as they replace a lot of files with fresh copies, eliminating small errors that can creep in over time.

I booted the afflicted Mac into Thunderbolt Target Disk mode, and plugged it into my MacBook – the disk showed up as expected. I downloaded the 10.8.5 Combo updater from Apple, and tried to run it. My grand plan fell apart at this point as my MacBook was running Mavericks, and the Combo updater plain refused to run, even to be applied to an external drive. After a quick look for a Mac running Mountain Lion which had a Thunderbolt port (my Mountain Lion iMac doesn’t sadly) I repeated the process, which took about 10 minutes to apply the full updater, and rebooted the Mac. Thankfully at that point it booted up perfectly fine, and afterwards had more updates applied from the App Store without problem.

So, lessons learned? Firstly, I need to keep some Mountain Lion machines around for the foreseeable future. Secondly, some people swear by always downloading the Combo updates from Apple and running those instead of the Delta updates from Software Update/App Store; I’m not at that point yet but I do start to see the attraction, and it does illustrate the utility of the Combo update for solving bizarre glitches.

Waiting for Mavericks.1

Posted on by

Things which I observed Mavericks cause problems with today:

  1. 2013 MacBook Airs discharging their batteries as they can’t maintain a sleep state.
  2. Keynote ’09 showing font problems – some fonts lose their spacing information and end up showing text bunched together. This happens on two machines. So the old Keynote is now broken (by a bug) while the new one is broken by design.
  3. Similarly Pages does not care for those fonts, but seems to overspace as opposed to squishing together.

In summary, wait for Mavericks.1 or Mavericks.2 if you possibly can…

Bootable Mavericks disks

Posted on by

After downloading the Mavericks installer from the AppStore you may wish to make a backup copy of the ‘Install OS X Mavericks’ app since it will normally be deleted after a successful install. If you’re going to install to multiple machines then you can simply copy the Installer app to the other computers, saving yourself a few GB download per Mac.

For future use you may wish to make a bootable USB drive – here’s how:

Sadly Carbon Copy Cloner no longer has a simple button to do this, but DiskMaker X does.

Note that as Apple updates Mavericks the installer App will be updated too; you can re-download it by visiting the ‘Purchases’ tab in the App Store, then re-make the USB drive.

Posted in Mac

Happy Halloween

Posted on by

Here’s a little Halloween computer story which is quite possibly real and most definitely concerning.

Add in another story involving Adobe incompetence.

I have a pretty poor opinion of Adobe software. Flash and Reader are two of the worst security problems on any computer, and my honest advice is not to install either.

These days there are few things one really needs Reader for. Macs, Windows 8, and Linux systems all come with perfectly competent PDF reader applications; under Windows 7 there is the well regarded Foxit reader which is free and has a better track record. The only times I have ever needed Adobe Reader are

  • reading encrypted PDFs used for inter-library loans
  • printing some Royal Mail prepaid mail envelopes

so I tend to think that most people are fine without it. If you must install Reader, make sure it’s not the default PDF reader and stop it from installing its web browser plugin. On the Mac this is a tedious manual process – you have to manually remove it from /Library/Internet Plug-ins/ after each update. Another reason to avoid it!

Flash is known as a security disaster, and hopefully its failure on mobile devices will lead to its eventual demise. However for the moment it’s still out there and at times necessary. My preferred solution for some time was to use Safari as my default browser, with no Flash plugin installed, and have Google Chrome as the backup browser. Chrome has its own internal Flash install which is sandboxed and auto-updates. Even then I would use a plugin blocking extension so that Flash objects would only work when clicked on.

Newer versions of Safari on the Mac now have more granular control on which websites can use plugins, so combined with the ClickToPlugin Safari extension a Safari-only option is more tolerable. Under OS X Mavericks Safari also sandboxes Flash, which will help, but is not a universal panacea as sandboxes can be broken too.

In case you’re wondering why I’m so paranoid, a common infection vector for malware is the insertion of exploit code in either Flash objects, or even tiny PDFs, embedded in web pages. These can affect perfectly legitimate sites too – either the site is hacked, or a third party advert or content service the site uses is compromised; either way you could end up with these malicious objects running when you visit a web page. Hence it’s best to minimise the attack ‘surface area’ as much as possible!

In a future post I’ll talk about some more security matters, including passwords. Meanwhile, as they used to say on Hill Street, Let’s be careful out there.

Newer is not always better

Posted on by

My most recent excitement has come from the most recent Apple software updates:

  • Mac OS X 10.9 Mavericks
  • iOS 7
  • iWork – specifically Keynote 6

I’ve not had much time with Mavericks as yet. I’ve installed it on a test laptop and it seems about par for the course for a .0 release of OS X – interesting but with some rough edges. I give it a week or so until 10.9.1 pops out. I’ve not seen anything mindblowingly awesome so far, but have found a few glitches. I’m keeping track of these on my wiki page.

For those interested, Ars Technica has a thorough analysis of Mavericks.

I installed iOS 7 on my work iPad Mini last week. It seems mostly OK though I’m not enamoured with the new look icons. The recent update to 7.03 means that one can remove not only the parallax effect, but also remove the folder closing animations. Thankfully they didn’t make me feel ill, but I did think they were a waste of time. I have not yet been inclined to install on my iPhone or home iPad but I’ll probably come around in time.

A big part of the Mavericks launch was the announcement that iWork will be free with all new Macs and iOS devices. I’m a big fan of Keynote, the presentations app in iWork, and use it instead of Powerpoint as it does things that make Powerpoint fall over in a sobbing heap. Sadly the update removes quite a few features in the name of parity between the Mac and iOS releases. One I use quite a bit is the option to embed a web page in a presentation which can be dynamically updated when the slide shows. Apple removed this from the main user interface a while ago, but existing embeds worked just fine and could be edited & copied to new presentations. Sadly Keynote 6 opens the presentation, converts the website with a static image, and then autosaves the file to the new Keynote 6 format overwriting your old file unless you cancel the import. All in all quite vexing.

This has set me thinking about how to replace that functionality. PowerPoint doesn’t do it either – you can link to a site, but that’s no use on a display board. So I’m looking at various HTML5 display frameworks which let you write a presentation with HTML and CSS. Several look impressive, so over the next few weeks I’ll be trying out a few, such as

After all, if most of the content you’re displaying is text, images, and web pages, what’s better than HTML to wrap it all up?