Still alive, just been busy with building decants, summer schools, and conferences. And turning old Macs into furniture.

And now it’s the new academic year and Apple releases El Capitan… I’ve not even had time to play with a beta, let alone the release version, and probably won’t for a while.

Things I’ve read about El Capitan:

• It doesn’t suffer the /usr/local/ migration problem which slowed down Yosemite updates
• Apparently XQuartz survives the update too
• You need to be running MacTeX 2015 to avoid issues arising from the restrictions that the SIP feature imposes

Munki seems to be OK with El Capitan, but MS Office seems to have serious issues. Outlook 2011 simply does not work in Exchange mode, though IMAP is OK. Office 2016 seems generally crashy too. And Symantec Endpoint AV is totally broken by the update with no (public) ETA for an update. I have to say the latter is the least concerning; in all the time I’ve been running SEP it’s not flagged anything, and I think the need for AV on the Mac remains marginal, but so long as it works and doesn’t kill my Mac I’ll tolerate it. However if it’s a case of updating to El Capitan in a week or so with lots of security fixes, versus waiting for Symantec, I know what I’m doing!

FileVault is the OS X full-disk encryption system, which everyone should use unless there is a really good reason not to. Mostly it just sits there in the background and doesn’t get in the way. Mostly.

If you don’t enter the correct password a few times then OS X will switch to the ‘Reset Password’ assistant. And there is no (obvious) getting out of it – even if you restart the machine you will be taken directly back to the assistant. This is most vexing if, say, the source of your problem password entry was not forgetfulness but a malfunctioning keyboard.

Thankfully there is a non-obvious solution or two.

• Restart the Mac and reset the NVRAM (press Command-Alt-P-R until the Mac chimes)
• Mouse-up to the top of the screen, and the menubar appears. From there select /Startup Disk. Enter your password to unlock the drive and reboot.

Check the video on Der Flounder to see the second option in more detail.

It appears there is a bug in Mail.app in Yosemite, which affects pasting text copied from Microsoft Word (and only Word). Chunks of text are omitted at random, which can be quite annoying.

I don’t use Word that much (BBEdit forever) so didn’t notice this, but was able to replicate the issue. My default message format in Mail.app is Plain Text, as used by all civilised people. My guess is that there is an issue in whatever code Mail uses to convert the RTF (Rich Text Format) copied from Word into plain text. On a hunch I switched to Rich Text in Mail (Format/Make Rich Text) and that seemed to work OK. However I did not perform extensive testing so it may well be this is not a 100% reliable workaround.

Other solutions mooted online involve pasting from Word into another application (like TextEdit, Pages, or TextWrangler) and then pasting from there into Mail.app. Hopefully Apple will address this issue in an update to Mail.

People being people, and academics being academics, there is often a lot of complaining about IT support – no matter where you are. But this example is one of the worst I’ve ever heard about. The US Ambassador to Kenya “ordered a commercial Internet connection installed in his embassy office bathroom so he could work there on a laptop not connected to the Department email system”

Apparently the US State Department is currently in the middle of rolling out a new, ‘modern’, desktop suite, based on Microsoft Office 2010…

The jokes just write themselves, but in the interests of taste, I’ll stop here!

I don’t like Java very much. Desktop programs written in it tend to have horrid user interfaces, and the history of browser-based exploits mean I refuse to use any website which wants to run a Java applet. Java is one part of my ‘unholy trinity’ of programs – Flash, Java, Adobe Reader – to try to avoid installing on your computer.

The most recent update to Java on the Mac brings ‘feature parity’ with the Windows release in a most unfortunate manner – the installer now offers to install the ask.com browser toolbar, and reset your browser homepage. Stay classy, Oracle.

Thankfully most Mac science software (e.g. ImageJ or TopCAT) which requires Java does not require the Oracle package, but instead asks for Apple’s Java 6 package, which can be installed automatically the first time you run a program which asks for it, and does not include a browser plugin.

In summary, if you have a problem which you think can be solved by installing Java on your computer, you’re wrong – you’re just adding one more problem to the pile!

Queen’s recently established a printing policy which is aiming to replace desktop printers with shared Xerox multi-function devices (printer/copiers) in central areas. While we’re not making use of their printing facilities at the moment, in the medium-term, once all our building moves are sorted out, we will be.

If you’re using a computer which is on the Queen’s Active Directory then the new campus-wide print queues show up automatically – otherwise a little effort is required. I have a set of notes on how to print to these queues from OS X (10.8 & later), Windows 7, and Linux, though the latter case is ‘difficult’.

Mac users who are part of the Munki-managed service will be able to install these print queues with a single click from Managed Software.

For a long time my default recommendation for a Mac laptop has been the MacBook Air 13″ – it’s a good basic machine. With the 1.7GHz dual-core i7 CPU, 8GB RAM, and 256GB SSD it comes to £866 ex VAT. The problem with the machine is that it only has one Thunderbolt port, which means you have to choose between video-out and gigabit networking, or else buy a docking station or Thunderbolt Display. Since gigabit networking is mostly non-negotiable, you’re obliged to spend around another £150 (ex. VAT) on a dock, and then possibly another £20 on a USB or Thunderbolt ethernet dongle in case you go somewhere where you need wired networking. Total price, around £1040 + VAT = £1250.

I wasn’t keen on the Retina MacBook Pro 13″ for a few reasons – chief amongst them being that I wasn’t sure the screen was justified, and that the machine was up to driving it without a discrete GPU. Well, having used retina screens for a while now myself, I think they’re more than justified – they’re so much easier on the eyes that I think anyone who is using computers for extended periods should have one. And having played with a 13″ rMBP, and spoken with folks who have one, it seems my concerns on the GPU front were overstated. And most importantly, the rMBP comes with two Thunderbolt ports, which means you can have both gigabit networking and video without a dock!

In terms of spec, the entry-level CPU is fine for most people – a 2.6GHz dual-core i5. I don’t see the point in upping this to the i7, as all that adds is a slightly higher base clock speed and the mostly useless hyper-threading virtual cores. So a machine with 8GB RAM and a 256GB SSD comes to £859 ex. VAT, which is actually cheaper than the similar-spec MBAir… Throw in the £20 gigabit dongle and we’re at a total of just under £1060 inc VAT.

Oopsie. :/

It’s been a while since I added anything here… oops.

Well, a few items of note:

• Yet another zero-day Flash exploit.
• Some useful notes from Apple about removing certain types of adware.
• Why avoiding MacKeeper is a good idea.

All of these relate to security matters, and sadly none of them are really new – it’s much of the same-old same-old.

I am firmly of the opinion that nobody in their right mind installs Flash on their computers – there is just too long a track record of security holes in that product to justify its existence. I don’t have it on any of my Macs – I do have an install of Chrome though, which comes bundled with a Flash install – so in Chrome I have a Flash-blocking extension installed! My default browser is Safari, but if I need to look at a Flash site I can fire up Chrome and then explicitly allow the specific Flash object to run. This doesn’t happen often, and it takes a lot to get me to do this. Apologies to those who sent me a Flash based Christmas e-card, but I didn’t actually look at them.

On a related matter to Adobe Flash, I’d not recommend installing Adobe Reader either. On the Mac Preview is mostly ‘good enough’, and on Windows Foxit Reader is free and excellent. The Adobe Reader web browser plugin is another gaping security hole which has been exploited time and again. Better to just not install it.

As for the adware/scareware field, these problems are generally self-inflicted. If you think there is a problem with your Mac, don’t install some random program – ask your computer support officers for assistance. And don’t install random browser plugins which offer to help you find downloads of Game of Thrones episodes (you know who you are!)

Continuing on the security thread, two final notes:

• With the release of Yosemite, Apple is now only supplying security patches for OS X 10.8 (Mountain Lion) and up. Anyone still on 10.6 or 10.7 needs to update, stat.
• I’ve been evaluating the campus copy of Symantec Endpoint Protection for OS X for a while. While anti-virus software remains of dubious use on OS X, the University has a sensible policy of requiring some sort of AV to be installed on computers. Typically I’ve recommended ClamXAV on OS X, since it’s unobtrusive and free. However SEP seems much less terrible than it used to be, and should it continue to not kill my Macs I’ll be less uncomfortable installing it in future. Please note my very purposely constructed statement!

Finally, in a day or so I’ll be updating my ‘recommended’ laptops list. Rumours about the future of the MacBook Air have had me thinking about the entry-level laptops.

OS X 10.10 Yosemite was released to the world yesterday, and enthusiastic installing started in M&P this morning. About 30 minutes later that enthusiasm was somewhat tempered by apparent disaster…

It turns out that the Yosemite Installer tries its best to preserve anything which has been installed into /usr/local/ on your Mac by (apparently) archiving it and then restoring after the Yosemite install has completed. But if you have a MacTeX install, with many many small files under /usr/local/texlive/ then it all goes wrong, leading to delays of many hours, or just a terminal hang. This behaviour has been seen on many machines and is a ‘known issue‘ with the MacTeX authors. The workaround is to move the folder /usr/local/ somewhere else, such as your home directory, before the install and then return it afterwards. However there are apparently several issues with MacTeX under Yosemite even after this, so if LaTeX is key to your existence you probably want to follow the updates on the MacOSX-Tex list before migrating.

This problem affects anything installed under /usr/local/ so it’s not just MacTeX but packages like Homebrew which trigger the problem; MacTeX is just the package most people likely have installed.

I have only used Yosemite a little (developer preview) and had a clean install on a new machine, so never saw this sort of problem. Lucky me. I will be waiting for a while to let developers catch up before I migrate my own systems!

A few known browser-related problems on Queen’s systems:

• Safari may save files with strange looking names from Exchange 2010 webmail
• Firefox version 30.0 and later will not connect to QOL as it has dropped support for the NTLMv1 authentication scheme used due to security concerns. Either use Firefox 24.0 LTS release or switch to another browser. On OS X Safari supports the secure NTLMv2 protocol. It is possible to set a hidden preference to re-enable NTLMv1 if you really must…
• Scrolling around the QOL home pages produced using Sharepoint is impossible in Chrome due to the “questionable” HTML Sharepoint produces. If you search for “Sharepoint Scrolling” in the Chrome Extensions store you can find a few third-party solutions.