R.I.P. AirPort

Apple has discontinued their AirPort line of WiFi routers, including the AirPort Epress, AirPort Extreme, and AirPort Time Capsule.  Once in-stock product is sold no more will be manufactured.

To fill the void, Apple has posted a support article to help customers with choosing a Wi-Fi router to use with Apple devices.

32-bit Mac app support ending soon?

At the 2017 WWDC Apple made the vague statement that High Sierra would be the “last version of macOS to run 32-bit apps without compromise”.  This doesn’t implicitly state that macOS 10.14 won’t run 32-bit apps, but it could be interrupted that way.  It is also possible that macOS 10.14 will have some sort of limited 32-bit emulation, or just that the 32-bit Carbon framework will no longer get security updates.

This topic resurfaced recently, when Apple included a new 32-bit warning feature with the macOS 10.13.4 update.  Now whenever you launch a 32-bit app, a message is displayed saying that “[App name] is not optimized for your Mac.  This app needs to be updated by its developer to improve compatibility.”

A lot of Mac users are still running older 32-bit apps Including Microsoft Office 2011 and older versions of Adobe apps (InDesign CS 6, Illustrator CS5, Acrobat Pro X).  QuickTime 7 and Quicken 2007 are also a 32-bit app.  Now is the time to upgrade or transition to alternative 64-bit apps.

To run a report on a Mac to see how many 32-bit apps are installed, click the Apple and select About this Mac, then press the System Report button.  Next click on Applications along the left (under the Software section), and wait for the results.   In the list of applications displayed, check the “64-Bit (Intel) tab” to the far right.   Anything listed as “No” is 32-bit.

EtreCheck 4 changes

One of my favorite Mac troubleshooting tools is EtreCheck, and EtreCheck 4 was released last February.  This update comes some fairly major changes, including:

  • EtreCheck 4 no longer open source (free/donationware)
    • You can run EtreCheck up to five times on a single Mac workstation for free in trial mode
    • To run EtreCheck more than five times on a single Mac workstation, a license must be purchased
    • This license costs $20 (for use in the US region), and can be installed on up to three Mac workstations
    • You can deactivate copies of EthreCheck and move a license from one Mac to another
  • EtreCheck 4 has an updated user interface
    • Items are broken down by section along the left
    • To get back to the old school output (like previous versions of EtreCheck) scroll down to the bottom of the list along the left and select Report
  • EtreCheck 4 doesn’t allow you to take screenshots of the app
    • This makes it challenging for documenting how to use EtreCheck

Secure Boot restricts what the iMac Pro can boot from

The iMac Pro has a new feature called Secure Boot, that I’m presuming will be added to future Mac models as they are released.

Secure Boot makes sure that the startup disk is “a legitimate, trusted Mac operating system or Microsoft Windows operating system”.  Secure Boot can also prevent the Mac from booting from an external drive.

The setting for Secure Boot can only be changed while booted into Recovery mode, by clicking on Utilities, and selecting Startup Security Utility.

By default Secure Boot is set to “Full Security”, which restrict the Mac from only booting from its primary startup volume and Apple recovery volumes.  The “Disallow booting from external media” choice is also set by default.  Options include:

The Secure Boot feature is something that all Mac support professionals need to know about, because changes the game when it comes to booting from external service drives or cloned volumes.

Even if an iMac Pro has Secure Boot set to “No Security”, it can’t boot from a NetBoot, NetInstall, or NetRestore image.  Apple confirms that in this support article.  Rumor has it that the forthcoming macOS 10.13.4 update will remove this restriction, allowing Mac Pros to boot from network images.  It should be noted however that Apple is now saying that network imaging can only be used to re-install the OS, and that upgrading the OS via a network image isn’t recommend or supported.

Mac Server app won’t be serving much soon

Last October I reported that Apple Server app 5.4 removes the option to setup network file shares (yes, you read right, a server app that can’t provide basic file sharing).  They also removed FTP sharing, Caching server, Time Machine backup server, and Xcode Server from the Server app.

Apple recently announced that even more services will be retired from the forthcoming Server app update, due in Spring 2018.  They have posted a support article titled “Prepare for changes to macOS Server”, listing the following services that will be depreciated:

  • Calendar
  • Contacts
  • DHCP
  • DNS
  • Mail
  • Messages
  • NetInstall
  • VPN
  • Websites
  • Wiki

Unlike file sharing, Apple claims that if you already have an existing Server app setup with these services already enabled, the service will continue to work after the Spring 2018 update.  For new installs the services will be hidden, an Apple warns that these depreciated services will be completely removed in a future release.

So you may ask yourself, what good is a Server app that can’t provide any server features?  Apple’s answer is “macOS Server is changing to focus more on management of computers, devices, and storage on your network”.  My answer is they are fully committed to removing themselves from this segment of the Enterprise market.  Instead of retiring the Server app and improving their Configurator app, they’ve decided to rip out all the “server” bits but leave the name confusing the same.

Mac office apps now multi-user aware

Microsoft has released an update for Office 2016 for Mac (v16.9) that adds real-time multi-user editing to Word, Excel, and PowerPoint.  When more than one person is editing a document simultaneously, a thumbnail will show in the upper right corner of the app indicating someone else is working on the doc.

Microsoft describes this feature as “Edit with others in real time: Thumbnails in the upper-right corner of the window show who else is working with you in a shared document. Flag icons show where others are working and you can view changes as they type.”

 

Recipe for getting Sierra from the Mac App store

The Mac App Store allows you to view past purchases (Store->Purchased) linked to your Apple ID, and if you’ve upgraded the version of Mac OS in the past on any Mac, the free downloads for the OS installers are supposed to show here.  For example, when logging into the Mac App store using my Apple ID, in the purchased list I see downloads for things like OS X Mavericks, OS X Yosemite, and OS X El Capitan.

Curiously Apple decided to exclude the Sierra installer in the purchased list shortly after High Sierra came out.  I guess enough people wanting to revert from High Sierra to Sierra complained about this, because Apple has published this support article detailing how to download Sierra by clicking on a special link that opens in the Mac App Store.  This works even if the Apple ID you are logged in with has never downloaded Sierra.

On a related note, Apple also published a similar support article detailing how to download El Capitan by clicking on a special link that opens in the Mac App Store.  This also works if the Apple ID you are logged in with has never downloaded El Capitan.

High Sierra security flaw – Root password? Where we’re going we don’t need root password!

Versions 10.13 and 10.13.1 of Apple’s High Sierra Mac operating system have a major flaw that makes it possible to completely bypass all security features  This can be exploited from the login window or any authentication prompt, if “root” is entered for the username and the password is left blank.  After this has been done, the Mac can be accessed as root without a password either locally or remotely via the command line.

While this is an unprecedented Apple security bug, this risk is minimal for most Mac users.  Here’s my need-to-know assessment:

  • Physical access to the Mac is required to “activate” this vulnerability*
  • News of this bug went viral on 11/28/17
  • In less than 24 hours Apple released a patch to fix it: Security Update 2017-001

*The ability to access the Mac as root without a password is one that requires “activation”, and by activation I mean someone with physical access to the Mac would first need to actually enter “root” for the username at the login window or authentication prompt, click into the blank password field, and attempt to continue multiple times (the first few will fail).  If this hasn’t previously been done, the Mac is safe from this bug.

Now that this flaw is public knowledge, Macs running High Sierra 10.13 or 10.13.1 should have the Security Update 2017-001 update applied ASAP.  While the threat is limited in scope, it makes publicly accessible unpatched Macs a prime target.  Once macOS 10.13.2 is released this will all be water under the bridge, because Apple rolls previous security patches into macOS updates.

A few additional items of note:

  • This can only potentially affect Macs that have never had the root user enabled.
  • The Security Update 2017-001 will disable the root user if it has been enabled in the past.  Apple’s instructions for enabling/re-enabling the root user are posted here.
  • There are reports of the Security Update 2017-001 breaking file sharing.  This is limited to Macs running High Sierra 10.13.1, sharing out files via SMB to other Macs. 12/1/17 UPDATE: Apple has posted a fix for this problem.
  • This flaw is not limited to root, it also extents to other faceless user accounts like guest, _applepay, and _uucp.  See this Objective-See blog post for more details on the underlying cause, including what Apple did wrong.
  • Apple has released a followup statement that includes: “We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better. We are auditing our development processes to help prevent this from happening again.”

OWC Aura High Sierra firmware install workaround

If a Mac has been upgraded with an OWC Aura SSD, it may fail to install to High Sierra, erroring out with: “macOS could not be installed on your computer.  An error occurred while verifying firmware.”

OWC claims this is limited to certain model MacBook Airs and Mac Pros, but owners of MacBook Pros have also reported the problem.  See this OWC blog post for more information.  They are working with Apple towards a fix.

If you have an OWC Aura SSD and are dead set on installing High Sierra, there is a confirmed workaround.  Temporarily replace the Aura SSD with the original Apple storage, boot from the Apple storage, then install High Sierra.  The High Sierra install will automatically apply the needed firmware update.  Afterwards, replace the original Apple storage with the Aura SSD, boot from the Aura SSD, then install High Sierra.

Supporting High Sierra – the APFS Entanglement

Things have suddenly become more complex when supporting Macs, thanks to High Sierra’s semi-adoption of the new Apple File System, otherwise known as APFS.

For over 30 years all Macs have used Apple’s HFS file system, which last underwent changes in 1998 when HFS+ was introduced (a.k.a. Mac OS Extended).  A file system is the behind-the-scenes mechanism controlling how a volume is formatted, and how the operating system stores or retrieves data.  HFS+ was also the base file system for iOS, tvOS, and watchOS.

APFS is Apple’s replacement for the aging HFS+ file system.  APFS offers many long-awaited improvements including: Support for snapshots, native full disk encryption, delta based file copy (copies of files don’t occupy additional storage space), advanced crash protection, and shared space across multiple volumes.

HFS+ volumes can be converted to APFS, but they can’t be converted back.  Any iPhone or iPad running iOS 10.3 or later has already had its storage converted to APFS.  The same is true with any recently updated Apple TV or Apple Watch.

I believe APFS will ultimately improve all things Apple, but mark my words… From a Mac troubleshooting and support perspective, APFS is the biggest change Apple has made since switching from PowerPC to Intel processors.  It adds a layer of complexity to supporting Macs unlike no other.

Mac savvy engineers should know the following about APFS:

  1. High Sierra only converts SSD boot volume to APFS, HDD and Fusion Drives are not converted… more
  2. Because High Sierra can run on either APFS or HFS+, determining the file system has become an important troubleshooting step… more
  3. APFS volumes cannot be used for Time Machine backups… more
  4. AFP file shares cannot be created on an APFS volume… more
  5. External drives formatted as APFS cannot be mounted on Macs running Mac OS 10.11 or older
« Older posts

© 2018 ATS Blog

Theme by Anders NorenUp ↑