Author: Dave

I – as I’ve probably noted elsewhere on this blog – am rapidly becoming terribly old. Well, not terribly old; it seems to be a convention of the human condition that we shift the goalposts on a rolling basis, and while I felt like the weight of adulthood had settled firmly on my shoulders in my late-twenties I’m now willing to accommodate a world view where forty-seven doesn’t seem so bad.

Still, age is all in the mind. And the knees. Well, actually it’s more tangibly a knee-based phenomenon; you can feel as vigorous and sharp as you ever did but then you stand up and your joints make alarming gronking sounds and you start to wonder how long before the reaper starts pencilling you in on his rounds.

All this homespun wisdom is a preamble to the meat of this piece, which is about the state of malware on macOS. Oh, you didn’t get that from all the blathering about knees? That’s fair, I suppose; the occasion of my impending decrepitude is more about being old enough to remember when Macs got viruses, which was a very, very long time ago.

It’s worth spending a moment digging into what viruses actually are and the difference between viruses and malware. These seem to be used interchangeably, but they’re distinct and very different animals and the methods in which they’re employed and protected against are also distinct.

Viruses are computer programs that self-replicate when executed, modifying other pieces of code (executables and files/data) to incorporate themselves so that they can spread and infect other computers. If you make an exception for Microsoft Word macro viruses (which I do because they don’t do code-injection into anything and your Mac can only be a carrier) then there are no macOS viruses. That’s right, I’m planting my flag squarely in “none” and I’m holding that ground. If you disagree then, well, you and I are going to have to go outside and fight. And I’m going to take off my shirt and fight and nobody wants to see that.

(Sidebar: I wear glasses and have bad knees and a doctors note that stipulates no brawling in the street.)

The Mac used to have viruses, back pre-OS X. Some nasty ones, too, but virus software is just that – software – and if your modus operandi was to write code to infect the maximum number of machines in the 1990’s and 2000’s then your best bet was to go and write viruses for Windows. The irony that developers wouldn’t write viruses for Macs for the same reason that they wouldn’t write a lot of other software for Macs is not lost on me.

Malware is a wider net, and were it not for the specific mechanic of viruses (and the fact that people were talking about computer viruses decades before anyone coined the phrase “Malware”) then I’d be including viruses in that net. Most people do, and I agree that while that’s technically accurate in that a virus is a piece of software that runs on your computer and does Something Bad what we think of as Malware (or Adware, which is basically just a flavor of Malware) in this day and age tends to require human input. Generally speaking you have to perform an action to enable it; it’s the modern-day equivalent of having to invite the Vampire into your home before it can eat you.

Fortunately, Apple has done a lot to protect macOS. So much, in fact, that if we take a step out of the world of breathless hand-wringing and pause for a brief moment of sanity it becomes apparent that macOS malware is a fringe problem. A couple of weeks back the nice folks at Malwarebytes got a lot of press by pointing out that macOS Malware attacks are up disproportionately compared with Windows/Android attacks, and this is in fact broadly accurate. What a lot of people seem to have conveniently side-stepped is that you can shoot arrows at a brick wall all day long and not manage to do a lot of damage. Yes, macOS Malware attacks are up, but actual, real-world damage? Not a lot of significant difference there.

Why? My theory is that the point where macOS was insignificant enough to not merit attention and the point in which Apple introduced protections like GateKeeper (and now code notarization) was less a point and more an overlap. Further, it’s worth pointing out that with some elementary training and an ounce of common sense you can probably roll around in Malware all day long and come away smelling of roses. Let’s use the miracle of educational jpegs to illustrate this, shall we?

The fine folks at Kaspersky published this graphic back in January, showing that the Shlayer Trojan has an astonishing 29.28% share of attacks against macOS users. That’s clearly a bad thing and makes for great copy if you’re a company that makes anti-virus/anti-malware software, but the one thing that Shlayer has in common with every single other item on that list (and in fact every single other piece of malware for the Mac) is that it requires the following three things:

First, it requires you to download a piece of software from a suspicious website.

Second, it requires you to ignore the warnings that Apple gives you about installing unsigned software from an unknown source.

Third, it requires you to install that software by giving it your username and password – effectively authorizing the code to run on your computer.

That’s three break points that you’re required to sail through without considering your actions. It’s easy to point fingers at end-users and decide that that kind of negligence is inexcusable, but that’s childish behavior, lazy, reductive thinking and a quick and easy way to pass blame around; while finding who is to blame for something is always fun and enjoyable it’s ultimately not as important or useful as figuring out the explanation for the process of what went wrong.

So, let’s talk about process and education and best practices for not infecting your computer with Coronavirus, burning your house down and generally ruining your life. Those three break points are great places to start, and we’ll hit them with three actions; Evaluation, Execution and Consideration

Evaluation – Why do you need that piece of software? That browser extension? That utility that will make your Mac Run Faster And Better And Free Up Memory? What issue are you trying to correct? Recognizing that bad actors are perfectly willing to push solutions to problems that may (or may not) exist is a solid first step, and one that I encourage people to undertake.

I’ll go one further: pretty much every “Utility” “designed” to “make your Mac Faster” is either a con or outright lie. The vast bulk of them do nothing, and the few that actually do anything at all just run shell scripts to do the kind of periodic self-maintenance that your Mac does by itself without requiring stupid, shoddily-designed third party nonsense. A lot of these are malware, and the ones that aren’t are dumb and bad and designed to prey on the fears and concerns of people who don’t have the time or inclination to think about things like how your computer does periodic self-maintenance. You don’t need an app to free up memory or defrag your drive. Those are things that your computer does all by itself, or else there are sensible, grown-up reasons why it doesn’t do them at all. “Clearing Virtual Memory” sounds great, but when it means that your computer has to go and rebuild the caches it has in place and you’ve actually made your computer slower and less responsive then it doesn’t sound so great after all.

As a person who makes their living charging people for the privilege of having me help them with their macOS/iOS/network issues it may sound self-serving, but if you’re having an issue with your computer then call someone professional and ask their opinion. Or at least do a little research, and recognize that you’re not alone in figuring this stuff out. Not to be too pay-no-attention-to-the-man-behind-the-curtain about this, but malware authors don’t issue press releases and when a new piece of malware hits. We IT professionals are not notified in advance. We have groups and bulletin boards and mailing lists that we subscribe to where other professionals find weird things and report them and we figure stuff out. We ask questions and raise concerns and identify threats as a group. The second that some new, weird utility called “FixMyMacProFast” pops up you can bet someone’s looking at it with a long, critical eye, and if it’s problematic then word gets out fast. At the very least, google things before you download them and consider your sources.

So, call your IT person. There’s a decent chance that he/she/they won’t bill you for it, and they’ll be a lot happier about nipping something in the bud for free than dealing with a roiling nightmare and sleepless nights on the company dime.

Execution – This is your second break point. The moment that you’ve downloaded the new thing™ and you’re at the precipice of installing it. Before you go ahead, Gatekeeper will step in and your Mac will throw up a warning if the thing isn’t signed by a developer certificate, thus:

Your computer is literally telling you “Hey, I can’t guarantee that this isn’t going to do something really, really bad. Are you completely sure that you want to do this? I mean, really?”

At this point you can’t open the thing, except by hitting “OK” and then either adjusting your Gatekeeper preferences or by right clicking on the installer and explicitly telling your Mac to open it. Depending on how you look at it that’s either one or two break points at which you should be considering the provenance of what you’re about to put on your computer.

Consideration – This is your last chance. Before the executable runs it will probably want your username and password, so take a breath and think about what that means. This is a potentially unknown actor on your computer that Apple has specifically warned you isn’t necessarily legitimate, and that you’ve had to undertake extra steps to allow in, and now it wants your credentials – the same credentials used for, say, your Keychain. Where you probably keep a lot of encrypted data that you wouldn’t necessarily want accessed by anyone else. Passwords for email. Web pages. Encrypted notes. Banking information. Apple has included all kinds of security in the OS and in the hardware of the device itself, but that’s largely for naught if you’re going to hold the door open and freely hand out your private information. Consider this move very carefully.

The only thing that I really took away from my long-ago degree in Anthropology was the lesson that people – by and large – aren’t dumb. We may not understand why our fellow man believes something or acts in a certain way, but it’s a solid bet that they’re doing it for what they believe to be a damn good reason. Cargo cultists only look misguided and ill-informed from the outside; step in their shoes and look at their perspective and it’s very difficult to announce that their actions are illogical.

People tend to act in ways that make sense to them and seem the most logical and beneficial using the information on hand, and that’s the only vector that malware authors have to exploit. Further, anti-Malware/anti-Virus companies have a vested interest in building a little healthy hysteria up because they have targets and sales goals and costs, and if you’re a fire-extinguisher salesman then yelling “Fire” in a crowded theater makes good sense if you have a stall set up in the lobby. The middle line between actual and perceived threat is something that should be clearly identified and kept in perspective; if you want to protect yourself or your organization against attack then it’s vital to stay abreast of the dangers, enact reasonable protections and educate users on the threats that they’re going to face. There are great tools built into macOS, but tools are only as good as the hands that wield them…

There’s a certain type of person – and I’m sure everyone knows someone like this – that deals with you having something they don’t by trashing that thing. “Oh, you have the iPhone 11 Pro? That’s nice, bro, but the Pixel camera is better.” “New Mac Pro? Apple hardware is way overpriced. You got ripped off, idiot.” “Nice car? Yeah, well my Corolla has much better gas mileage. And anyway, only morons buy domestic.”

There’s no point and zero profit engaging with these people, and the older I get the easier it is to step back, dip into a little empathy, and realize that there’s a lot of complex emotional baggage being shunted around there that has a lot to do with need and want and envy and self-worth, and that someone disapproving of your choices is in no way an invalidation of those choices. And really, most of the time the people who engage with you like this aren’t terrible people. Let it go. Move on with your day. Life’s too short.

The exception I’ll make – the thing that causes me to frown and shake my head and engage – is inaccuracy and flat-out manipulation of the facts. Which brings me to the gloating text message I got this morning from a friend, linking me to this Technology Review article about how Teslas can be hacked:

Hackers have manipulated multiple Tesla cars into speeding up by 50 miles per hour. The researchers fooled the car’s Mobileye EyeQ3 camera system by subtly altering a speed limit sign on the side of a road in a way that a person driving by would almost never notice.

Go on, read the article if you’re interested, but if you’re not then I’ll give you the tl;dr – notably that “hackers” discovered that if you alter a speed limit road sign then the camera in the Tesla will read a 35 mph speed limit as an 85 mph speed limit, and when in Autopilot mode will accelerate as appropriate to hit that speed limit (assuming that there are no other vehicles on the road). Said “Hackers” were in the employ of… wait for it… McAfee. Who I’m sure are smart and law-abiding folks, but my personal opinion is that if you’re looking for Chicken Little-types for the modern age then antivirus companies are right at the top of the heap. When your entire business depends on scaring people into using your product and trying to get them to distrust technology then it’s hard to wave a flag of impartiality with this kind of stuff.

Still, this is bad. But it’s not hacking. Hacking would be in directly compromising the computer system in the car, allowing a bad actor access to the mechanisms of control that govern the way the car behaves. Altering a road sign is vandalism, pure and simple. The moment you’re grabbing paint and tape and tinkering around with something by the side of the road is the moment that you’re compromising the world at large, not just one device. If I paint a perfect counterfeit “STOP” sign at the intersection near my house then the entities in charge of the locomotion of the vehicles that approach that sign – human or computer alike – are going to stop.

Now, this whole thing on my end might smack of a certain degree of Get-Off-My-Lawniness, but the fact remains that words have a function and a duty, and as cloying and picayune as the distinction may seem to be it’s nevertheless one worth observing. Hacking is an involved task – sometimes noble, sometimes criminal – but a deliberate and calculated action requiring forethought and execution and carried out with specific intent.

This, though? This is just criminally, irresponsibly dumb; an act that proves… nothing. There’s nothing intelligent or thought-provoking in it, and nothing that indicates a deficiency in the system that is unique and peculiar to that system. It’s not a hack; at best it’s ruinously irresponsible fear-mongering based on a tortured, twisted version of the truth.

At worst? It’s a fiction based on a lie.

Well, technically that should read “macOS and Tesla PT.3” because it’s been a while since I last wrote about this and times change.

For one thing, I used to have a Model S, and while that was a wonderful thing it had certain downsides; notably the woeful deficiencies in places to put things, and by things I mean cups. Yes, I got rid of my electric dream machine because it had too few cupholders and I moved to Santa Barbara from Washington State because of all the rain. Imagine a shallow and petty reason to make ruinously expensive life decisions, and rest assured that when you’re looking for some sap to make those dreams come true then I’m the man for the job.

I replaced the Model S with a Model 3, which has lots of cupholders and many other places to put things besides, and is a little shorter and narrower and can be parked by a human being without the need of tugboats or the kind of steely-eyed determination you expect from the sort of people who drive massive tankers through the Panama Canal every day, effortlessly moving between locks while leaving a credit card’s worth of space between the paint job and the concrete walls. I could rave about this car all day, but I’ll wrap this bit up quick by telling you that I bought it from a nice young man who used words like “bro” and “sweet” and “nodoubtnodoubt” and that driving the car is like driving a bicep. It’s solid and planted and capable-feeling and you drive around all day doing the things one does in cars when one is an enormous white man heading into middle age (being mildly concerned by the passage of time and the nature of mortality, wondering what you’re going to make for dinner, whether the amount of hair you pulled out of the shower means you should call a plumber or start worrying about whether you’re developing male pattern baldness). And then, like an unthinking fool, you mash the accelerator and start gibbering and screaming like a frightened ape in a lightning storm.

The storage bins between the seats are TARDIS-like and contain more space than they reasonably should. You merely touch them and then they open, and then you touch them again to close them. If you try and close them too hard then they bounce helpfully open again; repeat this process too often and the car bongs at you discretely and puts a notification up on the screen to the effect that You’re Closing The Door Too Hard, and also Please Stop That. Chastened, you learn your lesson.

It does everything better than the Model S except for one thing; the old way of connecting your computer to your car was lovely and only moderately impossible, and the new way of doing things is a headache.

At some point Tesla decided that OAuth was better than just sending your username and password in cleartext over the internet, which is generally a bad idea and more particularly one when said username and password allows the person who has it to unlock your car, get in, and drive it away without comment. Switching to the new way of doing things has managed to break the old teslams solution pretty comprehensively, and the replacement for it – teslajs – fails spectacularly to do anything except send me harsh notes to the effect that it can’t install things that it has in fact installed, and then compounds that by utterly failing to do anything useful whatsoever.

So instead, I’ve been tinkering around with Nikola. It’s a prebuilt binary that allows you to do most of the stuff you used to be able to do with the old teslams commands but is now all nicely wrapped up in a convenient package that doesn’t make you want to pull your hair out in chunks and thus exacerbate the kinds cranial-related problems you think about while driving.

As of right now teslajs doesn’t work, but despite how lovely Nikola is I rather miss having shell commands I can throw into the Terminal to quickly pull up data about my car. Hopefully I’ll have a little time down the road to bang my head about this. Who knows, maybe there’ll be a fourth update in a year or two…

My last post was pretty serious. Not that that is a bad thing; I tend to skew optimistic and frivolous, but it’s nice to get the occasional email about something more substantive. So, with that in mind I’m flipping back over to fun and useless to this one.

Fortune is something I put on every new machine. It has absolutely no functional usage other than giving me something to help me focus and relax, which is – in the grand scheme of things – actually pretty useful.

So, what is fortune? Well, I’m glad you asked. Fortune is a command-line utility that prints out a short or pithy phrase into standard output from a prewritten file. The fortune command comes with a bunch of these, but you can also write your own, and that’s a good thing as a lot of the pre-included fortunes are either obscure, deeply-ingrained programming or pythonesque jokes, or (admittedly more occasionally) the kind of thing regarded as very funny in 1994 and now deeply, deeply problematic in 2020.

The first step to getting it on your Mac is to install it via your package manager of choice, which in my case is homebrew. The command really couldn’t be easier – just type in brew install fortune.

Homebrew puts fortune in /usr/local/Cellar/fortune, and from there you can get to the fortune files by further navigating through 9708/share/games/fortunes. By default, fortune will pull a random fortune file and quote every time it’s invoked, and each fortune file has an associated data file with it with the .dat suffix.

A fortune file is really just a plaintext file where each quote is separated by a % character, thus:

Depend on the rabbit's foot if you will, but remember, it didn't help
the rabbit.
- R.E. Shay
%
Either I'm dead or my watch has stopped.
- Groucho Marx's last words
%
Happiness is having a scratch for every itch.
- Ogden Nash

You’re responsible for cherry-picking your own cute quotes from the existing fortune files, the internet, or modern life at large. Once you have your quotes, save them into a file called… well, anything you like, really. The fortune command just looks in the fortunes directory for correctly-formatted text files paired with a same-name data file, but I call mine “fortunes” because it’s pithy and to the point and easy to remember.

Take the existing fortune files that are installed by the command and either move them to a different directory/subdirectory or flat out toss them out. The case for the former is if you want to go poke around them at some point for additional quotes, but I’ve been down that road and saved the two dozen I like to my fortunes text file already, so I trend toward the latter strategy. Copy your new fortunes file into the fortunes directory and go jump into the Terminal to make the magic work.

Firstly, you’ll need to lose any existing file type suffix on that fortunes file you just made. The process of making a fortune data file looks for a simple, flat text file and not one with .doc or .txt or the equivalent on the end, so do the following:

Change directory to the fortunes directory –

cd /usr/local/Cellar/fortune/9708/share/games/fortunes

Once in that directory, list the existing files with ls -al, and use the mv command to rename your plaintext file to something suffix-free (so if your file is called fortunes.txt then you’ll rename it by issuing the command mv fortunes.txt fortunes).

Next, you’ll need to create the data file for your new fortunes file. We use the strfile command for that; strfile creates a data file from your fortunes file that contains a header and table of file offsets so that the fortune command can randomly pick a quote from a list separated by “%” signs. As we’re in /usr you’ll have to issue the command via sudo, thus:

sudo strfile fortunes

Once the command has run you’ll see both “fortunes” and “fortunes.dat” in the fortunes directory, and your work is done. Close the Terminal, reopen it, and type in fortune, thus:

I love The Expanse. If you’re looking for solid science fiction that invests heavily in world-building and doesn’t resort to ludicrous, flow-breaking space magic nonsense then you can’t go far wrong with a fictional world comprised of people doing what it is that people do best: trying to get by.

Life in space is allegorically like life in the modern world. You have limited resources that have to be inventively and creatively used, and there’s a clear and pragmatic need for the kind of muscular morality that actually makes the world work. Don’t mess with the air and water, recognize that the people you work with (whether you love or hate them) are functionally indispensable and should be protected, and maintain your tools. Sound advice.

It’s the latter that I’m talking about today, though. There’s a character in the books – a phlegmatically amoral psychopath who unaccountably seems to be one of the good guys – who repeats that maxim (or variations of it) at various points, using downtime to disassemble, clean and check tools and equipment that are vital to his job. As maxims go, it’s a good one, and one that I have pinned as a geeklet on my desktop, thus:

In a pragmatic, actual sense there’s a lot to be gained by making this punchy quote into something you can actually implement provided you take the time to think about what needs to be done, take the time to do it, build a solid routine and invest time and resources in carrying it out. This applies to anyone who uses their Mac (or really any computer) for something indispensable, whether it’s one iMac or Mac mini that sits on your desk for emails or it’s a Mac Pro stuffed to the gills with upgrades that you use as an Xcode build monster.

Taking the time to think about what needs to be done.

Block out an hour. Quit email and any messaging apps. Put your phone on Do Not Disturb. Get your non-alcoholic beverage of choice, sit down, and really consider the machine in front of you. What do you use it for? What are the apps and utilities that you crucially rely on? Has anything been acting up of late? Is everything backed up, patched and updated?

You get the idea. Consider the lump of glass, metal and plastic in front of you and then imagine what your next steps would be if it suddenly and mysteriously went away. Run through worst-case scenarios. What would you need to have on hand if you woke up one day and found your MacBook so broken that the only logical move was to go and buy another one? What solutions and strategies should you be thinking about and investing in? Switching things around – what do you not use your computer for? What applications or tools or data do you have on there that you no longer want or need?

I have a friend who periodically clears out her workspace by assessing each object and asking whether it’s something to keep, put in storage, or throw away. Those are brutally broad categories, but effective nonetheless; something you don’t use every day can either be thrown out or cleared away to free up space and resources, and there’s no shame involved in whichever option she chooses. The trick isn’t in making ruthless decisions about paring away the tools and data you need; instead it’s being ruthless about executing those decisions. That old piece of software or utility you’ve kept around for a decade and resisted upgrading? Keep it! Those old notes that you might some day need to dip into? Keep them or file them away somewhere safe. The pre-installed copy of Garageband with its attendant huge libraries? Pft. Throw it out.

Taking the time to do it.

Santa Barbara has had a pretty terrible time of it recently. I can’t complain because I live about as far toward the edge of the world as possible and because fires and floods would have to pretty much take out the entirety of Santa Barbara and much of Goleta before they arrived on my doorstep, but I’m the lucky one. I had clients lose their computers, hard drives, photographs, personal documents, homes and everything they’ve ever owned, made, worked on or created in their lives in the floods that came after the Thomas fire. That kind of loss – the sheer breadth of it – is overwhelming and almost incomprehensible; to lose everything in an instant and still have to count yourself as one of the lucky ones. And then, on top of that, I had a family member die unexpectedly in the last year in media res, leaving behind a broken iPhone and locked PC and no accessible backups that would help us figure out their tangled finances and byzantine business dealings. It sounds facetious and we’re all sick of hearing it, but seriously; back up your data. Terrible things can (and do) actually happen, and you literally never know when your number is going to be up. Have backups and a plan, and if you’re like me have an old MacBook Air and all the chargers and dongles you’d need to work it stuffed into a backpack at a secure location along with encrypted copies of insurance and financial documents. Paranoia is cheap compared with losing, well, everything.

Back up your computer. Ideally, to two different physical drives. If you have a computer that will accommodate a spare internal drive then slap a big hard drive in there and only use it for backups. Go buy another external drive – one of those little USB-powered ones will do – and plug that in as a second backup drive, and then to finish up go and invest in an online backup service. I like Backblaze, but there are many other excellent options out there. Back up photos and home movies and any vital financial data onto a hard disk and put it in a safe deposit box, then make sure that your relatives can get to it if you’re not around. It’s a couple of hundred bucks a year, and completely worth it.

Do the research on updates and patches, and while it’s important to install urgent fixes for critical problems it’s also prudent to do some reading around on any problems raised by updates. You don’t want to update to the latest OS only to find out that it breaks compatibility with a crucial, professional-grade application. If you use a package management solution like Homebrew then update your installs, and go look through what you’ve installed and decide whether there’s anything that you need to get rid of.

Inventory the software on your computer – make sure you have copies of serial numbers and if possible have disk images saved and backed up someplace they can be readily retrieved if needed.

Build a solid routine.

An hour invested in maintenance on a regular basis – even if it’s just once a month – has the capacity to save you a lot more time further down the road. Seth and I often found that the servers we looked at and maintained for a few minutes every week had the longest uptimes and the fewest failures; by taking the time to really consider anything that seems out of place we’d catch odd log messages or note that some tasks or diagnostics took longer, and we’d catch issues long before they became critical. So, block out time on a regular schedule and stick to that schedule. You’re probably not going to run into anything disastrous on an ongoing basis, but noticing something awry in advance of failure is preferable to noticing it after failure has occurred. Read the Console.app for errors. Google the stuff you don’t understand to make sure that something disastrous isn’t around the corner.

Every Monday morning I spend thirty minutes or so doing all the above. Check the log files on the home and office servers, install critical updates and patches (or schedule downtime to run anything that needs a reboot), check logs and run updates on my desktop and laptop, run brew upgrade, check that automatic backups are working and that the things I have to backup manually are done and checked. That may sound a little OCD, but it’s thirty minutes out of the week that pays for itself in avoided failures and outages.

Invest time and resources.

So, thirty minutes a week is non-insubstantial if you bill for your time, and that time is valuable – but if you’re dead in the water then your time rapidly turns from a commodity into a liability. Likewise resources. Maintaining your computer isn’t a zero-cost solution, and if it is then you’re doing it wrong. Buy good components and quality parts. Don’t buy the dirt-cheap hard drive with a thousand single-star reviews; go tighten your belt, grit your teeth and buy the drive that isn’t likely to blow up or grind to a halt within a couple of months.

Thomas Hobbes said it best when he opined that life is “Nasty, brutish and short”, and while that sounds like the worlds’ most unpleasant law firm it has the ring of truth to it. The best way you can protect yourself isn’t with a backups or redundancies – it’s with thought and care and planning and the application of caution and investment of time.

More of a best-practices post than a concrete article, but nonetheless there might be some value here.

Time Machine has worked in pretty much the same way since its incarnation on the grounds that macOS has also pretty much run the same way since its incarnation: as a monolithic OS that sits on a big volume with lots of bits of data sloshing around on said volume. Time Machine would obligingly go and grab all those bits of data, compare them against a destination, then bring over all the bits of data that it deemed had changed so that you had a snapshot of whatever was on there at the moment you did the backup.

This was all very sensible and worked just fine – right up to the point where the basic underlying mechanic of the way that macOS handled files (all sloshing around on a big volume) – irrevocably changed into more intelligently having all your files sloshing around on two entirely separate APFS volumes. And when I say “irrevocably” I mean it in the tangible, literal sense of “you can’t go back to the old way.” Apple makes this moderately clear in this document, right down there at the bottom:

“If you upgraded to macOS Catalina on a Mac that uses a Time Capsule or other network storage device as the backup destination, your existing backups are also upgraded and can be used only on macOS Catalina. New backups that are created can be used only on macOS Catalina.”

Well. Good to know. In case there was any doubt about this, Catalina changes out the tried and trusted .sparsebundle suffix for the new and improved .backupbundle, the latter of which cannot be opened on anything earlier than Catalina.

There’s further good news and bad news. The good news is that (at least in most typical cases) Time Machine seems to update your existing backups as part of setup once you’ve upgraded to Catalina. The bad news is that this takes a long time and uses a lot of space, as putting everything you use onto two APFS volumes with a drastically different file structure requires significant rewriting of your backup file. In fact, it’s pragmatically a toss-up about whether to let Catalina update your existing fresh ones or just start a new one.

I’ve found that if you have the time (and additional drives) then the best practice seems to be to try and get the best of both worlds. Back up everything under Mojave to two backup sets, detach one of them and stash it in a safe place so you’ll have a backup of your backup, then run the update to Catalina and let it go hog crazy on your remaining backup set. That way if things go awry then you have another clean copy of your old backups to pull data from (and, if it becomes apparent in short order that Catalina isn’t going to work for you, enough data that you can wipe the computer and roll back to Mojave with relative ease.)

New technologies always require transitions, and those transitions are inevitably messy – no matter how well-conceived and well-implemented. Time Machine is practically a venerable institution at this point, and while some parts of this new incarnation have been extant prior to now – local snapshots, I’m looking at you – making substantive changes in the way things work is always going to have rough edges.

And – although this is a good thing – I’ve yet to hit a point where it’s really been put to the test due to hardware or software failure (although I’ve done some full restores on new machines without incident.) Still, time will tell…

“If Mac Pro is in firmware recovery mode, the status indicator light rapidly flashes amber three times, briefly flashes amber three times, then rapidly flashes amber three times. This repeats until the computer is turned off. You might need to revive the firmware on your Mac Pro. If you still need help, contact an Apple Authorized Service Provider“

So, to be perfectly clear about this, they’re saying that if your Mac Pro, say, suffers a power failure during a firmware update and requires repair then it lets you know this by flashing the standard International Morse Code signal for S.O.S?

That’s outstanding.

Back in the day when Apple was telling ACNs that Xsan was the new thing that we all had to know everything about I went out and bought an Xserve.

Okay, it wasn’t just me: it was my fellow ACN and business partner Seth and I . And it was three Xserves. And an Xserve RAID. And a giant box to put them all in. And a fiber channel switch, a ton of cards and cables and adaptors and assorted doo-dads. And it was glorious. And cost as much as a reasonable used Toyota. And it was loud.

Really loud. Really, really loud. To the point where Seth and I would eventually pad the mobile rack with a foam kit, and then wheel it into the back corner of our office in Carpinteria, and then finally wheel it into another room, and then close the door. Don’t get me wrong; Xsan was incredible once you got it set up, and it was equally incredibly advantageous to have a test platform in place that you could throw enormous amounts of data at and have it not even blink. But when we finally pulled the plug on the Xserve/Xsan/RAID experiment after one Xserve blew a processor and another developed some kind of remarkable fault with a backplane we saw the writing on the wall, migrated everything to a couple of nice Promise RAIDs, and ended up giving away, parting out, and eventually recycling the whole lot.

And then Apple stopped making anything that would fit in a rack mount (I’m not talking about you, Mac mini/Mac Pro 2013 rack conversion kits. Sit down at the back, there). Until they came out with this:

I find myself more curious about this than I am about the stock Mac Pro – and not just because it’s a fabulous-looking piece of industrial design (and for my money much better looking than the standard Mac Pro), but because for a platform that’s been carefully engineered for cooling and silence a rack-mountable version is a slam dunk.

The thing is that it’s not simply like they slapped a couple of 19″ rails on the side of the existing box so you could stick it into a rack; it’s an entirely different machine. Sure, there are a lot of similarities with the regular Mac Pro. The base models are identical on specs, but the rackmount version is $500 more, and that $500 gets you a different chassis with migrated ports from the top of the case to the front, built-in spots to attach the included rail kit and a slightly altered rear plane that looks like it’ll accommodate increased airflow. There are those who’ll look at the $500 increase and chalk it up to Apple padding their profits unnecessarily (cough cough Pro display stand cough), but I’d ask those people to go out and look for good rail kits for rack mount servers. Not the cheap, nasty powder coated jobs that eventually buckle and refuse to extend; a really good rack kit. Go on. I’ll wait.

You’re back? And you clocked that a 4U, four-post rack kit can handily set you back about $700? Yeah. I hear you.

It kind of makes sense, though. Four-post rack kits are pricey, and with good reason. If you’re putting your 40lb, $20,000 server six feet up in the air then you want to be very, very sure indeed that it’s not being held in place by something that’s going to snap or warp or wear out, and thus risk turning your extremely pricey (and probably business-critical) asset into a large aluminum box full of broken bits.

This a machine that exists in a world of very limited uses. For every hundred Mac Pros Apple sells they’ll be lucky if they sell one or two of these. This product is an anachronism. A delightful, absurdly clever and well-designed anachronism, but an anachronism just the same; a call-back to a product that existed for a few scant years, failed to thrive, and although it was brilliant never found sufficient traction to compete or persevere.

Which is a shame, because this is exactly the machine that the Xserve should have been; powerful, price and feature comparable with the Pro desktop du jour, and (once you get over the fact that a good rack kit is a non-trivial expense) cost-effective.

And quiet. So, so very quiet.

I toyed with including this last time, but in the end opted to go a different way as macOS Catalina seems to (as of writing this) refuse to work very well with the latest version of John The Ripper. Worse still, the homebrew version seems to either not work at all or throw out very peculiar permissions-based errors no matter what machine I try and run it on. Still, undeterred, here’s how to use the “Pro” version of John The Ripper to crack macOS passwords.

Obligatory note: This is not in anyway an invitation to anyone to try and break into anyone else’s Mac. As mentioned last week, Apple includes very good security options right out of the box on their computers, and those are absolutely things that everyone should be employing. At the very least I implore you to turn on Filevault. Come on, folks.

Additional Obligatory note: Everything in this article would only be possible if you were able to follow the instructions I put in the last article about this sort of thing and thus had full, unfettered, unobstructed access to the OS.

A word about that “Pro” thing. Openwall – who host and distribute JtR – offer it for download to the world for free but will also sell you a copy for about $40 that gives you the kinds of boring things that you like to have when you’re a legitimate IT outfit and that are worth the money; i.e., something you can deduct from your taxes as a business expense and something to put in your asset file that helps you keep tabs on your tools and equipment. Openwall also offer tiered options and licenses that include assorted types of support, but I opted for the simple download sans support because I like figuring this stuff out for myself.

Which, it turns out, is shockingly straightforward. Just like last time, we’ll use the following command to go grab a copy of the target’s hashed password:

sudo cp /var/db/dslocal/nodes/Default/users/test.plist ~/Desktop

…and then use plist2hashcat.py to pull the hash out and put it into a file that we can use:

sudo python plist2hashcat.py ~/Desktop/test.plist

Next, download and build/use Homebrew to install/buy the pre-assembled binary of John The Ripper from Openwall, then download and unzip it into a directory of your choosing. I threw it in my $PATH, but your mileage may vary and I can think of a few good reasons that you might want to just tuck something like this away in a safe place and only pull it out when needed.

Fire up the Terminal, then cd to the run directory in the unzipped John folder. Once there, the syntax to run the thing is about as straightforward as it gets. I’m using the same hashed file as last time, thus:

./John ~/Desktop/test_hash.txt

Now, hashcat is great and it’s well-supported and super-flexible, but compared to John The Ripper it’s like swimming through a sea of molasses with concrete flippers. John The Ripper is fast. Like, seriously fast. From hitting return on that last command I counted twenty-two seconds before it spat out the following:

Twenty-two seconds to digest that hashed password and spit out “test1” which, drumroll, is the correct answer.

Again, as I pointed out last week this kind of thing is only useful on machines that aren’t using encryption like Filevault, and this only makes it clearer than ever that those kinds of protections are no longer optional in a day and age where someone with $40 and a little free time can break into your Mac seemingly at will…

Today – January 5th, 2020 – is a banner day for Apple and anyone who uses Apple products and services. It’s the twentieth anniversary of a product/service that has become integral to the company’s entire internet strategy, app and media distribution efforts, and is the foundation block that every vital service – particularly development and device management – rest on. It is, in point of fact, the thing that turned Apple from a company clawing its way out of financial ruin and irrelevance into the behemoth it is today.

You might think – and I say this not in a subjective sense but in the sense of a person who asked his friends about this – that I’d be talking about something revelatory like the iPod (although you’d be a year or so early) or possibly the iMac (although you’d be a couple of years too late). Those are solid answers, but the real hero of the piece is our old friend, .Mac.

Okay, to be fair, it was originally called iTools because Apple was squarely fixated on their internet strategy and had made the reasonable decision to prefix everything with an “I”, but when you signed up for it (and I did on January 5th, 2000 from the cramped confines of our tiny apartment on Capitol Hill over a 28.8k modem) you got an actual email address @Mac.com and so much more.

Almost everything that came with iTools was weird, and is now gone. The two goofiest ones are easy picks: iReview and iCards. iReview was a sort of peculiar review site for web pages (a noble goal, but ultimately unworkable considering the exploding rate of web adoption amongst the world at large), iCards was a sort of Blue Mountain-esque web greeting card outlet.

Homepage wasn’t awful, and in fact was a fairly serviceable web-page tool that allowed you to host your own site on your iDisk, which could handle up to a whopping 15mb of content. iDisk itself enjoyed direct support in the OS, too; you had the ability to mount the thing on your desktop as if it were just another drive that made copying data to and from the thing laughably simple and intuitive in a way that probably makes iCloud Drive wake up in a cold sweat every night.

A couple of years later iTools became .Mac, and then .Mac became iCloud, and now I have an email address that works with all of those suffixes and has done so – reliably – for twenty years. And because I’m a digital packrat, I can look at those early mails like some sort of data archaeologist and capture little glimpses of the places we all lived and the things we all did back then. There are pictures of my first new car in there, and long email chains between my wife and I that are weird echoes of who we were before we had kids and mortgages. Updates from friends whose names I’ve long-since forgotten, and notes to and from my Dad who passed away almost eighteen years ago.

My private fear is that someday some bean-counter at Apple will look at iCloud and decide that enough is enough and that .Mac addresses will no longer Be A Thing and that we’ll be left with .me.com and iCloud.com, and while that may cause some headaches about AppleIDs and address books I don’t think it’ll be the end of the world. Still, it would be a shame. Twenty years is an eternity in the internet age.

So, Happy Birthday iTools. If I have one wish it’s that you’ll be here in another twenty years time, and that I’ll be around to check back in with you then.