In the next few days those using M1 Macs will be updating to Big Sur 11.5, blissfully ignorant of how, as an admin user, their Mac could refuse to update. Because now, in addition to regular users, admin users and root, there’s another class of admin user: the Owner. Let me explain. Just something to be aware of.
Kernel extensions have long been one of the most powerful and dangerous features of macOS. They enable Apple and third-party developers to support the rich range of hardware available both within and connected to Macs, to add new features such as software firewalls and security protection, and to modify the behaviour of macOS by rerouting sound output to apps, and so on. With those comes the price that kernel extensions can readily cause the kernel to panic, can conflict with one another and with macOS, and most of all are a security nightmare. For those who develop malicious software, they’re the next best thing to installing their own malicious kernel. For some years now, Apple has been encouraging third-party developers to move away from kernel extensions to equivalents which run at a user level rather than in Ring 1. However, it has only been in the last year or so that Apple has provided sufficient support for this to be feasible. Coupled with the fact that M1 Macs have to be run at a reduced level of security to be able to load third-party kernel extensions, almost all software and hardware which used to rely on kernel extensions should now be switching to Apple’s new alternatives such as system extensions. This article explains the differences these make to the user. A good, detailed look at what Apple is doing with kernel extensions in macOS.
The utter user-interface butchery happening to Safari on the Mac is once again the work of people who put iOS first. People who by now think in iOS terms. People who view the venerable Mac OS user interface as an older person whose traits must be experimented upon, plastic surgery after plastic surgery, until this person looks younger. Unfortunately the effect is more like this person ends up looking… weird. These people look at the Mac’s UI and (that’s the impression, at least) don’t really understand it. Its foundations come from a past that almost seems inscrutable to them. Usability cues and features are all wrinkles to them. iOS and iPadOS don’t have these strange wrinkles, they muse. We must hide them. We’ll make this spectacular facelift and we’ll hide them, one by one. Mac OS will look as young (and foolish, cough) as iOS! I haven’t encountered a single person who likes the new Safari tab design on macOS.
BlackBerry recognizes the importance of supporting the cybersecurity community in the fight against cyberthreats, and is therefore following up its release of the PE Tree Tool in 2020 by sharing this methodology report to inform security researchers and pen-testers on how to successfully emulate a MacOS ARM64 kernel under QEMU. Pen-testers and researchers can use the virtualized environment of a stripped-down MacOS kernel for debugging and vulnerability discovery, and this illustrates the extent to which one can use emulation to manipulate and control the kernel to their desired ends, whether it be to find a critical bug or to patch an area of the kernel. More importantly, this project was a successful experiment in cross-platform emulation that has the potential for future development. BlackBerry telling you how to virtualise ARM macOS. Yeah.
After sixteen major releases, you might think there’s not much left to be added to Parallels Desktop – and for the vast majority of Mac users who are still using Intel CPUs, there isn’t. For them, this update to the popular virtualisation software tidies up a few bugs and adds support for the latest version of the Linux kernel, but that’s largely it. Overall it’s not even consequential enough to warrant a full ticking up of the version number. Yet arguably, this is the most significant release of Parallels Desktop since it first appeared in 2006. Just as version one unlocked the potential of Apple’s then-recent switch to the Intel architecture, this one breaks new ground by allowing you to install and run Windows 10 on Apple Silicon. They conclude it’s a great first release, but that it still has ways to go.
It has been recently announced that the venerable TenFourFox web browser for PowerPC (PPC) Macs was going to cease regular development, which rekindled my interest in playing around with my trusty PowerBook G4, which only gets occasional use if I’m testing a PowerPC version of some of my own software. Such is the way of aging hardware and software: the necessity to support them wanes over time, but it does question how useful can an 18 year old laptop be in 2021. Can it still be useful, or is it relegated to a hobbyist’s endeavors? As usual, the internet and networking are the hurdles.
Two browsers for old Mac OS X and classic Mac OS releases, developed by the same developer, are shutting down. TenFourFox, the browser developed specifically to give PowerPC Mac users a modern browser, is the first. I’ve been mulling TenFourFox’s future for awhile now in light of certain feature needs that are far bigger than a single primary developer can reasonably embark upon, and recent unexpected changes to my employment, plus other demands on my time, have unfortunately accelerated this decision. TenFourFox FPR32 will be the last official feature parity release of TenFourFox. Today is a one-two punch, because Classilla, too, is calling it quits. Classilla is a modern-ish browser for Mac OS 9 and 8.6. An apology is owed to the classic Mac users who depend on Classilla as the only vaguely recent browser on Mac OS 9 (and 8.6). I’ve lately regretted how neglected Classilla has been, largely because of TenFourFox, and (similar to TenFourFox in kind if not degree) the sheer enormity of the work necessary to bring it up to modern standards. I did a lot of work on this in the early days and I think I can say unequivocally it is now far more compatible than its predecessor WaMCoM was, but the Web moves faster than a solo developer and the TLS apocalypse has rendered all old browsers equal by simply chopping everyone’s legs off at once. There is also the matter of several major security issues with it that I have been unable to resolve without seriously gutting the browser, and as a result of all of those factors I haven’t done an official release of Classilla since 9.3.3 in 2014. It’s an inevitable consequence of just how complex the web and web browsers have become. Single individuals – or even a small group of people – simply cannot maintain a modern web browser, let alone two, let alone on two outdated platforms. A big hit for PowerPC Mac and Mac OS 9 users, for sure.
Big Sur’s sealed System volume seemed like a good idea. Although the read-only version in Catalina may look impregnable, guaranteeing integrity using a Merkle Tree of hashes, then locking the whole lot in a snapshot, looks even more robust. Like other good engineering ideas, though, it also needs thinking through thoroughly. It’s locked down for your own safety, though. Giving up freedom in exchange for safety never hurt anytone, right?
But back to my ‘gut-reply’, I wanted to be certain that my fond memories of Snow Leopard weren’t just nostalgia. While I am confident when I say that Snow Leopard is the most stable version of Mac OS, I wanted to make sure its user interface was really the good user interface and experience I was remembering. So, after a few frustrating attempts at creating a virtual machine on my current iMac with Mac OS High Sierra, I decided to install Snow Leopard on a USB flash drive, and boot my 2009 MacBook Pro (yes, it’s still alive & kicking) in Snow Leopard from that flash drive. It seems to be a rather widespread conviction that it’s been downhill for macOS for years now, and I can’t say I disagree. Especially the current version looks like a touch-first operating system, but without a touchscreen. So many huge targets, lots of needless whitespace, things you have to swipe, buttons hidden until you mouse-over – it feels like Apple is trying to out-Windows 8 Windows 8.
The macOS Big Sur 11.2 kernel (XNU) source has been released here: source, tarball. My previous post on building XNU for macOS 11.0.1 described the method for compiling open source XNU for Intel Macs. This post details how to compile XNU for both Intel and Apple Silicon Macs, and how to boot the custom kernel on both platforms. Note that it is not possible to build or boot a custom XNU on Apple Silicon Macs before macOS 11.2. I doubt many people compile and run their own XNU kernels, but the fact that you can is still cool.
Apple released macOS Big Sur 11.1 on 14 December. Although yesterday it finally posted standalone installers for the two concomitant security updates to Catalina and Mojave, no standalone updaters for Big Sur have appeared yet. Neither has it made available a standalone updater for macOS 11.0.1, which was released over a month ago. If you feel that you “have a need for individual downloads for Big Sur delta/combo updaters”, please let Apple know. In the strongest possible terms, via Feedback, Apple Support and any other means available. The lockdown continues.
Update: Overnight, Apple PR sent out an e-mail about this issue to multiple websites and blogs, including me, for some reason. The company has updated its knowledge base article about “safely opening apps” on the Mac with new information, including a number of promises to fix this issue in the near future: These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs. In addition, over the the next year we will introduce several changes to our security checks: • A new encrypted protocol for Developer ID certificate revocation checks• Strong protections against server failure• A new preference for users to opt out of these security protections These are good promised changes, especially the first and third one. Turning off the security checks is the most welcome change, but it remains to be seen if this cripples the user experience in some other way. It’s also interesting to note that I’ve been inundated by random people claiming there was no issue here at all, yet it seems Apple sure does disagree with that. A response like this over the weekend, emailed to not only the usual Apple news outlets, but also insignificant ones like OSNews seems highly unusual for something that, according to a lot of random people, isn’t an issue at all. Original story: Almost nine years ago, I wrote an article titled “Richard Stallman was right all along“, still one of the most popular, if not the most popular, articles ever posted on OSNews. That’s the very core of the Free Software Foundation’s and Stallman’s beliefs: that proprietary software takes control away from the user, which can lead to disastrous consequences, especially now that we rely on computers for virtually everything we do. The fact that Stallman foresaw this almost three decades ago is remarkable, and vindicates his activism. It justifies 30 years of Free Software Foundation. And, in 2012, we’re probably going to need Free and open source software more than ever before. At the Chaos Computer Congress in Berlin late last year, Cory Doctorow held a presentation titled “The Coming War on General Purpose Computation“. In it, Doctorow warns that the general purpose computer, and more specifically, user control over general purpose computers, is perceived as a threat to the establishment. The copyright wars? Nothing but a prelude to the real war. Yesterday, every Mac user got a taste of what happens when you don’t actually own the computers you pay a lot of money for. Because Apple wants to control everything you do with the computer you rent from them, and because Apple wants to know everything you do while using the computer you rent from them, a random server somewhere going down meant Mac users couldn’t open their applications anymore. Why? Because applications on macOS will only open if Apple allows them to be opened, and that means macOS phones home every time you do anything on Apple’s Mac that you rented. This has some serious privacy implications, as Jeffrey Paul notes: This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. They know when you open Premiere over at a friend’s house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city. It gets worse. The data that’s being sent as part of this phone home procedure is sent unencrypted, passes through third parties like Akamai, and since Apple is part of the US intelligence program PRISM, the US government has unfettered access to without the need for warrants. I’ve been warning about the consequences of handing over control of our software and computers to corporations and governments for well over a decade now here on OSNews, and every year, we seem to slide a little farther down the slippery slope, and every time, people wave it away. Yet yesterday, Mac users all over the world were confronted with the reality of being an Apple user today. Macs are not yours. They are controlled, owned, and operated by Apple, and are an absolute privacy and security nightmare. Exactly as the Free and open source software movement has been warning about for 40 years now.
And, as is tradition, a new macOS release means a new Ars Technica macOS review. The one to read, as it is with every release, and as it will be forever. So say we all. In a lot of ways, Big Sur is the kind of incrementalist macOS update that we’ve come to expect in the last few years. It’s a collection of tweaks and minor feature upgrades and under-the-hood enhancements that bumps the platform forward but doesn’t radically change it. It simply builds on the foundation laid by the last few releases of the operating system, something I talked about last year. Big Sur makes the Mac look and sound a lot different than it did before! But it’s still close enough to what you’re used to that you’ll use it for a few weeks or months and then it will just be what macOS looks like. I’m obviously much more interested in Big Sur on the new ARM Macs, but for that, we’ll have to wait until next week.
Mac users today began experiencing unexpected issues that included apps taking minutes to launch, stuttering and non-responsiveness throughout macOS, and other problems. The issues seemed to begin close to the time when Apple began rolling out the new version of macOS, Big Sur—but it affected users of other versions of macOS, like Catalina and Mojave. Other Apple services faced slowdowns, outages, and odd behavior, too, including Apple Pay, Messages, and even Apple TV devices. It didn’t take long for some Mac users to note that trustd—a macOS process responsible for checking with Apple’s servers to confirm that an app is notarized—was attempting to contact a host named oscp.apple.com but failing repeatedly. This resulted in systemwide slowdowns as apps attempted to launch, among other things. What a brave new world – some server goes down, and you can’t use your applications anymore.
macOS Big Sur, the latest version of the world’s most advanced desktop operating system, is now available to Mac users as a free software update. Big Sur introduces a beautiful redesign and is packed with new enhancements for key apps including Safari, Messages, and Maps, as well as new privacy features. And Big Sur has been engineered, down to its core, to take full advantage of all the power of the M1 chip to make the macOS experience even better for the new 13-inch MacBook Pro, MacBook Air, and Mac mini. The combination of Big Sur and M1 truly takes the Mac to a whole new level with incredible capabilities, efficiency, and more apps than ever before, while maintaining everything users love about macOS. I’m not entirely sure if I like the new interface with all the big UI elements and excessive whitespace, but other than that, this seems like a solid release. You know where to get it.
I booted the arm64e kernel of macOS 11.0.1 beta 1 kernel in QEMU up to launchd. It’s completely useless, but may be interesting if you’re wondering how an Apple Silicon Mac will boot. You got to love the bluntness.
Can you distribute Mac software over the internet without signing it, thereby avoiding Developer ID and notarization entirely? Technically, currently, yes, although Apple has indicated that a future version of macOS may not allow unsigned code to run at all. Some people claim that Mac users can “just right click” to run unsigned software. But what does that mean exactly? Let’s look at the user experience, in a series of screenshots. For illustration, I created an unsigned application, “MyGreatApp”, uploaded it to my server, and then downloaded the app with Safari on macOS 10.15.6, the latest public version of the Mac operating system. (The experience is essentially the same on the beta version of macOS Big Sur, except the new iOS style alerts look even worse.) Here’s what you see when you try to open the app normally (double click) in Finder. As a Mac developer, it’s nearly impossible to run a viable software business when this is the first-run experience of new customers. You’ll never get any new customers! This is why every Mac developer I know signs up for Developer ID and ships only signed, notarized apps. It would be financial suicide to do otherwise. Technically, the option is there to “just right click”, but practically it’s not a viable distribution option for Mac developers. From a business perspective, there’s no avoiding the Gatekeeper. For all intents and purposes, Macs and macOS are already entirely locked down and can only run software approved by Apple. macOS Big Sur on ARM Macs will make the rules even stricter – while ARM Macs can still run unsigned Intel code in the way described above, you can’t run unsigned code compiled for Apple Silicon. The screws are being tightened little by little, and just as I predicted and warned way back in 2010 with the introduction of the Mac App Store (and then again in 2011 with the introduction of sandboxing, and then again in 2012 with the introduction of Gatekeeper), we’re very close to a total lockdown of macOS, thereby completing turning the Mac into iOS – appliances you do not control and do not own. You pay a hefty sum for the mere privilege of borrowing your iOS or Mac appliance, but you don’t actually buy them.
A question I got repeatedly the last couple days was, now that AARM (Apple ARM) is a thing, is the ultimate ARM-Intel-PowerPC Universal Binary possible? You bet it is! In fact, Apple already documents that you could have a five-way binary, i.e., ARM64, 32-bit PowerPC, 64-bit PowerPC, i386 and x86_64. Just build them separately and lipo them together. You’ll be able to eventually build a binary that contains code for every Mac hardware and software platform starting from Classic all the way up to macOS Big Sur, and from m68k all the way up to ARM. I doubt anyone will use it, but that doesn’t make it any less cool.
After going in depth with iOS 14 earlier this week, today we focus on macOS Big Sur. The biggest takeaway from my hands-on time with the follow up to macOS Catalina is that Apple’s latest OS is clearly being designed with the future in mind. Although it’s unmistakably Mac, Big Sur is a departure from previous versions of macOS in terms of aesthetics. Everything, from the dock, to the menu bar, to window chrome, icons, and even sounds have been updated. A good overview of the many, many changes in Big Sur. Interesting sidenote: with both Windows and macOS now heavily catering towards touch use, this leaves Linux – and most of the smaller platforms, like the Amiga or Haiku – as one of the last remaining places with graphical user interfaces designed 100% towards mouse input. Big buttons, lots spacing, lots of wasted space – it’s coming to your Mac.