Mac OS X Archive

Debugging macOS kernel using VirtualBox

Late last year, I upgraded my old MBP to the 2016 model with a Skylake processor. As I was debugging a kernel exploit, it turned out that SMAP was enabled inside my VMWare Fusion VM. I wanted to avoid dealing with SMAP, but couldn't figure out how to disable it in Fusion. Luckily, VirtualBox VMs do not support SMAP (yet?).

This post will be a step-by-step guide on how to setup macOS kernel source-level debugging using VirtualBox. Though all the step examples are geared toward VirtualBox, this guide can also be used to setup kernel debugging on VMWare Fusion since it's even more straightforward in Fusion.

Compiling a Mac OS 8 application on macOS Sierra

In 1999, armed with a brand new copy of Metrowerks Codewarrior and a PowerMac running Mac OS 8.5.1, I wrote a basic implementation of Minesweeper to test out the Powerplant application development environment. It's the oldest project of mine that I've kept, so I wanted to see if I could get it running again for the first time in 17 years.

There's no Swift or Objective-C code in this article but there are disk-eating koalas, deliberately misspelled cities, Zernike polynomials, Cocoa software (but not the Cocoa you're thinking of), resource forks, master pointer blocks and in the end, I finally earn the admiration of my family.

Great, entertaining story, you learn something, and it mentions BeOS. I can't think of anything that would make this story even more likely to get posted on OSNews.

Using QEMU to explore the Mac OS Nanokernel

The beauty of the internet: there's always someone else who is also interested in the things you're interested in. It turns out, even people who are working on trying to bring Mac OS 9 to the PowerPC G5 can find each other online. Now, it's important to note that even the people themselves acknowledge that this project is a very, very long shot and unlikely to succeed - but that doesn't mean it isn't worth trying and learning something along the way.

This project (we call it "CountDown G5") is ambitious, sure, and unlikely to succeed. But a few things make it worthwhile:

  • I am learning a lot about low-level kernel programming, which I find fascinating as a hobby.
  • We are crafting a build system in MPW, inspired by that source leak, for very low-level assembly and linking of a NewWorld ROM. This will be useful to other hackers in the future.
  • We have an intermediate goal of increasing the usable logical address space on OS 9 to near the 2 GB hardware limit.
  • The G5 isn't all that different. It has facilities for running 32-bit OSes, and early G5s thankfully left the Block Allocation Table mechanism intact.

Be sure to follow the thread on the forum if you're interested in this type of exotic hacking.

Meanwhile, also definitely 100% be sure to follow Steven Troughton-Smith, who, over the past few days, has been doing an absolutely crazy amount of work on things that go far beyond my comfort zone (he pointed the above thread out to me just now). He's been investigating all the work the Qemu people have been doing on PowerPC emulation, and he's trying to get all the early and often exotic Mac OS X builds to boot on Qemu. This includes things like altering and recompiling BootX, diving deep into Open Firmware to remove a number of 'fixes' put in place that prevented early OS X versions from booting, and tons of other things.

How Apple alienated Mac loyalists

Mark Gurman, trustworthy and extremely reliable Apple reporters with uncannily good sources inside Apple, paints a grim picture of the future of the Mac.

Interviews with people familiar with Apple's inner workings reveal that the Mac is getting far less attention than it once did. They say the Mac team has lost clout with the famed industrial design group led by Jony Ive and the company's software team. They also describe a lack of clear direction from senior management, departures of key people working on Mac hardware and technical challenges that have delayed the roll-out of new computers.

And just in case you're one of the people who ridiculed or attacked me for stating OS X is effectively dead and iOS is Apple's future, this nugget might interest you - emphasis mine.

In another sign that the company has prioritized the iPhone, Apple re-organized its software engineering department so there's no longer a dedicated Mac operating system team. There is now just one team, and most of the engineers are iOS first, giving the people working on the iPhone and iPad more power.

It's been clear to anyone with an unbiased, open mind towards Apple's past few years that the Mac simply has no or low priority within Apple, and this only further solidifies it.

Tim Cook assures employees that it is committed to the Mac

Tim Cook, in a posting to Apple's internal messaging board:

The desktop is very strategic for us. It's unique compared to the notebook because you can pack a lot more performance in a desktop - the largest screens, the most memory and storage, a greater variety of I/O, and fastest performance. So there are many different reasons why desktops are really important, and in some cases critical, to people.

The current generation iMac is the best desktop we have ever made and its beautiful Retina 5K display is the best desktop display in the world.

Some folks in the media have raised the question about whether we're committed to desktops. If there's any doubt about that with our teams, let me be very clear: we have great desktops in our roadmap. Nobody should worry about that.

When a CEO has to go out and say the company is committed to X, the company is probably not committed to X.

Why Apple is removing ‘time remaining’ battery life estimates

Apple clearly thinks the 'time remaining' estimates were causing more harm than good for users, so the new battery life status menu will now instead only show a percentage of remaining battery life, like on iOS devices, which should offer an accurate prediction. The change will be introduced for all in today's macOS update.

Apple claims that the reports of terrible battery on the new 15" MacBook Pro life are inaccurate, and in response, they removed the "time remaining" indicator.

Apple’s new OS “activation” for Touch Bar MacBook Pros

I think it's safe to say the macadmin community has been hearing rumblings about the future of macOS administration. Whether it was Michael Lynn's excellent blog post, m(DM)acOS, APFS or even Sal Saghoian's position being axed, many macadmins (myself included) are worried about the future of macOS administration being a MDM only world.

What if the new TBP Macs were the first piece to this future?

An interesting technical look at what happens when one of the Touch Bar-equipped MacBook Pros can't find the embedded operating system running the Touch Bar, and what conclusions we can draw from that.

Darling is still trying to run macOS software on Linux

Darling, the project to bring macOS binaries to Linux, is still active. After a period of inactivity, the project has picked up speed, according to phoronix.com.

Darling is still progressing but in its latest state can not run any macOS GUI applications but rather only basic command-line apps with both 32-bit and 64-bit capabilities. From the Darling Shell there is support for working with DMG images and even using Apple's Xcode toolchain for compiling basic "Hello World!" type applications for macOS and running from a Linux system.

MacOS Sierra released

macOS Sierra brings Siri to the Mac, allowing users to conduct voice searches to find files, look up information, and more, with the ability to pin searches to the Notification Center for continual monitoring. There are new Continuity features including an "Auto Unlock" option for unlocking a Mac with an Apple Watch, and a "Universal Clipboard" option for copying text on one Apple device and pasting it on another.

MacOS being in maintenance mode, this isn't the most significant update the operating system's ever seen. But hey, it's free, so go get it.

The Apple goes mushy: OS X’s interface decline

Nicholas W. Howard:

Wander into almost any online forum or article comment section about a controversial announcement from Apple Inc. and you will almost certainly hear a variation of this sentence: "Apple has gone downhill since Steve Jobs died." The sentence slithers around vaguely; it never seems to specify how, or in what ways, Apple has gone downhill. I agree, nonetheless, that it has. Whether or not Steve Jobs's absence caused the decline (though I suspect it did), I grow frustrated as I watch each software update further erode one pillar of Apple's formerly astronomical greatness.

No: I am not referring to their software's stability, important and perhaps worsening with time as it may be. I walk a different tightrope. The design-community-approved articles pertaining to an "Apple software decline" focus on bugs (see Marco Arment, Glenn Fleishman, Russell Ivanovic) or even lunge for their shields to claim that Apple has no such software problems (see Jim Lynch), with the glaring exception of this thoughtful and much-needed lament by Don Norman and Bruce Tognazzini. The article you are about to read will address the same unsung subject as Norman and Tognazzini's article: the design, not the engineering, of Apple's graphical user interfaces. But where their article is general, I have harvested specific example after specific example of the user interface decline of (the now-former) OS X.

A great article with which I wholeheartedly agree - but my agreement comes with a twist.

Where Howard seems to regard the purest form of the Aqua graphical user interface as the bar for the decline, I consider the bar to be what is now referred to as the Classic graphical user interface, but which is actually named Platinum, which reached its zenith in Mac OS 9.

Platinum in Mac OS 9 was elegant, clear, memorable, focused, and pleasant. Forget OS 9's multitude of structural problems - it was a terribly designed house of cards that would crumble if you looked at it funny - and just focus on the UI, in which elements are clearly marked, there's tons of useful but not annoying visual feedback, and a rare sense of spatiality to it all.

Aqua has always been too candy cane for me, and it's only gone downhill from there for Apple - iOS and Mac OS today are dreadfully bland and void of character, and this article does a decent job illustrating it.

macOS Sierra developer preview: different name, same ol’ Mac

It's tempting to read the "macOS" rebranding as some grand statement about the Mac, but, truth be told, "Sierra" is more indicative of what we're getting. The name comes from a mountain range that encompasses Yosemite and El Capitan rather than moving away from them. It's another year of building on Yosemite's foundation, another year of incremental change, and another year of over-saturated mountain wallpapers.

Like El Capitan before it, Sierra focuses on a few marquee features, a couple of under-the-hood changes, a smattering of smaller tweaks, and one or two signposts pointing toward future development. It's the next release of OS X, new name or not. And we've spent a week with the first developer beta to dig into some of the new features ahead of the public beta in July and the public release in the fall.

Insights into the developer preview.

Apple unveils macOS Sierra

Moving on from iOS 10, we get to OS X, and the biggest news is the forthcoming death of HFS+, but before we get there, Apple made it official: OS X is now macOS, causing millions of slightly peculiar people like myself to twitch every time we have to type it out. It should, of course, be called Mac OS, but maybe that's why I'm a sad, lonely translator, and Apple has so much money it can buy, like, I don't know, Belgium. macOS Sierra (10.12? We don't yet know) will be coming this fall.

With that out of the way: Apple announced a brand new file system. You'd think big news like this would be front and centre during the keynote, but I guess not everybody gets bug-eyed by the supposed brutal murder of HFS+. In any event, the new Apple file system is called Apple File System - because, you know, Apple is for creative snowflakes - and it's been designed to scale from the Apple Watch all the way up to Mac OS macOS (this is not going to work out). Since I'm by far not qualified enough to tell you the details, I'll direct you to Ars, where they've got a good overview of what APFS is all about, or you can dive straight into Apple's technical documentation.

For the rest, macOS was pretty under-served at WWDC, as expected. Siri is coming to the Mac, and there's things like a universal clipboard that works across devices, and Apple states that every application can be tabbed now - basically all multi-window applications can be tabbed, without developer input. I'm kind of curious how this will work in practice. Lastly, Apple is making it first steps towards macOS treating the file system like iOS does it (i.e., pretending it doesn't exist), by using iCloud to automatically sync your desktop and documents folder. All optional now, but you can expect this to expand and eventually be mandatory, and cover all user-facing files.

One final tidbit: the Mac App Store has been effectively declared dead - all the APIs that were previously only available to MAS applications, are now available to everyone. And nobody shed a tear.

As always, there's more, but this is the highlight reel.

OS X to be rebranded as ‘macOS’

It's widely expected at this point that Apple will rebrand Mac OS X to simply 'macOS' next week at WWDC, but hidden in today's announcements regarding the App Store was yet another hint at the change. In a FAQ from on the iTunes Connect website, Apple mistakenly refers to Mac OS X as 'macOS,' again prematurely hinting at the change.

I like dropping the X, but I really dislike Apple's terrible use of case. iOS is horrible enough, but tvOS, watchOS and macOS look absolutely dreadful, each a stumbling block in any sentence they appear in. Nobody with any sense of style or legibility would abuse case like that.

Not at all unlike those people who style it as 'OSnews' instead of the obviously correct and only way to style it, namely 'OSNews'. Yes, this is an internal struggle over here, and yes, this stuff matters.

Today’s Apple event spells the end for OS X

Apple's new iPad Pro is the twelfth iPad to be released since the original debuted back in 2010, and it borrows features from two of Apple's existing tablets. The new iPad Pro has the size and weight of the iPad Air 2 - 9.7-inches, which Apple notes is by far the most popular of its three iPad size choices - while bringing over the power and accessories of the 12.9-inch iPad Pro launched last year. (Yes, the new iPad Pro and the existing iPad Pro have the same name - you'll have to get used to identifying them by size.)

Apple's event today was one of the most telling events it has held in years, and I specifically chose the new iPad Pro 9.7" to focus on. As far as products and announcements go, the event wasn't all that monumental; it was the tone and wording that really set this event apart from all others. This wasn't Apple talking about new products today - this was Apple talking about how it sees the future of personal computing.

On several occasions during the event, Apple referred to the iPad Pro - both the new 9.7" model and the old 12.9" model - as their vision for the future of personal computing, and Tim Cook referred to the 12.9" model as a "giant step" toward the "future of computing".

Read between the lines of today's event, and you could clearly see the writing on the wall: after letting the Mac and specifically OS X languish since the release of iOS, and after internal struggles about which of the two - or both - platforms to focus on going forward, it seems like Apple is letting the world know that it finally made a choice, and that choice is iOS.

I'm not basing this solely on today's event, of course, but also on the lack of development on OS X, the lack of consistent Mac hardware updates over the years, and insights I'm getting from people who... Know Apple things better than we do. I already mentioned it in the previous news item, and I'm going to state it plainly and bluntly again to drive the point home: as far as Apple is concerned, the Mac and OS X are the past. Their eventual death won't be sudden or clear-cut, but the gradual decline of the platform's importance in Apple has been ongoing for a long time now, and will only accelerate from here on out.

I'm not saying this is either good or bad - those of you who follow me on Twitter and are intimately aware of my 'life' with iOS can guess in which camp I belong - I'm just spelling out what's pretty obvious between the lines. I'll leave it up to you if this makes you happy or sad.

We've got an interesting number of years ahead.

OS X ransomware infected Transmission installer

On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware "KeRanger." The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.

Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site Transmission is an open source project. It's possible that Transmission's official website was compromised and the files were replaced by re-compiled malicious versions, but we can't confirm how this infection occurred.

Fascinating hack - they basically compromised the Transmission website to upload infected installers. And it worked, too.

Update: Apple has shut down the exploit by revoking the compromised app's certificate.

Previously downloaded OS X installers no longer work

File this one under "Obscure problems that could ruin your day." TidBITS reader Randy Singer reports that due to an expired certificate, OS X installers downloaded prior to 14 February 2016 won't work.

The Apple Worldwide Developer Relations Intermediate Certificate is required for all apps in the Mac App Store, including OS X installers. When used to sign an app, the certificate enables OS X to confirm that the app has not been corrupted or modified by an attacker. This certificate expired on 14 February 2016, causing error dialogs and preventing some apps from launching. Most apps affected have already been updated with the new certificate. But if you downloaded an OS X installer in case of trouble, you may be in for a surprise the next time you try to use it.

Take note.

13 million MacKeeper users exposed

The makers of MacKeeper - a much-maligned software utility many consider to be little more than scareware that targets Mac users - have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and, er... Users. Perhaps more interestingly, the guy who found and reported the breach doesn't even own a Mac, and discovered the data trove merely by browsing Shodan - a specialized search engine that looks for and indexes virtually anything that gets connected to the Internet.

The most surprising news here is that apparently at least 13 million Mac users have this piece of scamware installed. You know, it's almost as if Mac users are not the special flower children some people would like us to believe, and are just as susceptible to social engineering and lapses in judgment as anyone else.

Who knew, right?

Leaving the Mac App Store

There are a number of reasons for Sketch leaving the Mac App Store - many of which in isolation wouldn't cause us huge concern. However as with all gripes, when compounded they make it hard to justify staying: App Review continues to take at least a week, there are technical limitations imposed by the Mac App Store guidelines (sandboxing and so on) that limit some of the features we want to bring to Sketch, and upgrade pricing remains unavailable.

And this is yet another lauded developer leaving the fledgling Mac App Store behind. Tapbots' Paul Haddad is pretty on point.

Five to ten years from now, we'll all laugh about how terrible of an idea the centralised, controlled, closed application store was, and mourn the immense damage it has done to developers. A short gold rush, followed by the total destruction of the independent developer community. I hope it was worth it.

Apple user anger as Mac apps break due to certificate lapse

Mac users faced trouble with their apps overnight after the security certificate Apple uses to prevent piracy expired late on Wednesday.

Applications downloaded from the Mac App Store were temporarily unavailable from 10pm UK time, when a security certificate expired, five years after its creation, with no replacement immediately available.

Even once Apple fixed the error, issuing a new certificate for the apps (with an expiry date of April 2035, this time), users were still faced with problems. Those who could not connect to the internet couldn’t verify the new certificate, while those who had forgotten their password or couldn’t log in to iCloud for some other reason are also unable to use the downloaded apps until they can log in to the service.

My tweet from yesterday seems apt here. Unbelievably incompetent.

Review: Commander One Finder Alternative

For all of the strengths of OS X, two of the complaints recycled year after year are the aged filesystem, HFS+, with its lack of file integrity, and the file manager, the Finder. While replacing HFS+ remains out of our reach, an alternative to the Finder for day-to-day tasks has been achievable for some time. Enter "Commander One," a dual-pane file manager that seeks to fill in the holes that the Finder has famously left. Let's dig in and see what Commander One has to offer.