Apple’s September 12th “Gather Round” event: Wild Unsubstantiated Speculation

Tomorrow Apple will announce some product updates for iPhone, iPad, and perhaps Mac.

The following is some unsubstantiated speculation:

  • USB-C will be announced as the standard connector on all Apple devices.
  • Macs be able charge iPads and iPhone via USB-C and vice versa.
  • Macs will also be able to harness the GPUs of iPads and iPhones using the USB-C connection: eGPU to go!

Now, in all reality I think they’ll hang onto lightning a little more until USB-C saturation is higher… then they’ll opt for USB-C2 ūüėā. The eGPU idea is DOA I’m sure due to thermal issues and battery life of the iDevices. Anyway, just in case it happens: I told you so! ;)

How to determine if your Mac has a T2 chip

Do you know if your MacBook Pro has a T2 chip in it?
Here’s an easy way to tell:

Goto Identify your MacBook Pro model

Then look for the the murderous autonomous robot. Easy!

You can also run this:

/usr/libexec/PlistBuddy -c "print :0:_items:0:ibridge_model_name" /dev/stdin 2>/dev/null <<< "$(/usr/sbin/system_profiler -xml SPiBridgeDataType -nospawn)"

<<< – is an √ľber cool “here string”

PlistBuddy is great at parsing data defaults might balk at, it can also take /dev/stdin!

Install macOS High Sierra, HFS Compression, and OS X 10.8

If you have downloaded¬†Install macOS High Sierra.app on a non-macOS 10.8 machine then copy said installer to a 10.8 Mac, the installer will be unusable. Why? HFS Compression.¬†It seems Install macOS High Sierra.app uses HFS compression on numerous files and it seems 10.8 has issues with that and will not “see” those files.

To quickly demonstrate which files are compressed, we will use stat and examine the st_flags attribute, 0=no compression, 32=compression (thanks ghost of Mac OS X Hints!)

IFS=$'\n\t'; for file in $(find /Applications/Install\ macOS\ High\ Sierra.app -type f); do echo "$(stat -f %f "$file"): $file)"; done

You’ll see many files with 32 as the flag, these will not be readable in 10.8

The trick is to copy the file and do away with the HFS compression, we can use ditto for this:

ditto --nopreserveHFSCompression /Applications/Install\ macOS\ High\ Sierra.app [destination folder]

This will produce an installer compatible with 10.8… sure you could have downloaded it via the Mac App Store by now on a 10.8 machine, but now you know.

Nothing (bash style)

The brunerd blog has been a whole lot of nothing¬†lately, so let’s commemorate and celebrate with¬†an entry¬†featuring the premiere of the bash tag and category… hmm, which one is more useful? We’ll find out. Now as for nothing, there’s a legit command, special built-in to do nothing in bash!

man page for bash command :

: [arguments]

No effect; the command does nothing beyond expanding arguments and performing any specified redirections.  A zero exit code is returned.

 

Isn’t that lovely?¬†When you need to do nothing, you can call :
Perhaps you are writing a script and aren’t sure what you’ll do for that if statement ‚ÄĒ

if [ "${this}" == "that" ]; then
#actually not sure what to do here, let's do nothing
:
else
echo "This else, I'll do"
fi

I made a gist here¬†and I think I’ll keep making more.¬†I’ll feature them here¬†with the bash¬†tag, if only as an auxillary backup of my brain and to add to the collective patchwork quilt of code we all use to get our ideas off the ground, when our reach is just a hare shy of grasp¬†and we need a little help.

Also in the gist was a snippet of a novel use by kbeck at Extensis in his UTC removal script to use : to redirect a here document¬†into itself and server as a comment block that doesn’t need # on every line to be treated as a comment ‚ÄĒ

: <<COMMENTBLOCK

[ ] 2016-0324: enclose me; love me. i am a block of comments

COMMENTBLOCK

Spiffy!

Java 8 Update 40 Installer App Fun!

So perhaps you saw my previous post: Java 8 without the Adware (aka Java8Unjunker)?

Java 8 U40 App

Good stuff eh? There was something¬†in there that got me thinking: If they didn’t sign the package, is the app doing any integrity checks on the package inside either? Hmmm let’s see…

Voice over: We’ve secretly replaced the JavaAppletPlugin.pkg package with QuickTime 7 let’s see if¬†it can tell the difference!
Not Java

Here we go!
Sure let me authenticate right when you run before any confirmation of action Рwhy not!? (Ugh, bad form already.)

Java8 Auth

Safe and Easy

Oh OK, “safe and easy” – I love it! But just to clarify…
By “easy” you mean: Checking lots of trust boxes and clicking “Run” buttons a lot to get¬†a Java apps working (plus¬†crossing your fingers)?
By “safe” you mean: a steady stream of high scored¬†CVEs¬†with¬†low complexity?¬†Or even running in Unsafe Mode when needed?

OK what’s next?

Ask

Oh dear God no! No Ask.com. Uncheck. Next.

Oh, right, away we go, I gave you my password at the door. Installing Java are we?
Java8 InstallingInstalled

OK I’ve successfully installed Java then if you say so… I guess I that’s proof alright!
It then takes you to the Verify Java page¬†‚ÄĒ but who cares about that!

What does /var/log/install.log say about what was installed?

QT7 install Java8

 

Yep it installed the QuickTime7 package we put in there and Java Updater 40.app was none the wiser.

So in conclusion… That’s a really nifty “Ask Toolbar installer”¬†with arbitrary package installer Oracle. It’s also a great delivery vehicle¬†for malware by¬†nefarious¬†folks. Heck, bundle Java along with your Trojan and the “Verify Java” page would open too!¬†Sheesh. Is the Ask¬†contract that lucrative?¬†Oracle made¬†$38 billion in revenue last year, IAC the parent of Ask.com pulled in $3 billion.¬†I guess IAC have¬†got money to spend and Oracle will take it (but not invest in more secure installers?)

Notes: The first attempt used a QuickTimePlayer7.6.6_SnowLeopard.pkg with an expired certificate, that halted the install. The 2nd attempt I stripped out the expired certificate. It worked. The 3rd time I downloaded a newly signed version from Apple, that too worked.

Parting note for Oracle:
Sign your critical packages! If you insist on using your glorified “Ask Toolbar installer app” to do this, then require that¬†it verify¬†the package integrity in some way, Orable! (heh, that was a typo but I like it: Orable, ha!)

Open JavaAppletPluginJava8 No Lock

 

Update: Oracle is now signing the package within and the installer can no longer be duped into running an arbitrary package. The version when this article was written was 1.8.40.25, it is now 1.8.40.27.

Java 8 Signed
It’s signed now!

 

Damaged Java 8
Attempted JavaAppletPlugin.pkg Replacement

 

Java 8 without the Adware (aka Java8Unjunker)

So you’ve heard the Ask toolbar is now bundled¬†with Java 8 Update 40 for the Mac?
Yep, apparently it is.

Ask

Fortunately there’s a simple workaround!¬†Let’s take control of our Macs and do a little spelunking into this new installer app.

Right or Control-Click the Java 8 Update xx.app and choose Show Package Contents

Show Package Contents

Navigate into Contents then Resources folder
Eureka we’ve found it: JavaAppletPlugin.pkg
JavaAppletPlugin_LocationLet’s run¬†it!

Gatekeeper_Java8

Aw snap. It seems the¬†package isn’t signed and Gatekeeper is not happy about that. I’m flabbergasted that they’d sign the installer app but not the package inside? (Update: I’m really flabbergasted!)

Control or right-click on JavaAppletPlugin.pkg and choose Open

Java 8 PKG Open

Click Open

Open JavaAppletPlugin

Here we are. Your unsigned Java installer awaits.

Installer

Alternately… Java8Unjunker.command

A¬†script I just made to do the same thing plus some other nice things like: name the package and¬†un-quarantine it. Of course being¬†a script it’s not signable! Gatekeeper will balk if it’s on. You’ll need to right-click and choose Open as before.

Shell

Drag in your Java 8 Updater xx.app

Unjunker1

Press Enter.
Voilà! A folder with your package ready to double-click and go.

Unjunker2

Enjoy.

TMI…

#!/bin/bash

#Java 8 Unjunker - Joel Bruner
#Simply moves the JavaAppletPlugin.pkg package out of the installer app (which installs the Ask Toolbar) to the Desktop, renames and Un-Quarantines it

#touch file for debugging
[ -f /tmp/debug ] && set -x

#take command line argument too
sourceApp="$1"

#check to see if path provided is present and valid
#otherwise get the path
while [ -z "$sourceApp" -o ! -d "$sourceApp" ]; do
echo -n "Drag in Java 8 Update xx.app and press enter: "
read sourceApp
done

#get the version from the app
sourcePKGVersion=$(defaults read "$sourceApp"/Contents/Info CFBundleVersion)

#make Desktop folder and copy pkg to it, renamed
echo "Creating Directory ~/Desktop/Java $sourcePKGVersion"
mkdir ~/Desktop/"Java $sourcePKGVersion"
echo "Copying JavaAppletPlugin.pkg to ~/Desktop/Java $sourcePKGVersion/JavaAppletPlugin_${sourcePKGVersion}.pkg"
cp "$sourceApp"/Contents/Resources/JavaAppletPlugin.pkg ~/Desktop/"Java $sourcePKGVersion"/JavaAppletPlugin_${sourcePKGVersion}.pkg

#since Oracle doesn't sign the pkg just the .app we need to strip the quarantine xa off to suppress the warning
xattr -d com.apple.quarantine ~/Desktop/"Java $sourcePKGVersion"/JavaAppletPlugin_${sourcePKGVersion}.pkg

echo "Java Unjunked. Opening Folder."
open ~/Desktop/"Java $sourcePKGVersion"

 

 

 

RecoveryHD Updater now with PKG building

** Update: Recovery HD updaters packages for 10.11 will only work when run in OS X 10.11, previous packages could run in different OSesnot so for 10.11

Updated April 6, 2015: createRecoveryHDUpdater 15.4.6.command Рbuilt PKG now is targetable to volumes other than /

Released Feb 28, 2015: createRecoveryHDUpdater 15.2.28.command

Recovery15.2.28

Building off the previous work the updated script will now create a nicely named dmg

recoverydmg_icon

Containing both an interactive script for updating disks and a new script to create a .pkg!

recoverydmg_2scripts

 

The fruits of RecoveryHD PKG Maker.command:

recoverypkg_iconCustom Bundle ID is interactively provided, the PackageVersion is matched to the OS release. Signing identity is asked for in the script¬†but not tested (my cert might be broken, YMMV). The target of the package is always / – an exercise for the reader to change the postinstall script to use¬†Installer’s variables to affect the target The exercise to make the .pkg¬†targetable has been exercised by me… Enjoy!

 

BASH parameter fun

Some exercises in handling parameters in a script:

Using BASH_ARGV to loop through all arguments

#!/bin/bash
#debugging output
[ -f /tmp/debug ] && set -x

#Loop Though the arguments provided
#BASH places arguments in reverse order in BASH_ARGV array
#Start at end of array (ARGC – 1)
for (( i=$(( $BASH_ARGC – 1 )); i>=0; i– )); do
item=”${BASH_ARGV[$i]}”
echo “\$$(( $BASH_ARGC – $i )): $item”
done

Loop through all arguments with special handling of first and last only

#!/bin/bash
[ -f /tmp/debug ] && set -x
##loop through parameters, start with end of BASH_ARGV
for (( loopNumber=1, i=$(( $BASH_ARGC - 1 )); i>=0; i--, loopNumber++ )); do
#do something special for first and last
if [ $i -eq $(( $BASH_ARGC - 1 )) ]; then
conditionalString="(I am the first one!)"
elif [ $i -eq 0 ]; then
conditionalString="(I am the last one!)"
else
unset conditionalString
fi
echo Arg $loopNumber: ${BASH_ARGV[$i]} $conditionalString
done

Loop through all arguments with special handling of first and everything else

#!/bin/bash
[ -f /tmp/debug ] && set -x

##loop through parameters, start with end of BASH_ARGV
for (( loopNumber=1, i=$(( $BASH_ARGC – 1 )); i>=0; i–, loopNumber++ )); do

#if not the last don’t restart dock
if [ $i -eq $(( $BASH_ARGC – 1 )) ]; then
unset conditionalString
conditionalString=”(I am the first)”
else
conditionalString=”(I am not the first)”
fi

echo Arg $loopNumber: ${BASH_ARGV[$i]} $conditionalString
done

Loop through all arguments with special handling of the last and everything else

#!/bin/bash
[ -f /tmp/debug ] && set -x

##loop through parameters, start with end of BASH_ARGV
for (( loopNumber=1, i=$(( $BASH_ARGC – 1 )); i>=0; i–, loopNumber++ )); do

#if not the last don’t restart dock
if [ ! $i -eq 0 ]; then
conditionalString=”(I am not the last)”
else
unset conditionalString
#conditionalString=”(I am the last)”
fi

echo Arg $loopNumber: ${BASH_ARGV[$i]} $conditionalString
done

(WordPress is bugging the heck out of me with the code tags breaking when their are line breaks… sorry, that’s an exercise for the Googler)

Apple Remote Desktop 3.7.1

Apple has release Remote Desktop Admin 3.7.1

The release notes are sparse, as usual:

This update improves the overall stability and reliability of the Remote Desktop application. It includes the following specific improvements.

  • Prevents an issue that could cause the OS X Firewall to block Remote Desktop connections. See Additional Information below.
  • Improves reliability of the¬†kickstart¬†command.
  • Fixes the¬†“Display full screen” option in Control & Observe preferences.

Hmmm, I didn’t see a bullet point titled: “Fixed insane memory and CPU usage issues”

ARD Ridiculous Memory Usage

Just installed the update. Fingers crossed.

Update: The answer is no… they didn’t fix runaway memory usage.

ARD371 Cray Cray Mem Usage Remote Desktop Screen Usage

Downloading Safari 6

So when Safari 6 came out, Apple did away with download links from their Support site.
Why? Who knows. But it’s a real pain when you have b√łrked install or install a Developer preview (which sometimes will not register in Software Updates and need to get up to the latest release.)

I contributed this tip to Apple Discussions in the¬†HT5275 Safari 6 download¬†thread and am reposting here as well since I repeatedly keep going back to get the command I authored! (No I don’t run Apple Software Update server, I have my own distribution methods for work that don’t involve merging software update catalogs and other ridiculous things OS X Server requires you to do if you dare run various OS X versions and don’t run the latest server). I parenthetically digress.

Here’s the Terminal command to spit out some Safari6 URLs (OS X 10.6-10.8):

curl -s $(strings /System/Library/PrivateFrameworks/SoftwareUpdate.framework/SoftwareUpdate | grep http | grep sucatalog) | grep Safari6 | grep pkg

It’ll give you something like this:
<string>http://swcdn.apple.com/content/downloads/18/32/041-6651/147ugedbeiqpz43czixlgawayfoa7tjyjv/Safari6.1MountainLion.pkg</string><string>http://swcdn.apple.com/content/downloads/47/40/041-6648/a9y00qwi8esz3gl5v2gfik1p3rgvn7zftz/Safari6.1Lion.pkg</string>

I know, not pretty right? But what you can do then is copy and paste the URL into Safari’s Address/Search bar and hit Option-Enter which will then download it.

Viola. A Safari 6 package.

Update for 10.9:
Now when you grep SoftwareUpdate there are multiple URLs for the seed programs, the easiest way to deal with this and still be generic is to loop through all the URLs grepping for Safari

for URL in $(strings /System/Library/PrivateFrameworks/SoftwareUpdate.framework/SoftwareUpdate | grep http | grep sucatalog); do curl -s "$URL" | grep Safari | grep pkg; done