An intro to fish (not Phish) 🐟

It appeared to me recently that I’ve inadvertently switched to fish shell full time and am loving it! Hopefully after this little intro you will too. For a more complete introduction, I recommend the official tutorial, my aim here is to highlight some of my favorite fish features to entice you…

First, what is fish? Out of the box you get autosuggestions, 24-bit color, man page completions, tab completions, syntax highlighting, and optional web-based configuration. That’s just the tip of the iceberg.

More

Circadian Emacs

The other day I was thinking about ways to automatically change from a light theme to a dark theme at a specific time of day in Emacs. Currently I have a custom function mapped to C-x t which tracks between the Solarized Light and Solzarized Dark themes.

More

Big changes to Privacy and Automation with Mojave

Two links concerning Automation currently in macOS Mojave, if you are a heavy user of AppleScript, read on…

Running apps with Mojave’s privacy protection via Eclectic Light Company

“Mojave protects information in three categories: prompting (such as Location Services), other data (such as Mail), and special (such as microphone audio). These in turn break down as follows.

Prompting: Location Services, Contacts (address books), Calendars, Reminders, Photos (Photos libraries).

Other data: Mail, Messages, Safari browsing history, HTTP cookies, Call history (iOS), Time Machine backups, iTunes backups.

Special: Camera input, Audio input through the built-in microphone, Automation (AppleScript and others)”

Here is a more deep-dive into the Apple Event API’s with Mojave via Felix Schwarz

“I am deeply worried that the implementation of Apple Event sandboxing in Beta 2 could make it into the final release of macOS Mojave unchanged.

As it is, it offers too little to developers who want to provide a good user experience. And not enough for utility apps and pro users who are in need of an option to exempt apps from Apple Event sandboxing.

Right now there’s a broad and diverse range of useful and beloved apps that take advantage of the Mac’s support for automation. They make things “just work”, help make the Mac even more accessible, increase productivity and make lifes easier and richer.

For many, these apps are a reason to keep buying Macs – and a part of the Mac’s heritage and DNA.

Apple Events are the core technology making these apps possible. It is therefore essential to get right any changes to how Apple Events work. So that these apps can continue to exist and thrive.

If you’re using or making any of these apps, please help raise awareness at Apple on the importance of solving the problems presented here – by duping my radar (OpenRadarRadar) and sharing this blog post.”

Apple Introduces “InstallEnterpriseApplication” to thwart MITM attacks for DEP/MDM Enrollments

Hacking a Brand New Mac Remotely, Right Out of the Box via Wired

“We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time,” Endahl says. “By the time they’re logging in, by the time they see the desktop, the computer is already compromised.

During each step, the system uses “certificate pinning,” a method of confirming that particular web servers are who they claim. But the researchers found a problem during one step. When MDM hands off to the Mac App Store to download enterprise software, the sequence retrieves a manifest for what to download and where to install it without pinning to confirm the manifest’s authenticity.”

The fix comes via the new MDM verb InstallEnterpriseApplication.

“MacOS 10.13.6 adds the new MDM verb InstallEnterpriseApplication. What does it do, how does it differ from the preexisting InstallApplication verb, and why does it matter?

InstallEnterpriseApplication is very similar to InstallApplication, which has been in existence for some time. InstallApplication is a much broader command and is used for installing App Store Apps, Enterprise iOS apps, and macOS packages. InstallEnterpriseApplication is intended to replace the macOS package installation functionality of InstallApplication and adds additional security options.

When an installation command is sent to a device, it includes a manifest. The manifest is a document that provides information about the package that is to be installed, such as its name, a download URL, and a checksum that the device can use later to validate the integrity of the downloaded file. The InstallApplication command provides a URL for the device to download the manifest from. InstallEnterpriseApplication adds two options:

Certificate pinning: The MDM command can specify the public key that the web server hosting the manifest must be using.

In-band delivery: The manifest can be specified in the InstallEnterpriseApplication command itself.”

The downside is the vulnerable “InstallApplication” will remain for backwards compatibility. Being that 10.13.6 is a recent update, most new laptops will arrive with a version below 10.13.6. If this is a concern, then you may have to hands-on your zero-touch for a bit.

macOS Installation

Here’s a little book promotion for a friend of mine by the name of Armin Briegel whom I met through the Mac Admins Slack channel (full disclosure: I did help edit the draft prior to release). The book is simply titled macOS Installation and helps address macOS installations in the “post-imaging” world.

More

BYTE Magazine Archive

Quite the time suck…

https://archive.org/details/byte-magazine&tab=collection

Byte magazine was a microcomputer magazine, influential in the late 1970s and throughout the 1980s because of its wide-ranging editorial coverage. Whereas many magazines from the mid-1980s had been dedicated to the MS-DOS (PC) platform or the Mac, mostly from a business or home user’s perspective, Byte covered developments in the entire field of “small computers and software”, and sometimes other computing fields such as supercomputers and high-reliability computing. Coverage was in-depth with much technical detail, rather than user-oriented.

Welcome!

Facebook is crumbling in case you haven’t been following, in fact it’s continuing to ruin society more and more. You should care about privacy and about a free and open internet that isn’t monetizing and/or profiling every click whilst keeping you in a bubble aggregated by said clicks to feed you what you want to see, hear and think (phew!).

Having (almost) quit all social media I’ve missed having a place to post an occasional link, picture, project etc that I find interesting or myself am working on. Hence, this blog to fill that void. Side note: it’s self-hosted meaning I’m in complete control of this data!

With that brief intro, I will leave you some reading material to either get started or at least give you something to think about…