Sierra Features & Recommendations

Today, Apple releases the 13th major revision of what began life as Mac OS X, turned into OS X, and is now macOS. Sierra, macOS 12, will appear in the App Store this morning for free. The tentpole features this time out are subdued, and Sierra represents a refinement of the changes that began in OS X Yosemite in 2014, and continued in OS X El Capitan last year.

Our advice, as in previous years, is that discretion is the better part of valor, and waiting until you have a convenient time to be without your computer for an hour or so, after you’ve determined if your working application load is functional in Sierra, is the best way to proceed. This basically means we don’t recommend updating today unless you enjoy pushing the boundaries of the future. We will, of course, support you as best we are able, but our general advice is:

  1. Don’t update without a backup. If you’re not sure if you have a backup, you need to be 100% sure before proceeding.
  2. Don’t update without checking the compatibility of your applications with the new OS. Our management and monitoring systems are compatible at this time, and our tools will work with Sierra. If you’re not sure your tools are compatible, please check. We’re happy to help.
  3. Don’t update without being aware of the new iCloud features listed below, and understanding the consequences of turning them on could include data loss, or being without your data offline.

As always, we take the advice of Salah from Raiders of the Lost Ark.

236

Please note that we don’t mean you should go first, but rather other intrepid OS explorers, who have the correct safety apparatus and a willingness to explore knowing that loss is possible.

While Sierra is a refinement release, there are a couple of interesting tentpole features for Apple to hang its hat on. The first is the arrival of Siri to the Mac platform. Long a mainstay of iOS, Siri now has access to many of the pieces of your Mac’s environment, including your files, your calendar and your personal information. If you have internet access, Siri can perform tasks for you related to your operating system such as “Create an Appointment tomorrow at 9am to call Tom” or “Find all my emails from Tom Bridge” or “Show me all the pictures of Charlie”, and Siri can do those things. Siri can move files, send messages, and other activities.

I find Siri’s inclusion to be a novelty, and a bit of a disappointment, if only because I can’t imagine myself ever speaking to my computer in an open-plan office, or in a coffee shop, or even my home if others were around. I find the idea a talking interface to your computer to be a bit bizarre, but I recognize I may an outlier. I don’t talk to machines in public, I save my talking to people. Is that weird? Maybe. It is straight up humanist discrimination? Well, yes, it is. This is where the computers come for me, isn’t it?

The second tentpole of Sierra is one that I find both intriguing and horrifying all at once. Apple wants you to trust your Documents folder and Desktop to iCloud, and allow your local operating system to figure out what needs to be stored locally, and what can be stored in the Cloud instead. They’ve prepared us for this reality, of course, and this is just iCloud Photo Library, but applied to your Desktop and Documents folder. This is a great concept, designed to save space on your SSD-based Macs that are very definitely space constrained, but there are pitfalls. I am glad that Rich Trouton has made available his configuration profile that blocks this setting for organizations to use on their computers. I’m not interested in turning this feature on any time soon.

There is one convenience feature that I am enjoying so far, and that is unlocking the phone with my Apple Watch. This feature relies on Apple’s Wi-Fi proximity check scripts, as well as access to your iCloud account, which must be set to use the new Apple Two-Factor Authentication for security purposes. This means you’ll have trusted devices that are capable of providing a 6-digit one-time passcode for granting access to your AppleID. If your Watch and Mac are set to use the same (2FA-enabled) AppleID, the presence of the watch (in an unlocked state, on your wrist) will unlock your Mac.

If you want to learn more about the security of macOS and iOS, I strongly recommend watching Ivan Krstic’s Blackhat talk, which goes into depth about the security behind this unlock procedure (Starts at 24 minutes in). The amount of thought that has gone into this process is staggering, but I would absolutely watch the heist flick, or Mr. Robot season, that takes on trying to break it (and failing).

There are some additional features in Sierra that are of interest, but you’re likely already exposed to their arrival, as they’re in iOS 10. Photos’ Memories features and new search capabilities are on your Mac, the Apple Music experience is now available in iTunes, with enhanced capabilities, and the new iMessage types, responses and animations are available in Messages for view.

There are some additional under-the-hood changes in Sierra that are interesting, including changes to the SIP directories, locking down further portions of the underlying OS-facing file system, and the inclusion of APFS as a disk type that the OS can understand, but neither of these concern users at large, who this guidance is for.

As always, we are happy to answer your questions.

Something Siri Should Know: Baseball Magic Numbers

I’ve been trying to use Siri more for tasks in the Sierra Beta, and I finally had an obvious one to go looking for tonight. I asked her what the Nationals Magic Number is. This was her response:

Screen Shot 2016-08-29 at 7.15.57 PM

Well, that’s not ideal. Why doesn’t Siri know how to make this calculation? The magic number to win the division in baseball is a known formula. That formula is

(163 - (leading team's wins + second place team's losses))

. As I type this, the Nationals have 75 wins, and the 2nd place Mets have 64 losses. This makes the Nationals’ magic number 24 (163 – (75+64)). This number should be easily calculable for Siri.

Alternatively, for teams in the Wild Card race, there is an alternate formula, that involves removing the division leaders from the standings tree, and combining the rest of the teams into a single table, and subtracting the wins of the leading team and the losses of the third place team to get the result.

Why isn’t this the sort of thing Siri knows about? Given MLBAM’s tight relationship with Apple (and MLBAM’s use of their data throughout various keynotes over the years!), why isn’t this something Siri knows how to do?

Think of the opportunities for fun things to say. You could ask Siri what the Yankees magic number is, and instead of this, you might get something funny like “Well, I’m sorry to tell you John, they’re not getting their 28th this year.”

Screen Shot 2016-08-29 at 7.24.54 PM

I mean, how great would it be if Siri was an inveterate Red Sox fan and just spent the whole time needling Yankees fans?

Anyway, I’ve filed a bug, and if you’d like to dupe it, it’s number 28066166, and it follows here:

Summary:
Currently, if you ask Siri what the Nationals’ magic number is, she isn’t sure. The magic number to win the division in baseball is a known formula. That formula is 163 – (leading team’s wins + second place team’s losses).

As I type this, the Nationals have 75 wins, and the 2nd place Mets have 64 losses. This makes the Nationals’ magic number 24 (163 – (75+64)). This number should be easily calculable for Siri.

Alternatively, for teams in the Wild Card race, there is an alternate formula, that involves removing the division leaders from the standings tree, and combining the rest of the teams into a single table, and subtracting the wins of the leading team and the losses of the third place team to get the result.

Steps to Reproduce:
1. Ask Siri for the Nationals magic number
2. Be denied.

Expected Results:
1. Ask Siri for the Nationals magic number
2. Be displayed the division standings (good!) and get the correct answer for their magic number for the playoffs.

Actual Results:
1. Ask Siri for the Nationals magic number
2. Be displayed the division standings (good!) and get a noncommittal answer (bad.)

Version:
10.12 Beta (16A313a)

Notes:
Major League Baseball should also be able to furnish this data directly.

Apple Accidentally Blacklists Own Ethernet Kernel Extension

This afternoon, Apple released a background update that accidentally blacklisted their own Ethernet kernel extension. These background updates are generally not user-facing. The system will perform a daily check for these updates and apply them without notification. Users whose systems installed the update, marked as com.apple.pkg.IncompatibleKextConfigData.14U2129 or Incompatible Kernel Extension Configuration Data 3.28.1, on reboot lost their Ethernet adapter’s functionality.

This is a result of Apple’s security processes working to disable kernel extensions Apple deems harmful. Also included in this update was the banishment of spyresoft’s Dockmod which somehow managed to get a kernel extension signed by Apple into production, in conflict with the security guidelines for OS X. This is a concern for a number of reasons, but that’s a matter for another day.

Fortunately, Apple realized their error in a short period of time, and pushed another Incompatible Kernel Extension Configuration Data update which removed the entry for the Ethernet Kernel Extension.

Are you concerned that you might be missing your Ethernet adapter? You can check. From a terminal, run
pkgutil --pkgs=".*compat.*"
This will then reveal all the Incompatible Kernel Extension updates. Look for:
com.apple.pkg.IncompatibleKextConfigData.14U2129
If you see both 14U2129 and 14U2130, you are up to date. If you only see 14U2129, you should run the following to get the update from Apple (likely over your Wi-Fi connection):
sudo softwareupdate --background-critical
This will update the background updates and apply them. You may need to reboot to enable the missing kernel extension.

Thanks as always to my fine colleagues Pepijn Bruienne, Rich Trouton, Allister Banks, Mike Lynn, and Ben Toms for contributing advice and code.

Update: Via Patrick Fergus comes an important update: another way to check is to use System Profiler. Look in Software > Installations, “Incompatible Kernel Extension Configuration Data”, 3.28.1 = 14U2129 = bad, 3.28.2 = 14U2130 = good, sudo softwareupdate --background-critical to update to the new version.

Update Two: Via Rich Trouton, a longer, more detailed examination of the issue. Still not sure how this one made it out of QA.

Update Three: Via many sources, Apple has provided a technote for those who were affected. In addition, Rosyna Keller has posited a reasonable theorem for why this happened: this was supposed to be released after the upcoming release of 10.11.4, which could contain a security patch for the Apple Ethernet Kernel Extensions that were blocked yesterday. Kernel Extensions are blocked based on name and version identifier. If the Kernel Extensions were revised upward – say, for a security release – then it’s very possible that this is the reason things were done.

What remains to be seen is why they released this change now as opposed to after 10.11.4 shipped and had been in the field for some time. Given the catastrophic affect on systems, though, it’s possible this was just an intern with a faulty commit button that wasn’t caught. Neither make me feel warm and fuzzy about the state of software coming from Apple.