Apple Accidentally Blacklists Own Ethernet Kernel Extension

This afternoon, Apple released a background update that accidentally blacklisted their own Ethernet kernel extension. These background updates are generally not user-facing. The system will perform a daily check for these updates and apply them without notification. Users whose systems installed the update, marked as com.apple.pkg.IncompatibleKextConfigData.14U2129 or Incompatible Kernel Extension Configuration Data 3.28.1, on reboot lost their Ethernet adapter’s functionality.

This is a result of Apple’s security processes working to disable kernel extensions Apple deems harmful. Also included in this update was the banishment of spyresoft’s Dockmod which somehow managed to get a kernel extension signed by Apple into production, in conflict with the security guidelines for OS X. This is a concern for a number of reasons, but that’s a matter for another day.

Fortunately, Apple realized their error in a short period of time, and pushed another Incompatible Kernel Extension Configuration Data update which removed the entry for the Ethernet Kernel Extension.

Are you concerned that you might be missing your Ethernet adapter? You can check. From a terminal, run
pkgutil --pkgs=".*compat.*"
This will then reveal all the Incompatible Kernel Extension updates. Look for:
com.apple.pkg.IncompatibleKextConfigData.14U2129
If you see both 14U2129 and 14U2130, you are up to date. If you only see 14U2129, you should run the following to get the update from Apple (likely over your Wi-Fi connection):
sudo softwareupdate --background-critical
This will update the background updates and apply them. You may need to reboot to enable the missing kernel extension.

Thanks as always to my fine colleagues Pepijn Bruienne, Rich Trouton, Allister Banks, Mike Lynn, and Ben Toms for contributing advice and code.

Update: Via Patrick Fergus comes an important update: another way to check is to use System Profiler. Look in Software > Installations, “Incompatible Kernel Extension Configuration Data”, 3.28.1 = 14U2129 = bad, 3.28.2 = 14U2130 = good, sudo softwareupdate --background-critical to update to the new version.

Update Two: Via Rich Trouton, a longer, more detailed examination of the issue. Still not sure how this one made it out of QA.

Update Three: Via many sources, Apple has provided a technote for those who were affected. In addition, Rosyna Keller has posited a reasonable theorem for why this happened: this was supposed to be released after the upcoming release of 10.11.4, which could contain a security patch for the Apple Ethernet Kernel Extensions that were blocked yesterday. Kernel Extensions are blocked based on name and version identifier. If the Kernel Extensions were revised upward – say, for a security release – then it’s very possible that this is the reason things were done.

What remains to be seen is why they released this change now as opposed to after 10.11.4 shipped and had been in the field for some time. Given the catastrophic affect on systems, though, it’s possible this was just an intern with a faulty commit button that wasn’t caught. Neither make me feel warm and fuzzy about the state of software coming from Apple.

Techno Bits Special: Apple, Encryption, the iPhone 5C, and what it all means

A special edition of Techno Bits due to yesterday’s court events surrounding the iPhone and Encryption:

Late yesterday, Apple released a letter to their customers, signed by CEO Tim Cook, concerning device encryption. Earlier in the day, a Federal Court, at the request of the Department of Justice, issued a technical assistance order to Apple to get them to comply. The phone belongs to a deceased person accused of shooting a number of people in an attack on a county facility in San Bernardino, California, and the iPhone 5C is locked. The FBI would like access to the locked device, presumably to determine whether the deceased was part of a terrorist cell, acting alone, or something even far more nefarious. Given the FBI’s mandate, it is not a surprise that they want access to the phone.

While this particular request is grantable (and attacks against A7 phones and later is not), it shouldn’t be granted, because we should not be giving anyone the ability to crack a locked iPhone, because developing those tools is admitting that they should be given to any government, not just ours.

Techno Bits vol. 60: Packaging Isn’t (Quite) Dead

This week in Techno Bits vol. 60: Packaging Isn’t (Quite) Dead yet, some feedback on last week’s issue that sparked a lot of commentary. There are updates to the idea of a future without packages and why we might not be there just yet that you should catch up on. I’ve also got a download of my favorite talks from MacADUK, as well as some commentary on the nature of getting ahead vs. doing good.

Techno Bits vol. 59: What if Packages Went Away Tomorrow?

This week’s newsletter contains highlights from the MacADUK conference, put on by Amsys in London, England this week. It was an incredible show where I got to talk with a lot of really great admins, kick around good ideas, ponder appropriate security changes necessary for our production environments, and plan for a better tomorrow. One particular discussion at the pub on Tuesday night lead to the longest section of this week’s newsletter: what if the end of the .pkg as we know it is upon us? What if the tool we use for deployment every day was suddenly curtailed by a change at Apple?

Read up and see why it might not be as awful as you think.

MacAD UK: A WiFi Toolkit

Mad Admin & Developers Conference UK

Chris Dawe from Wheelwrights LLC and I co-presented this deck at the Mac Admin & Developers Conference in London on Tuesday, February 9th 2016. Our focus was on leveraging native, 3rd party, and cross platform tools to help manage, troubleshoot and plan small, medium and large-scale WiFi networks across sites large & small.

Our presentation notes are available for download as a PDF file: A WiFi Toolkit – MacAdUK 2016

Some tools that we’ve mentioned include:

Some resources that are helpful:

Techno Bits vol. 53: 2015 Finale

In the final volume of Techno Bits for 2015, there’s a reminder of how important community is to our common interest, some news of changes afoot in Microsoft Office 2016 for the Mac, and a bunch of good links (Wi-Fi Keys! The Pixel C! Airwatch’s REST API! Craig Federighi!)

I’ll have a state-of-the-product post up next week on the future of Munki in a Box.