macOS Catalina 10.5 configuration

At the October 2019, Strait Macintosh User Group had a brief demonstration of how to securely configure macOS Catalina. However, as the meeting was only an hour long, and there were lots of questions, most of those in attendance emerged dazed and confused. This included the person giving the presentation, but Lawrence Charters promised to publish a guide to the major points covered. He implied it would be published soon. He was wrong.

But the configuration document is now complete, and can be found at this link:

Securely Configuring macOS Catalina 10.15

October 2019: Configuring macOS Catalina 10.15

The October 15, 2019 meeting of Strait Macintosh User Group focused on macOS Catalina 10.15. The meeting was held at the Sequim Library, 630 N. Sequim Ave., Sequim, WA. Notes by Secretary Kathleen Charters.

Business Meeting

Meeting called to order at 7 p.m. by President Sabrina Davis. Sabrina welcomed three new visitors. Treasurer Annalis Schutzmann reported the treasury stood at $386.75. In response to a question, Annalis said dues are $24 for 12 months, per family.

The November meeting will be November 19, and the December meeting will be December 17, both at the Sequim Public Library.

Before the meeting started, Vice President Lawrence Charters explained the confusion over the email meeting announcement. Sabrina asked him to repeat the story…

Wave Broadband and Google Mail in conflict

Wave Broadband, the leading Internet Service Provider (ISP) on the Olympic Peninsula, had a surplus of problems in October. Lawrence has a Fingbox which, among other things, performs network security functions, and also checks for Internet slowdowns and outages. In the first two weeks, his Fingbox recorded six complete outages of an hour or more, and dozens of slowdowns and mini-outages.

One of these outages occurred late Friday, October 12, just as he sent off a message to the 293 addresses in the Strait Mac mailing list. This one message did make it to Wave Broadband, where it was expanded into 293 messages — which were held for four hours. When they were eventually delivered to Google (the straitmac.vicepresident account is on Google Mail), Google generated a bunch of cryptic error messages and bounced them back because they were suspiciously delayed. Google Mail only allows 500 messages in a 24 hour period, and the 293 outgoing messages and 293 incoming messages effectively shut down the account for a day.

Unaware of the problem, Lawrence was surprised to get a message from Sabrina on Monday, October 14, asking about the meeting. Lawrence did some research, found out about the 500 messages a day limit, and decided to send out a second message — just as Wave had a six-hour outage. The 293 outgoing messages and 293 bounces again shut down the account.

On Tuesday, October 15 (the day of the meeting), Lawrence sent out a message from his personal (not SMUG) account, and that one, thankfully, did reach everyone.

This story prompted a number of questions about Internet connectivity on the Olympic Peninsula, none of which have particularly encouraging answers. Except: do not have your only mail account on Wave, or Olypen, or any other local ISP (Internet Service Provider).

And now for the presentation —

Securely installing macOS Catalina

Security professionals recommend the following steps to securely install an operating system:

  • Do a full backup of your system.
  • Erase your hard drive — completely.
  • Do a “clean install” of your operating system (i.e., do a full install by downloading macOS Catalina directly from Apple, without any remains of a previous operating system, data, preferences, or anything else).
  • Do a “clean install” of all your applications.
  • Restore your data from your backup.

Except in government and corporate environments, hardly anyone ever does this. It is a lot of work.

macOS Catalina for Real People

Most living, breathing people should do this. It is less work. It is also less secure, but not that much less.

Preparation

Before anything else, run Disk Utility (you can find it in Applications > Utilities) and use First Aid to check the health of your hard drive. If your hard drive displays any problems, correct them before upgrading.

Press the First Aid button to check the health of your drive. You should get in the habit of doing this regularly, but especially before a major upgrade of the operating system.
Press the First Aid button to check the health of your drive. You should get in the habit of doing this regularly, but especially before a major upgrade of the operating system.

What does First Aid check? For one computer called Portacray, it checked a whole bunch of things. An “exit code” of 0 (zero) means everything was normal:

Started file system verification on disk1s5 Portacray
Verifying file system
Volume could not be unmounted
Using live mode
Performing fsck_apfs -n -l -x /dev/rdisk1s5
Checking the container superblock
Checking the EFI jumpstart record
Checking the space manager
Checking the space manager free queue trees
Checking the object map
Checking volume
Checking the APFS volume superblock
The volume Portacray was formatted by diskmanagemen (1412.0.28.171.1) and last modified by apfs_kext (1412.11.7)
Checking the object map
Checking the snapshot metadata tree
Checking the snapshot metadata
Checking snapshot 1 of 2 (com.apple.TimeMachine.2019-10-19-074436.local)
Checking snapshot 2 of 2 (com.apple.TimeMachine.2019-10-27-120314.local)
Checking the extent ref tree
Checking the fsroot tree
Verifying allocated space
The volume /dev/rdisk1s5 appears to be OK
File system check exit code is 0
Restoring the original state found as mounted
Finished file system verification on disk1s5 Portacray

After confirming the disk drive is in good shape:

  • Do a full backup of your computer. The easiest, cheapest, most thorough way to do this is through Time Machine. It comes with your Mac, it is easy to use, and as long as you don’t futz with it, it does an excellent job.
  • Make sure your computer is compatible with Catalina: https://support.apple.com/en-us/HT210222 (But do this after the backup, since you should do a backup even if you aren’t upgrading.)
  • Update or remove all applications that are not 64-bit.
    • It doesn’t hurt to leave them as-is, but since they won’t work with Catalina, you might as well clear them out.
    • Got to Apple menu > About This Mac > System Report
    • Scroll down to Software > Applications
    • [Wait for the list to build then] Go to the extreme right column, 64-Bit (Intel) and sort the list by clicking on the heading. Update or remove anything important listed as “No.”
    • A good way to remove applications, plus their preference files: Appcleaner from FreeMacSoft. It is free.
    • If using the System Report is too much trouble (and it is awkward), an alternative: go to St. Clair Software, https://www.stclairsoft.com/Go64/ and download Go64. It produces a nice, annotated report, and yes, it is free.
Go64 report showing non-64 bit applications.
Go64 report showing non-64 bit applications. Worth noting: the Apple applications will be taken care of automagically by Apple. Most of the flagged Adobe applications are old, obsolete utilities. Adobe has a bad habit of not cleaning up after itself when updates are installed, and some of these leftovers are a decade old or more.
  • Empty the Trash.
  • Clean out everything from your Downloads folder.
  • Empty the cache from your browsers. All of them (Safari, Firefox, Chrome, whatever).
  • Clean up everything from your Desktop.
  • Update any existing applications that need updates.

Upgrading to Catalina is relatively simple

  • Make sure your computer is plugged into power, your Internet connection is solid, and the weather isn’t going to futz with power or Internet access.
  • Download macOS Catalina directly from Apple. Under Mojave, you would do this through System Preferences > Software Update.
  • Once downloaded, it should take anywhere from 15 to 30 minutes to install Catalina, answer all the startup questions, and log in again.

After you are finished and log in, you may see a curiously named folder on your desktop, Relocated Items.

Following a MacOS Catalina installation, you may notice a folder on your desktop called Relocated Items. In this screenshot, "Portacray" is the name of the computer's hard drive, complete with a custom icon. That's irrelevant to the Relocated Items, but some have asked if it has any special meaning. Nope; it is just a nerd joke.
Following a MacOS Catalina installation, you may notice a folder on your desktop called Relocated Items. In this screenshot, “Portacray” is the name of the computer’s hard drive, complete with a custom icon. That’s irrelevant to the Relocated Items, but some have asked if it has any special meaning. Nope; it is just a nerd joke.

This folder is really an alias (a pointer) to information that used to be in your System folder (operating system directory), but is not allowed under Catalina. In years past, developers (Adobe, Microsoft, zillions of small developers you don’t remember, and even Apple) stuck things in the System folder, but under Catalina’s vastly expanded security, this stuff is no longer allowed there. Nothing in the folder is active or useful; Apple stuck it there in case you recognize something, and want to ask the program’s developer for an update, or advice on what to do with it. Or (most likely), you find it is no longer useful, and you just toss it.

The folder, if it is produced, has a PDF file that (sorta) explains why it exists:

During the last macOS upgrade or file migration, some of your files couldn’t be moved to their new locations. This folder contains these files.

Configuration files

These configuration files were modified or customized by you, by another user, or by an app. The modifications are incompatible with the recent macOS upgrade. The modified files are in the Configuration folder, organized in subfolders named for their original locations.

To restore any of the custom configurations, compare your modifications with the configuration changes made during the macOS upgrade and combine them when possible.

You can delete the alias from your desktop; it doesn’t need to be there, and deleting it doesn’t delete anything else.

Securing macOS Catalina

This isn’t very difficult, but the process requires quite a few screenshots and has been moved to a stand-alone page. Most of the material applies to previous versions of macOS, too, though the screenshots used are from Catalina. Click the link below:

Securely configuring MacOS Catalina

Questions and Answers

Q: You mentioned you use 1Password for storing passwords. Does that mean I can get rid of Keychain?

A: 1Password is a commercial password manager for Macs, iPhones, and iPads. It has a much more user-friendly interface than Keychain Manager, or the Keychain Access management utility (located in Applications > Utilities). No, you can’t get rid of Keychain; it is the part of the Mac and iPhone and iPad operating systems that handles passwords. 1Password is essentially an easier to use editor for Keychain than Keychain Access.

Q: When you tell your browser to automatically log into a website, is that safe?

A: If the website is not something that handles your identity or reputation, or financial records, sure. But if a site deals with your reputation (Facebook, Twitter, LinkedIn) or finances (IRS, Social Security, credit unions, banks, credit card companies, etc.), no, you don’t want your browser to automatically log in. Anyone sitting down at your computer, or anyone who steals your computer, could automatically log into any of those websites.

Q: If upgrading to Catalina is a hassle, why should I?

A: It isn’t that much of a hassle. If you have a bunch of out-of-date applications that can’t be upgraded, it means they are already security threats to your machine. Current and future software vendors will not support anything except 64-bit applications, and not upgrading won’t really do you any good.

For a variety of technical reasons, 64-bit applications are genuinely more secure, as well as faster. They will also take up less space on your hard drive, since the software companies will no longer have to wedge both 32-bit code and 64-bit code into their applications.

Q: Is Avast antivirus software good for scanning for malware?

A: Yes, but keep in mind that the way it works, it is scanning for malware constantly, even though your Mac may have never run into a piece of malware. Government agencies, teachers, accountants, lawyers, and certain other professionals should use an always-on malware scanner, but I prefer on-demand malware scanning. The one I use is called Bitdefender, available through Apple’s App Store, and it runs only when I tell it to run. I have a calendar entry to tell me to run it once a month.

Lawrence also showed the hidden, zippered pocket that he has in his polo shirt for holding his iPhone. The shirt was made by ScotteVest, which has a wide range of vests, coats, sweaters, shirts, skirts, shorts, etc., with “invisible” pockets for holding electronics. Lawrence explained that when he goes to the airport, he puts everything he wants into various pockets of a ScotteVest vest (watch, keys, wallet, passport, earphones, etc.) and, when he gets to the TSA screening area, takes the vest off and puts it in a bin. Then he picks it up on the other side of X-ray. Some of the men’s and women’s coats and vests have pockets large enough to hold a 10″ iPad.

November meeting: files

The November 19, 2019 meeting will have as the topic: organizing files. Apple tries hard to make organizing files easy, but life doesn’t necessarily easily separate things into Documents, Downloads, Movies, Music, Pictures, etc.

Other topics for future meetings mentioned were: Introduction to Google Drive (Google Docs, Google Sheets, Google Slides, Google Forms, Google Maps, Google Sites, Google Photos, Google Keep, etc.), iPadOS (and integration with macOS), health care devices and apps, WordPress, and support alpacas. (It is possible that support alpacas don’t exist, and only Lawrence seems interested, and they probably have nothing to do with Macs or iPhones or iPads.)

September 2019: macOS Catalina Preview

The September 17, 2019 meeting of Strait Macintosh User Group focused on macOS Catalina 10.15. The meeting was held at the Sequim Library, 630 N. Sequim Ave., Sequim, WA. Notes by Secretary Kathleen Charters.

Business Meeting

Meeting called to order at 7 p.m. by President Sabrina Davis.

Sabrina welcomed new members and reviewed the group’s finances. In July, dues were set at $24 per family per year. Using dues collected at the July 2019 meeting, treasurer Annalis Schutmann and Secretary Kathleen Charters opened a checking account for SMUG, with a beginning balance of $414. After checks and other fees, this left the group with a balance of $386.

Vice President Lawrence Charters requested that we spend a large portion of this money to finish setting up the SMUG website on WordPress.com. While the site is working as designed, hosted for free, there are limits on what you can do with a free site: you can’t use a custom domain name (every WordPress.com site is going to end in xxx.wordpress.com), there is no technical support, there are severe limits on how much server space you can use, there are limits on how much you can customize a site, you cannot keep WordPress.com from posting ads on the site, you can’t link to social media, etc. The cost for all of this would be less than $150/year, though how much less is not certain.

There are alternatives, with the same benefits for less than $100/year. One big advantage of using WordPress.com: everything can be built and administered with only a web browser. There is no need for specialized software, no arcane knowledge of Unix or HTTP or PHP or various other odd combinations of letters, numbers and symbols, and multiple people can help populate the site with content.

There was a discussion about reusing the existing SMUG domain, straitmac.org. The site domain registration runs out in April 2020 [at the meeting, it was thought it might be December 2019, but checking, it is 4/4/2020], and the site is hosted on plypen.com. Olypen told SMUG last year that they could not support many of the features SMUG wanted without a doubling of the $100/year price.

Hosting the site elsewhere (GoDaddy, Blue Host, etc.) would be less expensive, but would require a higher level of technical knowledge, and while this wouldn’t be a problem for Lawrence, the group felt more comfortable with the idea that wordpress.com required “only a web browser,” with WordPress.com caring for the updates and infrastructure. The motion to spend the money to build out the site on wordpress.com was moved, seconded, and passed unanimously.

Sabrina asked if it would be possible to post ads to buy, sell or trade Macs and iPhones on the site, and Lawrence cautioned that, as SMUG is a non-profit, the organization has to refrain from activities that might appear to be commercial. The group discussed alternatives (Craigslist, Next Door, etc.), including possibly using the group email list. Some members expressed concern about using the email list as “one person’s ad is someone else’s spam.”

A visitor asked how to become a member, and what, exactly, SMUG did. The answer (from a number of people) was: Strait Macintosh User Group (SMUG) is a non-profit organization that meets monthly or, sometimes, bi-monthly, and discusses Macintosh hardware and software, iPhone hardware and software, iPad hardware and software, Apple Watch hardware and software, etc. Family memberships are $24 per year. At present, the major expense will probably be the website. Currently, meetings are in Sequim, but there have been some requests to hold meetings in Port Angeles. A message will be sent out to the mailing lists asking about interest in holding Port Angeles meetings.

Topics suggested for future meetings:

  • How to organize files
  • Introduction to Google Drive, Docs, Sheets, Google Keep
  • How to securely configure a Mac
  • How to securely configure an iPhone

Presentation: Preview of macOS Catalina

At Apple’s Special Event on September 10, 2019 (you can see the entire video on Apple’s site https://www.apple.com/apple-events/september-2019/), Apple said Catalina would be out “in October,” with nothing more specific. iOS 13 and watchOS 6 will be out September 19, and Apple TV 6 and iPad OS 13 (really, the first version, but apparently it will be called 13) should be out the last week of September.

Apple’s event was only focused on hardware and services, introducing new phones, watches, and an iPad, plus a brief review of Apple TV+ and Apple Arcade. Yet even though Catalina was only mentioned in passing, it is a huge advance for macOS, as it will be the first version of any Mac operating system that is 64-bit only; it will not run 32-bit software, or (for that matter), 16-bit or 8-bit. This is a security measure, and a powerful one.

Moving to 64-bit was first pioneered by iOS 11 on the iPhone and iPad. Since that time, iOS devices use only a 64-bit ARM processor and run only 64-bit software. These steps not only made iPhones and iPads faster, but also more secure, for reasons that are very real if a bit hard to explain. Catalina’s move to support just 64-bit processors and 64-bit applications should also see an increase in speed and efficiency, as well as security.

Lawrence did not advise anyone to install the beta of Catalina, unless they happened to have a Mac they are willing to erase at some point. Significant parts of the operating system are still in test. For one thing, any 32-bit applications they have will simply not work. Lawrence demonstrated this by showing that the scanning software he used for his scanner is dead (the manufacturer has released an entirely new suite to replace it), and Apple’s Aperture photo management software is — dead.

Aside: Asked what he uses instead of Aperture, Lawrence said that Apple’s “replacement” for Aperture was Apple Photos, which is free to everyone with a compatible Mac. Apple Photos is quite good, but Lawrence went a different route, and is now using Adobe Lightroom. For people who don’t have tens of thousands of photos, Apple Photos (available for Macs, iPhones, and iPads) is probably more than adequate.

Lawrence then demonstrated one huge advance in Catalina: all user data is on its own disk partition, separate from the operating system. Putting the operating system on its own partition, and then severely limiting access to that partition, vastly improves security. Lawrence demonstrated this by booting into Recovery Mode, launching Disk Utility from the Recovery Partition, and then showing the three partitions of the drive: the Recovery partition, the operating system partition, and the user data partition.

macOS Catalina puts the operating system in its own partition (on this machine, the partition named "Portacray"), separate from all user data (the highlighted "Portacray-Data" partition). The partition used for the Recovery Partition is at the bottom, "macOS Base System."
macOS Catalina puts the operating system in its own partition (on this machine, the partition named “Portacray”), separate from all user data (the highlighted “Portacray-Data” partition). The partition used for the Recovery Partition is at the bottom, “macOS Base System.” Click on the image for a closer look.

As soon as Catalina comes out, Lawrence intends to put it on all his machines except one (and that machine, a Mac mini, is too old to support it, anyway).

Speaking of the Recovery Partition, Lawrence strongly encouraged everyone to learn how to use the Recovery Partition before they had an emergency. The Recovery Partition allows you to launch Disk First Aid (to check the hard drive), to reinstall macOS, to restore a drive from a Time Machine backup, to get help online (the Recovery Mode can use Ethernet or Wi-Fi to reach the Internet), to use Network Utility to check network connection, and to use Terminal to use command-line utilities and diagnostics. Booting the Recovery Partition is easy: restart the machine and hold down ⌘ and R until you see the Apple logo or a spinning globe. More information on the Recovery Partition can be found on Apple’s website at https://support.apple.com/en-us/HT201314

Not all Macs are compatible with Catalina. For a complete list, see Apple’s listing at https://support.apple.com/en-us/HT210222

Macs compatible with macOS Catalina, from Apple's website.
Macs compatible with macOS Catalina, from Apple’s website.

Aside: Lawrence was asked how to tell which model Mac you might have, since Apple tends to call all their Macs by certain broad names. In order to see what model you have, go to the Apple Menu, select About This Mac, and your Mac’s model and model year will appear.

Under the Apple Menu, About This Mac will tell you what model Macintosh you are using. In this case, the Mac is an iMac 21.5 inch, 2017.
Under the Apple Menu, About This Mac will tell you what model Macintosh you are using. In this case, the Mac is an iMac 21.5 inch, 2017.

Even if you do not plan to upgrade to Catalina, you should immediately go to the Apple App Store and download macOS Mojave. Once Catalina is released, Mojave will not be offered on the App Store for download.

And if you do not think you want to install Catalina, reconsider. With Catalina’s release, Apple will also release acknowledgment of various bugs and vulnerabilities patched in Catalina, and thank the developers who found them. Hackers will immediately use this list of bugs to start attacking Macs that have not been updated.

If you have an older machine that cannot be updated, considering retiring it, and getting a new Mac. Or at least getting a newer Mac. Older Macs that are compatible with Catalina are available from various resellers, or from an individual wanting a newer machine.

As mentioned earlier, Catalina will not launch 32-bit applications; only 64-bit applications. Before installing, you should check for all 32-bit programs on your machine. There are two ways to do this, one easy and another a bit more difficult. The easy way: St. Clair Software has released a free program, Go64, which will inventory every application on your machine and present a nice, neat listing of applications that are 32-bit, 64-bit, or a mixture of both. The listing is sortable, and includes the website of the developer, in case you want to go and check to see if an application has a newer, 64-bit version available. You can get Go64 here: https://www.stclairsoft.com/Go64/

The slightly more difficult way is also free. Go to your Mac’s Apple menu, select About This Mac, press the button called System Report, scroll down to the bottom, where Software is listed, select Applications, and then – wait a bit. Your Mac will build a listing of every application on your machine, and the right-most column, labeled 64-bit, will show a Yes if something is 64-bit and No if something is not. The columns are sortable, so click on the 64-bit column heading to clump all the “No” responses together. This isn’t quite as easy to use as Go64, but it is built right into your Mac.

Lawrence wanted to demonstrate a neat new feature of macOS Catalina and the new iPadOS: the ability to use an iPad as an additional screen for your Mac. Not only can you use an iPad as an additional screen, but you can draw on the iPad, and then use your drawing on the Mac (assuming the iPad and Mac have programs that are compatible with one another). This new capability is called SideCar.

Unfortunately, Lawrence’s MacBook Pro is new enough to support Catalina, but too old to support SideCar. The list of supported Macs is fairly short:

  • 27-inch iMac (Late 2015 or newer)
  • iMac Pro
  • MacBook Pro (2016 or newer)
  • MacBook Air (2018)
  • 12-inch MacBook (early 2016 or newer)
  • Mac mini (2018)
  • Mac Pro (2019)

In addition to the speed and security improvements, Catalina also comes with some revamped applications:

  • Reminders – brings some nice improvements, but Lawrence did not test it as the first thing it did was prompt him to upgrade a whole bunch of devices to iOS 13 and Catalina, which really aren’t out yet.
  • Notes: Catalina adds a nice thumbnail gallery view, which is considerably more useful than the current listing of first lines of notes.
  • Find my: this new application replaces Find iPhone and Find Friends, and now works on iPads, iPhones, and Macs. It works by mapping device locations to the closest Internet access point, which may be a Wi-Fi router in a home or a mobile telephone tower on a different continent.
  • Music: iTunes has been split apart, into a new Music application and a separate Podcast application. This closely matches changes introduced on iPhones and iPads.
  • Apple TV: an Apple TV app was added to iOS last year, and now it is available on the Mac, too. It supports Apple’s new streaming service Apple TV+, and also handles any movies you may have purchased through iTunes. Note: it does not provide local broadcast TV service. For that, look at something like YouTube TV, from Google, https://tv.youtube.com/

Lawrence recommended not connecting Macs running older operating systems to the Internet. Want to use them for playing non-Internet games? Fine. Want to use them for scanning things using an old scanner? Fine. But keep them off the Internet; no email, no web browsing. Virtually all Mac security compromises come from email or web browsing.

One individual stated that he connects multiple hard drives to their Mac, with different operating systems, allowing them to “revert” to an older operating system just by rebooting. Lawrence strongly recommended not to do this. When you boot an operating system from disk, the operating system changes how your Mac uses memory, changes what is in memory, changes how it accesses and stores things on disk, and, in newer operating systems, also encrypts memory. Switching between operating systems on the same Mac runs a high risk of corrupting data on the hard drive and losing everything stored on a drive, without hope of recovery.

One way to maintain old operating systems safely: Parallels. Parallels Desktop for Mac ($79.99) allows you to create “virtual” machines that run on your Mac. You can run Windows 10 (you still need a copy of Windows 10), Linux (you can download Linux for free), or older versions of macOS. These operating systems will run on “top” of Catalina, which was the inspiration for the name Parallels. https://www.parallels.com/products/desktop/

Lawrence was asked about Fusion, which is another software virtualization tool. Fusion is popular with system administrators because most of them are trained in Windows, and VMWare (which makes Fusion) also makes one of the most popular virtualization packages for running on Windows machines. And there is the problem: Fusion is not as fast as Parallels, and is not particularly Mac-like. But it does work. https://www.vmware.com/products/fusion.html

The meeting ended with a Question and Answer session. The rule for this section: the question and the answer should be something that can reasonably be asked in three to five minutes.

Questions and Answers

Q: How do you turn off storing the location of a photo on a specific photo? I don’t want that information uploaded with photos to social media.

A: The iPhone stores the location of where a photo was taken (or at least a guess) inside of every photo as GPS metadata. This is a good thing, as it helps you remember what and where you were when you are sorting through photos. Rather than turn on and off this setting on specific photos, it is much easier to simply remove the metadata from photos with an application. The Apple Mac App Store has free utilities to remove metadata; search for “remove photo exif” data and you should find several.

Q: What should I do if a machine is sluggish?

A: First thing: check hard drive health. Use ⌘-spacebar to bring up a search box on your Mac, type in “disk utility” and press enter. This will find and launch Disk Utility. Click on the first tab, First Aid, and have Disk Utility check your hard drive to see if the directory is healthy. If you see any errors, have Disk Utility fix them. If Disk Utility cannot, seek professional assistance.

Beyond that: most people think their computer is sluggish because their Internet connection is slow. A great many things, even searching your hard drive, trigger connecting to the Internet, and if your Internet connection is slow or unreliable, your computer will seem sluggish.

Another common problem specific to web browsers: cache bloat. Your web browser stores bits and pieces of websites on your machine, to increase the apparent speed of sites that you visit over and over. After a while, you end up with thousands, or tens of thousands, of small web bits and pieces on your computer, and it takes a while for your browser to sort through all that stuff. Cleaning the cache can not only speed up your browser, but also recover gigabytes of disk space. Note: emptying the cache may also delete cookies, and if you commonly have your browser store your password, this could keep you out of some websites.

Speeding up Apple Mail: empty out your Junk folder. Some people have tens of thousands of messages in Junk Mail. Empty it. Clearing out Junk Mail and deleting old messages greatly reduces the amount of stuff that Mail has to sort through, and speeds it up immensely.

Don’t store stuff on your Desktop. It is OK to have a document or three, but some people literally cover their desktop with documents and other things. Each time your Mac boots, or you interact with the Desktop, your Mac must sort through all that stuff.

Q: Should I wait for phones with 5G before upgrading my iPhone?

A: 5G doesn’t really exist, despite what commercials on TV might suggest. If and when 5G is deployed, it will appear in large cities long before it appears in Clallam County or Sequim. If you need a new iPhone or iPad, don’t worry about the semi-mythical high-speed 5G services; you won’t miss them, probably for several years.

Similarly, don’t worry about computers or routers supporting Wi-Fi 6. In theory, Wi-Fi 6 is 40% faster than Wi-Fi 5 (previously called 802.11ac). For virtually all of us, our home Wi-Fi router can provide far, far faster speeds than our ISP (Internet Service Provider) can support. In Clallam, most people have broadband Internet speeds of 5 to 10 Mbps (megabits per second). A Wi-Fi 5 router can support speeds of up to several gigabits per second – until it hits your ISP’s cable box, at which point it will be literally a thousand times slower.

Q: Can you use Wi-Fi to improve phone reception?

A: Yes, sometimes. Both AT&T and Verizon support what they call “Wi-Fi calling.” This essentially uses your home’s Wi-Fi and your ISP’s cable service to help send and receive phone calls. You can turn this on under Settings > Cellular > Wi-Fi Calling > On. It doesn’t cost anything extra, and for some people, it may be the only way to get mobile phone service in your home or office.

Q: [General question about 911 service and emergencies.]

A: Several people noted that the Great Washington Shakeout will be held October 17. This is a state-wide, voluntary exercise to prepare an emergency plan for your home and office, and test it on October 17. Given that Clallam County is at the edge of the Cascadia Subduction Zone, and that Clallam has limited access (due to a floating bridge, mountains, an ocean, and few highways), and no electrical power is generated on the peninsula, and the nearest large city is in another nation, and … generally speaking, you should check out the website and participate in the exercise: https://www.shakeout.org

Next meeting

The group decided the October 15 meeting would be on Securely Configuring macOS Catalina. Most of what will be presented also applies to Mojave, High Sierra, and Sierra, in case you haven’t upgraded by then.

The meeting will be at the Sequim Public Library, and begin at 7 p.m.

Note: SMUG received some email messages about the meeting starting “before 7 p.m.” It was explained that, during meeting setup from 6:30-7 p.m., those present did engage in technical gossip about Macs, iPhones, Apple TV, and other things, but the meeting itself didn’t start until 7 p.m., and the presentation started around 7:15. If you arrive early and want to talk about “Mac stuff,” that is fine, but the meeting and program start at 7 p.m.

July 2019: Questions and Answers

Questions were the topic of the evening for the July 16, 2019, Strait Macintosh User Group meeting. The meeting was held at the Sequim Library, 630 N. Sequim Ave., Sequim, WA. Notes by Secretary Kathleen Charters.

Business meeting

The meeting started off with President Sabrina Davis answering questions about recent history, covering such topics as “What happened to our treasury?” [Some former members donated it to Shipley Center, without participation by the current SMUG members or officers, and without holding a meeting.] “What happened to our equipment?”[Donated to Shipley.] and “What do we want to do going forward?”

Going forward, the group decided to hold meetings more or less monthly to get back on track, with the next meeting Tuesday, September 17, at 7 p.m. at the Sequim Public Library. Yes, this means “monthly” doesn’t include August, due to schedule conflicts.

Some members expressed concerns about meeting during the winter months, when it gets dark early and the weather might be unpleasant. This will be discussed some more, as the group is not committed to meeting Tuesday evenings; there are other perfectly good days of the week, and we could meet during daylight hours. We’ll discuss this again in September.

Funds were also an issue. There have been complaints that the new website has advertisements (as some said, “obnoxious ads”) which is a consequence of the free hosting available on WordPress.com. Fixing this, and coming up with a SMUG-specific domain name, would cost money. If we rented space somewhere, that would also cost money; the Library is an excellent location, but the meeting space is quite small (technically, we are supposed to be using only half the space we’ve occupied at the last two meetings).

It was moved, and passed, that dues be set at $24 per year. Treasurer Annalis Schutzmann collected dues from most of those in attendance. [Subsequently, Annalis and Secretary Kathleen Charters set up a SMUG bank account.]

Open Question and Answer (Q&A) session

There were two rules:

  1. The questions had to be about Apple products (hardware or software), and
  2. The questions and responses should take no more than three to four minutes to answer.

Anything more complex will have to be deferred.

Vice President Lawrence Charters conducted the Q&A session.

My Laptop can’t download mojave

Just from looking at the laptop from across the room, it is clear the MacBook Pro has an optical disc drive, which means it is fairly old, as Apple hasn’t shipped a laptop with an optical drive since 2012. As for why Mojave is not supported: Mojave (macOS 10.14) is a 64-bit operating system, and older Macs do not have CPUs (the main “computer”) capable of supporting 64-bit operations. Mojave also uses the video card as if it was another CPU, speeding up not only video but file compression, among other things, and older video cards do not support such operations. Since virtually all Macs, laptop and desktop, have a single circuit board holding the CPU, the video card, and all the supporting chips and circuitry, it isn’t economically or technologically feasible to replace the pieces; a newer machine is the only option.

Incidentally, a “newer” machine does not necessarily mean “brand new.” Apple sells refurbished machines from their websites (with new warranties).

As for why a 64-bit operating system is important: not only are these faster (allowing you to get more speed and efficiency on supported hardware), but they are also much more secure. This is true not only for Macs; iPhones and iPads have been 64-bit-only for several years, and Microsoft is now strongly pushing Windows 10 users to use 64-bit versions of Windows 10. In the Windows world, this has created massive problems, as literally a billion Windows machines are running insecure versions of Windows.

is it wise to beta-test new Mac OS?

Running beta (pre-release) versions of operating systems on your iPhone, iPad, or Mac is only a good idea if a) you have another perfectly useful machine to do important work and b) you are prepared to erase everything on the machine you use for beta-testing. And “erase” means everything: all data, all applications, and the operating system itself. Beta versions of operating systems are intended to test things to see if they break, and, if they do, how they break; they are not designed for you to test drive.

Note, too, that it takes time to download beta versions of operating systems, time to install the software, and sometimes time to reinstall the software, as one of the things being tested is the installer itself. Also, Apple recommends erasing all beta versions of an operating system (which requires erasing the entire drive) before installing the release version. If you do decide to try the beta versions of an operating system, make sure you have an iCloud account with enough room on it to hold everything on your machine — all data, and all applications — as it gives you some chance to recover in case something goes horribly wrong. “Going horribly wrong” is the whole purpose of beta testing.

what about running another operating system from another drive?

You should never try and have two different operating systems installed on the same machine, even if they are on different drives, as this can corrupt the operating systems and your data. When a Mac boots, it scans all connected drives and based on what it finds, it makes changes in memory to accommodate what it thinks is appropriate for the operating system — and these changes could cause damage when you switch back and forth between the two operating systems. It may make changes to whatever drive is not the boot drive — changes in initial boot parameters, changes in which drive is booted first, changes in preferences for applications, etc. — and those changes can corrupt your data, your applications, and either or both operating systems.

After upgrading to high sierra, not able to access files

High Sierra (macOS 10.13) is much more strict about how applications perform, and if an application does things in an insecure fashion, it simply won’t allow the application to launch. High Sierra also changes the file system on the internal drive (on machines with solid-state drives), which also makes all previous disk analysis and disk management utilities obsolete. Most of the changes in High Sierra are focused on speed, efficiency, and particularly security. If your application doesn’t run anymore, you need to upgrade to a later, supported, more secure version.

I’m getting a warning my application is not optimized for operating system

I’ve run this: the scanner software for my Fujitsu scanner is flagged by my Mac as “[This app] is not optimized for your Mac and needs to be updated.” It is essentially a warning that it is a 32-bit application and absolutely will not run under macOS Catalina 10.15, the next version of the Mac operating system. You need to either get the vendor to update the software, or buy a new version, or find a replacement.

[Fortunately, Fujitsu did come out with a free update the next day.]

Is it important to upgrade? Are Macs really vulnerable?

Yes, you should upgrade, and yes, Macs are vulnerable. The biggest reason they are vulnerable: the Mac user “invites” malware onto their machine.

In the past, the largest source of malware (malignant software) on the Mac was Adobe Flash. Adobe has abandoned Flash (in 2017), and because it is no longer supported, it continues to be a problem. Today the most common vulnerability comes through PDFs, (another Adobe product). A PDF document is essentially a program and hackers “tag” PDF documents with programs that can compromise your Mac.

Apple operating system upgrades are free; the alternative is to never connect a device without upgrades to the Internet.

Is there something we can use to protect ourselves?

Generally don’t recommend installing anti-virus software unless you are a teacher, a lawyer, or someone else who gets a constant stream of documents from strangers. The anti-virus packages for Macs are quite good, but generally, the only things they find are Windows viruses, which your Mac ignores.

The best defense is to install the operating system and application updates as they become available. Among other things, this ensures that Gatekeeper is updated. Gatekeeper is Apple’s background technology that automatically (if you keep the operating system updated) downloads profiles of malware and malicious websites. If you try and visit a suspicious website with Safari, Safari will pop up a warning telling you to go away. If you attempt to download a malicious software package, Gatekeeper will put up a warning.

Does gatekeeper only work with Safari?

Yes, Gatekeeper only works with Safari. Chrome, however, has similar technology, and Chrome tests for updates every time you launch it. Speaking of browsers, Microsoft has released a beta version of Microsoft Edge, their browser. Like Chrome, the new Microsoft Edge is based on Chromium, which is Google’s browser technology. Chromium, in turn, was originally based on WebKit, which is Apple’s technology.

If you are interested in the Microsoft Edge beta for the Mac, visit: https://www.microsoftedgeinsider.com/en-us/ Note: this is a beta, so don’t use it for anything critical.

Should I use MacKeeper?

MacKeeper is not something you should have on your Mac. It is heavily advertised, and many people have installed it accidentally. If you have it, get rid of it. MacKeeper does not tell you how to uninstall it; it is complicated and annoying, and once installed, it slows your machine down and constantly prompts you to upgrade to a paid version. Many people have to pay a consultant to remove it. Here are two different sets of instructions for removing it. Pick one or the other, and don’t skip any steps:

https://www.lifewire.com/remove-mackeeper-4150011

https://www.macworld.com/article/2861435/how-to-uninstall-mackeeper-from-your-mac.html

Free software training

The Sequim Library, as part of NOLS (North Olympic Library System), has as part of its service free access to Lynda.com. Lynda.com has some of the best online software courses on how to do everything from using Microsoft Word to how to write code in PHP for building a website. Ask the library for more information; normally, Lynda.com courses are $60 or more apiece.

Have had problems uploading movies from iPhone 5s

The iPhone takes great movies — but movies are much larger than photos. To upload them, you have to spend a lot of time waiting for them to upload. If you are trying to sync them to iCloud, it can also take a long time. You also have to make sure you have enough space in iCloud to hold them.

To check your available space on the iPhone, go to Settings > General > About, and scroll down to Capacity. Just below that is Available, which displays the available space left on the phone.

To check your iCloud space, go to Settings, and right at the top, press on your name, which opens up the Apple ID and iCloud settings. Scroll down to iCloud, press on the link, and you will see the storage capacity at the top. If you only have the free 5 GB account, and it is all in use, you won’t be able to sync video to iCloud.

When uploading video or syncing to iCloud, it is best to do this from home, using your home Wi-Fi, and the iPhone plugged into power. If you try to do this over a cellular connection, you will use up bandwidth in a hurry, and the sync process is slower. Or sometimes not even available as an option.

Speaking of cloud storage, everyone should consider getting a Google Photos account. You can save “unlimited” photos at high resolution, and up to 15 GB of data, for free. Not as well integrated as iCloud, but there is no reason not to sync to both iCloud and Google Photos.

Do you use offsite storage?

There are lots of “cloud backup” vendors. The one Lawrence uses is Backblaze, https://www.backblaze.com

BackBlaze runs a daemon (a Unix background process) that scans for new files and uploads them automatically; Lawrence has 10.5 TB in BackBlaze. It is perfect for disaster planning, protecting your data in case of a local power outage, or theft, or fire, or some other kind of loss.

Since Backblaze is in the cloud, it is not subject to any household or office or even any regional disaster; you can access the backup files from anywhere on the planet that has Internet access. You can restore files from anywhere, even onto a brand-new machine. If you have a lot of data [Lawrence has a lot of data], you can pay Backblaze a deposit and they will ship a hard drive (or multiple hard drives) to you for restoring files to your machine

why is cloud backup a good idea?

iCloud, and other “true” cloud services (Amazon, Google, Microsoft Azure, etc.) replicates data across millions of drives. If one hard drive fails, it automatically re-creates the data on another drive. The big cloud services are also replicated between regions. You can back up your Mac from your home in Sequim, and the cloud service will make copies of the data in other regions, so not even a regional outage will lose data.

While Apple, Amazon, Microsoft, and Google don’t publish any figures on how their infrastructures are built, a 2016 report estimated that Google has 2.5 million servers worldwide. That is a lot of redundancy. Other estimates put the figure at closer to 10 million.

Encryption is another benefit. Apple iCloud is encrypted by default, as is Google Drive (which includes Google Photos). The encryption ensures that you are the only one with access to your data, even in the cloud. In fact, since most people don’t encrypt their laptop or desktop machines, your data may be more secure in the cloud than at home.

Next meeting

The next meeting will be Tuesday, September 17, 2019, at 7 p.m. at the Sequim Library. The topic: A preview of what is coming with macOS Catalina, and if time, information on the new iOS 13 and iPadOS.

June 2019: Web browsers, continued

Web browsers continued as the meeting topic at the June 18, 2019 Strait Macintosh User Group meeting. In a change from the past, the meeting was held at the Sequim Library, 630 N. Sequim Ave., Sequim, WA.

While President Sabrina Davis and others set up the room for the meeting, Vice President Lawrence Charters hosted a Q&A (Question and Answer) session. The overarching rule: the question had to be about Apple devices, and the question had to be something that could be asked and answered in three minutes or less.

Q&A

Q: I have a new iPhone, and am having trouble moving photos from my old phone to my Mac to my new phone.

A: Once upon a time, you used iPhotos or iTunes or some combination of the two to move photos. Today, by far the best solution is to use iCloud. Every Apple ID account offers 5 gigabytes of space in iCloud for photos, messages, email, and documents. This is not enough for most people, so buy some more space (it is inexpensive, and you can do that through the iClouds pane in macOS System Preferences or through Settings > Apple ID (click on your name at the top) > iCloud > Manage Storage in iOS). This will allow you to move photos around between your iPhone, iPad, and Mac seamlessly, as long as you have an Internet connection.

Q: What do you think of the new Mac [introduced at the June World Wide Developers Conference].

A: The new Mac Pro coming out in Fall 2019 will have a minimum of 8 Xeon W core processors, 32 gigabytes of memory, and 256 gigabytes of solid state disk (SSD) storage. If this is too little, you can configure it with up to 28 Xeon W core processors, 1.5 terabytes of memory, and 4 terabytes of SSD storage. It will start at around $6000, The accompanying Apple Pro Display XDR for the machine (optional) will cost $5000 or $6000, not including the $1000 stand. One person mentioned that it justified getting a bumper sticker that said, “My other car is a Mac.” Highly configurable, very powerful, and not intended for the average user.

Q: I have not upgraded since Sierra; and am reluctant to upgrade. How vulnerable am I to security issues?

A: macOS Mojave, the current operating system, is faster and more secure on your existing hardware. It is like getting a rebuilt engine for an old car, for free, with new tires, airbags and seat belts. You may have to upgrade some software, but you gain a currently supported, secure operating system, much more capable of protecting your computer and your data.

Every time Apple patches their software, they release notes on what was patched and why. Hackers use these notes to discover and exploit weaknesses in machines that have not been patched so: upgrade your system, and stay current. Don’t delay.

Q: Do I need Flash?

A: Flash is a security vulnerability and Mojave tries to keep you from using this; it is not installed by default. Adobe stopped development of Flash in 2017, and will completely abandon it in 2020. If you use something that requires Flash, stop using it. Find an alternative.

Q: My computer is warning me that an application is not optimized for my system. What does that mean?

A: macOS is warning you that the application is not a 32-bit native application, and will not work with future versions of macOS. Apple, and Microsoft with Windows, is pushing 64-bit operating systems and applications as the standard, for security reasons. (iOS has been 64-bit only since iOS 11.) The next version of macOS, macOS Catalina, will not run 32-bit applications.

While some companies, chiefly game companies, have sent out messages warning users that their software will stop running if using macOS Catalina, the real problem is that the game companies aren’t upgrading to their software. If you really think life will end without some obsolete software package, buy a used Mac, put the game or other application on it, and don’t let that machine ever touch the Internet.

Think of that warning message as: “I am a piece of obsolete software on your computer. I’m making your computer vulnerable.”

Note that the move to 64-bit-only is not unique to macOS; iOS moved to 64-bit-only several years ago, and Windows 10 is now moving to 64-bit-only. Intego has a nice blog entry on why 64-bit is better.

Fire Fox, Chrome, Safari, Edge popular Web browsers; 2B androids in use but may not have working browser, 70-80 malicious software per device; iOS does not have malicious software because can upgrade devices; 1 Android (Pixel) gets Google updates but not many devices; may see warnings that an app not optimized for new OS; game manufactures warn if upgrade to OS Catalina games may not work anymore; 64bit processors since 2003/4; can move more data at one time so more efficient, better memory management; 32bit vulnerable to hacker code but 64bit makes memory not used as reserved so hackers cannot exploit; a 32bit OS is less secure; the programs will not run; if run without Internet can use older machines with older OS

Officers, equipment and funds

President Sabrina Davis gave a brief overview of some changes in Strait Macintosh User Group, starting with: equipment and funs.

Sabrina was elected President in October 2018, with Lawrence Charters elected Vice President. They presided over the December 2018 meeting, and had planned out a meeting for February 2019, which was canceled due to a major snow storm.

Sometime in March 2019, some former members discussed, via an email exchange, dissolving the group. As far as we know, none of these individuals attended the October or December meetings, or had standing as officers, but they decided Strait Macintosh User Group was no longer functioning, and gave the treasury (roughly $2,800) and all equipment to Shipley Center, in Sequim. They did this without the President or Vice President calling a meeting, or a vote of the membership attending a meeting. Shipley informed us the funds and equipment are not recoverable.

The June 2019 meeting was moved to the Library because, without funds, we could not pay the room rental at the previous location. One limitation: we can’t book a room more than three months in advance, and can’t guarantee a date. We also do not have control over the old web site or forum, so created this new site, https://straitmac.wordpress.com. For a list of the current officers, see https://straitmac.wordpress.com/contact/.

Restarting SMUG

Our membership list is three years old, and needs to be updated. If you receive a message from us, and don’t want to, please just use the contact page to request we stop. We will be sending out notices to our mailing list of meetings and any other interesting events, and a volunteer will also post announcements on NextDoor.

We will be hosting monthly meetings for a while, to regain momentum. The next meeting will be the third Tuesday in July, July 16, 2019, at 7 p.m., at at the Sequim Library, 630 N. Sequim Ave., Sequim, WA. We can only reserve a room at the library a few months in advance; we can’t have a standing meeting for the entire year.

Several people were asked what do we do for money, since the treasury is empty. If we wish to have a custom domain for this website (straitmac.org or something that does not include “wordpress.com” in the name), and get rid of the advertising, we need $130-150 per year. If we wish to use another meeting space, and have a projector for presentations, we need considerably more. We will talk about options at future meetings.

Presentation: web browsers, continued

If it seems that much of the talk about web browsers involves security, there is a good reason: it does involve security.

The major current web browsers, in order, are Safari (on a billion and a half iOS devices, plus Macs), Chrome (on iOS devices, Android devices, Macs, and Windows), Firefox (on Macs, Windows, Linux, Android, and iOS devices), Microsoft Edge (on Windows and, now in beta, on Macs), and Internet Explorer (completely abandoned by Microsoft, but still used on almost a billion compromised machines).

HTTPS Everywhere, a free browser extension for Chrome (but not Safari) puts up a giant warning screen when you attempt to visit an insecure website.

Almost all Mac and iOS compromises involve something download over the web, so it is important to keep all your iOS and Mac devices running the current operating system and a current browser. If your device is too old to support a current operating system, don’t connect it to the Internet.

Your day-to-day account on your Mac should be a non-admin account. Why? An admin account can accidentally authorize a piece of malware to be installed by simply clicking an “OK” box in your browser. Non-admin accounts cannot install software and, therefore, are far more secure from accidental compromise.

The big reason over a billion Windows machines are infected with malware: they are running obsolete versions of Windows, and the user account is an admin account. In the U.S., the government is as guilty as this as anyone else; the U.S. Navy, for example, is still in the process of retiring thousands of machines running Windows XP and Windows 7, instead of the current Windows 10.

If you think you, the “average user,” are not vulnerable — you most definitely are a target, and are vulnerable. Thieves are attacking not only adults and teens, but even taking out credit and home loans in the names of one year olds, confident that it will be a decade or more before the child learns their credit has been ruined. Even if they scam you out of only a couple hundred dollars, this is still a tempting target for thieves, as they can attack hundreds or thousand of accounts a day.

Visiting straitmac.org with Safari is flagged as “Not secure.”

To protect yourself, avoid unencrypted sites. The old Strait Macintosh User Group Site, straitmac.org, is unencrypted. If you visit with Safari, Chrome or Microsoft Edge for Mac (now in beta), the location bar will flag the site as “Not Secure” because it does not have a valid security certificate. The SMUG Forum is also not encrypted, which means that user names and passwords entered on the site are sent in clear text and can be intercepted and exploited. This is, by the way, why you should use unique passwords for every account, as otherwise, all a hacker has to do is compromise one site and they can use that password on any and every site that you’ve reused that password.

Visiting straitmac.org with Chrome is flagged as “Not secure.”

To keep track of all the unique passwords, use a password vault, such as 1Password. The iPhone and the Mac versions of 1Password sync, allowing you to use 1Password on your iPhone when away from Mac. 1Password can do more than store passwords; you can also use it to store credit cards, your license plate number your VIN (Vehicle Identification Number), or anything else that is associated with you as an individual and is difficult to remember.

Someone asked if 1Password was different from Keychain, Apple’s built-in technology for storing and syncing passwords. The short answer is that they accomplish the same goals, but Keychain tends to confuse most users, whereas most users have no trouble at all properly using 1Password. Take Control Books, by the way, has electronic books on how to use 1Password, specifically, and how to manage Your Passwords, generally.

Visiting straitmac.org with Microsoft Edge for Macintosh (beta) is flagged as “Not Secure.”

straitmac.wordpress.com– shows a lock; secure site; has valid certificate from a 3rd party; has been audited; Browsers recognize this as a legitimate site; the machine has a valid certificate for the site so can encrypt the information exchanged; Chrome shows green icon if very secure e.g., banks; 

Safari, Chrome, and Firefox were briefly demonstrated, with brought up two interesting questions:

Why would you need more than one browser? The answer is: there are sites that might not work with Safari that will work with Chrome, or Firefox. Since the browsers are free, there is no “cost” to having all three. Another important consideration: Apple tends to update Safari, on the Mac and in iOS, with new operating system releases; Chrome checks to see if it needs to be updated every time it launches, and doesn’t bother to even ask you about updates. Firefox is somewhat in the middle; it checks every time, but asks you before updating.

The second question: is it possible for a site to be secure with one browser and not secure with another? The literal answer is: no. A properly secure site should be secure with all browsers, and if it is insecure with any browser it should be considered insecure with all. However, it is possible for a site to be secure and not work properly with a given browser. Again, this is a good reason to have Safari, Chrome and Firefox.

July meeting, third Tuesday, July 16, 7 p.m.

The July meeting topic will be an open-ended Q&A (Question and Answer) meeting. There are simple rules: the question must be about an Apple product, or something that runs on an Apple product, and the answer must be something that can be reasonably handled in a three to five minute answer. Questions do not need to be answered by a SMUG officer; if you know the answer to a question, feel free to chime right in.

Coming soon

Coming soon

Apple WWDC19 was full of wonders

Apple’s World Wide Developer Conference (WWDC) was held earlier today, and Apple made a number of announcements:

New Mac Pro is a highly customizable box.
The new Mac Pro is endlessly customizable, offering huge amounts of memory, storage, video power, etc. There is even a rack-mounted version, in case you want a small herd of these for crunching vast herds of bits and bytes.
  • iOS 13 is aimed at being much faster, even on existing hardware, and is bringing Dark Mode to the small screen, along with outstanding security and privacy;
  • iPad software is being split off from the iPhone to a new iPadOS, with features that take advantage of the vastly larger screen;
  • the Mac Pro returns, in a powerful 28-core monster;
  • Apple returns to the display business with an exotic Pro Display XDR;
  • watchOS 6 will add new health and fitness metrics and capabilities, and new watch faces;
  • tvOS 13 will allow multiple user profiles, so you can watch what you want, and listen to what you want;
  • macOS Catalina returns to the California coast, and splits iTunes apart with separate apps for Apple Music, podcasts, and Apple TV;
  • another huge change to macOS Catalina is Sidecar, a built-in capability to use your iPad as an additional screen of your Mac, and use iPad capabilities — such as the pen — with your Mac;
  • accessibility changes, to macOS, iOS, and iPadOS, promise to vastly expand what can be done by those with vision, hearing, or mobility limitations, including both the very young and the very old.
iPadOS showing Dark Mode and something more than apps on the home screen.
New iPadOS showing Dark Mode and the ability to display information on the home screen.

You can watch the keynote (a bit more than two hours) here.

Tapping the Apple Watch face will soon allow you to record a voice memo.
Soon you will be able to record a voice memo on your Apple Watch with just a tap.

Most people will never own a Mac Pro; fully equipped with the new Pro Display XDR, you could buy a decent car — a new car — for the same price, or less. But almost everyone with an Apple device will benefit from iOS 13, iPadOS, tvOS 13, watchOS 6, and macOS Catalina. In particular, the accessibility features, and the vastly expanded iPad capabilities, are worth a long, thoughtful look. And the security and privacy features built into the new operating systems — all the operating systems — are extraordinary.

The programming tools will roll out immediately, with the finished iPhone, iPad, watch, TV, and Mac operating systems coming out in the fall. The Mac Pro and Pro Monitor will be out “this fall,” but you can sign up to be notified when they are getting close.

An iPhone Note in Dark Mode, with an option to send an email notification directly from the Note.
iPhone Notes in Dark Mode, with the option of sending an email notification directly from the note.

Since this is the World Wide Developers conference, there was also a presentation on coding, and it was impressive. While GUI (Graphical User Interface) programming has been touted for a couple decades, the reality is that complex programming is almost entirely based on thousands, or millions, of lines of text-only code. But with the forthcoming Xcode 11, you really can drag-and-drop large chunks of graphical elements, and large chunks of code, into your application code. And Apple has vastly reduced the code barriers between macOS and iOS apps with new technology that lets you very quickly, and fairly painlessly, transform an iOS app into a Macintosh application in just a few days.

Xcode 11 will offer drag-and-drop programming, and you can code for a Watch, Apple TV, Mac, iPad or iPhone by just selecting an option at the start of the project -- and little more.
Code on the left, with a live preview of the result on the right, compliments of the new Xcode 11.

Safari 12.1.1 security update

Apple released a security update for Safari, Safari 12.1.1, on May 13, 2019. This security update applies to macOS Sierra, macOS High Sierra, and macOS Mojave, and is included with the security updates for these operating systems released on May 13, 2019. You can subscribe to Apple security announcements at https://lists.apple.com/mailman/listinfo/security-announce/


APPLE-SA-2019-5-13-5 Safari 12.1.1

Safari 12.1.1 is now available and addresses the following:

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
included in macOS Mojave 10.14.5
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team

WebKit
Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and
included in macOS Mojave 10.14.5
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6237: G. Geshev working with Trend Micro Zero Day
Initiative, Liu Long of Qihoo 360 Vulcan Team
CVE-2019-8571: 01 working with Trend Micro’s Zero Day Initiative
CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_)
of Tencent Keen Lab, and dwfault working at ADLab of Venustech
CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero
Day Initiative
CVE-2019-8586: an anonymous researcher
CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security &
Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab
CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero
Day Initiative
CVE-2019-8596: Wen Xu of SSLab at Georgia Tech
CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative
CVE-2019-8601: Fluoroacetate working with Trend Micro’s Zero Day
Initiative
CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8609: Wen Xu of SSLab, Georgia Tech
CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative
CVE-2019-8611: Samuel Groß of Google Project Zero
CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro’s
Zero Day Initiative
CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and
Hanqing Zhao of Chaitin Security Research Lab
CVE-2019-8622: Samuel Groß of Google Project Zero
CVE-2019-8623: Samuel Groß of Google Project Zero
CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and
Hanqing Zhao of Chaitin Security Research Lab

Additional recognition

Safari
We would like to acknowledge Michael Ball of Gradescope by Turnitin
for their assistance.

Installation note:

Safari 12.1.1 may be obtained from the Mac App Store.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

iOS 12.3 security update

Apple released a security update for iPhones and iPads, 1OS 12.3, on May 13, 2013. You can subscribe to Apple security announcements at https://lists.apple.com/mailman/listinfo/security-announce/


APPLE-SA-2019-5-13-1 iOS 12.3

iOS 12.3 is now available and addresses the following:

AppleFileConduit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)

Contacts
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to read restricted memory
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8598: Omer Gull of Checkpoint Research

CoreAudio
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted movie file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro’s Zero
Day Initiative

Disk Images
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological
University

Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8605: Ned Williamson working with Google Project Zero

Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and
Hanul Choi of LINE Security Team

Kernel
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8591: Ned Williamson working with Google Project Zero

Lock Screen
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A person with physical access to an iOS device may be able to
see the email address used for iTunes
Description: A logic issue was addressed with improved restrictions.
CVE-2019-8599: Jeremy Peña-Lopez (aka Radio) of the University of
North Florida

Mail
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8626: Natalie Silvanovich of Google Project Zero

Mail Message Framework
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8613: Natalie Silvanovich of Google Project Zero

MobileInstallation
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to modify protected parts of the
file system
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2019-8568: Dany Lisiansky (@DanyL931)

MobileLockdown
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to gain root privileges
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8637: Dany Lisiansky (@DanyL931)

Photos Storage
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2019-8617: an anonymous researcher

SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved
memory handling.
CVE-2019-8577: Omer Gull of Checkpoint Research

SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8600: Omer Gull of Checkpoint Research

SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to read restricted memory
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8598: Omer Gull of Checkpoint Research

SQLite
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2019-8602: Omer Gull of Checkpoint Research

Status Bar
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: The lock screen may show a locked icon after unlocking
Description: The issue was addressed with improved UI handling.
CVE-2019-8630: Jon M. Morlan

StreamingZip
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A local user may be able to modify protected parts of the
file system
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2019-8568: Dany Lisiansky (@DanyL931)

sysdiagnose
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)

WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team

WebKit
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-6237: G. Geshev working with Trend Micro Zero Day
Initiative, Liu Long of Qihoo 360 Vulcan Team
CVE-2019-8571: 01 working with Trend Micro’s Zero Day Initiative
CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_)
of Tencent Keen Lab, and dwfault working at ADLab of Venustech
CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero
Day Initiative
CVE-2019-8586: an anonymous researcher
CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security &
Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab
CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero
Day Initiative
CVE-2019-8596: Wen Xu of SSLab at Georgia Tech
CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative
CVE-2019-8601: Fluoroacetate working with Trend Micro’s Zero Day
Initiative
CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative
CVE-2019-8609: Wen Xu of SSLab, Georgia Tech
CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative
CVE-2019-8611: Samuel Groß of Google Project Zero
CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro’s
Zero Day Initiative
CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and
Hanqing Zhao of Chaitin Security Research Lab
CVE-2019-8622: Samuel Groß of Google Project Zero
CVE-2019-8623: Samuel Groß of Google Project Zero
CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and
Hanqing Zhao of Chaitin Security Research Lab

Wi-Fi
Available for: iPhone 5s and later, iPad Air and later, and iPod
touch 6th generation
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt

Additional recognition

Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.

CoreFoundation
We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian
Zhang, Huiming Liu of Tencent’s Xuanwu Lab for their assistance.

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero and
an anonymous researcher for their assistance.

MediaLibrary
We would like to acknowledge Angel Ramirez and Min (Spark) Zheng,
Xiaolong Bai of Alibaba Inc. for their assistance.

MobileInstallation
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.

Safari
We would like to acknowledge Ben Guild (@benguild) for their
assistance.

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer’s Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple’s update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don’t Install
will present the option the next time you connect your iOS device.

The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:

* Navigate to Settings
* Select General
* Select About. The version after applying this update
will be “iOS 12.3”.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

watchOS 5.2.1 security update

Apple released a security update for Apple Watch, watchOS 5.2.1, on May 13, 2013. You can subscribe to Apple security announcements at https://lists.apple.com/mailman/listinfo/security-announce/


APPLE-SA-2019-5-13-4 watchOS 5.2.1

watchOS 5.2.1 is now available and addresses the following:

AppleFileConduit
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8593: Dany Lisiansky (@DanyL931)

CoreAudio
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted movie file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro’s Zero
Day Initiative

Disk Images
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to read restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological
University

Kernel
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to execute arbitrary code
with system privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8605: Ned Williamson working with Google Project Zero

Kernel
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to cause unexpected system
termination or read kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and
Hanul Choi of LINE Security Team

Kernel
Available for: Apple Watch Series 1 and later
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2019-8591: Ned Williamson working with Google Project Zero

Mail
Available for: Apple Watch Series 1 and later
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8626: Natalie Silvanovich of Google Project Zero

Mail Message Framework
Available for: Apple Watch Series 1 and later
Impact: A remote attacker may be able to cause arbitrary code
execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2019-8613: Natalie Silvanovich of Google Project Zero

MobileInstallation
Available for: Apple Watch Series 1 and later
Impact: A local user may be able to modify protected parts of the
file system
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2019-8568: Dany Lisiansky (@DanyL931)

MobileLockdown
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to gain root privileges
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8637: Dany Lisiansky (@DanyL931)

SQLite
Available for: Apple Watch Series 1 and later
Impact: An application may be able to gain elevated privileges
Description: An input validation issue was addressed with improved
memory handling.
CVE-2019-8577: Omer Gull of Checkpoint Research

SQLite
Available for: Apple Watch Series 1 and later
Impact: A maliciously crafted SQL query may lead to arbitrary code
execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2019-8600: Omer Gull of Checkpoint Research

SQLite
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to read restricted memory
Description: An input validation issue was addressed with improved
input validation.
CVE-2019-8598: Omer Gull of Checkpoint Research

SQLite
Available for: Apple Watch Series 1 and later
Impact: A malicious application may be able to elevate privileges
Description: A memory corruption issue was addressed by removing the
vulnerable code.
CVE-2019-8602: Omer Gull of Checkpoint Research

sysdiagnose
Available for: Apple Watch Series 1 and later
Impact: An application may be able to execute arbitrary code with
system privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team

WebKit
Available for: Apple Watch Series 1 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_)
of Tencent Keen Lab, and dwfault working at ADLab of Venustech
CVE-2019-8601: Fluoroacetate working with Trend Micro’s Zero Day
Initiative
CVE-2019-8622: Samuel Groß of Google Project Zero
CVE-2019-8623: Samuel Groß of Google Project Zero

Wi-Fi
Available for: Apple Watch Series 1 and later
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2019-8620: David Kreitschmann and Milan Stute of Secure Mobile
Networking Lab at Technische Universität Darmstadt

Additional recognition

Clang
We would like to acknowledge Brandon Azad of Google Project Zero for
their assistance.

CoreFoundation
We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian
Zhang, Huiming Liu of Tencent’s Xuanwu Lab for their assistance.

Kernel
We would like to acknowledge Brandon Azad of Google Project Zero and
an anonymous researcher for their assistance.

MediaLibrary
We would like to acknowledge Angel Ramirez and Min (Spark) Zheng,
Xiaolong Bai of Alibaba Inc. for their assistance.

MobileInstallation
We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for
their assistance.

Installation note:

Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select “My Watch > General > About”.

Alternatively, on your watch, select “My Watch > General > About”.

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222