In recent meetings, we’ve mentioned Take Control Books. Originally done as an offshoot of one of the first Macintosh mailing lists (established in 1984), Take Control Books are electronic books dealing with mostly Mac-centric topics, such as macOS, Photos, Pages, etc.
Take Control Books is having a “Black Friday” sale on some of their most important books, including several mentioned in recent meetings. While I haven’t read most of these, I do have quite a few of their books, and highly recommend them. They cover critical Mac topics quite well.
Here is the announcement of their sale, with links:
✩✩✩
The sale is on! From now through next Monday, December 2, we’re having a Black Friday/Cyber Monday sale—50% off on our most recent releases. No coupon or special links are required.
The nice thing about their books: because they are electronic, you can find a book you want, buy it, download it, and be reading it almost immediately. Books are available in ePub (iPad and iPhone), Mobi (Kindle), and PDF (Acrobat) format.
The November 19, 2019, meeting of Strait Macintosh User Group focused on file management using macOS. The meeting was held at the Sequim Library, 630 N. Sequim Ave., Sequim, WA. Notes by Secretary Kathleen Charters.
Business Meeting
Lawrence Charters brought the meeting to order at 7 p.m. President Sabrina Davis is out of the country for three months. She has reserved the Library meeting room through January 2020. Treasurer Annalis Schutzmann reported the treasury balance as of last month was $402.59. Four new memberships have improved the balance to $498.59.
Lawrence mentioned that bbPress has been released after a six-year development (https://bbpress.org/blog/2019/11/bbpress-2-6/). bbPress is a piece of forum software that integrates with WordPress sites, such as strait-mac.org.
Good news: it should work with SMUG’s WordPress site. This would allow SMUG to have ongoing conversations online about Macs, iPhones, iPads and related topics, similar to the old SMUG forums, http://www.straitmac.org/phpBB3/. (The old forum service will probably disappear by the end of 2019).
Bad news: SMUG would have to pay more money to host the forum. Our current level of service doesn’t allow SMUG to use WordPress plug-ins (i.e., extensions to WordPress), and the amount of server space to support forums would need to be increased. SMUG members need to give some thought to this subject, and decide if the group wants to set up a new forum service.
An alternative is to use a free, if less integrated (and clunkier) service on groups.io. We’ve set up an initial page, https://groups.io/g/strait-mac — use of the service requires members to sign up and be approved.
Please give this some thought; we’ll discuss it at a future meeting.
Q: I have installed MalwareBytes (https://www.malwarebytes.com). It is asking for access to all my drives. Is this a legitimate request?
A: In general, you should be extremely cautious (and suspicious) of any request to install software, and even more suspicious to a request to give access to your drive. But in the case of MalwareBytes (and other anti-virus and anti-malware software), the software requires such access in order to search out malware, and protect your computer from malware attacks. Being very cautious is proper, but in this case, the request is appropriate.
Q: I got an email from Apple saying my account has been frozen.
A: Apple doesn’t send out messages like that. Instead, Apple will send you messages notifying you if you’ve subscribed to things, it will send receipts for things you’ve purchased, it will send out (if you’ve subscribed; https://lists.apple.com/mailman/options/security-announce/) messages about Apple security updates, etc.
This particular email was a scam. Current estimates estimate that for every single valid email message, there are over 100 pieces of scam, spam (unsolicited commercial operations), and outright malware. Apple’s iCloud service and Google’s Gmail service have outstanding tools for flagging “junk” mail, encrypt mail from end-to-end (to keep mail from spying eyes), and are highly recommended for helping stem the onslaught. Use the controls in Mail and Gmail to flag suspicious messages; this helps Apple and Google improve their filtering.
You should also strongly consider moving away from mail systems with limited scope and resources, or long histories of problems. If you want to retain an old Yahoo or AOL or some other address, set up that account to auto-forward all messages to an Apple iCloud or Google Gmail account.
Q: I gave my old iPhone to my spouse, but left my contacts on the phone. We soon find our contacts mixed in with one another’s. I tried deleting their contacts from my phone, but this deleted them from both phones. How do you fix this?
Why the contacts are disappearing: since the phone was not erased, both phones are tied to a single Apple ID account, and Contacts is doing what it is designed to do: deleting contacts from that Apple ID account.
Since Apple ID accounts are free (up to 5 GB), erase the phone, set it up with a new Apple ID account for your spouse, and then they can maintain their own contacts, independently. If you need more space, Apple offers Family plans, allowing you to share storage across multiple Apple ID accounts, and still maintain things like Contacts independently.
Q: How do you share messages with your spouse if you have different email accounts?
A: If you want to share an incoming message, just forward it to your spouse’s email address. To share an outgoing message, cc (“carbon copy,” only without carbon paper) your spouse.
Q: What does “in the cloud” mean?
A: “Cloud” refers to the fact that small (or large) “clouds” of servers are set up to provide Internet services, and to store user information across multiple machines. This allows the service to respond faster to users, and safely store user information across many machines, protecting data from failures of individual machines or groups of machines.
When it comes to clouds, Google is not only the largest cloud service but the largest thing ever constructed by humans. Composed of millions of servers scattered across the planet, it is the most expensive, complex, and vast “machine” ever built. Apple’s more modest iCloud service is still vast, with server centers in North America, Europe, and Asia.
Q: Is there any easy way to clean up an email message that has been sent back and forth, through multiple replies?
A: In T.H. White’s The Once and Future King, the novel explains how Merlin lives backward in time, born old and gradually growing young, remembering the future and not the past. There is no easy way to read these long message strings, but you have a trick not available to Merlin: start at the bottom of the message string and read upward.
File Management
A page on the main topic, File Management, will be posted as an article when done. It is a bit too long to include as part of the meeting minutes.
At the October 2019, Strait Macintosh User Group had a brief demonstration of how to securely configure macOS Catalina. However, as the meeting was only an hour long, and there were lots of questions, most of those in attendance emerged dazed and confused. This included the person giving the presentation, but Lawrence Charters promised to publish a guide to the major points covered. He implied it would be published soon. He was wrong.
But the configuration document is now complete, and can be found at this link:
The October 15, 2019 meeting of Strait Macintosh User Group focused on macOS Catalina 10.15. The meeting was held at the Sequim Library, 630 N. Sequim Ave., Sequim, WA. Notes by Secretary Kathleen Charters.
Meeting called to order at 7 p.m. by President Sabrina Davis. Sabrina welcomed three new visitors. Treasurer Annalis Schutzmann reported the treasury stood at $386.75. In response to a question, Annalis said dues are $24 for 12 months, per family.
The November meeting will be November 19, and the December meeting will be December 17, both at the Sequim Public Library.
Before the meeting started, Vice President Lawrence Charters explained the confusion over the email meeting announcement. Sabrina asked him to repeat the story…
Wave Broadband and Google Mail in conflict
Wave Broadband, the leading Internet Service Provider (ISP) on the Olympic Peninsula, had a surplus of problems in October. Lawrence has a Fingbox which, among other things, performs network security functions, and also checks for Internet slowdowns and outages. In the first two weeks, his Fingbox recorded six complete outages of an hour or more, and dozens of slowdowns and mini-outages.
One of these outages occurred late Friday, October 12, just as he sent off a message to the 293 addresses in the Strait Mac mailing list. This one message did make it to Wave Broadband, where it was expanded into 293 messages — which were held for four hours. When they were eventually delivered to Google (the straitmac.vicepresident account is on Google Mail), Google generated a bunch of cryptic error messages and bounced them back because they were suspiciously delayed. Google Mail only allows 500 messages in a 24 hour period, and the 293 outgoing messages and 293 incoming messages effectively shut down the account for a day.
Unaware of the problem, Lawrence was surprised to get a message from Sabrina on Monday, October 14, asking about the meeting. Lawrence did some research, found out about the 500 messages a day limit, and decided to send out a second message — just as Wave had a six-hour outage. The 293 outgoing messages and 293 bounces again shut down the account.
On Tuesday, October 15 (the day of the meeting), Lawrence sent out a message from his personal (not SMUG) account, and that one, thankfully, did reach everyone.
This story prompted a number of questions about Internet connectivity on the Olympic Peninsula, none of which have particularly encouraging answers. Except: do not have your only mail account on Wave, or Olypen, or any other local ISP (Internet Service Provider).
And now for the presentation —
Securely installing macOS Catalina
Security professionals recommend the following steps to securely install an operating system:
Do a full backup of your system.
Erase your hard drive — completely.
Do a “clean install” of your operating system (i.e., do a full install by downloading macOS Catalina directly from Apple, without any remains of a previous operating system, data, preferences, or anything else).
Do a “clean install” of all your applications.
Restore your data from your backup.
Except in government and corporate environments, hardly anyone ever does this. It is a lot of work.
macOS Catalina for Real People
Most living, breathing people should do this. It is less work. It is also less secure, but not that much less.
Preparation
Before anything else, run Disk Utility (you can find it in Applications > Utilities) and use First Aid to check the health of your hard drive. If your hard drive displays any problems, correct them before upgrading.
Press the First Aid button to check the health of your drive. You should get in the habit of doing this regularly, but especially before a major upgrade of the operating system.
What does First Aid check? For one computer called Portacray, it checked a whole bunch of things. An “exit code” of 0 (zero) means everything was normal:
Started file system verification on disk1s5 Portacray
Verifying file system
Volume could not be unmounted
Using live mode
Performing fsck_apfs -n -l -x /dev/rdisk1s5
Checking the container superblock
Checking the EFI jumpstart record
Checking the space manager
Checking the space manager free queue trees
Checking the object map
Checking volume
Checking the APFS volume superblock
The volume Portacray was formatted by diskmanagemen (1412.0.28.171.1) and last modified by apfs_kext (1412.11.7)
Checking the object map
Checking the snapshot metadata tree
Checking the snapshot metadata
Checking snapshot 1 of 2 (com.apple.TimeMachine.2019-10-19-074436.local)
Checking snapshot 2 of 2 (com.apple.TimeMachine.2019-10-27-120314.local)
Checking the extent ref tree
Checking the fsroot tree
Verifying allocated space
The volume /dev/rdisk1s5 appears to be OK
File system check exit code is 0
Restoring the original state found as mounted
Finished file system verification on disk1s5 Portacray
After confirming the disk drive is in good shape:
Do a full backup of your computer. The easiest, cheapest, most thorough way to do this is through Time Machine. It comes with your Mac, it is easy to use, and as long as you don’t futz with it, it does an excellent job.
Make sure your computer is compatible with Catalina: https://support.apple.com/en-us/HT210222 (But do this after the backup, since you should do a backup even if you aren’t upgrading.)
Update or remove all applications that are not 64-bit.
It doesn’t hurt to leave them as-is, but since they won’t work with Catalina, you might as well clear them out.
Got to Apple menu > About This Mac > System Report
Scroll down to Software > Applications
[Wait for the list to build then] Go to the extreme right column, 64-Bit (Intel) and sort the list by clicking on the heading. Update or remove anything important listed as “No.”
A good way to remove applications, plus their preference files: Appcleaner from FreeMacSoft. It is free.
If using the System Report is too much trouble (and it is awkward), an alternative: go to St. Clair Software, https://www.stclairsoft.com/Go64/ and download Go64. It produces a nice, annotated report, and yes, it is free.
Go64 report showing non-64 bit applications. Worth noting: the Apple applications will be taken care of automagically by Apple. Most of the flagged Adobe applications are old, obsolete utilities. Adobe has a bad habit of not cleaning up after itself when updates are installed, and some of these leftovers are a decade old or more.
Empty the Trash.
Clean out everything from your Downloads folder.
Empty the cache from your browsers. All of them (Safari, Firefox, Chrome, whatever).
Clean up everything from your Desktop.
Update any existing applications that need updates.
Upgrading to Catalina is relatively simple
Make sure your computer is plugged into power, your Internet connection is solid, and the weather isn’t going to futz with power or Internet access.
Download macOS Catalina directly from Apple. Under Mojave, you would do this through System Preferences > Software Update.
Once downloaded, it should take anywhere from 15 to 30 minutes to install Catalina, answer all the startup questions, and log in again.
After you are finished and log in, you may see a curiously named folder on your desktop, Relocated Items.
Following a MacOS Catalina installation, you may notice a folder on your desktop called Relocated Items. In this screenshot, “Portacray” is the name of the computer’s hard drive, complete with a custom icon. That’s irrelevant to the Relocated Items, but some have asked if it has any special meaning. Nope; it is just a nerd joke.
This folder is really an alias (a pointer) to information that used to be in your System folder (operating system directory), but is not allowed under Catalina. In years past, developers (Adobe, Microsoft, zillions of small developers you don’t remember, and even Apple) stuck things in the System folder, but under Catalina’s vastly expanded security, this stuff is no longer allowed there. Nothing in the folder is active or useful; Apple stuck it there in case you recognize something, and want to ask the program’s developer for an update, or advice on what to do with it. Or (most likely), you find it is no longer useful, and you just toss it.
The folder, if it is produced, has a PDF file that (sorta) explains why it exists:
During the last macOS upgrade or file migration, some of your files couldn’t be moved to their new locations. This folder contains these files.
Configuration files
These configuration files were modified or customized by you, by another user, or by an app. The modifications are incompatible with the recent macOS upgrade. The modified files are in the Configuration folder, organized in subfolders named for their original locations.
To restore any of the custom configurations, compare your modifications with the configuration changes made during the macOS upgrade and combine them when possible.
You can delete the alias from your desktop; it doesn’t need to be there, and deleting it doesn’t delete anything else.
Securing macOS Catalina
This isn’t very difficult, but the process requires quite a few screenshots and has been moved to a stand-alone page. Most of the material applies to previous versions of macOS, too, though the screenshots used are from Catalina. Click the link below:
Q: You mentioned you use 1Password for storing passwords. Does that mean I can get rid of Keychain?
A: 1Password is a commercial password manager for Macs, iPhones, and iPads. It has a much more user-friendly interface than Keychain Manager, or the Keychain Access management utility (located in Applications > Utilities). No, you can’t get rid of Keychain; it is the part of the Mac and iPhone and iPad operating systems that handles passwords. 1Password is essentially an easier to use editor for Keychain than Keychain Access.
Q: When you tell your browser to automatically log into a website, is that safe?
A: If the website is not something that handles your identity or reputation, or financial records, sure. But if a site deals with your reputation (Facebook, Twitter, LinkedIn) or finances (IRS, Social Security, credit unions, banks, credit card companies, etc.), no, you don’t want your browser to automatically log in. Anyone sitting down at your computer, or anyone who steals your computer, could automatically log into any of those websites.
Q: If upgrading to Catalina is a hassle, why should I?
A: It isn’t that much of a hassle. If you have a bunch of out-of-date applications that can’t be upgraded, it means they are already security threats to your machine. Current and future software vendors will not support anything except 64-bit applications, and not upgrading won’t really do you any good.
For a variety of technical reasons, 64-bit applications are genuinely more secure, as well as faster. They will also take up less space on your hard drive, since the software companies will no longer have to wedge both 32-bit code and 64-bit code into their applications.
A: Yes, but keep in mind that the way it works, it is scanning for malware constantly, even though your Mac may have never run into a piece of malware. Government agencies, teachers, accountants, lawyers, and certain other professionals should use an always-on malware scanner, but I prefer on-demand malware scanning. The one I use is called Bitdefender, available through Apple’s App Store, and it runs only when I tell it to run. I have a calendar entry to tell me to run it once a month.
Lawrence also showed the hidden, zippered pocket that he has in his polo shirt for holding his iPhone. The shirt was made by ScotteVest, which has a wide range of vests, coats, sweaters, shirts, skirts, shorts, etc., with “invisible” pockets for holding electronics. Lawrence explained that when he goes to the airport, he puts everything he wants into various pockets of a ScotteVest vest (watch, keys, wallet, passport, earphones, etc.) and, when he gets to the TSA screening area, takes the vest off and puts it in a bin. Then he picks it up on the other side of X-ray. Some of the men’s and women’s coats and vests have pockets large enough to hold a 10″ iPad.
November meeting: files
The November 19, 2019 meeting will have as the topic: organizing files. Apple tries hard to make organizing files easy, but life doesn’t necessarily easily separate things into Documents, Downloads, Movies, Music, Pictures, etc.
Other topics for future meetings mentioned were: Introduction to Google Drive (Google Docs, Google Sheets, Google Slides, Google Forms, Google Maps, Google Sites, Google Photos, Google Keep, etc.), iPadOS (and integration with macOS), health care devices and apps, WordPress, and support alpacas. (It is possible that support alpacas don’t exist, and only Lawrence seems interested, and they probably have nothing to do with Macs or iPhones or iPads.)
The September 17, 2019 meeting of Strait Macintosh User Group focused on macOS Catalina 10.15. The meeting was held at the Sequim Library, 630 N. Sequim Ave., Sequim, WA. Notes by Secretary Kathleen Charters.
Business Meeting
Meeting called to order at 7 p.m. by President Sabrina Davis.
Sabrina welcomed new members and reviewed the group’s finances. In July, dues were set at $24 per family per year. Using dues collected at the July 2019 meeting, treasurer Annalis Schutmann and Secretary Kathleen Charters opened a checking account for SMUG, with a beginning balance of $414. After checks and other fees, this left the group with a balance of $386.
Vice President Lawrence Charters requested that we spend a large portion of this money to finish setting up the SMUG website on WordPress.com. While the site is working as designed, hosted for free, there are limits on what you can do with a free site: you can’t use a custom domain name (every WordPress.com site is going to end in xxx.wordpress.com), there is no technical support, there are severe limits on how much server space you can use, there are limits on how much you can customize a site, you cannot keep WordPress.com from posting ads on the site, you can’t link to social media, etc. The cost for all of this would be less than $150/year, though how much less is not certain.
There are alternatives, with the same benefits for less than $100/year. One big advantage of using WordPress.com: everything can be built and administered with only a web browser. There is no need for specialized software, no arcane knowledge of Unix or HTTP or PHP or various other odd combinations of letters, numbers and symbols, and multiple people can help populate the site with content.
There was a discussion about reusing the existing SMUG domain, straitmac.org. The site domain registration runs out in April 2020 [at the meeting, it was thought it might be December 2019, but checking, it is 4/4/2020], and the site is hosted on plypen.com. Olypen told SMUG last year that they could not support many of the features SMUG wanted without a doubling of the $100/year price.
Hosting the site elsewhere (GoDaddy, Blue Host, etc.) would be less expensive, but would require a higher level of technical knowledge, and while this wouldn’t be a problem for Lawrence, the group felt more comfortable with the idea that wordpress.com required “only a web browser,” with WordPress.com caring for the updates and infrastructure. The motion to spend the money to build out the site on wordpress.com was moved, seconded, and passed unanimously.
Sabrina asked if it would be possible to post ads to buy, sell or trade Macs and iPhones on the site, and Lawrence cautioned that, as SMUG is a non-profit, the organization has to refrain from activities that might appear to be commercial. The group discussed alternatives (Craigslist, Next Door, etc.), including possibly using the group email list. Some members expressed concern about using the email list as “one person’s ad is someone else’s spam.”
A visitor asked how to become a member, and what, exactly, SMUG did. The answer (from a number of people) was: Strait Macintosh User Group (SMUG) is a non-profit organization that meets monthly or, sometimes, bi-monthly, and discusses Macintosh hardware and software, iPhone hardware and software, iPad hardware and software, Apple Watch hardware and software, etc. Family memberships are $24 per year. At present, the major expense will probably be the website. Currently, meetings are in Sequim, but there have been some requests to hold meetings in Port Angeles. A message will be sent out to the mailing lists asking about interest in holding Port Angeles meetings.
Topics suggested for future meetings:
How to organize files
Introduction to Google Drive, Docs, Sheets, Google Keep
How to securely configure a Mac
How to securely configure an iPhone
Presentation: Preview of macOS Catalina
At Apple’s Special Event on September 10, 2019 (you can see the entire video on Apple’s site https://www.apple.com/apple-events/september-2019/), Apple said Catalina would be out “in October,” with nothing more specific. iOS 13 and watchOS 6 will be out September 19, and Apple TV 6 and iPad OS 13 (really, the first version, but apparently it will be called 13) should be out the last week of September.
Apple’s event was only focused on hardware and services, introducing new phones, watches, and an iPad, plus a brief review of Apple TV+ and Apple Arcade. Yet even though Catalina was only mentioned in passing, it is a huge advance for macOS, as it will be the first version of any Mac operating system that is 64-bit only; it will not run 32-bit software, or (for that matter), 16-bit or 8-bit. This is a security measure, and a powerful one.
Moving to 64-bit was first pioneered by iOS 11 on the iPhone and iPad. Since that time, iOS devices use only a 64-bit ARM processor and run only 64-bit software. These steps not only made iPhones and iPads faster, but also more secure, for reasons that are very real if a bit hard to explain. Catalina’s move to support just 64-bit processors and 64-bit applications should also see an increase in speed and efficiency, as well as security.
Lawrence did not advise anyone to install the beta of Catalina, unless they happened to have a Mac they are willing to erase at some point. Significant parts of the operating system are still in test. For one thing, any 32-bit applications they have will simply not work. Lawrence demonstrated this by showing that the scanning software he used for his scanner is dead (the manufacturer has released an entirely new suite to replace it), and Apple’s Aperture photo management software is — dead.
Aside: Asked what he uses instead of Aperture, Lawrence said that Apple’s “replacement” for Aperture was Apple Photos, which is free to everyone with a compatible Mac. Apple Photos is quite good, but Lawrence went a different route, and is now using Adobe Lightroom. For people who don’t have tens of thousands of photos, Apple Photos (available for Macs, iPhones, and iPads) is probably more than adequate.
Lawrence then demonstrated one huge advance in Catalina: all user data is on its own disk partition, separate from the operating system. Putting the operating system on its own partition, and then severely limiting access to that partition, vastly improves security. Lawrence demonstrated this by booting into Recovery Mode, launching Disk Utility from the Recovery Partition, and then showing the three partitions of the drive: the Recovery partition, the operating system partition, and the user data partition.
macOS Catalina puts the operating system in its own partition (on this machine, the partition named “Portacray”), separate from all user data (the highlighted “Portacray-Data” partition). The partition used for the Recovery Partition is at the bottom, “macOS Base System.” Click on the image for a closer look.
As soon as Catalina comes out, Lawrence intends to put it on all his machines except one (and that machine, a Mac mini, is too old to support it, anyway).
Speaking of the Recovery Partition, Lawrence strongly encouraged everyone to learn how to use the Recovery Partition before they had an emergency. The Recovery Partition allows you to launch Disk First Aid (to check the hard drive), to reinstall macOS, to restore a drive from a Time Machine backup, to get help online (the Recovery Mode can use Ethernet or Wi-Fi to reach the Internet), to use Network Utility to check network connection, and to use Terminal to use command-line utilities and diagnostics. Booting the Recovery Partition is easy: restart the machine and hold down ⌘ and R until you see the Apple logo or a spinning globe. More information on the Recovery Partition can be found on Apple’s website at https://support.apple.com/en-us/HT201314
Macs compatible with macOS Catalina, from Apple’s website.
Aside: Lawrence was asked how to tell which model Mac you might have, since Apple tends to call all their Macs by certain broad names. In order to see what model you have, go to the Apple Menu, select About This Mac, and your Mac’s model and model year will appear.
Under the Apple Menu, About This Mac will tell you what model Macintosh you are using. In this case, the Mac is an iMac 21.5 inch, 2017.
Even if you do not plan to upgrade to Catalina, you should immediately go to the Apple App Store and download macOS Mojave. Once Catalina is released, Mojave will not be offered on the App Store for download.
And if you do not think you want to install Catalina, reconsider. With Catalina’s release, Apple will also release acknowledgment of various bugs and vulnerabilities patched in Catalina, and thank the developers who found them. Hackers will immediately use this list of bugs to start attacking Macs that have not been updated.
If you have an older machine that cannot be updated, considering retiring it, and getting a new Mac. Or at least getting a newer Mac. Older Macs that are compatible with Catalina are available from various resellers, or from an individual wanting a newer machine.
As mentioned earlier, Catalina will not launch 32-bit applications; only 64-bit applications. Before installing, you should check for all 32-bit programs on your machine. There are two ways to do this, one easy and another a bit more difficult. The easy way: St. Clair Software has released a free program, Go64, which will inventory every application on your machine and present a nice, neat listing of applications that are 32-bit, 64-bit, or a mixture of both. The listing is sortable, and includes the website of the developer, in case you want to go and check to see if an application has a newer, 64-bit version available. You can get Go64 here: https://www.stclairsoft.com/Go64/
The slightly more difficult way is also free. Go to your Mac’s Apple menu, select About This Mac, press the button called System Report, scroll down to the bottom, where Software is listed, select Applications, and then – wait a bit. Your Mac will build a listing of every application on your machine, and the right-most column, labeled 64-bit, will show a Yes if something is 64-bit and No if something is not. The columns are sortable, so click on the 64-bit column heading to clump all the “No” responses together. This isn’t quite as easy to use as Go64, but it is built right into your Mac.
Lawrence wanted to demonstrate a neat new feature of macOS Catalina and the new iPadOS: the ability to use an iPad as an additional screen for your Mac. Not only can you use an iPad as an additional screen, but you can draw on the iPad, and then use your drawing on the Mac (assuming the iPad and Mac have programs that are compatible with one another). This new capability is called SideCar.
Unfortunately, Lawrence’s MacBook Pro is new enough to support Catalina, but too old to support SideCar. The list of supported Macs is fairly short:
27-inch iMac (Late 2015 or newer)
iMac Pro
MacBook Pro (2016 or newer)
MacBook Air (2018)
12-inch MacBook (early 2016 or newer)
Mac mini (2018)
Mac Pro (2019)
In addition to the speed and security improvements, Catalina also comes with some revamped applications:
Reminders – brings some nice improvements, but Lawrence did not test it as the first thing it did was prompt him to upgrade a whole bunch of devices to iOS 13 and Catalina, which really aren’t out yet.
Notes: Catalina adds a nice thumbnail gallery view, which is considerably more useful than the current listing of first lines of notes.
Find my: this new application replaces Find iPhone and Find Friends, and now works on iPads, iPhones, and Macs. It works by mapping device locations to the closest Internet access point, which may be a Wi-Fi router in a home or a mobile telephone tower on a different continent.
Music: iTunes has been split apart, into a new Music application and a separate Podcast application. This closely matches changes introduced on iPhones and iPads.
Apple TV: an Apple TV app was added to iOS last year, and now it is available on the Mac, too. It supports Apple’s new streaming service Apple TV+, and also handles any movies you may have purchased through iTunes. Note: it does not provide local broadcast TV service. For that, look at something like YouTube TV, from Google, https://tv.youtube.com/
Lawrence recommended not connecting Macs running older operating systems to the Internet. Want to use them for playing non-Internet games? Fine. Want to use them for scanning things using an old scanner? Fine. But keep them off the Internet; no email, no web browsing. Virtually all Mac security compromises come from email or web browsing.
One individual stated that he connects multiple hard drives to their Mac, with different operating systems, allowing them to “revert” to an older operating system just by rebooting. Lawrence strongly recommended not to do this. When you boot an operating system from disk, the operating system changes how your Mac uses memory, changes what is in memory, changes how it accesses and stores things on disk, and, in newer operating systems, also encrypts memory. Switching between operating systems on the same Mac runs a high risk of corrupting data on the hard drive and losing everything stored on a drive, without hope of recovery.
One way to maintain old operating systems safely: Parallels. Parallels Desktop for Mac ($79.99) allows you to create “virtual” machines that run on your Mac. You can run Windows 10 (you still need a copy of Windows 10), Linux (you can download Linux for free), or older versions of macOS. These operating systems will run on “top” of Catalina, which was the inspiration for the name Parallels. https://www.parallels.com/products/desktop/
Lawrence was asked about Fusion, which is another software virtualization tool. Fusion is popular with system administrators because most of them are trained in Windows, and VMWare (which makes Fusion) also makes one of the most popular virtualization packages for running on Windows machines. And there is the problem: Fusion is not as fast as Parallels, and is not particularly Mac-like. But it does work. https://www.vmware.com/products/fusion.html
The meeting ended with a Question and Answer session. The rule for this section: the question and the answer should be something that can reasonably be asked in three to five minutes.
Questions and Answers
Q: How do you turn off storing the location of a photo on a specific photo? I don’t want that information uploaded with photos to social media.
A: The iPhone stores the location of where a photo was taken (or at least a guess) inside of every photo as GPS metadata. This is a good thing, as it helps you remember what and where you were when you are sorting through photos. Rather than turn on and off this setting on specific photos, it is much easier to simply remove the metadata from photos with an application. The Apple Mac App Store has free utilities to remove metadata; search for “remove photo exif” data and you should find several.
Q: What should I do if a machine is sluggish?
A: First thing: check hard drive health. Use ⌘-spacebar to bring up a search box on your Mac, type in “disk utility” and press enter. This will find and launch Disk Utility. Click on the first tab, First Aid, and have Disk Utility check your hard drive to see if the directory is healthy. If you see any errors, have Disk Utility fix them. If Disk Utility cannot, seek professional assistance.
Beyond that: most people think their computer is sluggish because their Internet connection is slow. A great many things, even searching your hard drive, trigger connecting to the Internet, and if your Internet connection is slow or unreliable, your computer will seem sluggish.
Another common problem specific to web browsers: cache bloat. Your web browser stores bits and pieces of websites on your machine, to increase the apparent speed of sites that you visit over and over. After a while, you end up with thousands, or tens of thousands, of small web bits and pieces on your computer, and it takes a while for your browser to sort through all that stuff. Cleaning the cache can not only speed up your browser, but also recover gigabytes of disk space. Note: emptying the cache may also delete cookies, and if you commonly have your browser store your password, this could keep you out of some websites.
Speeding up Apple Mail: empty out your Junk folder. Some people have tens of thousands of messages in Junk Mail. Empty it. Clearing out Junk Mail and deleting old messages greatly reduces the amount of stuff that Mail has to sort through, and speeds it up immensely.
Don’t store stuff on your Desktop. It is OK to have a document or three, but some people literally cover their desktop with documents and other things. Each time your Mac boots, or you interact with the Desktop, your Mac must sort through all that stuff.
Q: Should I wait for phones with 5G before upgrading my iPhone?
A: 5G doesn’t really exist, despite what commercials on TV might suggest. If and when 5G is deployed, it will appear in large cities long before it appears in Clallam County or Sequim. If you need a new iPhone or iPad, don’t worry about the semi-mythical high-speed 5G services; you won’t miss them, probably for several years.
Similarly, don’t worry about computers or routers supporting Wi-Fi 6. In theory, Wi-Fi 6 is 40% faster than Wi-Fi 5 (previously called 802.11ac). For virtually all of us, our home Wi-Fi router can provide far, far faster speeds than our ISP (Internet Service Provider) can support. In Clallam, most people have broadband Internet speeds of 5 to 10 Mbps (megabits per second). A Wi-Fi 5 router can support speeds of up to several gigabits per second – until it hits your ISP’s cable box, at which point it will be literally a thousand times slower.
Q: Can you use Wi-Fi to improve phone reception?
A: Yes, sometimes. Both AT&T and Verizon support what they call “Wi-Fi calling.” This essentially uses your home’s Wi-Fi and your ISP’s cable service to help send and receive phone calls. You can turn this on under Settings > Cellular > Wi-Fi Calling > On. It doesn’t cost anything extra, and for some people, it may be the only way to get mobile phone service in your home or office.
Q: [General question about 911 service and emergencies.]
A: Several people noted that the Great Washington Shakeout will be held October 17. This is a state-wide, voluntary exercise to prepare an emergency plan for your home and office, and test it on October 17. Given that Clallam County is at the edge of the Cascadia Subduction Zone, and that Clallam has limited access (due to a floating bridge, mountains, an ocean, and few highways), and no electrical power is generated on the peninsula, and the nearest large city is in another nation, and … generally speaking, you should check out the website and participate in the exercise: https://www.shakeout.org
Next meeting
The group decided the October 15 meeting would be on Securely Configuring macOS Catalina. Most of what will be presented also applies to Mojave, High Sierra, and Sierra, in case you haven’t upgraded by then.
The meeting will be at the Sequim Public Library, and begin at 7 p.m.
Note: SMUG received some email messages about the meeting starting “before 7 p.m.” It was explained that, during meeting setup from 6:30-7 p.m., those present did engage in technical gossip about Macs, iPhones, Apple TV, and other things, but the meeting itself didn’t start until 7 p.m., and the presentation started around 7:15. If you arrive early and want to talk about “Mac stuff,” that is fine, but the meeting and program start at 7 p.m.
Questions were the topic of the evening for the July 16, 2019, Strait Macintosh User Group meeting. The meeting was held at the Sequim Library, 630 N. Sequim Ave., Sequim, WA. Notes by Secretary Kathleen Charters.
Business meeting
The meeting started off with President Sabrina Davis answering questions about recent history, covering such topics as “What happened to our treasury?” [Some former members donated it to Shipley Center, without participation by the current SMUG members or officers, and without holding a meeting.] “What happened to our equipment?”[Donated to Shipley.] and “What do we want to do going forward?”
Going forward, the group decided to hold meetings more or less monthly to get back on track, with the next meeting Tuesday, September 17, at 7 p.m. at the Sequim Public Library. Yes, this means “monthly” doesn’t include August, due to schedule conflicts.
Some members expressed concerns about meeting during the winter months, when it gets dark early and the weather might be unpleasant. This will be discussed some more, as the group is not committed to meeting Tuesday evenings; there are other perfectly good days of the week, and we could meet during daylight hours. We’ll discuss this again in September.
Funds were also an issue. There have been complaints that the new website has advertisements (as some said, “obnoxious ads”) which is a consequence of the free hosting available on WordPress.com. Fixing this, and coming up with a SMUG-specific domain name, would cost money. If we rented space somewhere, that would also cost money; the Library is an excellent location, but the meeting space is quite small (technically, we are supposed to be using only half the space we’ve occupied at the last two meetings).
It was moved, and passed, that dues be set at $24 per year. Treasurer Annalis Schutzmann collected dues from most of those in attendance. [Subsequently, Annalis and Secretary Kathleen Charters set up a SMUG bank account.]
Open Question and Answer (Q&A) session
There were two rules:
The questions had to be about Apple products (hardware or software), and
The questions and responses should take no more than three to four minutes to answer.
Anything more complex will have to be deferred.
Vice President Lawrence Charters conducted the Q&A session.
My Laptop can’t download mojave
Just from looking at the laptop from across the room, it is clear the MacBook Pro has an optical disc drive, which means it is fairly old, as Apple hasn’t shipped a laptop with an optical drive since 2012. As for why Mojave is not supported: Mojave (macOS 10.14) is a 64-bit operating system, and older Macs do not have CPUs (the main “computer”) capable of supporting 64-bit operations. Mojave also uses the video card as if it was another CPU, speeding up not only video but file compression, among other things, and older video cards do not support such operations. Since virtually all Macs, laptop and desktop, have a single circuit board holding the CPU, the video card, and all the supporting chips and circuitry, it isn’t economically or technologically feasible to replace the pieces; a newer machine is the only option.
Incidentally, a “newer” machine does not necessarily mean “brand new.” Apple sells refurbished machines from their websites (with new warranties).
As for why a 64-bit operating system is important: not only are these faster (allowing you to get more speed and efficiency on supported hardware), but they are also much more secure. This is true not only for Macs; iPhones and iPads have been 64-bit-only for several years, and Microsoft is now strongly pushing Windows 10 users to use 64-bit versions of Windows 10. In the Windows world, this has created massive problems, as literally a billion Windows machines are running insecure versions of Windows.
is it wise to beta-test new Mac OS?
Running beta (pre-release) versions of operating systems on your iPhone, iPad, or Mac is only a good idea if a) you have another perfectly useful machine to do important work and b) you are prepared to erase everything on the machine you use for beta-testing. And “erase” means everything: all data, all applications, and the operating system itself. Beta versions of operating systems are intended to test things to see if they break, and, if they do, how they break; they are not designed for you to test drive.
Note, too, that it takes time to download beta versions of operating systems, time to install the software, and sometimes time to reinstall the software, as one of the things being tested is the installer itself. Also, Apple recommends erasing all beta versions of an operating system (which requires erasing the entire drive) before installing the release version. If you do decide to try the beta versions of an operating system, make sure you have an iCloud account with enough room on it to hold everything on your machine — all data, and all applications — as it gives you some chance to recover in case something goes horribly wrong. “Going horribly wrong” is the whole purpose of beta testing.
what about running another operating system from another drive?
You should never try and have two different operating systems installed on the same machine, even if they are on different drives, as this can corrupt the operating systems and your data. When a Mac boots, it scans all connected drives and based on what it finds, it makes changes in memory to accommodate what it thinks is appropriate for the operating system — and these changes could cause damage when you switch back and forth between the two operating systems. It may make changes to whatever drive is not the boot drive — changes in initial boot parameters, changes in which drive is booted first, changes in preferences for applications, etc. — and those changes can corrupt your data, your applications, and either or both operating systems.
After upgrading to high sierra, not able to access files
High Sierra (macOS 10.13) is much more strict about how applications perform, and if an application does things in an insecure fashion, it simply won’t allow the application to launch. High Sierra also changes the file system on the internal drive (on machines with solid-state drives), which also makes all previous disk analysis and disk management utilities obsolete. Most of the changes in High Sierra are focused on speed, efficiency, and particularly security. If your application doesn’t run anymore, you need to upgrade to a later, supported, more secure version.
I’m getting a warning my application is not optimized for operating system
I’ve run this: the scanner software for my Fujitsu scanner is flagged by my Mac as “[This app] is not optimized for your Mac and needs to be updated.” It is essentially a warning that it is a 32-bit application and absolutely will not run under macOS Catalina 10.15, the next version of the Mac operating system. You need to either get the vendor to update the software, or buy a new version, or find a replacement.
[Fortunately, Fujitsu did come out with a free update the next day.]
Is it important to upgrade? Are Macs really vulnerable?
Yes, you should upgrade, and yes, Macs are vulnerable. The biggest reason they are vulnerable: the Mac user “invites” malware onto their machine.
In the past, the largest source of malware (malignant software) on the Mac was Adobe Flash. Adobe has abandoned Flash (in 2017), and because it is no longer supported, it continues to be a problem. Today the most common vulnerability comes through PDFs, (another Adobe product). A PDF document is essentially a program and hackers “tag” PDF documents with programs that can compromise your Mac.
Apple operating system upgrades are free; the alternative is to never connect a device without upgrades to the Internet.
Is there something we can use to protect ourselves?
Generally don’t recommend installing anti-virus software unless you are a teacher, a lawyer, or someone else who gets a constant stream of documents from strangers. The anti-virus packages for Macs are quite good, but generally, the only things they find are Windows viruses, which your Mac ignores.
The best defense is to install the operating system and application updates as they become available. Among other things, this ensures that Gatekeeper is updated. Gatekeeper is Apple’s background technology that automatically (if you keep the operating system updated) downloads profiles of malware and malicious websites. If you try and visit a suspicious website with Safari, Safari will pop up a warning telling you to go away. If you attempt to download a malicious software package, Gatekeeper will put up a warning.
Does gatekeeper only work with Safari?
Yes, Gatekeeper only works with Safari. Chrome, however, has similar technology, and Chrome tests for updates every time you launch it. Speaking of browsers, Microsoft has released a beta version of Microsoft Edge, their browser. Like Chrome, the new Microsoft Edge is based on Chromium, which is Google’s browser technology. Chromium, in turn, was originally based on WebKit, which is Apple’s technology.
If you are interested in the Microsoft Edge beta for the Mac, visit: https://www.microsoftedgeinsider.com/en-us/Note: this is a beta, so don’t use it for anything critical.
Should I use MacKeeper?
MacKeeper is not something you should have on your Mac. It is heavily advertised, and many people have installed it accidentally. If you have it, get rid of it. MacKeeper does not tell you how to uninstall it; it is complicated and annoying, and once installed, it slows your machine down and constantly prompts you to upgrade to a paid version. Many people have to pay a consultant to remove it. Here are two different sets of instructions for removing it. Pick one or the other, and don’t skip any steps:
The Sequim Library, as part of NOLS (North Olympic Library System), has as part of its service free access to Lynda.com. Lynda.com has some of the best online software courses on how to do everything from using Microsoft Word to how to write code in PHP for building a website. Ask the library for more information; normally, Lynda.com courses are $60 or more apiece.
Have had problems uploading movies from iPhone 5s
The iPhone takes great movies — but movies are much larger than photos. To upload them, you have to spend a lot of time waiting for them to upload. If you are trying to sync them to iCloud, it can also take a long time. You also have to make sure you have enough space in iCloud to hold them.
To check your available space on the iPhone, go to Settings > General > About, and scroll down to Capacity. Just below that is Available, which displays the available space left on the phone.
To check your iCloud space, go to Settings, and right at the top, press on your name, which opens up the Apple ID and iCloud settings. Scroll down to iCloud, press on the link, and you will see the storage capacity at the top. If you only have the free 5 GB account, and it is all in use, you won’t be able to sync video to iCloud.
When uploading video or syncing to iCloud, it is best to do this from home, using your home Wi-Fi, and the iPhone plugged into power. If you try to do this over a cellular connection, you will use up bandwidth in a hurry, and the sync process is slower. Or sometimes not even available as an option.
Speaking of cloud storage, everyone should consider getting a Google Photos account. You can save “unlimited” photos at high resolution, and up to 15 GB of data, for free. Not as well integrated as iCloud, but there is no reason not to sync to both iCloud and Google Photos.
Do you use offsite storage?
There are lots of “cloud backup” vendors. The one Lawrence uses is Backblaze, https://www.backblaze.com
BackBlaze runs a daemon (a Unix background process) that scans for new files and uploads them automatically; Lawrence has 10.5 TB in BackBlaze. It is perfect for disaster planning, protecting your data in case of a local power outage, or theft, or fire, or some other kind of loss.
Since Backblaze is in the cloud, it is not subject to any household or office or even any regional disaster; you can access the backup files from anywhere on the planet that has Internet access. You can restore files from anywhere, even onto a brand-new machine. If you have a lot of data [Lawrence has a lot of data], you can pay Backblaze a deposit and they will ship a hard drive (or multiple hard drives) to you for restoring files to your machine
why is cloud backup a good idea?
iCloud, and other “true” cloud services (Amazon, Google, Microsoft Azure, etc.) replicates data across millions of drives. If one hard drive fails, it automatically re-creates the data on another drive. The big cloud services are also replicated between regions. You can back up your Mac from your home in Sequim, and the cloud service will make copies of the data in other regions, so not even a regional outage will lose data.
While Apple, Amazon, Microsoft, and Google don’t publish any figures on how their infrastructures are built, a 2016 report estimated that Google has 2.5 million servers worldwide. That is a lot of redundancy. Other estimates put the figure at closer to 10 million.
Encryption is another benefit. Apple iCloud is encrypted by default, as is Google Drive (which includes Google Photos). The encryption ensures that you are the only one with access to your data, even in the cloud. In fact, since most people don’t encrypt their laptop or desktop machines, your data may be more secure in the cloud than at home.
Next meeting
The next meeting will be Tuesday, September 17, 2019, at 7 p.m. at the Sequim Library. The topic: A preview of what is coming with macOS Catalina, and if time, information on the new iOS 13 and iPadOS.
Apple’s World Wide Developer Conference (WWDC) was held earlier today, and Apple made a number of announcements:
The new Mac Pro is endlessly customizable, offering huge amounts of memory, storage, video power, etc. There is even a rack-mounted version, in case you want a small herd of these for crunching vast herds of bits and bytes.
iOS 13 is aimed at being much faster, even on existing hardware, and is bringing Dark Mode to the small screen, along with outstanding security and privacy;
iPad software is being split off from the iPhone to a new iPadOS, with features that take advantage of the vastly larger screen;
the Mac Pro returns, in a powerful 28-core monster;
Apple returns to the display business with an exotic Pro Display XDR;
watchOS 6 will add new health and fitness metrics and capabilities, and new watch faces;
tvOS 13 will allow multiple user profiles, so you can watch what you want, and listen to what you want;
macOS Catalina returns to the California coast, and splits iTunes apart with separate apps for Apple Music, podcasts, and Apple TV;
another huge change to macOS Catalina is Sidecar, a built-in capability to use your iPad as an additional screen of your Mac, and use iPad capabilities — such as the pen — with your Mac;
accessibility changes, to macOS, iOS, and iPadOS, promise to vastly expand what can be done by those with vision, hearing, or mobility limitations, including both the very young and the very old.
New iPadOS showing Dark Mode and the ability to display information on the home screen.
You can watch the keynote (a bit more than two hours) here.
Soon you will be able to record a voice memo on your Apple Watch with just a tap.
Most people will never own a Mac Pro; fully equipped with the new Pro Display XDR, you could buy a decent car — a new car — for the same price, or less. But almost everyone with an Apple device will benefit from iOS 13, iPadOS, tvOS 13, watchOS 6, and macOS Catalina. In particular, the accessibility features, and the vastly expanded iPad capabilities, are worth a long, thoughtful look. And the security and privacy features built into the new operating systems — all the operating systems — are extraordinary.
The programming tools will roll out immediately, with the finished iPhone, iPad, watch, TV, and Mac operating systems coming out in the fall. The Mac Pro and Pro Monitor will be out “this fall,” but you can sign up to be notified when they are getting close.
iPhone Notes in Dark Mode, with the option of sending an email notification directly from the note.
Since this is the World Wide Developers conference, there was also a presentation on coding, and it was impressive. While GUI (Graphical User Interface) programming has been touted for a couple decades, the reality is that complex programming is almost entirely based on thousands, or millions, of lines of text-only code. But with the forthcoming Xcode 11, you really can drag-and-drop large chunks of graphical elements, and large chunks of code, into your application code. And Apple has vastly reduced the code barriers between macOS and iOS apps with new technology that lets you very quickly, and fairly painlessly, transform an iOS app into a Macintosh application in just a few days.
Code on the left, with a live preview of the result on the right, compliments of the new Xcode 11.
Apple released a security update for Safari, Safari 12.1.1, on May 13, 2019. This security update applies to macOS Sierra, macOS High Sierra, and macOS Mojave, and is included with the security updates for these operating systems released on May 13, 2019. You can subscribe to Apple security announcements at https://lists.apple.com/mailman/listinfo/security-announce/
APPLE-SA-2019-5-13-5 Safari 12.1.1
Safari 12.1.1 is now available and addresses the following:
WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and included in macOS Mojave 10.14.5 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team
WebKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, and included in macOS Mojave 10.14.5 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro’s Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro’s Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro’s Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
Additional recognition
Safari We would like to acknowledge Michael Ball of Gradescope by Turnitin for their assistance.
Installation note:
Safari 12.1.1 may be obtained from the Mac App Store.
Apple released a security update on May 13 that updated Mojave from macOS 10.14.4 to 10.14.5, updated High Sierra (macOS 10.13) with Security Update 2019-003, and updates Sierra (macOS 10.12) with Security Update 2019-003. You can subscribe to Apple security announcements at https://lists.apple.com/mailman/listinfo/security-announce/
APPLE-SA-2019-5-13-2 macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra
macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra are now available and addresses the following:
Accessibility Framework Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8603: Phoenhex and qwerty (@_niklasb, @qwertyoruiopz, @bkth_) working with Trend Micro’s Zero Day Initiative
AMD Available for: macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8635: Lilang Wu and Moony Li of TrendMicro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative
Application Firewall Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved restrictions. CVE-2019-8590: The UK’s National Cyber Security Centre (NCSC)
CoreAudio Available for: macOS Sierra 10.12.6 Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved error handling. CVE-2019-8592: riusksk of VulWar Corp working with Trend Micro’s Zero Day Initiative
CoreAudio Available for: macOS Mojave 10.14.4 Impact: Processing a maliciously crafted movie file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8585: riusksk of VulWar Corp working with Trend Micro’s Zero Day Initiative
DesktopServices Available for: macOS Mojave 10.14.4 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved checks. CVE-2019-8589: Andreas Clementi, Stefan Haselwanter, and Peter Stelzhammer of AV-Comparatives
Disk Images Available for: macOS Sierra 10.12.6 Impact: An application may be able to read restricted memory Description: A validation issue was addressed with improved input sanitization. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University
Disk Images Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8560: Nikita Pupyshev of Bauman Moscow State Technological University
EFI Available for: macOS Mojave 10.14.4 Impact: A user may be unexpectedly logged in to another user’s account Description: An authentication issue was addressed with improved state management. CVE-2019-8634: Jenny Sprenger and Maik Hoepfel
Intel Graphics Driver Available for: macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8616: Lilang Wu and Moony Li of Trend Micro Mobile Security Research Team working with Trend Micro’s Zero Day Initiative
Intel Graphics Driver Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8629: Arash Tohidi of Solita Oy
IOAcceleratorFamily Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2018-4456: Tyler Bohan of Cisco Talos
IOKit Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: A local user may be able to load unsigned kernel extensions Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2019-8606: Phoenhex and qwerty (@_niklasb, @qwertyoruiopz, @bkth_) working with Trend Micro’s Zero Day Initiative
Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8605: Ned Williamson working with Google Project Zero
Kernel Available for: macOS Mojave 10.14.4 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8576: Brandon Azad of Google Project Zero, unho Jang and Hanul Choi of LINE Security Team
Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A type confusion issue was addressed with improved memory handling. CVE-2019-8591: Ned Williamson working with Google Project Zero
Security Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8604: Fluoroacetate working with Trend Micro’s Zero Day Initiative
SQLite Available for: macOS Mojave 10.14.4 Impact: An application may be able to gain elevated privileges Description: An input validation issue was addressed with improved memory handling. CVE-2019-8577: Omer Gull of Checkpoint Research
SQLite Available for: macOS Mojave 10.14.4 Impact: A maliciously crafted SQL query may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8600: Omer Gull of Checkpoint Research
SQLite Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to read restricted memory Description: An input validation issue was addressed with improved input validation. CVE-2019-8598: Omer Gull of Checkpoint Research
SQLite Available for: macOS Mojave 10.14.4 Impact: A malicious application may be able to elevate privileges Description: A memory corruption issue was addressed by removing the vulnerable code. CVE-2019-8602: Omer Gull of Checkpoint Research
StreamingZip Available for: macOS Mojave 10.14.4 Impact: A local user may be able to modify protected parts of the file system Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. CVE-2019-8568: Dany Lisiansky (@DanyL931)
sysdiagnose Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.4 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8574: Dayton Pidhirney (@_watbulb) of Seekintoo (@seekintoo)
Touch Bar Support Available for: macOS Sierra 10.12.6 Impact: An application may be able to execute arbitrary code with system privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-8569: Viktor Oreshkin (@stek29)
WebKit Available for: macOS Mojave 10.14.4 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2019-6237: G. Geshev working with Trend Micro Zero Day Initiative, Liu Long of Qihoo 360 Vulcan Team CVE-2019-8571: 01 working with Trend Micro’s Zero Day Initiative CVE-2019-8583: sakura of Tencent Xuanwu Lab, jessica (@babyjess1ca_) of Tencent Keen Lab, and dwfault working at ADLab of Venustech CVE-2019-8584: G. Geshev of MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8586: an anonymous researcher CVE-2019-8587: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8594: Suyoung Lee and Sooel Son of KAIST Web Security & Privacy Lab and HyungSeok Han and Sang Kil Cha of KAIST SoftSec Lab CVE-2019-8595: G. Geshev from MWR Labs working with Trend Micro Zero Day Initiative CVE-2019-8596: Wen Xu of SSLab at Georgia Tech CVE-2019-8597: 01 working with Trend Micro Zero Day Initiative CVE-2019-8601: Fluoroacetate working with Trend Micro’s Zero Day Initiative CVE-2019-8608: G. Geshev working with Trend Micro Zero Day Initiative CVE-2019-8609: Wen Xu of SSLab, Georgia Tech CVE-2019-8610: Anonymous working with Trend Micro Zero Day Initiative CVE-2019-8611: Samuel Groß of Google Project Zero CVE-2019-8615: G. Geshev from MWR Labs working with Trend Micro’s Zero Day Initiative CVE-2019-8619: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab CVE-2019-8622: Samuel Groß of Google Project Zero CVE-2019-8623: Samuel Groß of Google Project Zero CVE-2019-8628: Wen Xu of SSLab at Georgia Tech and Hanqing Zhao of Chaitin Security Research Lab
WebKit Available for: macOS Mojave 10.14.4 Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2019-8607: Junho Jang and Hanul Choi of LINE Security Team
Additional recognition
CoreFoundation We would like to acknowledge Vozzie and Rami and m4bln, Xiangqian Zhang, Huiming Liu of Tencent’s Xuanwu Lab for their assistance.
Kernel We would like to acknowledge an anonymous researcher for their assistance.
PackageKit We would like to acknowledge Csaba Fitzl (@theevilbit) for their assistance.
Safari We would like to acknowledge Michael Ball of Gradescope by Turnitin for their assistance.
System Preferences We would like to acknowledge an anonymous researcher for their assistance.
Installation note:
macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra may be obtained from the Mac App Store or Apple’s Software Downloads web site: https://support.apple.com/downloads/
Strait Macintosh User’s Group (SMUG)
April 2, 2019
Meeting: 7:00 p.m. to 8:00 p.m. at St. Luke’s Episcopal Church, Sequim
Meeting called to order by President Sabrina Davis and Vice President Lawrence Charters.
Two outstanding board positions, Treasurer and Secretary, remained to be filled. By unanimous vote, Analiss Schutzman was elected Treasurer and Kathleen Charters elected Secretary.
There was a discussion of the need for better communications. The SMUG forum had a note that the meeting was canceled and the organization dissolved, but at the last meeting in December, no such motions were entertained, and the February meeting was canceled due to show. Most attendees found out about the meeting either through direct contact with the President or Vice President, or through an announcement posted on Next Door (https://nextdoor.com/).
At present, there are no plans to charge for membership in 2019. The domain name and Internet hosting fees for the website are paid through 2019, with the only remaining expense being room rental for meetings. The membership voted to pay the room rental on a yearly basis, and to reimburse Sabrina for paying out of pocket for the April meeting rental.
It was also agreed that meetings would continue every other month in Sequim. If attendance and conditions warrant, more frequent meetings may be adopted.
Meeting topic: Web browsers
Lawrence Charters did a live, interactive presentation on the World Wide Web in general, with a particular emphasis on web security and privacy. The web began in 1990, with an experiment at the European Organization for Nuclear Research (CERN, from the French Conseil européen pour la recherche nucléaire). Tim Berners-Lee developed a prototype web server on a NeXT computer, and it started serving out pages over the Internet in 1991. It rapidly eclipsed or replaced Gopher, FTP, newsgroups, and other Internet sources of information, and now the most widely used communications medium in history.
At its foundation, the web is based on text. As an example, this curl command (curl is built in to macOS) will fetch the opening page from the National Ocean Service website:
Capturing the first page of the National Ocean Service website using curl and macOS Terminal. Click on image for a larger view.
These elements of code are assembled by your web browser (Safari, Chrome, Firefox, etc.) into something (usually) much more useful: shopping sites, encyclopedias, dating sites, travel maps, etc.
Incidentally, email messages — even ones with graphics and sound and video — are also based on text. The text is assembled by your email client into discrete messages that look more like paper-based letters.
Because of abusive practices on the web, Google and Apple have been pushing hard for increased security and privacy. Safari on your Mac shows a lock icon when visiting an encrypted site; Google will show a lock in the location bar, and if visiting an insecure site, will display “Not Secure” right next to the URL.
It doesn’t matter if a site “sells” something; Apple and Google, and more recently Microsoft, want you to visit only encrypted sites. An unencrypted site can be easily compromised to, among other things, pass malware to your computer, or be used to “impersonate” a site.
With an encrypted site, anything you send between your device and the website is encrypted; it can’t be intercepted and read, or intercepted and modified. Google Chrome and Apple Safari also check the encryption certificates of a site to ensure that a) the certificate is valid and b) it is for the site it claims to represent.
Apple and Google also maintain a blacklist of sites that are known to be harmful. Apple does this through Gatekeeper, which is a combination of technologies that, among other things, periodically downloads a list of domains that your will refuse to visit. Google does this dynamically; every Chrome URL request checks with Google’s list of blacklisted sites.
Because of the security risks, Google also “downrates” sites that are not encrypted, pushing them down their rating results to discourage visits. Similarly, Apple does not allow iOS apps to make unencrypted web connections. These and other measures have resulted in a very rapid change to make encrypted websites (https and not http) the default on the web. There are still hundreds of millions of unencrypted sites; avoid them.
The easiest way to protect your Mac or iOS device: stay current with system and security updates.
In response to a question, Lawrence explained one major security difference between iOS devices and Android devices. Apple directly updates iOS (iPhone, iPad, iPod) devices. In the Android world, with one major exception, you need to go through your phone company. What this means: if you are on T-Mobile, or AT&T, or Verizon, or whatever, you can update your iPhone by just asking your device to do a software update, or responding to a prompt sent by Apple. But with almost all Android devices, the updates come directly from Verizon, T-Mobile, AT&T, etc., and while the device might theoretically qualify for a security update, the phone companies generally will not provide updates; they expect you to buy a new phone if you want an update. The exception: Google updates their Pixel devices directly.
Lawrence strongly recommended that everyone use long (15 characters or more), unique passwords for everything on the Internet. No password, for anything, should be reused somewhere else. To keep track of the passwords, use Apple’s Key Chain (free, and shared between iOS and Mac) or 1Password (paid, but much easier to understand and organize).
Don’t worry about “complex” passwords (use one upper case, one lower case, one symbol, one number) password. The important thing is to make them unique, and long; the longer the better. Spaces, by the way, count as a character.
Good: Kim Jong-un is a nutcase
Too short, and much harder to type correctly: K1mJ0Ng-nUTs
Passwords that are hard to type are easy to compromise because people tend to reuse them, or leave notes reminding themselves how to type them.
There were many more questions and topics than time available, so at the June meeting we will continue with:
Web security and privacy
While there are no privacy laws in the US, the European Union has imposed fairly demanding privacy laws, and as US companies want to do business with the EU, improved privacy is rapidly improving on major US websites. But individuals ultimately have the most control over their own privacy and security. We’ll talk about that in June.
