Category: macOS

New Notarization requirements for macOS 10.14.5

At the 2018 Apple World Wide Developer Conference, a new feature of macOS was unveiled, called Notarization. To quote my macOS Mojave for Users, Administrators, and Developers book:

The concept of Notarized apps mimics the real-world concept of a notary. A notary witnesses the fact that a document has been signed by someone, or multiple parties. zed apps use a notary service that is hosted by Apple that verifies that the application is indeed signed by the developer.

The Notary service will also perform some additional checks on the application. These include security checks that verify the application is doing what it indicates as well as the check for private API usage, similar to Mac App Store apps. However, it should be noted that using the Notary Service is not the same as app review. These checks are merely security related and are only performed to notarize your application.

At the announcement of Notarization, Apple announced that Notarization would be available for developers in the summer of 2018, but would be required for all apps in a “future release”. With the release of macOS Mojave 10.14.5 there has been a step towards notarization being required, but this is just for some apps, not all apps. You will need to notarize your apps if the following applies:

  1. If you are a developer who is creating a Developer ID for the first time.
  2. If you are creating a new kernel extension.
  3. You are updating a kernel extension

Notarization is a security mechanism, not an App Store review. Instead, it is a way of being able to assure that malicious code cannot be injected into your app. Notarizing a macOS app provides more than just peace of mind for end users, but also for you as the developer. One of the additional benefits of Notarization is that the Notarization service will keep an audit trail of each release version of your app. Should the worst occur and your private signing key get compromised, and malicious software be released, you can work with Apple to revoke those apps that you did not authorize and then release a new version of your app.

These are just some first steps in requiring notarization. It would not surprise me if notarization will be required for all apps starting with the next release of macOS, macOS 10.15. This is even hinted at by Apple’s own page:

Beginning in macOS 10.14.5, all new or updated kernel extensions and all software from developers new to distributing with Developer ID must be notarized in order to run. In a future version of macOS, notarization will be required by default for all software.

The phrase “In a future release” most likely means with the next major release, macOS 10.15. Notarization, while it may seem inconvenient, the process can easily integrate into your workflow and will protect everyone involved. I am sure many developers will not like the fact that they will have to notarize apps, but ultimately it will make things better in the long run.

Source: Apple developer site.

Apple to Require Two Factor Authentication for Developers

Two Factor authentication on a Mac and verification on an iPhone

Today Apple sent out an email to developers about the security of their accounts. The emails states:

In an effort to keep your account more secure, two-factor authentication will be required to sign in to your Apple Developer account and Certificates, Identifiers & Profiles starting February 27, 2019. This extra layer of security for your Apple ID helps ensure that you’re the only person who can access your account. If you haven’t already enabled two-factor authentication for your Apple ID, please learn more and update your security settings. If you have any questions, contact us. Best regards, Apple Developer Relations

There are a few possible reasons for this. The first is, as the email states, to help secure developer accounts. By enabling the two-factor authentication, particularly for Certificates, Identifiers, and Profiles cannot be added by unauthorized users.

This will have some downsides though. By requiring two-factor authentication, only ten devices will be able to receive the two factor authentication codes. For most individual users, this will not be a problem. Five of these trusted devices can be Macs and five of these can be iOS devices.

I contacted Apple Support to verify the number, and it is indeed ten trusted devices that can be associated with an Apple ID.

For larger development groups who may need to allow more than one user to login to the Certificates, you will likely need add a user who has access to the Developer Resources.

If you have not already enabled two-factor authentication on your Apple Developer account, you will want to review the two-factor authentication support page to be sure that you have a way to recover your account, if needed.

macOS Mojave and Websites

Back in February, Apple announced some major changes to the fall release of macOS Server. One of the changes that they indicated was that many of the services would no longer be included in macOS Server. At the same time, some services would still be present but the user interface elements would be removed. One of the services that would no longer have a user interface is Websites.

macOS Server is used by many, including myself, as a development environment. Besides developers, there are also some companies that need to use Apple’s Profile Manager service, but they also need to use host an internal site, and they need to do all of this on the same machine. If you were running macOS Server running on High Sierra, this scenario was easy to setup and maintain. The same scenario is still possible on macOS Mojave, but it is not as easy. It will take some let us look at how to do this.

macOS bundles in a web server, the one chosen is apache. On macOS Mojave, it is version 2.4.34. This is the latest, as of this writing. The installation of apache is not any different than one you would install on other variations of Linux, which is a good. Even though apache is standard, there are some modifications that are made to accommodate the ability to use of other web-based services, and in particular Apple’s Profile Manager.

Default Configuration

Even under macOS Mojave with Server.app installed, there is a default configuration available. You can use this for your configuration, if you so choose. The default location for files is “/Library/WebServer/Documents/”. You can use this for configuration, the default alternative port is 8080. If this is all you need, then you can start putting files in the path above and navigate to http://127.0.0.1:8080, or another IP address on the machine and you can ignore the rest of this article. However, if you want to be able to make some additional configuration changes, read ahead.

Choosing a configuration

Before modifying any files, it is important to know that there are a variety of ways to configure apache. You could use a whole different IP address or you could just use a different port, on the same IP Address. This is the first item that you will need to determine. We will look at both approaches, because they are only slightly different.

The second thing that you will need to do is create a folder for the additional website. This is similar to how you would have done so with older versions of macOS Server. If you have an existing folder location, you can use that.

Once you have determined your approach and have created a folder, now we can start modifying the files. There is a standard apache configuration file, called httpd.conf. This is the primary configuration file for the apache service. The httpd.conf file is located at “/private/etc/apache2/httpd.conf”. You will need to open up the file with a text editor, either using terminal or a graphical text editor, like BBEdit.

Note:  macOS is Unix under the hood and can possibly require authentication when changing files. For this reason, it is best to use BBEdit for modifying files. BBEdit can handle this by providing an opportunity for entering in your password when saving the files.

Before modifying any file, you should make a backup copy of it. I always like to use the name of the file and its extension and put the date after file. Once you open this file you will need to make a couple of changes.

Making Changes

As mentioned, macOS Server takes into account the Profile Manager service. To accommodate this, there is a block of code that determines if macOS Server is using the default ports, which are 80 and 443. The following block is what is used to determine this.

<IfDefine SERVER_APP_HAS_DEFAULT_PORTS>
   Listen 8080
</IfDefine>
<IfDefine !SERVER_APP_HAS_DEFAULT_PORTS>
  Listen 80
</IfDefine>

This block checks to see if Server.app is installed and configured. If it is installed and configured, the default port of 8080 is used for alternative. However, if Server.app is not installed and configured, then port 80 is used. Here is where you need to enter in your configuration. If you only need to listen on a different port, you can enter in “Listen 8081” where 8081 is the port you want to use. If you want to specify an alternative IP address use “192.168.1.2:80”, where 192.168.1.2 is the IP address you want to use. As the last example shows, you can specify a port if you need to, which means you can combine the two and use something like “192.168.1.2:8081”.

The next step is to test to make sure it is working as expected. To do this, you will need to create a file in the directory you chose. The file should have something like this code,

<html>
   <head>
    <title>Test Page</title>
   </head>
   <body>
     <h2>This page is working</h2>
   </body>
</html>

After you have saved this file, you want to test your apache configuration. This is done by performing the following steps:

  1. Open Terminal
  2. Type in, or copy and paste the following command, without the quotes: “sudo apachectl configtest”. This command will check the syntax of your apache configuration and make sure everything works.

If there are no issues with your apache configuration, you need to restart apache. This is complete by doing the following steps:

    In the same terminal window, type in, or copy and paste the following command: “sudo apachectl restart”, without the quotes. This command will either start up, or restart, the apache service.

The last step is to open up Safari and browse to your new site. You should a page with the text “This Page is working”.

These are just the basic steps to be able to host both a website and profile manager on the same Mac running macOS Mojave. You can do some additional configuration, by configuring Virtual Hosts and enabling Modules. Again, this is the same version of Apache that is installed on linux, so there is a plethora of tips, tricks, and how to to guides available on the web.

Transition Guide

There is an entire Support Guide for transitioning some of macOS Server’s services to the built-in version of Apache. This is available on the Apple Developer site. The document also includes information on transitioning the SSL, if configured, on the site. This should help some people get started with configuring apache on macOS, while still keeping Profile Manager running.

iOS 12 and macOS Mojave e-books available for Pre-order

As has been the case in 2012, I have written a couple more books. Just like last year, I have written a couple of books. Also like last year there are two, one about iOS, tvOS and watchOS and the other about macOS.

In previous years I have published an iBooks version as well as an ePub. There is a slightly different approach this year, at least for my books on Apple. There is only going to be one version, ePub. The biggest reason for this that the ePub format that is produced by Apple’s Pages software can now do image galleries, which was the big reason for doing the iBooks version.

Similar to last year there will be paperback versions of the books, the order information for that will be forthcoming a bit later.


iOS 12 Book Cover

iOS 12, tvOS12, and watchOS 5 for Users and Developers delves into the changes and new features of Apple’s iOS-based operating systems.

Some of the changes covered include: performance improvements, privacy changes, grouped notifications, enhancements to FaceTime, improved photo features, suggested password enhancements and more. We will also cover some app updates, including changes to Activity, Stocks, News, Voice Memos, and Books.

There are also a bunch of new features like the new Siri Shortcuts which allows you to automate various tasks. Screen Time will let you gain insights into your, as well as your children’s, usage across all of your devices. If you like sending Animoji you will love the all new feature Memoji which allows you to customize an Animoji character however you would like. The new Live Listen will help those who may have a difficult time hear things more clearly. We will also dive into the new Safari password features which will help you use individual passwords on all of your devices.

For developers we dive into the Xcode Changes includes Dark Mode, Performance Improvements, changes around object libraries, and enhanced editing features. We will also dive into Grouped Notifications and how to provide threaded conversations. With Siri Shortcuts we will look at the different ways of adding intents. ARKit 2 is also covered which includes Quick Look and Persistence. For CoreML we look at how to improve model sizes with quantization as well as a brand-new framework related to CoreML, called CreateML. There are also two additional brand new frameworks, Natural Language and Network and we look at these as well. No Apple Developer book would be complete without looking at some of the changes that surround Swift.

There are some features for web developers as well which includes MapKitJS, MusicKitJS and ways to provide secure loading of remote content.

No matter your technical level, there is something for everyone in iOS 12, tvOS12 and watchOS 5 for Users and Developers.

You can pre-order the ePub from Apple for $3.99, or the Kindle version from Amazon for $3.99.


macOS Mojave Cover

Despite macOS being a mature operating system, the new version macOS Mojave (10.14) contains a bunch of new features. Some of the new features covered include Dark Mode, Screenshots & Markup, and the redesigned Mac App Store.

Besides the new features there are some major changes too including ones to Finder, Safari, and using unique passwords on each website. There are also four brand new applications that are coming from iOS. We look at these in-depth. These apps are Stocks, News, Home, and Voice Memos.

Server Administrators see some big changes with macOS Mojave and these are covered as well.

For Developers we cover Xcode changes include performance improvements, object libraries, editing enhancements, and code folding improvements. We look at implementing Dark Mode within your apps, Notarized apps, and implementing Finder Actions.

There are some new frameworks that are covered as well. These include the Network Framework, Natural Language, improvements to CoreML and a related framework called CreateML.

For web developers we cover MapsKitJS, MusicKitJS, and secure loading of content.

No Apple developer book is complete without a discussion of the changes around Apple’s own programming language, Swift. We cover some of the recent changes as well as some future ones.

You can pre-order the ePub from Apple for $3.99, or the Kindle version from Amazon for $3.99.

2018 MacBook Pro Thermal Bug

I did not write about this last week when it happened, because it appears as though there is a barrage of negative stories about Apple and with everything going on the world, who needs additional stories to get riled up about. Last week Dave Lee posted a video that showed that the Core i9 model of the 2018 MacBook Pro was throttling down its CPU under heavy loads. If you were to buy one of these computers, you would expect it to work really well, regardless of how much load the computer was under.

When the video was released many were skeptical that this was actually the case, and if it was indeed the case, that it was a design flaw with the MacBook Pro. It appears as though it is not a design flaw, but in fact it is a bug with the new 2018 MacBook Pros. Here is Apple’s statement:

Following extensive performance testing under numerous workloads, we’ve identified that there is a missing digital key in the firmware that impacts the thermal management system and could drive clock speeds down under heavy thermal loads on the new MacBook Pro. A bug fix is included in today’s macOS High Sierra 10.13.6 Supplemental Update and is recommended. We apologize to any customer who has experienced less than optimal performance on their new systems. Customers can expect the new 15-inch MacBook Pro to be up to 70% faster, and the 13-inch MacBook Pro with Touch Bar to be up to 2X faster, as shown in the performance results on our website.

This means that it is not the hardware itself that was the issue, but in fact it is software related. It is good to see that Apple took this seriously and found the cause of the issue. This bug affects the 13-inch models as well as the Core i7 and Core i9 15-inch models. It is highly recommended that you get the supplemental update to fix the issue. You can download it via the Updates tab in the Mac App Store, or by downloading it directly from Apple’s support page.

Via Six Colors.