Is Apple's Software Quality Slipping?

If you're working in the Apple ecosystem, you've probably noticed some sturm und drang about Apple's software quality. Many people are pointing out that it seems to be slipping. I don't want to debate if that, itself, is the case. What I haven't seen in this conversation, though, is a difference between problems in newer, high-level software/systems ("Handoff"), and long-term, foundation software/systems ("WiFi").
For example, the Handoff feature is essentially at version 1.0. It mostly works, but certainly isn't up to Apple's famous, "it just works," standard. To be clear, this is fine by me. It's version 1, they'll get it right next time. On the other hand, how on Earth do you screw up WiFi? In 2014-2015, this is how you connect. The vast, overwhelming majority of your customers use Wifi. It's a well known system at this point. How did Yosemite ship with a drastic bug in WiFi? (Go search for Yosemite WiFi - this is not an isolated incident.) The list goes on: DNS, for example. In many of the past major releases, DNS behaves in ways completely different from previous OS releases. Of course, Apple releases no public documentation about this, so, we're left to discover and document this on our own. In Yosemite? Regressions, missing options supported previously, and so on. Go on, change iTunes' UI, let AirDrop be a mess, even give us a questionable new UI for the entire OS. But for all that is sacred, DO NOT SCREW UP DNS! If you're going to change it (for the better) ensure that this change is truly forward compatible. (Update: this was, 'as shipped'. 10.10.1 mostly knocked things back into shape as far as DNS, but there are still previously-supported options missing. So, no longer, 'broken,' but still not where it should be. At each release, I've had Apple Engineers proudly proclaim that their subsystem was, "rewritten from scratch." 15 years ago, Joel Splosky wrote about why this is a bad idea: Times haven't changed.)
Is Apple's software quality slipping? I tend to agree with some of the apologists here: there have always been problems. The part that worries me, though is that a different class of software is slipping or just not getting better. Before I even get to the trivial issues (Handoff, iTunes, Finder rows not alternating properly, etc.), I'm confronted with decades-old subsystems that should be on auto-pilot by now not working as expected. That's terrifying to me.

Music Rig at MacTech Conf 2014

To open up MacTech Conference in 2014, instead of the usual pre-progrmmed audio/video, I decided on a little bit more of a performance. This included some live coding of music, some live performance by playing music, live sampling and pre-recorded segments. I promised a lot of people to detail my setup, so, this post aims to do just that.

I opened it up with some really basic live coding of music using Sonic Pi: Originally created for the Rasberry Pi, there's a Mac version now, and naturally, that's what I used. The great thing about running it on a Mac, is that you have a host of other tools at your audio disposal. While Sonic Pi has some basic effects available, it's much nicer to be able to enable/disable and adjust effects on the fly using, "traditional," knobs and sliders.

Like many single-use things-that-make-sound on the Mac, sound is sent directly to the default output as specific in the Sound Preference Pane. Soundflower ( is a system extension that creates a virtual sound interface that then allows you to route audio around internally. Using Soundflower, I set the system default output to Soundflower's input. If you're thinking about this, you'll realize that this means all sound will go into Soundflower's in, but never get output anywhere. Here's the real secret sauce: Logic Pro.

I'm not saying Logic Pro is the only tool here, but it's the one I use. I've been using Logic since version 3, before Apple bought eMagic and took over the software, so, it's pretty ingrained in my brain, muscle memory, and workflow. (Logic: With Logic, I can set a channel to mix a Soundflower channel in, and output Logic's master out to *any output on the system*, overriding the System default. Of course, on that channel, you can apply effects and manipulate them in real time.

So, in this initial example, the flow looks like this:

Sonic Pi -> Soundflower -> Logic -> System Output.

Of course, you can have several tabs in Sonic Pi starting up sounds and rythyms independently (or even synced to a Sonic Pi internal metronome). I did some it-stays-in-sync-because-it-does syncing between Sonic Pi and Logic for some of the later pieces. On my MacBook Pro, I found that Sonic Pi's tempo command is exactly half of the BPM used in Logic. (So, set the tempo in Sonic Pi to 65, and in Logic to 130.) This is great for effects-only load outs in Logic, where you just want effects to be in time, or even where you're actually keeping music in sync. I was able to start up a drum beat in Sonic Pi, and then, with a lot of practice, start up Logic's sequencer and just let that go, and the two stayed in time.

For a little fun, when I let the procedurally generated music go without my input, I'd fire up visualizers that could react to the audio and get that up on the large screens.

Sonic Pi is fun to use on its own, but it does take a little work to get up to speed to anything really interesting. Soundflower is a useful utility in ways outside of audio, but I am also surprised how many electronic musicians don't know about it. Finally, there's Logic. Logic may not be the tool for everyone, so, I'd love to hear about alternatives that may be less expensive or less confusing.

If you're looking to experiment with any of this, have fun! I'm happy to answer questions where I can.

Anti-Virus Options for OS X

I'll give you the executive summary ("TL;DR") version right up front: the world of anti-malware products for OS X is pretty awful.

Most products are re-cycled from their Windows counterparts and don't feel like something made for OS X. Many products destabilize the OS or have a heavy impact on CPU. Worst, many have vulnerabilities themselves, making you feel secure for having installed them, but in reality making you less secure.

Then, there's just plain foolishness. While evaluating the state of current A/V for OS X, I tried to get a trial of Symantec Endpoint Protection for Mac. After spending time on the website, and figuring I was just missing how to download it, I chatted with a sales rep. No, he assured me, I wasn't just missing it: there is no trial for the Mac. "Can't be," I thought.

The good news: there is a Mac client.

The bad news: you need to download the Windows version of the product, which weighs in at 1GB. It's a Windows .exe executable file. Or is it?

The Windows app is really a 7zip executable, so you can unpack it with The Unarchiver on your mac. This reveals a "Symantec_Endpoint_Protection_12.1.2_Part1_Trialware_EN" folder. Inside that archive at the path SEPM/Packages/, you'll find SEP_Mac.dat. Rename it to and again use The Unarchiver to unpack this and you'll get a new folder with the installer.

Why the obscurity?

Possibly the worst part of the whole experience? Symantec recommends that you use their Java-based download manager to download the file. Yeah, Symantec is truly concerned about security.

PSU MacAdmin Handout

I'm giving a presentation at this year's Penn State MacAdmin Conference. So people can pay attention and don't have to scribble notes, here's a complementary document that contains notes and links to everything I talk about in the presentation.

Updated[2]: For Security's Sake: Remove Diginotar CA Certificate

Apple has released a security update for Snow Leopard and Lion that addresses this issue:

Snow Leopard:

There is no update for Leopard, so, in that case, you should still follow the instructions below.

Apple's update simply drops these files into place (on Lion):


So, no matter which updates you made to the Diginotar cert -- delete or untrust -- the Apple update will just plow over all of that with the right setting and updated certs.

While ignoring how broken the entire Certificate Authority (CA) model is, here's what you should do right now: Delete the CA cert for Diginotar from your system. Why?

Now, if you're an individual, this is simple: just remove it from your system. Since I largely focus on Macs here, that would be in the keychain. Open Keychain, search for "Diginotar" and delete the resulting certificate.

...and don't forget Firefox, which keeps its own list of CAs:

But, what if you're a Sys Admin responsible for protecting a fleet of machines and you don't expect end-users to do this themselves? (Or, that you're going to personally visit each machine.) Automate it, of course! The security binary will help you do that:

sudo /usr/bin/security delete-certificate -Z C060ED44CBD881BD0EF86C0BA287DDCF8167478C /System/Library/Keychains/SystemRootCertificates.keychain

(You can first check for the existence of the certificate using security's find-certificate instruction.)

Of course, you're using a system management framework that will allow you to run this command on all the machines in your fleet, right?

Update: This turns out to be a little more complex than simply removing the certificate. While removing the Diginotar cert is still recommended, DigiNotar is cross signed by other CAs. Removing the Diginotar root only removes one of them (and there are 5 paths). Also, it seems that there are some bugs in Apple's certificate handling in some cases. So, what can we do?

Certainly, remove the Diginotar cert from your machines, as that does help the most egregious cases. From there, we have two options: Use FireFox 6.0.1, which uses its own root certificate store and is now protected against this. Secondly, we need to wait for a patch from Apple--the only one in a position to really address this. Only a patch from Apple can completely fix browsers and apps that rely on the system store, Safari, of course, being the biggest use case, with Chrome and as two other Webkit-based apps that may rely on the system root store for certificate handling.

(Big thanks to Harald Wagener for review on this, and reminding me about using find-certificate.)

Dumping the Dropbox Database

A while ago, I wrote a quick script to dump the database that Dropbox uses to store its config info. I use this in my .bash_profile script mainly to locate the Dropbox folder on any given machine I'm on. If you're curious as to what's getting stored, I've attached the script here.

Reset Apple Software Update Service (SUS)

Honestly, there's no more finicky service under OS X Server than Software Update. Sometimes, you just need reset the service and start from scratch. Under Server 10.6, the best way I've found is to:

- Stop the service.
- Get a shell on the server and sudo up to root.
- mv /var/db/swupd /var/db/swupd.old
- mv /etc/swupd /etc/swupd.old
- mkdir -p /var/db/swupd/html
- chown -R _softwareupdate:_softwareupdate /var/db/swupd
- chmod g+w /var/db/swupd
- Use ServerAdmin to (re)set the preferences for the service
- Let 'er rip. (start the service)

New 11.6" and 13" MacBook Air Compile Benchmarks

This is a super-simple benchmark of compile times on the new 11.6" and 13" MacBook Air machines. I downloaded Adium 1.4 and ran time make in the top-level directory. The 13" MacBook Air model was the base 2GB model, while the 11" was the higher-end model with the faster CPU and 4GB of RAM. Both machines were freshly booted with no other software running besides

13" MBA

Hardware Overview:
Model Name: MacBook Air
Model Identifier: MacBookAir3,2
Processor Name: Intel Core 2 Duo
Processor Speed: 2.13 GHz

WebKit Web Inspector Anywhere

Pretty awesome utility: most people know that you can pull up a web/javascript debugger under Safari. But did you know that you can expose this on (nearly) any WebKit frame? Try this:

defaults write -GlobalDomain WebKitDeveloperExtras -bool true

...and then launch (or, quit and relaunch) any app that exposes a WebKitUIView. Right-click on the WebKitUIView and choose "Inspect Element" - Bingo! Up pops the WebKit web debugger.

Now, some applications block this ability unintentionally, or sometimes very intentionally (, I'm looking at *you*).

Managed Prefs Presentation in NY

I've been meaning to mention: I'll be giving a talk about Macintosh managed preferences (related to the book) at the monthly Tri-State Chapter of the Apple Consultants Network.

This takes place on the 2nd of September at 6pm at Novaworks in NY. If you're an ACN member, I hope to see you there. If you're not and would like to attend, ping me via e-mail.

Syndicate content