hoakley July 9, 2023 Macs, Technology

Last Week on My Mac: Banishing Sonoma fears

Your comments here reveal two big fears for each major release of macOS: that it’s somehow becoming more locked down and slowly merging with iOS, and more specifically that Apple is going to block apps and command tools that aren’t notarized. In both cases, I think they’re the natural result of unfounded rumour and a misreading of what’s actually happening within macOS.

Back in 2014, Apple had two operating systems, OS X and iOS. By the end of the following year, it had doubled that number with the addition of watchOS and tvOS, then belatedly added iPadOS in 2019. This year it has added another, visionOS, bringing the total to six. Rather than sprawling over multiple devices as they were when iPads were first launched, these are diverging to cater more specifically for the features and capabilities of Apple’s main product lines.

There’s an even clearer picture if you look into the heart of those operating systems. Although there’s a lot in common between their kernels as they’re each based on XNU, there’s also a great deal that remains distinct. macOS has long benefited from swap space, but while iOS also has virtual memory, it doesn’t use swap storage. One of the improvements made to iPadOS 16 last year was the introduction of swap storage, just one example of how it’s diverging from iOS.

Much of the power within macOS comes from its kernel extensions. Of the nearly 600 that ship in Ventura, the great majority are unique to the Mac. For third-party developers, modern replacements for kernel extensions are system extensions and their kindred, which only exist in macOS. For all the compromises that might have been made in APFS, it too has plenty of features like snapshots and clone files that only come into their own in macOS, where they’re essential to Time Machine, another major feature that’s confined to macOS. Then there’s lightweight virtualisation, the Finder, Stage Manager, multiple user accounts, background items, Mission Control, external storage, and so many other distinctive features of macOS.

Pessimists convinced that Apple’s six operating systems are going to merge into one, point to outward signs such as System Settings, which is supposedly more like Settings in iOS. While changes in Ventura have taken some getting used to, when I do have to return to System Preferences with its ridiculously small fixed-size window, I for one am only too happy to move on with Ventura. Apple should have brought that change even sooner, as it makes long lists of privacy settings in Privacy & Security far more manageable, a problem also confined to macOS. But it really does have nothing whatsoever to do with Settings in iOS.

Many of Apple’s more than 10,000 engineering teams work across platforms, and so they should. We all expect a consistent and integrated experience across our Macs and devices, and there’s no better way to achieve that. Improved integration of tools like SwiftUI also benefits all, and rumours that Apple is abandoning its single-platform interface libraries AppKit (macOS), with its origins in NeXTSTEP, and UIKit (iOS, iPadOS and tvOS) are palpably false. A glance at the AppKit release notes for Sonoma confirms that. Unlike some operating systems, Apple’s maintain clear separation between computers controlled using mice/trackpads and keyboards, and devices driven by touchscreens, and separate human interface guidelines are provided.

Apple has several times stated at WWDC that it has no intention of preventing users from running code of their own choosing on macOS, rather than requiring all executables to be distributed through the App Store or notarized. Last week I looked at how Ventura checks apps and command tools now, and found no evidence that unnotarized executable code is put at any disadvantage, for example by checks that might delay its launch.

Under the security procedures built into Ventura 13.4, you’re free to choose from apps and tools that are:

bundled by Apple in the SSV;
supplied through the App Store;
notarized by Apple and supplied by developers;
signed ad hoc and built by friends, or yourself.

Although apps and tools that haven’t been notarized don’t benefit from the malware checks performed by Apple for the purposes of notarization, or Apple’s control over their ticket validity, they should still benefit from protection by Gatekeeper checks and provenance tracking. In circumstances where you don’t need the chain of trust provided by a developer certificate and independent malware checks, ad hoc signatures are better than nothing. They also ensure that Mac users can continue to run code of their own choosing.

16Comments

Add yours

1

John on July 9, 2023 at 10:45 am

Hi, Howard. I am a real amateur Mac user. However, I love to learn more. Your articles are broadening my knowledge. Under the four types listed above (eg. bundle by Apple in the SSV, notarized by Apple, etc, I assume your programs such as SilentKnight are notarized? Is there a cost or contribution I can make?

LikeLiked by 2 people
- 2
  
  hoakley on July 9, 2023 at 10:51 am
  
  Thank you, but all my apps here are completely free, and always will remain so. And yes, they’re all fully notarized by Apple in accordance with its instructions to third-party developers. That should provide good assurance that when you download and install them, what you’re getting isn’t malicious, and is exactly the same app that I developed here. I’m proud to have been one of the early adopters of notarization, and even my command tools have been fully notarized since Apple introduced the feature. The cost to me is trivial – the £90 or so of an annual subscription as a developer. That’s the least I can do to ensure that you have that assurance.
  Enjoy!
  Howard.
  
  LikeLiked by 2 people
  - 3
    
    John on July 10, 2023 at 12:41 pm
    
    Thanks so much! Is there a way I can post an original question that may not be germane to the topic under discussion? Again, due to my inexperience, I feel that I am inserting a tangential comment to the topic at hand. I have done this twice.
    
    LikeLiked by 2 people
    - 4
      
      hoakley on July 10, 2023 at 3:39 pm
      
      The best I can suggest is that you find a fairly recent article in the area, and post as a comment there.
      I try to be tolerant of off-topic posts!
      Howard.
      
      LikeLiked by 1 person
5

Joe Hanna on July 9, 2023 at 12:50 pm

From a user experience standpoint, I’ve found it difficult to take Apple seriously when they say iOS and iPadOS are different operating systems, but they should be, and I strongly believe Apple should be doing so much more with iPadOS. I’ll leave it at that, before I write a tome of gripes that would be better directed at Apple. That said, I didn’t know that my iPad is swapping memory and my iPhone isn’t, and you bring up a good point that there are probably many differences between the two that I’m not aware of.

LikeLiked by 1 person
- 6
  
  hoakley on July 9, 2023 at 4:34 pm
  
  Thank you. I don’t use iPadOS enough to comment further.
  Howard.
  
  LikeLike
7

Sab Gigo on July 9, 2023 at 1:43 pm

Thanks, as usual, for setting the facts straight about macOS. Should the somewhat specialized “audioOS” be added to the list, or is it just considered an offshoot of tvOS?

LikeLiked by 1 person
- 8
  
  hoakley on July 9, 2023 at 4:37 pm
  
  Thank you. That’s a good point, although Apple refers to audioOS as ‘firmware’ rather than a discrete OS, I believe. It has also had many similar embedded OSes, such as those in Time Capsules, and that currently in the Studio Display, which is a derivative of iOS. Perhaps I could make the arbitrary distinction that third-parties can’t develop for them, and they’re not targets for Xcode?
  Howard.
  
  LikeLiked by 1 person
9

Simon on July 9, 2023 at 2:32 pm

System Preferences could have been given a resizable window without forcing iOS style widgets or hiding network locations. Code base is one thing, but it’s not what 99% of the user experience. OTOH, trying to make an OS optimized for KB/mouse organize, look, and feel like an OS optimized for touch is uncalled for. This a push driven by marketing at the expense of usability and efficiency. It needs to be stopped and sanity restored before we get a toaster with integrated freezer. And I’m not talking about the $3.5k ski goggles there. 😉

LikeLiked by 1 person
- 10
  
  hoakley on July 9, 2023 at 4:45 pm
  
  Thank you.
  System Preferences was one of the worst and most neglected parts of macOS, so much so that it was an embarrassment that broke almost every section in the Human Interface Guidelines. It needed a complete rewrite, which is what Apple did at last.
  I’m no lover of SwiftUI, and don’t use it in my apps, however Apple is continuing to invest a great deal of effort in making it the preferred interface development system for all its OSes, including macOS. I think it’s only reasonable that System Settings should use SwiftUI rather than anything else. The end result is native macOS and works well with trackpad and keyboard, far better than System Preferences ever did. Parts of the old functionality, such as network locations, were initially omitted (I think accidentally, and not intentionally removed), and over the next year or two we should see continuing improvement as both System Settings and SwiftUI evolve.
  Trying to bodge System Preferences to rectify its many and fundamental failings would have been a far greater disaster.
  There are times when it’s so much better to start from scratch, and this was definitely one of them. I for one wouldn’t go back to System Preferences even if wild horses dragged me.
  Howard.
  
  LikeLike
11

Sebby on July 10, 2023 at 4:25 pm

Well I’m still disgruntled to find that there’s no way to get the com.apple.vm.networking entitlement for your own binaries—no whitelist, and even escalating the process to root won’t do it even though it would otherwise be possible by other means. I switched to (the very excellent) qemu just to get bridged networking, even though the virtualization.framework-based vmcli would have been more than enough.

So there’s that …

LikeLiked by 1 person
- 12
  
  hoakley on July 10, 2023 at 4:41 pm
  
  You can do the same I will have to do when I get the chance – apply to Apple if you want to use that entitlement. You couldn’t add it to someone else’s app anyway, as entitlements have to be baked into the signature.
  Sorry, that’s Apple’s call.
  Howard.
  
  LikeLike
  - 13
    
    Sebby on July 10, 2023 at 4:56 pm
    
    That’s fair enough, but I think it substantiates a general worry at the apparent arbitrariness of Apple’s policies toward the Mac, and specifically in being rather “iOS-like”. Of course, it’s not an unreasonable restriction to prevent unpriveleged processes from injecting and capturing Ethernet frames, but there’s no sense in which denying even an administrator from adding it provides any additional security.
    VMCLI is open source, you compile it yourself and it already has the support needed, you just need to request Apple’s approval for the entitlement, as you know. Good luck, I expect it’ll be fine because you’re furnishing direct-download apps. This really is rather more of a bother to server admins and other undesirables who need CLI tools. Theoretically vmcli’s author could build a binary too. Maybe I should raise an issue on that. Also, there’s socket networking, so you could run a root-owned process to do the vmnet stuff and have the unpriveleged app talk to it over a socket, much as qemu can be made to do. Anyway, I have a solution now, so all’s well that ends eventually.
    
    LikeLiked by 1 person
14

Ralf on July 10, 2023 at 9:13 pm

With each new release, the architecture with the complex interaction of different volumes was changed and developed.
Looking in the rearview mirror, is Apple following clear lines here or is trying this and that in search for the best way to achieve more security? Will the architecture reach a optimum state or will it keep changing?
What I find unfortunate is that elements such as AppleScript and JXA are not being developed further. Maybe there are complete, but one has the impression it will be removed like Python or maybe (?) Ruby. What will happen with shortcuts in the long run?
It would sometimes be good to know where Apple wants to go with MacOS in the long term.

LikeLiked by 1 person
- 15
  
  hoakley on July 10, 2023 at 9:30 pm
  
  With the wisdom of hindsight, what has happened is very clear, and the progression to Apple silicon:
  – end 32-bit support with Mojave; Apple wisely wouldn’t support 32-bit ARM, and didn’t want the complications of Rosetta 2 trying to cope with translating 32-bit x86
  – change to the boot volume group with Catalina, but at that stage make the System volume read-only
  – change to the SSV with Big Sur, bringing new installers and booting from a snapshot
  – minor improvements in Monterey (e.g. paired Recovery) and Ventura (e.g. RSRs and Cryptexes).
  So Big Sur established the architecture needed for Apple silicon Secure Boot. Since then, there has been relatively little change. And Apple has announced nothing for Sonoma that’s likely to bring major change there either.
  This isn’t just about security: the SSV brings more reliable installers and updaters, and greatly improved reliability. The old days of reinstalling macOS every few months have gone.
  As for AppleScript, the writing has been on the wall for years. Woefully under-used, and now a security nightmare. What will happen in automation is anyone’s guess, but I suspect that Apple intends Shortcuts to flourish.
  I don’t know how far into the future Apple plans, but it’s several years at least, and that’s essential when you’re designing and making your own chips, because of the long lead time required. But Apple has always kept its secrets, and never shared a roadmap with anyone else.
  Howard.
  
  LikeLike
  - 16
    
    Ralf on July 10, 2023 at 9:39 pm
    
    Thank you for your comments, Howard.
    That’s interesting that you call the changes in Monterey and Ventura minor. Some call for longer development cycles than one year. I don’t think it really matters whether 13.5 is followed by 13.6 or 14.0 – this numbers are just names.
    I like using shortcuts, but the setup of details of some actions is a pain. I am far from being an Apple Script expert, but it would be missed.
    
    LikeLiked by 1 person