Kategorie: Mac

Making your Mac a UNIX

Since OS X El Capitain there is no root anymore by default. At least not the root you know (which allows to access all areas). So therefore we have a crippled UNIX box now. Apple wants to increase security of the system by activation of System Integrity Protection (SIP) aka rootless-mode by default on any machine.

Good news is, you can deactivate that crap to work like you would like to work, as root. I want to own my machine 100 percent not just some paths of my volume. So here is an article „How to Disable System Integrity Protection (rootless) in OS X El Capitan“.

Here is a full copy of the article (Depublication-protection)

Apple has enabled a new default security oriented featured called System Integrity Protection, often called rootless, in OS X 10.11 onward. The rootless feature is aimed at preventing Mac OS X compromise by malicious code, whether intentionally or accidentally, and essentially what SIP does is lock down specific system level locations in the file system while simultaneously preventing certain processes from attaching to system-level processes.

While the System Integrity Protection security feature is effective and the vast majority of Mac users should leave rootless enabled, some advanced Mac users may find rootless to be overly protective. Thus, if you’re in the group of advanced Mac users who do not want SIP rootless enabled on their OS X installation, we’ll show you how to turn this security feature off.


For those wondering, System Integrity Protection locks down the following system level directories in OS X:

/System
/sbin
/usr (with the exception of /usr/local subdirectory)

Accordingly, rootless may cause some apps, utilities, and scripts to not function at all, even with sudo privelege, root user enabled, or admin access.

Turning Off Rootless System Integrity Protection in OS X El Capitan 10.11 +

Again, the vast majority of Mac users should not disable rootless. Disabling rootless is aimed exclusively at advanced Mac users. Do so at your own risk, this is not specifically recommended.

  1. Reboot the Mac and hold down Command + R keys simultaneously after you hear the startup chime, this will boot OS X into Recovery Mode
  2. When the “OS X Utilities” screen appears, pull down the ‘Utilities’ menu at the top of the screen instead, and choose “Terminal”
  3. Type the following command into the terminal then hit return:

    4. csrutil disable; reboot

  4. You’ll see a message saying that System Integrity Protection has been disabled and the Mac needs to restart for changes to take effect, and the Mac will then reboot itself automatically, just let it boot up as normal

You can also issue the command by itself without the automatic reboot like so:

csrutil disable

By the way, if you’re interested in disabling rootless, you may also want to disable Gatekeeper while you’re in the command line too.

If you plan on doing something else in the Terminal or OS X Utilities screen you may want to leave off the auto-reboot command at the end, and yes, in case you were wondering, this is the same recovery mode used to reinstall OS X with Internet Recovery.

Once the Mac boots up again, System Integrity Protection will be disabled entirely in OS X.

Checking the Status of Rootless / System Integrity Protection in OS X

If you want to know the status of rootless before rebooting or without rebooting the Mac into recovery mode, just issue the following command into the Terminal:

csrutil status

You’ll either see one of two messages, enabled indi:

$ csrutil status
System Integrity Protection status: enabled.

or

$ csrutil status
System Integrity Protection status: disabled

If at any time you wish to change the status of rootless, another reboot into Recovery Mode is required.

How to Re-Enable Rootless System Integrity Protection in OS X

Simply reboot the Mac again into Recovery Mode as directed above, but at the command line use the following syntax instead:

csrutil enable

Just as before, a reboot of the Mac is required for changes to take effect.

As previously stated, the vast majority of Mac users should leave rootless enabled and embrace System Integrity Protection, as most OS X users have no business in the system level directories anyway. Adjusting this feature is really aimed at advanced Mac users, whether IT, sysadmins, network administrators, developers, tinkerers, security operations, and other related highly technical fields.

Why do I blog this? I just hate it if default-configs take things away from me especially if it is a machine I paid money for and things become crippled for everyday use of a power user without even asking the user if he acknowledges the changes the new OS will drop upon his machine. Macs are now officially no UNIX anymore, they are crippled & locked down consumer OS’es in rootless-mode.

MacBook Pro 15″ Upgrade to Double-SSD-Power

flancrest_kitIch habe mir vor einiger Zeit für mein MacBook Pro (15 Zoll, Mitte 2012) ein Umrüst-Kit von Flancrest besorgt. Das Kit ist dafür gedacht, das integrierte CD/DVD-RW-Laufwerk auszubauen und in ein externes Gehäuse mit USB-Anschluss zu verfrachten und im Austausch einen Halterahmen für eine weitere SSD (Solid State Drive) in das Gerät einzubauen.

Der erste Versuch eine elementare Schraube für das CD/DVD-Laufwerk zu lösen ging allerdings gründlich schief. Ob es am Werkzeug lag oder an dem extrem weichen Schraubenmaterial kann ich nicht genau sagen. Ich habe alles probiert! Selbst WD40 kam zum Einsatz um diese dumme Schraube zu lösen. Aber es half alles nichts, das Laufwerk ließ sich nicht aus dem Gerät lösen.

Dieses Wochenende habe ich einen weiteren Anlauf genommen. Ich hab die Schraube, die mittlerweile ordentlich vergniesgnaddelt war, mit einem Metallbohrer Schritt für Schritt rausgebohrt. Eine ziemlich heikle Operation an einem MacBook Logic-Board. Damit da auf keinen Fall meine Maschine bei draufgeht, habe ich extreme Vorsichtsmaßnahmen getroffen.

Nachdem das MacBook geöffnet war, habe ich die gesamte freiliegende Platinenfläche mit Papier und Klarsichtplastikfolie mittel Malerkrepp extrem dicht abgeklebt. Ziel war auf jeden Fall das Eindringen von Metallspänen in das Gehäuse/Logic-Board zu verhindern. Dann habe ich nur die kleine Stelle an der der Bohrer die Schraube erreichen musste geöffnet in der Abdeckung und nochmals den Randbereich dicht verklebt mit Malerkrepp.

Von der Internationalen Raumstation ISS wusste ich, dass sie dort an Bord erfolgreich umherfliegende Metallspäne verhindert haben, indem sie Rasierschaum auf die Bohrstelle aufgebracht haben. Genau das habe ich auch getan, denn was auf der ISS funktioniert, muss auch am Boden helfen können. Und das hat auch super geklappt! Das ist sogar mittlerweile offizielle Empfehlung für Werkzeugarbeiten an Bord der ISS.

ISS toolkit should always include tungsten and carbide drill bits, screw extractors (aka easy-outs), and offset cruciform and Torx drivers. Also a soldering kit, multimeter, and a selection of insulated wire, resistors, and other small electronic components. Hardened steel drills are completely ineffective for drilling out hardened aerospace grade fasteners. Shaving cream works well to capture drill shavings in microgravity

Kurz und gut… nachdem ich den dritten Bohrvorgang mit einem Metallbohrer durchgeführt hatte (Bohrer hatte dann genau den Durchmesser der Schraube), war der Schraubenkopf endlich ab und ich konnte das Laufwerk aus der Verankerung lösen. Ein ziemlicher Aufwand. Nachfolgend sieht man die Abfolge der Schritte in Reihenfolge per Bild dokumentiert, falls das mal wer nachmachen möchte. ;-)

Montage bzw. DIY-Flancrest Einbau
Schraube ausbohren aus dem Halterahmen für das CD/DVD-Laufwerk in einem MacBook Pro 15 Zoll

Nun habe ich eine 1TB Samsung SSD und eine 256 GB Samsung SSD in dem Mac. Ich kann jetzt beliebig booten, da beide Volumes bootfähig sind und kann problemlos z.B. auf dem 256 GB Volume neue Beta-Versionen des OS installieren oder sie zum experimentieren für andere Betriebssysteme nutzen. Versucht das mal mit einem aktuellen MacBook Retina, viel Spaß! LOL.

Why do I blog this? Das war eine ziemliche Operation, über deren gutes Ende ich echt froh bin. Die ausgebohrte Schraube wird gottseidank nicht unbedingt benötigt, um den sicheren Halt des Flancrest-Adapters sicherzustellen. Ich kann aber echt nur davor warnen, Schrauben im MacBook mit dem falschen Werkzeug zu bearbeiten oder etwa halbherzig zur Sache zu gehen. Die erste Umdrehung und Kraftübertragung muss bombensicher sitzen, sonst hat man bei diesen weichen Schrauben keine zweite Chance. Ich hatte zwar den richtigen Kreuzschlitz-Schraubendreher, aber die Schraube war einfach zu fest. Merkwürdigerweise hat auch WD40 daran nichts ändern können. So gesehen, soll dieser Post ein wenig abschreckende Wirkung haben. Richtiges Werkzeug, richtig angesetzt! Darauf kommt es an!!

WWDC & iOS 9 Expectations

ios_9_expectations_wwdc

What I expect today Monday, 8th June 2015 in one sentence? They will present Apple Music Streaming in a slide at around 0:20 and then keep raving about the endless possibilities for developers and Apple until delta-t = -0:05, when they will mention that they’ll gonna build their own search engine like Google called heureka! to improve user experience & search results for Siri on the Apple Watch…

iOS

  • another all new awesome design for iOS 9 or 10, again(!)
    …after mr. ive found someone else to clean up the wreckage & promoted himself away from the heat of the kitchen
  • iOS 9 (codename: sirene) announcement for autumn 2015
  • swift, swift, swift … even more swift
  • watch, watch, watch … even more watch
  • indie, indie, indie … even more indies. wait… that was 2008.
  • developers, developers, developers … even more developers. wait… that was 2008, too.
  • elimination of the home & touch id button. i.e. removed mechanical movement.
  • iOS multiwindow support, because ya know, things are too easy to use right now and we actually learned how to build „complications“ from the watch…
  • new resolution and/or new aspect-ratio screen/device/rectangle
  • all lightning ports get killed™ by USB-Type-C (was a nice, short time lighting)
  • a new privacy option for GPS: allowed only if moon has declination of 45 degrees or higher & has full moon phase
  • Setch™ the absolutely stunning new search engine to search for settings & options on your iDevice
  • TouchID will gain more options to configure „shortcut-fingers“ to directly open specific apps and/or execute certain tasks, like compose a new tweet.
  • …to be continued.

OS X

  • OS XI with even less control left for the user. more drm. more hw-dongle.
  • new finder (just kiddin‘!)
  • iTunes with beats™ streaming
  • iTunes with a usable & consistent UI (just kiddin‘!)
  • CAPS LOCK gets killed™ from the keyboard. (just kiddin‘!)
  • Xcode Cloud, you will be able to code in the Safari Browser; all your code is autosaved in iCloud Drive; better swift support, too; 5 GB storage space sold separately
  • iDevice Developer Lab Kit, you can order a nicely designed rack for mounting all your bought iDevices for debugging. comes with one USB-Type C port, adapters for lightning to usb and usb-type-c to usb3 sold separately
  • apple pay for the desktop
  • apple tv officially replaced by mac mini running OS XI TV edition™ with kodi
  • wifi will be fixed (just kiddin‘!)
  • you will no longer be able to disable gatekeeper for non-appstore-apps
    you will need to enter your password everytime instead (that is more secure, ya know)
  • a new mighty magic force touch wireless mouse running on wifi instead of bluetooth to enable long distance mouse handling, will be presented, it will be amazing like all the others (and maybe carry TouchID)
  • from now on everything is labeled beta makes things easier for everyone, even though it is already 2015 and not 2008.
  • management found a way to increase the budget to fix software quality by increasing apple cut to a 40% of developer revenue starting 24th of october 2015
  • TouchID will be made available to other devices via a new keyboard (or mouse)
  • …to be continued.

Change

Please compare…

and…

Source: Users don’t hate change. They hate you. — The 9x Effect Applies to Redesigns Too

Post WWDC Recap

Things predicted/expected successfully…

  • Searchable settings for iOS aka Setch™
  • Multiwindow aka splitscreen support
  • swift, swift, swift only code examples
  • beats(one) streaming music (aka internet radio revolution)
  • everything beta™ now is a reality (swift, iOS, OS X, watchOS, Apple TV, Connect, Apple Music)

Others reflecting

Why do I blog this? As usual for the fun of it of guessing the things to come and as a catharsis to clean myself of all the pain I had with iOS 7 transition. Oh and btw, the picture at the top… I chose the Ulysses and the Sirens lithograph by Otto Greiner as a motive (maybe I should have chosen this one, bc. this one guy fettering Ulysses to the boat I do not see him anywhere at Apple…) & the music for several reasons…

  1. The Emperor’s New Clothes is still valid (that’s why people are naked).
  2. the sirenes are still in full swing singing their song to augur the promised land of awesome design
  3. the picture has lots of gfx interruptions in resolution which stand for the overall UXP of iOS & OS X which now is driven by interruptions & glitches all over the place
  4. the song from „Die Antwoord“ (was removed from soundcloud) „Pantera“ expresses without any lyrics perfectly the state of the union: broken

All this makes it hard to believe in my own wishes which I will hold back this time, because they seem to not matter at all any longer.

My realistic take on Apple’s future with a valid business model? They could just throw all money on encryption & Apple Pay to push and create and be the Core Payment Infrastructure of the future™. In 2017 presenting a blockchain based payment extension will cement the future path of Apple as the new VISA/MasterCard-Killer worldwide. They are a bank already… so it’s just one small step for Tim Cook… but…