Long Live The King Mac OS

Steve Jobs wore black Monday, and not just because that’s the Apple CEO’s usual sartorial color of choice. Instead, Jobs donned his trademark black mock turtleneck to preside over a funeral for Mac OS 9. Pigments 1 1 1 – polychrome software synthesizer software.

So as a coffin appeared on the San Jose Convention Center stage and Bach’s Toccata and Fugue in D Minor echoed through the crowded exhibit hall, Jobs kicked off Apple’s annual developers conference by laying to rest OS 9, eulogizing the classic Mac OS as “a friend to us… always at our beck and call, except when he forgot who he was and needed to be restarted.”

The opening of Jobs’ keynote may have lacked subtlety, but it drove home Apple’s message to the Mac software developers in attendance–drop whatever work you’re doing in the old Mac OS and shift all your efforts to the operating system of the future.

'The king is dead, long live the king!' , or simply 'long live the king!' Is a traditional proclamation made following the accession of a new monarch in various countries. The seemingly contradictory phrase simultaneously announces the death of the previous monarch and assures the public of continuity by saluting the new monarch. In modern times, this phrase has become a popular phrasal template. Given the memorable nature of the phrase, as well as its historic significance, the phrase crops up r.
Long Live the King King Koleman Hip-Hop/Rap 2018 Preview SONG TIME Living Legend. 3:35 PREVIEW Goodbye.

Long Live the Queen is a visual novel role-playing video game. The story of the game follows a young princess who is training to become queen after the death of her mother. The objective of the game is to keep the princess alive for 40 weeks until she turns 15 and is crowned.

“Mac OS 9 isn’t dead for our customers yet, but it’s dead for [developers],” Jobs said. “Today we say farewell to OS 9 for all future development, and we focus our energies on developing for Mac OS X.”

But Jobs did more Monday than just exhort software makers to shift all their development to OS X; he also gave them something to develop for, providing the first public glimpse at the next major update to OS X. Code-named Jaguar and slated for a late summer release, the update will add a built-in instant messenger client, handwriting recognition technology, a new version of Sherlock, and improvements to OS X’s Mail and Finder, among other features.

“After we got OS X 10.1 out, we had a chance to bring out the next wave of new technologies to put into your hands,” Jobs said.

100-Percent X

The annual developer conference gives Apple a chance to sit down with software makers and pore over the nuts and bolts of creating Mac products. It also provides Apple with a forum for spelling out the future direction of the platform. Last year, Apple used the conference to announce that OS X would come pre-installed on every new Mac, a sign of what Jobs called “a total commitment on Apple’s part.” This year, Jobs asked for that same kind of commitment from developers.

The numbers are certainly in OS X’s favor. The new operating system began 2002 with one million active users, according to Apple. The company forecasts that five million users will have turned to OS X by the end of the year.

Mac developers have pushed out roughly 3,000 OS X-native applications since the operating system’s March 2001 debut. However, many of those programs run on both OS 9 and OS X–“understandable in this transition,” Jobs said. What Apple would like to see now is more companies following the lead of Microsoft, which announced last month that all future product releases would be OS X-only, like its native Office v.X productivity suite.

Indeed, Apple plans to follow the same course of action. Jobs cited the recent release of iPhoto–another OS X-only application–and said Apple’s future development plans will focus entirely on the new OS.

“One hundred percent of everything we’re doing is X-only,” he said.

Meet Jaguar

That includes Jaguar, the next major version of OS X. Apple expects to release another minor update to the OS before Jaguar arrives by late summer of 2002.

When it is released, Jaguar will introduce a number of changes into OS X. Look for spring-loaded folders–a familiar element from the classic Mac OS–to appear in the Finder, working in icon, list, and column views. The Finder also adds multithreading support and an integrated search function.

OS X’s Quartz engine will undergo an overhaul, creating what Apple bills as Quartz Extreme. The improvement–which requires AGP 2X graphics cards and 32MB of video RAM–is a hardware-accelerated graphics and compositing engine.

Quartz figures into another improvement introduced in Jaguar–universal accessibility. Using the graphics engine, Mac users can zoom in on portions of the screen, making it easier to see text files and QuickTime movies. Other accessibility enhancements include a screen reader that will read any text you place a cursor over, full keyboard access, and visual notification.

Jaguar promises to improve OS X’s Mail feature, adding intelligent spam filtering, auto-merged mailboxes, cross-mailbox searching, color highlighting to set apart threads and messages from specific people, and QuickTime support. The update also adds an Address Book that can, in theory, be used with any OS X application. As an example, Jobs talked about using the Address Book’s rollover menu to automatically dial a phone number from a Bluetooth-enabled cell phone.

Jaguar will also incorporate updated versions of existing Apple software. QuickTime 6, announced earlier this year will be integrated into Jaguar, featuring full support for MPEG-4 encoding and decoding and Advanced Audio Coding (AAC). The OS X update will ship with Sherlock 3. The latest version of the Internet search and services engine will add new channels that look for images, news, and Yellow Pages-type content.

What’s New

Besides updating existing features and applications, Jaguar will introduce new capabilities to OS X. Chief among them is Inkwell, a handwriting recognition technology that will look familiar to anyone who’s ever seen a Newton handheld device in action.

“You’d think that hundreds of millions of dollars on Newton technology would get us something,” Jobs said.

Inkwell will work with any application that accepts text input. Ken Bereskin, Apple’s director of product marketing for OS technologies, demonstrated Inkwell in Adobe Photoshop 7, using a pen tool and his own handwriting to change the text of a banner.

Jaguar’s release will mark the debut of iChat, an instant messaging software that’s compatible with AOL’s AIM instant messaging client. “We are thrilled to be working with AOL on this,” Jobs said. “They’re even adopting some of the features we’re pioneering back into their app.”

Mac users won’t need an AOL account to tap into iChat–they can use their Mac.com name. Apple’s instant messaging program will use dialogue bubbles and photos to display messages as if they were a conversation.

Rendezvous–Apple’s proposed industry standard for dynamic discovery of computers and devices on IP–will also find its way into the Jaguar OS X update. Using Rendezvous, Macs will be able to recognize one another and share files. Jobs demonstrated the technology by playing streaming music files off the iTunes playlist of another Mac connected to an AirPort network.

“This can happen with Music. This can happen with photos. This can happen with files,” Jobs said.

Other Goodies

Jaguar promises something for everyone. On the Unix front, the update includes FreeBSD 4.4, GCC 3, IPv6 and IPSec, the CUPS printing engine, LDAP, and Kerberos full-authentication service. “Mac OS X is the best Unix platform on the desktop, and we’re going to make it better,” said Philip Schiller, Apple senior vice president of worldwide product marketing.

On the Windows front, Jaguar adds SMB browsing and sharing, built-in PPTP VPN security, and Active Directory support. Educational users will benefit from additions such as NetInstall and NetBoot, improved network management, and printer sharing “so that next school year, they can begin to adopt Mac OS X more widely,” Schiller said.

Monday’s keynote was free of any product announcements–hardly surprising, since Apple unveiled its education-friendly eMac and updated PowerBooks a week ago. But Jobs did hint at a product announcement to come. On May 14, Apple plans on introduce a rack-mount server.

The writing has been on the wall for a long time. With the release of macOS High Sierra, Apple has finally confirmed that imaging is dead.

Apple doesn’t recommend or support monolithic system imaging for macOS upgrades.

I have written a book which expands on this topic and is regularly updated. Please check it out: “macOS Installation for Apple Administrators“

Update 2019-07-16: While most of the information in this post is still relevant, I wrote a new, updated post regarding the macOS 10.15 Catalina Upgrade here: “Imaging is still dead“

The Final Nail

The final nail in the coffin for imaging is this support article: Upgrade macOS on a Mac at your institution

It states the limitations to installing and upgrading macOS with High Sierra:

the Mac being installed or updated must be connected to the internet
installations and updates cannot be done on external devices, like those connected via Target Disk Mode, Thunderbolt, USB, or Firewire
there are four supported methods of installing macOS High Sierra
- the macOS Installer application
- a bootable installer on an external drive, created with createinstallmedia
- install or upgrade from the macOS Recovery System
- a NetInstall image built with Apple’s System Image Utility

These methods are also re-iterated in this section in the macOS Deployment Reference

Some of the features have changed since this article was written. You can find an updated post for macOS 10.13.4 here.

Why?

Apple’s stated reason for requiring the installer is to ensure that a Mac’s firmware is all up to date and matches the OS installed on it.

Only the macOS Installer can download and install the firmware update. Firmware updates can’t be done on external devices, like those connected via Target Disk Mode, Thunderbolt, USB, or Firewire.

This is especially important in High Sierra, because to boot into a system on an APFS formatted (or converted disk) the Mac’s firmware needs to be able to mount and read APFS. The firmware that was installed with 10.12 or earlier is not able to read APFS volumes and. When you image a Mac with High Sierra and APFS without updating the firmware, you will get the question mark at boot, because the firmware cannot find a system.

However, the EFI, which manages (among other things) the boot process is not the only “firmware” that needs to be managed on your Mac. Many of the hardware components in your Mac, such as the SSD, the power controller (SMC) and the TouchBar controller on the new MacBooks Pro, have their own firmware that needs to be installed and updated.

Apple has been increasing the protection of the vital parts of the system and hardware. The firmware in these components cannot just be changed by any process. Only the Apple macOS Installer application has sufficient privileges and entitlements to perform these updates. The installer process has to run on the Mac itself, it cannot run over target disk mode.

Future Mac hardware might introduce even more components that require firmware.

On iOS, a secure boot chain prevents tampering with the system on a device after it has been installed. The secure boot chain also prevents replacing the system with an image from another device.

It is conceivable that Apple wants to implement a secure boot system on future Macs as well. Current Macs probably do not have the hardware required to implement this. (The TouchBar MacBooks Pro have a Secure Enclave chip like the iPhone and iPad and might already have the necessary pieces in place.)

So now what?

This has been coming for a long time. Even though APFS is not, as originally predicted, the direct culprit. It is still end-of-the-line for imaging.

However, the news is not entirely dire. Apple has been surprisingly forthright about the direction they want to go. While the documentation is a bit lacking, there are instructions on what the solutions for Mac System Adminstrators should be.

The four supported means of installing and upgrading macOS and the firmware for Macs are a clear direction of what needs to be done. https://corptorrent.mystrikingly.com/blog/terraria-mobile-free-download. However, Apple is a bit shy on how administrators can and should implement them.

There are a few options:

Put the Burden on the Users

This will work in some deployments where users are in control of their Macs. Either a full BYOD (Bring Your Own Device) scenario, or one where devices provided by the organisation are in full control of the user.

Even when the devices are enrolled in an MDM, users are still administrators and in control. Administrators can use reporting tools, to determine which Macs are capable of installing High Sierra and not upgraded yet.

You can even use reporting tools to gather information on the firmware and whether it matches the latest version.

You can then instruct users with email or notifications to download the High Sierra installer and initiate the upgrade themselves. You should warn them to have a current backup and that the process might take some time, so it should be run overnight.

If you have a software management system in place, you can use that to load the macOS Installer application on the clients and notify the user when it is ready.

The Mac App Store only downloads a “stub” installer application which is then filled in with an extra download. If you have blocked access to Apple Software Update Servers or redirected clients to a local, managed Software Update Server, clients might not get the complete installer application. Greg Neagle has a great post on this.

To save download time for the users, you can also provide USB/Thunderbolt drives with a bootable installer drive. This might speed things up a bit, though it does not really change the process.

How do we Automate this?

As system administrators we want to automate the process, so that it ideally does not require any human interaction. That way we can replicate the process hundreds and thousands of times.

Ideally, we also want to inject some custom steps into the process. Apple provides two means of achieving both of these steps, and some open source tools are providing solutions as well.

NetInstall

Long Live The King Manhua

A custom NetInstall set built with Apple’s System Image Utility is one of the supported means of installing and updating macOS (and the firmware) to High Sierra.

You can find System Image Utility in /System/Library/CoreService/Applications. You can customize the process and even add your own installer packages, scripts or profiles. Packages used in System Image Utility have to be Distribution Packages.

Since a NetInstall system is like a Recovery system, you can use scripts to control behavior of your Mac like allowed NetBoot IPs, or ‘User-Approved Kernel Extension Loading’ (UAKEL) here as well.

You can even automate the NetInstall process to a point where, once you have chosen the NetInstall volume (when holding the the option key at boot) the remaining process is without interaction. (Though this is a dangerous choice, as it might simply wipe and re-install Macs. Use the other limitation options such as by MAC address or hardware type to keep this safe.)

Long Live The King Korean Movie

NetInstall requires Mac running macOS Server. However, BSDPy can replace a NetBoot/NetInstall server and runs on many platforms, including VMs.

Note: as of 10.13.0 there still seem to be a few bugs with NetInstall on HighSierra. It works mostly but seems exceedingly slow. Also some admins have reported problems with adding mulitple packages, profiles or scripts for configuration. 10.13.1 is already in beta and seeding and you should be testing that.

NetInstall on USB

If you do not have the infrastructure to run a NetInstall or BSDPy server, you can also restore the NetInstall.dmg image that System Image Utility creates to an external drive. When mounted on a Mac, it will the High Sierra installer applications, and double-clicking it will start the proper installation process.

Any additional packages, profiles or scripts will be included with this custom external install application as well.

The `startosinstall` Command

When you already have a management system (Munki, Jamf, Filewave, etc.) you want to initiate the update process with rules or policies. At first glance the supported means of installing macOS seem to be at odds with managed client workflows, since they require user interaction.

However, there is a tool hidden inside the macOS Installer application (since macOS 10.12 Sierra) called startosinstall. The full path to the tool is

Note: I believe it was Rich Trouton who first documented this tool in his notes for WWDC 2016. Since then many admins and open source projects have worked to figure out how to use this tool in the best way.

When you run it with the --usage argument you get the following:

There is also an undocumented --nointeraction flag which can be used to run the tool without any user interaction. This is obviously useful for management systems.

Once you have used to your management system to make sure the macOS Installer application is on the client system, you can execute a script with the startosinstall command to initiate the installation process. Remember that the installation process can take a long time, so it should be initiated by the user in a Self Management portal or run during off-hours for kiosk like Macs in labs or classrooms.

The --converttoapfs [YES NO] argument allows you to suppress automatic APFS conversion on SSD Macs.

There is also a --volume argument to target the non-boot volume. However, this will only work when SIP is disabled or when you run startosinstall from a Recovery/NetInstall disk.

The --installpackage option allows you to add one or more custom packages that will be installed after the OS installation is complete. This is very useful for customization and cleanup. Packages used with startosinstall --installpackage also have to be Distribution Packages.

Note: even though the usage states that you can repeat the --installpackage argument, as of 10.13.0 ~~only the first package given will run~~the installation with fail with more than one package. Make that one package count. (Note: edited this paragraph. Thanks to Greg for clarifying.)

Tool Support

Long Live The King Ost

Munki 3 already supports the startosinstall command
Imagr will in an upcoming release
other management systems can use the startosinstall command in scripts, after ensuring the macOS Installer application is downloaded.

Is Imaging completely dead?

The imaging tools (like Disk Utility, hdiutil and asr) will work with APFS volumes. However, the support article states:

You can use system images to re-install the existing operating system on a Mac.

So when you need a workflow that requires quick re-imaging, you can use one of the supported methods to install or update the Mac (Firmware and OS) and then use monolithic (or thin) imaging over network or thunderbolt for fast restores. This is useful for scenarios where fast imaging turnaround is required, such as classrooms and labs or loaner laptop setups. However, you have to use extra care to make sure the image system version matches the version that was installed.

Going forward, I expect imaging to be less and less feasible as future Mac hardware and security features will make it harder and harder to use. The times where we could have just one image which will run on all supported Macs might be over as hardware (and the software required to run the hardware) becomes more and more fractured. Note that there is not a unified single ‘iOS’ image/installer for all iOS devices.

Summary

macOS High Sierra 10.13.0 works well for individual users. However, there still are quite a few issues that are relevant for managed deployments. There are many problems with Active Directory and Filevault, NetInstall is slow and adding multiple packages to an installation is broken. Just to mention a few.

Even though it makes sense for some deployments to hold back from High Sierra right now, you will want or have to upgrade soon.

Apple said at WWDC the iMac Pro will ship in December 2017. Its tech specs page, states it will run High Sierra. You can expect it to require High Sierra.

Also, critical security patches might only be pushed for High Sierra.

Imaging is dead. In an unusual move Apple has come right out and said it loud and clear. If you have not done so already, start testing and implementing one of the above strategies right now, so you are ready to move to High Sierra.

Read about more changes with the macOS 10.13.4 updates here.