Rixstep
 About | ACP | Buy Stuff | Industry Watch | Learning Curve | Newsletter | Search | Test Drive
Home » Learning Curve

Surviving Apple

It's possible, but there are limitations.


Get It

Try It

Most things work well enough. At least on Mojave. There are minor annoyances, but it's nothing compared to Catalina, which remains a 'no no' indefinitely.

Things go south when things go south - when you try to fix something. For your hard drive - your 'secondary storage', the general disarray on disk - is a mess.

Remember when you could delete a preferences file to restore an app to factory defaults? No more. As a guru described it to us:

'It's as if the guy doing the job stopped halfway through for lunch and never came back.'

No one knows where defaults are located anymore. You might as well be running Windows.

Worse still: no one can fathom WTF they were after. It makes no sense.

Looking through ~/Library: forget it. Apple tried to hide that directory from Finder Losers. You're talking some thirty thousand files in there. You won't know what they do, and it's likely the engineers at Apple don't know either. Whatever it is, it's not Unix - and it's no longer 'OS X'. It's a mess.

Or try looking in /var/folders. And what's that for? OK, you got preferences files in ~/Library/Preferences, you got more files in /tmp, but now you got more preferences files and temp files in /var/folders! And what's with the long paths? They used to be worse.

You got three directories in there: 0, C, and T. Clever, innit? 0 (zero) stands for who knows what, C stands for caches, and T stands for 'temporary'. And boy what a mess in there!

But don't go trying to remove that stuff! Your apps will start behaving very strangely!

We're not done yet. Try looking in /Library/Application Support and /Library/Caches and its curious subdirectory com.apple.iconservices.store (you need root for that). They're all a mess.

You've got log files too. All over the place. They're never deleted, they're never consulted. They just grow and grow. Until your hard drive is full and you need a new hard drive or you buy a new computer.

If you feel really masochistic, peek in /var/db/diagnostics, /var/db/systemstats, and /var/db/uuidtext. They're the 'universal logging and activity tracking' facility that you never use and can't turn off. Great fun, innit!

Check in /Library/Receipts and - yes, here too - /var/db/receipts. That's for all the downloaded updates you've done. You really need those files, otherwise your system thinks it's out of date. Reckon about 250 MB (yes) for all that. InstallHistory.plist has the list of everything installed. BOM and PLIST files alternate. Great fun.

Your sandboxes! Sandboxes are crucial so your apps don't communicate too much with each other like in the good old days when things were actually fun. They're located in ~/Library/Containers. Currently there are 17,000 (seventeen thousand) files there on this test system - how many do you have?

Oh right - you have no way of counting, do you? Oh well - it's a Mac, it's gotta be good!

943,586,049 bytes, 1,907,976 blocks, 638,576 bytes in XAs. In your sandbox directory.



Anyway. On to something completely different. Coping with Gatekeeper.

Let's assume you know what Gatekeeper is. Let's assume you're somewhat savvy. Perhaps a developer not limited to Swift and playgrounds. So they're finally getting to you, telling you in effect that you need their permission to run your own software on your own machine, and, in fact, you're fucking pissed.

Rather than forego the money needed to pony up for the ACP, you opt to try the free utility Keymaster Solo. Keymaster Solo promises to take away most of the Gatekeeper pain.

Tidy little window.



You tick a couple of boxes. Not all are enabled. You tick the four that are, then hit command-I. And you get this.



You won't get that on your first run, as your system will be a mess, but you get the idea.

You then click 'Go' to start, 'Stop' to stop, and close the window when you want to exit the application.

Now here's another trick. Go into the application bundle with whatever tools you have (without the ACP you're crippled in there, that's know, but do as good as you can) and find Info.plist. You'll find this in there at the top.

<key>Allowed</key>
<array>
    <string>xxApplications</string>
    <string>Desktop</string>
    <string>xxDocuments</string>
    <string>Downloads</string>
    <string>xxLibrary</string>
    <string>xxMovies</string>
    <string>xxMusic</string>
    <string>Pictures</string>
    <string>xxPublic</string>
    <string>Sites</string>
</array>

Keymaster only enables the directories it finds (in your home area) with the names listed there. So xxApplications, xxDocuments, xxLibrary, xxMovies, xxMusic, and xxPublic are disabled. Why?

They're disabled because you probably don't need them (but they're nice to have if you change your mind). They're disabled because those directories can have tens of thousands of files. If you want to enable any of them, just remove the 'xx' and launch again.

A word on how Keymaster works - the back end, that is. Keymaster uses low-level directory enumeration to find and list everything recursively in each directory you've enabled. It's fast alright - very fast - but even so.

Your best policy, moving forward, is to tick 'Desktop' and 'Downloads' and leave it at that. Things coming into Desktop might arrive from 'Containers', so they'll be tainted, and stuff you get in 'Downloads' will always be tainted (and be a royal pain in the neck).

PS.

Further Reading
Download: Keymaster Solo (199 KB)
Press Release: Rixstep's Keymaster Defeats Apple's Gatekeeper

About Rixstep

Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.

Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.

All Content and Software Copyright © Rixstep. All Rights Reserved.

CONTACT INFO:
John Cattelin
Media Contact
contact@rixstep.com
PURCHASE INFO:
ACP/Xfile licences
User/Family/Business
http://rixstep.com/buy
About | ACP | Buy Stuff | Industry Watch | Learning Curve | Newsletter | Search | Test Drive
Copyright © Rixstep. All rights reserved.