The Right OS For The Right Mac

macfamily-promo-osx-family-icon_2xA perennial topic of discussion amongst Mac system administrators is which operating system should be deployed to which Mac.  There is a mountain of misinformation floating around the community and the Internet on this topic. Here, I hope to set a few things straight.

On any particular Mac, the earliest version of OS X supported by Apple is the version that shipped with the Mac in question. Installing an earlier version of OS X will either fail to install, fail to boot after installation, or cause unexpected issues after boot. Regardless of how well the install goes or whether or not the computer boots, Apple will not support this configuration. Answers to support requests will generally amount to “install the correct operating system”. See the link below for Apple’s notes on this topic and a list of which OS X versions shipped with each Mac computer (note, as of this writing, the chart has not been updated to include 2013 iMac models).
http://support.apple.com/kb/HT1159

An Open Secret

It is widely held in the Mac sysadmin community that once Apple releases a new version of OS X, this new version includes the software components necessary to support the new OS X version on earlier hardware.

There are two situations in which this generally applies.

  1. An OS X installation that has had an update applied bearing the suffix “(Combo)”, as in “OS X Mountain Lion Update v10.8.5 (Combo)”, will usually support all hardware released prior to the update that meets the system requirements for the major OS X release, OS X Mountain Lion v10.8 in this example.
  2. The apps “Install Mac OS X Lion.app”, “Install OS X Mountain Lion.app” and soon, “Install OS X Mavericks.app”, from the Mac App Store will install OS X on any Mac computer released prior the latest update to the OS X installer app used.

I call this an “open secret” because you will find nothing in Apple’s documentation to support this claim, however it is generally correct.  I say “generally correct”, because occasionally it isn’t, particularly when hardware and OS X releases come close together.

The only 100% certain way to ensure an OS X installation is appropriate for and supported on a Mac computer is to use the OS X installer supplied by Apple for the computer in question, which includes a factory-installed Recovery System (Recovery HD) and OS X Internet Recovery.  See the link below for Apple’s explanation of OS X Recovery:
http://support.apple.com/kb/HT4718

OS X Hacking

There are those in the community who, for various reasons, hack new releases of OS X, and insert components from the new release into a previous release in an effort to run an earlier operating system than Apple intended or supports on a particular Mac.  The people doing this are clever and deserving of “geek cred”, but I would never recommend using such a hacked distribution in a production environment.

Running a “hacked operating system” may run afoul of the organization’s operating rules either self-imposed or legally required.  Even in the absence of such restrictions, my recommendation stands.  Vendor support is a key component in service level agreements.  If you choose to deploy an OS with unsupported modifications, you are ultimately personally responsible for every system failure.  This is not a position I want to be in or that I recommend you place yourself in.

Understanding New Software With Old Batteries

batteriesI’ve come across lots of tweets, blog posts, and in-person comments regarding battery life on older devices after having upgraded to iOS 7.  While I know many people simply enjoy complaining, perhaps a dose of knowledge will help ease misguided anger.

There are two primary factors in the degradation of lithium-ion batteries.  The first is charge cycles. Apple rates iPhone batteries at 400 charge cycles.1 An iPhone battery that has been recharged more than 400 times will experience decreased performance. Second, these batteries have an expiration date. The useful life of a lithium-ion battery is two to three years, even if it goes through zero charge cycles.2 The battery in an iPhone 4s purchased at launch in October 2011 has likely reached the end of its usable life.

iOS 7 was launched alongside new iPhone models with improved batteries. New, more power-intensive features were likely developed with the new battery technology in mind. Older devices not only have previous generation battery technology, but those batteries are approaching, if not already past, their usable life cycle.

If you’re not ready to upgrade your device, but your battery has exceeded its usable life in charge cycles, age, or both, You can purchase a new battery at an Apple Store or Apple Authorized Service Provider.

1: http://www.apple.com/batteries/iphone.html
2: http://electronics.howstuffworks.com/everyday-tech/lithium-ion-battery2.htm

Resetting AirPlay

AirplayIconI have been having occasions lately where I’ll lose audio whilst using AirPlay mirroring from my Mac running OS X version 10.8.4 to my Apple TV running the latest Apple TV Software, version 5.3.  When this issue occurs, audio from iTunes, Hulu, Netflix, etc. on the Apple TV plays audio normally, as does AirPlay content from an iOS device.  It seems to be only OS X devices that are affected.  Searches of Apple support forums and other places Mac nerds share information showed that this is not an issue peculiar to my equipment.

I have reported the issue to Apple, as I’m sure others have, and will continue to investigate on my own to see if I can uncover a specific cause and more finely tuned fix.  In the meantime, forcing Core Audio on the Mac to restart seems to solve the problem, at least temporarily.  Use the following command to stop Core Audio, which will then automatically restart.

sudo killall coreaudiod

I’ve also bundled this into an Automator application, if that makes things a bit easier for some.  It will prompt for administrative credentials when launched.

Download Restart coreaudiod

Note: Restart coreaudiod is provided “as is” without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability, or fitness for a particular purpose.

 

Deploying OS X Configuration Profiles Without MDM

mobileconfigI was recently in a conversation with someone who needed to deploy configuration profiles to OS X clients, but they did not have the ability or authority within their organization to open the network ports required to implement a Mobile Device Management (MDM) solution.  This post describes how to install configuration profiles with an installer package.

The first step is to create and export your configuration profile as a .mobileconfig file.  These files can be created on a computer running OS X Server, using Profile Manager.  For more details on creating and downloading configuration profiles, see Apple’s Profile Manager Help documentation.

Once you have the .mobileconfig file, you’ll want to create a package that will deploy this file to a known location on your client systems.  I recommend a folder in the root Library named for your organization such as…

/Library/myOrg

For instructions on creating packages, refer to the documentation for your favorite package building tool.  My favorite is Composer.

Simply deploying the .mobileconfig file to this location won’t install it.  Apple provides a command line tool called profiles.  The profiles command can be used as part of a postinstall script included in the package that deploys the .mobileconfig file.  Below, find the two lines to include in this script…

#!/bin/bash
/usr/bin/profiles -I -F "/Library/MyOrganization/Company Wi-Fi.mobileconfig"

 

If the .mobileconfig profile should be deleted once installed, the following command can be added to a third line in the script…

rm "/Library/MyOrganization/Company Wi-Fi.mobileconfig"

 

Of course, “/Library/MyOrganization/Company Wi-Fi.mobileconfig”  should be replaced in each command with the quoted path to the .mobileconfig file deployed by the package.

I hope this is helpful.

Email to SMS Gateways

System administrators may find themselves wanting to send SMS messages to mobile devices for a variety of reasons, such as sending over the air enrollment invitations to devices to be enrolled with the Casper Suite. Many carriers, though certainly not all, employ an SMS gateway that allows email messages to be received by the carrier’s gateway and in turn transmitted to devices as SMS messages. In some cases, MMS messages are supported as well.

Addressing a mobile phone number through one of these gateways is accomplished by sending an email to @. For example, a Verizon Wireless phone with the number 212-555-1212 can receive SMS messages at the email address 2125551212@vtext.com.

Below, find listed the SMS gateway domains I have been able to find for official iPhone carriers. Where I’ve been able to find the pertinent information, I have noted carriers with special considerations, such as an activation process. The note “difficulties reported” indicates domains that are frequently referenced as not working. If your carrier isn’t listed below, I recommend contacting their customer service line to find out if they offer an SMS gateway. if they do, ask for the domain name and whether activation is required. If you discover any domains not listed below, I’d appreciate a comment on this article so I can update it for future reference.

Carrier Domain Country
AT&T (SMS) txt.att.net United States
AT&T (MMS) mms.att.net United States
Boost Mobile myboostmobile.com United States
C Spire cspire1.com United States
Cricket sms.mycricket.com United States
MetroPCS mymetropcs.com United States
Sprint messaging.sprintpcs.com United States
T-Mobile tmomail.net United States
U.S. Cellular email.uscc.net United States
Verizon Wireless (SMS) vtext.com United States
Verizon Wireless (MMS) vzwpix.com United States
Virgin Mobile vmobl.com United States
Telstra onlinesms.telstra.com
• Note the absence of .au
Australia
Optus optusmobile.com.au Australia
Vodafone Service not offered Australia
Bell txt.bell.ca Canada
Fido fido.ca Canada
Koodoo msg.koodomobile.com Canada
MTS text.mtsmobility.com Canada
Rogers pcs.rogers.com Canada
Sasktel sms.sasktel.com Canada
Telus msg.telus.com Canada
Virgin Mobile vmobile.ca Canada
3 three.co.uk United Kingdom
EE mms.ee.co.uk
• Difficulties reported
United Kingdom
O2 mmail.co.uk
• Include +44
• Must activate by texting “EMAIL” to 2020
United Kingdom
Orange omail.net
orange.net
• Difficulties reported
United Kingdom
T-Mobile t-mobile.uk.net
• Include leading “0” in number
• Must be activated via customer service line or account web portal
• May not be functioning since joining EE alliance
• Unverified
United Kingdom
Vodafone vodafone.net United Kingdom
O2 o2online.de
• Use leading 0
Germany
Telekom (T-Mobile) t-d1-sms.de
• Use 12 digit number, leading 0
t-mobile-sms.de
• Use 11 digit number
Germany
Vodafone vodafone-sms.de
• Use leading 0
Germany
Orange search ongoing France
SFR sfr.fr France
Bouygues Telecom mms.bouyguestelecom.fr
• Difficulties reported
France
Virgin Mobile search ongoing France
Free search ongoing France
1010 csl1010.com Hong Kong
Three sms.three.com.hk Hong Kong
Broadway search ongoing Hong Kong
Fortress search ongoing Hong Kong
one2free search ongoing Hong Kong
SmarTone search ongoing Hong Kong
Wilson Communications search ongoing Hong Kong
Softbank username@softbank.ne.jp
• Note username is used, not phone number
Japan
Mobily Gateway not offered Saudi Arabia
STC Support did not respond Saudi Arabia

IPSW File Primer

ipswBecause I have been asked a few times, here’s some basic information about IPSW files used by iOS devices for a short Friday post.

IPSW files (iPod Software) are the files used by iTunes, Apple Configurator, and Xcode to restore or update an iOS device’s firmware.  This includes the iOS operating system and the built-in apps.  These files are compressed archives and can be downloaded manually from Apple’s iOS Dev Center, or automatically using iTunes or Apple Configurator.  Once updated, there is no Apple-supported method for downgrading iOS on a device.

There is a different .ipsw file for each iOS version and device model.  For example, an iPhone 5, iPad Mini Wi-Fi, iPad Mini Wi-Fi + Cellular, and a 4th Generation iPod Touch can all run iOS 6.1.2, but they will each use a different .ipsw file to install the iOS system software.

Looking at the name of an .ipsw file, we can learn all we need to know about its contents.  For example, an ipsw file called…

iPod4,1_6.1.2_10B146_Restore.ipsw

…is for a 4th Generation iPod Touch, as indicated by “iPod4,1”, which is known as the model identifier for this product. After the first underscore, we find the commonly used version number of the iOS software contained within – in this case, 6.1.2.  Next, we find the build number, or developers’ detailed version number – in this case, 10B146. After the final underscore, we see “Restore.ipsw” which is the common suffix for every .ipsw file.

Mordac the Preventer is Dead

Dilbert.com

The title of this post refers to a character from the Dilbert comic strip by Scott Adams. Mordac is a systems administrator whose “demeanor suggests he simply takes pleasure using his management and technical powers to make the users of “his” systems suffer. This sort of system administrator has long been accepted or even the norm in enterprise IT departments while at the same time being the bane of end users’ existence.

Practitioners of this style of administration are living on borrowed time, unless they change their attitudes.  Systems that lock, block and prevent users from doing things generally create minimal, if any, value and can cause severe hindrances to productivity and morale.

In most organizations, IT is an expense and distraction from the organization’s goals which tend to be things like making money or educating people.  As such, it is in IT’s own best interests to support the success and efficiency of those who contribute to the organization’s primary goals.  When a “Mordac” controls the user experience,  and the standard answer to questions users pose about new and innovative products and workflows is “no”, there are only a few outcomes, none of which are ultimately good.  Assuming the users comply with the denial, the organization may be missing out on increased efficiency and/or competitive advantage.  More likely though, the users will do as they like anyway, potentially exposing sensitive data, or simply getting the job done better without IT.  Either way, IT is far from the hero in this scenario.  I have lost count of the number of times I have visited an office and found the computer issued by the organization sitting in the corner, powered down and the employee working away on a personal laptop.  When asked about the organization’s computer, the usual answer is something like “I can’t use the [expletive deleted] thing, IT is too restrictive”.

Be proactive.  Enter a dialog with the end users.  Have them define their needs as well as wants.  So long as they serve the organization’s goals and don’t run contrary to any legal requirements imposed on the organization, do your best to fulfill them.  When you can’t, let the users know why.  They may have influences you don’t and can help overcome obstacles.  If a particular obstacle can’t be overcome, at least they know you tried and that you’re on the same team.