L'ancien alcoolique qui se promène avec une bouteille de vin

Une ancienne personne alcoolique qui est réellement devenue sobre ne sortira jamais dans la rue avec une bouteille de vin, même si c’est de la piquette et que son bouchon est fermé. Elle sait que personne ne la croira lorsqu’elle dira qu’elle n’a pas rechuté. Et si elle ne se ment pas à elle-même, elle sait sa guérison fragile et la rechute tellement tentante et facile. Un ancien alcoolique qui se promène avec une bouteille de piquette est une personne qui est prête à faire douter les personnes qui ont souffert de son vice.

Privileges.app and time-limited admin

Privileges is an open source tool from SAP which helps folks manage admin rights for their account. As part of its feature set, it includes an option for time-limited admin using a specific function called Toggle privileges.

Privileges dock toggleon

Privileges dock toggleon20

However, Toggle privileges’s time-limited admin feature for Privileges is its most misunderstood feature. The reason is that while the ability to set a time limit is only available if you’re using the Toggle privileges function, many users assume that this time-limited admin is available universally to all the functions used to get admin rights using the Privileges app.

It is not. Time limited admin is only available using the Toggle privileges function. If you’re not using the Toggle privileges function, there is no time limitation and you cannot set one from within the Privileges app.

This information is available in the Privileges FAQ:

Screen Shot 2022 07 22 at 10 05 50 AM

What does this mean?

  1. The only way time-limited admin is currently working on Privileges is by using the Toggle privileges function.
  2. If you are clicking on the icon in the dock and not selecting the Toggle privileges function, there’s no time limit.
  3. If you’re using the PrivilegesCLI command line tool, there is no time limit.

How long do you have admin if you’re not using the Toggle privileges function? Admin rights are granted until some process (like running Privileges again) takes them away. There’s no time limit.

All of the Privileges management options available for time-limited admin at this time apply only to the Toggle privileges function. If you’re using any of the management settings options listed below, they apply only and exclusively to the Toggle privileges function:

  • DockToggleTimeout
  • DockToggleMaxTimeout

They will not manage time-limited admin for any of Privileges’ functions outside of using the Toggle privileges function.

What if you want time-limited admin outside of using the Toggle privileges function? You will need to use a separate mechanism. In my case, I usually point folks towards using PrivilegesDemoter:

https://github.com/sgmills/PrivilegesDemoter

This tool uses a separate mechanism for figuring out the timing and then uses the PrivilegesCLI command line tool to take away admin when the time limit set for PrivilegesDemoter expires.

J'ai un compte Facebook bordel !

Je sais, ça n’a pas de sens. Je quitte Twitter alors qu’Elon rate sa tentative de rachat, et en parallèle je crée un compte sur le réseau social que j’abhorre. J’ai pesé le pour et le contre. Au final, j’ai fini par m’y résoudre : j’ai donné mes quelques données personnelles pour pouvoir être connecté à mes centres d’intérêt, comme les groupes de musique. C’est sale, mais tant pis. Et pour Twitter, je suis partagé : d’un côté Musk a raté son rachat, mais d’un autre côté la plateforme ne me manque pas vraiment.

Specifying shell commands to run when opening new Terminal windows from macOS’s Terminal settings

As a follow-up to a previous post, as part of that post I had been running certain shell commands by adding them to a .zshrc file:

With some additional research, I learned that I could also run these commands using the Run command function which is available in your Terminal settings under the Shell tab.

Screen Shot 2022 07 15 at 11 17 29 AM

To replicate what I wanted, I had to enable the Run command option in the Shell tab, then also set Run inside shell. Once those were enabled, I added the following shell commands:

export PS1="\$ " && unset zle_bracketed_paste && clear
  • export PS1=”\$ “: Sets the prompt to only display “$” (no quotes) using the PS1 environmental variable.
  • unset zle_bracketed_paste: Disable the zsh shell’s bracketed paste feature.
  • clear: Removes all contents (including running the commands listed above) from the Terminal window.

The reason why this is nice is that I can now add running these commands to a macOS configuration profile using the CommandString key:


<key>CommandString</key>
<string>export PS1="\$ " &amp;&amp; unset zle_bracketed_paste &amp;&amp; clear</string>

view raw

gistfile1.txt

hosted with ❤ by GitHub

To see this used in context in a macOS configuration profile, please see below the jump.

The following profile sets the following settings:

  • Font: Monaco 18 point size

Additional settings:

  • Terminal prompt should not show the hostname or the logged-in user.
  • Zsh’s bracketed paste feature is disabled


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"&gt;
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadContent</key>
<dict>
<key>com.apple.Terminal</key>
<dict>
<key>Forced</key>
<array>
<dict>
<key>mcx_preference_settings</key>
<dict>
<key>Default Window Settings</key>
<string>Documentation</string>
<key>Startup Window Settings</key>
<string>Documentation</string>
<key>Window Settings</key>
<dict>
<key>Documentation</key>
<dict>
<key>CommandString</key>
<string>export PS1="\$ " &amp;&amp; unset zle_bracketed_paste &amp;&amp; clear</string>
<key>Font</key>
<data>YnBsaXN0MDDUAQIDBAUGBwpYJHZlcnNpb25ZJGFyY2hpdmVyVCR0
b3BYJG9iamVjdHMSAAGGoF8QD05TS2V5ZWRBcmNoaXZlctEICVRy
b290gAGkCwwVFlUkbnVsbNQNDg8QERITFFZOU1NpemVYTlNmRmxh
Z3NWTlNOYW1lViRjbGFzcyNAMgAAAAAAABAQgAKAA1ZNb25hY2/S
FxgZGlokY2xhc3NuYW1lWCRjbGFzc2VzVk5TRm9udKIZG1hOU09i
amVjdAgRGiQpMjdJTFFTWF5nbnd+hY6QkpSboKu0u74AAAAAAAAB
AQAAAAAAAAAcAAAAAAAAAAAAAAAAAAAAxw==</data>
<key>FontAntialias</key>
<true/>
<key>FontWidthSpacing</key>
<real>1.004032258064516</real>
<key>Linewrap</key>
<true/>
<key>ProfileCurrentVersion</key>
<real>2.0699999999999998</real>
<key>name</key>
<string>Documentation</string>
<key>type</key>
<string>Window Settings</string>
</dict>
</dict>
</dict>
</dict>
</array>
</dict>
</dict>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>E7623CA6-76D7-4A3A-B35D-B1007986282A.terminal.profile.settings.40F1AB26-EAE7-4589-8101-72A4AC0C2015</string>
<key>PayloadType</key>
<string>com.apple.ManagedClient.preferences</string>
<key>PayloadUUID</key>
<string>40F1AB26-EAE7-4589-8101-72A4AC0C2015</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>This configuration profile installs the Documentation Terminal profile and sets it as the default Terminal profile.</string>
<key>PayloadDisplayName</key>
<string>Sets Documentation Terminal profile</string>
<key>PayloadIdentifier</key>
<string>Documentation.41423E4C-72C8-48D1-BE24-734B62D7F77F.terminal.profile.settings.</string>
<key>PayloadOrganization</key>
<string>Company Name</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>E7623CA6-76D7-4A3A-B35D-B1007986282A</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

Customizing Terminal behavior for documentation needs

As part of writing documentation today, I was given a script to follow when making some videos as part of the documentation process. The script included the following requirement:

  • Prepare the Terminal to not show the hostname or the logged-in user

By default, Terminal in macOS Monterey will show both. How to get rid of this?

Screen Shot 2022 07 14 at 3 27 15 PM

Fortunately for me, @scriptingosx had already documented how to do this as part of this post. You can use the PS1 environmental variable to set how your prompt appears in Terminal. After some experimentation, I set the following environmental variable:

PS1="\$ "

To have this prompt appear whenever I opened a new Terminal session, I added the following line to a newly-created .zshrc file in my home folder:

export PS1="\$ "

The .zshrc file is a configuration file for the zsh shell, so adding that and then opening a new Terminal window gave me a prompt which looks like this.

Screen Shot 2022 07 14 at 3 07 10 PM

As part of making the videos, I also noticed that when I copied and pasted a command into the Terminal that the pasted text was highlighted automatically. I’d seen this before and ignored it, but I thought it might be an unnecessary distraction for those watching this video later, so I went looking for how to disable it.

Screen Shot 2022 07 14 at 3 14 30 PM

After some research, I found that this was zsh’s “bracketed paste” feature, which was introduced as part of zsh 5.1. This feature can be turned off using the following command:

unset zle_bracketed_paste

Screen Shot 2022 07 14 at 3 15 20 PM

Adding entries for both the prompt and turning off bracketed paste to my .zshrc file gave me the Terminal behavior I wanted:

export PS1="\$ "
unset zle_bracketed_paste

Screen Shot 2022 07 14 at 3 19 14 PM

I also performed additional customization of my Terminal experience, but those modifications were managed using a configuration profile. For more details on that, please see this previous post:

https://derflounder.wordpress.com/2019/12/19/deploying-terminal-profile-settings-using-macos-configuration-profiles/

Beauvais Ryanair, la bétaillère humaine

Quelque part en France, il existe une région où les familles sont éleveurs depuis des générations. Cette région est tellement fière de son héritage culture qu’elle a créé un temple dédié à l’élevage du bétail. Dans ce lieu de culte, perdu au milieu des champs, tout est fait pour exploiter au maximum les innocentes bêtes qui s’y accumulent et ignorent le funeste destin qui les attend. Ce temple, c’est l’aéroport de Beauvais.

L'hypocrisie de l'appel au retrait de TikTok des App Store

John Gruber soutient les politiques américains qui disent que TikTok devrait être retiré des App Store pour des raisons de sécurité nationale, parce que « rien n’empêche le gouvernement chinois d’accéder aux données des Américains ». Le problème, c’est que cela ne fonctionne pas que dans un sens. Je me demande quelle est sa position par rapport à Twitter, Facebook, Instagram et leur présence dans d’autres pays du monde. Les autres pays devraient-ils bannir ces plateformes au nom de la sécurité nationale ?

Removing unwanted Time Machine backups from APFS-formatted Time Machine backup drives on macOS Monterey

I recently needed to prune some Time Machine backups, where I wanted to manually delete some older backups while not deleting everything on the drive. When I researched this, the guidance provided used the procedure described below:

  1. Connect your external backup drive to your Mac if needed.
  2. Launch the Time Machine app.
  3. Use the timeline on the right of the screen or the arrows to navigate to the backup date you want to delete. Alternatively, use the Finder window to navigate to the file or folder you want to delete.
  4. After selecting the date or file you want to delete, click the Action () button in Finder and choose to either Delete Backup or Delete All Backups of [Your File]

For an HFS+ formatted Time Machine backup drive, this guidance is correct. However, my Time Machine backup drive is APFS formatted. When following this guidance, I ran into the following issue:

  1. Connect your external backup drive to your Mac if needed.
  2. Launch the Time Machine app.
  3. Use the timeline on the right of the screen or the arrows to navigate to the backup date you want to delete. Alternatively, use the Finder window to navigate to the file or folder you want to delete.
  4. After selecting the date or file you want to delete, click the Action () button in Finder.

With APFS-formatted Time Machine backup drives, only the option to restore files is available. The Delete Backup or Delete All Backups options are not available.

Screen Shot 2022 07 01 at 3 17 34 PM

So how can unwanted Time Machine backups be manually deleted? For more details, please see below the jump.

You can remove unwanted backups using either the Finder, or by using the tmutil command line tool.

To remove unwanted backups using the Finder, use the procedure described below:

1. Connect your external backup drive to your Mac if needed.
2. Open a new Finder window and select the backup drive.

You should see your backups listed in the Finder window.

Screen Shot 2022 07 01 at 1 48 37 PM

3. Select the backup you want to delete and click the Action () button in Finder.

Screen Shot 2022 07 01 at 4 00 55 PM

Note: You can also control-click on the desired backup to access the same options.

Screen Shot 2022 07 01 at 1 48 50 PM

4. Select the Delete Immediately… option.

5. When prompted to confirm, click the Delete button.

Screen Shot 2022 07 01 at 1 48 58 PM

Once confirmed, the backup should be deleted and disappear from the Finder window.

Screen Shot 2022 07 01 at 1 49 21 PM

To remove unwanted backups using the tmutil command line tool, use the procedure described below:

1. Connect your external backup drive to your Mac if needed.

2. Open a Terminal window and run the following command:

tmutil listbackups

Note: You may be prompted to grant full disk access to the Terminal in order to run this command.

Screen Shot 2022 07 01 at 3 06 39 PM

Screen Shot 2022 07 01 at 3 07 32 PM

3. Identify the backup you want to delete. For this example, we’re using the following backup:

2022-07-01-154751.backup

Screen Shot 2022 07 01 at 4 26 21 PM

To delete the backup using the tmutil command line tool, you need two items of information:

  1. The path to the drive it is stored on.
  2. The time stamp of the backup.

The path to the drive is going to depend on what the drive is named. In this example, the name of the drive is Backup so the path name should be as shown below:

/Volumes/Backup

The time stamp of the backup is going to be the name of the backup prior to the .backup part of the name. In this example, the backup is named 2022-07-01-154751.backup so the time stamp should be as shown below:

2022-07-01-154751

Screen Shot 2022 07 01 at 4 26 30 PM

4. Once you have the path and time stamp, run the command shown below with root privileges to delete the backup:

tmutil delete -d /path/to/backup/drive -t timestamp_of_backup

You’ll need to provide the path and time stamp information using tmutil‘s -d flag for the path and the -t flag for the time stamp. For our example, where the path is /Volumes/Backup and the time stamp is 2022-07-01-154751, you would run the command shown below with root privileges to delete the backup:

tmutil delete -d /Volumes/Backup -t 2022-07-01-154751

The specified backup should be deleted.

Screen Shot 2022 07 01 at 4 32 51 PM

5. Run the command shown below to verify that the backup has been removed:

tmutil listbackups

Screen Shot 2022 07 01 at 4 34 48 PM

This post is focused on using Time Machine’s own tools to manage Time Machine backups, but you can also access and delete Time Machine APFS snapshots using Disk Utility on macOS Monterey. For more information on this, please see Howard Oakley‘s post linked below:

https://eclecticlight.co/2021/11/09/disk-utility-now-has-full-features-for-managing-snapshots/

Session videos from MacDevOps YVR 2022 now available

The MacDevOps YVR folks have posted the session videos for from MacDevOps YVR 2022, including the video for my Managing Admin Rights in the Enterprise session.

For those interested, all of the MacDevOps YVR 2022 session videos are available on YouTube.

For convenience, I’ve linked my session here.

Videos from Penn State MacAdmins Campfire Sessions 2022

The good folks at Penn State have been posting session videos from the Penn State MacAdmins Campfire Sessions to YouTube. As they become available, you should be able to access them via the link below:

I’ve linked my Leveling Up – Managing admin rights in the enterprise session here: