8 Replies
      Latest reply on Jun 10, 2015 8:21 PM by meredith_corp
      rtrouton Level 1 Level 1 (0 points)

        ADC account will now cover Mac, iOS and watchOS

        One ADC membership covers all - $99/year


        iOS 9 will take up 1.3 GBs of space. OS updates will automatically download overnight.



        iOS app-slicing - Developer submits an app to the App Store, App Store will deliver to the device only the component parts of the app that the device can use. Don't have the fast CPU on the device? App Store will leave out the fast-CPU dependent parts of the app.



        iOS passcode are now going from four digits by default to six.



        System Integrity Protection


        • Protects system files
        • No installing in system locations
        • Protects system processes
        • For developers, streamlined developer workflow to accommodate System Integrity Protection.
        • Utility available in the Recovery partition to disable System Integrity Protection.






        • Use the standard networking frameworks
        • Avoid IPv4-specific APIs
        • Avoid hard-coding addresses in apps




        Improved right-to-left language support, important for languages like Arabic or Hebrew.


        Improved link support in iOS 9. Click on a link will open up the appropriate native app.


        - For example, if someone emails you a link pointing to Twitter, the link will open in the Twitter app rather than Safari.



        On OS X, links like these will still open in Safari.







        iCloud drive


        • iOS getting an iCloud Drive app
        • Allows browsing of iCloud Drive folders and directory structure (created on OS X.)



        Swift 2



        • OSI-approved permissive license
        • Available later this year
        • Outside code contributions will be accepted



        Swift in Xcode 7



        • Revamped Swift migrator - will move your code from Swift 1 to Swift 2
        • Rich comments in Swift - uses Markdown, can add images and links.



        Swift Testing in Xcode 7



        • Unit testing
        • User Interface Testing
        • Code Coverage
        • Re: WWDC Platforms State of the Union Notes
          eng Level 1 Level 1 (0 points)

          Several intersting thoughts.


          Apple Configurator 2.0 might be a game changer in shared use/education environments. sToken support / DEP


          OS X Server 5 is OS X agnostic - supports both 10.10.4 and 10.11.0


          Looks like there is a new profile for hidden service/admin accounts. This will be very interesting.

          • Re: WWDC Platforms State of the Union Notes
            rtrouton Level 1 Level 1 (0 points)

            Interestingly, it looks like you can still modify files and folders within /System/Library/User Template. I just verified that I could successfully use the following command with root privileges:


            touch "/System/Library/User Template/English.lproj/Desktop/test.txt"


            I then created a new user account and verified that a text file named test.txt was on that new account's Desktop.

              • Re: WWDC Platforms State of the Union Notes
                eng Level 1 Level 1 (0 points)

                That makes me sad.

                • Re: WWDC Platforms State of the Union Notes
                  bruienne Level 1 Level 1 (0 points)

                  There appear to be couple of things at play regarding rootless mode:


                  /System/Library/LaunchDaemons/com.apple.rootless.init.plist - Calls /etc/libexec/rootless-init (registers with XPC?)

                  /System/Library/Sandbox/rootless.conf - Configures the system locations to sandbox - an asteriks or name in the first column appears to override this globally or by executable name

                  /System/Library/Sandbox/rootless.compat - Whitelisted executables? Legacy?

                  /System/Library/Sandbox/com.apple.xpc.launchd.rootless.plist - XPC authorizations config


                  The one tool that can enable and disable rootless mode right now is on the Recovery partition under /System/Library/CoreServices/Security Configuration.app. It reboots the Mac immediately after applying the configuration change (it calls shutdown -r now).


                  This appears to write a non-removable key (as far as I've been able to determine so far) named "csr-active-config" which the Security Configuration tool writes to. Notable is that this also appears to affect single user mode - I was not able to make any changes to protected system locations with rootless mode enabled while in SUM. Disabling rootless mode made modifications possible. As far as the "non-removable key" goes: it appears the csr-active-config nvram key is not easily removed using the nvram command. In testing from a Recovery mode Terminal I was able to completely clear all keys except for this one (nvram -c). The key remained with its current configuration set. I am not quite sure yet how the nvram key and rootless-init are connected.


                  Curious to hear what others have found.




                    • Re: WWDC Platforms State of the Union Notes
                      eng Level 1 Level 1 (0 points)

                      /System/Library/LaunchDaemons com.apple.rootless.init.plist


                      There's also a LaunchD located above.




                      New SIU framework that I haven't delved into.




                      Showed Rich this earlier. Return of the Apple Server?


                      /System/Library/CoreServices/Security Configuration.app

                      /System/Library/CoreServices/Security\ Configuration.app/Contents/MacOS/Security\ Configuration


                      You can run this binary without going into the Recovery Partition, however there are not any CLI options.




                      New bundle for XProtect

                  • Re: WWDC Platforms State of the Union Notes
                    chilcote Level 1 Level 1 (0 points)

                    Interestingly, it seems that if you upgrade a system to 10.11 from 10.10, any binaries installed in "protected" directories continue to work.  Maybe they are whitelisting on the fly?