Mavericks is for free!

I was pleasantly surprised when I realized Apple is releasing Mac OS 10.9 Mavericks for free. That is not the only good news, Apple will be releasing iLife and iWork for free for people buying new systems.

As I see it, Apple wants all it’s customers to use the latest version of the OS. I can break down the advantages into 3 categories.

Mac guys still dislike Microsoft!

Mac guys still dislike Microsoft!

Apple
Apple is diverging into different product markets. I don’t think Apple has the manpower at its disposal to work on all the products. This year there were news around, that Apple had moved developers from OS X team to work on iOS, so that iOS releases on time.

If all or most users migrated to a fixed version of OS Apple can reduce the size of development team needed to work on support activities for older version of OS like Snow Leopard (10.6), Lion (10.7) and Mountain Lion (10.8). This would free up developers to work on development of newer products.

Apple plans to use free OS updates to coax people to upgrade to newer version of the OS.

How will it affect Apple’s bottom-line?
It will end up working out well for an Apple. Apple is a unique PC maker in that they make both software and hardware. Apple is already releasing iOS updates for free and I think there are more benefits providing free updates and Apple can manage it.

Developers
How often have you written a piece of code in ifdef‘s because your application was meant to run multiple versions of the OS. At least I have had to write it quite frequently. Cocoa is a dynamically growing Framework. Every year a new version of Mac OS or Xcode releases new API’s are added and some older ones are deprecated. More often than not most companies prefer having single code base for an application for ease of development and support. This just leaves developers without much of an option, ifdef is the only option.

Just take look at the number of people using Windows XP (release date: August 24, 2001). There have been three major OS release since Windows XP and most companies still provide support for Windows XP.

Both Windows XP and Snow Leopard have sizable market share and any developer would not want to ignore the market.

End Users
Real winner is the end-user. Imagine getting new version of the OS every other year for free!

All in all I think it is a great move. Similar to Kid Rock charging 20$ for concert tickets.

Now the pressure will be on Microsoft and other proprietary OS maker to provide free upgrades to the user! But I don’t expect them to follow suite. Microsoft is not a hardware manufacturer and cannot afford to release either MS Office suite or Windows OS for free. Personally I believe, I deserved a free upgrade from Windows Vista to Windows 7.

Opinion Poll Link

Mountain Lion Signing packages

The intention of this blog is to guide you through signing of the packages(pkg) or installer for Mac OS X 10.8 (Mountain Lion). There are different ways to make installer for Macintosh and one of the most preferred way is to use PackageMaker. PackageMaker is an application released by Apple for making installer. It’s pretty easy to do basic things with PackageMaker but customized things aren’t very easy to do. The problem being there is very little useful documentation from Apple.

Coming back to task at hand, We need to sign our package using Apple’s Developer ID Installer Certificate for the Gatekeeper to allow the installer to run. There are two simple steps.

Step 1: Create a normal (unsigned) installer using either the UI or the command-line version of PackageMaker

Step 2: Use productsign to sign the Package

Usage: productsign [options] –sign identity input-product-path output-product-path

This would work as long as the installer is of PKG format (flat). Signing of MPKG format is not supported.

Properly Signed Installer

Properly Signed Installer

Avoid using any of these methods.

1. Signing the Package using PackageMaker’s UI

2. Signing the Package using PackageMaker’s command line tool

Incorrectly signed installer

Incorrectly signed installer

If you compare the incorrectly signed installer image with the correctly signed installer image, you would find one difference. Incorrectly signed installer does not have Developer ID Certification Authority certificate. Without this certificate the Gatekeeper cannot verify the signed installer and hence rejects it. The problem is with PackageMaker, it doesn’t add the Developer ID Certification Authority certificate while signing the installer.

Exporting Apple Developer Certificate

According to Apple only an Agent can generate and download the developer certificates. Once the certificates are installed in a machine it can be shared with other users. KeyChain Access application has a simple feature for exporting the certificates.

Steps involved in exporting the Apple Developer Certificates.
1. Go to “/Applications/Utilities/” and Launch Keychain Access.app
2. Click on the “Certificates” Tab

3. Select “Developer ID Installer: My Company” certificate.
4. Right Click on the certificate and select Export “Developer ID Installer: My Company”

5. A dialog would appear select Personal Information Exchange (.p12) format and give the certificate an identifiable name. By default the new certificate will be saved in Documents folder.

6. Keychain Access application would ask for a password. Enter a password, this password would be asked when you try to install the certificate on the other machine. So remember the password!

Your certificate would have been exported to the selected folder (By default the “Documents” Folder). Repeat the same steps to export “Developer ID Application: My Company.

While exporting Developer ID Certification Authority certificate Keychain Access access would not ask for the password and the File Format should be Certificate (.cer).

Installing the certificate
Double click on the exported certificate. Keychain Access application will launch and display a dialog asking for the password. Enter the password set in step 6.

That is it for this post! You now know to export and install Apple Developer certificate.

Splitting and joining files in Macintosh and Linux

There are lots of tools available on PC (Windows) for splitting and joining files. There are very few available on Macintosh and Linux. But on Macintosh and Linux we don’t really need a separate tool for splitting and joining files the OS comes with one for us.

Splitting and joining files are pretty straight forward. There are two simple command line tools to do it. In this entire exercise we will be using only 3 command line tools.

1. Change Directory.

cd – change the current working directory to a specific Folder.
SYNOPSIS
cd [-L | -P] [directory]

2. Splitting the File.

split — split a file into pieces
SYNOPSIS
split [-a suffix_length] [-b byte_count[k|m]] [-l line_count]
[-p pattern] [file [name]]

3. Joining the File.

cat — concatenate and print files
SYNOPSIS
cat [-benstuv] [file …]

Lets get down to business and start splitting the file.

File Split
I didn’t have any big file to try the commands on. So I compressed Google Chrome application.

Created Google Chrome Zip File

Get into the folder containing the huge file using cd (change directory) command

cd path/to/the/folder/containing/file
split -b 50m “Google Chrome.app.zip” ChromePieces

“Google Chrome.app.zip” -> Name of the file to be split
ChromePieces -> Prefix of output file name.
-b -> Create smaller files byte_count bytes in length.
50 ->byte_count value.
m -> indicates megabyte pieces. k can be used instead for kilo-byte pieces

Used “split” command to split the file

The zip file size was 93.1 MB. So it ended up creating two files. As can be seen from the image above.

Joining Files

Used “cat” to join the files

cat ChromePieces* > Chrome.zip

We are joining all the files that have prefix file name “ChromePieces” and the resultant file will be created as Chrome.zip

A new (Chrome.zip) file is created.

Unzipped the newly created zip file.

You can unzip the Chrome.zip file and Google Chrome application extracted would work as normal. Split and cat can be used on most of the files. I have tried it on binaries(Application & Installers), Audio and Video Files, Text files.

Mountain Lion Certificates

Before starting up Certificate generation, there are some important concepts to be understood. There are three possible roles that can be assigned to Apple Developer Program members: Agent, Admin, or Member.

Borrowed from Apple’s website.
1. Agent
The Agent (the original enrollee accepted into an Apple Developer Program) is the primary contact for the development team, is responsible for accepting all Developer Program Agreements, and can enroll their team in additional Apple Developer Programs.

2. Admin (company/organization only)
Developers assigned the Admin role serve as a secondary contact for teams enrolled in an Apple Developer Program as a company. Team Admins can invite members to the team, assign roles, and have access to the resources and benefits of the developer program they are enrolled in.

3. Member (company/organization only)
Developers assigned the Member role have access to the resources and benefits of the developer program they are enrolled in.

Now that you know the rules. So if an “Admin” user goes to certificate creation page, the option is disabled.

Disabled option to generate certificate

The rule also means that the Admin user cannot download the certificates either. It is the responsibility of “Agent” to generate and download the certificate and share it with the team.

Download option is also disabled.

Generating Certificates
If you are logged in as an Agent the button in first image will be enabled. Click on it and APPLE will guide you through the process to generate the certificates. But remember you have to generate 2 certificates: Developer ID Application Certificate and Developer ID Installer Certificate (First time I tried, I missed out on generating Developer ID Installer Certificate). Developer ID Application Certificate is used for signing the application and Developer ID Installer Certificate is used for signing the installer. While you are at it make it a point to download Developer ID Intermediate Certificate. Without Developer ID Intermediate Certificate Gatekeeper wouldn’t allow your application to launch.

As mentioned earlier only an Agent can download the certificates. So it is the duty of agent to generate the certificate and share it with his team.

Mountain Lion Gatekeeper

This is the first in a series of 3 posts documenting the working of Gatekeeper and signing of the plug-ins and the installers.

Gatekeeper is Apple’s security feature that is designed to protect Mac OS X users from malicious software.

Gatekeeper will be able to run in three modes:
1. Mac App Store: The default mode, a stricter mode in which users will only be able to install applications downloaded from the Mac App Store.
2. Mac App Store and identified developers: Relaxed mode that allows users to install applications downloaded from the Mac App Store or identified developers (Applications signed using certificate generated by Apple.)
3. Anywhere: Any application can be installed.

Gatekeeper options

While option 1 is the safest, option 3 is like being back on Lion or any other previous version of Macintosh. Option 2 seems like a good middle path which quite a few developers will take.

Important points to remember regarding Gatekeeper:
1. The Gatekeeper does not check or restrict Plug-ins, Frameworks etc.
2. Any software already installed—and that has been run at least once—will continue to run even after Gatekeeper is enabled. Gatekeeper checks on first launch of an application.
3. Gatekeeper uses OCSP (Online Certificate Status Protocol) to verify the certificate, OCSP talks to servers over the Internet.
4. Gatekeeper validates/checks all the installer.

For more information on Gatekeeper behaviour refer: Macworld article and tidbits article

I did few experiments to understand the Gatekeeper better.

Check 1: Downloaded a pkg installer (unsigned) on 10.6 and ran it on 10.8 from a pen drive
I Downloaded a pkg installer which doesn’t work (not signed) on 10.8 (Mountain Lion) on 10.6 (Snow Leopard) using Google Chrome and transferred it to a pen drive next day and tried installing it. The Gatekeeper detected that the pkg was not signed. The behavior was same when I downloaded the installer from a mail server.

Downloaded on Snow Leopard but Gatekeeper detected it.

Check 2: Downloaded a pkg installer (unsigned) on 10.8
I Downloaded an pkg installer which doesn’t work (not signed) on 10.8 on 10.8 and tried installing it again Gatekeeper was up to the task. The behavior was same when I downloaded the installer from a mail server.

Check 3: Downloaded a signed pkg installer on a fresh 10.8 machine without internet
Basically this machine had Mountain Lion Preview 4 and my signed installer was not used on this machine. I pulled out the LAN cable (WiFi was turned off) and I tried to install my package using the pkg installer. Gatekeeper allowed the installer to run without any warning. Looks like OCSP (Online Certificate Status Protocol) is not the only check Gatekeeper performs. Good news is that Gatekeeper doesn’t need the machine to be connected to internet for it to verify the certificates. The behavior was same when I downloaded the installer from a mail server.

Check 4: Downloaded an application (unsigned) on 10.6 and ran it on 10.8 from a pen drive
The application didn’t have a pkg installer. I just had to drag and drop the app into “Applications” folder. Copy worked fine but when I tried to launch the application, Gatekeeper kicked in. I used an older version of TextWrangler to generate the issue.

Check 5: Downloaded an application (unsigned) on 10.8
Same as Check 4. Gatekeeper wouldn’t allow me run the application. I used an older version of TextWrangler to generate the issue.

Check 4 and 5

Check 6: Downloaded a signed application on a fresh 10.8 machine without internet
Gatekeeper verified and allowed the application to launch.

Gatekeepers doesn’t quite meets my expectation. I would be very happy if it starts validating frameworks, plug-ins and command line tools that the user can download from internet. There are already improvements in Gatekeeper implementation in Mountain Lion GM over Mountain Lion Preview 3. But it is a good start none the less.

HDFC Alerts (R) Account Attempt Error User Login

I recently got this mail. It turned out to be fake but it almost caught be unguarded. This is the contents of the mail.

 

Dear Esteemed Customer,

Your Account has been flagged for Security issues within the last 24 hours. You are hereby mandated to confirm with our customer care your Online Login Information to quickly access this error. To ensure Smooth Banking Operation, You are also informed to correctly fill in your Secure Online Questions and Answers which you had already updated with our Bank upon your Registration.

Please click the link below to verify your account with us.


Click Here To Resolve The Issue

This Notice is strictly for Third Party Account Holders Only.

Thank You
Customers Service

Please endeavour To Open the Your Account Update Link using Internet Explorer 5.5 or Above .

Thank you for using HDFC Bank Ltd !
Copyright© 2010 – HDFC Bank Ltd. All rights reserved.

Information on protecting yourself from fraud, please review the Security Tips in our Security Center.

This is actually a form of phishing.

Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Quoted from Wikipedia.

There were four things which saved me.

1. The mail went to spam section. Credit goes to Google mail(Gmail) for this because unlike Yahoo mail it doesn’t put useful mails into spam. So I trusted Google mail to do its job.

2. On checking the sender email id, I realized it was from commercial Internet domain name (.com) instead of it being .net. All the mails from HDFC bank comes on domain ending with .net. This mail was from “customercare@hdfcbank.com” instead of net“.

3. Importantly I had never received this message despite trying to logging in with wrong passwords, Accidentally of course.

4. The most important point, the URL didn’t work. It was brought down for performing illegal action.

The fourth point also meant I could not see the html file, which also meant the end of the investigation. May be it’s a good thing that I don’t use Windows OS and there is no risk of using Internet Explorer, since the mail requested me to use IE. Somehow using Ubuntu and Macintosh(without Safari) makes me feel a little safer.

If you ever come across such mails be careful, because banks normally don’t ask you to login to Update your Account.

Please make time to go through the link, it contains a list of other spam mails.

Merry Christmas and Happy Holidays!