We include a root CA with our product. Is there a way to prevent a user from changing the trust settings? I couldn't find anything, but as this is on the outer edge of my current knowledge set, it's just as likely that I missed something.

sef% mdls /Applications/Google\ Chrome.app/Contents/Frameworks/Google\ Chrome\ Framework.framework/Versions/112.0.5615.137/Helpers/Google\ Chrome\ Helper.app kMDItemFSContentChangeDate = 2023-04-17 23:59:16 +0000 kMDItemFSCreationDate = 2023-04-17 23:59:16 +0000 kMDItemFSCreatorCode = "" kMDItemFSFinderFlags = 0 kMDItemFSHasCustomIcon = 0 kMDItemFSInvisible = 0 kMDItemFSIsExtensionHidden = 0 kMDItemFSIsStationery = 0 kMDItemFSLabel = 0 kMDItemFSName = "Google Chrome Helper.app" kMDItemFSNodeCount = 1 kMDItemFSOwnerGroupID = 0 kMDItemFSOwnerUserID = 0 kMDItemFSSize = 1 kMDItemFSTypeCode = "" sef% mdfind 'kMDItemFSName == "Google Chrome Helper.app"' So there's a metadata key that has a value... but mdfind won't find it. I haven't tried writing a small program to see if it would find it yet, although I am somewhat curious if it would.

I searched and couldn't find anything, which shocks me, I can't be the only person to ask this. Therefore my search skills are once again demonstrated to be weak. Given an EKCalendar, I can get the source thence sourceIdentifier... but that's just a UUID; can I get the actual URL for that? I assume it's somewhere?

I don't have enough physical machines to install Sonoma; I do, however, have lots of CPU cycles, memory, and disk space -- so can I get Sonoma running in VMWare Fusion? Ideally on both AS and Intel. I searched to see if this had been asked, but I will be the first to admit my searching skills are bad. (This is why I like find and grep.)

In some cases, one of our daemons will end up with thousands of threads. Clearly a bug somewhere, but I can't see it in the code. (Admittedly, it's C++ which is a bit alien to me still. Anyway.) If I wanted to just be notified each time a thread was created in the process, what are some ways to do that? I assume dtrace and lldb have ways to od it, but I'm not quite sure what.

We have our own root CA that is installed with our application. For non-MDM installs, the system asks if the user wants to do that, which is all well and good. It also used to ask us when removing that certificate. It doesn't now. So now I am wondering if I dreamed it, except other people say they also got prompted and don't now. It's being installed and removed using the security command, in scripts.

macOS, really, so there are a bunch of things that may be running during various types of sleep. I know I can get notifications from IOKit about the system going to sleep or waking up, but if I've got a daemon that crashed, and is then relaunched automatically, can I tell whether the machine is awake, or in some sort of sleep state other than hibernation?

I've got @Environment(\.managedObjectContext) var context private var home: Home private var predicate: NSPredicate @State var sortBy: SortDescriptor<Room> @FetchRequest private var rooms: FetchedResults<Room> init(home: Home) { self.home = home _sortBy = State(initialValue: SortDescriptor<Room>(\.name)) self.predicate = NSPredicate(format: "%K = %@", "home", self.home) _rooms = FetchRequest<Room>( sortDescriptors: [self.sortBy], predicate: self.predicate) } But it won't compile -- it says Variable 'self.rooms' used before being initialized. But... how?

I was trying to have a date picker show up conditionally; it seems to work for iOS, but macOS (13, haven't tried it on 14 yet) it ... doesn't. In particular, if I select "custom" in this code, and then click on a date part, it brings up the graphical picker, and I can select a date, but then... it doesn't go away. Clearly I am doing something wrong, but is it clear to anyone who isn't me what that is? import SwiftUI extension View { /// Hide or show the view based on a boolean value. /// /// Example for visibility: /// /// Text("Label") /// .isHidden(true) /// /// Example for complete removal: /// /// Text("Label") /// .isHidden(true, remove: true) /// /// - Parameters: /// - hidden: Set to `false` to show the view. Set to `true` to hide the view. /// - remove: Boolean value indicating whether or not to remove the view. @ViewBuilder func isHidden(_ hidden: Bool, remove: Bool = false, disable: Bool = false) -> some View { if hidden { if !remove { self.hidden() .disabled(disable) } } else { self } } } enum ExpireType: CustomStringConvertible, Hashable, CaseIterable { case never case oneWeek case twoWeek case oneMonth case sixMonth case custom func expires(given date: Date) -> Date? { let calendar = Calendar.current switch self { case .never: return nil case .custom: return nil case .oneWeek: return calendar.date(byAdding: .weekOfYear, value: 1, to: Date()) case .twoWeek: return calendar.date(byAdding: .weekOfYear, value: 2, to: Date()) case .oneMonth: return calendar.date(byAdding:.month, value: 1, to: Date()) case .sixMonth: return calendar.date(byAdding: .month, value: 6, to: Date()) } } var description: String { switch self { case .never: return "Never" case .custom: return "Custom" case .oneWeek: return "One week" case .twoWeek: return "Two weeks" case .oneMonth: return "One month" case .sixMonth: return "Six months" } } } struct ExpireDatePicker: View { @State var expires = Date() @State var expireType = ExpireType.never @State var didChange = false @State var dateString = "" @State var showDatePicker = false private func updateText() { if self.expireType == .never { self.dateString = "" } else if self.expireType == .custom { self.dateString = self.expires.formatted(.dateTime.day().month().year()) } else { self.dateString = self.expireType.expires(given: Date())!.formatted(.dateTime.day().month().year()) } } /* * For the expire date, we want to let * the user pick one of the predfined dates, * or a custom date. */ var body: some View { VStack(alignment: .trailing) { let _ = print("showDatePicker \(self.showDatePicker)") Picker("Expiration date", selection: self.$expireType) { ForEach(ExpireType.allCases, id: \.self) { et in Text(String(describing: et)) .tag(et) } } ZStack(alignment: .trailing) { Text(dateString) .fontWeight(.ultraLight) .isHidden(self.showDatePicker, disable: true) /* * This does not work well. * I can't get it to disappear, * or relinquish control */ DatePicker("", selection: self.$expires, displayedComponents: .date) .datePickerStyle(.compact) .isHidden(!self.showDatePicker, disable: true) } } .onChange(of: self.expireType) { to in self.showDatePicker = (to == .custom) self.updateText() } .onChange(of: self.expires) { to in print("expires changed to \(self.expires)") self.showDatePicker = false } } }

As I mentioned elsewhere, I am trying to add a packet filter to our app. I can load load the extension, but I am getting permission denied when I try to save the preferences with it. I am building for release, using a Developer ID Application certificate (macOS, if that wasn't clear). I am starting to worry that I can't do this except on an MDM-managed system.

I added a Home concept to my simple test program, which made the chain be Home has Rooms which have Items. But when I tried using something like let homeID = self.room.home?.id ?? UUID() _items = Query(#Predicate { ($0.room?.home?.id == homeID) == true }) it complained about an illegal ternary. Fine, it's picky so I changed the Item model to have a computed property: var home: Home? { return self.room?.home?.id } but with that, it crashes at runtime, because it can't find the keypath to .home. Is this all expected?

We have a Transparent Proxy Provider, and a Packet Filter. They both get activated on app startup, and then when that's done, I call code to set the preferences to enable them. That is basically done by having the request:didFinishWithResult: method check the identity of the request, determine whether it was activation or deactivation, and then call the appropriate function to do the preferences load/save dance. However, from the logs, it looks like the preferences-handling code sometimes only gets called for one of them (and, strangely, almost always the packet filter). Is this a known issue? I'd guess something about multiple calls to load/save preferences happening at the same time?

The crash is at do { retval = try ModelContainer(for: schema, configurations: [modelConfiguration]) } catch { fatalError("Could not create ModelContainer: \(error)") } When I first set it up, it complained (at run-time) about a lot of issues, mainly items not being optional and I apparently had a couple of @Attribute(.unique)s left. After I got rid of all of those, however, I get the crash there. I assume this is an obvious thing that I am doing wrong, but I can't figure it out.

I didn't think it was possible, but a coworker showed me a screenshot with the SentinelOne content filter having the enabled button greyed out in sysprefs: So how are they doing that?

As mentioned before, we have to network extensions for our app -- a transparent proxy provider, and a packet filter. We just started testing with multiple users, and I'm seeing what seem to me to be very strange results, but they get less strange if the states aren't system-wide. Easiest case: I install while I'm logged in, we install the agents and daemons, start everything up, and the app then goes to activate both extensions. This starts with an OSSystemExtensionRequest for each, and when the completion delegate is invoked, I go to "connect" them, which is where the does the load/save preferences. Barring the apparent timing issue I filed a feedback on, this works. If i then fast-user-switch to a second user, the agent once again starts, and goes through the same process -- it creates an OSSystemExtensionRequest to load them both, the delegate gets invoked, and then it does the connection functions for each. The behaviour might change slightly if the second user is already logged in, but I lost my notes there. At the end of this, I am left with things in a weird-to-me state: For the second user (not an admin), I see three entries in prefs/settings > Network -- one packet filter, and two TPPs. The two TPPs either appear 100% identical, in that they both have the same connection time, or one is connected and the other isn't. For the first user (an admin), I sometimes see 1, 2, or 3 entries -- and the VPNs are not always shown as connected. This is new behaviour for us, so either it's something I'm doing in the connection code, or something in the OS changed. The latter seems unlikely since the machine in question is still running macOS 12.6, but I don't test multiple users very often. If the packet filter is global, and the TPP network connection is per user, this kinda makes sense (but why did we not notice it before?).