atomicbird

Those of you in the USA should pick up the June 2008 issue of MacLife magazine. They've got an article called "The Dawn of iPhone 2.0", covering expectations for what's going to happen once this pre-release iPhone software I've been playing with goes public.

Why, when there's so much information online? Because I'm one of the sources for the article (see page 49), along with Paul Kafasis of Rogue Amoeba and Erica Sadun. That's reason enough, right?

For what it's worth, I did eventually get my iPhone developer certificate, although it still looks like the whole certificate program is pretty screwed up.

I've just released MondoMouse 1.4.2. This version makes two changes:

• MondoMouse will not make "choose application" windows appear anymore. This has been happening on Leopard systems, when MondoMouse works with certain applications (e.g. OmniGraffle Professional).
• If a window can't be resized, and "highlight windows being moved or resized" is turned on in MondoMouse preferences, the window will be highlighted in red to make it easier to tell what's going on. Thanks to Brian Cooke for suggesting this.

This upgrade is free to all registered users of MondoMouse. If you already have MondoMouse, the best way to get it is to use MondoMouse's "check for updates" button, or else just wait for MondoMouse to check automatically.

Otherwise, you can download the new version here.

• Download MondoMouse 1.4.2 (1.1MB)

Macaroni 2.1.1 has just been released. This version fixes a number of minor bugs in 2.1, most notably:

• Fixes a particularly embarrassing bug where it would occasionally be impossible to register Macaroni.
• Fixes the "clear history" button, which was unfortunately broken in 2.1.

System Requirements

To use Macaroni 2.1.1 you must have Mac OS X 10.4 or 10.5, on an Intel or PowerPC Mac. Mac OS X 10.2 and 10.3 will not run Macaroni 2.1.1, although Macaroni 2.0.8 is still available from the Macaroni page if you need it for an older Mac
.
This is a free upgrade for all registered users of Macaroni. Macaroni 2.1.1 can be downloaded from the Macaroni home page.

To Upgrade

There always seems to be a little confusion regarding how to upgrade Macaroni. Here's how you do it:

1. Install the new version.
2. There is no step 2.

People often assume that they need to go through a complex upgrade routing involving (at a minimum) removing the old version and (sometimes) mysterious rituals they expect are necessary to prepare their Mac. I try to make it as painless as possible but some people seem to expect the worst. If for some reason it's not that simple for you, please let me know so that I can make sure to fix the problem in the next version.

Developer Note

If you're interested in Mac OS X software development, you may be interested to know that this is the first version of Macaroni built on Mac OS X 10.5 "Leopard", and using the new Xcode 3 development environment. Macaroni 2.1 was a Leopard-compatible upgrade, but was built on Mac OS X 10.4 using Xcode 2.4. I have not yet migrated from nibs to xibs for the GUI, but I'm investigating the possibility for future releases.

One of the new features in Leopard that people may not notice at first is code signing. It's not the sort of thing that makes for a flashy demo, so you may not have noticed.

When a software developer creates an application they can now optionally add a cryptographically-secure signature to it which can later be used to find out if the application was modified. It can also be used to identify a new version of an application in relation to an older version of the same application. If both are signed in the same way, Mac OS X won't notify you about the update and ask if it's OK for the new version to use the same keychain information as the old one.

Beginning with Mac OS X 10.5 Apple signs all of their applications.

What does modified mean in this situation? It's not as clear as one might think, but the basics are:

• Modifying the executable, the part that actually runs the program, will invalidate the signature.
• Removing platform-specific code (just the Intel or PowerPC part) can be an exception to this (more detail below).
• Removing language-specific localizations-- such as the parts needed to present menus and windows in a different language-- can be safely removed without invalidating the signature.

Macaroni and Code Signing

Which brings me to my main point. The authors of 1Password have run into some trouble with applications whose signatures get invalidated, in their case Safari's signature. As they describe in their Switcher's Blog, some of their customers found that 1Password no longer worked with Safari, and some detective work revealed that the problem was an invalid code signature.

Unfortunately while doing this they made the mistake of including Macaroni in the list of applications that could cause code signatures to become invalid. Almost immediately I started getting email from concerned users thinking that they needed to shut down Macaroni to protect their Macs. In fact Macaroni does not and has never removed platform-specific code from applications.

Many users have requested this feature since Intel Macs first appeared, and I did investigate it, but it seemed to be a technical and support mine field and so I left it out. It's not necessarily a bad idea to remove PowerPC code if you have an Intel Mac, or vice versa, but it seems like doing so is more of an expert move, to be done if you feel you have a good technical understanding of what you're doing and why. And if you do, you probably don't need Macaroni to help you with it. You could create a custom Macaroni job to automate the cleanup for you, but I still maintain that it has no place in the standard set of Macaroni jobs.

And now, a demo.

For demonstration purposes I'm going to look at Safari and Mail, both included with Leopard, and see what does and doesn't invalidate their signatures. I will of course be working on copies of the applications, because I'm going to be messing with their internals for your entertainment.

Demo: Localization cleanup

First I'll select Safari and open up the "Get Info" window. As you can see all of the languages Apple ships with it are present. There are 18 in all, though they don't all show up without some scrolling. Mail produces the same result.

I'll also verify that I'm starting with valid code signatures on both:

$ codesign -vvv Safari.app
Safari.app: valid on disk
$ codesign -vvv Mail.app
Mail.app: valid on disk

Now I'll run Macaroni and have it remove localized files. After doing this, I bring up the "Get Info" window again and verify that everything except English has been removed:

And how about those code signatures?

$ codesign -vvv Safari.app
Safari.app: valid on disk
$ codesign -vvv Mail.app
Mail.app: valid on disk

Looking good.

Demo: Platform code cleanup

Now I'm going to strip out the PowerPC code, leaving me with copies of the applications that work only on Intel Macs. I don't have any of the fancy utilities that does this for you, so instead I'm going with the command line and Apple's standard tools. There's more than one way to do this, but the easiest is probably to use "ditto". Besides copying files, ditto will optionally strip out platform-specific code while copying.

$ ditto --rsrc --arch i386 Safari.app Safari-i386.app
$ ditto --rsrc --arch i386 Mail.app Mail-i386.app

And the signatures?

$ codesign -vvv Mail-i386.app/
Mail-i386.app/: valid on disk
$ codesign -vvv Safari-i386.app/
Safari-i386.app/: a sealed resource is missing or invalid
/tmp/Safari-i386.app/Contents/Resources/SafariSyncClient.app/
Contents/MacOS/SafariSyncClient: resource modified

Hmm, not so good for Safari there. Mail looks OK though.

Should you care?

If you're using both 1Password and you strip platform-specific code from your applications, you should be aware of this. As the 1Password developers have discovered, an invalid code signature can prevent their tool from working. This is exactly the kind of thing that stopped me from adding this kind of application stripping to Macaroni.

If you don't use 1Password, it's probably OK to strip platform-specific code if you want. Invalid code signatures might mean you'll have to enter your password more often after updating applications, but aside from that it doesn't look like you'll notice it. It may not be worth the effort though. Leopard's Mail.app starts out at 286.5MB. After removing localizations that drops by more than 90%, to 24.7MB. Removing PowerPC code on an Intel Mac reduces it further to 21.6MB, only another 1% or so off of the initial size.

Either way though, Macaroni's not going to hurt your code signatures.

The next Iron Coder has been announced. This time it'll be a nine-day event instead of a weekend. The prize is an iPod Touch. And while the API hasn't been announced yet, it's going to be something new in Leopard.

If you read my previous post about expanding my product lineup, you know that MondoMouse was the ultimate result of the first Iron Coder. Since then I've participated whenever I've been able.

If you're a Mac developer, or want to be, this is a great event to take part in. The constraints of the event focus your attention on getting something done and ready to at least show to other people if not actually to release to the general public (and who knows, maybe it'll evolve into something you can release to the world). It's a good way to dive in and learn a new and unfamiliar API, a sort of friendly competition combined with a self-taught immersion course. Win or lose, I expect this Iron Coder will be most valuable to those with the least amount of time working on Leopard so far. If you're just now wanting to come up to speed with Leopard, participating would be a really good way to jump-start things.

It's also a good way to get to know other developers-- and not just any developers, but those who are actually motivated to try something like Iron Coder because it sounds like fun to them. The #macsb IRC channel (irc.freenode.net) serves as an unofficial discussion center for Iron Coder. It's normally a friendly competition, so you can feel free to ask for help along the way and usually get it.

So mark your calendars, and make sure you know your way around Xcode 3.