If you own a non-Touch Bar 13-inch MacBook Pro or are having touch-related problems with an iPhone X, Apple has new repair programs for you. Did you use CrashPlan for Home? Adam Engst also shows you how to uninstall it so it no longer consumes resources. iOS 12 simplifies logging into Web sites and apps, thanks to integration with third-party password managers—Take Control of Your Passwords author Joe Kissell explains. Finally, Adam shares five stories about how large organizations are using Apple devices as focused tools rather than general-purpose computing devices. Notable Mac app releases this week include BBEdit 12.5, Scrivener 3.1, DEVONagent 3.11, iMovie 10.1.10, Tweetbot 3.2, MoneyWiz 3.1, and Pages 7.3, Numbers 5.3, and Keynote 8.3.
Every so often, Apple creates a repair program to address a problem that affects a significant number of Apple devices. These repair programs provide free service or component replacement regardless of whether or not the device is still under warranty or covered by AppleCare. The company has just established two new programs: one for the iPhone X and another for the non-Touch Bar model of the 13-inch MacBook Pro. Both of these programs will continue for 3 years from the first retail sale of the unit.
For each of these programs, you can find an Apple Authorized Service Provider, make an appointment at an Apple Retail Store, or contact Apple Support to arrange mail-in service via the Apple Repair Center.
Before you give any device to Apple for repair, make sure to back up your data first, since the repair may involve replacing storage. For a Mac, we recommend making both a bootable duplicate and a Time Machine backup; for an iOS device, it’s always worth making a backup via both iCloud and iTunes.
iPhone X Display Module Replacement Program for Touch Issues
On the iPhone X Display Module Replacement Program for Touch Issues page, Apple says that a failing component in some iPhone X displays may cause touch-related problems. The display, or part of it, may respond intermittently or not at all to touches, or it may react despite not being touched. If your iPhone X is suffering from these problems, Apple will replace the display module free of charge.
No other iPhone models are included in this program, although this sounds a bit like the repair program that fixed iPhone 6 Plus units suffering from so-called “Touch Disease” (see “Apple Launches iPhone 6 Plus Multi-Touch Repair Program,” 18 November 2016) and we have an iPhone 6 that has similar problems.
13-inch MacBook Pro (non Touch Bar) Solid-State Drive Service Program
While the problems with the iPhone X are undeniably troubling, the 13-inch MacBook Pro (non Touch Bar) Solid-State Drive Service Program is more urgent. Apple has discovered that some of the 128 GB and 256 GB SSD drives used in the non-Touch Bar model of the 13-inch MacBook Pro suffer from a problem that could cause data loss and failure of the drive. Affected units were sold between June 2017 and June 2018.
If you registered an affected MacBook Pro with Apple, the company says it will send you email about the problem as well. Regardless, you want to send your MacBook Pro in for service—free of charge—as soon as possible, before data loss occurs. You must make a backup first since the drive will be erased as part of the service. Apple will reinstall macOS for you, and you can restore from your bootable duplicate or Time Machine backup during the setup phase.
Although this program covers only the non-Touch Bar model of the 13-inch MacBook Pro, the SSD in our son’s 13-inch MacBook Pro with Touch Bar, purchased in August 2017, also just failed and is headed back to Apple under AppleCare right now. I wouldn’t be surprised to see Apple expand this repair program in the future.
As all TidBITS readers should be aware, Code42 Software discontinued its CrashPlan for Home service recently (see “CrashPlan for Home Ends Today,” 22 October 2018). Since CrashPlan is an Internet-enabled service—even when used for peer-to-peer backups—there is no reason to let it continue running in the background. It may not consume significant CPU cycles or RAM, but you can’t use it to back up or restore data ever again, so you should remove it to ensure that it doesn’t cause any future problems.
Here’s how to uninstall CrashPlan for Home:
- In the Finder, choose Go > Go to Folder or press Command-Shift-G.
- In the dialog that appears, copy and paste the line below and click the Go button:
- If you don’t see the Uninstall app, that means CrashPlan was installed just for your user, so copy and paste this line instead and click the Go button:
- The Finder displays the CrashPlan application support folder, which contains the Uninstall app.
- Double-click the Uninstall app to run it, click the Uninstall button, enter your administrator password when prompted, and when it finishes, click the Exit button.
- The Uninstall app deletes the main CrashPlan app along with everything from the CrashPlan application support folder, and there’s no reason to keep that folder either. Navigate up one level in the Finder—press Command-Up Arrow—and then delete the empty CrashPlan folder. If the CrashPlan app remains in your Applications folder, TidBITS reader Tom Tubbiola has the solution:—copy and paste this line into Terminal to remove any “immutable” bits.
chflags -R nouchg /Applications/CrashPlan.app; chflags -R noschg /Applications/CrashPlan.app
- Finally, if you were backing up to a local destination, you can delete the folders containing those local backups. They’ll have long numeric names like
312757381423956228and will contain a
That’s it. If you were using CrashPlan for Windows or Linux as well, refer to Code42’s instructions for removing CrashPlan from those operating systems.
iOS 12 makes several changes to the way passwords are handled; see Glenn Fleishman’s “SMS Text Message Login Codes Autofill in iOS 12 and Mojave, but Remain Insecure,” 4 October 2018. My favorite addition to iOS 12 is support for using third-party password managers in login situations that were previously accessible only to iCloud Keychain. In case you haven’t tried this capability yet, I’d like to show you what it’s all about and why it’s so delightful.
The Old Way
Back in the dark ages (before September), the only way to use a third-party password manager to log in to a Web site in Safari or other browsers was by way of a Share sheet extension. Once you had enabled the extension, the process was to visit a page in your browser containing a login form, tap the Share icon, tap the icon for your password manager, unlock the password manager, tap the login item you wanted to use, and then (once you were returned to your browser), submit the form. That was a lot of cumbersome steps—enough that many people just used iCloud Keychain from within Safari instead because it required none of these extra steps.
To refresh your memory, iCloud Keychain vastly simplified this entire process by, when you tapped the username field of a login form, providing single-tap access to the username and then the password in the QuickType bar above the keyboard.
Now, iCloud Keychain isn’t terrible, but it’s neither as secure nor as flexible as I prefer. And, of course, it doesn’t sync with non-Apple platforms. So if you, like me, prefer to use a third-party password manager like 1Password or LastPass, you’ll be happy to know that iOS 12 requires far fewer steps to access your data there—and it makes that data available in virtually all apps, not just Web browsers.
Coming into the Light
Before you can make use of iOS 12’s new password manager integration, you have to tell iOS which one(s) you want to use. Go to Settings > Passwords & Accounts > AutoFill Passwords. Make sure the AutoFill Passwords switch at the top is turned on. Then tap an item in the Allow Filling From list to enable or disable it.
iCloud Keychain is always the first item, followed by any other installed password managers that support this feature. So far, compatible apps I’ve found include 1Password, Bitwarden, Dashlane, Enpass, Keeper, LastPass, RoboForm, and Zoho Vault. There may be others, and more will surely follow.
You may be wondering whether you should leave iCloud Keychain selected in addition to your third-party password manager. (You can select only one third-party password manager, in addition to iCloud Keychain, at a time.) It’s up to you, but I found that having both iCloud Keychain and another password manager selected sometimes led to confusion, so I suggest that you make sure all your important passwords are in your favorite password manager, and then have only that one—not iCloud Keychain—selected as an AutoFill source.
I should point out here that deselecting iCloud Keychain in this list does not disable iCloud Keychain! It’s still active, and it still works behind the scenes to supply credentials for Wi-Fi networks, Mail, Messages, and so on. The AutoFill setting determines only whether browsers and other apps that display login forms may look into iCloud Keychain for their data.
The new AutoFill Procedure
That one-time setup behind you, the steps to fill in credentials on a Web site are blissfully simple:
- Tap in the username or password field.
- iOS 12 looks in whichever password manager(s) you have selected, and if it finds a likely match, it displays it in the middle of your QuickType bar—or, if the QuickType bar isn’t showing, in a popover at the bottom of the screen. (On rare occasions, it may display more than one option.) If you see the one you want, tap it, unlock your password manager if necessary (using your password, Touch ID, or Face ID), and iOS fills in your credentials.
- Tap the Submit button.
But what if, in step 2, iOS 12 does not suggest the credentials you want? No problem; tap the key icon on the QuickType bar or at the bottom of the screen. (The key icon appears by itself if there’s a suggested password; if not, it includes the label Passwords.) A popover appears listing other potential matches, if any; you can tap any of these to fill them in.
If that list still doesn’t contain what you’re looking for, tap the name of your password manager, unlock it, and locate the desired credentials there. Tap them to return to your browser and fill in the form.
Beyond the Browser
Web browsers may be the most common places to enter usernames and passwords, but lots of other apps require logins too. Think, for example, of the Dropbox app, Instapaper, Tweetbot, or an app supplied by your bank. These and countless other cases used to require switching back and forth between the app and your password manager to copy and paste your credentials. But in iOS 12, both iCloud Keychain and third-party password managers are available in nearly any app that uses passwords.
Unfortunately, no matter where you store your passwords, iOS 12 has no way to know which accounts go with which app. So, after tapping the key icon on an app’s login screen and tapping your password manager of choice, you’ll have to manually search for the desired account—it’s not quite as smooth a procedure as logging in to a Web site. I also found on numerous occasions that once back in the app, I had to tap in the username or password field before iOS 12 would fill in the credentials.
Furthermore, if you’re setting up a new account from within an app, iOS 12 provides no mechanism whereby a third-party password manager can generate a suggested password and fill it in for you—unless the app displays a 1Password icon in its username or password field, meaning that it supports the old-style 1Password App Extension (which other password managers can also use).
But Now, the Bad News
As great as this new password manager support is, it would be overstating the case to say that Apple has allowed third-party password managers to work entirely on par with iCloud Keychain. Some processes still require numerous cumbersome steps—and don’t get rid of that Share sheet extension just yet!
First, this new mechanism is for usernames and passwords only. It can’t be used to autofill other data that your password manager might store (such as credit card numbers, addresses, and phone numbers) and that would be available via a browser extension on a Mac or PC. You can still fill in that sort of data using the Share sheet extension.
Second, this autofill capability is one-way: it sends data from your password manager to your browser (or other app), but it can’t gather data from the browser and send it back to a third-party password manager. (In contrast, iCloud Keychain can autosave credentials as you submit them.) That means if you’re filling in a Web form with credentials that aren’t already stored in your password manager, the act of submitting the form won’t trigger the password manager to store them, as typically happens in desktop operating systems. Here are the steps you’d follow to save a new password this in 1Password (other password managers may differ slightly):
- Tap the password field.
- Tap the key icon.
- Tap 1Password.
- Unlock 1Password (using a password, Touch ID, or Face ID).
- Tap Create Login.
- Enter your username.
- Tap Generate New Password.
- Tap Save & Fill.
The same is true if you’re changing a password on a Web site. If you need a new password, you’ll want your password manager to generate it; then you’ll want to enter it on the site and store it in your password manager. With a desktop browser extension, this whole process is quick and easy (and Dashlane and LastPass make it extra easy for a limited number of sites, basically automating the whole procedure with just a couple of clicks). But because in iOS 12 your browser won’t send data back to your password manager, you’re stuck performing a multi-step process similar to the one above (or using the Share sheet extension, just as you would have done prior to iOS 12).
Postscript: Updates in Progress
Because both Apple and third-party password manager developers have been hard at work adding features and polishing their user interfaces, my two password-related books (Take Control of Your Passwords and Take Control of 1Password), as well as my Wirecutter article about password managers, are all in need of revision. I’m working on all of the above (while also juggling an absurd number of other projects) and hope to have updates available soon.
I’m writing this while at the Jamf Nation User Conference, better known as JNUC. It’s my second year at this conference, and while Jamf’s Apple-focused device management software has evolved and the 2000-plus attendees are busy learning about the latest best practices, at a high level, the conference is basically the same as last year—for details, see “JNUC 2017: A Glimpse into the World of Apple Enterprise” (3 November 2017). And once again, in the interests of full disclosure, Jamf has sponsored TidBITS in the past, and the company invited me and other journalists to attend, paying for travel and accommodations.
More interesting than the nitty-gritty of how Jamf Pro works are the ways that schools, businesses, and other organizations are using it to help enable large and innovative Apple-focused projects. For many of us, it’s hard to see beyond individual consumer use of Apple devices. So let’s step back from daily media frenzy and look at how technical professionals around the world are using Apple devices as organizational tools of change for education, healthcare, hospitality, and retail.
K-12 Education: Sewanhaka Central High School District
When he was in 8th grade in 2012, my son Tristan announced that he needed a TI-83 graphing calculator for his algebra class. It wasn’t cheap at about $110, and I was shocked to realize that it had been designed in 1996 and last updated in 2001. It was ancient technology, to be sure, but it was all that was approved for use on New York State’s standardized tests. And it couldn’t be used to cheat, as would have been possible on an iPhone or iPad equipped with a graphing calculator app.
So I was intrigued at JNUC to talk with Brian Messinger and Robert Pontecorvo, District Coordinators at Sewanhaka Central High School District on Long Island. Their district has five schools in very different communities, and they were struggling with equity issues surrounding graphing calculators.
For students whose families couldn’t afford the $110 calculator for a standardized test, the school would provide a loaner calculator, but it wasn’t something these students had access to all year, putting them at a huge disadvantage on the test. And while $110 may not sound like that much, one of Sewanhaka Central’s schools loaned out three calculators for the test, whereas another had to loan out 300. The test questions might have been standardized, but taking the test was anything but a level playing field. Simultaneously, students in other, richer districts were using more modern calculators that were easier to use and had more capabilities. Even Sewanhaka Central’s wealthier students were at a disadvantage compared to neighboring schools.
So Messinger and Pontecorvo worked with the New York State Education Department to create a 1-to-1 program that would provide iPads to 8200 students and 800 teachers. They’re all equipped with the free GeoGebra graphing calculator app, which, as Pontecorvo said, “can do everything that a normal calculator does, but better” thanks in part to iOS’s direct manipulation interface, compared to using complicated key combinations for actions like zooming.
This system works for two reasons. First, the GeoGebra graphing calculator app is approved for use on the New York State standardized tests. That’s essential because, Pontecorvo said, his teachers refused even to consider previous iPad math apps because students wouldn’t be allowed to use them on tests. Second, with a Jamf Pro profile and workflow, the Sewanhaka Central IT department could lock all the iPads to use only GeoGebra during tests. No switching out to Safari to do a Google search or to Messages to ask for help.
Of course, iPads are more expensive than graphing calculators, but not vastly so, and bringing them in for educational equity reasons was a cleverly placed foot in the door. And now, with iPads across the entire student population, the district is standardizing on Apple’s Schoolwork and Classroom apps for class administration and teachers are using GeoGebra and other apps to improve instruction with a focus on creativity rather than rote learning.
I raised the question of keyboards, which Sewanhaka Central does not provide with its iPads. Pontecorvo said, “We’ve learned, and this was a mindset shift for me as well, that keyboards are an adult issue, not a teenage issue.” Apparently, the students are happier with the split keyboard and thumb typing.
Higher Education: Ohio State University
Although it might seem counterintuitive, one of the primary drivers for the 1-to-1 iPad program that started this year at Ohio State University was cost savings. Ohio State’s Digital Flagship program issued 11,500 iPads to incoming freshmen this year, and the university designated 42 fall semester classes as “iPad required” due to the apps that the courses use. Each iPad also has a custom app that provides a course planner, grades, schedules, and a listing of student organizations, along with campus maps and bus routes. Unlike Sewanhaka Central High School District, Ohio State equipped its students with iPad Pros outfitted with cases, keyboards, and Apple Pencils, so students are ending up with highly capable systems, which they’ll get to keep when they graduate.
So how is this saving money? Again, iPads aren’t exactly cheap, but their price tags seem entirely reasonable compared to those of college textbooks—Ohio State’s students spend $61 million per year on textbooks and supplies. The university’s Affordable Learning Exchange program funds and supports faculty members in replacing expensive textbooks with open educational resources that are available for free. According to Mike Hofherr, Ohio State’s CIO, the freshmen are reportedly saving $230 per year by not having to buy as many textbooks. So far, Ohio State has saved students about $3 million, and the university hopes to increase the savings to $10 million per year in 2020. That’s a lot of iPads.
Perhaps the most impressive aspect of the Digital Flagship initiative was its rollout. Just imagine how much work it takes to hand out 11,500 fully equipped iPads to incoming freshmen. The university’s IT department was prepping 250 iPads per day for 2 months straight, bagging all the parts and registering the iPad in the Jamf Pro management system. And at distribution, of the 11,500 iPads, just 50 had some sort of problem out of the box, only 8 students didn’t want one, and there were only 2 technical errors.
Healthcare: University of California San Diego Health Sciences
I mentioned this program briefly in last year’s coverage, and Marc Sylwestrzak, Director of IS Experience and Development for UCSD Health Sciences, was back to provide an update. To recap, UCSD’s Jacobs Medical Center hands out an iPad to every patient in the 245-room hospital and equips every room with an Apple TV. The iPad provides access to patient health information, room controls via Crestron home automation, and entertainment through the Apple TV.
This is a completely different scenario from the high school and college installations, since the patients have the iPads only while they’re checked in, and any given iPad has to be configurable for any individual room and patient. On check-in, a patient is issued an iPad, with Jamf Pro coordinating with the hospital’s health information system to set it up for that patient and the appropriate room. Patients can install a selection of apps without entering an Apple ID or password. On discharge, a Jamf system called Healthcare Listener automatically wipes the iPad to ensure patient privacy and makes sure it is ready for the next person. (And yes, each one is cleaned with hospital-grade cleaning wipes between patients to eliminate “computer” viruses.)
Since inception, this automatic wipe system has been used over 32,000 times, saving an estimated 1400 hours and $65,000 over manual wipes annually. More important, patients who use the room controls on the iPad are nearly three times more likely to interact with their health records, making for more informed patients.
This initial project had proved so popular with patients that UCSD Health Sciences has expanded it to another 490 rooms in two other hospitals over the past few months. The other major change was made possible by a pair of new apps: Jamf Setup and Jamf Reset. The automatic setup and wipe system doesn’t work for outpatients, who don’t check into a room. It also falls down in situations like a NICU (Neonatal Intensive Care Unit), where multiple babies are in beds in a single room (and where the baby patients aren’t yet using an iPad). For a NICU, Jamf Setup allows a nurse to take an iPad, associate it with a particular bed and patient with a couple of taps, and give it to a visiting family member. When that person leaves for the day, either they or a nurse can wipe the device manually (since the baby isn’t being discharged) with a few taps using Jamf Reset.
UCSD Health Sciences is also working to provide iPhones to staff using these apps so a nurse or a member of the janitorial staff can check out a device for a shift on a certain floor or department. That enables communication with the person who is in a particular role, regardless of who it is at any given time. (Previously, Android phones were used, but they had significant Wi-Fi problems.)
As much as this sort of program is great, we’d all prefer to avoid hospital visits entirely. Nonetheless, the inevitability of being in the hospital as a patient or family member triggered an interesting conversation with UCSD’s Sylwestrzak about other uses for those iPads.
We first talked about using those iPads to make audio or video recordings of conversations with a terminally ill relative or bringing the outside world in via FaceTime. A Jamf employee at the table chimed in to say that he had lost his father a few years before, and only once did he think to pull out his phone and record the conversation, which is now one of the most precious artifacts his family has. Plus, with some of the lessons from end-of-life planning from La Crosse, Wisconsin in mind, we discussed the possibility of the iPad offering planning resources, or even providing a chatbot to help someone start a difficult discussion. That’s all pie-in-the-sky possibility for now, but it will need the ubiquitous availability of such technology to patients to come closer to reality.
Hospitality: Red Lion
On a lighter note, we may all wish to avoid the hospital, but most of us end up in hotels at some point. Every hotel room has a TV and some sort of entertainment system, but they’re usually hard to use. Plus, many people would far rather watch shows from their own Netflix account than channel surf randomly.
In an attempt to modernize the hotel experience, the Red Lion chain of hotels is experimenting with installing Apple TVs (with custom remotes) in all the rooms in its Hotel RL brand. But the project goes further, tying into an iOS app that lets travelers check in remotely, open the door using the iPhone instead of a keycard, and communicate with the hotel staff before (for room requests) and after (in case of forgotten items) the stay.
The Apple TV runs a custom app that provides access to DirecTV for channel surfing, lets the user make room requests, and replaces the standard hotel notebooks that document hotel features and provide tourist and eating recommendations. Red Lion uses Jamf Pro to customize the app for each hotel location and room and to configure the Apple TV to default to that app. It also automatically wipes the Apple TV when the guest checks out and sets it up for the next person.
The one thing the system doesn’t yet do is provide access to streaming video apps like Netflix and Amazon Prime. Some other hotels with newer smart TVs do offer this, and the problem is that logging in can be devilishly difficult. The problem is authentication—it’s hard enough to log in to any account on the Apple TV due to its horrific onscreen keyboard, and that assumes you even know your password. Red Lion is trying to figure out if there’s a way to ask for and then transfer those authentication credentials with Jamf Pro and the MDM setup.
Although Red Lion’s system seems undeniably better than the average hotel setup and has received positive customer feedback, Red Lion CIO John Edwards admitted that people were still having some trouble getting their heads around it. The Apple TV interface may be easy, and Red Lion’s custom app was well-designed, but it all still assumes a level of comfort with digital interfaces that may not exist as broadly as those of us in the tech world think. Still, I’d love to give the system a try.
The final case study for interesting uses of Apple devices managed through Jamf Pro comes from Rituals, a rapidly growing European cosmetics chain. Although there are only a handful of stores in the United States, Rituals operates 670 stores worldwide and is opening two new stores per week. That’s an insane rate of growth, but more interesting is how the company manages each store’s technology needs.
Rituals stores rely almost entirely on iOS devices. There’s always an iPad for the back office, which employees can use to maintain inventory, watch training videos, read email, access shared files, and do other management tasks. For the front of the store, although Rituals stores have a fixed cash register in case of technical failures, most sales are completed by an employee carrying an iPod touch. They also use the iPod touch to do stock-keeping, complete with a bit of gamification to get employees to build small amounts of product counting in each day rather than spending an evening auditing the entire store’s inventory. Each store also gets an iPhone for contacting the warehouse and for any tasks that might take place outside of Wi-Fi range.
The use of the iPod touch is worth noting. Joost van der Zwaan, ICT Solutions Architect at Rituals, said the most important reason for choosing Apple’s little-discussed iPod touch was its size—most Rituals salespeople are women, and they can carry or pocket the iPod touch much more easily than an iPhone or iPad. It doesn’t hurt that it’s notably cheaper than an iPhone.
As at UCSD Health Sciences, these iOS devices aren’t personal devices—they have specific roles to play, with a custom selection of apps that each role requires. If a device breaks, or it’s necessary to press the back-office iPad into checkout service during an especially busy time, the Rituals IT staff can use Jamf Pro to wipe it and reconfigure for the new role.
Going Beyond the Individual
I found these stories intriguing because they challenge our standard view of Apple gear as focused on the individual end user. That’s largely what Apple wants us to think, of course, and it’s also reflected technically—iOS doesn’t support multiple users. (That said, I was told at JNUC that Microsoft’s Office apps for the iPad do offer multi-user support to enable the separation of personal and work documents with different access controls.)
And yet, outside of its mainstream marketing, Apple does acknowledge that organizations need to buy and distribute hundreds or even thousands of devices with preset configurations. However, Apple’s own device management tools—Profile Manager in macOS Server, for instance—don’t scale to the levels discussed here, much less the 134,000 Macs used by IBM employees.
That’s where Jamf Pro—or a competing device management system like Addigy, FileWave, and SolarWinds—is necessary. As these stories have shown, for multitudes of Macs and iOS devices to meet the role-based needs of organizations, IT administrators need finely grained and highly automatable control over the setup and usage of these devices.
As this trend toward large institutions deploying numerous Apple devices as an integral part of their organizational missions continues, we will all increasingly find ourselves interacting with and relying on these managed devices while getting an education, receiving healthcare, staying in a hotel, or simply making a purchase in a store. These devices may not be “personal” in the ways we’re accustomed to, but Apple’s attention to usability and design, coupled with device management systems, means that they can serve highly specific purposes in ways that nothing else could.