On the first Tuesday of each month @ 8:00 p.m. ET., we host a live broadcast & chat. New episodes post weekly.

New! A way to support the show.

236: MacBook Pro - Turn Back Time


  • Root login issue
    • needs catchy name... “Higher Sierra. Even Higher Sierra? Too High Sierra...”
    • Joe wonders if FileVault was affected, assumes not. Probably need to log into existing user account first. From Addigy's email: "Gaining access to user accounts and turning off FileVault encryption"
    • ARD was susceptible. (Another reason not to forward ARD/SSH port from WAN to LAN!)
  • Our friends at Addigy put out an immediate fix: https://www.addigy.com/fix-the-high-sierra-root-exploit
  • Clients ask, "should I update to the new macOS?" We usually recommend waiting a few months, especially with the major filesystem changes in High Sierra. Our previous best practice was to recommend waiting until the 10.x.3 update. Should we go back to that recommendation? Note that the issue existed in the current beta of 10.13.2 in addition to the latest release of 10.13.1.
    • The sweet spot of macOS releases: 10.x.3 - 10.x.n
    • Note the latest release of each macOS version, e.g. 10.5.8, 10.6.8 v1.1, 10.7.5, 10.8.5, 10.9.5, 10.10.5, 10.11.6, 10.12.6, etc.
  • Sam talks about "winging it" with a product he used to support - Canto Cumulus
  • Jerry starts a good discussion about the current lines of MacBook Pro models and the changes that have not been well received.  He mentions Marco Arment's blog posts
    -The best laptop ever made: https://marco.org/2017/11/14/best-laptop-ever
    -Fixing the MacBook Pro: https://marco.org/2017/11/24/fixing-the-macbook-pro
  • Joe has some follow up on removing the Temp user account when the minus button is not available: you can also use Directory Utility. Open Directory Utility, authenticate as the Temp user, then remove the Temp user. Verify Temp user has been removed in Users & Groups, then manually delete home folder of Temp user. Note that we also tried changing the user's password from within the existing user (to avoid keychain issues) and it didn't work.