Yosemite corrections?

[macmacmacr]

Has Yosemite corrected any of the following?

The list below are flaws I have found with Mountain Lion

1) Is there a SHA hash check for the operating system once downloaded so that the operating can be confirmed as authentic? Windows and Ubuntu have methods of verifying the operating system.

2) NO DVD to install Operating system. You should be able to always reinstall the operating system without the Internet. Even though their is a installed OS install if a hard drive failure occurs it would be good to manually install.

3) Mountain Lion does not display installed updates in a single identifiable view. This existed in Snow Leopard. As with Windows and Ubuntu operating systems you should always be able to clearly identify updates on your running operating system so you can determine if any needed updates are missing.

4) Firewall off by default. Many new users probably are not aware their Mac has a Firewall and have never turned the Firewall on. I cannot conceive of a reason the firewall should be off by default.

5) The built in VPN by default does not tunnel data through the VPN. This definitely makes no sense. If you create a VPN tunnel you want your information running through the tunnel by default. What makes this flaw particularly bad is that if you create a VPN and do not check "send all traffic over the vpn connection" It will appear your VPN tunnel is working when you are using the VPN as it shows connected.

 

[Weaselboy]

1. Yes. Inside the install application is a DMG file called installESD.dmg and the installer verify the hash on that file before the install proceeds. If you look in the install.log afterwards you can see this.

2. You can use the OS installer DMG you download to make a USB installer key to set aside in case you need to reinstall without Internet access.

3. Click the Apple at the top left of the screen then About this Mac then System Report then scroll down the left under Software and look in Applications and Installations and you will see a list of applications installs/update and in installations you will see non-application updates.

4. I agree with you.

5. Dunno.

 

[leman]

1) Is there a SHA hash check for the operating system once downloaded so that the operating can be confirmed as authentic? Windows and Ubuntu have methods of verifying the operating system.

The installers are signed, which also fulfils the function of integrity checking.

2) NO DVD to install Operating system. You should be able to always reinstall the operating system without the Internet. Even though their is a installed OS install if a hard drive failure occurs it would be good to manually install.

This is never coming back. Macs don't even have optical drives to begin with. You are free to create your own USB install media if you need any.

3) Mountain Lion does not display installed updates in a single identifiable view. This existed in Snow Leopard. As with Windows and Ubuntu operating systems you should always be able to clearly identify updates on your running operating system so you can determine if any needed updates are missing.

Any missed updates will be displayed in your available updates. If you need more detailed data, you can always look at the System Information app (Software -> Installations)

4) Firewall off by default.

Its still off.

5) The built in VPN by default does not tunnel data through the VPN.

That seems to depends on the VPN type. As far as I can see, the L2PT has "send all traffic" off by default.

Edit: Weaselboy was faster

 

[macmacmacr]

1. Yes. Inside the install application is a DMG file called installESD.dmg and the installer verify the hash on that file before the install proceeds. If you look in the install.log afterwards you can see this.

2. You can use the OS installer DMG you download to make a USB installer key to set aside in case you need to reinstall without Internet access.

3. Click the Apple at the top left of the screen then About this Mac then System Report then scroll down the left under Software and look in Applications and Installations and you will see a list of applications installs/update and in installations you will see non-application updates.

4. I agree with you.

5. Dunno.

Item 2: Does Apple supply the hash value for independent verification?
Item 3: I am familiar with that view but it is not clear as to which items a updates. As an example if you look at Windows you can get a list of only updates.

 

[leman]

Item 2: Does Apple supply the hash value for independent verification?

Not that I am aware of. What would be the purpose? If you need one for whatever reason, create it yourself. You can verify the authenticity of an application bundle using the codesign tool, or simply by checking that the app starts.

Item 3: I am familiar with that view but it is not clear as to which items a updates. As an example if you look at Windows you can get a list of only updates.

Look at packages from Apple, those are the updates. At any rate, the update structure is very different for OS X and Windows, so again I am unsure why a windows-like list of updates would be useful.

 

[scaredpoet]

Item 2: Does Apple supply the hash value for independent verification?

All official update packages are signed by Apple. Yosemite-specific updates will have a certificate signing that will match this SHA-1 hash when verified: FA 02 79 0F CE 9D 93 00 89 C8 C2 51 0B BC 50 B4 85 8E 6F BF.

There's a knowledge base article that explains authenticity verification and how to manually verify the certificate fingerprint:

http://support.apple.com/en-us/HT202369

Note this is for manually downloaded updates, which you have the option of doing if you don't trust the app store. If downloaded from the app store, it does this check automatically before proceeding.

Item 3: I am familiar with that view but it is not clear as to which items a updates. As an example if you look at Windows you can get a list of only updates.

Updates get "rolled up" into dot-fixes on OS X. If, say, someone installs OS X 10.10.2, they can be certain that all updates rolled into 10.10.1 and since then have also been installed. If one were to skip over 10.10.1, and decide to update when 10.10.2 became publicly available, then the updates of both 10.10.1 and 10.10.2 would be installed at that time (via a "combo update" package). This is cumulative: if 10.10.10 ever gets released, the combo update package will have all the updates from 10.10.0 - 10.10.9 contained within.

Additionally, updates issued between dot-fixes require the most recent dot-fix to be installed before proceeding. Example: the most recent NTP security update for Yosemite requires 10.10.1 be installed. Similarly, the updates for Mavericks and Mountain Lion also require that the latest dot-fixes for those releases are installed as well.

The end result is that by seeing which version of OS X you have installed, you can look at the release notes and security updates for each release and know what's been installed.

If you do choose to use the app store to update, you can also look in the Updates section and see what updates have been installed in the last 30 days.

In any case, all of these things you list are policy decisions by Apple, not OS "bugs" that require a specific version to "correct" to your satisfaction. Item 2, Vendor-supplied media for OS distributions, for example, is a lost cause; even Ubuntu is out of that game, and Microsoft struck the death knell for their physical media with Windows 8.1. Apple does provide instructions for creating your own bootable media if you choose to do so, just as Ubuntu does for their distro.

 

[Weaselboy]

Item 2: Does Apple supply the hash value for independent verification?
Item 3: I am familiar with that view but it is not clear as to which items a updates. As an example if you look at Windows you can get a list of only updates.

I see SP pretty well covered #1 for you.

On #3 it lists any app you have installed since you first turned on your new Mac and also updates to any of those apps. For example I use the app Cookie and you can see all the updates listed from that screen here. Does that answer your question?