How to recover from Mac Book Pro catastrophes

Synopsis

DISCLAIMER: This article applies to Intel based MacBook Pro 4th generation models with a Touch Bar (2006-2020.) The methodology given in this article may not directly apply to earlier models and may be different for Apple Silicon models.

There are many ways your MacBook Pro may get corrupted. As a result you may not be able to reboot or login. 

What do you do?

In this article I will outline a general approach on how to recover your MBP laptop from catastrophic failures. Then I'll describe specifically what worked for my usecase.

More reading: Mac Book Pro (Wikipedia)

Preventive measures against disaster scenarios

Before the catastrophe hits, you should consider what you can do to increase your chance of recovery in case it happens. 

There are three kinds of loss (from most critical to least)

1. User data (non-recoverable); for example, photos, documents, scans, tax documents, and anything deemed to be private .
2. Application data; for example, installed applications.
3. Hardware; i.e. your Mac Book Pro. 

Here is a checklist:

1. Make sure your data are backed up consistently (automatically) either in the Cloud or using Time Machine. This way you will always have a good latest snapshot of your data. For example I backup my Macintosh HD using Time Machine on an external SSD drive, an APFS (Encrypted) formatted volume which is set to trigger backup every hour. 
2. Ideally external backup SSD drives should further be backed up and physically stored securely offsite against natural catastrophes such as fires, flooding, or theft. Even if you don't implement offsite storage, make sure your user data are not just stored on an external drive but on a cloud location as well. 
3. Backing up private user data is more crucial than applications. You can almost always recover applications once your system is back. For example I have another external SSD APFS (Encrypted) volume synchronised with Dropbox Cloud where I keep my most critical private user data. 
4. Against theft, make sure Macintosh HD and all external SSD drives are APFS (Encrypted) formatted with password protection, and the password is known by another trusted person at all times. This means the external SSD drives and Macintosh HD has no use for others if they are stolen or lost.
5. Make sure FindMy application can find your laptop in case you lost it and you want to erase  it remotely to mitigate attempts of sensitive data theft.

Recovery process

Recovery is the process of restoring your laptop in working order, including full access to user data.

Your laptop can become unusable under these scenarios:

• You erased Macintosh HD remotely against data theft because you had physically lost it. But then you found it and everything was erased.
• You corrupted the system in such a way that you cannot login. This can happen if you mess up with user accounts, Unix permissions, or when disk corruption occurs.

More reading: How to reinstall macOS

Notes:

• Start up from macOS Recovery procedure can be different depending on if your machine is Intel based or Apple Silicon. Make sure the read on above link carefully.
• Whatever the recovery key option you press and hold, on Intel machines you need to wait until the Apple logo appears in order for the designated action begins.

For example, when you press and hold Command-R keys at startup, Recovery will offer the current version of the most recently installed macOS.

When you see a window with the option to reinstall macOS, this means your Mac has successfully started up from Recovery.

If you already have a Time Machine backup you may restore your system from it. 

If that doesn't work, or you don't have a Time Machine backup, open Disk Utility and repair the volume Macintosh HD. 

If that doesn't work, use Disk Utility to erase the volume Macintosh HD. Then Reinstall macOS Sonoma on newly erased Macintosh HD using the relevant option.

How I fixed my problem

I have recently acquired a used MacBook Pro 2018 (Intel.) with Sonoma macOS installed. I wanted to change the default Admin user name. 

I used ChatGPT to help me in renaming the user name. Eventually after spending hours of following elaborate ChatGPT instructions, I ended up with a machine I could no longer login. 

CAUTION: ChatGPT is a great AI tool. But beware, it can hallucinate and give you wrong answers.  Always verify the information with a second method (eg. Google.) 

Startup key combination

A MacBook Pro can be restarted with a set of key combinations each corresponding to a unique recovery scenario.

More reading: Mac startup key combinations

Attention: there are subtle differences between startup key combinations. For example I tried rebooting with Command-S and login but that didn't work. Later I discovered on the 

Mac startup key combinations page this feature was disabled on macOS Mojave or later."

If you have another Mac (in good working condition) you can connect to the troubled machine using Target mode. 

I  connected  my working MacBook Pro (mid-2014 BigSur) and rebooted the 2018 machine with T key (Target mode.) In this mode I could see the contents of the 2018 machine from the 2014 one. 

Target mode can be useful if you want to copy user data from the corrupt target before you erase its contents.

To fix my problem I booted the target in Recovery mode with Command-R (until Apple icon appears), then I erased the Macintosh HD using the Disk Utility option. After that I reinstalled macOS Sonoma using the relevant option.

iTerm2 - How to auto-close sessions and auto-exit when last one closed

 Problem

There are two problems when you close sessions and windows in ITerm2.

When you gracefully exit from ITerm2 sessions with a recommended exit command;

1. Closed sessions leave them dangled until you Bury them (with Bury from context menu) or close with the cross-sign  'X'  on top left. That is an extra useless step.
2. When last session is closed iTerm2 is still left running (on the Mac menu bar.) Why not quit at the same time?

This iTerm2 window has two sessions:

Exiting from the RHS session leaves a useless pane on the right:

You can close it with the cross on the top left of the session pane, but that is an extra step.

Moreover closing the window with the last dangled session, does not close the ITerm2 app. Why not quit at the same time?

Solution

1. To fix dangled sessions after exit, go to iTerm2 Preferences, Profiles/Session tab. Under Closing, "After a session ends" dropdown, select Close.
2. To quit iTerm2 when last session is closed, go to iTerm2 Preferences, General/Closing tab. Tick the checkbox "Quit when all windows are closed".

New frontiers

It has been six years since I wrote here. There had been the grind of full time work and Covid.

Now that I am working parttime, I have more time for my fun projects, these are given below.

• Read Take control of the Mac Command Line with Terminal, Joe Kissel.
• Tune up iTerm2, and make use of panels for more productive use.
• Go through latest React tutorial.
• Learn Next.js.
• Re-write modern version of my online password manager using Next.js.
• In full CRUD (Create-Read-Update-Delete) mode.

.. more to come in this space..

Express, React on Elastic Beanstalk - Tutorial

In this tutorial I am going to show you how to build a secure website using:

• AWS Elastic Beanstalk 
  With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications.
   
• React 
  A JavaScript library for building user interfaces.
• Express 
  Fast, un-opinionated, minimalist web framework for Node.js.

AWS Elastic Beanstalk uses an AWS EC2 service which is not free. A very basic EC2 instance type t1.micro that includes 600MB disk space and 1 core CPU will cost you around ~16 AUD a month. A domain name from Amazon will cost you  ~16 AUD a year. We are looking at spending a little over 200 AUD a year just to keep this very basic website up and running.

The minimum strength instance type is t2.nano which costs 0.008 $

In return you will have a highly available secure website. Amazon will autoscale your application using a nginx load balancer, so your app will always be available regardless of load. The load balancer will also funnel through https requests into your web server.

AWS elastic beanstalk, Node.js, Aurelia and ESNext

Long story short, I decided to write a web based password management app using the AWS elastic beanstalk stack. The motivation came from:

• I  withdrew MiniBluebox, a simple password manager app I wrote, from the Apple App Store in 2016. Since then it became increasingly difficult to keep up with changes Apple introduced on their iCloud/IOS/OSX ecosystem. On some new iPhone models, iCloud synchronisation started to play up and fail. There are also rumours that in late 2017 Apple will drop support for 32-bit apps. Hence MiniBluebox app will simply disappear from all IOS devices with its data. I need a more reliable infrastructure to serve my apps. 
• I would like to move away from Apple ecosystem and develop cloud based, service oriented web apps using Open Source technologies. This has many advantages:
• Open source is cheaper
• Open source is incredibly dynamic and fertile
• Brand agnostic (web apps work on all platforms, desktop or mobile
• Service oriented apps are extensible
• Leverage my existing AWS knowledge I have been acquiring for over a year.
• Learn about new technologies such as AWS elastic beanstalk, React.JS, and ESNext.

In this blog I will be writing more about my findings as I go along. Stay tuned.

git notes

Create a project directory, initialise git repository and copy some files:

mkdir gitter
git init
ls -a
. .. .git
git add -n /Users/ergun/gitter/         // -n: dry-run

git add /Users/ergun/gitter/            // actual add (stage)
git commit -m 'initial project version' /Users/ergun/gitter/


You may use add command to add new files or stage modified files.

Only staged files can be committed.

This is how you exclude DerivedData folder under your project folder:

Edit .git/info/exclude and add this line:

DerivedData/

x

IOS Provisioning

Creating a Developer Certificate

When developer certificate is close to expire or you have provisioning conflicts you may need to have a fresh start. Start with creating a new certificate:

1. Revoke the old certificate from IOS portal/Certificates
2. Create a new certificate from Keychain Access on Mac using KeyChainAccess/Certificate Assistant/Request a Certificate From a Certificate Authority menu option and Save to Disk.
3. From IOS portal/Certificates upload new certificate then Submit. Refresh browser.
4. Download IOS Development Certificate (ios_development.cer) and run.

Remove the duplicate development certificate

This step is required to fix an error when you build your project in XCode, after installing new certificate:

CodeSign error: Certificate identity 'iPhone Developer: XXXX (12345678)' appears more than once in the keychain. The codesign tool requires there only be one.

Somehow the old developer certificate is cached in XCode and added to KeyChain. To fix this it needs to be removed from KeyChain. The old developer certificate has an earlier expiration date and it is labelled as "iPhone developer..".

1. Exit XCode
2. In KeyChain Access under Login KeyChain/My Certificates category remove the old developer certificate starting with "iPhone developer..".
3. In KeyChain Access under System KeyChain/Certificates category remove the old developer certificate starting with "iPhone developer..".
4. Start XCode. This may recreate the old certificate again. Repeat steps 2 and 3.

App IDs

On the Provisioning Portal App IDs section enable required entitlements (such as iCloud) for both wildcard XXXXXXXXXX.* and XXXXXXXXXX.com.company.product.* App IDs. Enable all entitlements for simplicity.

Create Provisoning Profiles

On IOS Provisioning Portal delete all provisioning profiles under Provisioning section.

You need to create:

1. A Development Provisioning Profile for wildcard App ID
2. An AppStore Distribution Profile for product App ID
3. An Adhoc Distribution Profile for product App ID

On XCode:

1. Remove all provisioning profiles under Organizer/Library and Organizer/Device sections.
2. Under Library/provisioning Profiles click Refresh on the bottom right.
3. Check that under Organizer/Device required profiles were created. If not drag them from Organizer/Library section.

Setup XCode

On XCode

1. Create two Schemes "Adhoc" and "App Store" from Product/Edit(New) Scheme.
2. Set Archive/Build configuration of Adhoc scheme to "Adhoc distribution"
3. Set Archive/Build Configuration  of App Store scheme to "Release".
4. On Build Settings/Targets pick Ad Hoc Distribution Profile for  Ad Hoc Distribution Code Signing Identity.
5. On Build Settings/Targets pick Team Provisioning Profile (generated by XCode) for  Debug Code Signing Identity.
6. On Build Settings/Targets pick App Store Distribution Profile for  Release Code Signing Identity.
7. Delete Product.entitlements file.
8. On Targets/Summary check Entitlements box and fill relevant entitlements. For example if your app uses iCloud, check Enable iCloud checkbox and add your product App ID to Ubiquity Containers section.
9. Some sections will be filled and created by XCode.

If you complete all above successfully you should be able to Debug your app on a connected device, upload your app in Ad Hoc distribution mode to your device, upload your app to App Store, or run your app on a simulator. 

When you are ready to submit to App Store make sure to pick up the App Store Scheme, then Archive.

References:

Video on certificate creation:

CodeSign error: Certificate identity 'iPhone Developer: XXXX (12345678)' appears more than once in the keychain