Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Desktops (Apple) Apple

Apple Quietly Improves Mac Virtualization in macOS 15 Sequoia (arstechnica.com) 60

Apple's upcoming macOS 15 Sequoia will allow users to sign into iCloud and other Apple ID-related services from within virtual machines. This feature will be available for VMs running macOS 15 or newer, hosted on a Mac with macOS 15 or newer. ArsTechnica adds: But up until now, you haven't been able to sign into iCloud using macOS on a VM. This made the feature less useful for developers or users hoping to test iCloud features in macOS, or whose apps rely on some kind of syncing with iCloud, or people who just wanted easy access to their iCloud data from within a VM.
This discussion has been archived. No new comments can be posted.

Apple Quietly Improves Mac Virtualization in macOS 15 Sequoia

Comments Filter:
  • by MachineShedFred ( 621896 ) on Wednesday June 12, 2024 @10:34AM (#64543701) Journal

    Yeah, so basically they're going to stop getting in the way of what people have been doing for years with all of the security-through-obscurity crap they wedge into their iCloud authentication, such as requiring a valid hardware serial number (or at least something that looks valid enough that their system lets it through?

    All of that has been thoroughly owned already, to the point that you can run a Mac VM on Proxmox with very little trouble [github.com]. But hey, thanks for getting rid of a stupidity that hasn't even been remotely effective for the task it was designed.

    Let's just hope they don't replace it with something even stupider, which the open source community will reverse engineer and work around in about 3 months anyway.

    • by drnb ( 2434720 )

      Yeah, so basically they're going to stop getting in the way ...

      No, they may be providing the way by adding such functionality to their Virtualization API in macOS (Virtualization Framework).

  • This development looks like a possible loophole for Hackintosh developers to exploit. With Snapdragon X laptops coming out offering fast ARM performance, maybe this can be used to make your Hackintosh a "real" Mac.
  • What is the point of having a VM of macOS on macOS? Maybe if you are developing a MacOS application and you think it may be so messed up that it will destroy your whole system but how common is that? Usually the point of virtualization is to save yourself from needing another machine to run a different OS at the same time.
    • When you have your application interfacing with iCloud (for things such as subscriptions), having another macOS with iCloud available in VMs of different subscription models, permissions and perhaps under different countries (therefore legislations), all while you can stop and start then as needed without logging yourself off from your main developer or test computer, this is brilliant.

      • Ah so it's a need generated entirely because Apple chooses to make things so complex. Got it.
        • Its not Apple specific. For example you have personal, school, and professional accounts for whatever it is you do. Consider a developer, you might have multiple github accounts to keep these three separate. Or you might do freelancing, and want to have different accounts for personal and freelance use. Or maybe you want a completely separate environment for a particular freelance client. Or maybe you want different environment for different toolchains, perhaps embedded development environments that would o
          • Well if it's an employers system, you shouldn't have a personal environment on it. If it's your system, your employer shouldn't have surveillance on it. The fact that you can only have one apple profile per OS install has always been a big failing of Apple. I just didn't realise it was that bad that you had to use a guest to switch profiles.
            • by drnb ( 2434720 )

              Well if it's an employers system, you shouldn't have a personal environment on it.

              True.

              If it's your system, your employer shouldn't have surveillance on it.

              Well that's the deal for remote work at times.

              The fact that you can only have one apple profile per OS install has always been a big failing of Apple.

              No, its one profile per account, not OS install. You can have multiple accounts each with their own profile / Apple ID / etc. Like any good Unix environment, which macOS is.

              Technically you can have multiple Apple ID's on one account in a limited sense. For example you can use a second Apple ID for music. So you can have access to your personal Apple Music account on a work system. Maybe other subsystems will do this too.

              I just didn't realise it was that bad that you had to use a guest to switch profiles.

              I only use the guest for employer

              • Well that's the deal for remote work at times.

                Seriously? Only a fly by night operation doesn't send you a laptop in that situation. Also, only a fly by night operation lets employees use personal machines at all. Even my kid with a student job was supplied a laptop for work.

                You can have multiple accounts each with their own profile / Apple ID / etc. Like any good Unix environment, which macOS is.

                Yes I know you can have multiple users. I do have a macbook. I just didn't realise there were so many situations that you needed to install an entirely different OS for the sake of Apple security and whatnot. The stuff you have to do to develop on an iphone versus android is s

                • by drnb ( 2434720 )

                  Only a fly by night operation doesn't send you a laptop in that situation.

                  Nope. Sometimes you are a freelancer not an employee. When a freelancer its common to supply your own equipment.

                  You can have multiple accounts each with their own profile / Apple ID / etc. Like any good Unix environment, which macOS is.

                  Yes I know you can have multiple users. I do have a macbook.

                  Then what do you mean by "The fact that you can only have one apple profile per OS instal"?

                  I just didn't realise there were so many situations that you needed to install an entirely different OS for the sake of Apple security and whatnot.

                  Actually the stuff I listed is true or desirable under Windows and Linux as well. I would choose to use various Windows and Linux VMs are I do now even if I were hosted on Windows or Linux.

                  The stuff you have to do to develop on an iphone versus android is so tied to the OS it is ridiculous so I guess I shouldn't be surprised.

                  Nope. To develop for iPhone you install Xcode. To develop for Android you install Android Studio.

                  For example for every ios upgrade you need to upgrade xcode itself.

                  Xcode is available from

    • by mccalli ( 323026 )
      Testing is one. Won't help this year of course, but next year you could create a VM for the beta of whatever macOS 16 turns out to be, fully signed into an iCloud account. It could be the OS itself you're testing compatibility with, rather than thinking your application is going to mess up the OS.
    • For now, mostly developers or anyone that needs to test something that would otherwise require multiple physical machines. Since right now you can only virtualize macOS 15 on macOS 15, it won't do any good for older applications. A few years down the road, this will be good for running older software on macOS 15 that won't run on macOS 17.

      Most of iCloud isn't free unless your needs are tiny. They go to great lengths to make sure that the thing you pay for works on as few approved things as possible.

      • by unrtst ( 777550 )

        A few years down the road, this will be good for running older software on macOS 15 that won't run on macOS 17.

        As well as testing applications under different versions of macOS without having to own a bunch of physical mac's running various versions of the OS.

        Boggles my mind that people can't see any good use for such a feature... and this isn't a post on Quora or some bullshit - it's Slashdot! WTH?

        • I didn't realize Mac OS was so horrible for compatibility between versions. I develop on Linux or Windows and it keeps working.
    • by Malc ( 1751 )

      I do this to test new build environments or so I can have access to versions of the OS. We have some stuff that requires certain versions of Xcode and Apple heavily restrict which versions of macOS Xcode will run on.

      We also use macOS VMs in our actual build system. While the performance isn't as good as running natively, it's the most efficient way to provide older build environments that we don't need very often.

    • by DarkOx ( 621550 )

      You want to test your app on MacOS releases older, than the one you are running

      You want to test your app on MacOS releases newer than the one your are running

      Your application features some kind of messaging/collaboration and you want to test running on different hosts

      You want to test your application on a system with a smaller memory configuration

      You want to test your application interacting with other software you don't want install on your dev box, EDR tools etc.

      Your application hooks into something else,

      • It's just very disappointing that you can only run Mac OS. If I have a windows machine with vmware then I can run anything.
        • You can run Windows VM on Appleâ(TM)s virtualization layer, itâ(TM)s built around QEMU, it can do pretty much everything including emulating other CPU architectures.

          • In my experience, anything under qemu is extremely slow and barely usable. You may as well buy a mini pc for 200 and use Windows that way.
            • by guruevi ( 827432 )

              QEMU is used by every single virtualization product out there (ever heard of KVM) - Nutanix, Proxmox, RHV, OpenStack. It will be slow if it has to translate your CPU rather than just virtualize it, but you can run Windows/Linux ARM on Mac ARM or x86 on x86, even the x86->ARM translation is not half bad on Apple's chips.

              • Lets put it this way, I have never found any virtualisation other than Hyper-V and VMWare that is capable of dragging a large MS Office window across the screen without having lag and the mouse cursor moving separate from the window. I have tried with kvm (qemu) and virtualbox. Was also pretty bad with Linux/KDE as well but not as bad.
                • by guruevi ( 827432 )

                  Perhaps you don't know how to properly configure a hypervisor then, everyone is migrating away from both HyperV and VMware because they are awful products and moving onto KVM/QEMU. You'd think the likes of Amazon Virtual Desktops, the glut of remote gaming system, all the VDI in every medical, insurance and CAD outfit would not be very popular if you can't properly drag a window around. KVM/QEMU is leading the space here.

                  • No, everyone is migrating away from VMWare because they now make you pay for each core rather than each processor chip and it's way too expensive now. Qemu is free. If it was as good as VMWare than no one would pay for VMWare. The last time I used KVM it didn't even have clipboard, disk or video integration. You had to use VNC just to see the desktop.
                    • by guruevi ( 827432 )

                      Okay then, you haven't used QEMU since the early 2000s. It's 2024.

                    • I installed kvm with win10 and you're right it's a lot faster and smoother. I installed the virtio drivers and set video to virtio with 3d accelleration and open GL. It's working but I still have to set the resolution manually; though it is scaling properly and still smooth. Nor do I have clipboard integration and I can't find a way to expose local disk to the guest. Perhaps it is because my host is KDE.. I need to play around with it more. But it is good to know that this is an option at least.
                    • by guruevi ( 827432 )

                      Clipboard integration would be done through something like Spice although if you're on modern KDE, you're dealing with Wayland which doesn't have global clipboards to begin with, so it's not a problem with QEMU but with your OS.

                      Local disk sharing on Windows you must install the virtiofs: https://github.com/virtio-win/... [github.com] which is not by default installed with the virtio ISO you can get from Fedora and other places. The driver is on the ISO though.

                    • I use KDE X11 specifically for those kinds of reasons. There are just too many applications that have trouble with Wayland. In fact when the clipboard didn't work i logged out and made sure i had an X11 session. Kind of inconvenient doing multiple installs for the integration packages but ok.. thanks for telling me.
    • What is the point of having a VM of macOS on macOS?

      Any time a third party is forcing you to run some sort of supervisory software that is monitoring you. For example employer "spyware" that is monitoring activity, taking screen shots. Run this environment in a VM and do your official activities there. Check your private emails, browse slashdot, etc (during breaks) on the native host out of sight of the monitoring software.

      I guess we should now include those helpful AI's that will monitor you to learn how to best customize themselves to "help you". Run th

      • If someone is running "supervisory" software then they are sure as hell going to notice if they don't get any info about the person running a guest.
        • by drnb ( 2434720 )

          If someone is running "supervisory" software then they are sure as hell going to notice if they don't get any info about the person running a guest.

          "Supervisory" as in corporate spyware, recording keyboard and mouse activity, random screenshots, so managers can see what you are "working" on.

          Not "supervisory" in the operating system security sense.

          • I knew what you meant. You don't think they will get your keystrokes anyway? It does have to come through the host machine before it gets to the guest. Also the screenshot will still happen and they will see you are running a guest.
            • by drnb ( 2434720 )

              I knew what you meant. You don't think they will get your keystrokes anyway?

              No, because the spyware is running in the VM, not on the host.

              It does have to come through the host machine before it gets to the guest.

              ?Huh? The VM macOS downloads it. The user installs it.

              Also the screenshot will still happen and they will see you are running a guest.

              Nope. The screenshot is the entire VM macOS desktop. Which is running in a window on the host macOS desktop.

              • But then you need to use the VM for everything. I have never seen that as smooth and fast as the native OS. Also i'm sure there are differences in your screenshot that would get noticed if they really looked. In most VM hosts you cannot keep the desktop full screen 100% of the time.
                • by drnb ( 2434720 )

                  But then you need to use the VM for everything.

                  Nope. I only need the VM when working on an employers project.

                  I have never seen that as smooth and fast as the native OS.

                  I find edit / build / debug cycles to be little different. After all the computer is mostly sitting there waiting for e to type or click. If I broke out a stopwatch build would likely be a little slower. A small tradeoff for keeping spyware away from my data and activities unrelated to work.

                  Also i'm sure there are differences in your screenshot that would get noticed if they really looked. In most VM hosts you cannot keep the desktop full screen 100% of the time.

                  If they cared, a VM environment can often be noticed by simply checking for files specific to the VM software. But they don't care, the point of this spyware

  • . . . this is a development to enable their PCC environment that’s being back-ported into mainline macOS, not a relaxing of the existing security features And may well make hackintoshing harder rather than easier.
    • . . . this is a development to enable their PCC environment that’s being back-ported into mainline macOS, not a relaxing of the existing security features And may well make hackintoshing harder rather than easier.

      PCC?

      People's Computing Company?

  • it'd be nice if they stopped cripping the hypervisor -- I can't export a PCIe or TB device to a VM because the host kernel disallows it.

    • What do you mean, you can attach a raw disk to it. Itâ(TM)s right there in the framework docs how to implement it, including NBD (Ceph etc). HVF is just a QEMU accelerator for ARM, not sure if a GUI like UTM will let you get access to it.

      • by tzanger ( 1575 )

        a raw disk is a plain old block device. They made special provision to pass through USB devices, but I cannot attach an arbitrary PCIe or TB device. (This is also on intel OSX) -- Hyve can't do it, Parallels can't do it, VirtualBox can't do it, VMWare Fusion can't do it. The ability to pass through these kinds of devices appears to be disabled in the kernel.

        I'd be happy to be wrong, but I am pretty sure I'm not.

        • by guruevi ( 827432 )

          The block devices are exposed as /dev/rdiskX

          It should be possible to pass through PCIe devices purely based on the Developer docs, but I don't think anyone has developed it out yet (you'd need to create a vfio driver using DriverKit). It is technically possible, QEMU supports it, you just need to code it (https://developer.apple.com/documentation/pcidriverkit)

  • Apple is removing an anti consumer feature that it put there itself. This is not an improvement. It is at best a correction.

As of next Thursday, UNIX will be flushed in favor of TOPS-10. Please update your programs.

Working...