“eskimo”

You might have more luck asking this in over in the Apple Support Community, run by Apple Support, and specifically in the Business and Education topic area, where you’re more likely to find folks with relevant experience. DevForums is primarily focused on helping developers with APIs in Apple’s various platform SDKs, and that’s not a factor here. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Sorry I didn’t respond earlier; I was hoping that someone else would wade in. Can you post a screenshot of the specific alert you’re referring to. [quote='811856021, aaronvalentino, /thread/811856, /profile/aaronvalentino'] My team needs to understand this behavior [/quote] I’d like to clarify why that’s the case. My understanding is that, when the alert does not show up, the target app still launches, right? If so, why does it matter whether the alert shows up or not? [quote='811856021, aaronvalentino, /thread/811856, /profile/aaronvalentino'] I'm using the MSAL library. [/quote] What API is it using under the covers? I can’t really help you with third-party libraries; I need to understand what Apple API is in use. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='820718021, sivan-rnd, /thread/820718, /profile/sivan-rnd'] What are the realistic chances of getting Endpoint Security entitlements approved for this type of project? [/quote] I don’t think you’ll get a definitive answer to this here on DevForums. The folks who approve access to this capability don’t lurk here. My general advice would be to “Suck it and see.” It is possible for you to test Endpoint Security without being approved. See here. But let me reiterate this bit: Don’t disable SIP on a Mac that you care about. Finally, I want to touch on this: [quote='820718021, sivan-rnd, /thread/820718, /profile/sivan-rnd'] This is an open-source project … [/quote] Remember that capabilities are assigned to a specific team, so someone trying to build a product based on your open source would also have to apply for the ES capability. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

[quote='820632021, Pavel, /thread/820632, /profile/Pavel'] How does macOS handle coexistence between multiple Transparent Proxy providers … ? [/quote] Generally, traffic in transferred from one proxy to the next to the next, but there are a couple of things to watch out for. First, the order in which transparent proxies load isn’t specified unless the proxies are configured by the device manager with an order property. Second, each flow received by the proxy has a metadata value. If your proxy wants to ascribe a network connection to that flow — so that subsequent subsystems in the chain understand that this network connection is ‘owned’ by the original application — it must apply that metadata to the flow. With Network framework you do that by applying the metadata to the parameters used to create the connection, using either the setMetadata(_:) method or the setMetadata(on:) method, depending on whether you’re using C or Swift. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ A

[quote='820645021, Np_dev, /thread/820645, /profile/Np_dev'] Raised a feedback assistant request … FB22339653 [/quote] Thanks for that. A bug report is clearly the correct path forward here. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

I can’t help you with the third-party tooling side of this. My advice is that you set up a small Xcode test project to exercise the APIs in question. If you get stuck with that, I’d be happy to help. Once you get that working, you can translate that knowledge to your third-party environment. And if you have problems with that, you can seek help via its support channel. However, I can tell you that this is wrong: [quote='820580021, i12n, /thread/820580, /profile/i12n'] I do have these entries in my Entitlements.plist … com.apple.developer.music-kit [/quote] MusicKit is one of the most commonly hallucinating entitlements. Indeed, I listed it, with a slightly different spelling, in Determining if an entitlement is real. Oh, and if you were using a modern version of Xcode, it would’ve told you about this, which is another good reason to prototype this stuff in Xcode. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

I’m not sure what’s causing the main error here, but let’s start with endpoints, and specifically my NWEndpoint History and Advice post. This explains the general landscape. NEAppProxyUDPFlow has read and write methods that use Network.NWEndpoint type. See here and here. These are the Swift async versions; there are also equivalent completion handler versions. In terms of how to handle endpoints, it’s best to approach this from the perspective of the client, that is, the DNS client that’s issuing DNS requests to resolve queries. And specifically a BSD Sockets client, which will: Open a socket. Optionally connect the socket to an endpoint (aka address). Send a datagram. If it connected the socket, it can call one of the send routines that doesn’t take an endpoint. If it didn’t connect the socket, it must supply an endpoint at this point. Receive a datagram, along with the source of that datagram. From your perspective steps 1 and 2 result in a new flow. If you want to know what endpoint the client connected to

What Ed said plus… Keep in mind that Rosetta will continue to function on older releases of macOS. So no matter what happens in the future, you can test these small programs by running them on, say, macOS 26 in a VM. Oh, and what’s the name of your YouTube channel? I’m always happy to learn about folks teaching assembly (-: even if it is Intel assembly )-: Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Thanks for bringing this to the forums. [quote='820659021, idopte, /thread/820659, /profile/idopte'] returns the following error: Domain: CryptoTokenKit Code: -2 [/quote] That is TKErrorCodeCommunicationError, aka TKError.Code.communicationError in Swift. This is a very generic error that basically means that something went wrong with… well… the communication with the smart card. [quote='820659021, idopte, /thread/820659, /profile/idopte'] At this point, the system appears to be stuck in a non-recoverable state which affects all readers and cards [/quote] Yeah, that’s not good. This is clearly a bug and I appreciate you filing a bug report about it (FB22339746). I took a look at your bug and noticed that you haven’t attached a sysdiagnose to it. Or, more accurately, it says that there’s an associated sysdiagnose log but it hasn’t finished uploading. Please run Feedback Assistant on the iOS device that captured the sysdiagnose log and check on its upload status. Alternatively, export the sysdiagnose log to you

Annoyingly, Xcode has a bug that prevents it from exporting Network Extension apps correctly. See Exporting a Developer ID Network Extension for the details. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Hello, Eskimo. I think I was reading this topic and then suddenly redirected to the Unauthorized page. There is no URL for the latter. Safari's History doesn't show the dates. So I cannot be certain although I have the creation date of the initial screenshot. After thread 820562, it's App Store Connect Screenshot Upload. That's when I came here to post this topic, I suppose.

[quote='820631021, Pavel, /thread/820631, /profile/Pavel'] Is it possible for a Network Extension … to act as a client for an XPC service hosted by a Launch Daemon … ? [/quote] Yes. The trick is to use an app group. Sign your client with an app group ID and then, in the MachServices property of the launchd daemon, set the XPC endpoint name to be a ‘child’ of that app group ID. See the discussion in App Groups Entitlement. App groups are a bit tricky on the Mac. See App Groups: macOS vs iOS: Working Towards Harmony for the full backstory. Given that your client is sandboxed, it must claim access to that app group ID. And in that case I strongly recommend that you authorise that claim via a provisioning profile. Your launchd daemon is (presumably) not sandboxed so it doesn’t need to claim access to the app group ID. However, if you decide to make that claim then my recommendation applies there as well: Authorise the claim with a provisioning profile. If you claim access to an app group and don’t authorise that

[quote='820695021, blackson, /thread/820695, /profile/blackson'] when NetworkExtension Activiate. [/quote] What do you mean by “NetworkExtension Activiate”? The Network Extension framework has many different subsystems, many of which can affect the Wi-Fi join process, so I need to understand which one is involved before I can offer any guidance. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

Please share the URL of the thread in question. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

There are two parts to this: Technical — What APIs are involved? And what TCC privileges do they need? App Review — What is or isn’t allowed on the App Store? I work for DTS, not App Review, so I’m only able to comment on the first part. I’ll come back to the second part at the end. From a technical standpoint, there are three TCC privileges involved: PostEvent — This controls the ability to post UI events, for example, by calling the CGEvent.post(tap:) method that you mentioned. ListenEvent — This controls the ability to monitor UI events on a system-wide basis, for example, with a CG event tap [1]. Accessibility — This is aimed at accessibility products, and controls a wide variety of things, including the ability to example the UI state of other apps. Note I’m using the service names that you would pass to tccutil, as explained in this post. These privileges are represented in System Settings > Privacy & Security, but in a non-obvious way: Both PostEvent and Accessibility map to Accessibility. Liste