Web Excursions 2021-11-23

The Unexpected Return of JavaScript for Automation – Scripting OS X

  • The last major changes to AppleScript came with Mavericks and Yosemite.

    • Mavericks (10.9) included a JavaScript syntax for the Open Scripting Architecture (OSA),

      • which is the underlying framework for all AppleScript functionality.

      • Apple called this “JavaScript for Automation.”

      • Because this is a mouthful, it often abbreviated as JXA.

    • Then Yosemite (10.10) made the AppleScript-Objective-C bridge available everywhere in AppleScript.

      • Previously, the Objective-C bridge was only available when you built AppleScript GUI applications using AppleScript Studio in Xcode.

      • The Objective-C bridge allows scripters to access most of the functionality of the system frameworks using AppleScript or JXA.

  • One reason python became so popular with MacAdmins, was that the pre-installed python on Mac OS X, also came with PyObjC, the Objective-C bridge for python.

    • This allowed python to build applications with a native Cocoa UI, such as AutoDMG and Munki’s Managed Software Center.

    • It also allowed for short python scripts or even one-liners to access system functionality that was otherwise unavailable to shell scripts.

  • working with any Objective-C bridge is always fraught with strange behaviors, inconsistencies and errors and the JXA ObjC implementation is no different.

  • To call JXA from a shell script, you use the same osascript command as for normal AppleScript, but add the -l option option to switch the language to JavaScript:

osascript -l JavaScript << EndOfScript
    • For convenience, you can wrap calls like this in a shell function

  • Putting together a Command Line Tool written in Swift feels like a much more solid (for lack of a better word) way of solving a problem.

  • However, the Swift binary command line tool has one huge downside: you have to install the binary on the client before you can use it in scripts and your management system

  • Dependencies add friction.

  • This is where JXA has an advantage.

    • Since AppleScript and its Objective-C bridge are present on every Mac (and have been since 2014 when 10.10 was released) there is no extra tool to install and manage.

    • You can “just share” scripts you build this way, and they will work on any Mac.

  • you can write scripts with a swift shebang

    • However, scripts with a swift shebang will not run on any Mac.

    • They will only run with Xcode, or at least the Developer Command Line Tools, installed

  • Another area where JXA is (not surprisingly) extremely useful is JSON parsing.

    • There are no built-in tools in macOS for this so MacAdmins either have to install jq or scout or fall back to parsing the text with sed or awk.

    • Since JSON is native JavaScript, JXA “just works” with it.

From the Canyon Edge: Fingerprints Are Usernames, Not Passwords

  • We could each conveniently identify ourselves by our fingerprint.  

    • But biometrics cannot, and absolutely must not, be used to authenticate an identity. 

  • For authentication, you need a password or passphrase.  

    • Something that can be independently chosen, changed, and rotated.