Why a Mac Mini?
I sent back my Apple DTK (the prototype ARM-based Mac computer which was kind of an iPad in a Mac Mini case) and in return Apple sent me a voucher which enabled me to part finance an M1 Mac Mini. I could not justify a Macbook Air or Macbook Pro at that time, (although I have since also bought a Mac Studio and a Macbook Pro M2). It arrived on the twentieth anniversary of the introduction of Mac OS X! It was built to order in Shenzen, China. The logistics at Apple never cease to amaze me.
Anyway, I thought I would document the setup and first impressions here. Mac mini, now with an M1 processor should be an impressive computer. The M1 processor brings an 8-core CPU which Apple claim dramatically accelerates demanding workloads, from compiling a million lines of code to building enormous multitrack music projects. An 8-core GPU delivers up to a massive 6x increase in graphics performance, allowing Mac mini to tackle performance-intensive tasks like complex 3D rendering with ease.
TL:DR macOS customisations, might be helpful for someone.
This Mac Mini is 16GB (the maximum) and 512GB of storage (the maximum I could justify to myself). Originally it was provided with macOS Big Sur but can be updated to the latest release of macOS. This article was written when macOS Big Sur was the latest release of macOS.
The initial setup is exactly the same as an Intel based Mac running Big Sur. The Setup Assistant has a series of steps which set the country, accessibility settings, networking and user accounts with Apple ID. It left me with a desktop, and my new user account. I opted not to migrate this time, I fancy a fresh home folder after twenty years! Unfortunately the computer name "Angus's Mac Mini" won't do, but Apple chose it for me and didnt let me adjust it. I chose "m1n1"
Setting the computer name from the command line on macOS Big Sur
% scutil --set ComputerName "m1n1"
% scutil --set LocalHostName "m1n1"
% scutil --set HostName "m1n1"
Thats better. Computer names are quite important to me, need to be lower case for me, and need to be recognisable.
First things first. Steve Jobs coined the phrase "BYODKM" — Bring your own Display, Keyboard and Mouse back in 2005 and its still true. All that was in the box was a power cable and the usual warranty docs and stickers.
I am well prepared, given I was using the DTK before, I have a 34in Ultrawide Monitor with HDMI input. A handy wired Ethernet, external speakers, and a USB switch which warrants a bit more explanation.
There have been some reported problems with using wired keyboards, even old Apple ones which I prefer, with the new Mac Mini. (see Apple Discussions). I use a 4 in 4 out USB switch made by Aimos which allows up to 4 computer to share 4 USB 2.0 peripherals. I use these for my wired mouse, wired keyboard and 2 USB security keys because I have multiple computers. This is not a monitor sharing device - just the Keyboard, Mouse and Keys. It doesn't need any drivers and it 'just works'. The old wired Apple A1243 standard keyboard I prefer isn't recognised anymore by the keyboard setup utility (and why should it be, it was discontinued years ago) but it works fine!
Security hardening considerations.
- Handoff — Handoff needs to send some data to Apple iCloud in the US to work, so in some way it is leaking your data. If you value security over convenience you can disable it in System Preferences -> General and Un-check "Allow Handoff between this Mac and your iCloud devices".
- While you are there set "Show Scroll Bars" to "Always". It is better that way.
- Guest User — System Preferences -> Users & Groups -> Guest User is off by default. Make sure it is off to disable guests ability to log in to this computer"
- Diagnostics — You can disable sending stuff to Apple in System Preferences -> Security & Privacy -> Privacy -> Analytics
- Privacy — You should periodically review the other privacy settings in System Preferences -> Security & Privacy -> Privacy - Does your weather app need to know your location? Probably. Does it need Accessibility control to read your keystrokes and spy on you? Time to find a better weather app.
- Locking — Enable password locking in System Preferences -> Security & Privacy -> General to secure your computer should you walk away from it.
- Enable the Require Password option and choose Immediately or 5 seconds from the pop-up menu and you’ll be required to enter a password to use your Mac after it’s gone to sleep or the screen saver has started. The shorter the time interval you use in this feature, the better. Again it is a balance between security and convenience.
- Advanced Security and Privacy settings - Go to: System Preferences -> Security & Privacy > Advanced.
- Check "Require an administrator password to access system-wide preferences".
- Enable logout after 60 minutes of inactivity while you are there.
- Firewall - Enable the firewall in System Preferences -> Security & Privacy -> Firewall. The firewall is a network filter that allows you to control which apps, programs and services can accept incoming connections.
- Click the Turn On Firewall button. This basic option is the best for most purposes. Developers will need to set Firewall options for dev tools and utilities to work.
- FileVault - Enable FileVault in System Preferences -> Security & Privacy -> FileVault. It encrypts folders including OS X system files, applications, caches and other temporary files; any of which may contain personal or sensitive information.
- To set up FileVault, Turn On FileVault. Note this may take a very very long time. Once started leave it to finish. A Friday evening task.
- Network interfaces - Lessen the attack surface for attackers by disabling unused network interfaces in System Preferences -> Networks
- To disable, go to Network system preferences, and then unlock the preference pane, after which you will be able to Click the gear for a particular setting to mark it as inactive. As a rule you probably only need Ethernet and WiFi. If you dont know what it is you probably dont need it.
- For Ethernet and Wi-Fi network interfaces, find the Internet Tab and set ipv6 to "link local only"
- Turn Bluetooth off altogether if you dont use it
- Spotlight - Disable Siri Suggestions in System Preferences (it sends your search to Apple) -> Spotlight, Un-check "Siri Suggestions" in "Search Results". Review private folders you do not wish to show up in search results.
Ive adjusted grid spacing, text size and turned on item info, in "view options". You have to do this with no window open so it applies to the desktop. Ive also in Finder preferences set Hard disks to visible, new finder windows to my home folder, and to show all filename extensions.
See also: -