Episode 284: Rich Trouton on Apple Device Management, 2nd Edition

Meter is the easiest way for businesses to get internet, networking, and WiFi. Our full-stack approach combines hardware, software, and operations so that any company can seamlessly run on a reliable and modern network.

• Streamlined installation: We take on the complexities to make designing and deployments easy, fast, and stress-free. We manage the entire installation process, and provide ongoing maintenance and support.
• Network hardware, security & management: We design and build our own controllers, switches, and wireless access points. After the network is deployed, review your speed, usage, and security in one unified dashboard. No need to hire vendors in every location or have IT teams fiddle with manual configurations — everything is automated with our software.
• Simple pricing: Pay one monthly rate with no up-front costs for installation, configuration, or hardware.

---

James Smith:
This week’s episode of the Mac Admins Podcast is brought to you by Kandji. Automation in IT is a hot topic and for good reason. Automating repetitive tasks frees you to focus your skills on more strategic projects that move the needle for your organization. Kandji, the Apple Device Management and security platform features over 150 prebuilt automations to multiply your effectiveness and impact daily. To see how to take the repetition out of your to-do list, visit kandji.io. That’s K-A-N-D-J-I.I-O.

Tom Bridge:
Hello and welcome to the Mac Admins Podcast. I’m your host, Tom Bridge. And Marcus, how are you this morning?

Marcus Ransom:
I am fantastic. I’m officially on holidays for a week. The rest of Australia is going to be on holidays. For those listening at home, this is going to be a little bit weird. I’m talking in the past, even though for most of you I’m in the future so this is about a week ago. We’re a nation in mourning at the moment, at least some of us are and I’m on holidays. Six months after I started my job, really looking forward to having a week off.

Tom Bridge:
Yes. That’s fantastic. Do you have any exciting plans for the week off?

Marcus Ransom:
My daughter’s getting her wisdom teeth taken out tomorrow, so that’s pretty much stymieing going away or anything like that but no, really just hanging around with no plans is really what I’m looking forward to. It’s been a very busy-

Tom Bridge:
That-

Marcus Ransom:
… six months.

Tom Bridge:
… honestly sounds amazing. So I hope that’s everything that you hope it can be, and I hope her recovery is easy. No yard work allowed.

Marcus Ransom:
No, no. Although when I had my wisdom teeth taken out, this wasn’t a thing so maybe you can confirm to me that of course she has been going to TikTok as teenagers do these days to understand how the world works and TikTok tells her-

Tom Bridge:
Of course.

Marcus Ransom:
… apparently it’s a thing that people in inverted commas, air quotes, “go crazy” in recovery of their wisdom teeth coming out, which was never a thing for me.

Charles Edge:
Well, I guess if they go-

Tom Bridge:
I was high as a kite.

Charles Edge:
I guess if they go dry sockets and you get infected, it could make you go wackadoodle but you know.

Tom Bridge:
Yeah, I was going to say I was high as a kite and there’s no question I was on a lot of Vicodin if I-

Charles Edge:
I went to work afterwards.

Tom Bridge:
Yeah, I went to back to work and then I went to a baseball game but I was high for both of them.

Marcus Ransom:
But Charles, could they tell the difference is the important thing. I mean…

Charles Edge:
Well, what are you going to do?

Tom Bridge:
Yeah. And how are you going, Charles?

Charles Edge:
Oh, I’m good. Still no food, but drinking lots of drinks, so…

Tom Bridge:
All right. And I was going to say clean shaven as well. Yeah, I miss the beard.

Charles Edge:
Yeah, I just randomly was like… I just dropped 30 pounds and I was curious what I looked under the beard.

Tom Bridge:
Glad you’re continuing to recover. We’re all thinking happy thoughts for you to get some food real soon.

Charles Edge:
Thanks, me too.

Tom Bridge:
We have an amazing guest back on the podcast. Welcome back to the pod Rich. It’s been almost a year since we saw you last. It’s certainly an interesting time these days. How are you holding up?

Rich Trouton:
I’m doing okay. We’re getting ready for the Ventura rollout at work. And in my own personal life, I’ve been trying to build a video arcade in my office, but I’m kind of short on space. So what I’ve been doing is, they make quarter scale arcade cabinets and I’m basically building-

Tom Bridge:
Oh wow.

Rich Trouton:
… a video arcade on my bookshelf. And it’s kind of fun. I’ve got Dig Dug, I’ve got Galaxian and to power it all, the company that makes these have a Polybius cabinet. I don’t know if you guys are familiar with Polybius, but it is an urban legend from, I think it was Portland, Oregon in 1981 where Dark forces from the government set up some sort of video game that was supposed to something? I think the idea came from the Last Star Fighter or something like that where the Star League sets up testing machines. But at any rate, so the Polybius cabinet isn’t actually a game. What it is, is a USB hub that powers the rest of the cabinet so far. So I’m up to three on the bookshelf so far. I think I’ve got room for one more, so we’ll see what comes next.

Charles Edge:
So if you have four quarter cabinets, you have a cabinet.

Rich Trouton:
Yes.

Charles Edge:
And you have a USB hub so you can bust out Apple configurator and image the heck out of those things.

Rich Trouton:
Yes. I think Polybius using the Dark Forces computer game for imaging sounds, excuse me, imaging is dead, for DFU restores sounds like a capital idea.

Marcus Ransom:
Sure. Sean Reagan will point us in the direction of the Apple support article explaining all of this I’m sure.

Rich Trouton:
I’m sure. It’s somewhere in there. Apple’s got me covered.

Charles Edge:
So the good developers at Apple, they throw us new and exciting curve balls with every new release it seems and this means that books like the one you and I did a few years ago now can’t just kind of sit on the shelf for five or seven years like in some previous eras, but have to be refreshed routinely. And the first edition of the Apple Device Management book was over 500 pages, almost 800 if I remember correctly, and you and I kind of wanted to keep the page count about the same, but there’s so much new crap to shoehorn in there.

Charles Edge:
That means some stuffs got to go every time a new thing comes out or we just truncate the description of the new thing. I guess we’ll name names there later in the episode, but it’s kind of like this perfect time to step back, take stock, and look at how the broader device management landscape kind of shifts and I guess what admins need to know for the future to future-proof some of those deployments. So the first edition of the book was released in 2019, 3 years later, can you tell us a little about what you’ve been putting in or taken out?

Rich Trouton:
So I would say the biggest change that I’ve been seeing so far is simply the stuff that has to do with Apple silicon, that simply didn’t exist when we wrote the book the first time. So I’m having to put in new information simply regarding Apple silicon. And I mean we’ll be talking more about this, but one thing in particular is that the Intel Macs and the Power PC Macs before them had a number of keyboard keys that you could hold down at startup to make Mac do various things. And on Apple silicon, you’re really just down to one. You hold down the power button and it brings up the menu and the menu lets you choose stuff but you can’t hold down end and NetBoot anymore, NetBoot’s dead. There’s no option for, hold this down and you boot straight to recovery.

Rich Trouton:
You got to hold down the power button and go to this menu. And from there you’ll be able to select the options that you have. So I’d say that right there, especially for a number of Macs Admins who just kind of memorize this stuff and for Apple silicon, there’s really just one button, you hold down the power button. And that seems a little strange because holding down the power button, you were like, “Well that sounds like something I don’t want to do because that’ll shut the machine off.” But on Apple silicon, nope, it’s fine.

Charles Edge:
Yeah. I cut the entire appendix. I went to work on NVRAM and I was like, “Nope, just delete, move on.”

Rich Trouton:
Yeah-

Charles Edge:
Because just before-

Rich Trouton:
… I was going to say, not a setting you have access to anymore.

Charles Edge:
Nope, nope. And all the SIP stuff, and I do think that the SIP stuff or rootless or whatever you want to call it, it just keeps eking out more and more. One thing that really caught my attention was we were still doing kext approvals in the first edition and now a lot of the technology lives in the exact same directory structure. So if you go under the hood with an MDM profile, we approve these other things that have kind of replaced kexts that we want to approve, whether it’s privacy payloads or system extensions. They kind of live in about the same place and they work the same under the hood. But now we’re not dealing with kexts, we’re dealing with other stuff and

Rich Trouton:
The functionality still there. But do the kernel extensions themselves, I mean going back to apple silicon, the only way you can get a kernel extension working is if you write it for apple silicon. And apple, from what I understand is being very reluctant to hand out signing certificates for that.

Charles Edge:
Understandably.

Rich Trouton:
They want kernel extensions gone. And I’m like absolutely. So it used to be that SIP was how it handled kernel extensions and that’s that functionality is still there, but it’s much less important than it was because kernel extensions are heading out.

Marcus Ransom:
But also think about it in terms of, I remember when kexts first started going away and we all had these challenges with all of the various kexts that just wouldn’t go away. But now you sort of fast forward to where we are now and you just think that’s one less thing we’ve got to worry about. We’ve got a whole bunch of other things we have to worry about. But having to deal with those nuisance kexts that always managed to find their way into your deployment, it’s mostly they’ve just gone away.

Charles Edge:
And how many issues do you have with system extensions? I can’t think of the last time I had to troubleshoot something unless I was actually writing code. These things just load and-

Marcus Ransom:
It’d be nice to be able to handle multiple network extensions or have ways of dealing with that. But aside from a few edge cases, the sharp edges have mostly gone away.

Rich Trouton:
And I definitely appreciate that system extensions are generally easier to work with than kernel extension. You simply don’t have the kind of surprise of, well this security tool uses a kernel extension and because of that, when you try to upgrade to the next version of macOS, your machine simply could crash. That simply doesn’t happen. Or at least I haven’t seen it happen. We have system extensions. I mean it could be someone wrote an incredibly badly functioning one that maybe does that, but since kernel extensions had direct memory access and system extensions don’t, the danger of that is so much less.

Charles Edge:
And they can’t be invaded with dylibs. There’s just all these other issues that don’t crop up that if you were running another one that was using the same dylib, you might crash something somewhere, and also the security issues, but from a usability perspective, beach balls are worse than security issues sometimes. So it’s definitely, it’s interesting to take a step back and be like, “well that was a total pain but I guess it was worth it because it’s so much easier now.”

Rich Trouton:
And one thing that I think developers themselves might appreciate is that debugging kernel extensions was incredibly difficult.

Charles Edge:
Oh yeah. LLVM and-

Rich Trouton:
Yeah,

Charles Edge:
Go ahead. Yeah.

Rich Trouton:
And system extensions, since they’re running in the OS, you can debug them, you can the rest of your applications so you don’t have to jump through all these. For example, I remember years ago I had to set up Kernel Extension login that when the machine crashed, it set up this UDP connection to another machine and kind of squirted the logs over there and that was the only way you were going to get good logs on what happened. And I was like, “that’s the only way we can get good logs on what? All right.” And it was UDP so if the other machine missed it, that was it. You try again.

Charles Edge:
It’s better than taking a photo of a blue screen of that in the airport, right? I mean-

Rich Trouton:
Very true. So there’s definitely been some improvements over the past few years and one thing that I also very much appreciate is that we’ve gotten to the point where an OS upgrade for the most part is just routine. You don’t have the concerns that you had years ago when you maybe wanted to plan out this elaborate thing that could only be run by IT. These days, at least in my shop, what we’re doing is we just tell folks on release day, just upgrade. And for the most part that’s it.

Charles Edge:
Yeah, I remember some of those 10.5 to 10.6 or 10.4 to 10.5 upgrades that were just months of planning and total nightmares.

Speaker 7:
This week’s episode of the Maced Bins podcast is brought to you by Black Glove. Black Glove is about to be your new favorite IT partner. They provide ongoing expert support and rapid deployment services for your current, new or refreshed Apple fleets. But what they’re really providing is complete peace of mind that your technology is safe, secure, and operating at its full potential. So no more quick and expensive calls to the Geek Squad or Apple support.

Speaker 7:
Black glove’s strategies and fixes are from the hands and minds of former Apple engineers. So not only is the expertise of this team unmatched, but their services are affordable and easy to get started too. Fortune 500 companies and small budding businesses alike are working with Black Glove to ensure their Apple technology is doing exactly what they need it to. Whether it’s helping manage your remote teams’ devices, transitioning your device management system, onboarding new employees or casing tagging and tracking your devices, Black glove can handle it all. They’re also just really great people to work with. In fact, mention this podcast when you reach out to them and the black glove team will sponsor the next generation of Mac Admins through our Mac Admins foundation. You can learn more and get started at blackglove.com. That’s B L A C K G O V e.com. And while you’re at it, ask them why they’re called black glove. It’s a clever nod to how white glove services just don’t cut it for IT.

Marcus Ransom:
Rich, have you found the need that previous upgrades have always entailed where there was a pre-up upgrade policy or workflow you would need to run where you’re looking at all of the things that need to be upgraded or modified before you upgrade to prevent it from crashing? The timing of when those things need to happen doesn’t seem as critical anymore. It may be that a particular application won’t work until it updates, but that application isn’t necessarily going to break the upgrade like we would see before.

Rich Trouton:
Yeah, I haven’t seen too much of that. Where I’m seeing that honestly, and hopefully declarative MDM is going to help with this, is that folks want to have a profile in place to manage some things as soon as the OS upgrade happens. And right now that means that you got to figure out how to deploy that profile as close to the upgrade as possible. Because if deploy those profiles to the previous operating system, they simply will have no effect and they won’t do anything when you get to that upgraded OS. So I would say that’s probably the most significant remaining challenge that I’m seeing at this point.

Tom Bridge:
And yeah, making sure those login items profiles get there and when they’re supposed to, which is right after the Mac OS 13 update. And it’s certainly a place where we’ve been watching how to handle this and obviously at JumpCloud we deploy our own route agent and we deploy our own login items that go along with that. And certainly we’re evaluating, what’s the best way to make sure that this goes out when it’s supposed to and only when it’s supposed to as opposed to when it may be ignored by the operating system for reasons like it doesn’t understand the command. So it’s definitely something your MDM is going to have to help you with.

Marcus Ransom:
And that’s something for any of the listeners who haven’t picked up on this with those new login items, the profile to prevent standard users from being able to modify those can’t be preloaded on a machine before it upgrades. The operating system will only understand those once it is on Ventura and speak with your fantastic MDM vendor for their preferred method of deploying those. I don’t know, everybody is working out the best way to do it and there are ways to get it to work, which is wonderful. So Charles, what have you found that’s been different since the last edition of the book?

Charles Edge:
Oh my goodness, system settings. Every single screenshot is to be recaptured. And I mean I’m used to recapturing all the screenshots. Rich and I were actually joking about this earlier today because sometimes it feels like we’re regression testing the operating system as the later betas come out and we’re like,” okay, I don’t think this screenshot will change.” And then at the very end we have to just do a run through and make sure that they didn’t add brushed metal or some throwback to the interface. But yeah, I would say that getting used to doing the system settings, I actually did maybe a quarter of a chapter on my daily driver. I forgot to use the VM and didn’t do it in system settings. I did it in system preferences and then I had to go back and recapture, re-enrolling and all the stuff that goes into managing your lab machines to do that too.

Charles Edge:
But yeah, I would say that’s probably the biggest for this version. In general, it’s amazing what didn’t change. Almost every single MDM looks almost identical to what it looks like three years ago screenshot wise because the profile layouts haven’t changed that much. The wording hasn’t changed that much, the settings that are deployed. There were a few property lists that were in there and I truncated the amount of content because I was like “wow, I put a two page property list into the last edition of this book. I can save a page by just taking the pieces that matter out of that property list.” But when you get into it, you’re like, everything is identical. Even the old settings that aren’t applicable in an M1 environment just for backwards compatibility because we’re all still managing six, seven year old computers are still there.

Charles Edge:
They don’t get used. But under the hood, I’m amazed how much stuff is the same. We talked a lot about how declarative management was going to change a lot and make things a lot better, but trying to find any plausible examples of how to show that in a screenshot as an example, not really possible today. So it’s amazing how the more things change, the more they stay the same. And yet where some of those graphical influences are, even with stage manager, it just feels a lot more iOS-y system setting, stage manager. A lot of it, A lot it so

Marcus Ransom:
It’s interesting, we’ve been saying that for quite a few years, but one of the ways I’ve looked at it is as macOS converges with iOS, it’s not converging to where iOS was five years ago. It’s converging with where iOS will be next year and the year after rather, and iOS is getting a lot more sophisticated and getting a lot of the functionality that in a way makes it a little more macOS esque than just-

Charles Edge:
With one exception to me, which is the finder. If you enable stage manager and you’re using that new workflow and you need to drag a file into an app, then instead of bringing up a “choose dialogue” and selecting the location, the faster thing is often, “oh I need to grab four of these files,” for example with our screenshots as we’re doing a chapter, grab 15 screenshots, upload them into Google Drive to send to the publisher. If I’m a stage manager, that whole process is a lot of clicking because it more mirrors what the iPad with the files app workflow feels like, if that makes sense. So yeah. Yeah, I 100% agree with you. I mean I’m surprised packages are still around. How do we treat that in the book? Well this is a dark art-

Tom Bridge:
Let’s not give them any ideas

Charles Edge:
…you need to know about ish. Yeah.

Tom Bridge:
Let’s not give them any ideas on what to deprecate next Charles. Right. Please. Pretty please, with sugar on top. Let’s not go nuts here because I certainly think that folks might get the wrong idea, but packaging is a dark art, and I do think that there is not nearly enough documentation. Recently, Apple updated the Apple Business Essentials documentation on how to deploy packages using Apple Business Essentials, and I was really hoping that what there was going to be was a “here’s how you make a distribution archive style package. Oh

Charles Edge:
Oh no.

Tom Bridge:
Using [inaudible 00:22:00] tools.

Charles Edge:
I know that article and it’s just, here’s where to click the button.

Tom Bridge:
Yeah, I was going to say “it’s BYO server, hope you have your own package.” There’s not even a set of requirements that’s associated with “must be signed”, must be no, all those things-

Charles Edge:
They also don’t mention the mime type. You have to enable that mime type when you put it on the server.

Tom Bridge:
Yeah, that’s right.

Charles Edge:
That whole thing is-

Marcus Ransom:
Already reference to choices XML as well which-

Charles Edge:
And you have to put the hash in that whole workflow.

Marcus Ransom:
It reminded me, I can’t remember, it was either the Goons or Monty Python and had this great sketch about how to play the flute and it was really easy. It’s just that you blow in one end and run your fingers up and down the other end and that’s how you play the flute. And I think that was, high level not getting down in the weeds about how to deploy packages, which there was nothing incorrect in that documentation, which is great. As much as it may sound like we despise packages as a Mac Admin community with the way we constantly take their name in vain, we celebrate their existence and what the pain of re-engineering and deploying packages allows us to do, which is almost everything.

Rich Trouton:
Yes. I fully admit that I’ve turned most of my packaging over to Auto Package because I love having robot minions do it for me.

Marcus Ransom:
Yes.

Rich Trouton:
And we just-

Charles Edge:
We do cover that in the book. Yes.

Rich Trouton:
We are going to be covering that in the book. Yes.

Marcus Ransom:
Robot Minions?

Rich Trouton:
Auto package. Yeah, I was discussing with Charles, we discovered that we’d accidentally left out auto package from first edition.

Charles Edge:
No, it was in there.

Rich Trouton:
It was?

Charles Edge:
Just other parts of that chapter weren’t.

Rich Trouton:
Yeah.

Charles Edge:
We just deleted a whole chapter. But there were pieces that I pulled out on the way out because we exceeded the page count.

Rich Trouton:
Oh that’s why.

Marcus Ransom:
It’s like Apple leaving the camera off the first generation iPad. It’s like you’ve added this to the next edition as an incentive for people to upgrade because you couldn’t put new emoji in, is that what you’re saying?

Charles Edge:
Yeah. Sure works for me.

Rich Trouton:
That’s the explanation.

Marcus Ransom:
So the first edition had a whole chapter dedicated to identity management that focused on things like SAML and OIDC, but not a lot yet on how it’s managed Apple id. So how did you treat managed apple IDs in the new edition?

Charles Edge:
Wow. It’s funny you should ask that. Some of these questions when you write them you’re like, nevermind.

Marcus Ransom:
What do you mean wrote them? That just came straight off the top of my head.

Charles Edge:
I know.

Marcus Ransom:
I just drove the conversation there Charles. What are you trying to say?

Charles Edge:
Oh it’s funny. I actually had a conversation with Mr. Bridge about that exact thing a few days ago, it’s just a very Microsoft and/or Google centric conversation. And so in the book we spend maybe seven or eight pages talking about what the underlying technology is, what OIDC is, what SAML is, what a JWT is, what commonly known endpoints are, and then we get into the “how to” section and all of that is a new can pave because in the last edition we talked a lot about integrating with Okta and Jamf Connect and now we can talk about MAIDs integration in Apple Business Manager in a lot more detail. But then you’re like, “well do I show all 15 screenshots of how you set that up with Microsoft Azure?” And you have to set up an Azure instance.

Charles Edge:
And unlike in the profile manager days, now you have to have a DUNS number which your publisher doesn’t exactly give you. So you’re just trying to pull one out of thin air in a way. But you have to set up an instance that you can then hook up to it, and then you’re finding, as an example for mine, I’m a developer and so I’ve got all these developer accounts, which means I have to set up an alias email address in order to set up MAIDs and you find all the little pitfalls and holes. But yeah, “it’s like do I put 15 screenshots from the Microsoft Azure control screens knowing that they’re going to change some of those screens within the next year?” or do I just say, “here’s a link to an article on how you do this” from those vendors. So now we can get in some more stuff in case they hopefully release integrations with Okta, JumpCloud, Ping, et cetera later. And it’s not just a Microsoft Google world.

Marcus Ransom:
When you spoke about the MDMs not changing visually a lot in the time, certainly within the Azure console and very much Apple business manager has changed enormously.

Charles Edge:
Oh yeah, all of Apple Business Manager, because when the first edition came out people still used the VPP portal and in the future chapter we talked about, by the next edition you’ll be using Apple Business and Apple School Manager, but for now you’re still using vpp.apple.com and now going through the screens are way prettier. They don’t have that web objects look like the VPP portal had, but they still do the exact same thing. The APNs portal does still have the web objects look, feel and links, so that hasn’t changed at all. But yeah, definitely the Apple School and Apple Business Manager pieces were complete rewrites of the chapter pretty much. And then identity, I’ve pointed the MAID stuff to the identity chapter. So in the ABM section we’re like “oh yeah and then you know can also do this but see that in chapter 12 or whatever that is.”

Marcus Ransom:
Were there any many other topics you needed to move around like that, where there was a lot of consideration and conjecture to decide. As you were saying, does this belong in an Apple business Manager chapter? Or does this belong in an identity chapter? As this sort cross over topics or get outside of their lane?

Rich Trouton:
I would say especially with regards to directory services, of course, active directory, binding LDAP connecting that seems mostly on its way out and it’s heading towards platform SSO where you’re connecting back to SAML providers or Azure AD, we’re increasingly going towards you’re not connecting your stuff to on-premise services anymore, you are definitely connecting to cloud services and I think especially in an increasingly remote friendly IT environment, that’s going to be more and more important and I think that’s something that we should try to capture.

Charles Edge:
I feel like Platform SSO was one of those places where I wanted to talk more, but there’s just not much available to talk about yet from third party providers, because most of that impetus is being put on third party providers yet again kind of like the MDM stuff. So whereas we could show some stuff in Apple Business Essentials and Apple Business Manager, which the area there is very gray at times between some of those screenshots. You’re like, “wait is that ABM or is that ABEM?” But that isn’t necessarily as true with Platform SSO and a lot of the other identity stuff that’s still very third party-ish.

Rich Trouton:
Yeah and I definitely want to see where this goes. It’s just now getting introduced into Ventura. I think whatever comes in macOS next, whatever form that takes, I think it’s going to be more fully fleshed out. But yeah, I think Apple decided that this was going to be a third party opportunity where they provide the framework and then third party vendors build what they need to on top of that.

Charles Edge:
Which MDM was for what, 13, 14 years?

Rich Trouton:
Yep.

Tom Bridge:
So as we look at the book, you guys had a section on the future of the platform and now it’s three years old. So looking back at that section, what did you get right? What maybe didn’t turn out the way that you thought?

Charles Edge:
Yeah well we still have packaging. Yeah, we mentioned that earlier in the episode. I don’t think, because privacy controls had just come out and so they were there but they weren’t as granular as they are now. And so we did say this is going to get more of a thing. So I feel like we got that right-ish, but then the way it was implemented was kind of different. I would say on the Apple Services side, one of us, probably me prognosticated that APNs, the way that you get your certificates would be moved into ASM and ABM and that hasn’t happened. I don’t know where I got that from but-

Rich Trouton:
Well it’s logical.

Charles Edge:
Yeah.

Rich Trouton:
It just hasn’t happened.

Tom Bridge:
It sure would be great if there was a coalescing of those particular objects because we’ve got two bear tokens and a certificate now and it feels like there ought to be a way to handle this in one fell swoop

Charles Edge:
And we just haven’t gotten there yet and maybe we never will. I mean if you think about it’s five minutes a year that you go into this old awkward looking web objects interspace.

Tom Bridge:
Hasn’t changed since 2001.

Charles Edge:
Yeah, there was another thing that hasn’t changed since then. As we introduce the concept of VPP, we gift a song in the book and so-

Tom Bridge:
Oh yeah.

Charles Edge:
I was like, oh where do you do that now? Because if you’re using Apple’s streaming music service, you don’t have the option to gift a song you have to actually go back. So finding some of those things, but it’s still there just not for the app store that I could find. Another place that has not changed quite as drastically as we thought it might have in the first edition is just what’s available to agents. I do think that the ability for end users to disable them ad hoc is probably getting closer to that and the privacy controls that Apple’s looking for there, but yeah. And then iOS is a truly multi-user experience and the whole finder situation, I feel like stage manager, we mentioned this earlier in the episode, is a step in that direction, but the whole way that we access the file system is totally different between the platforms and I think the way that you handle that stuff inside Swift is unifying so I’m curious to see how it unifies in the actual computer interface. And we didn’t call that the M1 was coming.

Rich Trouton:
Well we said that processor chip sets might change but yeah we definitely did not get to, Yeah, Apple’s going to take the processor family that they’re putting into their mobile devices and now they’re going to put them into Macs. So we did not call that back in 2019 and we just did.

Charles Edge:
Well I think we were-

Rich Trouton:
It’s hard to tell it-

Charles Edge:
… In 2018.

Rich Trouton:
Yeah, yeah we were.

Charles Edge:
That’s always the hard part, the future chapters. I probably shouldn’t put in more books at this point, just leave those out. It’s all changing so fast. But yeah, I don’t know that we thought that anything might happen to the Mac Mini or that there would be colored iMacs but now we’re getting into things that I don’t know that they matter.

Tom Bridge:
Yeah I mean-

Rich Trouton:
Yeah-

Tom Bridge:
Go ahead Rich.

Rich Trouton:
I was going to say, looking back through the chapter, broad outlines I think are pretty good. I think it’s like is Apple an Enterprise company? It does stuff for enterprise but primarily we called out that Apple’s a privacy company, they’re really concerned about maintaining that user privacy and that is definitely something that as time has gone on, Apple has said and shown that is a priority for them. So I think we got that right.

Charles Edge:
Even above and beyond telemetry.

Rich Trouton:
Yes.

Charles Edge:
By enterprises.

Marcus Ransom:
So there was no complete going off on a tangent from Apple in ways that neither of you would’ve expected to see Apple go in based on where you were three years ago.

Rich Trouton:
I think honestly one of the bigger surprises from three years ago was that at this point macOS Server is an X app. They were slowly but surely taking stuff out, but I thought that profile manager would hang on longer because it was Apple’s example MDM. I figured that at least macOS server.app would stay around just to run Profile manager and by the end that’s pretty much all it was doing. I mean of course it was also running open directory, but that’s because Profile manager used that. I don’t remember what other services it was, but then Apple would just-

Marcus Ransom:
CSAM.

Rich Trouton:
Yeah. And then in the end they were just like, “well we don’t need this anymore,” and now it’s gone.

Marcus Ransom:
So that’s probably really increased and cemented your reliance on third party tools and vendors or open source examples as you were discussing previously. Now Charles, I know you used to write books just purely on macOS server or OS 10 server. So that would’ve been a lot easier just being able to focus on the story being about the tool that Apple has created and how to use it compared to-

Charles Edge:
Oh yeah.

Marcus Ransom:
… Trying to decide what to include? What not to include? What’s the best illustration?

Charles Edge:
And the order. One nice thing about writing about server, I always tried to order the services in the book, each chapter being a service based on the list of the services in the server app. So if DNS was second or third, then I’d put that second or third in the book.

Charles Edge:
So Apple basically wrote my book outline for me with this kind of stuff. I struggled for weeks with, well do we want to put agents before or after MDM? Because MDM is an agent, right? And in my mind we went ahead and left agents ahead of MDM, not because they’re more important because a lot of people can make due with just MDM and no agents, but would help to understand what an agent was and then we can say, well MDM client does this, et cetera, et cetera, et cetera down the list of who’s handling the store demon and all that kind of stuff. So yeah, I do miss writing about server because it was easy, it was enclosed. I don’t miss server though. I also don’t miss getting calls at 2:00 AM that someone’s mail server running on OS 10 server isn’t working.

Tom Bridge:
Let’s pour one out here for Ben Grinder’s bender tool, which saved an admin so many hours over the years and say thank you Ben. Cause I was going to say the number of times that servers might have committed Harry Keary was not insubstantial.

Charles Edge:
And even there you lose if your last dinner backup was a day ago, you lose a day of mail for someone and they are pissed.

Tom Bridge:
Oh. Yep.

Charles Edge:
So-

Marcus Ransom:
One of the last things I got asked in my previous role as a consultant was someone wanting to move their jam server from a Mac mini into the cloud and they were wanting to try and work out then how could they could point that jam server back to open directory running on the Mac mini on PRAM.

Charles Edge:
When was this?

Marcus Ransom:
Eight or nine months ago. And it was like try trying to work out the nicest way to say “you’re going about this wrong.”

Tom Bridge:
Yeah.

Marcus Ransom:
Don’t just move one element that is hosted on that Mac mini into the cloud, move them all, get everything into the cloud and everything working in a way that it’s not going to ruin your Friday night because those beautiful spinning hard drives don’t.

Charles Edge:
Do not miss those late night phone calls. All nighters trying to rescue. Oh yeah. I mean

Tom Bridge:
I will mention that Zimbra, the mail server had a particularly irritating failure behavior. For example, when you started it up and it could not see its storage volume path, it was just like, “oh I guess there’s not a storage path there. I should make one.” So if that path happens to be in slash volumes, it will just start storing things there and then none of the old mail it will show up. And this may or may not have happened on the first day of my honeymoon. And so the first day of my honeymoon was lost to that Zimbra mail server and it’s really delightful. One of the people I work with now is a gentleman named Greg Armanini, he’s my boss. He was at the time a product manager for Zimbra. I had to tell him this story and he was like “please don’t hold this against me but-“

Marcus Ransom:
You never let him forget about this. Yeah,

Tom Bridge:
It was not his fault, that was not his part of the product. But I was going to say we had a chuckle about it. But yeah, I had a lot of crosswords with Dave Greaney, who was our account rep at the time. Be like, “Dave, this doesn’t make any damn sense.”

Marcus Ransom:
So Tom, what do you-

Charles Edge:
Zimbra did a lot.

Marcus Ransom:
What do you do with your life now that there’s these huge gaping holes in what you used to have to do with your time to deal with things like this? You just-

Tom Bridge:
Oh I filled them with new things, and new products and other things like that. At Jump Cloud we’ve been expanding the number of things that we do and so I have to spend a lot of time learning about how new things work, like our password manager product or our remote desktop solution. And so I spend a lot more time learning new things now I don’t necessarily have to do it on the weekends or at night for which I am deeply grateful. But yeah, I was going to say there’s an infinite amount of work out there. You just got to figure out how to apply yourself, right?

Marcus Ransom:
There are new things that don’t work that you can discover or new things that do work that you can-

Tom Bridge:
I will mention that are password manager and our remote desktop tool actually do work, which I do appreciate about them and our password manager’s cool as hell. And we’ll try and get Antoine to come tell us all about it because it’s fully decentralized, which is a fascinating way to approach the concept of secrets management. But you think about all of these different pieces and bits of engineering that we deal with every week. I’m writing my talk for Macs Admin right now, which Patrick close your ears, isn’t done yet. And I was going to say by the time this is out it should, nope, it won’t be done yet. But it’s all about a really phenomenal IT movie called “Everything Everywhere All at Once” because that is the life of-

Marcus Ransom:
Is that an IT movie?

Tom Bridge:
It’s an IT movie. I’m telling you it is the IT movie of 2022.

Tom Bridge:
It is my favorite IT movie since “sneakers” and it’s through the looking glass darkly cousin hackers. But I come back to the realization that you have to, as an IT admin, go through a series of skill acquisitions. Most of the time those skill acquisitions come along with doing unlikely things. And you know, think about the movie that came out last year or this year-

Marcus Ransom:
On martial arts.

Tom Bridge:
If you haven’t seen it-

Marcus Ransom:
That’s the one I think.

Tom Bridge:
… Is phenomenal and hilarious, that topic just holds true. There’s so many unlikely things that we have to do as admins. There’s so much learning that we have to do. There’s so much skill acquisition that we have to do and most of the time we’re doing it not because there’s a clear and present training plan for the organization that says you must know this thing. You are acquiring that skill as a moment of requirement.

Speaker 7:
Deploying, managing and protecting Apple devices at work shouldn’t be difficult to require several solutions. Mosyle is the only Apple unified platform for business. By combining enhanced device management, endpoint security, internet privacy and security, single sign on and enhanced and apps management into a single Apple only platform, businesses can now easily and automatically deploy, manage and protect their Apple devices with one solution and at an affordable price, with a solution for every business size and the best support in the market. Request your free account today and see firsthand why Mosyle is more than an Apple MDM. Mosyle is everything you need to work with Apple. To learn more, visit business.mosyle.com. That’s business.M-O-S-Y-L-E.com.

Charles Edge:
So speaking of skill acquisition, like Rich is probably one of the top experts on full disk encryption outside of Apple. So what changed and what talent acquisition did you have to take on to write the latest version of the chapter? Because, that’s pretty much a whole chapter in the book.

Rich Trouton:
Yeah, I would say that the really good thing is that for Intel Macs, nothing really changed between 2018 and now, of course Intel processors, they’re heading out the door eventually. And I would say the main thing that I really needed to look into was what are the changes that Apple has brought to Apple Silicon? And for the most part in terms of managing things with FDE setup, managing things with profiles, managing file vault in general, not a lot changed for the admin to interact with. FDE setup pretty much works exactly the same. What Apple did though is that on iOS they have a concept known as data protection, which basically extends the encryption down to the file level, which on Intel macs the encryption stops at the volume level so that the cryptographic keys don’t extend down to the individual files and living in the file system and-

Charles Edge:
A hello managed open end, right?

Rich Trouton:
Yeah. So on iOS, that data protection, that per file encryption has been there for a while. That is something that I called out in the original first edition was that this is how things got managed on iOS, on macOS it basically stops at the volume level. On Apple Silicon Macs they do take that now down to the data protection level, there are some Mac specific differences which I go into in the book, but pretty much they took that model from iOS and they’re now applying it to macOS specifically for Apple Silicon macs. If it’s an Intel box, nothing really changed. And I think my favorite discovery though was that there’s the FDE setup command for managing full disc encryption file vault on macOS. There is a command called FDE setup all three start. And what all three start is supposed to do is that it puts a disk unlock key into system memory so that you can bypass on an Intel Mac, the EFI login screen, which is normally where you have to stop, put in your account password file vaults enabled account and then it boots into the operating system.

Rich Trouton:
On Apple silicon, that EFI pre-boot layer simply doesn’t exist. So what happens is that you boot to the regular OS login window all the time and so you have this unified login experience regardless of whether or not you have file vault turned on or not. So FDE set up all three start, just reboot your box. That’s all it does now on silicon. So it’s like can I just reboot? I think the answer is yes, but I think that’s probably, in terms of management, the major difference I found. So for Mac Admins and folks wanting to manage file Vault, you’re not going to see a lot of difference in the commands and how things work. All the changes are under the hood where you can’t see them. And for this you really got to look through the Apple security white papers and everything else to really, I’m not going to say tease out because they say it. It’s just one of those things you actually have to read through it to really understand what the differences are. I really like that change because it does take that encryption model and makes it that much stronger.

Marcus Ransom:
Secure token and Bootstrap token had a tough couple of years in between additions of this book and mostly those issues have ironed themselves out, haven’t they?

Rich Trouton:
Yeah, I think so. I definitely think so. And I did cover secure token in first edition. I don’t think I covered bootstrap token, so that would be something maybe to make sure that I cover more fully in second edition. But for Apple silicon, you also have volume owners, which didn’t exist before for Intel. Yeah, you just have some changes.

Marcus Ransom:
Yeah.

Tom Bridge:
Keyboard shortcuts to let you into the login screen with the FE 2 key and things along those lines.

Marcus Ransom:
Yeah.

Charles Edge:
Wipe with Apple configurator.

Marcus Ransom:
Yes.

Charles Edge:
Or not wipe but revoked the-

Tom Bridge:
DFU.

Charles Edge:
Right?

Rich Trouton:
Yeah. I will say that Erase all contents and settings was a big change that we’re going to be covering in second edition that simply did not exist in first edition.

Marcus Ransom:
It existed in our hopes and dreams.

Rich Trouton:
Yes for macOS, we were like, we really want this, but it just doesn’t seem to be around and now it is and it’s wonderful. I love it.

Charles Edge:
I love it for also testing commands for the book in a clean environment.

Marcus Ransom:
Yeah.

Rich Trouton:
Yes.

Charles Edge:
Because sometimes the command works because you undid it and did it and undid it and did it, but then you’re like, “oh well let me just wipe this or erase all setting constant and settings real quick and try it again and make sure it works.” But

Marcus Ransom:
Maybe we can put something out there for the Mac Admin community. We can see who uses that the most number of times in a single 24 hour period on one device.

Charles Edge:
I don’t know that I want to know though.

Rich Trouton:
Yeah, I mean-

Marcus Ransom:
I think I got-

Rich Trouton:
… In my case I definitely used it.

Marcus Ransom:
… about 10?

Rich Trouton:
… Three or four times just on Friday when I was testing something, I think I was like, “I’ll just wipe the box-

Marcus Ransom:
Yeah.

Rich Trouton:
… And put it back.”

Marcus Ransom:
Usually it’s my-

Rich Trouton:
Just to be accurate.

Marcus Ransom:
… Own stupidity that is requiring me to do it, “Oh, I forgot to hit save on that one”, “I didn’t scope that properly.” And it’s like, “okay, let’s click the button.”

Rich Trouton:
Honestly, what I probably do it the most for is that my work, we have a test MDM, which is not our production MDM and my test box is enrolled with the production MDM and I’ll un-enroll it and do just an enrollment through the macOS and be like, “Oh, I’ll flip it to the test box.” And then I’m like, well I should flip it back to the production box. I’ll just erase all content settings and just set up the box again. Because at that point everything’s back to exactly the way it should be with our new set up process.

Tom Bridge:
So the second edition, it’s out now. You can buy it today, correct?

Charles Edge:
No, no, no, no. The actual operating system isn’t out.

Tom Bridge:
What ?

Marcus Ransom:
You can buy that today as well, can’t we?

Tom Bridge:
Fine.

Charles Edge:
I mean you might be able to buy it with a developer account.

Marcus Ransom:
Should I have not clicked on that link and given them my credit card details?

Rich Trouton:
I mean please feel free to buy a copy of first edition if you really want it. Charles and I will not try to stop you it.

Charles Edge:
It actually [inaudible 00:52:30].

Rich Trouton:
Yes-

Charles Edge:
Nor will Amazon.

Rich Trouton:
And honestly I was surprised probably as anybody else to discover that first edition came out in Polish. It is available in both English and Polish. I own a copy of the Polish edition.

Charles Edge:
As do I couldn’t help, but buy one.

Rich Trouton:
Yes. I was like, I’m buying the book that I wrote, but I have to own this.

Charles Edge:
Right.

Tom Bridge:
I mean-

Rich Trouton:
It’s fantastic.

Tom Bridge:
I can’t even imagine how long it took them to translate. It’s a massive tone but I’m glad there’s a market for that.

Marcus Ransom:
And technical polish as well, not just conversational polish.

Charles Edge:
And one of these days, I’m going to have to look up whoever did the work on that and drop him a message. Sorry.

Rich Trouton:
I can only hope that second edition is so popular that they translated into multiple languages as well.

Charles Edge:
Yeah, one thing I can say about the release date though, we are zooming on the updates. Rich is awesome to work with. And I would say we’ve easily been transitioning back and forth, you messaged me earlier today to be like, “Hey, do you want to take part of this chapter because I think you wrote it.” And I’m like, “Oh yeah, sure.” We have a pretty good back and forth on this and we’re way ahead of schedule. I don’t think we were supposed to turn in our first chapter until October and we’re 60, 70% done. So-

Marcus Ransom:
Nice.

Rich Trouton:
I think the contract said that have the first three chapters in by October, a day to October. And I think we hit that by the end of August.

Charles Edge:
Yeah.

Rich Trouton:
Which I was like, that’s fantastic.

Charles Edge:
And the day Ventura comes out we’ll zip through and make sure all the screenshots are right because again, brush metal happen.

Rich Trouton:
Yeah they’ll change-

Marcus Ransom:
I think it also happens in October anyway. October’s holiday month for Mac Admins.,

Rich Trouton:
I already had to reduce screenshots because I had screenshots made. And then Apple moves something, it’s like, “oh no, I got to go-“

Marcus Ransom:
Between betas.

Rich Trouton:
Yes, Yes.

Charles Edge:
Yeah. And the system settings. So profiles is no longer its own system preference pane, it’s now under security and privacy. Click on security and privacy, scroll all the way down, find profiles and something else is in there, extensions is in there-

Rich Trouton:
File vault is in there, locked down is in there and it-

Charles Edge:
Just a bunch of stuff.

Rich Trouton:
It was kind of interesting because as I’m writing the section on full disk encryption for File Vaults, I’m like,” where did they put that in? I wonder if it’s going to show up with the same language” and-

Charles Edge:
Put between betas. Sometimes they move it again.

Rich Trouton:
Yeah.

Marcus Ransom:
So how long does everyone think it’s going to take for our muscle memory to kick in and to stop referring to it as system preferences to begin with, but then to be able to-

Rich Trouton:
Mine has.

Charles Edge:
Just got to take some time.

Rich Trouton:
Mine has.

Marcus Ransom:
Oh I’m a long way.

Tom Bridge:
That’s way ahead of me.

Rich Trouton:
I-

Charles Edge:
But I had to screenshot half a chapter. So

Marcus Ransom:
You’ve dreaming about it, right?

Rich Trouton:
Honestly, one of the things I’m not sure about is what to call preference panes now. I keep referring to them as preference panes because I don’t have another term to refer to them, but I’m like, “it’s not, I can’t anymore.”

Charles Edge:
I haven’t found an Apple style Guide article on that. So I’m calling them systems settings panes

Marcus Ransom:
I’m just-

Charles Edge:
Or system settings panels.

Marcus Ransom:
I’m just expecting to see the tweet from Arek Dreyer the second this goes out.

Charles Edge:
Correcting us? Yeah.

Marcus Ransom:
He will just point us towards it-

Charles Edge:
Dreyer’s place.

Marcus Ransom:
… And where we’re using the wrong word, which we love him for.

Rich Trouton:
We may have to agree on exactly what, because I’ve been referring to when I’ve been writing it as system settings preference pane. So I may have to go back and just update my own thing to say system settings pane.

Charles Edge:
Yeah, I think I’ll check with a friend at Apple and-

Rich Trouton:
We can find out what the official word is.

Charles Edge:
And then we can just do a command F and find and replace the hold darn thing.

Tom Bridge:
And now they’re going to have a meeting going, “Oh crap, what are we going to call these things?”

Charles Edge:
Yeah. Can you imagine being in the meeting? So the little dots in the upper left hand corner, they’re called jellies, right? Yeah. This is one that Arek corrected me on once actually.

Rich Trouton:
I didn’t know they were called that.

Charles Edge:
Yeah. Can you imagine being in that meeting? Well, “what do you want to call these guys?” Like ellipses, colored ellipses stop lights. Someone’s like jellies. Yeah,

Marcus Ransom:
So I get a group of frat boys to sit around and decide that they get a call based or those voices you were giving Charles.

Charles Edge:
Yeah, I was in a fraternity. So sorry. Sometimes it comes out when I think of sitting in marketing meetings.

Marcus Ransom:
Oh yeah.

James Smith:
Here at the Mac Admins podcast, we want to say a special thank you to all of our Patreon backers. The following people are to be recognized for their incredible generosity. Stu Baker, thank you. Adam Selby, thank you. Nate Walck, thank you. Michael Tsai, thank you. Rick Goody, thank you. Mike Boylan, you know it, thank you. Melvin Vives, thank you. Bill Stites, thank you. Anoush d’Orville, thank you. Jeffrey Compton, M. Marsh, Stu McDonald, Hamlin Krewson, Adam Burg, thank you. A.J. Potrebka, thank you. James Stracy, Tim Perfitt of two canoes, thank you. Nate Cinal, Will O’Neal, Seb Nash, the folks at Command Control Power, Steven Weinstein, Chad Swarthout, Daniel MacLaughlin, Justin Holt, Will Smith and Weldon Dodd, thank you all so much and remember that you can back us if you just head on out to patreon.com/MAC ADM podcast. Thanks everybody. So I’m going to ask an off the wall bonus question here.

Tom Bridge:
And this is one of those places where we’ve got authors with us, so I want to know what folks are reading. And so when you’re not writing these books, I was going to say, what’s the last book that you read that you really loved?

Charles Edge:
Cover to cover or pieces of?

Tom Bridge:
I mean, I would go cover to cover.

Charles Edge:
All right.

Tom Bridge:
And yeah, I was going to say let’s go cover to cover on this one and say last book you read that you really loved. And Rich, I’ll let you start.

Rich Trouton:
I’m, I’m going to sound like a total nerd, so-

Tom Bridge:
More than already.

Rich Trouton:
Okay, got that. Okay. So this is actually a book I picked up years ago for a trip to Maxiciman because I wanted a nice long book about something that I didn’t really know a lot about. And I am very much a fan of history. So the last book that I really read is called The Big L: American Logistics in World War ii.

Charles Edge:
Oh wow.

Rich Trouton:
And it goes through the American home front industrial manufacturing effort and how the government worked with the Ford and General Motors to do this kind of stuff and the politics involved and how this worked. So that is, I am now probably the nerdiest guest you’ve ever had on this podcast.

Tom Bridge:
I love that Charles, how about you.

Charles Edge:
Oh, so I’m just looking over at the bookshelf because the bookshelf right by my desk is my work in progress. So the last one that I did cover to cover is Queuing Systems Volume One Theory by Leonard Kleinrock, architect of ARPANET. And it was written in the late sixties.

Tom Bridge:
Yeah, you were saying Rich?

Rich Trouton:
I don’t know, I still might be the nerdiest.

Charles Edge:
Yeah, Rich has found it.

Tom Bridge:
I love that. I think that’s fascinating. One of the videos that I have appreciated YouTube for was a video, it was like two hours on the Magic Pass systems at Disneyland and Disney World and how they’ve undergone changes and how the game theory that the developers of the system have had to go through to try and encourage more people to ride more of the different rides at Disneyland by making them more attractive as part of their fast pass system. So.

Charles Edge:
I am-

Tom Bridge:
I’ll find that place-

Charles Edge:
… lucky enough-

Tom Bridge:
I’ll turn that in there.

Charles Edge:
… To have gotten to do work at the imagineering team. I built their ex stand many years ago back when that was a thing. And they are some of the coolest people to go work with. I envy Greg for getting to work with animation all the time, but imagineering is awesome. Yeah. Oh my goodness, you guys. Yeah. Great. What a great gig. So how about you guys?

Tom Bridge:
Marcus? I was going to say, Marcus, how about you?

Marcus Ransom:
The last book I read cover to cover was actually Patrick Wardle’s, the art of Mac malware that just recently arrived on the shores here. That was really interesting to read. One of the things that really disappointed me is lockdown seems to have destroyed my ability to stay focused on fiction. So that’s really something I want to get back, I want to be able to get some escapism back into my reading rather than just filling my brain with more useless/incredibly important facts and knowledge.

Charles Edge:
And how about you Tom?

Marcus Ransom:
Tom?

Tom Bridge:
So mine came at the behest of Mr. Dreyer, speaking of, he passed along a book called Thinking Fast and Slow by Daniel Kahneman and thinking about the memory systems that we have in our brain and how we operate on fast and slow thinking. And that was phenomenal. If we go fiction, I will point at Mick Herron’s trilogy, or I guess it’s a tetralogy now, but the Slough house books. I really enjoyed the first of those. I caught it as they were showing off slow horses on Apple TV and I was like, “I should read the book for this.” And oh man, talk about a rollicking good time. It’s like rolling a rock up hill and eventually you crest the hill and it’s all downhill and then you better have set aside the rest of your afternoon because you just need to keep turning those pages, which I really enjoy.

Tom Bridge:
I love a good book like that. It’s methodical and it’s setting up all of its setting, it’s setting up all of its characters and then it’s just pushes it all downhill and it’s just one little thing and then you’re along for the ride all the way through to the finish. So those books are all in Apple iBooks as well as on Kindle and things like that. I’m trying to find the title here because I have too many books in my bookshelf right now. It’s kind of wild. But the first of those is, Oh, that’s right, Slow Horses is the name of the first book, and then I read the second one right on its heels called Dead Lions, and they’re both really spectacular. So.

Rich Trouton:
Those are solid and-

Tom Bridge:
Slow.

Rich Trouton:
Slow. Dead.

Tom Bridge:
Yeah. Yeah, that’s right. So yeah, solid books and some good reads there for you.

Tom Bridge:
And we’ll try and get all of those into the show notes here so that folks can know what everybody’s reading. Thanks so much, Rich for joining us. And Charles, thanks for being with us tonight to talk about your new book. We’re really excited. As soon as pre-orders open up, let us know. And I was going to say we’ll put out the big word once that time has come.

Charles Edge:
Thank you for having me on.

Tom Bridge:
Yeah. And of course, thanks to our wonderful sponsors this week, that is Kandji, Black Glove and Mosyle. Thanks so much to our transcription sponsor meter who makes it possible to read the podcast as well as listen to it. And of course, thanks to all of our amazing Patreon backers out there without which we could not do this. So thanks everybody, and we’ll see you next time.

Charles Edge:
See you next time.

Marcus Ransom:
See you later.

Speaker 7:
Mac Bins podcast as a production of Mac Bins podcast llc. Our producer is Tom Bridge. Our sound editor and mixing engineer is James Smith. Our theme music was produced by Adam Kudiga the first time he opened Garage Band. Sponsorship for the Mac Admins podcast is provided by the Mac Admins.org Slack, where you can join thousands of Mac Admins in a free Slack instance. Visit macadmins.org, and also by Technolutionary LLC, technically we can help. For more information about this podcast and other broadcasts like it, please visit podcast.macadmin.org. Since we’ve converted this podcast, toss the funny metadata joke is at the end.

Tom Bridge:
The Mac Admins Podcast is a production of Mac Admins Podcast, LLC. Our producer is Tom Bridge. Our sound editor and mixing engineer is James Smith. Our theme music was produced by Adam Kudiga, the first time he opened garage band. Sponsorship for the Mac Admins Podcast is provided by the macadmins.org slack, where you can join thousands of Mac Admins in a free slack instance, visit Macadmins.org, and also by Technolutionary LLC, technically, we can help. For more information about this podcast and other broadcasts like it, please visit podcast.macadmins.org. Since we’ve converted this podcast to APFS, the funny metadata joke is at the end.