Episode 289: Keeping Up With California Places with Fiona Skelton

Meter is the easiest way for businesses to get internet, networking, and WiFi. Our full-stack approach combines hardware, software, and operations so that any company can seamlessly run on a reliable and modern network.

• Streamlined installation: We take on the complexities to make designing and deployments easy, fast, and stress-free. We manage the entire installation process, and provide ongoing maintenance and support.
• Network hardware, security & management: We design and build our own controllers, switches, and wireless access points. After the network is deployed, review your speed, usage, and security in one unified dashboard. No need to hire vendors in every location or have IT teams fiddle with manual configurations — everything is automated with our software.
• Simple pricing: Pay one monthly rate with no up-front costs for installation, configuration, or hardware.

---

James Smith:
This week’s episode of the Mac Admins Podcast is brought to you by Kandji. Automation in IT is a hot topic and for good reason. Automating repetitive tasks frees you to focus your skills on more strategic projects that move the needle for your organization. Kandji, the Apple device management and security platform, features over 150 pre-built automations to multiply your effectiveness and impact daily. To see how to take the repetition out of your to-do list, visit kandji.io. That’s K-A-N-D-J-I dot I-O.

Tom Bridge:
Hello and welcome to the Mac Admins Podcast. I’m your host Tom Bridge. And Charles, those are dashing sunglasses you’re wearing at 8:00 PM.

Charles Edge:
It’s been a long day. Lots of yard work.

Tom Bridge:
It has.

Charles Edge:
You should see my hair without them. I’m going to end it there.

Tom Bridge:
‘Tis the season, right? This is yard work season. This is like winterizing the everything season.

Charles Edge:
Yeah. To be perfectly honest, this is the season I most miss living in Venice Beach, because there’s no seasons, right? There’s no yard work to do, practically, if you live close enough to the beach where you can’t grow grass anyways. So now it’s like, oh well, I’ve got what? Nine trees in my yard.

Tom Bridge:
Oh geez.

Charles Edge:
And when all the leaves fall at once, you’re just like, “Wow, that’s a lot of leaves.”

Tom Bridge:
Yes. The persimmon in the backyard and the crepe myrtles are starting to shed their leaves here. ‘Tis the season. That just means we bag them up and send them to Marcus and he puts them on the trees down there. I think that’s how it works. Is that right Marcus?

Marcus Ransom:
Well, not the trees. So, I was traveling last week and then came back to find that all the leaves, thank you very much for sending them over, were in my swimming pool. And the automated swimming pool filter that, with hindsight, is probably designed to be cleaned several times while I was away, and of course, nobody in the family did that, so it was looking like I often do after a very large meal, sort of just floating on its back in the pool, holding onto its stomach going, “Oh.”

Charles Edge:
Adulting, it’s so wonderful.

Marcus Ransom:
Yeah.

Charles Edge:
The choice of home ownership.

Marcus Ransom:
Exactly. And then something else weird happened to me while I was away as well. Our previous home we had for 15 years around the corner isn’t anymore. Got turned into a vacant lot. And that’s kind of weird, thinking somewhere you lived just ceases to exist anymore. So, strange.

Tom Bridge:
Yeah, that’s one of those things that you don’t think is going to have an effect on you until you see it happen.

Marcus Ransom:
Yeah. Lots of good memories in that house, which we still have. And the new owners I’m sure will have lots of good memories in their enormous McMansion that they’re about to build on there. Good luck to them.

Charles Edge:
And how are you Tom?

Tom Bridge:
Fantastic. This is the height of my cooking season. This is where I love to break out all the winter recipes. And so today was French onion short rib soup, and so that was a solid four or five hours of tag team cooking with my wife that was totally worth it and amazing. If you follow me on the Instagram, you can watch me cook sometimes because I post stories a lot when I do that.

Marcus Ransom:
I was going to say, I did have a look at that just before breakfast, which meant I did very much want what you were cooking for breakfast and couldn’t, thank you.

Charles Edge:
Your Instagram made me very hungry for two months when I couldn’t eat.

Tom Bridge:
Yeah, sorry about that, friend.

Charles Edge:
No, it was quite lovely.

Tom Bridge:
I would not have judged you if you’d blocked me in that period. But I’m glad you’re back on the food now, so that’s great.

Charles Edge:
And we have a wonderful guest, right Tom?

Tom Bridge:
We do. A phenomenal guest. Fiona Skelton, welcome to the Mac Admins Podcast.

Fiona Skelton:
Thank you very much.

Tom Bridge:
It’s a great pleasure to have you with us. Here on the Mac Admins Podcast, we love to hear a little bit about how our colleagues in the field ended up doing what they do. So, do you mind giving us a little bit of a background on how you became an Apple admin before we get started?

Fiona Skelton:
Sure. Absolutely. My degree is in architecture, but I switched to IT before I came to Vancouver, which is now about 15 years ago. You can tell from my British accent, I’m from the UK. It was fun at Cambridge to study architecture, but lots of travel and model making. Reality was a different picture. It was muddy days at dawn, climbing buildings and working on construction sites in council estates, and it was less than fun.

Marcus Ransom:
So designing the kind of McMansions that were going to be built in my vacant lot for my beautiful atomic ranch. No. No you don’t. In fact, it probably helps not to be one.

Fiona Skelton:
And also, unless I became one of the top architects, I was pretty doomed to spending my time on building sites and in front of a drawing board. So I moved into IT, which was great. I always loved the CAD side, so computer-aided design, as it was called then. And I gradually moved across to database design. Because my brain works in spatial awareness, I have an eye for detail and problem-solving skills. So all these things that work for architecture, work brilliantly in IT as well.
So I took courses at the weekends and evenings. I got a help desk position. I then became a help desk lead, et cetera. I moved into infrastructure for various companies, cybersecurity, MSPs, financial institutions, and now I work on the dark side with social media. So that’s my path.

Tom Bridge:
And in your time in IT, how do you see things change? How has the IT world that you’ve been part of changed?

Fiona Skelton:
My first experience as a Mac support person wasn’t taken seriously at all by my employers, but no one else wanted anything to do with the Mac design studio. It was a hundred percent Macs. And it was in a large financial institution. It was mainly Windows-based. But I’d grown up with Macs and I loved design. I grew up at university using Macs with my degree. So I volunteered. And it just went from there. The designers were far more fun to hang out with than the fund managers. Absolutely. And I think that was my motivation, really. And I just loved Macs.
So, I think as a change, how have things changed? Obviously, there are far more devices to support now because companies offer Macs to employees, and have been doing for the past, I don’t know, 3, 4 years, I think. My own company being totally Mac-based, the company I work for, Beyond Finance, we are 98% Mac-based.
However, I think there are more MDM, there’s plenty more MDM and open source solutions to leverage than there were a few years ago, so that makes life easier. And I think the community’s grown, the support community’s grown. Absolutely. There’s more there to go and find information. There’s more people around who’ve got the same problems I do on a daily basis. And Apple are taking the enterprise market more seriously and they incorporate our feedback.
So, things have got harder but things have got easier as well, is the answer to the question. I do feel like some application vendors still focus on Windows support, and most times when I log a support ticket, I end up on first line battling with a Windows support engineer. It’s not their fault, but it takes time to get it escalated to somebody who understands this is a Mac issue specifically and not a Windows issue. It’s a work in progress.
But yeah, I absolutely… I think my main point is the Mac admins community is fantastic and I’ve certainly felt a lot more supported in the past two or three years. I feel like I’m part of a community, which is fantastic.

Charles Edge:
That’s a wonderful answer. And I would say it’s another year, another operating system named after cats or cool spots to visit in California, or cats in cool spots to visit in California, which I think will be the next wave of operating systems. Like 10.16 might be Lions in Bakersfield or something like that. But it’s another cycle of trying to figure out which of our automations broke. And we’ve had years to get used to this new world order, I guess it’s not a new world order anymore, and I feel like it kind of keeps getting easier but it’s still part of the job, this annual update thing. So in this episode we’re super stoked that you agreed to join us and take us through a little of what your process to stay sane amongst a constantly changing landscape looks like.
By the time this episode ships, in fact probably tomorrow, Ventura should be out. What percentage of users, and feel free to message us and let us know how accurate you are on this, but what percentage of users would you guess install the operating system on day one or day two?

Fiona Skelton:
Yeah, a good question. In my own environment, I’m hoping only those who signed up to my early access program.

Charles Edge:
That does happen.

Marcus Ransom:
Your restrictions aren’t working or maybe the restrictions we’ve been given to allow us to restrict, although that’s looking a lot better at the moment.

Fiona Skelton:
Yeah. We’re beholden to Apple. But I think I’m good. I think with the release candidate that it looks like it should be working. So, I’m expecting around 5% from our current environment. We’re a Chrome shop, so we’re not totally reliant on everything being working on Ventura. It has to work in Chrome, basically. So I would also hope that those who don’t have critical software that hasn’t been certified or haven’t had a good backup who’ve agreed to my early access program are okay.

Marcus Ransom:
How has that run on previous years? Do you find most people that sign up to be early adopters have actually tested their software, or is it just the lure of clicking buttons to join early adoption programs and maybe saying you’ve checked all of those things supersedes actual testing?

Fiona Skelton:
Basically, I’m the one that does all the testing. Our software developers, because they’re not testing or building for Ventura specifically, to my knowledge, unless they have test devices at home, which is fine. I’m not aware of my MDM solution that they’ve asked for access to the betas. I’m sure some people have done on their own devices. But I generally set up an EAP a couple of weeks before and invite people. It depends on whether our security software’s working at the time, what I can offer. I have to balance SecOps with devs, and if the security software is broken, I shouldn’t be offering it as an option.

Tom Bridge:
Talking about the dev chain for a second here, the challenges of building applications in virtual machines or on physical hardware, those are critical production tasks that can’t ever go down. How do you go about testing those for your environment with the new operating system?

Fiona Skelton:
Initially, like anybody, I sign up for AppleSeed, so that’s a good start. And I have various test devices. I listen to all the app dev announcements and I keep an eye on the MacAdmins Slack channel and see what other people have managed to break and fix or have issues with. I also reach out to vendors in advance. Sometimes I get good responses, sometimes I get, “No, we’re doing nothing until Ventura has been around for 30 days,” or whatever the latest macOS is. So that’s variable results.
I also do testing. So, for myself, what breaks an ADE set of restrictions? And, do we have a stock to an end user to avoid them getting a new Ventura device immediately if we find an issue? What can we do to mitigate these circumstances?

Charles Edge:
Having an extra machine in stock, or machines, is actually a great point. I can remember many software releases where all of a sudden, people had 30 or 40 of the next operating system coming out before they were finished testing it. So that’s a very astute point. I think it’s a great segue into the next question. If you were to ballpark it, about how much work would you say, you mentioned combing through Slack and a bunch of other stuff, but how much work in general would you say it is to go through all these crazy things people do with their computers and make them work when they install this operating system, between the software and working with your network, et cetera?

Fiona Skelton:
It’s a significant amount of work, especially if you’re also responsible for all the lights on. So if you are the only Mac sysadmin, which I am, responsible for all the client applications for over 2,000 individuals, yeah, it’s time on the side. I have current projects, lights-on work. But in the meantime, I’ve probably spent maybe about 30, 40% of time in the past month looking at betas, and just recently, obviously in the last week, the release candidates in our own environment to just test critical apps. What’s changed? And signing up for EAPs for vendors if they offer them. Some don’t, some do.
Also keeping an eye on, say, the MacAdmins Slack channel. AppleSeed Private’s fantastic. People have more time maybe, maybe they don’t. Maybe they’re just working into the wee hours in the morning. I don’t know. I really appreciate what they’re doing because they’re finding stuff that I haven’t found. And is it fixed? Is it not fixed?
I think all Mac admins suffer the same fate. We’re all overworked and underpaid. Just somebody in the MacAdmins channel commented about they found iCloud documents, and desktop was broken, that people could still activate it at some point in one of the betas. And that’s a big thing for me because we don’t block iCloud but we block the documents and desktops, and that could cause us a major issue. It’s fixed now. I managed to replicate it, but thank you for somebody else looking for that through a fine tooth comb because I don’t think I would’ve had the time to find it myself.

Charles Edge:
Yeah, there’s definitely a lot more people kind of pounding around at the edges. I can remember a time when AppleSeed was barely… Either you knew about it or you didn’t, and there was no public commentary on it, and there weren’t that many people in it. And it felt like this special thing when you finally got your thing, and now it’s almost a necessity for a lot of people, as are the developer accounts and just getting access to those betas. But I also do feel like almost everyone who manages devices just has a crapload more devices to manage because there’s just a crapload more out there, but the team sizes haven’t really gotten that much bigger in a lot of places. Having said that, we have a lot more people sharing a lot more information a lot more freely and we have a lot more tools that allow us to build more scalable environments.

Fiona Skelton:
Yes. Pros and cons, definitely. Yeah.

Marcus Ransom:
It’s a real testament to the total cost of ownership that we’re constantly being told about managing Macs, where, you know, Macs are expensive, Macs are shiny, the hardware costs more, the MDM’s expensive, it should be free and come from Apple, those sorts of arguments. Where I think to cross platform environments where I’ve worked where the Windows team, who were sometimes a version behind, had significantly more resources and were not proactively trying to progress their platform, because they couldn’t for lots of reasons. And seeing the way this community approach to things allows us to get a lot more done with smaller teams by sharing that load, riding along in the slipstream of the weight of organizations with hundreds of thousands of devices to get the leverage we need to get features addressed.

Charles Edge:
Yeah.

Tom Bridge:
This week’s episode of the Mac Admins Podcast is brought to you by Black Glove. Black Glove is about to be your new favorite IT partner. They provide ongoing expert support and rapid deployment services for your current, new, or refreshed Apple fleets. But what they’re really providing is complete peace of mind that your technology is safe, secure, and operating at its full potential. So no more quick and expensive calls to the Geek Squad or Apple support.
Black Glove’s strategies and fixes are from the hands and minds of former Apple engineers, so not only is the expertise of this team unmatched, but their services are affordable and easy to get started too. Fortune 500 companies and small budding businesses alike are working with Black Glove to ensure their Apple technology is doing exactly what they need it to. Whether it’s helping manage your remote team’s devices, transitioning your device management system, onboarding new employees, or casing, tagging, and tracking your devices, Black Glove can handle it all.
They’re also just really great people to work with. In fact, mention this podcast when you reach out to them and the Black Glove team will sponsor the next generation of Mac admins through our Mac Admins Foundation. You can learn more and get started at blackglove.com. That’s B-L-A-C-K-G-L-O-V-E dot com. And while you’re at it, ask them why they’re called Black Glove. It’s a clever nod to how white glove services just don’t cut it for IT.

Charles Edge:
Just out of curiosity, so we all have our own way. Some of us just install the betas on our daily drivers and try to have life work out for us, and then the next year never do that again. But where do you start your process in evaluating and preparing for the next release cycle?

Fiona Skelton:
I have my own test device and I go and steal a load of new devices and old devices, so I have everything from… I try and find the oldest device that the company owns that’s still in use, to the latest. I can never get the latest because that’s a C-suite prerogative and they only buy one of them. But moving on from that. And then I just keep installing the betas and keep updating it. And then as I say, my favorite thing is to try my zero-touch enrollment. Like, does this still work? Will this actually work for somebody who gets this device remotely or are they going to be completely broken on day one when they join the company? That’s going to make us look really fantastic. It’s a bad-

Marcus Ransom:
How did that go this year? What was your experience? Will it blend with the first beta that comes out, really?

Fiona Skelton:
It didn’t break. Everything worked absolutely brilliantly. I still rely on lots of scripts, which is great, which I think is some questions further down this. Having said that, you get the lovely login items, but that’s now you’ve got the one notification, and we have ways to fix that now. That’s absolutely fine. You can just put in the configuration profiles. And everything works brilliantly, so I’m really happy that what I’ve got working doesn’t break or hasn’t broken significantly, so I’m happy with that.
Otherwise, the other thing I had is security software, which are things like VPN, internet security, antivirus, monitoring, all that stuff is fundamentally required. And only in the past week or so did I get an update for the vendor to give me a working solution. So that was fine line, but that’s done now.

Marcus Ransom:
That’s a close call.

Fiona Skelton:
Yeah, it is very close. So, my process is get as much hardware as you can and test your existing workflows and also the critical applications. We don’t prevent people installing anything in my company, which is fine, so I can’t support everything. That’s up to them. But the things that are critical for people to do their job. Does the VPN work? Well, not everybody. Most people working from home, that’s fine. Does everything work for them to do their job? Do their security tools work? Do their own tools work? And if I’m happy with that, then that’s the best I can do really as far as I’m concerned.

Charles Edge:
Love it.

Tom Bridge:
Yeah. Go ahead.

Charles Edge:
How about you Tom? What’s your process like?

Tom Bridge:
Well, beta 1-

Charles Edge:
Because you’re now in product, so…

Tom Bridge:
I’m now in… Well, and it’s funny because when it comes to validating the shape of a new operating system and the shape of a new MDM, or the shape of a new MDM profile and getting those things tinker-tailor-soldier-spied out of the environment. I mean, we’re members of Appleseed just like everybody else is. We’re members of the Apple Developer Program. And so, the resources that we have are no different than the resources Apple admins have. And so, the process of going through, hey, what are the new payloads? What’s in the docks? And we did that this year right away, and went through and looked and it was like, okay, so we get a couple extra keys. There’s now an ACME payload if we want into distributing ACME certs and things like that. That’s interesting but not really applicable to what we’re doing today. That’s kind of the decision of the product manager at that point. What do we support? What do we don’t?
And so, we looked at the beta cycle this year and we’re like, well, managed login items is a huge curveball for admins everywhere. And those are the new login, or excuse me, the new background process payloads. And so the tools like JumpCloud for example, which is a launch team. And so, we have our own tools, and so if we want to keep working-

Charles Edge:
Uncheck that box.

Tom Bridge:
Well, I was going to say, we wanted to find out what happens if you turn off the agent? And the answer is it stops reporting in.

Charles Edge:
Well, I mean [inaudible 00:23:50].

Marcus Ransom:
Exactly what it says it does.

Tom Bridge:
Yeah. I was going to say, it does what it says on the tin. And so it might come back on a next restart, but it might not. And so we had to figure out, all right, what’s the way that we can distribute to a macOS 13 device, and only macOS 13 devices, a login items payload that essentially says, “Our stuff is our stuff. Please leave it alone.” Because that’s the whole thing, right? You need a set of payloads that are going to protect the things that you actually care about. The security tools that Fiona was mentioning.
Here at JumpCloud, we’re a CrowdStrike Falcon shop. And so I’ve been talking with Ryan, who’s our IT manager, and I’m going to give him a gift tomorrow, which is to say, “Hey, there’s a managed login items payload now in JumpCloud and it’s available now. Go ahead, go nuts. Push this out. And if you push this out, it’ll go to any macOS 13 system and it won’t go to the other ones.”
That whole process, we started going through. By the time we had resources assigned, it was beta 3. I’d already done some casual checking in beta 1 and just to make sure, hey, does the agent still run? Does the login window work? Some of those key places. Can I deliver a profile that’s new? What happens when I deliver a system management or system preferences pane profile on macOS 13? And the answer is weird things happen. But that’s expected when it’s deprecated. I mean, that’s kind of where it was.

Charles Edge:
Yeah. And deprecated doesn’t always… Deprecated and not supported are definitely two different things, but…

Tom Bridge:
Well, deprecated means it may not work like it’s supposed to, and that’s fine, but it might do something and that might be enough as an admin. And so we’re working to figure out what’s the behavior in those circumstances.
But we had four people do a full regression test. We have four separate test rails for the different pieces of JumpCloud that get tested at various points. We tested in beta 3 and 4, we tested it again at beta 9, and then we test with the release candidate. And of course, that was-

Charles Edge:
[inaudible 00:26:07].

Tom Bridge:
I was going to say, we chose to trust that Release Candidate 2 was not a massive difference than Release Candidate 1. If we find something else later, I will happily dive on that grenade, but I fully expect that we nailed out a couple of things. We did actually supply a couple of things to Apple they we’re like, “Hey, we think you should fix this. This is something that was broken.” There was something weird when you installed our installer package, it was flagging installer as the process that needed full disk access and not the JumpCloud agent that was installed by installer. And they fixed that around beta 8, beta 9, someplace in there. Or no, it was beta 10. And that was a big relief because we were busy trying to figure out how can we fix this? And the answer is we can’t, they have to.

Marcus Ransom:
So especially when you’re approaching from product point of view rather than admin point of view, and admin has the benefit of being able to push out profiles and policies and commands as soon as they’re working, whereas a product team has to understand what the changes are and then feed that back through the pipeline and deal with all of the dependencies in however many years of legacy code and technical debt. And as you were mentioning, assumptions and things where you’ve hoped, or based on prior knowledge and experience, are going to work in a particular way, and then go through your own QA testing and backlogs of other competing platforms.

Tom Bridge:
This year was different for us. This year we actually… Last year we had a bit of a surprise that PAM modules were suddenly protected in beta 5. Thankfully, there was no equivalent this year, but this year’s challenge was totally different and it involved, of course, software update. And the challenge that we faced this year was that there were some undefined behavior, and definitely unexpected behavior. And essentially, the response that we got from Apple in this regard was, “Hey, you should use the MDM software update commands.”
And so, we kind of looked around and we were like, “Okay, I guess we have to build the MDM software update commands.” And so we’ve been doing that for the last six weeks. By the time this episode ships, we should have them out. And that’s been the effort of approximately 18 people.

Charles Edge:
It’s crazy when you have something on the backlog for multiple years, potentially, and all of a sudden you have to pay that technical debt down for three, four different cycles, whatever your cycle’s called, according to what paradigm you use.

Tom Bridge:
Right. Sprints, a quarter. Exactly.

Charles Edge:
Yeah. But it’s wild that… And you see it time and time again that all of a sudden, boom, you have to do that. Now, Marcus, just out of curiosity, so we’ve heard two very different ways of going through this. If you were to go back to your consulting days, I know it’s a long time ago and a very traumatic experience.

Marcus Ransom:
Please don’t take me back there. Please don’t take me back.

Charles Edge:
Just for a moment, if possible, is there anything that you can add to this that was from your experience then?

Marcus Ransom:
For me, the line of, “Don’t test this on production devices,” rings true. You don’t want to test it in production devices, especially with the earlier betas, but you do very much want to test it in production. And so, Fiona’s comment about security tools was always the biggest challenge where spinning something up on a VM or a test device and going, “Yep, everything installed,” and then closing the lid and going, “Wonderful,” that doesn’t float the really odd, unexpected, or unintended problems to the surface.
Whereas finding a user who’s prepared to at least for a morning or an afternoon give it a go on a device, and then provide unbelievable feedback as to the complex, “No, JS is doing a strange thing over here,” that are things that I would never be testing. And so, that was always probably the biggest hurdle is the security tools that didn’t run or the security tools that you knew would probably run quite beautifully if they’re able to be configured to acknowledge the new operating system and not lock it out using some sort of conditional access.

Charles Edge:
That’s a fair point, because also the string is different for what operating system it’s called.

Marcus Ransom:
Exactly. Yeah. And so being able to work to provide exemptions in those scenarios. Like, can we work with the security team to allow this engineer in a very safe and controlled way to put this through its paces in a very specific timeframe so we can learn more about it. And that’s where you discover, especially as a consultant where you’re sort almost fly in and fly out with their environment, discovering the 32 bit software that nobody had ever bothered to tell you they use because part of their onboarding workflow is everyone deploying it manually and it’s not in the MDM or anything like that. Finding out the unknown unknowns, for me, was… Because there’ll be one of them that will be an absolute deal breaker.
But much like the Mac admins community as well, being able to say, all right, well I’ve got maybe 30 different customers I’m looking after, what are the parts that are similar? And we can leverage what we’ve learned with the other customers and be able to go to them and say, “Hey, we notice you’re using this security tool, this security, this security tool. Can you please sign up for the early release?” Or, in the case of Ventura, “Here’s your background login items profile that’s going to work in your environment. We just need to deploy this out and then tell me if you’re getting any popups.”
So, they’re the sort of approaches I was taking as a consultant. And as a sales engineer, the approach is still quite similar except it’s just having conversations with customers about making sure they are doing the testing.

Charles Edge:
You don’t have to fix it anymore.

Marcus Ransom:
Yeah. Well, I sort of do in a way because we want people to have a great experience using it. And being able to leverage the community as well, where if they are in a position where they don’t have the time to start looking at it, being able to nudge them in the direction of things that they really should be paying attention to, like software update deferrals, and when maybe a software update deferral doesn’t defer software updates, of which we’re very glad they will for 30 days, for now.

Charles Edge:
Bringing it back to the guest, our wonderful guest who decided to join us, what would you say is the most impactful stuff… You mentioned security tools, so I’m going to guess that it starts there because that’s just a must-have. But what are the most impactful stuff people need on 0-day, or one-day, as someone pedantically pointed out on Slack the other day?

Fiona Skelton:
Yeah. So, SecOps has to be happy, but beyond SecOps, basically it’s access. It’s business as usual, is the answer to that question. They need to do their job. They actually don’t really care what operating system is running on their device. We care because we want the latest one running and we want it secured. But they need to know all their tools and critical resources are running. So, can they actually install their dev tools? Does their Homebrew move a path that now everything’s broken and does anybody know how to fix that? And also, where are the support tools? So what I do is I set up a… we use Slack like most people, so a Slack channel to say, “If you a problem and you’re a member of the AP group, you might have broken your device. You sort of signed up for that. Here’s where we all are. Come and talk to us. I may not know how to fix it, but another dev who’s done the same thing might have fixed it before you.”
So yeah, having the lines of communication open, because we have 15 offices around the world, not everybody comes to the offices and that’s fine. To have the comfort resource that, “We’re here for you, come and talk to us. But also you did sign up that if you break your Mac, you might have to do something to fix it. There are ways to do it, and you’re a dev, you should know how to sort of roll it back.” You can’t really roll it back as you know, the Mac, but you can blat it and downgrade it, sort of.
Yeah, I think that’s the most important thing. Can you work as usual? Does your authentication work? Can you access all your network resources that you require to do your job?

Tom Bridge:
Deploying, managing and protecting Apple devices at work shouldn’t be difficult or require several solutions. Mosyle is the only Apple unified platform for business. By combining enhanced device management, endpoint security, internet privacy and security, single sign-on and enhanced apps management into a single Apple-only platform, businesses can now easily and automatically deploy, manage, and protect their Apple devices with one solution and at an affordable price.
With a solution for every business size and the best support in the market, request your free account today and see firsthand why Mosyle is more than an Apple MDM. Mosyle is everything you need to work with Apple. To learn more, visit business.mosyle.com. That’s business dot M-O-S-Y-L-E dot com.
So, let’s just take an example here, and obviously here on the Mac Admins Podcast we love printers. We love them in our environments. We love them on fire. No, no, we don’t love them on fire. I’m sorry. We don’t…

Charles Edge:
Unless they’re Fierys, then we love them on fire.

Marcus Ransom:
Then we adore them.

Tom Bridge:
Yes. So, Apple changes our scripting options, but we need those printers to work or the help desk gets lit on fire by our users. Have most of those moved to package installers and profiles or is there still plenty to do with scripting for the Common UNIX Printing System?

Fiona Skelton:
Interestingly, when I worked for an MSP, I supported the number of architecture firms and we’re looking at the big Xerox printers, we’re looking at PaperCut and also other wonderful intermediate drivers, things that you have to contemplate service. I don’t deal with that anymore, but when I did, I used to use lpadmin, I thought it was fantastic, because you have options to configure all the tailored print environments. So a company using PaperCut that charges by the page, and the default would be color. Unless you spent ages setting up all the defaults, you would basically have a problem where somebody would print something color and they wanted it in black and white and it’d gone through PaperCut and charged them a fortune. So I loved lpadmin for that. I loved the scripting aspect of it. You could tailor it. It would deal with authentication, timeouts, you name it. It was brilliant.
However, my current environment is just really basic. So, just certain people want to print stuff out for finance, et cetera. I literally now just use a printer default PPD, maybe a custom one, that’s fine, and then just set up a policy that pushes out the driver and maps the printer, and I bung it in self-service and it’s sort of help yourself. I’m lucky I have a very basic printing environment now. I didn’t use to have that printing environment.
I do think it’s one of the worst things you have to cope with, especially in a work from home environment as well. And also the fact that I’m trying to configure printers in Mexico maybe that are in an office that there’s no way I can actually physically get to. And then someone decides to go out and buy an AirPrint and then bring it in, which we don’t allow in our network, and then they’re up in arms that, “I can’t get it to work.”I’m like, “Yeah, okay. Take it back to the store.”I also don’t like the fact that lots of companies now, naming HP for instance, have a massive driver package, which isn’t very enterprise friendly. It’s like, “Install every single driver we know,” which is fine if it’s one person with a little printer at home, but not great in an enterprise environment. They do offer enterprise tools, which is great, but I’ve realized they have stopped working in the past couple of years. They don’t have the latest drivers. So you’re stuck with this massive package or you’re stuck with generic drivers or installing everything yourself and hand picking out the PPD.
But yeah, I’m lucky that I don’t have that overload of printer support that I used to. But yeah, abandon all hope, ye who enter here from the CUPS and printers and yeah, the MacAdmins Slack channel, is very true.

Marcus Ransom:
As someone who clearly must have had a love of not just printers but plotters, given your background, I’ll get James to throw in into the notes, he keeps sending me these TikToks to these cursed plotters just to upset me. Given how much they upset me, he’s probably not going to stop anytime soon. So, we’ll get James to put those into the link so that everybody else can be upset by these cursed plotters as well.

Fiona Skelton:
The Fiery drivers are a nightmare. I thought they’d stopped making drivers, and I was like, “You know I can’t support that anymore,” but apparently they’ve started making them again. So apparently you can if you really want to.

Charles Edge:
We’ll make your life better. No, just kidding.

Marcus Ransom:
Hearing you talking about the cost of prints reminded me of having to deal with a unified print queue where a university I worked in wanted a single print queue and then you could just go up with your student card and swipe whatever printer you wanted it to come out of. And for multifunction A3 printers, it was absolutely fine. And then we looked at the photography department where they also wanted these gorgeous photo quality inkjet A0 roll printers that they had to work the same way. And it was just like, “No. Just no.””Oh, but we’ve spoken to the manufacturers and they reckon they can get it working.”
And it’s like, “But for me that’s even more reason to say no.” These are very separate.

Charles Edge:
I do feel like the printer trauma is real and we could spend another three hours in therapy about this and get nowhere. But I would say printers are one thing we script, what other aspects have moved from scripts to other means of deployment and probably MDM?

Fiona Skelton:
Probably most things you can now do via conflict profile. You may want to prefer to script it, but definitely things like authentication, so Jamf Connect, X creds, whatever, that’s all now config profile based. We can obviously deploy the agent. You can now FileVault. You can update all your applications, be it Chrome, be it Microsoft. I actually like that with config profiles. I’m not keen on Microsoft products, never have been. But I do find that the conflict profiles for updating works much better than the scripting solution. Absolutely. Also, things like security remediation. So you can do CIS benchmarking using configuration profiles rather than scripting solutions.
So, it works well for lots of things. And obviously we’re stuck with a lot of the PPPC. Some things do work very well and you have to do or work much better, like configuration profiles.

Marcus Ransom:
It’s very much, for me, a sign of a vendor who gets it when you see them offering a configuration profile to manage their settings. It’s, “Ah, they’re paying attention. That’s great.” And especially if they offer the keys in that configuration profile as selectable text in their support guide rather than a screenshot, that’s an even better sign that they really understand what we need to be able to do to get their product to sing along nicely.

Fiona Skelton:
Yeah. Because unless you have some Rolls-Royce MDM solution which offers lots of customization, you are stuck with the more limited Apple MDM. And so yes, it’s better for the vendor to offer that, absolutely.

Marcus Ransom:
But even to understand yourself what’s going on in those profiles as well and to be able to pick and choose rather than just blindly deploying things signed by the vendor and hoping that it’s aligned to what you’re doing and hoping that it stays working during the betas. Having the documentation behind those profiles. When you see vendors that get that sophisticated that they understand what items you may want to have in one profile to rule them all and what items you may want to separate out into individual profiles because the settings may be different across your fleet. But then there are also things where you’ll see things in configuration profiles that sometimes have no business being in configuration profiles as well, looking at some printing companies. But at least it’s a sign that they’re trying to get there.

Fiona Skelton:
I think the thing I have with conflict profiles is if you inherit somebody else’s MDM estate, you have to do a lot of trawling through to make sure what you are deploying is not conflicting or reversing or damaging previous conflict profiles that are already applied.

Marcus Ransom:
Especially looking at Apple’s move towards declarative MDM as well, which seeing that working is a sight to behold, in the limited ways that it works currently. But looking at what the future is and realizing this is all about finding ways to more effectively deliver configuration profiles in MDM commands. Vendors who are not on board with this are going to struggle, whether it’s software vendors trying to manage their product, whether it’s being able to deal with things like we’ve seen with the background login items and wanting that to apply at a very specific time, but also to not be applied outside of that time. Would you agree that any Mac admin that’s not looking for configuration profiles to be the answer is likely to struggle?

Fiona Skelton:
Oh, absolutely. I think there’s still room for both. There’s room for scripting and there’s definitely room for configuration profiles. And we’re moving more towards configuration profiles. You have to get on board whether you like it or not. And it’s definitely the way to go. And I think it will make life easier. You need less technical knowledge to apply configuration profiles. So I’m doing myself out of a job here, but yeah, I think where I’m coming from.

Tom Bridge:
As you look at the environment that you’re in, what is needed to stay scripted is part of your testing. And if you look at this year’s cycle, was there anything that you were able to automate in new ways?

Fiona Skelton:
Some things do have to stay scripted because of the previous comment with regards to vendors, I’m still having to find scripted solutions. I’m not going to name names, but our VPN supplier doesn’t look at manage profiles. So to set the remote portal, I have to use a scripted solution. I’m sure at some point they’ll fix that, and that’s fine, I use a script, not a problem. So some things have stayed the same.
I still prefer scripts for things like to notify end users something’s going to happen. So, I love DEPNotify whilst the Mac’s building. “Here’s what’s going on. Sit back, relax.” You can customize it. You could make it sound friendly, You can even add their own names. I like it for trigger policies. So it’s certainly using Jamf, all I have to do is update a policy for the latest software package and job done. I don’t have to change the triggers. I don’t have to touch anything. I don’t have to remove and reapply a thousand configuration profiles to change anything. It’s literally just a policy that’s looking at the same trigger in a script that’s running. So, I find that cal commands and scripts help so I don’t have to keep replacing packages, et cetera.
I think my main thing is, it’s the customization that I like and the efficiency of a script. Once you’ve spent time doing it, it’s very easy just to edit without removing and adding the end user, the end device configuration profile and then hoping and praying that the MDM config reapplies and they’re not still stuck with the old one, I think. I see value in both and I use both, and I’m using more configuration profiles and less scripts, absolutely, and that is the way we’re going.

Tom Bridge:
I will say, getting a properly built script or building that tool that you end up deploying is one of the most satisfying feelings. Just firing that off and making it go, making that power something like a DEPNotify and making that power install a specific application that’s complex and a little bit weird, that feeling is hard to beat.

Fiona Skelton:
Self-indulgent of us. We’re very self-indulgent.

Tom Bridge:
But it’s a hard thing though, the number of times you have to run it and fail and run it and fail. And then in the era before Erase All Content and Settings, you’re like trying to do it in a VM with a snapshot, or you’re wiping the machine and it’s a 60 minute pain penalty in the event it doesn’t quite go right.

Marcus Ransom:
But it also, hearing you describe it in that way gave me this déjà vu thinking back to… I’ve just had a complete mind blank remembering the tool that Apple gave us or was it… No, it wasn’t Automator that we’d use for building modular images. So rather than just taking a DMG snapshot of an already built machine, actually breaking down all of these workflows and building out the installation workflow. So that as you were saying, you could say, “All right, well the only thing that’s changed is this application’s uploaded so I can just modify that piece and have this sense of confidence. And unless something’s gone horribly wrong,” which in my case it often did, “this should just still work with the changes made as before.”
So, do you find, with the scripts that you’re still using, do you try to put logic in to allow the same script to work with multiple versions of macOS or in multiple scenarios, or do you find it’s better to split things up into individual scripts for very specific purposes?

Fiona Skelton:
I just try and use Bash, because everything’s built on Bash, isn’t it? I mean, yeah, there’s Z Shell, but it’s just Bash with extra functionality. My attitude at the moment is if it works with Bash and it’s still working, then I’m good. Obviously, like anybody with Python, and we had tons of stuff which was fantastic with Python, but it went in Monterey 12.3. We knew it was going, we knew it was going. It was going in 2019 and that’s fair enough. And like every other Mac sysadmin, I was scrawling through my MDM solutions thinking, “What Python scripts do I have that are now not going to work anymore because I have to replace them?” And I had quite a few in ADE, absolutely, I inherited some, fair enough. Other people did fantastic jobs and they worked at the time.
And then you get the Jamf errors, et cetera, coming up with, “There’s an unknown error.” It’s like, yeah, you knew it was some Python and script, some background third-party hook that was falling over and you couldn’t quite figure out what it was.
So yeah, my attitude at the moment is, yes, can’t use Python. I’d love to, and if I do, then I roll out a Mac admins Python. Because yes, that’s a solution. For instance, I’ve got a WiFi issue going on at the moment, which Python might be my only solution. But in general at the moment everything’s working for me just sticking with Bash. But yes, you have to keep an eye on it and I’m monitoring very closely when scripts will start falling over again and whether I have to start using Z Shell.

Charles Edge:
Now, I don’t know why it never occurred to me until just now that you could probably write a Ruby interpreter for Python so that anytime anyone ran a script that used Python, it would actually just wrap it into Ruby and run it in Ruby, which is still built in because it’s so much more useful than Python. Not at all. Anyways. So, Tom, you have the next question, right?

Tom Bridge:
You guys use Nudge, if I’m correct. So what was it like getting that working with Jamf Pro?

Fiona Skelton:
It was very easy. It was certainly a game changer. Compliance has gone from like 40% to 95% within 10 days of a patch being released.

Tom Bridge:
Oh, yes.

Fiona Skelton:
Once we’ve obviously done testing. I don’t just deploy it without initially going, “Does this break anything?” I did start off with a config profile method and it worked fine, but I switched to the scripting method, which I think Dan Snelson, yep, is the originator of that and I thank him a great deal for that, because I find it much easier to customize, the language, the text, just resetting JSON, just everything. Again, I didn’t have to reapply and change the configuration profiles. I change two or three parameters, test it and kick it off. If I did the config profile method, it would be more work, and again, worrying that all the devices had received the new configuration profile. Declarative, I think might solve my problem. At the moment though, this is what I’m set with.
Also, adding things like the kickstarts, the software, because of software updates, so have to give it a good kickstart. You know what I’m talking about. To stick that in as a Jamf policy in the script was also a game changer. Made my life so much easier. It’s like, “Here are the instructions. This is the notification. I’m locking you off everything after two weeks or 10 days. You’ve had all the time in the world to do updates. You didn’t, now you can’t do anything until you do it. First thing is you go to self-service, hit this button, it will kickstart software update, then it’ll bring you to the pane and let’s hope, fingers crossed, and nine out of 10 times you could see the update appeared. If it didn’t, sorry, you’re going to have to reboot your Mac. That’s life. Thanks Apple.”
I also love the fact… I had a competition to design the logo. So what are we going to put on our Nudge? What’s going to be our logo? It got everybody totally engaged. I got some very silly submissions, but it was real fun. Everybody in IT was totally on board. And we came up with a great solution, and I didn’t have to design it myself either. Turns out some people are really good and very creative.

Marcus Ransom:
I see what you did there. So it’s a bit like nerds sniping Mike Linden to say, “I reckon you can’t do this in Python,” and then 30 seconds later he’s proven that you can. So what you’re saying is for branding, rather than trying to create an icon yourself and then getting people upset is crowdsource it internally.

Fiona Skelton:
Yeah. We wanted the company logo, but we also wanted something to say this is a system setting or software update. So I needed somebody with better design skills than myself to create something. Yeah. And exactly. It’s like, “Can you beat this? This is my…””Oh yeah, I can do much better than that, Fiona.””Fantastic. Thank you. I’ll just steal that.”

Marcus Ransom:
So what’s the response from the security team been regarding that achieving those levels of compliance?

Fiona Skelton:
The securities director’s new best friend. Yes.

Marcus Ransom:
Because so many people are sort of saying, “Oh, we need the ability to be able to send a command out at three o’clock on a Tuesday to update everyone’s machine. But the problem we’re having before is that the CEO happened to have an all-hands on at that time and it had rebooted their machine, and also everybody else in the audience or playing along from home.” And the concerns I’ve found about using tools like Nudge to maintain compliance with the operating system seem to be far outweighed by the actual results that organizations are seeing. Which are, oh, the good old days when we could push a delta package out to our whole fleet. Because that always worked beautifully, didn’t it, from memory when we did that? There were never any problems with those packages not working or machines not behaving the way you wanted. Much like the icon, crowdsourcing the users to update their machines so they don’t get harassed by a beautifully branded dialogue seems to be pretty awesome.

Fiona Skelton:
Yeah. And the great thing about Nudge is you don’t have to put it in fully aggressive mode. You can tailor it. You can give X amount of days, X amount of popups, and then you can say the certain apps that you’d force quit. You can force quit all their apps. Sorry, put them in the background. There’s lots of ways to do it.
I also do sort of delayed scoping. So I’ll scope a certain amount of people and I’ll watch results, and I’ll leave EAs and execs to the end if I feel like it. Although, I think they should be leading by example, so I’m in two minds about that. But if I realize there’s some big conference coming up, they’re in a separate scoping group and I don’t scope them until an appropriate time. It’s very customizable. That’s what I love about it. And so is Jamf with the scoping.

Charles Edge:
I feel like a tagline for Nudge could be where SecOps meets PSYOPs, in a way. You know?

Tom Bridge:
What a great way to put that.

Marcus Ransom:
Exactly.

Tom Bridge:
Yeah, no. I think that’s fantastic.

Fiona Skelton:
Yes. I actually shook Dan Snelson’s hand in JNUC to say thank you.

Charles Edge:
He’s a great guy.

Marcus Ransom:
Speaking of JNUC, you’ve just been to JNUC, which I’m very jealous of. What was it like this year to be back in person with people who have actual legs beyond the little Zoom window you get to see?

Fiona Skelton:
It was great. I mean, San Diego’s fabulous location to begin with. And thankfully I did avoid COVID, which was also good because you’re amongst lots of people so you never know. I was very fortunate. I was sponsored by Jamf. I won the sponsorship, so I got to meet the C-suite, which was fantastic. So I got to connect with tons of great people. The speakers, the official Apple and company presentations were great, but I think… In my honest opinion, what I really preferred were those given by the Mac admins for open source solutions, such as Dan, about these new beta opt-in in groups, automating that, and CS benchmarking, which I think was Mischa van der Bent, I might be wrong.

Marcus Ransom:
Mischa had a great session on that, yeah.

Fiona Skelton:
Yeah. I love more the open source. Maybe I’m just a cheapskate, I don’t know. But these are genuine people who are sharing and enthusiastic about their knowledge and not particularly trying to promote a company or a resource. It was all great, but I think I prefer that. Also, obviously, the hallway conversations and just getting to have lunch and dinner. And the sponsored evening events were definitely my highlights. Connecting with Mac admins and how have you solved challenges? We all have the same challenges, I think. We’ll work for different organizations, be it corporate or be it educational. We literally have security, updating, providing resources, VPN, we all literally have the same issues or very, very similar issues updating. Lots of similar problems. So it’s sharing insights.
I met one guy from Ikea who, I talked about Nudge, he manages 30,000 Mac devices. So that was like, gosh, what am I complaining about? I’ve got like 2,000. So I’m hoping I helped solve some of his problems. So that was great. I think it’s just meeting other Mac admins and realizing we have exactly the same problems.
I also was very grateful. I’m actually the co-chair of the women ERG of the company I work for, and I managed to spend some time with the chair of the women ERG, Employee Resource Group, for Jamf. And we swapped ideas of how we promote women in tech.
And obviously, yeah, the big thing though has to be, and obviously this is a podcast, but my son got it. I made a mini fig of my son, Lego [inaudible 01:01:13].

Tom Bridge:
Oh, cute. Love it.

Fiona Skelton:
Yeah. That was the highlight. No, it was great. Yeah. I enjoyed every minute of it. Very tiring, exhausting, long days, but yeah, worth every second.

Tom Bridge:
Absolutely.
Here at the Mac Admins Podcast, we want to say a special thank you to all of our Patreon backers. The following people are to be recognized for their incredible generosity. Stubacca, thank you. Adam Selby, thank you. Nate Walk, thank you. Michael Sai, thank you. Rick Goody, thank you. Mike Boylan, you know it, thank you. Melvin Vives, thank you. Bill Stites, thank you. Anoush d’Orville, thank you. Jeffrey Compton, M. Marsh, Stu McDonald, Hamlin Crusen, Adam Berg, thank you. A.J. Petrepka, thank you. James Tracy, Tim Perfitt of Twocanoes, thank you. Nate Sinal, Will O’Neill, Seb Nash, the folks At Command-Control-Power, Stephen Weinstein, Chad Swarthout, Daniel McLaughlin, Justin Holt, Bill Smith, and Weldon Dodd. Thank you all so much. And remember that you can back us if you just head on out to patreon.com/macadmpodcast. Thanks everybody.
So, here on the Mac Admins Podcast, we have a tradition of a bonus question. This year’s bonus question is in fact beta themed. Where else in your life do you use all the betas and keep up with all the changes outside of being a Mac admin?

Fiona Skelton:
As I just probably stated, being part of the women at Hootsuite ERG, I’m very passionate about women in tech. I certainly saw at JNUC that I was one of a few amount of individuals that identify as women. What I do try and do is I devote some of my spare time to speaking at universities and at communities, at organizations that support new immigrants to stay and study and work in tech to try and raise awareness, and I offer myself as a mentor for that. So that’s something that I’m passionate about.
For myself, obviously, I have a 13-year-old son. I’m a recent widow, so a lot of my time is spent building his confidence and happiness in life, rebuilding our lives, and just to encourage him to be the best he can be, to be inclusive and respectful. So that’s very important to me at the moment. From a fun perspective, I love English whodunits. Film and literature.

Tom Bridge:
Oh, yes.

Fiona Skelton:
I just love spending time with friends. Yeah, it’s an old British thing. I was brought up reading Agatha Christies, I just love them. It doesn’t have to be Agatha Christie, but anything English whodunit, I absolutely adore, even down to attending dinner parties where someone pretends to be murdered. That’s a great thing to do. Yeah.

Charles Edge:
All right, murder mystery party at your house. We’ll bring the food.

Tom Bridge:
Absolutely.

Charles Edge:
And yeah, no, I’m in.

Fiona Skelton:
No, it sounds good. Except if you’re the murdered person, you have to sit… Yeah, you never want to pull that card because you don’t really have much of a fun evening.

Marcus Ransom:
So I know the answer, the rest of it’s just trying to avoid letting it slip.

Tom Bridge:
How about you, Marcus? What areas of the world do you like stay up with all the latest?

Marcus Ransom:
It’s interesting hearing Fiona talking about your 13-year-old. For me, it’s a similar sort of thing with my kids. And inadvertently discovering that what I was trying to do, keeping up with my daughter who’s on the spectrum, and then that realization that, oh, that’s actually me as well. And all of the developments with neurodiversity and trying to understand what that actually means and how the world is changing with its approach to it. So that’s probably a big thing for me. Either that or making sure that all my WiFi stuff is running the latest betas and then instantly regretting it. What about you, Charles?

Charles Edge:
Oh goodness. I think your last comment there on running the latest betas and instantly regretting it has been the last 40 whatever years of my life. Yeah, I would say-

Marcus Ransom:
I think my brain is still running the first release out of dub-dub-DC beta, I think would be the best way to describe that experience. And we’re still waiting for the release notes to appear on the CDN.

Charles Edge:
Yeah, I feel like family and all that, I have stopped running betas on all HVAC, all AV, all… Especially since moving to Minnesota from California. You really don’t want betas in January on your HVAC. The one place I still do it, so I have one 3D printer that I don’t run any betas on at all. It’s always running 24 by seven, just cranking out things. But the other two 3D printers, I run betas on just because, you know, why not? But I feel like I’ve removed that kind of thing from everything outside of day job because it’s so critical for day job. And once you’ve had to screenshot entire chapters because RC one and two have different shadings from some of the betas, you’re just like, you know what? I want nothing to do with that. I want it to just work. No hacking around. How about you, Tom?

Tom Bridge:
So, this one’s really nerdy and I really apologize, but if we figure that the beta equivalent of a new regulation is the Notice of Intent. Here in D.C., they have to publish the Notice of Intent before they build the bike lane. And so I spend a lot of my time reading the traffic diagrams and all of those things around building safer streets in our community. And so I spend a lot of time reading Notice of Intents, and I spend a lot of time writing letters about them. I have become the person that is super boring and writes letters to the city about bike lanes and stuff based on, what is it? The National Manual of Traffic Safety and stuff like that.
So yes, those are the kind of things I love. It’s beta legislation, I guess, is probably the best way to phrase it.

Charles Edge:
Interesting.

Tom Bridge:
That’s where I live, is making sure we get good safer streets. Someday I will let Charlie ride his bike someplace. Right now, not so much. But we’ll get there. I mean, he’s getting older, he’s getting better on the two wheels, and that’ll help.

Charles Edge:
Cute. As far as beta legislation, for anyone not paying attention, Gonzalez versus Google, which could potentially overturn Section 230 of the legislations that basically created the internet as we know it today. Not the technical side, but the way that it’s adjudicated. That is a trillion dollar question, how the Supreme Court’s going to decide that and what the case… Because 230 impacted how England and Australia and most other free speech based Western democracies legislated the internet. So I think that’s probably… I’m almost afraid to know what the beta version of a post-230 world looks like.

Tom Bridge:
Yeah. And I was going to say, we’ll find out a lot more about what happens to Section 230 of the Communications Decency Act here before too long. And it’s going to be a big difference. There’s a possibility of a deep-

Charles Edge:
Or it might not be.

Tom Bridge:
I mean, it’s very possible. But I think that the fact that it was granted certiorari, which means the Supreme Court will hear the case, is generally an indication that at least four of the justices really want to take a look at this. I will find a link and put in the show notes to an episode of Rational Security from Lawfare that dealt with this at least in part. And it was very, very interesting. I think that the reason for the law initially is one thing, and then the way in which the law has been implemented was another, and then it’s become this cornerstone of social media.

Charles Edge:
The twenty-six words that invented the internet, I think is what’s the book’s called. There’s a book. I didn’t make that up, I borrowed it. It’s a great little book if you’re super legal nerdy.

Tom Bridge:
And of course, that’s probably a Tim Wu, isn’t it? No, it’s not. It’s Jeff Kosseff. I will find that book and I will throw it in the links here. And yeah, I was going to say a really interesting read, that’s for sure.
Fiona, thank you. Thank you, thank you so much for joining us tonight. If folks want to find you on the internets, where should they go looking?

Fiona Skelton:
Maybe find me in the MacAdmins Slack channel at the moment. That’s probably the best answer to that.

Tom Bridge:
Fantastic. And so, we’ll see you on the MacAdmins Slack, and thank you so much for spending your Sunday with us.

Fiona Skelton:
Yeah. No problem. It’s been great. Thank you.

Tom Bridge:
Wonderful. We’d love to have you back in the future. Please tell us you’ll come back.

Fiona Skelton:
Yeah, no, absolutely. If you want me back, yeah, sure.

Tom Bridge:
Absolutely. Fantastic.

Marcus Ransom:
We’ll get you back on for the episode when Apple deprecates printing entirely in macOS 19 or something like that. And we can celebrate the end of it.

Tom Bridge:
Oh yeah, the party, man. The party. That’s going to be a party. But thanks of course to our wonderful sponsors this week, that is Kandji, Black Glove, Mosyle, and Meter. Thanks everybody, and we’ll see you next time.

Charles Edge:
See you next time.

Marcus Ransom:
See you later.

Tom Bridge:
The Mac Admins Podcast is a production of Mac Admins Podcast LLC. Our producer is Tom Bridge. Our sound editor and mixing engineer is James Smith. Our theme music was produced by Adam Kudiga the first time he opened GarageBand. Sponsorship for the Mac Admins Podcast is provided by the macadmins.org Slack, where you can join thousands of Mac admins in a free Slack instance. Visit macadmins.org. And also by Technolutionary LLC. Technically, we can help.
For more information about this podcast and other broadcasts like it, please visit podcast.macadmins.org. Since we’ve converted this podcast to APFS, the funny metadata joke is at the end.