Episode 295: Just Us – Ventura and iOS 16 – How are they going and what do we love/hate?
iOS 16 was released on September 12 and Ventura on October 24. We all went through the rollercoaster of the post-WWDC Betas, but how have they both fared out there in the wildlands of prod? What features do we love and which still need a little work? In this episode, Tom, Marcus, and Charles chat Ventura, iOS 16, and even a little about Tom’s awesome holiday sweater!
Hosts:
- Tom Bridge, Principal Product Manager, JumpCloud – @tbridge777
- Marcus Ransom, Senior Sales Engineer, Jamf – @marcusransom
- Charles Edge, CTO, Bootstrappers.mn – @cedge318
Transcription of this episode brought to you by Meter.com
Click here to read the transcript
Meter is the easiest way for businesses to get internet, networking, and WiFi. Our full-stack approach combines hardware, software, and operations so that any company can seamlessly run on a reliable and modern network.
- Streamlined installation: We take on the complexities to make designing and deployments easy, fast, and stress-free. We manage the entire installation process, and provide ongoing maintenance and support.
- Network hardware, security & management: We design and build our own controllers, switches, and wireless access points. After the network is deployed, review your speed, usage, and security in one unified dashboard. No need to hire vendors in every location or have IT teams fiddle with manual configurations — everything is automated with our software.
- Simple pricing: Pay one monthly rate with no up-front costs for installation, configuration, or hardware.
Sponsor Read:
This week’s episode of the Mac Admins Podcast is brought to you by Kandji. Automation in IT is a hot topic and for good reason. Automating repetitive tasks frees you to focus your skills on more strategic projects that move the needle for your organization. Kandji, the Apple device management and security platform features over 150 pre-built automations to multiply your effectiveness and impact daily. To see how to take the repetition out of your to-do list, visit kandji.io. That’s K-A-N-D-J-I.io.
Hello and welcome to the Mac Admins Podcast. I’m your host, Tom Bridge, and it’s great to be back with you, Charles and Marcus. How are you today?
Charles Edge:
Good. I’ll let you go first, Marcus.
Marcus Ransom:
Well, I’m good too. Thank you for yielding to my chit chat. Now things are okay down here in Australia. Tom has just turned on his camera and I’m seeing the most impressive Christmas jumper that I am going to have to screenshot for in the snow notes, snow notes, show notes. Whereas I’m wearing a t-shirt because it’s not jump weather here in Australia, but I kind of wish that it was looking at that jumper.
Tom Bridge:
My mother sent this to me, she sent me one for me and then one that is, I don’t know, more Christmas themed but not quite ugly Christmas jumper in its theme. So his is more like day-to-day wear. I did wear this out this evening. It has a lovely reindeer on it. So for those of you not in front of the show notes, you can imagine. And imagine a giant fluffy pompom about two inches in diameter where the reindeer’s nose would be. And there you have my Christmas sweater. We wore this out. We went out and saw my former choir perform their winter performance and then had a lovely dinner. So yeah, I was going to say Charlie has shown up to kind of wave the flag because we usually record this after his bedtime, but unfortunately he is still awake because we’ve only just returned home.
But yeah, I was going to say it was a great observance of the season. This is something I have missed so much from the Christmas time year. All of the great choral music concerts that are out there. My undergrad degree is in vocal performance and I miss it intensely. And so it was so nice to go and sit in the balcony at the Church of the Epiphany here in Downtown DC tonight and listen to Bob Chilcott conduct his own piece. They performed Wenceslas, which is his piece. He’s a famous British composer, worked with the Cambridge Singers and a whole bunch of wonderful folks like that. So it was a phenomenal evening and one I will not soon forget,
Charles Edge:
But is he a Chilcott who can write [inaudible 00:03:10]? That’s the real question.
Tom Bridge:
He has a very different set of skills. And I was going to say, I think Joe, if you’re out there listening, I think you’ve definitely got the better spelling on the name because I think the E at the end versus the double T was a totally different ballgame.
Marcus Ransom:
And how are you going Charles?
Charles Edge:
Oh I am good. The snow pack is here. So I’m pretty sure we’re stuck with white stuff for the rest of the year and not white stuff like bears do out in the woods. That’s totally different white stuff. But it’s been a lovely holiday themed … Other than the wallpaper removal. I swore the last two houses that I bought, I would never buy another house with wallpaper in it on principle. And I did and I spent the weekend undoing that mistake.
Marcus Ransom:
If you do wallpaper, do really good wallpaper that you’re never going to want to change is the solution there.
Charles Edge:
Yeah, I don’t think there is such a thing because that glue gets wet and dry and wet and dry as houses get more humid and less and styles change. So even if you get something eternal like a damask print, I don’t think those ever really go out of style. You’re still going to end up having to swap it out at some point, and then there’s glue on the wall and so you’re like, oh I want to paint it, but how am I ever going to get this right unless I have it. What do they call it when they … Nevermind.
Marcus Ransom:
Or you could do what the previous owner of my house did where there’s one wall where we noticed that the strange texture is because it does appear to have about 12 layers of paint over the wallpaper, which is almost enough for you to not be able to tell. But now that I’ve seen it, we were discussing earlier the dangers of being an engineer, having an engineer mindset and home improvements is over-engineering things.
Charles Edge:
Whether you’re a systems engineer or a software engineer, part of the job is archeology. You’re trying to figure out how people built something and how you should integrate around it. And when you start ripping up wallpaper and you see screw holes, or other things poking out or you know realize that someone painted over wallpaper. [inaudible 00:05:48]
Marcus Ransom:
We don’t even feel it. We’ll just scrunch up a 972 newspaper and wallpaper over that.
Charles Edge:
Oh, I opened up so many walls in my last two houses because they were both built … The first house I got in Minnesota was built in the 1900s and you open the wall up and there’s this old wrinkled up newspaper that they used to use as insulation between rooms, which explains why you can hear everything in every room. But you unravel this newspaper and you’re like, wow, this was stuffed in here in the 1920s. They’re talking about …
Marcus Ransom:
My favorite bit of DIY archeology was in a friend’s house that he was renovating. And he showed me this great thing where he’d pulled, you call it sheet rock, we call it plasterboard, off a wall and saw this framing that appeared to have been done three or four times. And you could also see on some of the ply bracing where the, we’ll call them a builder, because they probably had done the calculations for it and there were some glaring mathematical errors there. And then discovered that no, in fact those numbers were not correct.
Charles Edge:
The Egyptians nailed that math and the fact that everyone else hasn’t to this day is astounding. We’ve had thousands and thousands of years to figure out how to make something square.
Marcus Ransom:
So talking about figuring how to make things work and all of the planning that then goes into it and then the actual execution of it once things start to happen. We’ve all been through something like that recently, haven’t we?
Charles Edge:
Multiple times. Every year around, in the fall.
Tom Bridge:
Every year, this time of year. Yeah, in the fall. New operating systems come out, we learn how they work.
Charles Edge:
[inaudible 00:07:48] decade.
Tom Bridge:
I was going to say we spend all summer kicking the tires and approaching it like a blind man might an elephant, trying to figure out what’s that trunk for? Why are these legs so large? And then you know, figure out exactly what it really is when it’s out in the field.
Charles Edge:
And I know from my perspective it’s all gone swimmingly out in the field. But I guess there’s a lot to unpack because there’s these two major operating systems and maybe we should start with tvOS, any problems with tvOS that you guys can think of?
Tom Bridge:
Hey, wait a minute, that’s a trick question. There weren’t any changes to tvOS, were there?
Charles Edge:
My TV updated or my Apple TV updated but I didn’t even really notice. So everything’s great. Love it.
Marcus Ransom:
I suspect there has been an update to tvOS because since the update, the SBS channel app on the Apple TV, which is where the World Cup is being broadcast here in Australia, every now and then needs to be hard reset and started again. When you finish watching a game and then go back to open it up again the next evening for the next round of games there’s Mbappé or Cristiano Ronaldo frozen in time forevermore and exiting the app just does not want to happen. So I’m guessing either I’m hoping something changed. Either something changed or one of the developers of that app just had a bad day. But aside from that, it’s been great.
Tom Bridge:
At least you can watch on an app. I mean I will say that I cannot watch in English on an app in the US because I’m not a subscriber to Fox Sports 1, I’m not a cable subscriber in any way, shape or form. So since I decided not to buy a subscription of that, I’ve been watching on Telemundo on Peacock and watching in Spanish, which has just been honestly the best language lesson that I have ever gotten. Number one because those commentators are so good. And number two because I mean who doesn’t love it when goal goes on for a solid like 90 seconds? I mean maybe I didn’t like that so much in the US versus Netherlands game on Saturday morning. That was less than enjoyable.
Charles Edge:
But the rest of the world clapped so it’s …
Tom Bridge:
The rest. Yeah, I was going to say.
Charles Edge:
I use the YouTube TV app during football season and then I canceled the subscription right after and I get the World Cup games through that and I watched about half the US Netherlands game and then had baby duties so had to abandon that. But yeah, the entire app ecosystem, this episode is not about the weird app ecosystem of the world right now. But this transition away from a lot of people, not for all, but away from the old school cable and satellite to app-based is just been really interesting in a lot of ways.
Tom Bridge:
Well and it’s been fascinating to watch the price point for what amounts to terrestrial basic cable come directly to apps like Fubo and YouTube TV and everybody. And it’s all exactly the same at $65 a month. There I can get Sling for $40 a month but the channels is not a great combo. It’s funny because what you really want is both packages which are conveniently $65 a month. I see exactly what you did there and it seems like all the marketplace may have settled on a price, suddenly out of the clear blue sky, clearly there’s no collusion there. But …
Charles Edge:
Whether there is or not is completely irrelevant to me because I’m paying that during football season so that I can watch my University of Georgia Bulldogs. And I’ve been doing that since they weren’t ranked and luckily they won the SEC Championship this weekend so they’re going to the playoffs where they’ll probably lose to Michigan. But hey that’s what I’m here for.
Marcus Ransom:
I have seen when we talk about the apps, I’ve seen them more and more getting better at integrating with the Apple TV ecosystem. So clicking onto the TV app and seeing the show you want to watch and clicking on that and actually getting the episode that’s queued up or the latest version of tonight’s news. Whereas that had not been my experience in the last couple of years.
Charles Edge:
And by tonight’s news, you mean Trevor Noah? Sorry, that’s how I get my news these days. I’ve given up on the news. It’s just too dower and sad and whatever.
Tom Bridge:
That’s just Twitter.
Charles Edge:
Ouch. So speaking of Twitter or not, let’s actually change the subject completely away from Twitter and let’s talk about iOS 16.
Tom Bridge:
Woo-hoo. I mean I was going to say I think that this is the place where I’ve had both the most excitement and most enjoyable time and also it’s changed the least amount around my workflows. Apple’s tent pole feature for this was obviously the introduction of lock screen customization and the ability to do that. And of course now I have a couple of custom lock screens that are out there. One of them features Charlie on the back because what doesn’t? And the idea that you can one, lock your device into a specific lock screen based on its focus mode is super awesome. I do love those kind of the customization options. I mean obviously it’s a very small number of fonts, it’s a very small number of widget opportunities but it’s kind of cool. I’m kind of digging it so far. How many faces have you guys set up so far for a lock screen?
Charles Edge:
Zero.
Marcus Ransom:
I’m just checking to see what a face is. I know I set up a lock screen. One.
Tom Bridge:
I always think about watch faces. It’s the same customization style as the watch face.
Marcus Ransom:
I did it once for science and I’ve known that every now and then when I bump it or press the screen wrong, the opportunity to create more of them come up and I’ll get to that when I have some time.
Charles Edge:
So Marcus and I are similar Luddites here because I just did the weather one because I live in Minnesota where it’s important to look at the weather so you don’t die. But other than that, I don’t personally find it super intuitive and I haven’t had half an hour to go fuss with it, if that makes sense.
Tom Bridge:
I have set up, I now have a driving face, which is just local weather conditions only and then mutes all my notifications, doesn’t show me anything else there, just gives me some local weather information. I’ve got one for personal mode, which if you saw [inaudible 00:15:01] excellent keynote this year from [inaudible 00:15:04] where Dean was talking about showing his wife that he’s in blue mode. That was certainly something that I could totally empathize with. And so I now have the exact same kind of setting for that because I do have a personal mode, one that just takes away all of work, work goes away, distractions go away. It’s kind of nice. I leave it on all weekend and it’s marvelous.
Charles Edge:
I did not even know you could do that and I watched that keynote. So yeah, Dean’s a decade ahead of me in a lot of ways. So changes to focus mode, are they limited to the lock screen or have you delved into deeper changes?
Tom Bridge:
I haven’t gone deeper than just using the lock screen. I know that there are more options for it this year. I know that obviously this expands outward to accounts that are part of the operating system. So if you have a specified account that’s associated with your work email, you can align your preference around that so that essentially it can even just neatly pick up that account and take it out of mail. I can’t wait till that becomes available to third party mail clients. I live in the Google Mail client now both because Mac and Men’s Foundation stuff is there, work stuff is there, podcast stuff is there, personal stuff is there, and then I have my lonely mac.com email address over in the mail. So I would love to have the ability to filter that better. I’m hopeful that that becomes part of something that’s maybe in the next release of iOS.
Marcus Ransom:
The small amount of work I’ve done sort of dipping my toes in that whole managing lock screens and focus mode and apps. The interesting one for me was that by putting the weather on the lock screen, I’ve realized I no longer need the weather apps on the home screen where they were, and realizing how many things, it’s much faster to just access by pressing right on that lock screen and going into the application that you want then actually needing to then fight for space on the home screen. And then promptly deleted six or seven apps, move them into other places and then decided that I need to probably spend a good couple of hours going through it and filed that away in the to-do list and never got around to it.
Charles Edge:
I haven’t changed anything. I would say I get one tenth the number of notifications that I used to, although I would say that has been by intent because I globally disable all notifications from LinkedIn, the biggest spam app I have now, including mail. Oh I would say no offense to you LinkedIn, but lots of offense to you and I’ve disabled notifications for Twitter. There are a bunch of apps that I’m like I don’t want because it’s not like most of them give you granular enough options inside their notification options to just get what you want to get. You have to get all the crap. So I would say I haven’t done nearly as much as I would’ve liked to there, but I should go through and really reign it in probably. Like Dean, I should have a blue mode for when I’m out and about and not upsetting other humans in my presence.
Tom Bridge:
I mean I do love the notifications changes that we got this year. I feel like that we get a better richer notification structure. I feel like I love the home screen, which kind of starts to stack them up for you and keep them to collected. I still wish that there was someplace I could go to look at historical notifications because every now and again I swipe up on something and lose the notification and it doesn’t go where I thought it would and I have no idea what I just got sent.
Marcus Ransom:
Especially now like avatars are seated across mail messages, everything like that. And so you see the avatar and you’re thinking, oh yeah, that’s in messages and then you realize no, it’s actually not in messages. Okay, was that Slack? Was that Twitter?
Charles Edge:
I do think notifications are one of those interesting places where you can just feel the thought that went into the development of some of those features because when do I need to face ID in order to see the notifications versus when do I not? There are a whole bunch of things there where I’m like, wow. And as a developer you see these like API endpoints and you’re like, oh wow, why is that there? And then when you actually use it, not when you’re writing the code that makes it work, but when you actually use it and not all those features are exposed to SNS from Amazon or some of the other services that do this stuff for you. So some of the developers would have to build it themselves in order to see some of that. But it’s a very intentional set of features that protects the privacy very intentionally of those who use it. And that’s very impressive to me. I’m like, oh wow, I never would’ve thought to do that but that’s why I’m not a developer at Apple.
Marcus Ransom:
And that’s something that’s really, really important. All of these features are clearly designed around, I suppose that there’s no distinction between it being personal consumer use and enterprise use because it’s like the user experience is the user experience. But the ability for those privacy controls to be able to protect corporate data as well, where as simple as ensuring that a phone locked on a meeting room table isn’t going to leak data. Data leaks don’t necessarily need to be cutting and pasting or being able to send something in an email or exfiltrate actual data. It can just be having seen the data, that’s why so much …
Tom Bridge:
A six digit pin.
Marcus Ransom:
Yeah. Or even just looking at something and remembering it can be as simple as that.
Charles Edge:
A text message with the salary of someone like, oh is this update cool? Oh wait, now I saw something I can’t see. There’s so much there. So what about live events?
Tom Bridge:
Well this is one of those other new things. So there’s this spot at the bottom of your lock screen that is intended to be used for live events. And for me right now I have a sticky little alert down there that says health because [inaudible 00:22:07] was telling me, “Hey by the way, did you take your nine o’clock Advil?” Because that’s what I do at 9:00 because I’m now 44 years old. And that’s where things like sports scores, weather updates, news stories, other things like that can go if the app itself has the right set of, is Siri intense and the right set of objects that are supposed to go there.
I’m really excited to see what this turns into once everybody starts to start tinkering with it. I have a feeling that because it’s such a new feature and because it wasn’t really fully documented until the very end of the beta cycle, there really hasn’t been a lot of uptick to this. However, for those of you traveling this winter, if you are flying, there are a couple of great apps that will put your flight status information in those fields, which is a great thing to know as you are rushing through the airport trying to make your connection. You’ll be able to understand what the status of your flight is at that point.
Marcus Ransom:
I got one of those on Thursday that was telling me that I was not rushing because I didn’t want to rush. So I’d gotten there maybe 45 minutes early and it let me know that it was going to be a 3 hour wait and maybe I could really slow down. But yeah, it was able to be seen discoverable and able to be filtered out from all of the other notification noise that we get with all of the chatter that you have from so many things that are on there. And yeah, without even consciously knowing that that was what happened, it was a nice surprise to see how quickly that came through. Now the effort is the airline is also sending me an SMS and also sending me an email. So I did in fact get 20 notifications about my flight being delayed. But that one did come up front and center.
Charles Edge:
And in those cases …
Marcus Ransom:
… front and center.
Charles Edge:
And in those cases where you’re using WidgetKit to display live events or live activities… I think Apple calls them officially-
Tom Bridge:
Yeah, sorry. It’s live activities. I apologize.
Charles Edge:
Yeah, that’s okay.
Tom Bridge:
The nomenclature [inaudible 00:24:16].
Charles Edge:
Yeah, in the Dynamic Island they call it, which… Who doesn’t love that term?
Tom Bridge:
Honestly, I think that the Dynamic Island is Apple’s best design work in a decade.
Charles Edge:
Oh, yeah.
Tom Bridge:
We’ll get to there. We’ll get to there.
Charles Edge:
It’s beautiful. But I would say, in SwiftUI and I just built notifications into something, a project that I’m working on and I hadn’t done so in years. And when you’re working with live events, there’s so much more contextual awareness that you can put into things. But again, you have to do it yourself. You can’t rely on a lot of the third party services that do some of this stuff for you quote, unquote “for free”. So I would say, between WidgetKit and ActivityKit, there’s so much that we can do now.
Because there’s like ARN, and in there, in the message that you send the device, you can deep link within the app. So theoretically I could show Marcus three or four at once. But then if you tap on one of them, it’ll go to a different place in the app than if you tap on another one, which I think is the desired behavior. But it is again, just a very intentional experience, and it’s an intentional experience that’s handed to developers who can then make it an even more intentional experience, I guess, or not.
Marcus Ransom:
Think about 10 years ago as to what it was like getting… The fact that we could get notifications with just… This is sorcery. This is amazing. And think about the sophistication.
Charles Edge:
At that point, we were happy to save the battery, right?
Marcus Ransom:
Yeah. Think of the sophistication of what you can do with it. And these devices have taken over our lives for better or worse. But the ability to be able to harness that, and try and make it a better experience, and acknowledge how important they are into our lives and to address that, is just really amazing.
Charles Edge:
And some of the information that you can pack into those, I can put a variable. I think one of the really famous examples is probably the number of stars of a rating of an Uber driver. So I can put that information like, 3.75 or five into the message that I send. And then in SwiftUI I can say, “Okay, in this itty bitty little stripe of whatever, display these stars or display whatever I can put in there.” In threat prevention, maybe a big red X, don’t answer this call, or don’t open this message, or whatever it is. But I’ve been so impressed. I totally agree, not with your comment, Tom, about some of the best work in a decade. Not just in what I can put in there and the contextual awareness around SwiftUI, but also just in how pretty it is to look at, and how it overlays on top of… If there’s a picture of the baby or whatever it is that your home screen is. So the way that lays out and phases together is just beautiful.
Tom Bridge:
Phenomenal. And it’s such a well thought out feature because it is truly a dynamic element in the operating system. That space. It starts just as the camera bud lozenge and then widens out. If you’ve got a little piece of… If you’ve got a media player in the background, you’ll get a little wave form including incoming and outgoing audio. So if you’re on a call, it’ll show you if someone else is talking to you, or if you’re talking to them. I love the fact that it’s got a secondary bubble that will show up for the second key background task, so that if you’ve got directions going on, you can see…
It even shows you what’s the next direction. Is that a left turn? Is that a 45 degree? Right? It’s elegantly constructed and then when it goes large it booms out to being notification style size, or it can go down into that square for a dynamic action like the face ID. The fact that every feature of that was well constructed and thought out, and made into a coherent hole… One of the things that I’m learning, now as a product manager, is that you have to think about every, and I do mean every, possible iteration of what it is you’re building.
Charles Edge:
Well, that’s according to the developers. Some developers-
Tom Bridge:
Not developers though. I feel like yes, that every developer really wants ironclad use cases.
Charles Edge:
Nope.
Tom Bridge:
They want a solid set of matrix.
Charles Edge:
Some. Some.
Tom Bridge:
Some. Fair. Maybe it’s all five of them.
Charles Edge:
Some get offended if you are too informative about what you want.
Marcus Ransom:
You have to think about every use case. You don’t actually need to fulfill and address every use case, but you do need to take it on board.
Charles Edge:
That should be a case statement, not a Boolean.
Tom Bridge:
Right.
Charles Edge:
Yeah. I think with this specific feature, there’s this activity.contentstate as one of the attributes of activity. And to me, this is where… Loading in this dynamic set of data and being contextually aware, and this is where the going from a Boolean to a case statement. Oh, based on all this information, I know about the state of this device. At the time I’m sending this message, I can really custom tailor that push notification to include what’s important for that person at that moment. As a product manager, that does require a lot more deep thinking than I’m sure Theseus did roaming around in his olive gardens in ancient Greece. So more power to you Tom. Have fun in the olive garden.
Tom Bridge:
Deploying, managing and protecting Apple devices at work shouldn’t be difficult to require several solutions. Mosyle is the only Apple unified platform for business. By combining enhanced device management, endpoint security, internet privacy and security, single sign-on and enhanced and apps management into a single apple only platform, businesses can now easily and automatically deploy, manage and protect their Apple devices with one solution, and at an affordable price. With a solution for every business size and the best support in the market, request your free account today and see firsthand why Mosyle is more than an Apple MDN. Mosyle is everything you need to work with Apple. To learn more, visit business.mosyle.com. That’s business.M-O-S-Y-L-E.com.
Marcus Ransom:
So shared photo library is one I’ve been kicking the tiles off recently. And I’ve been both pleasantly surprised and a little bit disappointed with my use case because clearly my use case wasn’t considered.
Charles Edge:
I haven’t touched it, so tell me all about it.
Marcus Ransom:
So the idea is… So the challenge we had here at home is Vicky and I wanted to be able to see all of our photos that we take in the one photo library rather than separate ones. One of us takes a photo of the kids, we both want to be able to have access to it. When either one of us is traveling, being able to get that timeline of what the other person is doing and things like that. So finally, this was our ability to not have to deal with the dreaded shared Apple ID and set it up. So I was also concerned that like the initial uploading of all of my locally stored photos to iCloud photo library, this was going to take an Australian upload speed years. But no, it literally… I just went, “Hey, I want to move my photo library to be a shared photo library.”
And iCloud thought about it for five to 10 minutes with this beautiful little progress wheel. And then it’s like, bang, now it’s shared. And showed up on the devices. Signed in with another Apple ID on Vicky’s phone, added that to the shared library, and it’s just going, “Hey, here’s all the photos.” So that bit of it was great. Where it fell apart for us is, it’s not necessarily designed for that. So the way that it works with multiple people in the shared library is in the camera application. You can choose whether you want it to go in your personal library or the shared library. If people in the shared library are in the same location, it will default to the photos being taken in the shared library. So if we are together, it’s like, well, you want these photos to be in the shared library.
If we’re apart, it defaults to the personal library, which I get. I would just love a way to be able to say, make this the default place. And then to be able to opt out of the shared photo library. So maybe 16.2 will get that feature. But aside from that one little niggly thing, it reminded me of the APFS migration that clearly a lot of work had gone into this and understanding that, we need to make this seamless to the end users, or no one will use this functionality. So the amount of effort that must have gone on behind the scenes to make that such a seamless experience was great. Tom, have you been playing around with this at all?
Tom Bridge:
I haven’t yet, and it was one of those places where I kept wanting to, but then just haven’t had the time to sit down with the misses and work through the vagaries of setting that up. We just haven’t done it yet. I’m guessing probably in the holiday break here, we’re probably going to get that rolling. I’m looking forward to it because yeah, like you said, sometimes it’s just like, “Ah, do I have to remember how to do this again?” And I liked the fact that yeah, if you’ve got these people here, it’s a family photo. So make it a family photo, is just genius.
Charles Edge:
So as a nerd, I have to ask myself. So I remember Apple buying a company, I think they were called Lattice, not the HR system Lattice, but a data de-duplication system called Lattice. Or at least an AI backed Ddup. Maybe it was five, six years ago. But I have to wonder, if you hit the button and it takes a couple of minutes, then that must just be repurposing things that you already had and just Dduping it over elsewhere. Yeah, I guess it’s completely irrelevant. People want to look at photos, so there you go. I’m glad to see it works. And now I feel like, well now that Marcus did the hard work to give the thumbs up, I can go ahead and turn it on and see.
Marcus Ransom:
If it goes verbally wrong for you, then you’re holding it wrong. I take no responsibility for anybody’s lost precious memories.
Charles Edge:
So you can’t set it as default. And how frustrating has that been?
Marcus Ransom:
A little. It took us a while to work out why. We thought it was not working because some photos were not getting shared, now that we understand it. And I think when you see something funny happening, you want to take a photo and share it, having to remember to click that button first before taking the photo. But adding things to the shared library is pretty straightforward and pretty quick. So I suppose, it was more a little disappointing when I found out because I was expecting it to work differently. But now that I understand, it certainly makes sense. I was not aware of the location determination where you could… So this is shared within a family sharing Apple ID account, but you can share photo libraries with a bunch of friends. Hey, we’re going on to a conference, and so any other photos we take while we’re in the conference, we’re all going to get all of them. And that sort of thing.
As long as we’re in the same room where… And when someone’s having a closed door meeting with a vendor or something like that, well we’re not going to get any photos from that. Once again, the privacy and the security, it’s quite clear that a lot of, rather than just… The previous iCloud sharing of photo libraries was pretty clunky. A great feature, but not particularly intuitive. And seeing how much of that work has gone into this to say, “Hey, if we build something that’s really elegant and really useful, people will use it. Whereas if you build something that’s a bit pointless, no one’s going to use it.”
Charles Edge:
So there is something with a point, but with a design language that hearkens back in my mind to old Facebook preferences. And that’s lockdown mode. So you open settings, you tap privacy and security. You tap lockdown mode on. And then the device is in this weird state called lockdown mode. Have you guys used this yet or-
Tom Bridge:
I used it during the Beta period and it was fine, except for the parts that weren’t. I think that’s probably the best way to say it. There were too many compromises for me. I am not a global CEO. I am not the target of nation-state actors. I am not the audience for this feature. Losing all of shared iCloud or shared iCloud photo libraries was a deal breaker. Not to mention the fact that I couldn’t get basic previews in iMessage anymore. So messages, sorry. If you need this feature, you need it and you know you need it. So the alternative is the rest of us being like, “Oh, I want to be super secure. I want to turn on this lockdown mode.” I think it’s more than most folks need.
Marcus Ransom:
That bit’s going to be interesting, where is it the person who needs that level of security knows that they need it, or in a corporate structure isn’t going to be their security team knows they need it? But will the impact on usability lead to people who should have this enabled. Not wanting to have this enabled.
Tom Bridge:
Could be so-
Marcus Ransom:
Which is always a problem.
Charles Edge:
Yeah. Would it have blocked some of the very specific, very targeted, as you said, Tom, nation-state oriented or ish if you pay certain companies in Israel to act like a nation-state on your behalf? I don’t know that anyone that I know who even comes close to that kind of stature would exist on a phone with this.
Tom Bridge:
So in my previous life, I supported some folks who used to make financial regulations. They used to make financial regulations specifically around terrorism cases. And they were the ones very early on when Google started saying, “Hey, by the way, someone’s trying to get into your Gmail, and they’re a nation-state. This is really concerning.” And to the point where they sent them Titan keys and stuff like that. And be like, “Use this.”
Charles Edge:
We’d like to get off Gmail.
Tom Bridge:
And so I have worked with folks who, honest to God, need it and they understand the compromises that this creates in their life. And I will say this for all five of the people who worked at that organization whose iPhones I supported who were C-suite level folks. So people who used to be at treasury, people who used to be all sorts of interesting places. They understood what the situation was. So they took that very, very seriously. That is the nice thing about working with people who have held federal responsibility in their hands before, who have been members of the executive branch of the government and stuff like that. They understand the C-suite security briefings, and they understand the consequences of not abiding by them.
Charles Edge:
Well, they do make it clear when you’re going through the confirmation process then.
Tom Bridge:
Oh, yes.
Charles Edge:
These are the 1,000,000,003 things that are felonies. So I hope I’m correct.
Tom Bridge:
So-
Marcus Ransom:
Any confusion about whether storing those in a secondhand document box in a gulf resort in Florida really should be addressed on that stage. Moving beyond politics, I do find it interesting that lockdown mode specifically is another one of those places where I could see future contextual uses. The entitlements required to be able to lock those specific things. So the things that can lock down are messages, you mentioned. Various web technologies, I think they refer to them as. So we might have thought of these more as complicated CGI scripts back in the day.
It can lock specific features of FaceTime, configuration profiles, various types of connections between devices. I think you mentioned shared albums already, or at least shared iCloud. And some of the Apple services, although I don’t know that it’s clear which ones are being blocked. I did work with someone who is the CEO of a company currently going public who was trying to use this and decided not to because it was just too much. They don’t use their devices in a way that is, I think, acceptable for these or whatever. But yeah, it’s a really interesting feature. I think I’m going to just personally give it a TBD. I think it’s well designed. I think it’s well intended. I think the UI looks like old Facebook code, but I’m going to be forgiving for that for how intentional the actual task is being implemented, if that makes sense.
Tom Bridge:
I think the other piece of this that I’m hoping for with time is that I think MDM folks should know whether or not a device is in lockdown mode.
Marcus Ransom:
Oh, yeah.
Tom Bridge:
I feel like that’s something that should be part of the device or security info that should be reported back to the MDM command or through to the MDM server as a whole. So-
Charles Edge:
I feel guilty that I didn’t know that it wasn’t. I just assumed it was
Tom Bridge:
Nope, you cannot know. There is no way for an MDM to know if a device is in locked down.
Charles Edge:
Now, something that should not be reported back are various passkey information. So who’s got no prompt for passkeys?
Tom Bridge:
Ooh, me. I have.
Charles Edge:
How’d that go?
Tom Bridge:
Honestly, pretty good. I was going to say, I love this implementation. I think that this is phenomenal. Bring it on, put it directly in my veins. Let’s kill all the passwords we can kill as soon as we can kill them dead. And the fact that passkeys is not just an Apple adventure. Passkeys is what Apple calls them. I don’t know what Google or [inaudible 00:44:58]-
Charles Edge:
It’s just WebAuthN, right?
Tom Bridge:
Yeah, it’s WebAuthN, but better.
Charles Edge:
Ish.
Tom Bridge:
But pretty-ish. But pretty. Whatever it takes to make this the new standard for things. Well, I cannot-
Charles Edge:
The word standard is interesting. Our passkey is WebAuthN standard. I would love nothing more than to be able to move my passkeys. So let’s say I have a Mac and an Android, or a Windows machine and an iPhone, or insert any combination thereof, right?
Tom Bridge:
Well, you’re supposed to be able to do that with passkeys today, and if you look at the way that… If you have not seen yet the QR code and version of the passkey, and how that works with Chrome touching the Bluetooth stack to figure out if your phone is nearby, so that it can do the kind of key exchange necessary to push the key into Chrome without access to the key chain… There are a lot of really interesting things going on there that I just think are phenomenally exciting because the idea that we can do these kind of things across platforms, across operating systems, across standards platforms is a huge selling point to these new authentication mechanisms.
Charles Edge:
I 100% believe in all of it. Hands down, just throwing that out there. I do think A, it’s a very small amount of Java to import into… And Apple has examples that aren’t Java, but it’s not that much code on the web server side. But then as a product manager, you’re aware that sometimes there’s a year’s worth of tech debt to be paid down to get to, of pasting, of 20 lines.
Tom Bridge:
You will not see passkeys directly in JumpCloud this year. So granted, I’m saying that with 29 day in… No, 27 days left in the year. So I feel safe in that one. But maybe by the end of next year. No.
Marcus Ransom:
So that interests me. This is an area I’m fascinated by, but I haven’t yet had the head space to go and mess about with it yet. So what have you found so far that is already using this, that you’ve been able to use passkeys for?
Tom Bridge:
Not a lot of things, and it’s hobbyist stuff. I was able to set up a… All right. I’m going to come out with my nerd flag. I remember wave it way high, and say that my Mosyle on account is protected by a passkey.
Marcus Ransom:
Nice.
Charles Edge:
Because you could just paste that in there, right?
Tom Bridge:
I didn’t even have to. It’s a factor that you can create at that point for handling your authentication, and you say-
Tom Bridge:
… create at that point. For handling your authentication, you say, “Do you want to set this up with a PASKE?” Yeah, hell, yeah, let’s do it. Because you can set it up as a second factor. You can set it up as a primary factor. I haven’t found any great places to use this as a primary factor yet, but I can at least make it a platform verifier. And those are the things where I think that stashing that kind of credential in a secure station that says, “Yeah, you really need to be on that device at that time with that thing and you’re good to go.” And I’m like, “Hell yeah, let’s do it.” I can’t wait till my Netflix account is that way. But although I’m going to have to figure out how to share that key with my spouse. So we’ll figure that out.
Charles Edge:
I can say if I was at Apple, and luckily I’m not because that would be a much more complicated job than whatever it is I do now. But if I was at Apple, I would be very much targeting and I was on this team Auth0, because if Auth0 implements it, then thousands of apps just automatically have it show up magically. And I haven’t seen much in the entitlement side, in the developer portal for this, so I’m assuming that there’s nothing really required there, but I could be wrong about that.
Marcus Ransom:
With that specific discussion about Netflix, though, I think seeing more and more of these services become multi-user aware, and I see that as being the key. The whole point is you should not be sharing the PASKE. Everybody has their own PASKE, and is able to authenticate.
Charles Edge:
PASKEs were designed to be shared. That’s [inaudible 00:49:48] was not designed to be shared, and PASKEs work. And to me that’s where, it is standards compliant-ish, but I think that’s where, if you go back to the original tenants of that, that wasn’t a thing, it was like, “Oh my God, sharing is horrible.” But as an OS vendor, you’re like, “Sharing is necessary if you want people to use it. Let’s be realistic.”
Marcus Ransom:
Sharing in a way that’s secure and facilitated rather than screenshotting someone’s notes-
Tom Bridge:
With a sword.
Charles Edge:
Sticky note.
Marcus Ransom:
Yeah.
Charles Edge:
And by sticky note, I mean old school sticky note-
Marcus Ransom:
I just got a memory there of serial surfer. Serial surfer is not the way that these are designed to be shared.
Charles Edge:
Oh, if your password-
Marcus Ransom:
It’s distributed rather than shared, wasn’t it?
Charles Edge:
Yeah. I feel like the modern day equivalent of your password being on serial surfer is your password being on get-out. And by password, token, but same thing.
Marcus Ransom:
Tokens. So rapid security responses and another thing that we’re all desperate to find out about during the traditional beta season and didn’t see anything there. Clearly the developers were busy working on all of the other things, but we’ve seen this now in the next round of betas, which really illustrates that we’re always in beta season. It’s just about which version of the beta we’re in. Have either of you played around with the rapid security response?
Tom Bridge:
Well, I definitely applied one to my beta device. It was entirely unremarkable.
Charles Edge:
I got a screenshot. There we go.
Marcus Ransom:
It just works.
Charles Edge:
Screenshots from the book.
Marcus Ransom:
Build number goes up, build number goes down, build number goes up, build number goes down.
Tom Bridge:
I was more excited about this when I think I initially interpreted this as being done without a reboot. I don’t think that that’s obviously the case. And I don’t know how I picked up that mistaken understanding. I think that I need to go back and read the transcripts from Worldwide Developers’ Conference to see, “Oh, this is where I got that impression.”
Marcus Ransom:
I guess, for me, it’s a bit like all of the celebrations we’ve heard over the years of macOS updates not requiring as long a reboot. That assumes you know what the vulnerability is that you may be patching 6, 9, 12, 18 months in the future, and you don’t know how much effort has got to go into how much dividing by zero has to happen to re-secure what has been discovered to be insecure before you can make accurate predictions, but straightforward would be a way I would describe it. Having said that, these are simulations and test plans, it’ll be interesting to see when in quotes, “bad things” are found at some stage and they need to be unbedded what that’s going to look like.
Charles Edge:
Yeah. I can only imagine, I’ve not spoken to anyone, so this is literally me imagining, but I can only imagine what the layers, because… So imagine an update goes out from Apple using this and it touches half a billion devices and something goes wrong. Imagine that lawsuit. So I can only imagine the layers of executive stamping that need to happen for this to actually be used in that context. That is wild to me. Who’s got to hit that button?
Tom Bridge:
Yeah. Who’s got to sign off on that? I feel like that that’s going to be a valid question.
Charles Edge:
Yeah. I don’t care. None of my business.
Marcus Ransom:
Forward to seeing what it looks like in macOS as well. iOS, the obfuscation of the operating system to the administrators and the end users is both a curse and a blessing. That’s a blessing here, so we don’t need to know what it’s touching, we just need to be able to see it go on and off again. But that probably then brings us to macOS and Ventura/
Charles Edge:
Yeah. An hour in, we can [inaudible 00:54:38] something in. Yeah, the OS. We can probably go quicker if we want. I’m not rushing though.
Tom Bridge:
Honestly, it feels like the first. Yeah, Ventura is always as big of an update. Let’s be honest. This feels more like snow Monterey, which is, go up into the hills of the foothills around Monterey and try and get a very cold day and then we get snow Monterey.
Charles Edge:
So one of the first years that I went to Maxis admin, they did a snow leopard session and so little had changed that they brought in someone to talk about literal snow leopards. So I totally dig your reference to snow Monterey, but it does feel very refined.
Tom Bridge:
It does.
Charles Edge:
And even though the biggest change to me is the move from system preference to system settings, so who put this in about this question in? Oh, you.
Marcus Ransom:
I put that one in there. I’m an old man, I struggle with… It’s interesting major changes where it’s complete differences in architecture. I can look at that and go theorize over it for one go, yeah, that’s fine, that makes sense. But then I’ve struggled enough to find. I’m adamant with no proof whatsoever that the layout of the icons in system preferences would change. It was on some randomizer, because I could never find where the button was to click, especially if someone else is watching.
Charles Edge:
Even though they didn’t change, they [inaudible 00:56:16]. Well, they adamant changed between OS is sometimes, but not every time you search.
Marcus Ransom:
In my mind, between my witness and the brain, they changed there. But this one has just been so hard for people. Open it up and it’s like, “I’m-
Charles Edge:
It is not hard for me. It feels so natural, because it very much… Okay, so one of the issues that I had with system preferences is I would always open it and look for the icon, but now they’ve just embraced this, just search for it thing that Google introduced what, 15 or 20 years ago, and just search for the thing. So if I want to enable push notifications or if I want to look for me, a lot of things happen with extensions. So if I want to say, “Oh, well, where’s my auto-fill? I just type the word auto-fill and I go to that, and it gives me two or three options and I very quickly eyeball which one is the right one and if I get it wrong, I hit the back and I go and hit it. That workflow just feels modern. [inaudible 00:57:29] so much.
Marcus Ransom:
[inaudible 00:57:29] by saying, it’s beautiful, it’s modern and I look forward to a time when my aging brain embraces it and can work with it. Maybe the notifications team will get in there with some of their amazing machine learning and up the top before you’ve even hit search, it’s like, “I reckon you are coming in here to fucks with the display preferences and it’s just sitting there for you to click.”
Charles Edge:
Yeah. And that’s a beautiful contextually aware, almost open a AIS-esque kind of implementation, right? Oh, the last thing you were doing was installing this app that has an entitlement for this thing that has to be manually clicked on. So I’m just going to, when you open system settings, show you that thing because, duh, so I totally get what you’re saying there.
Marcus Ransom:
And in terms of admins having to wrap their head around scripting that they had to open up system preferences items or restrict them or having to lock pains that now no longer exist, there’s been quite a lot of realizing how much you have in your device management stack that maybe was dealing with things that are now no longer in the OS or just need to be tweaked and modified. And so many of those things as well I’ve found are things that were maybe just used in edge cases or one-off cases. It’s not part of your main onboarding on a machine, but you may have a script that helped someone with an upgrade or an update of a particular application and maybe didn’t go through the rigorous testing process you had for the new OS.
And then it’s sort of around about now is when everyone goes, “Oh, hang on.” Yeah, that’s not going to work anymore. That 20,000 line Python script I had doing that thing. I’m now got to find how many places I referenced this particular line. But yeah, look, it’s also good seeing as the point releases come out, things that were not in there, like network locations have come back. So feedback is listened to.
Tom Bridge:
Yes. I’m still a little bit nuts that I’m a few more clicks to find profiles than I ever was in the past. If only because that’s where I spend most of my time these days is looking at those damn thing. But the other thing that drives me just a teensy bit nuts. Okay, Prior to Ventura, it was security and privacy. In Ventura and in iOS 16, it’s privacy and security. Why? Why? Why?
Charles Edge:
Because it should be alphabetical. [inaudible 01:00:27].
Marcus Ransom:
For monthly, when I worked at a university, at the university, I was told-
Charles Edge:
So it was correcting.
Marcus Ransom:
I was told at the university it was learning and teaching, not teaching and learning, because the learning is more important than the teaching and there’s a hierarchy things need to be in. So I’m sure some-
Charles Edge:
But in that case it happens to also be alphabetical stuff. It’s a horrible example.
Marcus Ransom:
Maybe it was a reverse justification that someone made it. Yeah, it was all about the kerning.
Tom Bridge:
Somewhere there’s a tech writer in within Apple who is doing a victory lap around the big flying saucer. Having declared that their White Whale has been captured, because they finally got everybody to sign off on privacy and security versus security and privacy. I say that with love, my tech writer people that jump out or some of my favorite people and they’re very exacting with the words which they choose. So somewhere there was a big battle one-
Marcus Ransom:
As they should be, that’s right. Words mean things.
Tom Bridge:
Yeah. For now.
Charles Edge:
I’m only saying that because I want to upset Pam.
Marcus Ransom:
Hi, Pam. Don’t listen.
Tom Bridge:
Hi, Pam.
Charles Edge:
That’s fine. So background login items. So that to me, just showing it for an admin who had a bunch of things running back in the day as an account sub 500, so to hide things and there were all these ways to hide things, but now it’s like, “No, be very upfront about everything you’re doing.” So how has the background login items gone for y’all?
Tom Bridge:
Fine. It’s a work in progress. Because here’s the thing, I have a bunch of login items that are not managed by MDM, because we’re all… We report back what’s installed on our systems, but we don’t necessarily say, “Oh, you can’t use X, because Y.” Unless there’s like a global prohibition, but I have a bunch of login items that are unmanaged and as a result, anytime they get updated I get another alert, and anytime I restart after an operating system update, oh my God, make it stop. So much dumb, why?
Marcus Ransom:
And this is a hard thing where there is a profile key you can send out to stop them, which I can see why people are doing it. I have an issue with that because it’s like the whole point of this is about getting a notification when something that hasn’t been intentionally put down is getting added. So make it easy for me to suppress the notifications of the ones that I’ve put in place and just allowed non-managed ones to come through. But I appreciate the enormous amount of effort that went into us just being able to manage these. So that’s why I see this as being a work in progress. We see so many more manifestations of this out in the wild and out in production than any of us could have captured during beta testing and the timeframe of beta testing. So I understand why it’s there. I relish the opportunity to make this a good user experience.
Tom Bridge:
I get the impulses. The impulses are smart and wise and all of the, “Hey, we want to make sure that what’s happening in your systems.” And that you’ve got an opportunity to be reminded, “Hey, that this thing is consistent and persistent in the background. Maybe you want to be able to turn it off.” Great. Fantastic. Wonderful. For those of us who don’t manage our own MDM, because that’s the whole thing. I don’t have direct access to the jump cloud’s own internal instance of jump cloud for example. Because I would be uploading profiles to fix all these things. It’s just drives me nuts. It doesn’t have to be this way. It could be better.
Marcus Ransom:
But it certainly went from being a clear deployment blocker in the first manifestation we saw of it to being something that’s able to be managed. Now in terms of deployment blockers, so has anybody come across anything that was a real problem out in the wild? I know there were some reports that some of the security tools would lose their PPPPC entitlements on upgrade, which was 50-
Tom Bridge:
Only if you weren’t managing them.
Marcus Ransom:
Yes.
Tom Bridge:
That’s the [inaudible 01:05:12]. If you were doing your job, if you were on your game as an admin, you didn’t have this problem. Yeah. It was only if you don’t have an enrollment or if you’re using a tool that doesn’t or that isn’t specifying their privacy preferences in an MDM profile. Well, to catch up with a few changes to entitlements for the endpoint security framework, when you restarted a machine to go from Monterey to Ventura, you could find yourself without all of the right entitlements for your security tools to work.
Charles Edge:
Or other tools that require specific entitlements.
Tom Bridge:
Correct.
Charles Edge:
Not just endpoint security.
Tom Bridge:
Yeah. Not just endpoint security. It was happening to others as well. But this is one of those big misses. I think that this was a big mess. I don’t think that if you were doing your job as a Mac and many, you didn’t notice this.
Marcus Ransom:
Yeah. But it was interesting for me to see how many tools or organizations out there still aren’t on board with that, for often very valid reasons as well. Valid to them. Which is the most important reason to have is the one that resonates for you. So it’ll be interesting to see how much more effort Apple puts into explaining the benefits of this.
Tom Bridge:
Yep. Here at the Mac Admins Podcast, we want to say a special thank you to all of our Patreon backers. The following people are to be recognized for their incredible generosity. Stu Baca, thank you. Adam Selby, thank you. Nate Walk, thank you. Michael Day, thank you. Rick Goodie, thank you. Mike Boylan, you know it, thank you. Melvin Vives, thank you. Bill Steitz, thank you. Anush Storyville, thank you. Jeffrey Compton, M. Marsh, Stu McDonald, Hamlin Crusin, Adam Berg, thank you. AJ Petrepca, thank you. James. Tracy, Tim Perfet of 2Canoes, thank you. Nate Sinal, Will O’Neill, Seb Nash, the folks at Command Control Power, Steven Weinstein, Chet Swarthout, Daniel McLoughlin, Justin Holt, Will Smith and Weldon Dod, thank you all so much, and remember that you can back us if you just want to head on out to patreon.com/macadmpodcast. Thanks, everybody.
Marcus Ransom:
So the other challenge a lot of people are facing is the managed software updates for the upgrade as well. So the deadline for that being suppressed has expired, but that doesn’t mean you’ll then start seeing updates. It means whatever comes from, we’re recording this here, it’s the 5th of December, it was late November that date went past, but we haven’t seen an update yet. But they will, unless you are suppressing, they will show up to the user. I tested my personal Mac because I was a little bit disappointed that being an MDM managed Mac with all my work devices, I wasn’t going to be able to experience the joys of that software update upgrade rather than the installer. So my personal iMac got to go through and just worked. I didn’t time them though. And so there have been reports which really surprised me that the managed software update upgrade is actually slower than using the full installer which I’m intrigued about.
Tom Bridge:
Yeah. I thought that that was interesting. I’m very intrigued there, because I also haven’t seen a good reason why that might be the case. I think that that’s just going to be something to watch over the next quarter or so as we go into the update sequence. Because it’s very possible that there were some extra routines put into over the air update or it’s got to download some extra stuff in the middle of the process and it’s subject to the internet connnection.
Charles Edge:
I think the shards are stored on different servers.
Tom Bridge:
Yeah. Yeah. So we’ll get to see. I was going to say for now, that’s what the report is and it’s a not insignificant difference. But I was going to say we’ll see more as we go through the rest of the year.
Charles Edge:
So who liked new mail features? I don’t think I’ve really used any of them.
Tom Bridge:
I’ve played with a couple, I’ve sent some scheduled messages. Again, I live in the browser mail. We are big Google users, so I live in Chrome, but I love the fact that I can now set scheduled messages. I had a customer once upon a blue moon who would regularly send emails whenever she felt like it, including at three or four in the morning on holidays. And there is nothing worse than it being a Saturday morning and you’re triaging your email for something that could have waited until Monday and now it’s taking up mental space inside my head. So she was my first thought when Ventura came out because I was like, “Hey, by the way, check this out. You can schedule that message to go out at a different time.”
Charles Edge:
It’s funny, I have an opposite approach. I just send mail whenever I can. But there are certain people I refrain from sending mail, I leave it sitting as a draft, and wait until, because I know that that person will have the response that you just mentioned. But otherwise, I’m like, “It’s an email, check it when you want and I’ll send it when I want.” But some people use it. I know one person that literally will not use text messages, he uses email instead and I’m like, “Dude, can you please just…”
Tom Bridge:
Yeah. Communicating with people how they want to be communicated with is a challenge, right? Because you got to figure out what’s the standard. Is email one of your preference? And so you got to go through as you get to know somebody, figuring out like, “Hey, are you an email person? Are you a text person? Are you a signal person, or are you an iMessage person? Are you a WhatsApp person? Are you a Facebook Messenger person?”
Charles Edge:
I do have [inaudible 01:11:30]. I have people in every one of those categories, and recently I replaced my phone and check it out, if you don’t install Facebook Messenger manually or open it in order for it to complete the installation, it doesn’t prompt you that you have any messages. So I had 90, I still haven’t gotten through them all. I had 90 Facebook messages in two weeks. And now, anyways, I’m the worst friend ever.
Marcus Ransom:
Yep. Nothing about this conversation is making me want to-
Marcus Ransom:
Yep. Nothing about this conversation is making me want to activate the Facebook account I deactivated 15 years ago.
Charles Edge:
There’s just so many places. I mean between LinkedIn, Facebook, just say all social networks.
Marcus Ransom:
Mastodon, Twitter, [inaudible 01:12:17]-
Charles Edge:
Yeah, screw any specific one. But all the social networks, all the email accounts, all the instant messaging accounts that are phone based, whether it’s Apple, or texting, or what have you. There are just so many places that you get this deluge from. And if you don’t react to every single person…
There was one person who bought one of my books and then messaged me on Instagram, but I didn’t see the message because I don’t look at Instagram messages for a few days. And then he messages me back just going off the rails why I’m such a big jerk because… And I’m like, “I literally didn’t see him. I’m so sorry.” I also don’t know the answer, but I can figure it out. But now I’m super bummed about this entire situation.
Marcus Ransom:
They should have just left an issue in GitHub. Isn’t that where you give people a nasty, snarky comment?
Charles Edge:
That’s another place where, God, there’s just so many places to get messages. Makes you want to disable all the accounts.
Tom Bridge:
Yes.
Marcus Ransom:
So what about Freeform? Has anybody played around with that yet?
Tom Bridge:
Oh man. So Freeform is in the .1 and .2 betas, so it’s in .1 of Ventura and .2 of iOS. I have been tinkering with this like crazy, using my Apple Pencil on my iPad, and my Mac, and a bunch of other things like this. I can’t wait till this is out in public and I can talk way more about it.
If you are not playing with this yet, go play with it. It’s a lot of fun. I mean, I’m not going to say it’s full on HyperCard fun, but we’re getting closer. You can do a lot of really cool things with it, in terms of tying it together with websites, and web content, and shortcuts, and all sorts of other fun things.
Marcus Ransom:
Is TidBITS going to come out in Freeform then if it’s the next HyperCard?
Tom Bridge:
I would say-
Charles Edge:
That would be pretty rad.
Tom Bridge:
So far it’s all iCloud only, so you can’t share with other methods. But go play. This is, honestly, it’s neat to see Apple take a new consumer app approach. If you’ve ever used Miro, you’re going to feel right at home. Go tinker. It’s a lot of fun. I’m enjoying it.
Charles Edge:
And I think it’s an extension. I don’t know, so I shouldn’t say this. I always thought it was that way, I’m not saying anything definitive, an extension of PDFKit. So it’s not, if I’m not mistaken, again, all that a huge jump. Because one thing I’m always concerned about is, “Oh, this new thing ships and it’s this huge jump.” But if it’s an extension of PDFKit, in my mind, it’s safer because it’s a smaller jump to put it in front of people, if that makes sense. And so I feel like I’ve been meaning to mess with this more than most things, but I do have a Miro account so I’d just do that.
But yeah, this is super interesting in that way that it feels more mature than it should feel for something so new because it feels like a smaller extension to existing technology, I guess.
And then, I guess, one other thing. So speaking of PDFKit, speaking of all the other “kits” that we’ve talked about throughout this episode, because most things are part of something else much bigger, is just the extensions and the importance that’s coming into being for managing extensions.
So any app can, let’s say, load the Quick Look extension to make it where that app can show you this nice quick-look view. There are extensions for network management, there are extensions for proxies, there are extensions for anything. And these go back to this shared-library concept of code but not in a dynamic-library way that’s super dangerous and a vector for attack. But, instead, I can load an extension, it lives in its own memory space, like the Autofill extension, for example, has an extensions helper and three or four different auto-fill extensions. You can use LastPass, 1Password, Keychain, you can use a whole bunch of them at once. Right? And they’re all using a lot of the shared code to auto fill those passwords within things. Quick Look’s a horrible example, but I figure it’s one that everyone gets.
And, granted, you don’t want too many of them checking every file that comes and goes for viruses because that would get pretty time consuming. But it is becoming way more increasingly important to be able to understand what extensions are on a device, have that as an array of information that you can then take action on. And, to me, that’s one of the things that’s becoming much more clear in the latest operating systems than it has ever been in the past. Now that system extensions are going to the wayside and whether it’s insert thing that has an extension here, watch kit, et cetera, home kit. To me, I think this is a new frontier for device management where we don’t really have the tools yet, but I assume they’re going to come pretty quick.
And part of the challenge here is that it’s kind of chaos theory. Any app can load any of these extensions that are available, and they load dynamically when the app is opened. And sometimes they let go of their memory and resources when the app is closed, and sometimes they stay until such time, but they’re kind of semi-dormant, but not really dormant, but semi-dormant, just in case they get one of these fancy new messages that we were talking about.
So, I don’t know. To me, this is the OS where it has become clear that we’re not getting an extensions manager, but we’re not not getting an extensions manager ala OS 86.
Marcus Ransom:
Especially in-
Charles Edge:
Go ahead.
Marcus Ransom:
Especially in the account-driven user enrollment for iOS, the B-ware ID offering for iOS. Seeing the ability to apply those granular controls, not just at a whole-system level, but this group of apps are able to interact with this group of apps but not those ones. And that really offers up, when we start looking at privacy and security, that gives organizations so much more control that they haven’t had before. It really was, “All right, well, we’re just going to block all of this because there’s potential and possibility for data exfiltration.” And being able to have that control over which applications are able to speak to other applications in which way is really exciting.
I’m also feeling we’re getting to the point now where rather than being pleasantly surprised when a third-party application you use effectively uses these extensions, it’s now getting to the point where that really should be the norm. When you come across an application that hasn’t gotten with the party yet supporting these features, I really start to question why I’m even using this as a service. They’ve displayed, they’re struggling to keep up with things and it’s hard, it’s really hard.
Charles Edge:
Take the Quick Look extension as another horrible example gone too far, probably. If I want my own unique UX to, “Oh, you tap this thing and it has this explosive opening with fireworks.” That’s not part of the Quick Look API. Apple never makes fireworks. Oh, well, I guess, Messages, but that’s aside from the point.
But if I want something that isn’t included in that framework, or API, or extension, then I can build my own from the ground up. And to your point, I may be stupid for doing so, but gosh darn it, I live in Vegas, I need fireworks. Period. So I get why someone would actually rewrite part of what’s in one of these kits. But, at the same time, we’re getting to a place where… So the Quick Look example is, to me, one of the dumbest-downed ones. There’s no security or privacy concerns around allowing Quick Look access.
However, when you get into like, “Oh, that app’s loading up a proxy. Well now I want for it to be MDM required.” And so those are two polar opposite examples of the entitlements that are required in order to be able to load this extension. WatchOS: I want a face or a complication to appear on someone’s watch. I feel like I almost need this massive grid of, “Oh, this is the kit, or the framework, or whatever, that’s being loaded, and these are the entitlements being granted, because those are in the Apple developer portal.” And this is what the administrator might see. Because anyone can still run top or ps aux and see, “Oh, that has it.” But knowing which daemon is being summoned when that kit is being invoked is different for every single one, practically.
So there’s not really a common standard for all this yet. And I feel like it would be rad to open extensions manager and see which kit or which framework was being loaded and what I was enabling. But, instead, we have a couple of different system settings panels, if they’re still called that, to wade through to see all this at once, if that makes sense.
And I think to remove them, you’d have to delete an app. It’s not totally obvious what’s calling what when, if that makes sense. But if I’m a developer and I want to be truly transparent, this is the right way to be going. But I feel like sometimes by being overly transparent, you’re obfuscating what’s happening. I don’t know if that makes sense, or if I’m saying that wrong.
I feel like this is a really interesting place where there’s some work going to have to happen over the next two or three years, but I love the direction we’re going, if that’s fair.
Marcus Ransom:
Absolutely agree. I think it’s a sign that development’s not stagnating. It’s getting incredibly powerful, incredibly sophisticated, understanding what people want to use these devices for and finding out ways of achieving that easily, safely, efficiently, and manageable, hopefully.
Charles Edge:
Yeah, the manageable thing, I think it would be rad to have a JSON or a XML, whatever, just an array of… If you look at that extensions-manager-table kind of view, then that’s really just a CSV, like com.apple.quicklook enabled, et cetera, et cetera. Here’s the metadata around who can access what when.
And I think that would be very easy to load in and say, “Okay, this is who I am pre-entitling to be able to access all this stuff.” And the user should be able to click in system settings at any point and have full disclosure of what’s being enabled on that system.
But I don’t know that I want click fatigue. I don’t know that I even believe click fatigue’s a thing, whatever on that. But I don’t know that I want to prompt every single user at a Fortune 500 company with 20 dialogues to click a thing. But I do want them to have telemetry into what I see about… I want them to have telemetry into my telemetry. Right? That’s fair.
So anyways, moving on from my diatribe about extensions. I do love extensions. It’s like dynamic libraries but they’re secure. Dig it.
So the other thing, I think we kind of missed that Apple Business Essentials hit its year anniversary in November, and we just let it go without blowing a candle out on their one-year birthday cake.
Tom Bridge:
Yeah, I was going to say, did they do a big smash cake? Is that how it goes? But, no. Happiest anniversary to the folks at Apple for Apple Business Essentials’ first year. There’s no question that they’ve really improved that product over its first initial announcement. Supports third party software. I’m still waiting for better documentation around making packages, because I think that would be amazing documentation to show to literally every software vendor. And maybe staple it to some engineers’ foreheads just for reasons.
Charles Edge:
It would have to be a 700-page document because of all the different ways that you can package software though.
Tom Bridge:
I mean, for MDM-
Charles Edge:
That’s the only… In their defense.
Tom Bridge:
I mean, for MDM it feels like being the-
Charles Edge:
For MDM, you’re only subtracting half the use cases.
Tom Bridge:
Correct.
Charles Edge:
There’s still twice spinning… Packaging software sucks.
Tom Bridge:
Yes. Yes it does. 100%.
Charles Edge:
But yeah, happy-
Marcus Ransom:
Deploying package software can also suck, as well.
Charles Edge:
Well, that too. But happy birthday, Apple Business Essentials, before we open the scope to this conversation hate fest on all the horrible applications that have been packaged. Speaking of which, when I open Zoom, who will never ever be a sponsor of the podcast, every time I open Zoom, they want to update.
Tom Bridge:
And then half the time they fail at updating.
Charles Edge:
And I know. And I’m like, “I’m running the latest version, and your update failed.”
Tom Bridge:
Yes.
Charles Edge:
So public service announcement: if you happen to be a listener who’s on Zoom’s deployment team, I’m not saying I hope you meet with a horrible end, but maybe change-
Marcus Ransom:
Change your ways before you-
Tom Bridge:
Yeah, I hope you change your ways. I hope you find peace in the new year. And-
Charles Edge:
And another company.
Tom Bridge:
Yeah. I mean, doing other things. I mean-
Marcus Ransom:
Adobe?
Charles Edge:
Or call me. Just call me. I will literally fly my butt out to you, wherever you are, and hang out for a day or two, so that you can make-
Tom Bridge:
I will come with you.
Charles Edge:
… make this go away.
Tom Bridge:
And I will come with you. I will bring the beer, and we will fix all the things that what need to get fixed.
Charles Edge:
There should probably be no beer.
Tom Bridge:
Beer is-
Charles Edge:
Just throwing this out there.
Tom Bridge:
Beer is the reward.
Marcus Ransom:
Yeah. You get the beer when the work is done.
Tom Bridge:
You get the beer when the work is done.
Charles Edge:
Fair. But anyways, I’m not shaming you Zoom, but I am.
Tom Bridge:
Oh, yeah. I mean they’ve had enough installer-related shenanigans.
Charles Edge:
They fixed some of their shenanigans. They were great for a while. It’s just been in the last couple months that the thing’s gone to mashugana.
Tom Bridge:
I mean, I feel like this is also the same organization who installed the software in the pre-flight script. You know what-
Charles Edge:
That’s what I’m saying. That went away. They were good for a while.
Tom Bridge:
They were getting better.
Charles Edge:
They went back to good. Back to good.
Tom Bridge:
Let’s get back to good. Yeah, please. Pretty please.
Charles Edge:
You got this.
Tom Bridge:
Well, I’d spend another fine episode of the Mac Admins Podcast.
Charles Edge:
Or two. We might split this one in half.
Tom Bridge:
We might split this up. Who knows?
Marcus Ransom:
It’s a double-album episode, is it?
Tom Bridge:
Oh, double album. Oh man, that’s perfect.
Marcus Ransom:
Gate fold.
Tom Bridge:
Double LP.
Charles Edge:
I always feel like you need a 12-string guitar, if you’re going to do a double album, though.
Tom Bridge:
Yes. This is the 12-string-guitar version.
Charles Edge:
Oh, God. Marcus just went out of frame. He’s not going to go get-
Tom Bridge:
Yep, I think he’s going to get his 12-string. It’s going to be amazing.
Charles Edge:
Is he going to play Tesla for us?
Tom Bridge:
Yes. Yes.
Charles Edge:
He is.
Tom Bridge:
Thanks. You’ve wasted another perfectly good afternoon of your life listening to the Mac Admins Podcast. I’ve been your host, Tom Bridge. And, of course, Marcus and Charles have been with us. James, our long suffering audio editor has put this episode together. Thank you, James. You are continually amazing to me. And of course, thanks for our wonderful sponsors, that’s our friends at Kandji and Mosyle. And thanks everybody. We’ll see you next time.
Charles Edge:
See you next time.
Marcus Ransom:
See ya later.
Tom Bridge:
The Mac Admins Podcast is a production of Mac Admins Podcast LLC. Our producer is Tom Bridge. Our sound editor and mixing engineer is James Smith. Our theme music was produced by Adam Codega the first time he opened GarageBand. Sponsorship for the Mac Admins Podcast is provided by the MacAdmins.org Slack, where you can join thousands of Mac admins in a free Slack instance. Visit macadmins.org. And also by Technolutionary LLC: technically, we can help. For more information about this podcast and other broadcasts like it, please visit podcast.macadmins.org. Since we’ve converted this podcast to APFS, the funny metadata joke is at the end.
Listen
Sponsors:
Patreon Sponsors:
The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include:
Rick Goody, Mike Boylan, Melvin Vives, William (Bill) Stites, Anoush d’Orville, Jeffrey Compton, M.Marsh, Hamlin Krewson, Adam Burg, A.J. Potrebka, James Stracey, Timothy Perfitt, Nate Cinal, William O’Neal, Sebastian Nash, Command Control Power, Stephen Weinstein, Chad Swarthout, Daniel MacLaughlin, Justin Holt, William Smith, and Weldon Dodd
Event Name | Location | Dates | Format | Cost |
---|---|---|---|---|
XWorld | Melbourne, AUS | 30-31 March 2023 | TBA | TBA |
Event Name | Location | Dates | Cost |
---|---|---|---|
Houston Apple Admins | Saint Arnold Brewing Company | 5:30pm 4th March 2024 | Free |
Event Name | Location | Dates | Cost |
---|---|---|---|
London Apple Admins Pub | Online weekly (see #laa-pub in MacAdmins Slack for connection details), sometimes in-person | Most Thursdays at 17:00 BST (UTC+1), 19:00 BST when in-person | Free |
#ANZMac Channel Happy Hour | Online (see #anzmac in MacAdmins Slack for connection details) | Thursdays 5 p.m. AEST | Free |
#cascadia Channel Happy Hour | Online (see #cascadia channel in Mac Admins Slack) | Thursdays 4 p.m. PT (US) | Free |
Sponsor the Mac Admins Podcast:
If you’re interested in sponsoring the Mac Admins Podcast, please email podcast@macadmins.org for more information.
Social Media:
Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!