Episode 310: Baseline with Trevor & Rob

Configuring new devices with Automated Device Enrollment can be a thoroughly magical experience for the end user receiving their machine, but Apple doesn’t have the entire flow programmed in such a way that it’s obvious to the end user what’s happening. Baseline is a new open-source way to handle some of that messaging, and we’re here today to talk with Rob and Trevor from Second Son Consulting in LA about their development efforts.

Hosts:

Guests:

  • Trevor Sysock, Director of MDM and Cloud Solutions, Second Son Consulting – @BigMacAdmin@masto.ai
  • Rob Calvert, President and Founder, Second Son Consulting – LinkedIn

Links:

Click here to read the transcript

This week’s transcription is brought to you by Alectrona

Speaker 1:
This week’s episode of the Mac Admins Podcast is brought to you by Kandji. Kandji’s approach to app deployment and patch management using Auto Apps, is like a self-driving car. You set the destination and let the Kandji agent do the rest. It’s a library of over 100 common business applications that are pre-packaged, hosted, and automatically maintained by Kandji. Kandji continually enforces updates and minimum versions on your Mac devices, and gives ample notice to end users before an application is required to close an update. This saves you time, keeps your systems secure and ensures that your end users aren’t caught off guard by sudden software restarts. Head on over to their website at kandji.io/macadmins. That’s K-A-N-D-J-I.I-O/macadmins, or join the Kandji channel on the MacAdmin Slack to say hi and see what they’re up to. Thanks to Kandji for sponsoring this episode of the Mac Admins Podcast.

Tom Bridge:
Hello and welcome to the Mac Admins Podcast. I’m your host, Tom Bridge. And Charles, it’s great to see you. How are you?

Charles Edge:
I’m better than you from what I hear. How are you? That’s the more important thing.

Tom Bridge:
The thing that you need to understand about Australia is that everything here is trying to kill you, and that means the e-scooters too. So I’m totally not clumsy. I promise that I am a normal human being. But yeah, I totally ate it on a pothole yesterday down by the Grand Prix at Lake Albert, and I am definitely a little bit sore today. I’ve got the bruises to show for it, and the very nice receipt from the Australian ER that checked me out and made sure I wasn’t going to die or anything when I got on a plane. So it’s been a fantastic week here. The weather is gorgeous. We had a perfect day yesterday, and I’m really excited to get home to the family, but I’ve still got a couple of days here in town before I head out. So how are things with you?

Charles Edge:
Great. The potholes, I hit one two or three days ago, and I’m pretty sure I completely jacked the alignment on my car.

Tom Bridge:
Ooh.

Charles Edge:
It was a pothole that went down to the Mines of Mordor, it was just this massive railroad tracks from this-

Tom Bridge:
It is the season.

Charles Edge:
Yeah. And it’s been a particularly rough winter here, I think. Probably the worst one I’ve seen, but as the thaw comes, so come chunks of asphalt out of-

Tom Bridge:
Pavement.

Charles Edge:
… the roads.

Tom Bridge:
Yeah. C’est la vie. But we have some great guests despite your injuries. Yes, we do have some wonderful guests this week. Welcome back to the podcast, Trevor Sysock from Second Son. How are you?

Trevor Sysock:
Hi, I’m doing great. Thanks for having me.

Tom Bridge:
Yeah. And joining us for the very first time is Rob Calvert, who is the president and founder of Second Son. So Rob, welcome to the Mac Admins Podcast.

Rob Calvert:
Thank you guys for having us on.

Tom Bridge:
Configuring new devices with Automated Device Enrollment can be a thoroughly magical experience for the end user receiving the machine, but Apple doesn’t have the entire flow programmed in such a way that it’s obvious to the end user what’s happening. And you guys have produced a Baseline, and Baseline is a new open source way to handle some of that messaging. And so, we’re here to talk with both of you about your development efforts with regard to Baseline. Before we dive in, Rob, this is your first time on the Mac Admins Podcast. We always love to get an origin story from folks on, hey, how did you end up as a consultant? How did you end up managing Mac’s for a living?

Rob Calvert:
I asked Trevor how far back in time I should go, since this is his second time on the podcast. And he reminded me that he went all the way back to middle school in his story. I’m not going to go that far back, but I actually never intended to get into IT. I studied archeology in college and did that for a while, all the while trying to be as different from my older brother as possible who was a Windows software developer. And then I got a series of real big boy jobs where I was actually working in offices in print production and graphic design. And every time the IT guys came into the office, my bosses never understood them, didn’t know what they were saying. And my dad had been a Unix mainframe guy in the ’70s and ’80s, so I knew what these guys were saying.
So I ended up just translating for my bosses, and this happened three different jobs in a row, and I kept getting stuck as the liaison talking to the IT guys, because nobody else understood them. And eventually, one of those IT firms actually called me up and offered me a job in operations to come work for them doing project management and stuff. So I did that for about maybe four and a half years. And then through a series of unfortunate events, I came in one day and they’d had to downsize, they’d had some whole bunch of clients go out of business at the same time, and it just shook the foundation of the team.
So I went off freelancing on my own while looking for a full-time gig, and several of the engineers went and took day jobs and gave me all of their moonlighting weekend and night clients. And so, a few months into this freelancing gig, I had a full slate and was working 40 hours a week, and Second Son was born. And a year later, I needed to hire my first employee, and he’s still with us today, 18 years later. So the team just kept growing.

Tom Bridge:
That’s fantastic.

Rob Calvert:
Yeah.

Tom Bridge:
Well, so Trevor, give us the broad description. The Baseline project is fascinating to me, but I’ve spent a lot of time looking at the code. I spent a lot of time looking at the pieces, but what’s the problem that you’re trying to solve with Baseline?

Trevor Sysock:
Baseline is a macOS workstation setup solution, and one of the main goals was to have it be MDM agnostic, or not require an MDM at all. And basically what it does is, it allows you to predefine software that you want installed, scripts that you want to run, packages, and it’s tightly integrated with Installomator, and to install anything you define in a mobile config file. And it utilizes swiftDialog to keep user informed of what’s going on as it processes through those items, and gives you the chance to add your own messaging and branding and stuff like that to really define that user experience for a zero touch or a light touch solution.

Charles Edge:
That’s pretty awesome. Remixing existing tools into new configurations and front ends is a great way to build new experiences without having to reinvent the wheel. And also, just good fun. How did you land on those two packages like Installomator and swiftDialog, and were there any others that we missed in there?

Trevor Sysock:
SwiftDialog and Installomator are the only ones integrated by default. Now, Baseline will run any package or script that you point it to. So if you have other projects you want to make it work along with, then you can probably find a way to bend it to have that work. In terms of Installomator and swiftDialog, it’s like asking, how’d you think to put peanut butter in chocolate? They go together very well. Installomator is a fantastic project. I know you guys have had Armin and Bart both on here before, but they’re really both just great Swiss Army knife tools for MacAdmins built for modern macOS.
And when I joined the MacAdmins Slack about 18 months ago, I quickly got hooked in with those two projects and then those channels, and they’re so well written and everyone was so helpful in getting me started and everything else, that it is just one of those things that choose in the back of your brain that these things would work very well together. And I went through a few different iterations before landing on Baseline, which has been really useful for us, and we’re hoping this will be useful for others too.

Tom Bridge:
Fascinating. So when you find a problem like this, I know that there’s always the moment where it’s like you’re Charlie, and you’ve got the string board out and you’re trying to put together all of the various pieces to try and make it go. How did you get started on this project? What were you not seeing out there in the toolkit for admins that you’re like, “I need to build something?”

Trevor Sysock:
I got started on this because our internal workstation build scripts were getting a little along in the tooth and needed to be refreshed. And I had come a long way in terms of my knowledge and skillset since I had originally written them, and I’d been just patching them along for every operating system for the last six years or so. And with just basic changes in macOS and these new tools that I’ve been learning about, I realized I want to do a full rebuild of our internal workstation setup process.
And that’s where the origins of Baseline were. As I got started building it, I realized we have clients in a ton of different industries, they all have different needs, different kinds of software, different specifics. I realized I was making a project that I could bend to the needs of each of our individual clients, and that without too much more work, I could actually make it work for just about anyone that needed a product like this. So not just for our own internal use, but if I did a little bit more engineering time, then I could make it a platform or framework for hopefully a lot of other people to be able to use too.

Charles Edge:
It does harken back in a way to the old InstaDMG type of days where it’s like, “Oh, I’m going to line up this workflow and then I’m going to run it almost like…” Oh, what was the old imaging tool that we all used forever?

Tom Bridge:
DeployStudio?

Trevor Sysock:
DeployStudio, yeah.

Charles Edge:
Yeah, yeah, it was like DeployStudio.

Trevor Sysock:
We used that for a while.

Charles Edge:
Yeah, it worked great. I miss it. It was easy. Not all these certificates to… Anyways, whatever, but there is this special kind of thing around item potency I feel like, which seems to be the direction that Apple is taking in the MDM speck over time. Let me define the state and keep the device in the state based on this JSON file, but the old InstaDMG type of philosophy or DeployStudio, as the case may be, still has a place too, and is that kind of what you were thinking when you got started with this. Maybe not using that as the exact example.

Trevor Sysock:
Most of our clients are able to run on the philosophy of, we want the latest version of whatever software you’re running, at all times. So we’re not super big on monkey and auto package and stuff where we’re managing versions and whatever else, because it’s just generally not what we need in our toolbox. So really it was, all right, how do we simplify the workstation setup process for our engineers internally so that we’re training them on one tool, making sure that they’re always putting out the latest version of software when they’re installing a new workstation, and stuff like that.

Charles Edge:
Cool. And you’ve got an Installomator, you’ve got a few other tools, well, in this case swiftDialog, but how did you go about gluing them together from a technical perspective, like some Python here, some Swift there, maybe a cherry on top. I don’t know that there’s a programming language called Cherry, but we could fix that.

Trevor Sysock:
Yeah. I’m not a software developer, I just play one on TV. Baseline is fully a ZSH shell script. Shell scripting is something I’m very comfortable with at this point. It’s something most Mac admins need to get their head around at some point to do simple tasks or more complex things. There’s probably other languages that could do similar things a little bit better, but I was aiming towards having as few software dependencies as possible and the ability to self-destruct and get rid of itself afterwards and lead no trace.

Charles Edge:
And have to install nothing extra, that’s another big bonus there, right.

Trevor Sysock:
And have to install nothing extra. So the Baseline could be run just as a shell script any way you would initiate a script, but we do also provide a package. The package basically has a launch demon that calls the script, and then self-destructs at the end. So any way you can deploy a script or a package through your management tools, you should be able to deploy Baseline to get your computer set up.

Tom Bridge:
It’s great to see that kind of flexibility where you know can just say, “All right, here’s my package, go to town.” And all of the hooks are controlled separately. And you get a piece where it’s like, “All right, I have a framework here that can be triggered at any time”, and that’s awesome.

Speaker 1:
This week’s episode of the Mac Admins Podcast is also brought to you by Kolide. Our sponsor, Kolide, has some big news. If you are an Okta user, they can get your entire fleet to a 100% compliance. How? If a device isn’t compliant, the user can’t log into your cloud apps until they’ve fixed the problem. It’s that simple. Kolide patches one of the major holes in zero trust architecture device compliance. Without Kolide, IT struggles to solve basic problems, like keeping everyone’s OS and browser up to date. Unsecured devices are logging into your company’s apps, because there’s nothing to stop them.
Kolide is the only device trust solution that enforces compliance as part of authentication, and it’s built to work seamlessly with Okta. The moment Kolide’s agent detects a problem, it alerts the user and gives them instructions to fix it. If they don’t fix the problem within a set time, they’re blocked. Kolide’s method means fewer support tickets, less frustration, and most importantly, a 100% fleet compliance. Visit kolide.com/macadminspodcast to learn more or book a demo. That’s K-O-L-I-D-E.com/macadminspodcast. Thanks to Kolide for sponsoring this episode of the Mac Admins Podcast.

Tom Bridge:
So what do you see is next for the project? What’s your next step? I mean, not to just say that, I mean, of course everyone says, “All right, we’ve gotten to 1.0, we’ve gotten to release.” What what’s on on the roadmap, I think, is always the question from folks, even if it feels maybe just a teeny bit ungrateful for all of the great work that you’ve produced so far, but where do you see the future going?

Charles Edge:
Spoken like a true product manager, by the way, there Tom.

Trevor Sysock:
From a development standpoint, my goal is to make this tool usable by anyone, regardless of how robust or not robust your management system is. So I’m getting a lot of great feedback from people using various MDMs, some of which I’m not familiar with or heard of much even, and learning about the limitations of those systems and trying to figure out, okay, well if they’re on this MDM that won’t allow them to do that, how do I maybe add a feature into the product here that won’t affect existing installs, but will give them the ability to make use of this product too? So that’s really where I’m at at this point, is looking for feedback and trying to help people with getting this implemented for them. And if I have to make minor additions or changes to make that work, that’s where I see it going in the near term.

Charles Edge:
Rock on. And Rob, I feel like I’ve known you for, goodness, I don’t think I had gray hair back then.

Rob Calvert:
I certainly had a lot more hair than I do now. Yeah, I was thinking about that. I think we met at the Sherman Oaks Public Library in 2005 at an ACN meeting. It was way back then. Yeah, long time. Long time.

Charles Edge:
I think that was my first ACN meeting if I’m not mistaken. And I didn’t get-

Rob Calvert:
Oh, wow.

Charles Edge:
… that many back when I was in LA. And back then, we were in very similar positions, I think, running Apple consultancies, for lack of a better term. And I remember going through this exact same thing, and I had my own mental calculus, but I thought I’d dig into yours just a teeny bit. As a business owner, how do you frame up the idea of adding open source projects to the offerings of the consulting practice or the consulting practice, or how did that go through your head?

Rob Calvert:
It was something that Trevor and I debated about for months, and we were talking about it as we were trying to shape up the project. And something that just kept coming to mind for me is, when I joined the ACN, when Second Son was just getting started back in 2003, I met a tremendous number of great intelligent, just wicked smart people, from all over the country. And what we used to get to do as a community, and present at Macworld, go to MacTech, go to the trainings up in Cupertino, all of these things where we used to get all these brilliant people in a room together and share ideas and try to figure out how to accomplish things in a more effective manner. I mean, I remember diving into rsync scripts at Macworld probably 2006, 2007, and really going deep in that.
And then I remember getting into other stuff with people like Tan, diving into XZEN stuff at the command line and things over the years. And it was just like, everybody comes to these situations, not only technology, but also business from different perspectives. And Trevor hit on some of this, that a big part of our challenge is that we don’t offer just one relationship style to our clients. We have three relatively strong relationship styles, and they range from just doing large projects, all the way to managing an environment. And we have a lot of clients that are in the middle where we do partial management. And that may be because they’ve got an in-house person, that may be because they’re just not company culture wise, they don’t want to be a fully managed environment.
So for us to have a team of engineers that could approach the problem of employee turnover and workstation refreshes every time someone needs to get migrated to a new workstation, and provide a relatively predictable end result for the client, and consistency on our end, there’s a lot of tools out there, and every tool you add to your toolkit adds burden. It adds cost as a business. So for years, Trevor mentioned our previous set of scripts, for years have been looking for how can we break down the needs of the, excuse me, the 65 or 70 businesses that we support in different ways, to a single set of tools that our engineers can know, and it can fit the small mom and pop clients we have, all the way up to the 300 employee clients that we have, and keep our technology burden down and keep our education going, continuing education for the team.
So when we looked at how many open source tools we’ve been using over the years and how many amazingly intelligent people there are out there, we figured, let’s give back. Let’s give back to the community, do something that feels good, is just part of the community that isn’t what it was five years ago when we all used to be able to get together in various places across the country and meet up. So we figured, put it out there and we’d be able to help people. And we knew that people would come back to us with ideas we hadn’t considered, just because everybody’s going to bring their own perspective to it. So we figured it’s a win-win.

Charles Edge:
And your gut reaction to a yes seems to be pretty well-thought-out. It seems like you went through a few different things. Did the idea of, what’s the word I want, liability, enter into the picture like, “Oh, do we have the insurance for this, or can we address this with the license?” Just out of curiosity. And you can skip that question if you want.

Rob Calvert:
Yeah, sure. I think Trevor’s got a smile on his face, because he knows I always think about liability, I’m paranoid about that kind of stuff.

Charles Edge:
I do miss living in LA sometimes.

Rob Calvert:
It is a special kind of place for that. We looked at the licensing, but it’s also because it’s Z shell, everybody can see it. There’s nothing hidden in there. Everybody can see what’s going on. And so, before you run it in your environment, take a look at it and see what it’s doing. So of course, now that you’ve said that, I’m going to go call my attorney on Monday when I’m back in the office and just make sure.

Charles Edge:
Hopefully I didn’t cost you 500 bucks. Sorry.

Rob Calvert:
No. I’ll send you the bill. But we thought about it from a lot of perspectives and it was really, some of the most secure tools out there are the ones that are open source, because you’ve got so many different people looking at them in so many different ways. And so, I’m always thinking about, what domino are we going to knock over because we didn’t know it existed? What unknown, unknown is going to bite us when you’re walking into an environment from a consulting practice perspective, because maybe 25% of our clients are fully managed by us, 50% are partially managed by us, and then 25% bring us in when they need us for large projects and we augment their internal teams. So as you’re stepping into all these different environments, you just don’t know what you don’t know. And so, you got to be careful.

Charles Edge:
I know what you’re talking about, about not knowing so well. I feel about it-

Tom Bridge:
Oh, yeah.

Charles Edge:
… at my old company was about a third, a third, a third, those billing types. And the challenge has ranged from the unknowns, like you mentioned, to well, how do we build them all appropriately? How do we communicate to the people, well, don’t just get in and out real quick. If you’re working on an MSP type of customer, still deliver quality service. There’s so many things there. I don’t miss it.

Rob Calvert:
Yeah. Well, it’s funny, because we’ve been talking for years about the easiest place to miss a detail and stumble, is when you’re either onboarding a new employee, or you’re moving an existing employee who’s really dug into their machine, really made it their own, and now you got to pick all that up and drop it on a new box. And there’s so many little details there. So the more that you can automate out of that, that is a given, the more attention span you have to pay attention to the details that matter in that particular environment that are unique, or for that particular user that are unique. And we do a lot of clientele. We’ve worked with companies that were adding five to seven employees a month for two years straight. So when you’re churning that many new hires, you’re constantly iterating and refining the processes to ensure that you’re getting it right and taking all the guesswork out.
And so, we work hard to even have onboarding and off-boarding checklist with our clientele. And then those feed how we then take the baseline structure, and then of course, we add layers to it for ourselves, for our clientele, that then fit each of these environments. So we have clients that been with us 15 years, we know what every machine needs to have, so we add extra layers into it that are just for them. But as the name implies, the base is the same base we use everywhere. It’s every utility we want to have on there, so our engineers know if they got to go troubleshoot something, they know what’s on the system, because we put it there.

Charles Edge:
I feel like another aspect of some of these open source projects, I remember having a few people on my team back at my old company who were very, very capable in the scripting build projects space. And there were moments when I was far too busy making sure payroll was run and we were legal and closing new customers and doing all these things that really took me out of that technical space. I guess, this is a two-parter, how involved do you want to be with these kind of things? And then, how involved can you be?

Rob Calvert:
I want to be more involved than I can be. I used to love writing a lot of the original scripting that we were doing for Arsing stuff. I mean, we had our own homegrown crash plan, like Arsings that we were using back in the day. We would sync a user’s laptop to an Exer and then we would scoop up the data from the Exer. And I used to love doing that stuff, but I now do the paper pushing and the legal stuff and the sales and all that kind of stuff. I miss it. I do miss it. So I am living a little vicariously through Trevor through part of this.
But Trevor and all of our senior engineering team, really, they think like a consultant and not just like an engineer. And so, what I mean by that is, they think of the business implications of the choices that we make. And so, I have trust in them, because Trevor has shown me time and time again where he immediately thinks two or three dominoes down the line, and it’s like, “Oh yeah, we got to back up and we got to go in a slightly different direction.” So I would love to be more. Maybe one of these days I’ll find a way to get my knuckles dirty again. We’ll see.

Charles Edge:
I have so much empathy for that scenario, and I can only imagine the extra dynamic of having a parent who is a old Unix gray beard.

Rob Calvert:
Yeah. Yeah.

Tom Bridge:
This episode of the Mac Admins Podcast is sponsored by dataJAR, creators of datajar.mobi, a cloud-based managed MDM solution that redefines Apple device management. Developed from the ground up by Apple admins for Apple admins, datajar.mobi is the first solution to truly extend the capabilities of Jamf Pro, the undisputed leader in Apple device management. Datajar.mobi superchargers Jamf Pro through a managed MDM service that delivers simplified zero-touch workflows, fully automated patch management, centrally managed EDR, and a scalable multi tented view with centralized reporting for global and distributed fleets. Designed to provide IT teams with the best of both worlds, we have developed a true MDM-as-a-Service platform for Apple admins that is fully managed and scalable, but can also be controlled through a rich but simplified web interface.
Backed by the unmatched experience of the award-winning dataJAR engineering team, it is no surprise datajar.mobi is consistently ranked in the top 10 highest rated solutions in the G2 grid for mobile device management. Want to learn more? Come and say hi in the dataJAR channel of the MacAdmin Slack, or visit us at datajar.co.uk/macadminspodcast. Thanks so much to our friends at dataJAR for sponsoring the Mac Admins Podcast.
So with Baseline, do you see a long-term involvement for this project, or is this a put it out there and see if it sparks interest kind of thing? I mean, have you gotten much uptake so far?

Trevor Sysock:
We will continue to develop and work on this as long as it’s useful to us in-house at least.

Tom Bridge:
Sure. Yeah, right.

Trevor Sysock:
And so, I’ve been at Second Son almost 10 years now, so I’ve been a MacAdmin consultant for that long. And I’ve built this with the intention of, well, this is going to last hopefully at least two or three more operating system cycles. I’m relying as much as I can on just basic fundamentals of how macOS works with the launch team and the shell scripting and stuff like that. So hopefully, it sticks around. And I’ve had some very involved testers, which I’m very grateful for, because they’ve found problems and suggested changes and stuff like that.
We are getting a decent amount of feedback about it. I think workstation setup process is a big deal. It’s not like, “Oh, here’s a small utility you might want to play with one day and throw into a small environment.” This, it’s a major undertaking. And so, I wouldn’t doubt that people have looked at it and been hesitant and been like, “Oh, well I don’t know if this is going to stick around. Don’t put all your eggs in that basket.” But from our perspective, this is our new workstation build process. It’s working well for us. Our techs have been successful with it and haven’t had any major problems. So yeah, hopefully it’ll be around at least for a little while.

Charles Edge:
On that point, I feel like we mentioned a few tools, whether it’s InstaDMG, DeployStudio, all the MDMs, macOS Server, Xzan. I feel like this industry specifically, since the advent of maybe 10.3, I think Panther would be the trigger moment if I were to try to put my finger on it, there has been a constant and increasingly J-curvy type of change to the tools that we use. And so, I feel like we’ve all had to get used to jumping between whatever we used before swiftDialog as an example, to swiftDialog. There were 10 of those over the years.

Trevor Sysock:
Yeah, IBM Notifier. I was going to say, yeah, they were all out there.

Charles Edge:
Yeah. And even I feel like Installomator might be a little unique specifically, but there have been just so many, and a fairly rapid change. I feel like before that, maybe we could rest on our laurels every three to four years, do a bunch of R&D, coast for a year or two, and then rinse and repeat. But these days it does feel like we’re in a semi constant flux reacting to changes that other organizations, not just Apple, but also downstream, that the MDM providers, even something like Monkey, reacting to the changes, even though they’re often reacting to Apple’s changes.
But so, I feel like having yet another arrow in the quiver just helps everyone. And if there is an evolution beyond that, whether it’s by this team or another team, I think they all build up to this greater body of capabilities, package of capabilities maybe that lets us do so much more. I mean, I can’t imagine one person trying to manage 500 machines in 2005, and now one person is often responsible for two or 3,000 in schools mostly. You know what I mean?

Trevor Sysock:
Yeah. Yeah.

Charles Edge:
Each one brings a new evolution to productivity, I feel like, if that makes sense.

Trevor Sysock:
Yeah, and Bart Reardon. Hi Bart, you’re awesome. Thank you for making swiftDialog. He does things the quote, unquote, right way. He’s looking at what Apple is telling him to do in terms of how to build the app bundles and stuff like that. I’ve used tools before where I’m like, “Oh, this doesn’t seem to have a lot of foresight.” Apple has signaled that they’re moving away from this sort of thing, changing files inside the app bundle for instance. A lot of developers used to keep configuration files inside their app bundles.

Charles Edge:
Licensing files. How many licensed .TXT files are there?

Trevor Sysock:
Right. And so, you see things like that, even though Apple’s not shutting it down at the time during 1015, they were warning you against that, but not enforcing it. Now on Ventura, if you’re doing that, you’re going to have problems. I know I have faith in swiftDialog in terms of being viable for at least a few years to come. And I feel generally the same way about Installomator, because it is just built so much on the fundamentals of how Macworks works and by people who really understand the system and understand the problem and stuff like that.
And so, those were discussions we had. Before I started spending a lot of development time into this was, okay, well these tools you’re relying on, are they going to be here next week, next month, next year? And so, these two I definitely felt comfortable about.

Charles Edge:
Nice.

Rob Calvert:
And in terms of Baseline itself not being a flash in the pan, Trevor hit it when he said, as long as it fits for us. And I don’t have any in designs on changing our business model anytime soon. We like to meet clients where they are. So the fact that we can use the tool, whether it’s a non-MDM environment or a partial, it’s just a real basic MDM versus a fully managed, but just have that one tool, as long as that keeps working for us and we can keep up with the pace of the changes that come out of macOS, it’s going to stick around.

Tom Bridge:
For sure. If folks want to go get started and need help getting started, is there a place where they can go?

Trevor Sysock:
Yeah, well, there’s a Baseline channel on the MacAdmin Slack. It’s about 80 people in there right now, I think. So not a ghost town, but not overflowing. And I’ve spend probably more time than I should admit with my boss on the line here, helping people out and talking to folks on the Slack. So that’s a great place if you have basic questions or anything like that. The tool’s fully documented up on GitHub, we have a Wiki and all the features are there.

Tom Bridge:
A very deep Wiki too. I loved seeing that.

Trevor Sysock:
Well, when you work for Rob Calvert, you get used to the feeling of if it’s not documented, it doesn’t exist.

Tom Bridge:
Well done.

Trevor Sysock:
And so, he drilled that into me. And frankly, I want to help people as much as possible, and I want people to use this, but I also don’t want to have to explain the same thing a 100 times over and over. So I really wanted to outline the basics and make it clear that I’ve thought this through as much as my personal monkey brain allows me to. So it’s not just something I’m throwing out there half cocked. So go check out the Wiki and see what it can do, and hopefully you’ll be impressed. I don’t know.

Tom Bridge:
Yeah. We’re at an interesting point in time right now as the world starts to open up again. I’ve been down here in Australia for X-WORLD this year. It was a phenomenal gathering. We had about 150 or so odd Mac admins and developers and things along those lines. It was a great event. Obviously there were a lot of challenges getting it back off the ground. And Tony Gray from the AUC did an incredible job. Are you guys starting to think about traveling to conferences as we have Penn State in July, Mac DevOps in June, Worldwide Developers Conference, although it’s unclear how much of that’s going to necessarily be in-person. Are you guys thinking about going-

Charles Edge:
[inaudible 00:36:36] The list goes on. We don’t want to offend anyone.

Tom Bridge:
The list goes.

Charles Edge:
Sorry.

Rob Calvert:
Yeah, I mean, it’s definitely been on my mind. I’ve been looking at, I got my first, I don’t know, nine or 10 emails about WWDC coming up and it just flooded my inbox this past week. So I’ve been looking at those things. I’ve never made it out to Penn State. It’s something I’ve wanted to do for many, many years. So it’s definitely on our radar. No plans yet, but we’re certainly considering.

Tom Bridge:
Awesome. Well, we hope to see you in person at some point this summer.

Rob Calvert:
That would be nice.

Tom Bridge:
Or fall. Here at the Mac Admins Podcast. We want to say a special thank you to all of our Patreon backers. The following people are to be recognized for their incredible generosity. Stu Baka, thank you. Adam Selby, thank you. Nate Walk, thank you. Michael Tsai, thank you. Rick Goodie, thank you. Mike Boylan, you know it, thank you. Melvin Vives, thank you. Bill Steitz, thank you. Anush Dorville, thank you. Jeffrey Compton, M. Marsh, Stu McDonald, Hamlin Cruin, Adam Berg, thank you. AJ Petrepka, thank you. James Tracee, Tim Perfitt of Twocanoes, thank you. Nate Sinal, Will O’Neill, Seb Nash, the folks at Command Control Power, Steven Weinstein, Chet Swarthout, Daniel McLoughlin, Justin Holt, Bill Smith, and Weldon Dod, thank you all so much. And remember that you can back us if you just head down out to patreon.com/macadmpodcast. Thanks everybody.

Charles Edge:
I think this is a fairly, I don’t want to say any of them are easy, because we’re not trying to stump anyone, for sure. But I don’t know, as consultants and former consultants, because we’re split evenly in this group right this second, let’s prognosticate for our bonus question for a hot minute. The next frontiers of consulting, there’s all this technology out there, and the old days where we were consulting for print shops, been there, we had a very unique set of devices. I hope to never, ever, ever, ever, ever work on a fiery printer again, or a fiery rip, I guess, to be specific.

Tom Bridge:
Man, you used the F word. I can’t believe you used the F word on this podcast.

Charles Edge:
I know. I know we’re going to get into explicit.

Trevor Sysock:
There is a fiery ring of hell, specifically designated for the consultant who doesn’t behave.

Charles Edge:
Yeah. Yeah. But what is the next frontier? If you were going to start a consultancy that couldn’t be a MacAdmin consultancy, and you wanted to make sure you had plenty of future customers and could go through maybe hypergrowth, what’s the next big thing that people need help with?

Rob Calvert:
I think-

Charles Edge:
Go ahead.

Rob Calvert:
Sorry, I didn’t mean to jump in.

Charles Edge:
No.

Rob Calvert:
I think identity management and security. I am spending a tremendous amount of time right now helping clients go through their cybersecurity insurance policy, renewal questionnaires. And talk about a hockey stick, the expectations three years ago were like, “You got a password, right? Okay, you’re good.” And now you got to have MFA on everything. I’ve seen policies where they expect you to have MFA, even if you’re inside the building, to get into the admin interface of devices and network infrastructure, and just on and on and on and on. That aspect of our business, of this industry, is shifting really rapidly right now.

Charles Edge:
Interesting. Yeah, I do know of a couple of specific identity management consultancies out there. I don’t know, I mean, I 100% agree, the hockey stick thing, I think a lot of the big enterprises have done it. It’s going down market, even if only, you mentioned the insurance forms, but also here in Minneapolis, we have a lot of small businesses that work for a big box retailer, Target, Best Buy, are based here.

Rob Calvert:
Sure.

Charles Edge:
You’d have the same thing in Little Rock for Walmart or whatever, but on their forms, if they’re going to work with one of those big retailers, they have to check those boxes too. And it’s interesting how non-public companies can sometimes undergo the same level of scrutiny like a SOC 2, lockdown public company might go through. That’s an interesting one. Identity’s hard. I have developers, and teaching them how to do OAuth, is holy buckets.
You can have an engineer who’s amazing with JavaScript or Swift or Go or insert language here, but whether it’s OAuth, SAML, heaven help you if it’s the place where the two meet, if you’re an identity provider as an example. That is a whole skillset where regrettably, most admins who manage those systems aren’t also developers, so it’s this weird hodgepodge of skills. But that’s a super interesting one, and I love the fact that you mentioned it, because it means it’s still growing. Because I think sometimes, Tom might fall into this trap or some of the PMs that report to you might, where you’re like, “Well, there’s not that much white space in this market.”

Tom Bridge:
Yeah. Well, I was going to say-

Charles Edge:
But obviously there is.

Tom Bridge:
… we think about that a lot, because I mean, everything that we take a look at at JumpCloud as we start to look at our funnel, as we look at our product plans, as we look at all of those things, there is no shortage of new businesses who need help with this problem for the very first time. And so, when I think about the place where I tend to think about where I’d be talking about doing this kind of growth as a consultant, would be in identity management. Identity transformation is really what it becomes, because it’s the process of going from, everybody has their own accounts for their own services with 40 different passwords that are probably all the same and might just end in one, or it might just be password 1234, or might be login 2023 blank.

Charles Edge:
I’m so going to own all of your stuff, just saying.

Tom Bridge:
Correct. I mean, all of those businesses that are out there that haven’t really had to think rigorously about this, I think are going to have to in the next five years. Rob, you mentioned the cybersecurity questionnaire thing. I hated filling those out, and they only got five times as long in the last two years, because they want to know everything. They want to know about physical security, they want to know about digital security on all of your pieces. Do you have MFA? All the things, all of those kind of things fit together. And so, I think there is a lot of technical spots to this, because Charles, as much as you have to explain OAuth and OpenID Connect to a developer, guess what? You have to explain it to the CEO too.

Charles Edge:
And here’s the thing-

Tom Bridge:
And I’m not sure which one of those things I would rather do.

Charles Edge:
Yeah. As a developer, you think, “Oh, I’ll just drag the Auth0 SDK, no offense to Auth0 here, into my SWIFT project and I will have all this for free. No, there’s two further months of development to get all the logic. Meanwhile, all the logic is pretty much the same for every web app ever made. So you’re like, “Why…?” Whatever, I could go off on a whole tangent. Maybe we’ll have to have an episode with some engineer from OSIRO at some point if they’re not mad at me after this. Anyways, Trevor, how about you?

Trevor Sysock:
Rob definitely stole my cupcake right there. I mean, we work at the same company, so it’s like we’re thinking about these same problems. To expand on that, a lot of our clients, something we’ve fought with as long as I’ve been here, is that a lot of our clients are on that cusp of, we’re a really small company or we’re now a SMB small business. And tools, these enterprise tools that get you the security that they need now and stuff like that, don’t necessarily scale down in cost very well to a company that has 25 employees. And not all companies are startups, not all companies are looking to have exponential growth.
We’ve got clients that have had 25 employees thereabouts for the last 20 years, and they drive a lot nicer cars than I do, so they’re making good decisions. So I think the scaling, being able to understand the security landscape and translate that to business owners of those 25 person companies, and be able to know which tools are going to give you the security you need and not triple your IT budget over the next three years, that’s one of the things we were fighting with and trying to figure out, well, how do we get unified identity for this company without breaking the bank, and still without having to throw away all these other tools, the productivity tools they’ve been using that may not scale or play well with enterprise tools and stuff like that.

Charles Edge:
I feel like when I first started going through this, maybe the late odds, one login had three web apps, unlimited users or something like that for free. And back then, that checked all the SAS boxes, we were good. Now it’s all SAS boxes. So I don’t know. I know that a lot of tools like JumpCloud as an example, thank you Tom, have a few users for free forever. And I mean, that was the whole idea behind Jamf now. And there have been plenty of other ones, SimpleMDM, that have had X number of users for free for whatever time period or forever. But checking all those boxes, I think what you said was very astute for those small businesses, the not every tool scales down.
And I do think that every category that doesn’t have a tool that scales down market, is an opening just waiting to be exploited by some vendor. The hard part there though is, talking to small businesses as someone from Gartner once told me, is the hardest market to talk to, because everybody’s operating vertically, not horizontally. So there’s no like, “Oh, I’m just going to join this small business. I’m going to promote on this small business thing.” They all go to their, “Oh, I run food trucks, so I go to the food truck podcast, not the small business podcast.” Interesting. How about you, Tom?

Tom Bridge:
I mean… Sorry.

Charles Edge:
And you can’t say identity, because it’s been said twice.

Tom Bridge:
Well, I mean, I can, but-

Charles Edge:
And it would be too self-serving where you work.

Tom Bridge:
I know, but I do think that security goes to the next step, but I also think that there’s going to be some conversations to have around things like consulting on data brokerage, understanding your own threat profile based on the data that you collect and based on the data that you expose incidentally or accidentally. And so, those are places like, “Hey, maybe you need somebody to talk to about ChatGPT, because are your engineers asking ChatGPT for a solution to a problem they have at work, and then inputting some and then testing out those solutions? Is there any other solution? What’s your stack overflow policy internally when you talk about your infrastructure?” And so, I think that there may be some conversations to have around that. And not that I’m advocating anybody block stack overflow at work, because we’d all be out of business tomorrow. But I think that there is a place for us to have a good conversation around data leakage and data safety strategies.

Charles Edge:
Yeah. It’s not the same as it used to be, for sure, in that regard. ChatGPT is a game changer for all the reasons that the media is missing, and doesn’t matter for all the reasons the media seems to think it matters for.

Tom Bridge:
Agreed. Yeah.

Charles Edge:
And ChatSpot AI is one that I saw recently where it just plugs into HubSpot, and you can ask it these just asinine questions like, what are the keywords that US Bank bought last year? And it will go through, and it will pick and show you all of these just incredibly intricate details, parsing through all these different APIs that are available. And one accidental non rate limited, non paginated, whatever endpoint that we forgot to secure properly, could… The amount of data exfiltration that we’re concerned about on all those endpoints, just doesn’t even matter anymore, compared to what can leak out with one JSON file. Oh, I guess I should go too.

Tom Bridge:
Oh yeah, let’s go.

Charles Edge:
Seeing Trevor reminds me, I have four, five 3D printers now, and sometimes I just don’t have time, and I need to get printing my next thing. And then I have maybe 80 smart devices, IoT devices in my house, and sometimes I just don’t have time to go figure out why that Z-Wave light switch isn’t talking to the bridge so that home kit’s picking it up. And so, I’ve thought for a long time that… Oh, and I have friends with lake houses, and the best thing about a friend with a lake house is that you don’t need a lake house, by the way, side note.
But in the winter here in the Midwest, you can’t let the lake house freeze. So you need to monitor that the stat is reporting back, and there’s no good monitoring tool for those. So I think, the more intelligent our homes get, and I remember working with tons of rich and famous people back in the day, they had us to be this, but it needs to go further down market. So I do think that there’s a place for the digitally aware home maybe. I don’t know how I want to phrase this, but that’s a gap that I don’t see any consultants touching. And not every consultant is going to want to swap out the light switch. We were never bonded. That’s a whole other thing.
We didn’t have electricians on staff, and I’ve tried to hire them, but also for our office, you need staff to do it, or that’s not a thing you can really do. If you notice, when we had the IoT or the home kit, no one was offering that as a service. We’re all just nerds banging on it. But here in the next few years, everybody’s going to have all these things wired up.

Trevor Sysock:
Seriously I’m like-

Tom Bridge:
My guess is that we have a fair amount of that in the underground already. Everybody’s got their home automation guy. And in some cases there are companies that are doing Crestron stuff, as opposed to doing the more home kitty kind of things.

Charles Edge:
Yeah. Yeah. And if you’re got a control for a Crestron, you have to work with the person that installed it or someone who is a certified installer for those platforms, but when it comes to home kit as opposed to a control for a Crestron, or it comes to A-L-E-X-A, whose name I can’t say, or Hey G-O-O-G-L-E or whatever her name is, we can work on these, but I feel like sometimes it just doesn’t work. And you get to that point where, who are you going to call, the HVAC company to work on the lights, or the electrical company? They don’t know anything about the protocols that communicate wirelessly.
So I would say if I was to… And it’s hard going further down market. When you’re billing home users, you’re really hitting the pocketbook specifically. So finding a way to do it, would be the hard part fairly, because the MSP model of what, 75, 125, that range dollars per device per month, that doesn’t really work.

Tom Bridge:
Doesn’t scale that way.

Charles Edge:
Yeah, but I think there’s an opening there in whoever figures it out.

Trevor Sysock:
So Charles, you’re aiming to make electricians more expensive by requiring them to have IT certifications and security knowledge as well. Is that your point?

Charles Edge:
Well, it’s almost the opposite, because some electricians will do this stuff and they’ll do it so badly that… Yeah.

Trevor Sysock:
I used to do side gigs doing home automation and stuff like that back in the early aughts. And I’ll tell you, you might want an electrician doing that stuff rather than your buddy who knows how the automated stuff works.

Charles Edge:
To be specific, anyone touching high voltage wiring should be insured and bonded in that class of company. They should be an electrician. And I very much, while I may hack around in my own home, I don’t do that for anybody that’s not me. So I won’t even do stats anymore for friends. I did that for a little bit and now I’m like, “No, hire an electrician.” The problem is, I don’t have a good person like, do you hire an electrician if you’re doing a stat or a HVAC person or whatever? Anyways, I’m battling now. My thing is, figuring out IoT down market, and by the way, you can’t find anyone in my geography to fix your 3D printer. There’s so more going on in homes than there used to be.

Trevor Sysock:
You heard it here. If you’re an electrician in Minnesota who wants to get cross trained in 3D printing and home automation, Charles is offering trade for trade. Not sure you’ll get a lot of hits off of this podcast for that demographic, but maybe.

Tom Bridge:
You never can tell. You never can tell. Well, Trevor and Rob, thank you so much for joining us this week. It was a great pleasure to talk with you about this subject. Congrats on Baseline. This is honestly really exciting to me, I think that this is phenomenal. Thank you so much for sharing that with the community.

Trevor Sysock:
Thanks for having us, and thanks for everything you guys have offered and the MacAdmin Slack and everyone there. Definitely, I’ve gotten so much help from people there and inspiration. I’m not going to try and name everybody, because I’d forget people, but there’s a lot of folks there that help me out with this and a lot of other stuff. So I’m personally just really happy to be able to give back, and thanks to Rob for letting me talk him into opensourcing. He was a little embarrassed, but one of the things I told him was, it might get us invited on this podcast if we do.

Rob Calvert:
He’s not lying. He did throw that on the table.

Tom Bridge:
Cat Nip for Tom Bridge was activated when I saw that.

Charles Edge:
Well, you guys have an open invite, just to throw that out to you.

Tom Bridge:
Yes, absolutely.

Charles Edge:
Feel free to ring me or Tom or Marcus or whomever, pigeon, carrier pigeon, Slack, whatever means of getting in touch with us. But hit us up anytime you-

Tom Bridge:
Drop bear.

Charles Edge:
Yeah, drop bear. Oh yeah, be careful, Tom. Drop bears is in potholes.

Tom Bridge:
Yeah, I’ve been watching out for them all week.

Charles Edge:
They’re in the potholes.

Tom Bridge:
Yeah, Drop Bears in potholes.

Charles Edge:
That’s what really happened. You didn’t hit a pothole, the pothole hit you.

Tom Bridge:
Oh, that’s what happened. I hit a drop bear. Oh, man, that explains so much. We’ve got your contacts, links, that’ll be up in the show notes here as well as links to this project and to Second Son generally speaking. And it was such a pleasure to have you on this week. Thank you so much.

Rob Calvert:
Thanks for having us guys, appreciate it very much.

Tom Bridge:
Yeah, and of course, thanks to our wonderful sponsors this week. That’s Kanji, Kolide and dataJAR. And thanks everybody, we’ll see you next time.

Charles Edge:
Yeah, next time.

Speaker 6:
The Mac Admins Podcast is a production of Mac Admins Podcast LLC. Our producer is Tom Bridge, our sound editor and mixing engineer is James Smith, our theme music was produced by Adam Codega the first time he opened Garage Band. Sponsorship for the Mac Admins Podcast is provided by the macadmins.org Slack where you can join thousands of MacAdmins in a free Slack instance. Visit macadmins.org. And also by Technolutionary LLC, technically, we can help. For more information about this podcast and other broadcasts like it, please visit podcast.macadmins.org. Since we’ve converted this podcast to APFS, the funny metadata joke is at the end.

Listen

Sponsors:

datajar.mobi is a cloud-based managed MDM solution that redefines Apple device management. By providing completely automated and managed services backed by an award-winning Apple support team, the platform delivers zero-touch onboarding, configuration management, patch management and EDR capabilities. Want to learn more? Come and say hi in the #datajar channel of the macadmins slack or visit datajar.co.uk/macadminspodcast

Patreon Sponsors:

The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include:

Rick Goody, Mike Boylan, Melvin Vives, William (Bill) Stites, Anoush d’Orville, Jeffrey Compton, M.Marsh, Hamlin Krewson, Adam Burg, A.J. Potrebka, James Stracey, Timothy Perfitt, Nate Cinal, William O’Neal, Sebastian Nash, Command Control Power, Stephen Weinstein, Chad Swarthout, Daniel MacLaughlin, Justin Holt, William Smith, and Weldon Dodd

Mac Admins Podcast Community Calendar, Sponsored by Watchman Monitoring

Conferences
Event Name Location Dates Format Cost
XWorld Melbourne, AUS 30-31 March 2023 TBA TBA
Upcoming Meetups
Event Name Location Dates Cost
Houston Apple Admins Saint Arnold Brewing Company 5:30pm 4th March 2024 Free
Recurring Meetups
Event Name Location Dates Cost
London Apple Admins Pub Online weekly (see #laa-pub in MacAdmins Slack for connection details), sometimes in-person Most Thursdays at 17:00 BST (UTC+1), 19:00 BST when in-person Free
#ANZMac Channel Happy Hour Online (see #anzmac in MacAdmins Slack for connection details) Thursdays 5 p.m. AEST Free
#cascadia Channel Happy Hour Online (see #cascadia channel in Mac Admins Slack) Thursdays 4 p.m. PT (US) Free

If you’re interested in sponsoring the Mac Admins Podcast, please email sponsor@macadminspodcast.com for more information.

Social Media:

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back MAP on Patreon



Support the podcast by becoming a backer on Patreon. All backer levels get access to exclusive content!

Subscribe

Archives