Episode 328: Elliot Jordan and Escrow Buddy
Today’s guest is Elliot Jordan, Senior Client Systems Engineer at Netflix, here to talk Escrow Buddy, Recipe Robot, AutoPkgr, and about all the fun projects he’s been involved in over the years!
Hosts:
- Tom Bridge, Director of Product Management, Devices, JumpCloud – @tbridge@theinternet.social
- Charles Edge, CTO, Bootstrappers.mn – @cedge318
- Marcus Ransom, Senior Sales Engineer, Jamf – @marcusransom
Guests:
Links:
- Mike Solin’s Post on Focus Modes: https://mikesolin.com/2023/08/05/finding-balance-while-working-remotely/
- Crypt: https://github.com/grahamgilbert/crypt
- Escrow Buddy: https://github.com/macadmins/escrow-buddy/
- Stop prompting users for passwords when re-escrowing FileVault keys: https://www.elliotjordan.com/posts/filevault-reissue/
- MAOS panel: https://www.youtube.com/watch?v=REyEYsgz5MI
- Recipe Robot: https://github.com/homebysix/recipe-robot
- Stethoscope: https://netflixtechblog.com/introducing-netflix-stethoscope-5f3c392368e3
- Extraordinary Attorney Woo: https://www.netflix.com/title/81518991
- Mr. Robot: https://www.imdb.com/title/tt4158110/
- Utopia (AU): https://en.wikipedia.org/wiki/Utopia_(Australian_TV_series)
- The Bear, Season 2: https://www.hulu.com/guides/the-bear
- Elliot’s site: https://www.elliotjordan.com/
- Upcoming JNUC session on Escrow Buddy: https://reg.jamf.com/flow/jamf/jnuc2023/home23/page/sessioncatalog/session/1682654671482001Ah7L
Click here to read the transcript
Please note that this transcript was generated automatically
Speaker 2 (00:01:17):
Hello and welcome to the MCAD Mins podcast. I’m your host, Tom Bridge. And Marcus, how was Singapore?
Speaker 3 (00:01:22):
Singapore was great. Um, apart from the bit where it was really hot and humid, which, um, which was okay, it, you know, in the scheme of things, it, it was fine, but it, no, it was really nice to travel somewhere different. Um, speak to people, um, speak to Mac admins in different areas of the world and see the sort of problems that they, they face and how they solve them. So, yeah, it was nice to get out and about. And, uh, I, I know there’s been a few of us on Slack sort of chatting about, uh, you know, we, we’ve seen in the, in the days of remote work, um, everyone showing off their battle stations from, from home where it’s great that you can set up these amazing things, but seeing some, um, wonderful examples of what people have set up in hotel rooms. Um, and there was one, one with an ironing board on a, what looked like a coffee table in a hotel room to make a makeshift shift standing desk with a bunch of Macs on top of it. That, um, gave me a lot of, um, traveling Mac admin envy. It
Speaker 2 (00:02:23):
Gave me some ideas. Yeah, yeah. I was gonna say it definitely, as, as someone who frequently travels with, you know, a laptop or two and an iPad and like, you know, all of those things, I was like, oh, I see what you’re, I’m picking up what you’re putting down here. I think that’s gonna be solid.
Speaker 3 (00:02:38):
The, the, the one bit of travel that, uh, I think we, you know, and it’s, it’s a little frustrating thing, and like all good Mac admins, I’ll pick something fairly minor and complain about it as if it’s the, the worst thing in the world. But, um, here in Australia and seeing, seeing the same thing in other airports, it depends on airport to airport. And I’ve even heard between which sort of terminal and departure gate you’re in as to whether you have to unpack your bag to take your, and they always say it in a singular laptop out for scanning, whereas someone who sometimes travels with three laptops, two iPads in the one bag, and having to pull all of that crap out and lay it across the, um, the scanning conveyor belt and hope that it’s all still there when you get back at the other end, seeing a couple of places now where they’re like, nah, just chuck it through as is. Yeah. And we’ll just look right through it all.
Speaker 2 (00:03:30):
It’s, it’s kind of amazing. They’ve, they’ve used a couple different new technologies for, and I, I think in some of the cases it’s, you know, uh, circular or what is it, uh, um, you know, rotational tomography, uh, where it gives you like a full on three D image of, of all of the bags. And it’s great for those of us who travel with two laptops, an iPad and Nintendo Switch, a giant battery backup, um, a power strip. Um, you know, and, and whatever else, you know, we put in our bags, um, it makes it a little bit easier to go through security. And that’s been, you know, a huge bonus. I think that that was the case in both of the UK airports that I flew through in May, and then also in the big Sydney airport in, uh, in back in March. So, or April rather.
Speaker 3 (00:04:13):
Yeah. So, so, so Tom, how is vacation going for you? You are, you are, you are a week into vacation at the moment.
Speaker 2 (00:04:19):
I’m a week into vacation. I haven’t logged into my work accounts for 10 days. I’m scratching at my arms. Um, you know, I, I, I will say that it is, I, I’ve definitely pulled out my phone to look at work Slack, uh, and put it right back in my pocket, probably 10 to 12 times a day for the first three or four days. I think I’m down to one or two now. Um, you know, I, I definitely, we, we, we had an arrangement with some of my teammates on, you know, in case of emergency break glass. And we, we’ve, we, we’ve definitely been in contact, you know, we’re not strangers. They know that they can talk to me and I’m vice versa. So, you know, on that front, it’s been pretty good. Um, we are in the midst of a bit of a heat wave here in central California.
Speaker 2 (00:05:00):
Um, it was, um, 103 today, which is, you know, 40, or I’m sorry, 39, see? Um, and, uh, you know, definitely went to the movies today, you know, took Charlie and, and my nephew to the movies. Um, and we went and saw the, uh, new Teenage Meet Nin Ninja Turtles movie, which I can strongly recommend if only for the soundtrack. Um, which is honestly amazing. Um, I will, I will find the, uh, playlist that, uh, a friend of mine made, uh, and put it in the, uh, apple Music, uh, you know, thing. And we’ll get that out there for folks ’cause it’s really good. Um, but other than that, it’s pretty spectacular. Um, next weekend, my wife and I are gonna get away for a couple of days and go down to the beach and, you know, spend a couple days in Monterey with no kiddo.
Speaker 2 (00:05:46):
And, uh, Charlie’s gonna have a great time with his cousin and with my parents, and I’m really looking forward to it. It’s been, um, a long, I, I realized this the other day. I haven’t taken more than 10 days of away time ever. And, um, I, I, you know, I’ve been, you know, I’ve taken trips, I’ve taken, you know, other, you know, sojourns and other things along those lines, but I’ve never taken two consecutive weeks of honest to God vacation as an adult human being. And I turned 45 in October. Nice. So, um, I, I’m trying to encourage my team to do this more. So I’m trying to, uh, you know, encourage my colleagues to do it more, um, because honestly, we need this break. We need these breaks more often. And so I am taking that break. I’m here with you guys because I love this. Um, and, you know, this continues to be an important part of my life. Um, and it’s talking to friends, right? Like, I, I treat this as talking to friends. Um, so, you know, that’s the only thing that I’m doing that is that could even remotely be considered work related. So it’s pretty great. I encourage everybody to do this at least once.
Speaker 3 (00:06:54):
So, so a friend of the podcast, um, Tanya Daru, who’s, who’s been on a couple of times, she has a great thing she does where she goes off with friends to a place where there’s no phone coverage. Um, oh, and at first my eyes started twitching thinking about that, and then it’s like, okay, the fact that my eye is twitching about there being no phone coverage is probably an indication that I need to maybe go and hang out in those places for a while. So, yeah, I, I, I think I need to go and do some, um, do some training on how to do p t o properly. Um, well, I,
Speaker 2 (00:07:29):
I do wanna call out Mike Solen, uh, who has a great post up on LinkedIn and on his blog this week about using focus modes to preserve your, um, you know, your personal life a little bit more. Um, so I’ll find that and throw that in the show notes. It’s a great read. Mike did a really stellar job talking about how he implemented that for his own life, and that’s exactly what I’ve done. I like the internet. I enjoy seeing what’s happening out there. Um, I don’t think I could, I could totally fully disconnect, but I choose not to. Um, I can quit whatever I want, I promise. Um, but, you know, in a lot of these cases, you know, I took all of my work apps off my phone. Like there’s a, a full screen of like 12 apps that I use for work on my mobile that are just gone right now. And it’s pretty awesome.
Speaker 3 (00:08:16):
S saving us from ourselves is a, is a good way of thinking about that. Yes. That, that blog post had literally read that yesterday, and it was, Hmm, I need to set this up. Um, , I need
Speaker 2 (00:08:30):
To yes,
Speaker 3 (00:08:31):
You know, prepare myself so that when I do take time off, it’s literally just flicking a switch and all of that goes away because it, it, it’s that it distraction and not being able to immerse yourself in the moment of what you really should be doing when you’re away. Um, and, you know, in a spare moment from having, you know, a large moment of time off to be able to just sort of drift in, see something which, you know, once you’ve seen something, you can’t unsee it. So, um, yeah, very, um, you know, very much on my radar to set that up and, um, you know, try to, you know, try to preserve my sanity so I can maintain a, you know, a long and happy career, um, without burning out. For
Speaker 2 (00:09:15):
Sure. Well, it’s not just the two of us this week. We have an incredible guest, um, and, you know, it’s one of those places where I had to go back through and look to make sure that, you know, he’d never been on before. But welcome to the Maced Men’s podcast, somehow after 300 and some odd episodes. Uh, Elliot Jordan, thank you so much for joining us this week on the Macin Podcast. It’s great to see you.
Speaker 4 (00:09:35):
Hi. Thanks, Tom. Thanks, mark. It’s, it’s, it’s super exciting to be on the podcast. I’ve been listening for many years and kind of wondering maybe someday if I should try to be, uh, to be on, and I’m so excited that today’s the day.
Speaker 2 (00:09:51):
Yeah. ’cause I, I went back and looked, and there are no less than seven episodes where your work appears prominently in the show notes. Oh, wow. But we somehow haven’t had you on. Um, so, you know, I was gonna say, we fixate. We’re fixing that today. I’m thrilled you’re here. Um, and, you know, uh, you’re a client platform engineer, excuse me. You’re a senior’s client systems engineer at Netflix. Um, and you’ve developed with your team a new product called Escrow Buddy. Um, and not to mention your previous work, which is Recipe Robot and Auto Packager. Um, and you’ve had a lot of fun projects over the years, so we’re thrilled that you would join us this week. But before we talk about those things, when people join the podcast, we’d love to get an origin story. We’d love to know how you got to be someone who managed Apple Devices. So can you share how you got started?
Speaker 4 (00:10:38):
Sure. Um, I guess that that story starts all the way back in 1986. Um, I was an impressionable kid growing up on a farm in Iowa, and my parents bought a Mac Plus. Uh, in, in theory, I think the Mac was to keep track of farm budgets and accounting. Uh, but in reality, I think I took it over pretty quickly and I I fell in love with what it could do. I, I made like, uh, art and pixel mazes with mac paint. I, I like zoomed in real, real close and made little mazes for myself to figure out. I wrote like Lego fan fiction and Microsoft Works, not Word Works. Yeah. Mm-hmm. . And, uh, I, I, I also, like, I, I started discovering the internals of the Mac operating system, just like by accidentally moving the system or finder files outside of where they should be.
Speaker 4 (00:11:24):
And then not being able to boot and having to fix that. You know, it’s like font da mover and res edit and all that stuff. You know, curating a, a large list of extensions. Um, that was kind of the geeky way that I, that I got into it. I’ve still got a U T m, uh, virtual machine running Macs 9 2 2. I think that it, when I feel like it allows me to kind of recapture that nostalgia, which is nice. Um, and so I was one of those stubborn, like Mac is better than Windows people, even during the dark ages of the mid nineties, which I’m annoyed a lot of my classmates. But by the time I got to high school and college, um, I became known as the MAC guy. And I, I created a website for the student newspaper and eventually got like a cushy student work job at the help desk, uh, to, you know, help people fix, uh, whatever Mac issues they had.
Speaker 4 (00:12:10):
And I kind of made a name for myself and started, uh, managing MAC Labs for the art and music departments too. And that’s where kind of I, the light bulb went off that’s like, oh, I can actually do this in bulk. I can make these, you know, make these problems go away for all the computers that, that we manage, not just one at a time. So that kind of led to my main career path, uh, which was 10 years as an IT consultant in the Bay Area, and got me eventually. Uh, you know, I, I, I really, I liked being a consultant because it allowed me to get just enough knowledge about so many things and then start to focus in on the things that I like to do and was good at. And towards the end, I kind of, uh, got, had a few fun, fun gigs, uh, helping some well-known startups prop up their MAC endpoint management and security programs before passing the torch to their newly formed in-house teams. Um, and then I started getting connected to the MAC admin community via the Mac Brain ssf group. Uh, that was Oh, yeah. Really fun in the early years for sure. And that kind of turned me onto some open source collaboration, like Monkey and Auto package. And, uh, I started to focus on that, and that led to in-house C P E work. And here I am.
Speaker 2 (00:13:24):
That’s awesome. And so you’re now at Netflix and, you know, it’s great to see folks at, you know, big spots like that. And, you know, uh, you think about where you start, you know, consulting, uh, businesses can be, you know, uh, smaller organizations, large organizations, medium sized organizations. What are some of the ways that MAC management has changed over the years?
Speaker 4 (00:13:44):
Oh, boy. Yeah. I mean, when, how has it not changed? I mean, Yeah. When I, when I started, I think I was using Net Restore and Net Boot. Uh, yeah. You know, rest in peace. Those were great tools. and setting up the Magic Triangle and work group manager, and oh my gosh, that the much, um, manage once option, like, don’t we always, that M D M had something like that? I hope hopefully D DMM will at some point, but, um, yeah. Think, or even
Speaker 3 (00:14:11):
The manage often as well, just the, yeah. You know mm-hmm. , the flexibility there was equal parts great. And a curse, maybe.
Speaker 4 (00:14:22):
Yeah. Whenever I go through a, a book like Charles and Rich’s, um, apple Device Management book, and I see screenshots from years past, like work group manager, I, I just, I start to, the wheels start turning in my head like, how many of those things can we still do versus how many do we wish we could do? So, yeah, I, I, um, I, when I started, it was like, all those tools were available and M d M wasn’t a thing. And if you’re a mm-hmm. , if you’re still at a small, smaller company, Sneakernet was a viable option Yeah. Of getting people software that they need and helping them out. And now with remote work and M D M and Zero touch, uh, setup, the, you know, that those days are passed, whether you like it or not, ,
Speaker 3 (00:15:04):
Look, the, the, the other way I like to look at that as well is, you know, we, we look fondly back on all of those things we used to be able to do. And then I, I think about the idea of putting a machine managed the way we used to manage machines back in those days into a modern environment. And then it’s like, oh, yeah, yeah, there’s a, there’s a reason some of those things don’t exist anymore because other things exist that would break those things or exploit those things. Um, so, you know, I
Speaker 4 (00:15:37):
Mean, I remember setting up laptop carts with the Golden Master image, as we used to call it. Oh, yeah. Uh, and you know, once you got that right, it was great. It saved hours of work, and everything worked hopefully perfectly. But as soon as something started not to work perfectly, or as soon as you wanted to install some update to some software or an OS update, then you, you had to do a lot more work than you, than you have to do today. And as, as, uh, complex as we’ve been kind of forced into this new world of thinking of, of M D M and, um, kind of setting up devices through, through code or through declarative, um, statements of some kind, uh, it’s a little bit more complex, but I think the end result is, is probably better. But still, if you, if you look through rose tinted glasses at the past, and just ignore all of the work that you got to get to the Golden Master image, and just remember that, that that image mm-hmm. and the result of that it does, it’s warm and fuzzy .
Speaker 2 (00:16:36):
Yeah. A lot of us are pretty good at remembering the good parts of the bad, of the bad old days and not the bad parts of the bad. Yeah,
Speaker 3 (00:16:41):
Exactly. It’s no leopard, the best OSS ever falls into that category as well. I, it’s like, didn’t we all hate that when it came out? It’s like, no, apples moved the cheese. Um,
Speaker 4 (00:16:52):
Yeah, I was managing excerpts back, back and X-rays back in that, in that time. And I, you know, I think Snow Leopard worked fine, but I definitely remember it was not problem free. You know, installing that on, on Leopard Exerts and hoping that your client can still get to their file server when you’re done was, it was not a guaranteed situation.
Speaker 3 (00:17:12):
Yeah. Something, something tragedy plus time equals comedy, or something along those lines. .
Speaker 4 (00:17:20):
So character For sure.
Speaker 3 (00:17:21):
Exactly.
Speaker 1 (00:17:23):
This week’s episode of the Mac Admins podcast is brought to you by Simple M D M a powerful and intuitive Apple device management solution designed to make the lives of Mac admins easier. The process of setting up your own monkey instance can be time consuming and complicated. With simple MDMs hosted monkey integration, they’ve taken all the hassle out of the equation. So you can enjoy a best in class software management solution for Mac OSS without the headache of hosting and configuring it yourself. Gain access to their shared apps directory, a curated collection of popular Mac OSS software that is regularly updated so you don’t have to worry about maintaining your own repository or offer a self-service experience to your Macs users For the managed software center. Save valuable time as a Mac admin by simplifying software distribution, automating updates, and empowering your end users with a free 30 day trial of simple M D M. Thanks to simple m d M for sponsoring this episode of the Mac Admins Podcast.
Speaker 3 (00:18:29):
So, another thing that’s changed as well is, um, you know, sort of what we talk about at conferences. So you, you recently gave a workshop at, um, P S U Mac admins, so how did, how did that go and what’s it like now, sort of post pandemic and in 2023, um, giving workshops at conferences compared to previous ones? You’ve, you’ve done
Speaker 4 (00:18:50):
Well, this, this was my first workshop and it went wonderfully. Um, I co-presented with Anthony Reimer from, uh, Calgary, um, and he, uh, I think he and I started working on these slides. Well, the outline that led to these slides in 2019, we, we were putting together ideas for a, you know, kind of a comprehensive auto package workshop for people, not only to use auto package and the basics of running recipes, but understanding the whole thing, the whole comprehensive workflow, and even creating recipes, um, using Recipe Robot or from scratch or however you want it to do it. Um, and maybe even creating custom processors, you know, some of the more advanced topics that we hadn’t really gotten a chance to, to touch on before. So obviously in 2019, uh, 2020, you know, things con in-person conferences started shutting down, and we really felt like this was a workshop that would work best in person.
Speaker 4 (00:19:48):
So I was so happy, uh, that P S U was, uh, was in person this year. And so we took that opportunity and I think there were about 90 people attending, and it went wonderfully. Um, it was a full day, so we talked for six hours, and we, we were a little bit concerned that either we wouldn’t have that much to talk about, and that we would have to fill space, or we, we would go over and wouldn’t, people wouldn’t have hands on time. But actually I think it worked out perfectly. We, we stopped at a few points and let people drill into the ideas that we just presented. And then towards the end, we only ended up skipping a couple slides that weren’t really that important. So, yeah, I think it went really well. And credit to Anthony, he, he’s really, um, pedagogically, uh, impressive. I think that it takes a certain set of, um, experience to, to be able to know how to put learnings together in a way that’s gonna work and click for people’s different brains, uh, consistently. And, and I think he did that really well.
Speaker 3 (00:20:47):
Yeah. The, the information alone is, is not enough to, you know, impart that information onto other people. And, and yes, six, six hours is a, a long time. I think, you know, people are saying, you know, anything over 45 minutes remotely, and you will lose people. And it’s a real struggle to try and maintain that, and you need to break things up. And I, I can’t imagine what trying to deliver that duration of content remotely would, would be like, um, yeah. But yeah, the, the idea, I think
Speaker 4 (00:21:18):
Having two of us present helped a lot, um, mm-hmm. , we didn’t have to shoulder, like, one person didn’t have to talk for six hours. So it, I think it, it worked out pretty well. Were
Speaker 3 (00:21:28):
Were you a good cop, or were you bad cop?
Speaker 4 (00:21:30):
? I, yeah, I don’t know. I think we, I think we changed, uh, we took turns. Yeah,
Speaker 2 (00:21:37):
That’s a good spot to be in.
Speaker 4 (00:21:38):
But yeah, it was, it was really great to see. I think the see people kind of click with that material, and I’m, I’m thinking we might have an opportunity to kind of break it into chunks and, and kind of ent it to specific target audiences in the future, um, if there’s interest in that. But yeah, it was some of the stuff that I, that, that we included, uh, I hadn’t really seen, talked about too much elsewhere. I mean, it, it, other than the auto package channel in Mac admin Slack, like that, every, every subject about auto package is talked about there. But I think presenting it from a, like a, a demonstration perspective, like, you can also do this, and here’s how, um, was an itch that needed scratching. So I’m, I’m hoping that we did.
Speaker 2 (00:22:23):
Awesome. Yeah. So the thing that had us reach out, uh, was Escrow Buddy and Escrow Buddy is a new piece of software that you’ve produced, uh, with your team. Uh, do you mind taking us through what, what, what it does, how it should be used, and how we can think about it?
Speaker 4 (00:22:40):
Yeah, I, uh, I’m, I’m very excited about Escrow Buddy, and I was so happy to be able to kind of fill a gap that I perceived, uh, in, in the File vault ecosystem. So basically at every place that I’ve ever worked, we’ve, we’ve needed to solve for Max that encrypted. Um, but which encryption keys were not escrowed to M D M for whatever reason. Maybe they were enrolled to a different M D M and they’re getting migrated. Maybe they were encrypted before enrollment. Many different reasons exist, but for, for whatever reason, we don’t have their file vault recovery keys. Um, the way you solved that situation is either with the previous, uh, recovery key, which you may not have as the administrator or with the File vault authorized user password. And the previous solution to this is just to prompt the user for their password and then pipe that to F D E setup, change recovery dash personal, and that will, uh, do the needful and create a new file vault recovery key.
Speaker 4 (00:23:43):
And if the correct profile is present, it will automatically get escrowed to M D M. So that’s, that’s basically all we’re doing. We’re just wrapping the f d setup call that makes that happen. But the previous solution would prompt the user for their password, which would build kind of a questionable security culture, like of mm-hmm. yet another, uh, confirmation or, or, you know, password prompt that you just kind of had to take on faith that your IT team knew what they were doing, and it didn’t look like any of these other prompts that you were getting because it was displayed through Apple Script or Swift Dialogue or one of these other tools. Um, you know, it, it was never quite native. And even if it was native, it still wouldn’t have been really great security culture to nag your users for, uh, their passwords.
Speaker 4 (00:24:29):
So as, as we looked to solve the same problem for Netflix, one of my colleagues, Johnny Ramos, um, mentioned that he had really good previous experience with Crypt, and I had heard of Crypt. I had never, uh, used it myself, but I kind of knew the gist of it. But what I didn’t know about Crypt was that the agent included as of 2017 and on, um, an authorization plugin, which means that it can link into the login window and use that, uh, user password that they provide during login for other things. And for example, Jamf Connect and X creds use use, um, this same technology to like federate to an I D P, um, mm-hmm. and Crypt uses this, JumpCloud does as well for the rest Yeah. In JumpCloud. Yeah. So there’s many different ways to kind of, uh, you know, for, for lack of a better word, hijack the login window and and use it for, you know, use that power for good, hopefully.
Speaker 4 (00:25:28):
Yeah. Um, so re escrowing file Vault Keys is one of those things that it can be used for, and Crypt did that. So I was like, great, let’s just start using Crypt. But, uh, in the end, we, we decided we didn’t, we, we were pretty happy with M D M Escrow. We didn’t want to spin up our whole, you know, a whole other escrow server, even though Crypt is an excellent solution for that. And I would definitely recommend people take a look at Crypt if, if they want, uh, an md uh, a file vault recovery key, or any key escrow solution, uh, with some really cool advanced features like audit trails and logging and, uh, web access and, you know, granting people requests when they ask for the key and that kind of thing. Um, so it’s a cool tool, but we did personally didn’t need those features.
Speaker 4 (00:26:11):
We were pretty happy Escrowing to M D M, so we just wanted a wrapper for f d a FD setup at the login window. So we kind of took Crips inspiration and made a minimal kind of laser focused product that just does that one thing. And the beauty of it is that we’re actually not handling the credentials. We’re not Yep. Uh, we’re not storing anything anywhere. We’re not creating the key or escrowing the key ourselves. We’re relying on Apple’s first party, everything, first party login window, first party FD setup tool, first party M D m profile that escrows to their M D M, uh, using the, the M D M spec. We don’t have to do anything custom. So yeah, that’s, that’s really all, all it is. It’s just a, a, an authorization plugin that you can deploy. And then at the next login for any Macs that are properly configured, it will, uh, use, use that f d setup command to generate a new key, which will automatically get escrowed behind the scene to your, to your M D M of choice.
Speaker 2 (00:27:12):
Awesome. That’s spectacular. And I noticed, you know, from the open source repo that it’s stored in, um, you know, that it’s part of the Edmonds project, uh, the Maced men’s Open source project. Uh, so what was that process like in terms of getting the binary signed and, and going through that process?
Speaker 4 (00:27:29):
Yeah, I, I love that the Mac Edmonds open source, uh, team and Nate Walk specifically was from the beginning very open to my suggestion that maybe this was the correct destination for this tool. Mm-hmm. and I, I really felt like, you know, Netflix could sign the, the tool with our own signing certificate. We could host it on our own GitHub, that would all be fine. But in terms of the spirit of the community and ongoing maintenance and how easy it would be to, to automate all of that, the Mac admins, uh, open source organization already figured that out for tools like Nudge and the signed and Notarized Monkey builds that they’ve recently made available. Um, so there was kind of prior art that demonstrated that this was probably the right path to go. So I went to my friends on the legal team and on the security team at, at Netflix, um, you know, and, and kind of made a case for why this was the right thing for us to do, not only for our for for us, but for the, the broader industry and to kind of uplevel the, the whole security industry for, uh, people who manage Max with M D M.
Speaker 4 (00:28:35):
And, you know, the in, in the end, the, there were some questioning back and forth, but in the end it was, uh, not a hard sell. I think everybody really bought into that vision. And, um, my, you know, my, my client systems engineering team and, uh, the MAC admins Open Source team collaborated to say, okay, you know, what do you want the repo to be called? And, uh, you know, what, how do you, how do you do the notarization and package build and signing and all that? And we worked out all those details. Um, I built a GitHub actions workflow and, you know, it failed 80 times and then it succeeded the 81st time and yay, we’re done. . That’s always my experience with, you know, with building those types of workflows. But yeah, in the, in the end, um, uh, I, I think the result now is that if we release a new version of Escrow Buddy, uh, and, and merge any changes into the main branch, a new signed, uh, and notarized package will be created by GitHub actions that we can simply download and post to a new release if we choose.
Speaker 4 (00:29:35):
And someday it might be nice to automatically, uh, post that release. I know that is also possible mm-hmm. with GitHub, but we just haven’t, uh, taken that step yet. But yeah, the, the Mac admins Open Source, uh, organization was a very, uh, warm and, and, uh, fitting home, I think for Escrow Buddy, and I’m really happy that it’s hosted there.
Speaker 2 (00:29:57):
That’s awesome. And if you wanna learn more about the Maced Admins open source panel, um, there, uh, just recently posted a video of, uh, the folks from the MCAD Admins Foundation and the Maced Admins Open Source project. Uh, and we’ll have that link here in the show notes for you as well. So, um, that one will be, uh, you know, a great session to watch. So, um, that’s spectacular. Um, as we jump into, you know, the rest of things, so one of the questions that I had was, most MDMs have an escrow function built into some endpoint someplace. Uh, you know, why did you go down the direction of, of, uh, you know, making this more universal and tying this directly into the login window?
Speaker 4 (00:30:38):
Yeah, I, I think because the way that most M d M administrators have solved this problem, um, has been to prompt their users for their password. And many MDMs do that as their first party solution to this, to this problem. Um, our M D M doesn’t necessarily do that, but they, they don’t, it’s, it’s like a, a script, like everything else, like a community script that you can download mm-hmm. and run if, if needed. Um, but as far as I could tell, cry was the only solution that was actually leveraging the login window to avoid additional password prompts for the users. So really the, the new direction that we wanted to go was to get more M d M administrators to do that, like what Crypt was doing, but not to, you know, to, to make it as simple as possible so that they don’t have to administer the other parts of cryp that they maybe don’t need or require in their organization.
Speaker 4 (00:31:32):
Yeah. Um, so the, the beautiful thing I think about Escrow Buddy, is that it’s actually not going its own direction in terms of what Apple has kind of recommended or implied as a recommendation, um, through authorization plugins. You know, the, the, it’s using the, the login window as the standard interface, which everybody is already used to. Um, it’s using F D E setup, which is the, you know, the standard way of, of command line way to interact with FO Vault. And it’s using the, um, F D E, I wanna say it’s called F D E Recovery Key Escrow, payload for M D M. Uh, that’s, you know, the stock Apple way of Escrowing keys, uh, T M D M. So the only thing we’re doing that’s, that’s special is not prompting for people’s password, it’s just using the login window. Um, we’re doing a couple checks behind the scenes too, to make sure that the mdm mm-hmm. profile is all set up and, you know, make sure that, uh, everything looks good. But for the most part, it’s all first party stuff, which is, is great and hope, hopefully that means that it’s, uh, somewhat future proof, you know, who knows what’s gonna come in the next version of Mac oss, but I’m hoping that authorization plugins are not, um, gonna disappear overnight.
Speaker 3 (00:32:43):
I, I, I really love the approach to it, as you’ve said, not prompting the user for, for authentication. When we see so much, um, these days with the changes, apple have rung in for very sensible reasons and secure reasons of placing a lot more of the, I dunno if burden is the right word, but the responsibility and an effort on the user, whether it’s, um, you know, for volume ownership, um, um, and, um, T C C prompts, those sorts of things where there’s interaction required from the end user and more often than not, um, uh, missing or an incorrectly escrowed fall vault key, um, you know, is, is is not always something that’s direct misadventure by the user. It’s probably more circumstance, um, decisions that have been made. You know, planets not aligning that, that things get out of whack. And then to expect a user to have to resolve that, um, you know, is, is just another thing that they’re going to decide not to do or not want to do, or ignore or get rid of or complain and have that friction with the IT department of that. Isn’t this your job? And so to be able to achieve that and go, well, yes, it actually is our job to sort this out, and so we can do this, um, and just piggyback along to, you know, a reboot or a login and, you know, uh, a problem that they’re not going to know about until they’re in a position where they need their file vault key, um, can just be remediated in the background without them ever knowing that their machine had this problem or needed to be remediated. So, exactly.
Speaker 4 (00:34:23):
I mean, I, I, I, I think the worst case scenario is if somebody gets locked out of their Mac and we don’t have their file vault key, and they potentially have to erase the Mac and start over and they lose that data, you know, that’s maybe the worst case scenario. But a very close second is nobody loses data, nobody gets locked out, but we prompt, you know, 4,000 people for passwords that we didn’t actually need to prompt them for. And they start to learn that entering passwords is just a normal part of working at this company, and they start to enter passwords in maybe less reputable places, and eventually get some malware that, you know, results in some real damage to the company. That’s maybe number one, maybe close number two, but not a good situation. So this allows us to avoid all of those risks.
Speaker 1 (00:35:09):
So
Speaker 3 (00:35:10):
Absolutely,
Speaker 1 (00:35:12):
This week’s episode of the Mac Admins podcast is also brought to you by Collide. Our sponsor, collide has some big news. If you are an Okta user, they can get your entire fleet to a hundred percent compliance. How if a device isn’t compliant, the user can’t log into your cloud apps until they’ve fixed the problem. It’s that simple. Collide patches one of the major holes in zero trust device compliance without Collide. It struggles to solve basic problems like keeping everyone’s OSS and browser up to date. Unsecured devices are logging into your company’s apps because there’s nothing to stop them. Collide is the only device trust solution that enforces compliance as part of authentication, and it’s built to work seamlessly with Okta. The moment collides agent detects a problem, it alerts the user and gives them instructions to fix it. If they don’t fix the problem within a set time, they’re blocked. Collides method means fewer support tickets, less frustration, and most importantly, a hundred percent fleet compliance. Visit collide.com/mac admins podcast to learn more or book a demo. That’s K O L I d.com/mac admins podcast. Thanks to collide for sponsoring this episode of the Mac Admins Podcast.
Speaker 3 (00:36:38):
So, file Vault is a complicated topic. Um, so what’s, what’s something that you learned about how it was implemented when you were sort of going down this rabbit hole for, for escrow, buddy?
Speaker 4 (00:36:48):
I, it’s been a, a learning journey for sure, and I’m not done. I, I’m not an expert in file vault by any means. Um, I, I think that one of the favorite things that I learned was, um, the, there’s actually a C M SS encrypted envelope that is stored with the actual key in a DAT file. It’s a, a var db file vault PRK dot, when the key is generated. And then that file itself gets sent up to the M D M, uh, when the time comes for the security info command to be responded to. And the timing of when that happens depends on which M D M vendor you have, but generally it’s, it’s kind of aligned with the inventory update process or something like that. Um, and, but even after the key is escrow, that that file remains on disk. So one of my favorite learnings, uh, that some, some very smart folks helped me out with in the Mac Edmond Slack community, uh, was that you can use open s s L to inspect what the name, what the common name of the certificate that signed that c m s envelope was, and generally, you know, use that to co-relate, was this escrowed by my company, or was this escrowed by a different company?
Speaker 4 (00:38:05):
Or maybe a different M D M that we used to use. I haven’t really put that into practical use yet, but there’s some, there’s some thinking that if you, you know, if you can match that, uh, common name against what’s expected, and if it doesn’t match, then maybe just automatically issue a new recovery key at next login without even having to ask the M D m whether you have it or not. Um, and there’s some other theories that if you have, somehow you’re able to securely store the private key, that encrypted that, uh, that, that key on behalf of the M D M, that you could actually open up that envelope and inspect what key is inside and verify that it is in fact the correct key and that it’s still escrowed safely. Um, again, I haven’t actually done anything with that practically, but I thought that’s, that’s fascinating. Like the, the whole yeah. Cryptography of how this all works and the timing of what things talk to each other when there are some very smart people at Apple that designed this process to make it as, you know, as foolproof and scalable as possible. And I’m just kind of learning about some of the tidbits on the edges of that to make it useful for, uh, for Mac admins who wanna automate things.
Speaker 2 (00:39:16):
That’s awesome. ’cause I mean, Fireball’s such a complicated, you know, thing. And I think that obviously the people that are, that are out there, who really knows how it works, and of course, rich Trouten, um, you know, those are, uh, you know, the, the, those are the people who that that, that we really turn to in moments like this, where it’s just like, Hey, let’s go deep on this knowledge and, you know, really understand something about the environment that that’s a little bit different, gives you some really interesting ways of, of looking at things here.
Speaker 4 (00:39:41):
That’s, that’s a good call out. Uh, rich, we should definitely, uh, give Rich some kudos because I, you know, I, I didn’t, I didn’t reference him specifically for this project, but I wouldn’t have known about F D E setup and I wouldn’t have known about escrow, and I wouldn’t have known about all these other features of Fall Vault if I hadn’t been reading Dare Flounder for the last, you know, 10 or 15 years Yeah. To pick up on all the, all the changes that happen every, you know, every new OSS release. So I take that, that knowledge that I’ve built up as kind of automatic now, but honestly, I owe Rich a lot of that, and I’m, I’m thankful that he’s continuing to, to blog about those, uh, changes.
Speaker 2 (00:40:15):
A hundred percent Escrow Buddy’s not your first rodeo. Um, you’ve been through shipping some stuff, uh, in before. Tell me a little bit more about Recipe Robot.
Speaker 4 (00:40:24):
Yeah, recipe Robot is an automated way to create auto package recipes. It is, uh, it is my quintessential automation tool to automate automation for automators, ,
Speaker 2 (00:40:38):
.
Speaker 4 (00:40:39):
It’s, it’s like, it’s three levels deep into the automation. I think it’s, it gets more and more fun the more levels you go. But yeah, it’s, it’s basically, say you have an app and you don’t have an auto package recipe for that app. You’ve searched on GitHub, you’ve searched the auto package organization on GitHub, and you don’t see anyone else that has built an auto package recipe for that app. In theory, if it’s a relatively simple, straightforward Mac app, you can provide that app as input or a download U r l to that app, or a Sparkle Feed for that app, or any number of other things. Uh, provide that as input to Recipe Robot and Recipe Robot will create a, a, a whole chain of recipes based on that input. And if everything goes well, if all the planets align, then you’ll end up with, uh, a chain of recipes that you can run in your own environment to import that app, uh, new versions that app into, say, monkey or Jamf or just build a package or whatever you wanna do with, uh, with Auto Package.
Speaker 3 (00:41:40):
And speaking of auto package, um, you’ve also been involved with auto packager over the years, right?
Speaker 4 (00:41:47):
Yes. I was on the team who initially created Auto Packager as a kind of a hackathon entry, uh, back in, I wanna say 2015, um, at one of those, uh, Mac Brain events in, in San Francisco. Um, I, you know, the, the, the project was created in objective C for the most part, and I do not claim to know any objective c um, but I know enough about code to know when to move things around and how to, you know, how to tra trace bugs and things like that. So I think I, I just ended up kind of volunteering to be the chief tester documenter and question answerer, uh, on, on auto packager for many years, um, especially while I was, so what you’re
Speaker 2 (00:42:31):
Saying is you’re a product manager?
Speaker 4 (00:42:33):
I, I guess I, I don’t know, , I’ve never, I’ve never really had that title, but yeah, I’ll take it. Um, I just, when, when I was at the Lindy group, I was just really excited that so many people were using a tool that we created, and I still have a soft spot for that app. I, I hope that somebody gives it some love someday, but unfortunately, I’m not the person who can do that. Uh, and I, I think it, you know, it’s either gonna need somebody who, uh, is really familiar with Objective C to really dive back in and, and help it modernize, or somebody to, for example, rewrite it in Swift or something like that. Um, but yeah, I, I really enjoyed being, uh, associated with that for so long, and it really helped me, uh, learn the community and learn, uh, my way around conferences and, you know, kind of technical areas and learn to, uh, get really good at auto package. Honestly, it was a, a gateway to the command line auto package tool for me, and really led me deep into that, uh, world. And I I love that.
Speaker 3 (00:43:35):
So, so I think what you’re trying to say, the, the words you are looking for is, Hey, Mindy Gill, I don’t think you could get auto packager working in Swift and the way NDI works, maybe 30 minutes later it’ll show up in a repo somewhere. Um,
Speaker 4 (00:43:51):
Yep. We’ll, we’ll see
Speaker 3 (00:43:52):
If that, that’s how, that’s how software development works, isn’t it?
Speaker 4 (00:43:55):
We’ll see if that’s a successful nerd. Snipe .
Speaker 2 (00:43:58):
I, I mean, the other person that you might ask is Joel Rennick. Yes. I mean, I, I think that is also, you know, he, some of those things are catnip. He’s a little busy right now. I’ve kept him very busy at JumpCloud. Uh, but, uh, you know, I was gonna say, there are a couple of things he’s working on.
Speaker 4 (00:44:12):
So, yeah, and I know that, uh, Sean Hansberger, who has been on on the podcast before, um, is still, you know, I’m, I’m sure would still love a collaborator to help, uh, modernize auto packager. Um, I, I hope I’m not overstepping by by saying that, but I think, uh, you know, I would love to see that the app be resurrected and, and improved and kind of meet the modern needs of auto package users.
Speaker 2 (00:44:36):
That would be awesome. So the Netflix team that you’re on, you know, you guys also have like a user-focused security team, and you have a project called Stethoscope. Can you tell us a little bit more about how works
Speaker 4 (00:44:49):
Yeah, that’s kind of a sister team to mine. That’s the Netflix, uh, user-focused security team, um, introduced Stethoscope, uh, a few years ago. And the, the gist is, it is a, a kind of a recommendation engine for, uh, settings that users are not enforced to, to set, but are recommended to based on their, on their use case or, you know, their, their role in the company or, or, uh, or whatnot. And, uh, for a long time, Netflix didn’t really, uh, subscribed to the heavily centralized endpoint management model that most companies have kind of been forced to, uh, go to nowadays. And this was a big part of that. This, this allowed us to, and this was before my time, but it allowed them to, uh, kind of lightly manage devices that were basically consumer off the shelf devices, managed, self-managed by the users themselves. And Stethoscope was a, a menu bar app that, uh, and, and a, and a full, uh, native app as well that made recommendations about, Hey, you should really turn on encryption, you should turn on a firewall, you should update to this OSS version, um, et cetera.
Speaker 4 (00:46:04):
And it was really great about giving context about why each of those recommendations were being made. Um, much like Collide actually is, is kind of mm-hmm. a similar philosophy of giving users context, uh, rather than just simply exercising control over their devices without them necessarily understanding why that control is being wielded. So it was a super useful tool, and it, it did actually have a, uh, multiple lifetimes, it kind of evolved into a web interface and still lives on, uh, today as kind of a, a, a central, uh, place that people can reference how their security posture is not only for the devices, but for, um, apps that they maintain internally. Um, so yeah, it was definitely a, a, a groundbreaking tool. And I remember watching from, uh, where I was at the time and thinking, well, that’s a really cool idea, and I, I wonder if I, you know, if I can use this at my client or use this at where I, where I am now.
Speaker 4 (00:47:01):
Um, so it’s really, it’s very satisfying to kind of come full circle and be now on the inside of the, the people who, you know, came up with that, that idea. Um, I’ve got a lot of really, uh, great colleagues now who are, are, are very smart and have, uh, great ideas like this. We are being forced now into the more modern world of centralized management. But I think because of our, um, history with tools like Stethoscope, we’re kind of trying to do it in a context driven way and, and make sure that we’re leading users into the new world of centralized management with, uh, information and context around why we’re doing the things that we’re doing, rather than just all of a sudden checking a few boxes on the compliance sheet. You know, and I think that has really influenced our, uh, our philosophy in a, in a good way.
Speaker 2 (00:47:55):
I think that’s awesome. You know, you spoke a little bit about the author, the authorization database earlier, and it’s funny because I’ve been having to do a lot of work there myself. Um, you know, as we do testing on Macco Sonoma and things along those lines, when, you know, maybe something goes wrong with Jump Cloud’s login window, I’ve gotta dive into the, uh, security authorization DB command and, and go nuts and, and, you know, edit the actual, you know, X M L that goes into the, that kind of stuff. You know, your latest blog post is about messing around with that, you know, authorization database, and it’s also illustrated in a more general way than just relating to escrow, buddy. Has it been a lot of fun to kind of like go tinkering into some of those deep internals within the, uh, the oss?
Speaker 4 (00:48:39):
Yeah, I guess, I guess that depends on how one defines fun, but yeah, I find that kind of thing,
Speaker 2 (00:48:44):
Uh, fun. I mean, look at your audience, Elliot. Yeah. You know, we’re all a little bit, uh, you know, esoteric here, and, and we, we, we may consider, you know, monkeying around in the authorization D B A to be fun.
Speaker 4 (00:48:55):
Yes. I, I totally hear that. , this is a post I had been working on for, uh, since June, and I just kind of poking around and it just never felt a hundred percent done, uh, until yesterday. I, on a whim, I just kind of reached out to some, some trusted colleagues in the MAC admins community and said, Hey, here’s a preview. What did I miss? You know, can, can somebody give a second pair of eyes to see, uh, whether this makes sense? And I got a lot of really great feedback, um, from, from various people that gave me the confidence that I needed to finally click the post button and make it real. So, yeah, it, it’s basically the, it, it’s the, the post install script for escrow buddy that actually puts it into the authorization database, but generalized out such that it hopefully is useful to, uh, people who deploy other tools, like, for example, cry or, uh, the, the JumpCloud agent or, uh, Jamf Connect or any number of other things that require entries in the, in the Mac OSS authorization database. And hopefully that makes, makes it a little bit easier for people who don’t want to deploy a Python framework just for this purpose. It’s all in Shell and it’s, it’s, I tried to make functions that are reusable, uh, so that people don’t have to go into, you know, the dependency nightmare of which, which Python modules are you gonna deploy and which version of Python and all that stuff. Uh, it’s, it is totally Shell based, which I think was a, a, an approach that I hadn’t seen already tackled. So that was my, uh, contribution.
Speaker 3 (00:50:30):
So that is a fair amount of open source contribution. So what is the coolest thing you’ve seen happen to something you did after you let it out in the wild, where someone’s taken those, those modules or things you’ve done and then had at it?
Speaker 4 (00:50:47):
Yeah, I mean, to be honest, I just, I love when people come up to me at a conference and say that a tool that I wrote or helped, uh, open source saved them lots of time and, and that they’re able to spend more time with their family or more time digging into other geeky things that they wanna do, or more time fishing or whatever they want. You know, like I just, I love
Speaker 3 (00:51:06):
The more time having fun in the authorization db
Speaker 4 (00:51:09):
Exactly. Writing blog posts about esoteric topics like that. Yeah, exactly. Um, and I never thought there would be demand to speak to audience audiences in places like London and Vancouver about things that are like meta levels of automation. I, I just think that’s such a really cool opportunity that I’ve, uh, been given. So I’m, I’m, uh, very humbled and grateful to all of the open source, uh, family whose shoulders we all stand on, uh, and hopefully can contribute our own, uh, moments of, uh, inspiration
Speaker 2 (00:51:45):
Here at the m Admins podcast. We wanna say a special thank you to all of our Patreon backers. The following people are to be recognized for their incredible generosity. Ubca. Thank you. Adam Selby. Thank you. Nate Walk. Thank you. Michael Sy. Thank you Rick Goody. Thank you. Mike Boylan. You know it. Thank you. Uh, Melvin Vives. Thank you. W Bill Stites. Thank you. Anus. Orville, thank you. Jeffrey Compton, m Marsh, Stu McDonald, Hamlin Cruin, Adam Berg. Thank you. AJ Reka. Thank you. James. Traci, Tim per of two canoes. Thank you. Nate Sinal, will O’Neill, Seb Nash, the folks at Command Control Power, Stephen Weinstein, chat, Swarthout, Daniel McLaughlin, Justin Holt, will Smith and Weldon do Thank you all so much and remember that you can back us if you just saw head out, out to patreon.com/m ADM podcast. Thanks everybody.
Speaker 2 (00:52:41):
Well, Elliot, thank you so much for joining us this week and talking about Escrow Buddy and all of the other incredible work that you’ve done in the open source community here for Edmonds. Thank you, uh, on behalf of m admins everywhere, as someone who’s benefited immensely, uh, you know, from the work that you’ve done. Thank you. Before I let you go, we gotta dive in on a question here. And, you know, it doesn’t have to be a Netflix show, but if you wanted it to be, it could, uh, what TV show best shows the reality of good IT departments out there? Or are there any, ’cause I struggle with this. This is one that I, I, I struggle with.
Speaker 4 (00:53:12):
I don’t have a prepared answer for this because I
Speaker 2 (00:53:18):
Takes it, take a minute and
Speaker 3 (00:53:19):
Think it’s, well, how about Tom? I’ll, I’ll, I’ll let you go first, Tom. ’cause I’m worried that I’m, might well use your, your example. I’ll let, given you wrote the question . I,
Speaker 2 (00:53:27):
I think I mostly have, I think I mostly have examples of where it doesn’t do this very well. Uh, I mean, obviously Saturday Night Lives Nick Burns skit is, is, is a classic for a reason. Because you know that we’ve all seen those IT folks, and of course, here I’m talking about, you know, um, you know, the, the, the stereotype of, you know, move, get out the way I want to, you know, you’re so dumb. Those kind of things. I hate those kind of, you know, spots. Um, and of course it’s what Jimmy Fallon, right? Like, I mean, nobody does annoying better than he does. Um, but, you know, I I don’t think there are a lot of really great depictions of, of it departments in a positive sense. Um, and, you know, I struggle here, although I will, you know, push, you know, push back and say that, um, you know, the, the best honorary TV it person is Josh Molina, uh, in Sports Night, um, who fixes everybody’s computer. So, um, he’s the producer on the show. Um, but, you know, he definitely gets a, a, a solid shout out from, from me there. But I, I still, I’m still waiting for the really good IT department show. I think that, you know, we see a lot of like zoom and enhance, uh, from, uh, you know, from the television, you know, from the crime dramas and things along those lines, things that aren’t quite possible. But
Speaker 4 (00:54:41):
Marcus, I, I’ve got an answer.
Speaker 2 (00:54:42):
Oh, you’ve got an answer, Elliot. I do dive in. I, yeah,
Speaker 4 (00:54:44):
I, I admittedly, this is not a show that I myself have watched, but I heard good things from some colleagues about extraordinary attorney. Woo. Um, specifically, there is an episode, uh, during which a spearfishing attack gets some, uh, prominence. And the way that the spearfishing is described in the courtroom is surprisingly accurate and kind of refreshingly. So, and I, I think my security colleagues were, uh, spreading a clip around, uh, of, of that, uh, segment that, and kind of giving it a, a light thumbs up, uh, for accuracy. Um, I was gonna say like something like Mr. Robot, because it is accurate, but I wouldn’t say that’s good. It, I would say that’s, uh, maybe the reality of some dysfunctional IT work, uh, in a dystopian, fictional, hopefully universe .
Speaker 2 (00:55:37):
It’s, it’s really solid. I was gonna say the, the, the number of times where, you know, they’re actually, I, I watch what they’re typing on the screen and it’s actually correct. Um, that doesn’t happen very often in television. I television it is, is frequently, I, I suppose it, the television, you know, the, the television lawyers and the television doctors are, are just as much shaking their head, you know, or the, or the people are who are in those professions are actually, you know, less enthused. But yeah, Mr. Robot was excellent. I strongly recommend folks find that. I know that that’s, that’s out on the various streaming services. Marcus, how about you?
Speaker 3 (00:56:08):
So there, there’s an Australian TV show called Utopia. So not to be confused with the, with the other shows called Utopia, that’s about bureaucracy in government. Um, and if you look carefully, they’re all using Macs, which is unusable usual, because here in Australia, you don’t see a lot of Macs in government. And, you know, I, I wouldn’t necessarily say it’s a good depiction of, um, best practice in it, but in terms of being a good depiction of the realities of it, um, I’d just been having a discussion with my boss at the time. I think this was probably 2015, about Key Chain. And then that night on Utopia, they’re complaining about getting prompted for key chain problems on their computers. And that’s not something you expect to hear on, on television. But, you know, because I always like to provide two answers, I’m gonna say, and, and this is why I checked with you, Tom, because I’m, I’m going to cast this a little bit wider.
Speaker 3 (00:57:02):
And when we’re talking about a good IT department, um, a good IT department, but not depicted as an IT department, and I’m gonna talk about the BEAR season two and substitute kitchen for IT department. And Tom is vigorously pointing at the camera at the moment ’cause he knows exactly where I’m going. So seeing there’s an episode, let’s just say it’s the episode after the Christmas episode, um, which is probably a, imagine that as being a bad workplace that’s like a bad family. And then the next episode where it was talking about serving people and giving people a really good experience and then seeing the way that came back into, um, their own environment they were creating. And I think if, and I know that’s something that really resonated with you, Tom, this idea of, um, you know, and this sort of, you know, loops nicely around to escrow buddy, this idea that we can provide people an amazing experience without them even knowing that they’re getting provided with an amazing, amazing experience so they can get on with enjoying what they’re doing. And I, I think if mm-hmm. , if more IT departments took that approach of, you know, Michelin starred restaurants and fewer IT departments took the approach of the drunken destructive family, um, you know, it’d be a, it’d be a better place.
Speaker 2 (00:58:33):
I a hundred percent agree.
Speaker 4 (00:58:34):
You have the, the signature of good IT and security is sometimes being invisible and, and staying out of your way. So in that sense, every show on TV that doesn’t feature it is the sign of a good IT department behind the scenes .
Speaker 2 (00:58:48):
I love that. And, you know, I’ll just say that, you know, season two of the Bear was the best season of TED Lasso, um, that we didn’t get. And you know, we think about the kind of, you know, teamwork and the kind of building up your colleagues and building up your people. Um, you know, conversations episode three, episode four, and of course episode seven, which Marcus mentioned called Forks, um, are absolutely investments in each other. And the investments that we take, the, the, the, the moments that we, uh, you know, choose to put someone else into a position where they can do greater good, where they can be, you know, nominated for a scholarship, nominated for a training, uh, opportunity to be, you know, into a place where they are, you know, challenged and can move themselves up. I love that dream for people. And the way in which we get that on TV and the way in which we tell stories where we build each other up is a huge sign of, you know, communal strength that I think we are seeing on TV that we haven’t seen for a long time. We got a long, we got a long period of time where we got shows about anti-heroes, where we got shows about people who were being destructive we’re interesting, but destructive. And I really appreciate the moments that we are seeing on television now where we are building each other up and believing in each other and skilling up and making that out of interesting people is, uh, you know, a real joy. Absolutely. Uh, Elliot, if, uh, folks want to learn more about Escrow, buddy, I, I understand you’ve got another conference talk coming up.
Speaker 4 (01:00:22):
Yes. I’ll be at the Jamf Nation user conference in September, uh, 2023. So if you’re gonna be in Austin, please come see my session.
Speaker 2 (01:00:31):
Absolutely. And I was gonna say, that’ll be spectacular to, to see. So, uh, if folks are looking to follow you on the Internets, where should they go? Look,
Speaker 4 (01:00:38):
Uh, you can always go to elliot jordan.com. Uh, that’s where I occasionally post, uh, my, my various tidbits from my Mac journey. Um, I have various other social media stuff too, but honestly, I think just elliot jordan.com should cover everything that’s important.
Speaker 2 (01:00:56):
Amazing. Thank you so much for joining us, friend. It was a great pleasure to talk
Speaker 4 (01:01:00):
With you. Thank you, Tom, and thank you, Marcus. It’s been wonderful.
Speaker 2 (01:01:04):
And of course, thanks to our wonderful sponsors, that’s Conge Collide and Simple. M d m, uh, and to everybody who backs us on Patreon, a huge thumbs
Speaker 3 (01:01:12):
Up. Thank you, friends.
Speaker 2 (01:01:13):
Um, and I think that’s it for this week. Marcus, do we have any other news
Speaker 3 (01:01:17):
Or action? No, I think, think that’s, I think that’s it for the moment. So yeah, that’s it. Thanks for listening, everyone, and we’ll see you next time.
Speaker 2 (01:01:25):
See you next time.
Speaker 2 (01:01:34):
The Mcad Mins podcast is a production of Mcad Admins podcast, L l c. Our producer is Tom Bridge. Our sound editor and mixing engineer is James Smith. Our theme music was produced by Adam Coga the first time he opened. GarageBand sponsorship for the Mcad Admins podcast is provided by the maced admins.org Slack, where you can join thousands of maced admins in a free Slack instance. Visit maced admins.org and also by techno missionary L l c. Technically we can help. For more information about this podcast and other broadcasts like it, please visit podcast dot mac admins.org. Since we’ve converted this podcast to a P F S, the funny metadata joke is at the end.
Listen
Sponsors:
Patreon Sponsors:
The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include:
Rick Goody, Mike Boylan, Melvin Vives, William (Bill) Stites, Anoush d’Orville, Jeffrey Compton, M.Marsh, Hamlin Krewson, Adam Burg, A.J. Potrebka, James Stracey, Timothy Perfitt, Nate Cinal, William O’Neal, Sebastian Nash, Command Control Power, Stephen Weinstein, Chad Swarthout, Daniel MacLaughlin, Justin Holt, William Smith, and Weldon Dodd
Event Name | Location | Dates | Format | Cost |
---|---|---|---|---|
XWorld | Melbourne, AUS | 30-31 March 2023 | TBA | TBA |
Event Name | Location | Dates | Cost |
---|---|---|---|
Houston Apple Admins | Saint Arnold Brewing Company | 5:30pm 4th March 2024 | Free |
Event Name | Location | Dates | Cost |
---|---|---|---|
London Apple Admins Pub | Online weekly (see #laa-pub in MacAdmins Slack for connection details), sometimes in-person | Most Thursdays at 17:00 BST (UTC+1), 19:00 BST when in-person | Free |
#ANZMac Channel Happy Hour | Online (see #anzmac in MacAdmins Slack for connection details) | Thursdays 5 p.m. AEST | Free |
#cascadia Channel Happy Hour | Online (see #cascadia channel in Mac Admins Slack) | Thursdays 4 p.m. PT (US) | Free |
Sponsor the Mac Admins Podcast:
If you’re interested in sponsoring the Mac Admins Podcast, please email sponsor@macadminspodcast.com for more information.
Social Media:
Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!