Episode 335: Just Us on Sonoma and iOS 17

Sonoma dropped this weekend, and while this episode will be about a week out, it’s worth talking about something we haven’t really touched on: how vendors define the guidance they give their customers.


Click here to read the transcript

Please note that this transcript was generated automatically

Speaker 2 (00:01:18):
Hello and welcome to the MCAD Men’s podcast. I’m your host Tom Bridge and I am not currently herding any yaks. I had the great pleasure of listening on my ride the other day, and I will say the yaks are in perfectly good health. The Tibetan hillsides are a little bit rough on their hubs though, so we are trying to figure out how to get them to the states because their hubs are very delicate and ungulates. If you got a hoof problem, it’s all over, but the crying,

Speaker 3 (00:01:47):

Speaker 2 (00:01:47):
It. It is wonderful to be back with you both. Marcus, how are you?

Speaker 4 (00:01:51):
I’m good, I’m good. So as we were mentioning beforehand, I’ve just been and had the state of my kidneys checked out and my kidneys are apparently doing, or my kidney is apparently doing okay. And so I’m going to celebrate the fact that there’s at least one part of my body I don’t need to worry about for the short to medium term.

Speaker 2 (00:02:13):
Alright, that’s

Speaker 4 (00:02:15):

Speaker 2 (00:02:15):
That’s spectacular news. Yeah.

Speaker 4 (00:02:17):
What about you, Charles? Are there any parts of your body that are causing grief at the moment?

Speaker 3 (00:02:24):
I mean, I’m getting old man, all of ’em.

Speaker 4 (00:02:26):
That’s exactly how I feel.

Speaker 3 (00:02:30):
But I do have to say it’s been cold and I sleep so good when it starts to get cold. It’s like the best part of living in the Midwest. You crack the window open a little bit and sleep so darn good. And my three D printers like it because there’s no humidity to mess up the filament or the resin according to which one I’m talking about. So I’ve got this job going that will hopefully net me some good results for maxis admin. No promises. And yeah, speaking of maxis admin, I’m sure that I will have some kidney issues afterwards, but we’ll cross that bridge when we get there.

Speaker 4 (00:03:19):
If I had a spare, I would lead you one to take over and supplement, but unfortunately the raid in my kidneys has degraded and I’m looking for a hot spare if anybody’s got one.

Speaker 3 (00:03:34):
And how about you, Tom? How are you?

Speaker 2 (00:03:36):
I’m pretty spectacular. Much like the weather has turned to fall here or excuse me, autumn, thank you. Here in Washington and Wilma Mary, I mean also, I mean it is the nose of the wet season. It is in fact wet here in DC today. I got out on the bicycle today and that was a much needed fall treat was to get up this morning and just feel the cold air go for a long bike ride. I did 23 miles out there today on the DC streets and most of it off street because we’ve invested heavily here in our off street bike lanes and it was great. I got to ride through Rock Creek Park, which is absolutely spectacular this time of year. And about another three weeks it’s going to be full of golds and reds and I’ll post some pictures I promise. But this is going on the, Hey, I got to get out there more often lists and I’m thrilled to do that kind of stuff, especially when

Speaker 3 (00:04:34):
There’s so snow.

Speaker 2 (00:04:35):
Well, that’s it, right? I mean, I was going to say we get longer falls now or longer Autumns now. Sorry, I’m going to keep doing that, but I think a lot about some of my time in northern California riding out in the worlds out there. I remember a couple of times going out riding with my dad one time. We did almost a metric century. I think we were at 65 miles or 98 kilometers up into winters and beyond to winters to the top of Yolo County right up

Speaker 3 (00:05:10):
From Davis.

Speaker 2 (00:05:11):
Yes, from Davis originally. And I think about the part of the world that I grew up in is this Central Valley farm country with a lot of rolling hills as you get into the vaca range and as you head west past Solano County and into Sonoma County. And so I was going to say, Charles, you have an incredible backstory written here and everyone needs to understand it because it hearkened back to my fourth grade history class, which in the state of California where I grew up, fourth grade history was California history. And so we learned a little bit of the mission era. We learned a little bit of the revolutionary period in between the end of the Spanish system, the Mexican system into the United States. And it is in fact, just nine days ago was admission day, September 9th, 1850 was the day in which the state of California was admitted to the union. I’m sure that everybody who is listening outside of the Western United States is hitting skip as fast as they possibly can right now. Like I just

Speaker 3 (00:06:23):
Don’t need interested, realistic,

Speaker 4 (00:06:24):
Maybe they all have

Speaker 3 (00:06:25):
Our own version possible of colonialism, and of course there’s that. But this is really the

Speaker 4 (00:06:32):
Origin story. So I suppose one way is we can say, so Sonoma, let us know what was the path that led to you becoming the latest operating system?

Speaker 3 (00:06:43):
Well, I’m sure that in the middle between where I leave off with this little quick writeup and where Apple picked it up, someone from Apple loved going to the vineyards in Sonoma. For those who haven’t been Sonoma’s like a more outdoorsy and accessible maybe version of Napa, it’s warmer. But there are rivers you can go kayaking on or canoeing, you can go horseback riding, you can go horseback riding between vineyards, which is a pretty rad experience for anyone who hasn’t done it. I’ve been to a couple weddings at vineyards in Sonoma County. It’s just beautiful up there. It can get hot, but it’s northern California and getting out into the desert a little bit. Since we love to start episodes with a little bit of a background story, let’s talk about Sonoma’s background. I would like to point out that the indigenous peoples of the area didn’t really write down their history. So this is therefore a pretty white person’s version of the history of Sonoma.

Speaker 2 (00:08:00):
But before we go there, I will say that the Sonoma Valley, which in prizes the Sonoma County was home to the Minok, Patwin, Pomo and WaPo peoples who were later displaced by settlers

Speaker 3 (00:08:15):
And they displaced other indigenous tribes because indigenous tribes had been settling there for 12,000 years. Just think about that 12,000 years. I mean I’m sure our French listeners are like, ah, whatever. But then the Spanish, English, and even Russians claim the territory around Sonoma here and there before the mission period began with Mission San Francisco Solano de Sonoma in 1823. And that was expanded when the Pueblo de Sonoma was established in 1835 by Lieutenant Mariano Vallejo and for those who have been on streets named after him. There you go. And he was doing that on orders from the governor at the time, governor Jose Figueroa. And for those who have been on Figueroa in the area, the various streets, it’s like the Peachtree in Atlanta. There’s nine or 10 of ’em just to confuse you. Peachtree place, Peachtree Place south, whatever. But yeah, Figueroa, same thing.

Speaker 3 (00:09:31):
And by the way, that Pueblo was founded on July 4th of all days, within nine years or 11 years. By 1846 that lieutenant had turned into a general and he got ran off during the bear flag revolt. For those who don’t know during the bear flag revolts a bunch of white people who had immigrated in from the former United States into the area ran po Pico. For those of you who have driven in Los Angeles, there’s Pico Boulevard all the way down to where the US just south of San Diego where the US and Mexico border to Baja, California is and strung up along that coast there were 21 missions and those missions had been how California was settled. Father Juan, if I said his name correctly, una Perro. Sarah. Yes, thank you. I did not take California history in fourth grade. I took Georgia history in fourth grade, which also was the white person’s version of history.

Speaker 3 (00:10:42):
But that’s aside from the point. So all these missions, the ones in Alto, California, the 21, which is now what we call California, became effectively United States, US territory. And there are a few in Alto or Baja California that stayed with Mexico, but they wanted to be a US territory. By the way. Fun fact, Paul Revere’s grandson, I think was the lieutenant who unquote freed Sonoma from the evil General Viejo. But then, and they probably would’ve stayed a territory for decades like some of the other territories that were in between them. However, in 1848, gold was found in Sutter’s Creek, which launched the 49 ERs, the 1849 ERs, not the football team or American football team for those of you who are listening from elsewhere. And that helps pave the way to statehood by 1850 fast track, kind of like Ukraine joining the eu. Eventually probably you

Speaker 2 (00:12:07):
Show up with a bunch of gold in your territory and suddenly you’re very much the resource that the United States needs

Speaker 3 (00:12:15):
Or grain in Ukraine’s case. But Sonoma is probably better known, like we mentioned earlier, for beautiful vineyards now boatloads of outdoor activities, people from San Francisco flock out there to go for a bike ride between six different vineyards. And if you’re me, pass out at one of them. But

Speaker 2 (00:12:41):
I mean the Russian River Valley is the best for the wines and that’s all county

Speaker 3 (00:12:49):
Is, if you like deep breads. And I do, which I am drinking a deep bread right now. That area is far better. I would argue there’s some pretty good ones as you get closer to the grapevine and la. But yeah, all up and down that area is wonderful, wonderful red wine grapes. Indeed. So it’s a beautiful place. If you get a chance to visit, I would recommend it. I’d almost recommend it over Napa. There’s less pretense. I’m not a fancy person and I don’t love the pretense when it comes up. I mean, listen to, I’m so fancy when the kid’s in the car, but that’s aside from the point anyways. It’s also a really clean operating system.

Speaker 4 (00:13:40):
Is the operating system like a good deep red that you need to let it decant for 30, 60, 90 days before did using, or

Speaker 3 (00:13:48):
I’m just going to say this, the last three OSS releases, I’ve had no problem compiling. So my code just works with the new thing out of the box. I’ve had no problem with almost any of my apps. It’s just been a very easy transition. And sometimes I’m poking around looking for where do I provide permissions to something. But apps have also gotten better at telling me where I do that. So let’s start there. Did you two have, I had zero apps. I’ll lead this off. That gave me problems in the new oss, a k, a Sonoma, because that’s why we were doing the history of Sonoma, right? Yeah.

Speaker 2 (00:14:46):
Macca was 14 Sonoma.

Speaker 3 (00:14:47):
Yep, yep. But did you guys have any issues with any of your apps? Did they all just work? Was there any,

Speaker 2 (00:14:55):
We had some fun. I was going to say, I would say that the best way to think about this is that anytime you have a new version of the operating system, things are going to be different. And the question is how different are they going to be?

Speaker 3 (00:15:06):
Yeah. My specific question though was about apps. Like did any of your apps not launch and not launching is different than, yeah, it’s not different. Is it

Speaker 4 (00:15:19):
Not doing what they were designed to do? I think is

Speaker 2 (00:15:22):
The, that’s probably what we’re coming to here. And I will say that we had some adventures at Chum Cloud with our login window. Obviously login window frameworks are special weird places. And I understand that our friends at JAM had similar situations with jam connect and black screen right after upgrade is a kind of a terrifying situation, especially when you start to mess around with the login window. And we were incredibly pleased that that situation was resolved midway through the beta cycle. I think it was beta five or beta six when everything just started working again. And we had a couple of pinging pongs back and forth, broken in three, fixed in four, broken in five, fixed in six, those kinds of situations.

Speaker 4 (00:16:08):
And it also seemed to depend on the specifics of exactly how those login window applications were being deployed and other things that were happening, whether you are creating users at enrollment, how you are creating those users, what things are leading up to it. So I think the really important thing to understand there is the latest version of any of these applications is going to be the one that works best. And so use this time, you have to ensure that machines are getting deployed with the current version of any of these tools where you can, because that’s always going to provide the best result that the developers of those applications will find out these issues at the same time as all of the people managing the devices. And we’ll be working rapidly to get everything working. And if you, for whatever reason are holding back on earlier versions and it’s not just of logging window applications, security applications, any sort of application, then the risk of exposure to any bugs, whether they be tested or most importantly untested.

Speaker 4 (00:17:25):
If the vendor is not running through their testing workflows with a six month old version of an application, then you may not know about the edge cases that are going to hit. But further to your point, Charles, there’s not a lot. There are some specific issues I’m seeing with other third party applications. There were some people talking about S P S S, but a lot of that seems to be around communication around support or compatibility, which there’s often a disconnect between the developers of those applications who are madly testing things, and then the corporate communications and technical communications stating support and also the conundrum of until it’s actually released, we don’t know how many rcs it’s going to go through. Is there going to be a pong to the pinging in one of those rcs that may impact it? But yeah, it seems pretty good this year.

Speaker 3 (00:18:31):
S P S S has been around since I think 1968, so I’m sure they’ve had a lot of OSS upgrades between here and there and they’re like, whatever guys, we got this. Eventually support it. Just don’t upgrade yet.

Speaker 2 (00:18:49):
I do think that there is one interesting challenge that was a deployment blocker for some organizations around anything that uses the PF firewall.

Speaker 3 (00:18:57):
Yep. I was about to say actually anything that loads an extension, and ever since I wrote a tool to monitor extensions, I’ve been slowly trying to weeded away all the extensions on my machine just because I’ve now realized how dangerous they are. But other than things that load extensions and some extensions remain untouched, like autofill extension, everything’s untouched unless you need passkey support. And then there are new frameworks that are available in Sonoma that weren’t available before that you might have to recompile to get compatibility with various oss, but by and large, other than the things that load extensions, which in the login window context that’s extension and a little bit of voodoo, who do you do? Do what? Remind me of the babe. I saw my baby. Nevermind. But yeah, I feel like the typical extensions, like things that do quick look extensions, everything worked fine. So if the extension was untouched by Apple, then the resultant application compiled also seems to work great with the next oss. I guess there’s an interesting tool to be written there perhaps. What extensions got code updates and what should you look out for? I don’t know.

Speaker 4 (00:20:42):
It very much feels to me that Apple over the last few years has put a lot of effort into making all of these extensions and parts of the operating system passing information backwards and forwards between applications has become a lot more resilient and less prone to breaking every single

Speaker 3 (00:21:02):
Update. I’m sorry, I buried the lead. That was my feeling that I wanted to convey. So thank you for unbearing the lead with that question

Speaker 4 (00:21:11):
And certainly no, it’s not something I’ve really been able to articulate until you stating that as well. And certainly the feeling I’m getting out there is a lot more organizations embracing change a lot earlier than in previous years. Some of them still wanting to defer is because they’ve found deployment blockers in their organization that are important to them. So they’re saying, well, no, we want this one resolved. It’s not something we’re prepared to accept risk. There’s also still organizations who just simply don’t have the resources to be able to do the testing and feel confident. And that’s always a real problem. It’s great to be able to say, oh, you should be doing this, you should be doing that. But if you are drowning under tickets and drowning under workload and you’re literally the only person holding things together, just remember that it’s really easy to say, oh, you should be doing proactive testing. But actually doing that isn’t always as easy, but I’m definitely seeing that a lot more people are a lot closer to same day support than there has been previously. And I think that’s a very much a combination between Apple making it a lot easier, doing a lot more communication earlier, the application vendors doing a lot more work earlier and being ready, but also the community really embracing the idea of early testing to feel a lot more comfortable. So it’s going to be very interesting to see what it looks like.

Speaker 3 (00:22:52):
And when this episode was percolating, one of the things that I felt like we should try to get at is what guidance, because when we started the podcast, I worked for a vendor and I was the only one, and now I’m the only one that doesn’t work for a vendor. So what kind of guidance, I guess, do you guys give customers when they ask about things, whether it’s in a pre-sales, post-sales product capacity? So apps are one thing, and I might over index on apps because I remember the era of the app gap as Joel used to call it, where it was apps that were probably the number one barrier of adoption of the platform. But I don’t want to over-index on that. So aside from apps, the number one thing that I’ve heard people talk about over the last couple of years has been software update. So I guess what kinds of improvements should people expect when moving to, let’s say, Sonoma’s first point release over the way it was two days ago?

Speaker 2 (00:24:14):
All of the changes that are really valuable here belong to how you message your users and how they experience the process of an update. It is not dramatically different from previous versions of the operating system in terms of the functionality of the software update mechanism. It’s all about control and how your M D M brings control to the environment. If your M D M is using declarative management, and that’s a big if still as far as I can tell, there are still only a handful of organizations who are actually providing M D M that uses the full declarative channel.

Speaker 3 (00:24:49):
And by the way, it’s also a big IF based on the operating system and the type of enrollment.

Speaker 2 (00:24:55):
Correct? In this particular case, any MAC OSS device, and we’ll talk about Mac OSS first and then we’ll talk about iOS second because there’s some interesting part, bits and bobs related to iOS. If your M D M supports declarative, you can now issue a declaration, a configuration to the device that says, Hey, I need you to be on Mac OSS 14.1 and I need you to be on Mac OSS 14.1 by 6:00 PM on November 30th and let

Speaker 3 (00:25:23):
No matter what the user wants,

Speaker 2 (00:25:27):
No matter what the user wants.

Speaker 3 (00:25:28):
And so if it’s the c e o, am I going to close all his apps and restart or her apps and restart?

Speaker 2 (00:25:37):
Yes. However, before we get to that spot, the c e O will have been told once a day with an alert that skips do not disturb mode each of the three days prior and starting at 24 hours, those alerts go from once a day to once an hour, and then in the last hour you get notifications at 60 minutes, 30 minutes, 20 minutes, 10 minutes. So at that point, you will have ignored something on the order of almost 30 alerts from your M D M that you have an update that is due over a 72 hour period. Are you telling me that someplace in that 72 hour period, you cannot tolerate 20 minutes without your computer?

Speaker 3 (00:26:14):
Well, there were 30 tyrants who with the aid of democracy I guess helped in Socrates. So skipping 30 alerts has been part of Hellenistic culture for

Speaker 2 (00:26:36):
Years. Tradition for millennia, yeah, 2,500. So I will say that at the end of that process, essentially you’ve got to do your update, provided that again, your M D M not only has to support the declarative, it needs to support the bootstrap token because that’s what it uses to handle that. Oh, and you can see, we’ll talk about that in just a minute. Sorry

Speaker 3 (00:26:56):
For the listeners, there are balloons.

Speaker 2 (00:26:59):
You can tell that I’ve upgraded to macOS Sonoma and I’m getting the camera gestures.

Speaker 3 (00:27:03):
I talked in my hands. I have two and I’m not getting camera gestures. So for the listeners, Tom has given two camera gestures. I have given two, I have had zero results. Tom has had plenty. I must have disabled something throwing that

Speaker 2 (00:27:20):
Out there. I’m just saying you got to hold it up there a little longer than you think you should in order to get the various pieces.

Speaker 4 (00:27:26):
I thought that was you saying bootstrap token, and you’d built some kind of shortcut that led to the balloons going everywhere. So the other interesting thing there is that communication to users, as you were saying that going, by the way, if you do ignore all of these notifications, this is what’s going to happen if you decide to go and pick up a machine that has been turned off for three months and turn it on an hour before presenting it on all hands, this is what is likely to happen. And the reason it’s likely to happen is because it should happen because security trumps everything else in organizations these days.

Speaker 3 (00:28:19):
As it should. To be perfectly honest, that c e o, who is a practicing tyrant by skipping 30 tyrants worth of check boxes should be forced to restart in the middle of their presentation. To your point mark,

Speaker 4 (00:28:38):
And if it’s not good enough for the ceo, why should it be good enough for the rest of the organization? That’s always an approach I’ve

Speaker 3 (00:28:46):
Had. Now you jumped from Socrates to Aristotle.

Speaker 4 (00:28:49):

Speaker 3 (00:28:50):
Just throwing that

Speaker 2 (00:28:50):
Out there. It’s the MAC admin’s philosophy and philosophy hour here this week as well as everything else. But I think that the other really interesting part here is that when you set a declaration like this, you can provide more information to your end users at that point. You can provide a U R L that’s specific to you during the beta period. I had some fun putting different YouTube videos in those declarations. I mean, who doesn’t love Astrid Gilberto singing the Girl from Eima from 1967? So I mean, those are important things and if we’re going to make people wait a little bit, might as well give them some elevator music to do that

Speaker 3 (00:29:29):
With. I mean, that’s probably when S P S S was being written. Nevermind. Now we’re going back to the beginning

Speaker 4 (00:29:36):
Feature request for Macco S 15 is to be able to have a U R L that is to play whilst the machine is updating to

Speaker 2 (00:29:44):
People. That would be pretty

Speaker 4 (00:29:45):
Rad, entertain and occupied.

Speaker 2 (00:29:47):
There’s one other interesting piece, and I mentioned I would get back to iOS here. Declarative changes the posture a little bit for enforced iOS updates. Traditionally with M D M, you could specify an M D M update command for any supervised device. In my testing during the beta period, that was true for any device enrolled device as well did. So it did not need to go through a d e, did not need to go through configurator. It would work on a standard device enrolled device as well, which is a welcome change.

Speaker 3 (00:30:20):
And the nice thing about iOS in this context is nearly every app returns back to the state that it was. That doesn’t mean that if you were sitting there in let’s say Salesforce typing notes about a customer for 30 days without committing them, which by the way, Salesforce would force you to log out and log back in now, but that’s not to say you wouldn’t lose any data because I mean, I don’t know if you guys feel the same way, but for me the issue has always been lost data keeping me from issuing a tyrannical restart, right? That’s it. I can’t think of any other reason that you would postpone other than there is a field where you’ve been typing data and by field that could be an unsaved word document, a web form that hasn’t had the submit button, et

Speaker 4 (00:31:25):
Cetera. Maybe going a little bit broader, lost productivity is clicking this okay button going to,

Speaker 3 (00:31:32):
But that’s the only

Speaker 4 (00:31:34):
Ruin the next couple of hours for me. Gap for loss. Yeah, exactly. Or the application back to the app gap is the data there, but the application I need to use to access that data now not going to launch,

Speaker 3 (00:31:50):
But Salesforce to continue on with that example, would’ve required me to two factor in again within 30 days. Now if I’d have been hitting No, no, no, no, no. And I happened to open my favorite browser and enter that field in Salesforce and not hit saved that night, but goodness gracious, that is such an edge case.

Speaker 4 (00:32:18):
And what I do often see is the people who have been bitten by those things in the past. And more and more anecdotally, it seems to be the distant past where that happened, where everybody remembers that one time when they updated to leopard and something stopped working. But there are fewer examples of this out in the real world. And if one of those upgrades beat you hard, it’s entirely understandable to be concerned, worried

Speaker 3 (00:32:54):
About. And we’ve all been bitten by that, right? Yeah. I mean, I can remember personally getting balled out over a Windows update, which that was back in the W sauce era where you couldn’t actually suppress them yet and it was patch Tuesday or whatever, and boom goes to dynamite, low level vice president gets a thing. And the next thing I know I’m getting yelled at,

Speaker 4 (00:33:21):
The other thing I’ve seen that makes a lot of this easier as well is moving to SaaS platforms and subscription models for licensing. Whereas back in the old days of Adobe Creative Suite where it may be that for purely financial decisions, an organization may be running several versions behind because they don’t want to or don’t have the budget to pay for the new version of something, and then you discover that the version that you can afford to run and your license to run doesn’t actually work on the version of the operating system. Whereas with most subscription models, now as long as you pay the ferryman, you get to choose which versions you want to run within reason. And so it eliminates that whole financial and licensing concern. And it just comes down to operational logistics rather than needing to go to procurement cap in hand and saying, actually, we need the latest version of this software and we kind of need it yesterday because this happened and it didn’t show up in our testing.

Speaker 3 (00:34:28):
I feel like you’re, are you specifically talking about Creative Cloud? Because I don’t feel like I have that scenario with all my other apps.

Speaker 4 (00:34:39):
No, I see that with all of the Microsoft platforms now. Oh, Microsoft and Adobe app. But also you think about a lot of the applications people use now where they are SaaS based subscription like Figma, miro, all of these applications tend to be you pay per user per month, per year, whatever it is, and it’s no longer paid for on a, you pay us your money and then when we release a new version, we ask you for more money, which was always a real issue I found for updating because trying to coordinate the budget for the new license, and especially smaller organizations, maybe we’ll go, all right, we’ll upgrade every second one or wait until there’s a project that can fund the license upgrade. Whereas that whole concept seems to have gone away.

Speaker 3 (00:35:35):
Oh yeah, for sure. And I do think organizations pay more and from the IT perspective get more, I don’t know from the productivity perspective, get more, but from the IT perspective, I feel like in general it’s better. That’s an interesting point. Yeah, skipping upgrades used to be. I mean, we talked about that with the new iOS and watch releases where I’m like, oh yeah, I skip. I’m on an off cycle for phone and a on cycle ish for watch and an off cycle Mac, but I’ll probably end up upgrading anyways.

Speaker 4 (00:36:16):
It’s interesting though, that is the other side of it that I’ve seen is uncovering now the challenge of organizations that are retaining hardware because Apple does such a freaking good job of building hardware that will continue to run for such a long time. And organizations discovering that they’ve got hardware that isn’t in their mind still entirely functional, but is not able to run the latest version of the operating system and not able to run the latest version of applications as a result of that. And seeing that problem move away from software and back to hardware and from a long-term environmental impact, it is a real challenge to look at something that is still entirely useful as a computing device, but then the fact that it has lasted for so long creates all of these other problems, which can be hard to articulate to the person that’s going, that machine works just fine. My 2014 MacBook Pro is great. I love it. It does everything that I need it to for the use case that I was using it for.

Speaker 3 (00:37:32):
Yeah, but your 2014 MacBook Pro would not run Sonoma to be specific. Sonoma runs on IMAX 2019 and later iMac Pro 2017 and later because they’re more expensive presumably, and have better chips. I think that’s just all the IMAX Pro for the record. Oh, right. Yeah, good point. MacBook Air 2018 and later, MacBook Pro 2018 and later MAC Pro 2019 and later, Mac Studio 2022 and later, because that’s all of them. Mac Mini 2018 and later. And the mini is probably a sticking point. S is the iMac, SS is the MacBook, nevermind. But those are the machines that can run Sonoma. So as we’re scoping policies to update or enforce updates, those are the easy ones. So feel free to scrub backwards 90 seconds to re-listen that or just check Apple’s page on devices that are compatible with Sonoma.

Speaker 4 (00:38:48):
My poor Little Mac mini running casing, which is the only thing that’s running these days, is still wholeheartedly not compatible. But I still love you Little Mac Mini and the work you do on my network with far many more devices than really ought to be on a single home network.

Speaker 3 (00:39:07):
I’m still waiting for the Mac Mini to be merged with the Apple tv, but whatever on that

Speaker 2 (00:39:14):
One day, one

Speaker 3 (00:39:14):
Day, I do have to say I first noticed the video conferencing effects when Tom upgraded his beta and they don’t seem to work on my betas. I’m hard on things. I will fully admit that,

Speaker 2 (00:39:29):
But there are some settings for this and I had to go looking for them. And so when you’re in a call like we are now, you can click on the little camera icon that’s at the top of the screen, and when you click on that icon and it’s going to show you the apps that are using the camera, when you click on that, it’s going to show you the cameras in specific that are being used, and you have full control at that point over center stage and portrait mode and studio light as well as reactions. And you can turn them on or you can turn them off when you

Speaker 3 (00:40:00):
Turn them. So you turned them on.

Speaker 2 (00:40:01):
So I turned I did not. It was on by default.

Speaker 3 (00:40:04):
Oh, mine.

Speaker 2 (00:40:06):

Speaker 3 (00:40:07):
Or maybe I disabled them

Speaker 2 (00:40:10):
Very possible. I don’t, sometimes

Speaker 3 (00:40:13):
I have what happens there so early that I don’t know what happened, and I don’t remember what I did like a 4:00 AM meeting. I’m like, ah.

Speaker 2 (00:40:26):
But what’s nice is that when you also have the reactions on, you can actually manually trigger them so you don’t have to rely on the gestures. And so I can cause balloons to appear. And

Speaker 3 (00:40:36):
For the listeners, Tom has been doing this for the last 90 seconds, which is awesome. Lasers. Okay, so which ones are your favorites?

Speaker 2 (00:40:48):
I prefer lasers because it involves my favorite fresher gesture, which is throwing up the double horns symbol. And that is a big winner, but

Speaker 3 (00:40:58):
Also lasers, lasers,

Speaker 2 (00:41:00):
Lasers, fricking lasers, sharks with fricking laser beams, right? I mean people of a certain era. I’m very simple, man, Charles, I’m a very simple man. Yes, ill tempered sea a s also a possible solution. I still haven’t figured out how to trigger all of them. There’s going to be a guide, a help article that will drop when Sonoma does that will tell us all more about these things. But also, as far as I can tell, you can’t manage these on behalf of your

Speaker 3 (00:41:24):
Well, that was the follow-up question that you got in front of, but also who cares?

Speaker 4 (00:41:32):

Speaker 2 (00:41:33):
I mean

Speaker 3 (00:41:33):
What security flaw is if all these management things are really there to back up security, is there a flaw from lasers other than getting lasered, which by the way, when Val Kilmer used lasers to pop popcorn, that was obviously all good and all fun. Yeah.

Speaker 2 (00:42:05):
See, nothing wrong with that at all. But

Speaker 4 (00:42:07):
I very much like organizations I find can sometimes err on the side of we need to be able to block this and we need to be able to stop this. But I certainly find working in effectively a fully remote role, anything that helps improve communication, whether it be video conferencing, communication or text-based communication makes that communication a lot easier. And if being able to use these reactions to communicate and articulate yourself and make sure that context is applied to things that are being said or things that are being written is great, and hopefully organizations can embrace it and hopefully individuals don’t overdo it to the point where people,

Speaker 3 (00:43:01):
It’s like a mellow, dramatic emoji in text messages. I mean, at the end of the day. So we’ve got a bunch of other settings that we wanted to talk about and the management around them. So beyond that, we also get platform S S O, I guess what kind of guidance are YouTube giving customers when they want to talk about P S S O?

Speaker 2 (00:43:28):
Oh, I know what you’re going to use it for, and this is the place where I think that there is a lot of potential here, and it all comes down to what’s the right execution strategy and how do you actually get this stuff for free? And I think that I’m still waiting to see the best implementation here. I’ve only seen one, and it’s Microsoft’s version from last year, which they only, the

Speaker 3 (00:43:54):
Shipping one, it’s

Speaker 2 (00:43:55):
The only shipping one right now.

Speaker 4 (00:43:57):
Okta have also got theirs in early access

Speaker 3 (00:44:00):
As well. That’s not using Exactly. Anyways, we’ll move on from that. I would say if you want to talk more about that, listen to the talk that Joel and I will give at Maxis admin and we’ll expand on some of the past key and various P S S O concepts there.

Speaker 4 (00:44:24):
Yeah, I think the guidance I’ve been giving people is to make sure you’re clear in understanding what platform S s O is designed to do and what it’s currently capable of doing with the implementations from the identity providers rather than what you are hoping it’s going to do and expecting it to actually be able to do that. I think it’s really important to understand the differences between the Ventura implementation and the Sonoma implementation, which of the identity providers are offering which implementation, and also making sure that what it actually does is what you need. But I agree that this is very much a sign that Apple is embracing cloud identity and integrating cloud identity into the operating system, and that’s the direction I want to see things going.

Speaker 3 (00:45:23):
Well, if your cloud identity is Azure

Speaker 4 (00:45:26):
Or another identity that would like to come along for the ride, whether that be

Speaker 3 (00:45:34):
Short term,

Speaker 4 (00:45:34):

Speaker 3 (00:45:35):
Term as endpoint, the way Microsoft Azure writes endpoints, I mean,

Speaker 4 (00:45:40):
And I think there’s a parallel there to what we saw with managed Apple IDs where the first implementation worked with Azure and that was great for people who are working with Azure, but there were other identity providers, weren’t there, Tom, who were not doing things that way and had to wait or rethink in some cases the way they approach their own identity provider to be able to align with this way of doing things. Yeah.

Speaker 3 (00:46:11):
And in Apples defense, if you have three major vendors that you want to build support to integrate with, and one since people out to hang out with you and tell you how they want things and the other two don’t, then I mean as a developer you’re like, oh, I see what you need because you came here and told me, or because you were willing to get on a Zoom call or a Skype call or a whatever to explain to me exactly how you need me to structure this J S O N or Yam L or whatever that I’m handing you so that we can be in sync. So there’s an Apple tax as a software developer and there’s always been a Microsoft tax and a Novell tax if you want to go back decades. But I feel like when you’re talking about integrating between multiple vendors, the bigger vendor expects, and maybe not all the people that work at the bigger vendor, but in general, the business humans who get in our way of writing awesome stuff expect that the bigger vendor has the pull to or typically expects to drive the relationship and define what they need. In a way, it’s kind of a weird thing. So yeah,

Speaker 4 (00:47:51):
The other thing to be conscious of as well is the communication. So the larger the organization, the larger the product marketing team, the larger the social marketing team, the more distance there may actually be

Speaker 3 (00:48:09):
From, if there is a social marketing team,

Speaker 4 (00:48:12):
The more distance there may actually be from the private preview or the early access and the functionality and the communication that’s coming out. So one of the things I’ve seen is people choosing to read marketing communication that is not particularly clear or specific because it’s marketing communication, not technical communication. And taking that to mean one thing. So one of the lines I’ve always used is I want to see this working on a device. So if you are wanting to go down the path of platform, ss, s o, and IT is supported by the identity provider and the M D M that you use is try it out, get involved with the betas, get involved with the early access and find out for yourself what it can do and provide that feedback of what you’d like it to do to the identity provider to Apple, to the M D M provider and work with them rather than sitting on the sideline going, gee, I hope this is actually going to do this, and we’re going to base our whole roadmap for our organization on this thing doing something that I haven’t actually validated it does yet.

Speaker 2 (00:49:23):
One of the things I do want to highlight that it does this year that it hasn’t done in previous years is that it allows you to authenticate users that are not necessarily on the device and you can specifically line up your profiles such that it says, alright, if they’re in this group, they’re an admin and if this group, they’re just a user. And once you do those things, essentially you can have a just in time not present on the device admin for the purposes of providing a step up authentication, not for having a new user account, not for having a new secure token account,

Speaker 3 (00:49:59):
All those things. It’s exactly legit.

Speaker 2 (00:50:01):
It’s not Jet, but what it is is it’s an admin user account that doesn’t have to be present on the device.

Speaker 4 (00:50:08):
And that’s great to have us to not have to load your machines up with lots of user accounts, with well-known, commonly known, widely known credentials that can be used for other things. So absolutely, that’s a

Speaker 3 (00:50:23):
Really not exactly commonly known. And I’m using air quotes here in the O I D C sense, but commonly known in this sense as in known by people who might not necessarily still work for your organization. Right. It’s funny when the technical terms for things define a different connotation than the colloquial terms for things, which is what I was pointing out there specifically. Yeah. In general, I feel like what I was after here is the fact that if you’re on a full Microsoft Stack platform, s ss O is here for you. And if you’re not, it’s not yet. Would you guys disagree with that statement?

Speaker 2 (00:51:14):
Yeah, I think it’s still very much, I would very much agree with that. I think that we’re closer now than we’ve ever been with the Okta and Jam partnership that is present and ongoing. And I mean, we’re recording this 72 hours ahead of the Jayna keynote, and so I fully look forward to seeing an Okta person up on stage in two or three days to tell us more about their way in which they are approaching this particular problem. So please don’t take it as this is only for Microsoft people right now except for the part where it is.

Speaker 3 (00:51:47):
But it

Speaker 2 (00:51:47):
Doesn’t have to be that, but it’s not going to be that way for long, I think is really what we’re saying.

Speaker 3 (00:51:52):
Yeah, except anyways, moving on.

Speaker 1 (00:51:56):
This week’s episode of the Mac Abs podcast is also brought to you by Collide. Our sponsor, collide has some big news. If you are an Okta user, they can get your entire fleet to a hundred percent compliance. How if a device isn’t compliant, the user can’t log into your cloud apps until they’ve fixed the problem. It’s that simple. Collide patches one of the major holes in zero trust architecture device compliance without collide. It struggles to solve basic problems like keeping everyone’s OSS and browser up to date. Unsecured devices are logging into your company’s apps because there’s nothing to stop them. Collide is the only device trust solution that enforces compliance as part of authentication, and it’s built to work seamlessly with Okta. The moment collides agent detects a problem, it alerts the user and gives them instructions to fix it. If they don’t fix the problem within a set time, they’re blocked. Collides method means fewer support tickets, less frustration, and most importantly, a hundred percent fleet compliance. Visit collide.com/mac admins podcast to learn more or book a demo. That’s K O L I d.com/mac admins podcast thanks to collide for sponsoring this episode of the Mac Admins podcast.

Speaker 3 (00:53:23):
So we did mention pass keys and passing, no pun intended, or maybe there really wasn’t, but it might’ve been there. I noticed you can only have one autofill provider doing pass keys and iOS 17. Do you guys think that you’d want to use two or not really?

Speaker 2 (00:53:53):
I don’t know. I mean, that’s the thing is one

Speaker 3 (00:53:56):
Password and LastPass,

Speaker 2 (00:53:58):
The number of, I don’t, the number of pass keys I currently have for actual passkey utilization form for primary user authentication, less than that, probably two

Speaker 3 (00:54:08):

Speaker 2 (00:54:09):
Yeah, I was going to say Google, although it was very fun, iCloud, my mom recently had some adventures with her Google account. My mom is now using a passkey to use her user Gmail. I like it. And so I think that’s pretty rad because there’s no password for her to remember. It’s just her Paki, it’s her fingerprint on her word except

Speaker 3 (00:54:27):
When she needs to update the password

Speaker 2 (00:54:32):

Speaker 3 (00:54:32):
Because there’s still a password. You just,

Speaker 2 (00:54:34):
There’s still a password someplace.

Speaker 3 (00:54:36):
A wonky JWT in the middle-ish. Ish. So

Speaker 2 (00:54:40):
You asked a fun question. Has anyone shared one using a QR code? I have.

Speaker 3 (00:54:46):
So you have Android family?

Speaker 2 (00:54:48):
Well, and I’ve used it slightly differently than that. I have work machines where, or excuse me, work machines where I want to sign in and I want to use my passkey as a second factor for JumpCloud stuff just to test around and play around with those kind of things. And the QR codes work amazing on my iPhone. And so at that point I log in on the device with my username and my password, and then I have to provide my phone. I have to go, boop and scan the code and off you go.

Speaker 3 (00:55:18):
Right. Okay. So Marcus, I’m just going to throw this out to you because you haven’t had the opportunity to say there were two or three questions packed in there real quick. A, do you want multiple autofill providers? B, did you use a QR code to share a pass key and C? Was it weird?

Speaker 4 (00:55:43):
I haven’t used a QR code to share a pass key at the moment yet. I’m in the scenario and I’m struggling to find enough things to use them for here that

Speaker 3 (00:55:53):
You don’t have Best Buy

Speaker 4 (00:55:54):
There. That’s one.

Speaker 3 (00:55:57):
There aren’t that many Apple.

Speaker 4 (00:55:59):
So look, if Amazon, maybe they have, and I just haven’t checked yet, but I think Amazon could go down that path. But it’s definitely something I’m excited about where it’s going to go to. And in terms of using multiple autofill, absolutely, especially with the idea of B Y O D user enrollment for devices, the idea that somebody may need to have access to some their corporate iCloud key chain as well as their personal iCloud key chain. And I understand that at the moment it does not work that way. And I think that’s important to understand at the moment where things don’t work. But I look forward to a future where there is a way to manage that, where you can somehow switch contexts. I’m going through my own private nightmare at the moment with a combination of one password and iCloud key chain and being able to get access to one password behind iCloud keychain the way. That’s how I’m separating things at the moment. And it’s a nightmare. It’s a nightmare

Speaker 3 (00:57:09):
I can deal with. Or last pass for your development stuff. Yeah, exactly. And one password for or however. Yeah, I mean that’s exactly the use case I was thinking through, especially in developer machines where it’s like, oh my goodness, I need to use three different tools.

Speaker 4 (00:57:27):
But this may be something that can get us into profiles for Safari where you can actually switch profiles in Safari to be able to use, okay, I’m in my work profile now.

Speaker 3 (00:57:39):
But first, just to close the loop on autofill. Have you used autofill for PDFs?

Speaker 2 (00:57:48):
I haven’t. During testing, I’m looking forward to playing with this under real world conditions. And now that the school year is back, I fully expect to have permission slip and things along those lines. And that’s going to be where I give this my best

Speaker 3 (00:58:02):
Experiment. If your kid’s in sports, you have to fill out, I don’t know, I filled out for my oldest, I probably did 15 of these and this feature, I was not using my Sonoma machine for this, so it

Speaker 4 (00:58:21):
Took quite some time. My tax is the main one for me. My accountant sends me all my tax information as PDFs that I need to go and fill everything in. And yeah, absolutely, I can do it. It’s really easy. I love the ability to be able to sign things using my iCloud key chain. That’s wonderful. Not having to, the one that annoys me the most is filling in the date where I can drop a text object on there and then having to space out the characters in the dates so it actually fits over the little, here’s

Speaker 3 (00:58:52):
My signature, but

Speaker 4 (00:58:54):
Actually writing my name next to the signature can be really hard. So yeah, I think this is going to be awesome. And then filtering through to nearly everything else, even the ability to be able to say, you’ve been sent a Word document, just convert it to A P D F and use this to then fill out all the information and send it back rather than having to deal with one of my bug bears. And when you get sent a Word document to fill in, and then you start filling in the information, and of course the formatting was designed around all the fields being empty, and now they’re not empty. It all goes out the window and my eye starts.

Speaker 2 (00:59:31):
Yeah, it’s always tremendous when they’ve just set it’s underlined and hit the tab key a bunch of times.

Speaker 3 (00:59:38):
I’m going to have a moment of stupid authenticity for just a sec here.

Speaker 2 (00:59:44):
Of course.

Speaker 3 (00:59:45):
So for me, the term bugbear has always been a D and D term. Is that not exclusive? I don’t think it is. When you said it may have

Speaker 4 (00:59:54):
Been where it came from,

Speaker 3 (00:59:57):
That’s what I just realized, and it never occurred to me because I am not cultured enough for it to have occurred to me perhaps. But so bugbear is

Speaker 4 (01:00:08):

Speaker 3 (01:00:09):
That annoy you, unpack that,

Speaker 4 (01:00:10):
Something that annoys you that

Speaker 3 (01:00:12):
Well, when they murder the heck out of you, they definitely annoy you in D and D.

Speaker 4 (01:00:17):
That’s definitely not a, hey, maybe using the term wrong, but let’s

Speaker 3 (01:00:25):
Say no, I think you are using it right? And I’ve been using it wrong for 20 years. But speaking of other things that I’ve used wrong, not quite for 20 years, there’s also managed Apple IDs changes and managed apple IDs.

Speaker 2 (01:00:42):
This one is fascinating.

Speaker 3 (01:00:44):
So as vendors, because I do feel like you have to work with an M D M vendor here, there’s just no getting around it, right?

Speaker 2 (01:00:55):
Yes and no. So let’s talk about that for a second, because there’s a part that an M D M needs to handle for you related to a token, but there’s also an implementation where you don’t necessarily need that. And it all comes down to how you federate your managed apple id. All of the things that we’re talking about here are around Federation of managed Apple IDs. And when you have managed Apple IDs that are federated, you can essentially establish permissions for individual services on a global basis that basically says, Hey, look, I’ll let any signed in device that can sign in with my managed Apple, ID have access to these services. Or I can say any M D M enrolled device that I control that is part of my Apple Business manager environment, can do those things, or I can require supervision on those devices. Those are the three levels of management. And for those bottom two levels, that requires your M D M to understand the concept of having a token on the device is brand new to, well, this is a brand new token, and this is a brand new token that the MDM needs to implement to. It’s not the bootstrap token. This is a whole new token because who doesn’t need another token? And I don’t think the token has a formal name yet. This is in, I’m waiting for the

Speaker 4 (01:02:18):
Beta in Apple business and Apple School manager at the moment. Correct. So you can, both the organizations and of course the M D M providers can understand how this works and implement it in a way that makes it work rather than in a way that makes it not fun,

Speaker 3 (01:02:40):
Not work. Yes.

Speaker 4 (01:02:41):

Speaker 2 (01:02:42):
So in terms of, does your M D M need to do something for this? Yes, they do. Is the M D M the only people that need to do this? No, they are not. Because you need to, I believe, as far as I can realize, I think you need to federate your managed Apple IDs in order to support this functionality. It is not available just to plain Jane that I’ve

Speaker 3 (01:03:04):
Created my own.

Speaker 2 (01:03:05):
Yeah, so there’s interesting stuff here and it’s going to be very interesting to see what that token can be used for outside of just validating that you have a supervised device or validating that you have a company device

Speaker 3 (01:03:18):
If you inspect the assertions. I think that’s a preamble to what it’ll be able to do, if that makes sense.

Speaker 4 (01:03:28):
I think very much the idea that so many people have been looking for, can I restrict devices so they can only using my M D M so that they can only sign in with a managed Apple id. So we can restrict it to the domain, they can sign in. And this idea up until now was focused on the M D M, providing that control and seeing the direction Apple’s taken on this, where it’s actually the organization, the Apple Business Manager, the Federation controls, where you are making the decisions there at an identity level as to what those identities are able to be used for, and really in a way complicating it, but in a way, putting that control where they’ve decided that control should be. So it really is making sure if you’re in a large organization where you are responsible for the M D M, for example, but you aren’t responsible for the federation of the identity, you’re going to need to have a really good relationship with those people and work together to make sure you’ve got the controls turned on where they need to be turned on, the controls not enabled, where they don’t need to be enabled.

Speaker 4 (01:04:41):
So you can all work together. And I think there are so many other examples we’re seeing here where security identity, device management are, the lines are getting blurred between those and the number of control points and management points going backwards and forwards to get it to work successfully is going to be hard and siloed environment.

Speaker 3 (01:05:05):
I feel like the first inkling of that that we got was with conditional

Speaker 4 (01:05:10):

Speaker 3 (01:05:12):
And on the Microsoft Microsoft stack, we saw that start to become a thing. And with all the emergent categories of software, whether it’s C T N A or whatever, I feel like we’ve blurred that line, but I feel like when my kid brings their Chromebook home, that line’s not blurry from school. I certainly didn’t give them one. I feel like that line has been not blurred. It is a seamless, simple stack. So one of those reasons is on that Chromebook, they have profiles in Chrome. Those come to Safari now. And I guess in the Chrome side or the Google apps for education side, those are manageable and not in a made sense where it’s kind of different, but in a pure bottom to top sense. So I guess, can you manage profiles in Safari or have you guys looked at that or, I have not looked at that. Just throwing that out there. Yeah. I mean, I did look at it, but I couldn’t find anything. So I assumed

Speaker 2 (01:06:36):
There are things that the user can do to manage those spaces and you can essentially say, Hey, look, in my work profile, I want you to load my work extensions on my personal profile. Don’t load those.

Speaker 3 (01:06:48):

Speaker 2 (01:06:49):
Or don’t load my personal power password manager in my work browser profile.

Speaker 3 (01:06:55):
Those have been my takeaways as well.

Speaker 4 (01:06:57):
I suppose the way I look at this as well is because one of the things I love about the Chrome browser ecosystem is the ability to be able to, rather than using the M D M to manage the functionality of Chrome, Chrome, have actually got their own engine where you can manage things at an organization wide level, regardless of which device it is, here’s what the experience is going to be. We can manage that user experience and then allow them or not to create an additional profile. I don’t know, does this mean that maybe that management is going to be tied to manage Apple IDs and it’s going to be in

Speaker 3 (01:07:34):
Apple Business

Speaker 4 (01:07:35):
Manager? I don’t know.

Speaker 3 (01:07:37):
Yeah. So to your point on the Chrome thing, if I know a little JavaScript, oh yeah, I can bypass all that. Oh yeah. And so that’s where the Chrome thing starts to fall apart. Not everything is signed and sealed and delivered exactly as it should be. Whereas with Safari, when they actually block overriding a specific function JavaScript function, or when they build a control into Safari, I have never found a way around them. I trust that when Apple exposes a button, I can manage it or exposes the option to manage something that it is straight up managed as opposed to me like doing funky job of things to get around things, if that makes sense. So

Speaker 4 (01:08:37):
Look, I guess it’s why we often see it take a long time to get this functionality is because rather than Apple, this has to

Speaker 3 (01:08:44):
Be more thought out,

Speaker 4 (01:08:45):
Rushing something out and going, there we go. And then having to then update Safari every two weeks because they’ve got to patch vulnerabilities they’ve exposed

Speaker 3 (01:08:57):
And not throwing any shade at any Java or Android or Chromium, whatever, developers, they’re different paradigms I think. And I think they’re coming closer together because they are all becoming much more declarative. But that’s just been my experience thus far. Okay. So speaking of permissions and the ability to bypass them or what have you, there are new granular permissions, so I don’t say in Sonoma? Yes. Or iOS, the latest iOS, I don’t say yes, give camera roll access in its entirety to an app. I mean, I can, I guess, but instead I can say just give the specific image or set of images to photos, give that to an app or allow writing to the calendar as opposed to complete control over my calendar. Does that get exposed to management? I haven’t found a way. It does

Speaker 4 (01:10:19):
Not yet. No. And it’s interesting, we had a discussion here at home last night about this that I think this is really relevant to, whereas I look at my iPhoto library and my iPhoto library dates back to a certain point in time where we started uploading digital photos to iPhoto on our computer, and that’s the date where it starts. But with my kids who first got iPads when they were in primary school or elementary school in the states, realizing that their documentation of their lives in their own personal iCloud photo library is going to be almost their entire life from the moment they first got a device. And realizing in context of this why you need to then not necessarily give anything,

Speaker 3 (01:11:14):
Control access to it,

Speaker 4 (01:11:15):
Access to it. And it’s sort of really mind blowing to think that I’ve still got boxes of photos and negatives and things like that from my early adulthood, my adolescence, my childhood, my family old photographs instead of scanning them, taking photos of them and putting them in. But they’re not actually, the metadata on those photographs doesn’t actually represent the point in time where the photograph was captured. But for my kids, it does. It’s like seeing one of my daughters have the image she took of herself when she got her first iPad that we’re trying to work out whether it may or may not have been accidental. And that’s literally the first photo in her photo library. And it’s not just the image, it’s the metadata associated to that. And realizing that what you grant access to and granular access to your life is just as important as granular access to your corporate data as

Speaker 3 (01:12:23):
Well. I mean, it’s interesting, the granularity and where it rears its ugly head. Like with Chrome extensions, there’s a much more granular set of permissions that you can apply to them as opposed to, oh yeah, do whatever. And I suspect that we’ll see this expand into assertions and things of that nature where the actual identity token that links services actually has the content of what can be in there cryptographically signed in such a way that you can’t then change it and yada yada yada. It’ll be interesting to see how that emerges, but mostly I wanted to just make sure that I didn’t miss that there was a way to manage something that I don’t think there’s a way to manage yet. So not

Speaker 2 (01:13:23):
That I’ve seen yet. Listeners, please write us if you figured this

Speaker 3 (01:13:28):
Out. Yeah, that’s an important thing here. I’m in a few Slack groups with people who kind of do heavy r and d hitting, I would say. And I think if these things had been uncovered by now, they’d have shown up there. But speaking of kids, so there was a new feature years ago, I don’t know how many years ago, I don’t remember in screen time where it could warn the parent of sensitive content passing through using local core ml, not a network service, so you don’t have to worry about your kids’ mistakes showing up in Apple servers as an example. But we do now see the ability to manage sensitive content warnings as a one-off. Have you guys looked into how to manage that as a centralized

Speaker 2 (01:14:33):
Resource? I’m still looking for documentation on this feature.

Speaker 3 (01:14:35):
Yeah, I haven’t, yeah.

Speaker 2 (01:14:36):
And I’m hopeful that when Apple drops the updates, we start to get some of the, I mean Apple’s documentation teams are awesome working

Speaker 3 (01:14:45):
Overtime. Obviously

Speaker 2 (01:14:47):
They’re working no doubt working overtime right now. I can’t wait to see what they produced, but if that’s manageable, expect to see it in the device management section. But until then, I’m not even going to guess

Speaker 3 (01:15:04):
Lockdown mode.

Speaker 4 (01:15:05):
I think it’s also important to understand that not all of the features that were announced at dub dub have made it into the 0.0 releases. And some of those more finer granular features are not ready yet. And it’s great to not release things until they’re ready. And so I think I recall seeing some documentation out there, I can’t recall if it was Apple documentation, if it was more community led documentation as to, Hey, these are the things that we haven’t seen yet, whether they’re in there or they’re just not documented. But yeah, looking forward to getting the 0.0 production releases and seeing which stuff is out there and which stuff is being delayed or held back a little.

Speaker 3 (01:15:56):
I’D so rather something be delayed than screw up my day. Yeah. So lockdown mode. I haven’t seen any M D M options to manage that.

Speaker 2 (01:16:09):
And here’s what I would love more than anything. I don’t need to be able to control that as an M D M administrator. I am fine with seeding that to the user’s choice. I would like to know a

Speaker 3 (01:16:19):
G P O in the Microsoft side, which would, there’s a design pattern that I,

Speaker 2 (01:16:24):
Sure, I hear that I would like to know what state the device is in with regard to lockdown mode during a get info request. I would much rather know based on the device’s state if it’s in lockdown mode or not see

Speaker 3 (01:16:38):
Additional access front only give access to the super secret if a condition is met and that condition being crazy lockdown mode. So I guess one other thing, M D M and Apple watch. So is that a thing, Tom? This might be something that you’ve added to the roadmap maybe. I don’t know.

Speaker 2 (01:17:06):
Still waiting for a little bit of use case here, but I mean, it’s on the roadmap. On the roadmap. If you find me a product manager who doesn’t have a 40 page document that’s like, this is my roadmap, and it looks a little bit like that yarn board from the, it’s always sunny in Philadelphia. I’m not saying that mine does look like that. I’m saying it definitely does. But as we start to think about what this is for, this is really for safe deployment of Apple Watch safe deployment of managed apple IDs on managed watches. It has a really interesting spot and it needs the token that we talked about earlier for the managed apple id. So this requires a federated managed apple ID to really do.

Speaker 3 (01:17:49):

Speaker 2 (01:17:50):

Speaker 3 (01:17:50):
Needs the token, and yet it’s still communicating with all cryptographic nonsense through iCloud key chain. So yeah, this is an interesting place where I’m like,

Speaker 2 (01:18:05):
Don’t a mystery here. We don’t see the whole picture yet. I think that’s really what it comes down to. My

Speaker 3 (01:18:09):
Suspicion is that it’ll be like, remember when the iPhone could suddenly be installed? Untethered?

Speaker 4 (01:18:17):

Speaker 3 (01:18:19):
O T A, remember, you used to have to install an iPhone tethered.

Speaker 4 (01:18:24):
I was working in the Genius Bar in those days, and the number of people who had missed the tiny little writing on the box that says, you need a computer to be able to use this phone.

Speaker 3 (01:18:34):
And then all of a sudden you didn’t, and you still need a Mac or an iPhone to use an Apple watch. And

Speaker 4 (01:18:45):
Especially my understanding of the current M D M spec for the Apple Watch is a supervised iPhone to have the managed watch with it. And so certainly you talk about it being on your roadmap because Apple has released it. You combine that with customers who are wanting to then utilize that service, which has a financial aspect to it that cements its place. Maybe a different colored piece of wool joining the pictures on your roadmap board and start putting use cases. But there are a lot of, I suppose, very creative use cases of organizations who would like to be able to do things. And I think this is much like platform, ss s o. This is something where making sure that your use case, your desire to be able to manage or restrict, aligns with the actual capabilities that Apple is providing at this stage for the Apple watches.

Speaker 4 (01:19:45):
So especially in the first iterations, I think this is something to keep an eye on and have a look and see what the use case is there. I think you’re right, Charles, that Apple wouldn’t have announced this without there being a very legitimate use case for Apple to put this on their roadmap and deploy it for Apple to provide, to make this a thing. There must be a use case out there. It’s not just someone waking up one morning and going, Hey, has anybody ever thought about whether we could manage watches before? Oh, never thought. Cool.

Speaker 3 (01:20:19):
Well, imagine a day when you don’t need a 50

Speaker 4 (01:20:21):
Engineers. Yeah,

Speaker 3 (01:20:25):
I mean, I don’t know that I see that coming, but then again, I never saw, oh, I just need a phone and not a computer or a tablet, not a computer. Then again, I’m very Gen X.

Speaker 4 (01:20:40):
You think about the things that we are seeing the watch able to do where when it first came out, it was about telling the time and being able to send obscene finger drawn emojis to people while they’re up on the stage presenting or things like that. And then you look at the accessibility, the sort of things that you discussed on the Flash cast the other day about what sort of functionality we’re bringing into these devices and start thinking about any business requirements for any of that functionality to allow people to be able to do their job and to be able to receive notifications or send telemetry without having to stop what they’re doing. And I see this as being an amazing opportunity for organizations to be able to protect workers, allow workers to do their job without putting themselves in risky situations. But yeah, I think this is one we’ll see evolve in iterations over time and exciting and interesting.

Speaker 3 (01:21:48):
Love it.

Speaker 2 (01:21:51):
Here at the Mac Admins podcast, we want to say a special thank you to all of our Patreon backers. The following people are to be recognized for their incredible generosity. Stu Bacca. Thank you. Adam Selby. Thank you. Nate Walk. Thank you. Michael S thank you, Rick Goody. Thank you. Mike Boylan. You know it. Thank you. Melvin Vives. Thank you. Bill Stites. Thank you. Anush Ville. Thank you. Jeffrey Compton, m Marsh, Stu McDonald, Hamlin Cruin, Adam Berg. Thank you. AJ Reka. Thank you. James Traci, Tim Perfi of two Canoes. Thank you, Nate Sinal, will O’Neill, Seb Nash, the folks at Command Control Power, Steven Weinstein, Chet Swarthout, Daniel McLaughlin, Justin Holt, bill Smith, and Weldon. Do thank you all so much and remember that you can back us if you just head out to patreon.com/mac ADM podcast. Thanks everybody.

Speaker 3 (01:22:47):
So that brings us an hour and a half. Brings us to

Speaker 2 (01:22:50):
The bonus

Speaker 3 (01:22:51):
Question over an hour and a half into the bonus question. And you guys feel free to replace this if you want.

Speaker 2 (01:22:57):
No, I liked this one a lot. I had a lot of fun playing with this over the last little while. And the question is, we get a new here, which is to say widgets that exist on iOS devices inside apps on those devices can now be embedded in the desktop of a user device. Or

Speaker 3 (01:23:18):
As a developer, you can write a Mac widget that’s not actually available for iOS. Oh,

Speaker 2 (01:23:25):
I dig that. I

Speaker 3 (01:23:26):
Can’t think of why you’d want to be perfectly

Speaker 2 (01:23:28):
Well, I mean, maybe you want to do something that’s special, but I had a lot of fun playing with this. And what’s really neat is that Debs didn’t need to do a lot of work here. Nope. Because any existing widget just shows up in the, Hey, I want to put stuff on my desktop. I immediately installed carrot weather because I like my weather a little salty. And I think that that gave me a good time. I had a great time with that. I put a calendar widget on my desktop, which is great. It helps me figure out what’s happening in my life and my day. Here’s the thing that drives me a little bit nuts. You require devices on the same Apple id. I am not allowed to use my personal Apple ID on my JumpCloud managed device. So I don’t really have a phone that has my managed apple ID on it.

Speaker 2 (01:24:19):
And so there’s no way for me to take my work computer, the one that I use all the dime and put widgets from my phone on it. It’s just not conceivable as the current situation. So that makes me a little sad. It’s okay though. I’ll get over it because managed app ID will bring that with time, right? We know that’s going to get better. It is a manageable thing. And you can tell iOS devices that are supervised that they cannot send widget data to a Mac that signed in with the managed, they managed Apple id, but that’s the limit of the management solution. It’s a new payload in restrictions. That’s kind of it. But it goes on the iOS device, not on the macOS device, which I think is very interesting. I don’t know why that choice got made. So it’s about

Speaker 4 (01:25:12):
Exfiltrating data, not about allowing data to infiltrate.

Speaker 3 (01:25:16):
And that’s why I asked if you could manage these because under the hood, I mean they’re loading through an extension, but there’s a lot, like if you’re using Apollo Retic, theoretically, if you’ve got a Z T N A that blocks Reddit or analyzes traffic to and from Reddit, then you would see that. Yeah, I don’t know. It’s opening up another interesting place I think for telemetry.

Speaker 2 (01:25:51):
I will be very interested to see what comes of this.

Speaker 4 (01:25:54):
Yeah, I’m looking forward to the, I haven’t been a huge user of widgets on my phone. And I think back to the previous iteration of widgets on the Mac, the two main ones I used was I Stat Pro, which became I STAT menus that was used for letting me know the state of my machine, but also the state of X serves I was managing, which shows you how long ago it was. But the other one was, my most used widget was looking at how much of my download cap for my dial up I s P was being used.

Speaker 4 (01:26:33):
And so, yeah, that’s something I’m absolutely not needing, but I’m interested to see not just developers that are porting over ideas from just the simple part of getting something from your iPhone onto your Mac. But when the developers get that moment where they work out, alright, if we can get someone to install this app on their phone or on their Mac and then get the widget that way, what are the interesting things? We’ll be able to find out what are better ways we can pull data from multiple sources to be able to combine that into something that’s interesting that I need to know about on my desktop. What are ways that I can avoid distractions or avoid having to go down rabbit holes by being able to see something in my periphery. And then how that translates to buying a vision pro or the vision ultra se, or whatever’s going to come out when we can actually have these things and take over my life with widgets. I dunno.

Speaker 2 (01:27:36):
I mean, I think it’s going to be interesting. I think that there’s a lot to, in this particular space, I think that there’s going to be clever usage of these things, but it’s really meant as a consumer technology right now as far as I can tell, or it’s certainly a technology that starts at the consumer level and ends up going to corporate America when we get a good use case for

Speaker 4 (01:27:55):
It. I think that’s the case,

Speaker 2 (01:27:56):
The good use case

Speaker 4 (01:27:57):
When we,

Speaker 2 (01:27:59):
Yeah, I think that the other piece that we may want for this, I mean, a calendar is a great corporate use case. No, let’s not a lie. But I think that the other piece that comes out with all of this is how do we need that coexistence between iCloud key chain work and personal so that I can do this with user enrolled devices as well as managed devices and things like that. So I think that there’s

Speaker 4 (01:28:22):
How many applications that I currently have open on my Mac, for example, zoom, outlook, all of these other things where I’m looking at it to avoid distraction, where I kind of end up at the moment with a display where I’m just chucking all of these apps that I kind of need to have open so I can get notifications and see things that are happening. But they actually get in the way of trying to focus and do some real work is how many of those can actually have a widget component where I can get access to the data on demand from those applications without needing to have a whole big ass window open that I need to rescale to be able to shove onto my MacBook Pro display rather than on my main display

Speaker 3 (01:29:10):
In a post finder world. That will be all. Yeah, and I think at some point soon we have to start thinking about what a post finder world looks like.

Speaker 4 (01:29:25):
Do you already have your roadmap for the post finder wall, Charles, with the bits colored wool joining all of these ideas?

Speaker 3 (01:29:33):
I don’t own that many stickies, different colors. Fair enough Time to filling me.

Speaker 2 (01:29:40):
Yeah, I was going to say, I feel you in that regard. I’m just going to say I do buy my post-Its by the Amazon Box full these days and that’s a great way to do it. But yeah, it gets

Speaker 3 (01:29:51):
You didn’t before you became a product manager though. Right

Speaker 2 (01:29:55):
Now it is all sticky notes and index cards, friend. Yeah.

Speaker 3 (01:29:59):

Speaker 4 (01:29:59):
Charles, what’s your favorite widget for the Mac?

Speaker 3 (01:30:03):
Oh, the probes for my grill maybe. Alright, that’s a good are iOS ones that actually just happen to work on my Mac.

Speaker 4 (01:30:14):
I posted something the other day. We started to think where were starting to eliminate natural gas connections to the house and all of the appliances and looked at induction stove and the first one I saw that had a wifi logo on it and it was just like, no, just no. Yeah,

Speaker 3 (01:30:30):
When I wrote this bonus question, I was looking for ideas. I wasn’t trying to seed ideas, just throwing that out there.

Speaker 2 (01:30:37):
That’s fine. So folks, if you’ve got a favorite widget that you’ve been playing with, you want to tell us about it, drop it in the Mac ADM podcast channel on the Mac and been Slack, and tell us what your favorite widget load is for the first week of Sonoma. And with that gents, it’s been a pleasure seeing you all. This is always a great episode. I love this time of year if only because it is terrifying in so many different ways. Having great friends along for the ride is new and delightful. But thanks so much to our wonderful sponsors this week. That’s Kaji and Clyde, and thanks everybody. We’ll see you next time.

Speaker 4 (01:31:14):
See you later up.

Speaker 3 (01:31:16):
See you next time.

Speaker 2 (01:31:26):
The MCAD Men’s podcast is a production of Mcad Admin’s Podcast, L L C. Our producer is Tom Bridge. Our sound editor and mixing engineer is James Smith. Our theme music was produced by Adam Coga the first time he opened Garage Band Sponsorship for the Mac Admins podcast is provided by the mac admins.org Slack, where you can join thousands of Mac admins in a free Slack instance. Visit mcad admins.org and also by technician Lll C. Technically we can help. For more information about this podcast and other broadcasts like it, please visit podcast dot mac admins.org. Since we’ve converted this podcast to A P F Ss, the funny metadata joke is at the end.



Patreon Sponsors:

The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include:

Rick Goody, Mike Boylan, Melvin Vives, William (Bill) Stites, Anoush d’Orville, Jeffrey Compton, M.Marsh, Hamlin Krewson, Adam Burg, A.J. Potrebka, James Stracey, Timothy Perfitt, Nate Cinal, William O’Neal, Sebastian Nash, Command Control Power, Stephen Weinstein, Chad Swarthout, Daniel MacLaughlin, Justin Holt, William Smith, and Weldon Dodd

Mac Admins Podcast Community Calendar, Sponsored by Watchman Monitoring

Event Name Location Dates Format Cost
XWorld Melbourne, AUS 30-31 March 2023 TBA TBA
Upcoming Meetups
Event Name Location Dates Cost
Houston Apple Admins Saint Arnold Brewing Company 5:30pm 4th March 2024 Free
Recurring Meetups
Event Name Location Dates Cost
London Apple Admins Pub Online weekly (see #laa-pub in MacAdmins Slack for connection details), sometimes in-person Most Thursdays at 17:00 BST (UTC+1), 19:00 BST when in-person Free
#ANZMac Channel Happy Hour Online (see #anzmac in MacAdmins Slack for connection details) Thursdays 5 p.m. AEST Free
#cascadia Channel Happy Hour Online (see #cascadia channel in Mac Admins Slack) Thursdays 4 p.m. PT (US) Free

If you’re interested in sponsoring the Mac Admins Podcast, please email sponsor@macadminspodcast.com for more information.

Social Media:

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back MAP on Patreon

Support the podcast by becoming a backer on Patreon. All backer levels get access to exclusive content!