Episode 17: A Precise, But Not Accurate Number

MacAdmins.org Podcast, Episode 17: A Precise, But Not Accurate Number

Your Hosts:

Guest Hosts:

Listen!

Synopsis

We sit down to talk managing a fleet of 80,000+ Macs with a team of 9 with Clay Caviness, a Site Reliability Engineer at Google about his work on their Mac Management Team. A lively discussion about 10.12.2, firmware updates, and DMA Hacking ensued, and a good time was had by all. Discussion of Super Mario Run rounds out the episode.

Links & Notes

Macops team GitHub
Santa
Google Rapid Response

We Fixed The Glitch
Only fix for published DMA attack against FV2 keys
FV2 Key Recovery
PCI Leech Tool

csrutil clear and enabling SIP with Munki

Managed AppleID Woes

Rate Us On iTunes!

Give Us Five Stars!

Upcoming Conferences:

MacADUKRegistration open!

Sponsor MacAdmins.org Podcast!

If you’re interested in sponsoring the MacAdmins.org Podcast, please email podcast@macadmins.org for more information.

Social Media

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!

Episode 16: Autopkg and Creative Cloud with Tim Sutton

MacAdmins.org Podcast, Episode 16: Autopkg and Creative Cloud with Tim Sutton

Your Hosts:

Guest Hosts:

  • Tim Sutton, Systems Administrator, Concordia University and Author, aamporter [@tvsutton]

Our Sponsor: YUCKY BRAND UNIX SCRIPTS

Do you think the command line is yucky, but you need what it does? Hire Yucky Brand Unix Scripts to work in python, bash, javascript and even Applescript, so that you don’t have to. Thanks, Yucky Brand, for sponsoring the MacAdmins.org Podcast!

Listen!

Synopsis

A talk with Tim Sutton on Adobe Creative Cloud packaging, including some discussion of new packaging techniques focused around Creative Cloud Packager and Autopkg. After that, we break into the new MacBook Pro with TouchBar, that both Emily and Pepijn are using as their daily drivers.

Links & Notes

Import antigravity
CCP Recipes for Autopkg Test Repo (Use at your own risk, no warranty, if you break it you own both pieces)
Adobe Installation and Licensing blog
CCP CLI automation support:

TouchBar Macs, Imaging & Control:
* Managing the TouchBar Strip
* New Activation for TouchBar Macs
* Offline Activation Methods for TouchBar Macs

Rate Us On iTunes!

Give Us Five Stars!

Upcoming Conferences:

MacADUKRegistration open!

Sponsor MacAdmins.org Podcast!

If you’re interested in sponsoring the MacAdmins.org Podcast, please email podcast@macadmins.org for more information.

Social Media

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!

Episode 15: Autopkg, Trust & You

MacAdmins.org Podcast, Episode 15: Autopkg, Trust and You

Your Hosts:

Guest Hosts:

Greg Neagle, Primary Contributor to Autopkg, [@gregneagle]

Listen!

Synopsis

Autopkg 0.7/1.0 adds a few changes that you should be aware of, including additional trust settings. We discuss the new features and how you should prepare.

Links & Notes

Recipe Auditing, Security & Maintenance from autopkg-discuss
Response from Elliot Jordan
Response from Greg Neagle with audit verb
Autopkg Trust

How Not To Do Bad Things With Autopkg
Video of HNTDBTWA from MacDevOpsYVR

Munki Wiki

How Munki Decides What Needs To Be Installed

Autopkg Recipe Overrides

Rate Us On iTunes!

Give Us Five Stars!

Upcoming Conferences:

MacTech ConferenceRegistration open!
MacADUKRegistration open!

Sponsor MacAdmins.org Podcast!

If you’re interested in sponsoring the MacAdmins.org Podcast, please email podcast@macadmins.org for more information.

Social Media

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!

Episode 13.5: Live at JNUC!

MacAdmins.org Podcast, Episode 13.5: Live at JNUC

Your Hosts:

  • Marcus Ransom, Consulting Apple Engineer, [@marcusransom]
  • Charles Edge, Director of Professional Services at JAMF Software, That Guy at Krypted.com [@cedge318]
  • Adam Codega, Adam Codega, IT Operations Leader, Upserve [@adamcodega]
  • Jason Miller, Mac Operations Team, Thumbtack [@jasonkmiller]

Guest Hosts:

Ben Toms, Datajar LTD, [@macmule]

Listen!

Synopsis

The gang gathers to discuss the state of Mac Management live at JNUC

Rate Us On iTunes!

Give Us Five Stars!

Upcoming Conferences:

MacTech ConferenceRegistration open!
MacADUKRegistration open!

Sponsor MacAdmins.org Podcast!

If you’re interested in sponsoring the MacAdmins.org Podcast, please email podcast@macadmins.org for more information.

Social Media

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!

Episode 14: Reach Out and Touch Bar (Live!)

MacAdmins.org Podcast, Episode 14: Reach Out and Touch Bar (Live!)

Your Hosts:

Listen!

Watch!

Synopsis

The gang gathers to discuss the latest Apple Event, called “Hello Again” featuring updates to the MacBook Pro.

Links

ArsTechnica on new MacBooks Pro

T1 Processor also may control FaceTime Camera!

T1 Processor is really running watchOS

Office adds Touch Bar Support

Apple Says No Fun on the Touch Bar

Apple Human Interface Guidelines for Touch Bar

Introducing Microsoft Surface

Apple Confirms Secure Enclave Support in macOS Sierra 10.12.1

Rate Us On iTunes!

Give Us Five Stars!

Upcoming Conferences:

MacTech ConferenceRegistration open!
MacADUKRegistration open!

Sponsor MacAdmins.org Podcast!

If you’re interested in sponsoring the MacAdmins.org Podcast, please email podcast@macadmins.org for more information.

Social Media

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!

Episode 13: MDM Me Maybe?

MacAdmins.org Podcast, Episode 13: MDM Me Maybe?

Your Hosts:

Guests:

  • Michael Lynn, Client Platform Engineer at Dropbox, [@mikeymikey]

Listen!

Synopsis

What if the best way to manage your Macs was to use a Mobile Device Manager? What does your environment currently lack a way to control? Marcus, Pepijn and Charles talk with Dropbox’s Mike Lynn about his m(DM)acOS blog post, and everything you might be able to do with a future version of macOS via an MDM.

Links

m(DM)acOS by Michael Lynn

Introducing Apple File System from WWDC

What’s new in File System from MacSysAdmin – Rich Trouton from HHMI, October 2016

Behind the Scenes of iOS Security from Black Hat USA 2016 – Ivan Krstic from Apple, August 2016

El Capitan Rootless Files

Sierra Rootless Files

File A Radar

Mike Boylan’s Guide to Filing Radars

Open Radar

QuickRadar

The Apple MDM Spec

MicroMDM

Commandment Project

Simple MDM

Device Enrollment Program as part of MDMs

DEPy

MDMCert – Get your own MDM Certificate

JAMF Nation User Conference

Rate Us On iTunes!

Give Us Five Stars!

Upcoming Conferences:

JAMF Nation User ConferenceRegistration open!
MacTech ConferenceRegistration open!

Sponsor MacAdmins.org Podcast!

If you’re interested in sponsoring the MacAdmins.org Podcast, please email podcast@macadmins.org for more information.

Social Media

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!

Episode 12: Two Factors Enter, One Factor Leaves

MacAdmins.org Podcast, Episode 12: Two Factors Enter, One Factor Leaves

Your Hosts:

Guests:

  • Richard Purves, Senior Mac Consultant at REDACTED

Synopsis:

Tom, Charles and Pepijn talk with Richard Purves on the role of multi-factor authentication (MFA) in Mac systems administration, including a short history of MFA, how to work with MFA in macOS Sierra and Mac OS X. We cover a bunch of the infrastructure necessary to work with MFA, as well as tactics and strategies for their inclusion in your IT operations.

Listen!

Links

MilitaryCAC

Plink plink fizz method – Decapping Chips the strike easy hard way – Defcon Video

WARNING: Deals with either carcinogenic or flammable or corrosive chemicals. Usually a combination of two of these! Informational only: do not perform unless a trained lab chemist.

CDSA / TokenD
OpenSC

Sc_auth
Pkinit
Heimdall Version

Note that on OS X, this information is good background but doesn’t seem to work on macOS. Doing anything with the kerberos realm appears to be ignored and Apple instead looks for a file at /etc/cacconfiglogin.plist instead.

Best doc I found on this file

Methods of Smart Card working

$ sudo security authorizationdb smartcard enable

Seckey

Crypto Token Kit

ISO 7816

Mike Kaply CCK2

Centrify

Java Card

Ludovico Rousseau

Richard’s Blog Posts on Smart Cards
Part 1
Part 2

Rate Us On iTunes!

Give Us Five Stars!

Upcoming Conferences:

JAMF Nation User ConferenceRegistration open!
MacTech ConferenceRegistration open!

Sponsor MacAdmins.org Podcast!

If you’re interested in sponsoring the MacAdmins.org Podcast, please email podcast@macadmins.org for more information.

Social Media

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!

Episode 11: 400 Flying Monkeys! (Live After September 7th Apple Event)

MacAdmins.org Podcast, Episode 11: 400 Flying Monkeys

Your Hosts:

Listen!

Watch!

Links

Apple – iPhone 7 Page
Apple – Watch Page
Apple – Airpods Page
Beats – Wireless Remastered

Bill Hader’s Keynote Video

Inside iPhone 7 – Why Apple Killed the Headphone Jack – John Paczkowski, Buzzfeed

I Stuck Apple’s Airpods In My Ears And It Shocking Wasn’t Terrible – Christina Warren, Gizmodo

Tim Cook, Deal With It

Rate Us On iTunes!

Give Us Five Stars!

Rate Us On Stitcher!

Give Us Five Stars!

Upcoming Conferences:

MacSysadminRegistration open!
JAMF Nation User ConferenceRegistration open!
MacTech ConferenceRegistration open!

Sponsor MacAdmins.org Podcast!

If you’re interested in sponsoring the MacAdmins.org Podcast, please email podcast@macadmins.org for more information.

Social Media

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!

Episode 10: Joel Rennich & NoMAD

MacAdmins.org Podcast, Episode 10: Joel Rennich and NoMAD

Your Hosts:

Our Guests:

  • Joel Rennich, General Manager at Trusource Labs, [@mactroll]

Listen!

Links

NoMAD
Summary of NoMAD’s capabilities

Apple Whitepaper on AD

Troubleshooting NoMAD
Setting Get Help Link

MacDNA
Hello-IT

Duo Security Insight

FTC Official on Enforced Password Changes
Choosing Secure Passwords

SwiftOnSecurity

Scratch

Upcoming Conferences:

MacSysadminRegistration open!
JAMF Nation User ConferenceRegistration open!
MacTech ConferenceRegistration open!

Sponsor MacAdmins.org Podcast!

If you’re interested in sponsoring the MacAdmins.org Podcast, please email podcast@macadmins.org for more information.

Social Media

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!

Episode 8: Adobe Installer Format Changes

MacAdmins.org Podcast, Episode 8: Adobe Installers

Your Hosts:

Our Guests:

  • Tim Sutton, Systems Administrator, Concordia University and Author, aamporter [@tvsutton]
  • Patrick Fergus, Mac Systems Administrator, Meredith Corporation, [@foigus]

Listen!

Discussed Links:

Adobe has changed their installer format!

Karl Gibson (Product Manager, Creative Cloud for Enterprise team) spoke at PSUMAC this year on the subject.

aamporter

Software vendors put more logic into their software delivery system especially with the trend towards subscription-based models, Tim predicts pain in managed IT environments if they can’t continue providing simpler deployment packages.

Adobe also updated applications in a strange manner, mixing some new major releases and some dot releases while making it hard to determine which is which.
https://twitter.com/foigus/status/745628832602820609

Where we were: Adobe presentation describing RIBS

“Applications that can be deployed without their base versions” (list of new format packages)
(Tim wonders why almost none of these updated apps using the new installer format actually display that new package icon as listed in CCP)

HyperDrive CLI Uninstall documentation

Requires sapCode from the “Applications that can be deployed…”

Tim’s blog posts on deploying Creative Cloud licenses and installers using Munki from 2015:

Patrick’s PSU MacAdmins presentation slides (video to come):

Upcoming Conferences:

MacSysadminRegistration open!
JAMF Nation User ConferenceRegistration open!
MacTech ConferenceRegistration open!

Sponsor MacAdmins.org Podcast!

If you’re interested in sponsoring the MacAdmins.org Podcast, please email podcast@macadmins.org for more information.

Social Media

Get the latest about the Mac Admins Podcast, follow us on Twitter! We’re @MacAdmPodcast!