JR Ewing (aka Larry Hagman) passed away this week. He was one of the stars of Dallas and the famed character from the “who shot JR” line. He also had a ton of great quotes over the years, such as “Say, why don’t you have that junior plastic surgeon you married design you a new face: one without a mouth!” and “”Revenge is the single most satisfying feeling in the world!” He also busted out with “A conscience is like a boat or a car. If you feel you need one, rent it.” and one that every NFL running back seems to bust out with in the last year of their contract “Contracts were made to be broken, honey, but a handshake is the law of God.”
I was really too young to watch Dallas. But I did here and there. Later, I was way too late to watch it, but thanks to NetFlix, I watched every painful episode of every season of the show that I wasn’t allowed to watch ’cause I was too young. And looking back, there’s one thing you can’t deny: most of the basics about how to conduct business can be learned from this show, especially from JR. So here’s my top 25 (moved these up from back in July) in honor of JR, may he rest in peace:
krypted November 24th, 2012
Posted In: Business
Growing up, there were two things to do on Thanksgiving: watch football and talk about politics. Football-wise, the zombie apocalypse is coming. So I don’t have a lot more to say about that today. Politics on the other hand, I do have a lot to say about. But I’m not going to. Instead, I’m going to let him do it. Have fun, eat turkey and don’t punch anyone just ’cause they don’t agree with your politics. Unless they disagree AND have no clue what they’re talking about (doesn’t matter which party). Then you can punch them. But not too hard, ’cause they might work out and punch you back next year…
krypted November 22nd, 2012
Posted In: personal
SimpleMDM has updated their Mobile Device Management solution (my original writeup is here) to now include the ability to manage apps. The apps functionality really comes in two flavors. The first is the ability to load up an app. This is handled handed by clicking on Settings in the right hand navigation bar and then at the Settings pop-over, clicking on Apps. Here, you can load up an internal, enterprise app or an App Store app.
Once you’ve loaded an app you can deploy it to devices by clicking on a group and then using the contextual menu to “Assign Apps.” Simple, as the name implies.
The second aspect of SimpleMDM is to white and blacklist apps. Doing so is done by clicking on the contextual menu and then clicking on Rules. Here, you can Allow or Disallow any app that has been loaded into the app catalog.
krypted November 20th, 2012
Posted In: iPhone
As you may have noticed, we’ve been working on building some links between the App Store and patch management tools such as Casper, FileWave and Munki. We’ve been looking at policy-based management of apps as well. In this semi-new world of signing and stores and the such, there’s actually a good bit you can ascertain about an app both inside the app as well as inside metadata OS X keeps about the app. I’ve discussed signing (apps and packages) in the past, but let’s look at using some commands to help us out with some tasks.
The first command is to determine some information about apps that are on the computer. Spotlight keeps a fair amount of information about these apps and can be invoked using the mdls command. Running the command with no additional parameters looks like this (I’m gonna’ use iMovie in these examples, although note that there are spaces in a lot of app names and paths as you start scripting things – so use IFS rather than trying to use traditional array):
This results in output similar to the following (I’ve stripped out a few fields as they consume a lot of space and aren’t super pertinent to what I’m trying to do here):
kMDItemAlternateNames = (
kMDItemAppStoreCategory = "Video"
kMDItemAppStoreCategoryType = "public.app-category.video"
kMDItemCFBundleIdentifier = "com.apple.iMovieApp"
kMDItemContentCreationDate = 2011-09-28 08:04:34 +0000
kMDItemContentModificationDate = 2012-09-22 02:13:45 +0000
kMDItemContentType = "com.apple.application-bundle"
kMDItemDisplayName = "iMovie"
kMDItemExecutableArchitectures = (
kMDItemFSContentChangeDate = 2012-09-22 02:13:45 +0000
kMDItemFSCreationDate = 2011-09-28 08:04:34 +0000
kMDItemVersion = "9.0.8"
To just ask for one of these attributes, run the command along with the -name option in addition to the metadata attribute you’d like returned. For example, to see the bundle ID (kMDItemCFBundleIdentifier), use:
mdls /Applications/iMovie.app -name kMDItemCFBundleIdentifier /Applications/iMovie.app
Now, if you’d like to just quickly ascertain what apps on the system came from the App Store, use the mdfind command, along with whatever of the attributes matches what you want to know. Running mdfind for kMDItemAppStoreHasReceipt of 1 would look like the following and would result in a list of all apps on the system that came from the App Store:
Blacklisting all apps that are part of a specific category (and with regard to customer requests, that category seems to always be Games) is something we get a lot of banter about with customers. To determine this information for apps, you can run mdfind on kMDItemAppStoreCategory for Games:
You could then dump the contents of those into something that can blacklist apps (or whitelist based on other categories). Now, version control is another hot topic at various organizations. To see the version type of a given app, use the -name option with mdls kMDItemVersion
mdls /Applications/iMovie.app -name kMDItemVersion /Applications/iMovie.app
Then you can track the version of the app and take action through other ways to remove old versions and force users to upgrade. The mdfind command can also be leveraged to find apps that have escaped their traditional homes of /Applications and /Applications/Utilities, with the ability to obtain a full list by querying for kMDItemContentType of app bundles, as follows:
Loading a list of apps (output from `mdfind kMDItemAppStoreHasReceipt=1` or `mdfind kMDItemAppStoreCategory=Games`) into an array and then querying each one of them for more information is pretty trivial beyond the steps we’ve already taken. This information can then be fed into some kind of Managed Prefs script to deny or allow access to various objects or an admin could even chmod the bundle, mark it as invisible, poison it (keep in mind, if you alter it you’ll break the signing), etc in order to get some desired outcome.
You can also use defaults to read a users com.apple.storeagent.plist file for the AppleID field to see what AppleID is currently logged into the AppStore, providing another variable that can be reported on:
defaults read /Users/cedge/Library/Preferences/com.apple.storeagent.plist AppleID
And yes, it’s worth noting that users from another account or a system image, etc can be used to download apps so this one isn’t exactly certain but the purchaser isn’t stored anywhere within the bundle nor is it permissioned in a way that we can use to find the purchaser that way.
There’s still a bit of a gap right now with regards to some of these technologies that Mac SysAdmins are managing. The consumeristic technologies such as App Stores are here to stay. We’re kidding ourselves if we think that we won’t be able to buy certain apps via Volume Licenses and have pkg installers for too much longer. Apple has made no indication that they’re dropping the results that can be obtained with a simple installer command, but with forcing signing on certain objects, gatekeeper and other technologies it’s hard to say what the future will really have in store for us. Getting to a point where we can report on elements of the App Store and hopefully eventually deploy objects through the App Store should continue to help bridge these factors, but I still see the need for additional binaries from Apple to be introduced to get the rest of the way there (or at least expose a method to me so I can go in there and buy an app through the method).
krypted November 19th, 2012
As many of my readers will note, I am a big fan of the University of Georgia football team. Sure, we have really crappy graphic design, but it’s a great school and if it weren’t for Athens you wouldn’t have rock lobsters, widespread panics or any REM in your sleep. Athens is a great music town, but it’s an even better football town. Especially when there is buzz of a potential national title berth. I’m excited too, but I hate rooting against teams. I prefer to root for a team and just let the rest be what it is. It just feels guilty to be stoked over the poor kids at Oregon and Kansas State, just for a shot to beat ‘Bama to play for a title.
But it occurs to me watching ESPN analysts (yes, the first four letters of that word made me laugh as well) that you simply can’t project possible outcomes in any sport. Therefore, I felt it important to project (and yes, when you project you’re projecting) the best possible college football national title scenario: USC beats Notre Dame, Georgia beats ‘Bama, Oregon falls to Oregon State, Florida beats Florida State in their season finale, South Carolina knocks off Clemson and Kansas State suffers a loss in the Big 12 title game. This would lead to a Georgia-Florida rematch in the national title game. After the ‘Bama-LSU debacle last year, pandemonium would ensue and perhaps Bill Belichick would have to step in and decide who the best team in the country is, all by his lonesome (after all, he’s the NFL version of Nick Saban). He declares Wesleyan the national title winner (he was a center there don’cha’know), even though they’re a Div III team and of course, Tim Cook, being an Auburn alumn doesn’t stand for such an insult to the SEC and prompts the iPads and iPhones in the world with a message to rebel. Arnold Schwarzenegger tries to step in (after all, if you cross the former Governor of California with a Terminator you get a USC back really worth paying), but fumbles, which sparks the zombie apocalypse. Yes, that’s it. I just linked USC to the zombie apocalypse. It’s all Lane Kiffin’s fault. He is evil I tell you, and he must go. Actually, they’re on probation – which means Monty doesn’t let him leave the house after 8pm except on game nights.
Anyway, back to Maryland joining the Big 10. They would be the 5th team in the conference to do a Gangnam Style YouTube video, so they got an invite and vote on it on Monday. Now, you might think that 5 of 10 teams is 50% but you’re wrong. Just before the Zombie Apocalypse, the Big 10 bent the time-space-counting continuum and made a conference with 13 teams called the Big 10. However, given that 2,500 students attended a Gangnam Style flash mob at Maryland, it’s somewhat surprising they have any Physics classes left, so an alternate theory (after all, this could be true in an alternate universe, right?!?!) is that they haven’t learned to count in that conference (or the Big 12, which ironically has 8 or 9 or 10 teams – can’t keep track they keep bolting so fast) as they keep skipping Math 099 in favor of dance classes.
Anyway, back to Texas. I can’t believe the Pac 12 almost destabilized their entire conference by allowing disproportionate checks to be cut every year to member teams. Yes, the reason the Big 12 has the problems it has is that different teams get different amounts of money for TV deals. The only thing that matters in college football any more is TV deals, btw. If you don’t believe me, watch the above video and think that one of the worse teams in the ACC is potentially going to the Big 10 just so they can get in on the media markets stretching from Virginia, through DC and up into, well, Maryland. Granted, the SEC wanted Texas A&M to get the fertile recruiting grounds (which really means media markets) of Texas, but that’s aside from the point: Texas is breaking the Big 12 and the only people that would put up with it are schools that have been begging to join the Big 12 or a bigger conference for decades and are totally stoked to finally get in. Now that the Big East has been shagged absolutely rotten and had their innocence and good members stolen by other conferences it’s time for the conferences to start raiding the ACC. If you have 16-team conferences, you need fewer of them, right. But really, they did a Gangnam Style parody at Texas too, although with far fewer people ’cause apparently they have to go to class or something…
The popularity contest of conferences means that if Maryland leaves for the Big 10 and Rutgers goes with them that the Big East continues a futile search for the meaning of life (42) and Rutgers, the original source of college football, goes back to a somewhat elite status provided they can continue to claw their way back up (“Shut up, we were good back in 1869, man!”). Princeton, the team they beat that fateful November 6th in 1869, still looking for revenge, decides that since the NCAA and the BCS have destroyed football that they must end football once and for all. To do so, they develop a new disease called WalterChaunceyCampitis, which has no impact other than to make people not like football. Problem is, they decide to start with some Div III team no one cares about: Wesleyan. Patient 0 just took a new coaching job there, after being one of the few coaches anywhere fired for going 8-4. Little did they know that without love of football, most people were just… Zombies. And of course, zombies have to try and infect everyone else, spreading their apathy.
Of course, Atlanta has a lot of University of Georgia alumns, which is why those walking dead refugees retreated to the land of the SEC, where no amount of brain sucking conference jumping can stand in the way of playing for a 7th straight national title, if only to piss off Jimbo Fisher, who was apparently caught impersonating Lane Kiffin in a Twitter account (he would have impersonated Mora but UCLA won and Mora tends to send snipers after people who do that anyway) by continuing to tweet: FSU #1. Given only one person believes that, Rick Grimes knew right where to find him, while searching Patient 0. He was easy to find, too. He was getting his butt kicked somewhere in North Carolina State. And really, Notre Dame would have beaten USC to keep this whole thing from unfolding if only Lane Kiffin had fired his dad. But he didn’t, because dear old dad is not only a legend, but he’s still a good coach. And he’s dad of course. And of course, dad beats Notre Dame ’cause otherwise there’d be no walkers.
Anyway, back to Oregon. Other than the University of Georgia, they’ve become one of my favorite teams in the country. They started this run with Chip Kelly with limited resources (other than that guy from Nike helping them out). They have the wackiest uniforms in the country, belong to a conference where the ability to count was important to conference members and they were the first school to do a Gangnam Style video. They run a wacky offense. They have this next man up thing, where everyone tries really hard and gives a crap. They are the opposite of apathy. When they get beat, it’s not from lack of trying and it really sucked to watch, even though my team potentially benefited from it.
But at the end of the day, Oregon is a team that thrives and gameplans on things like rhythm and inertia. And every now and then a team with a singular name that should be plural and a mascot of a sickly tree in Palo Alto waltzes in and beat them in overtime. And it’s a loss to be proud of, ’cause it was a bloody, trench warfare fight and both teams ended up escaping infection by Kiffin. Part of me hopes they get to play for a national title still. And since their QB is a freshman, he at least probably will (unless he goes pro too early like the guy in his spot before him did – although he can’t do it this year according to Marice Clarett) along with the guy who he beat out for his spot, Johnny Football. That’s another guy spared from the apathy apocalypse. And everyone else who actually plays their hearts out consistently. Anyone can be great at times, but to be great consistently is rare and the biggest obstacle to doing so is apathy.
PS – I’ll tell you who’s the first guy to get his brains eaten: A guy told me to stop posting things about college football on my website 5 or 6 years ago and I did. But recently I realized I never really liked him. He wouldn’t have made it this far through this post. In fact, I doubt anyone did… But if you did, you’re spared, unless you’re that guy. ‘Cause I like football.
krypted November 18th, 2012
Posted In: Football
Last year, I had a great time at the Penn State MacAdmins conference. There were tons of smart people to mingle with and everyone had plenty to discuss when it came to managing the Mac. There were a lot of people from education but also plenty from companies. The talks were well run and the conference location, the Penn Stater, was awesome. I love how it’s like a big winding maze.
Having gone to school in a town like State College (Athens, GA), I’ve always had a warm spot for cute college towns. And State College is clearly a special place. I’d recommend a trip there to anyone that loves places like Ann Arbor, Norman, Stillwater, Opelika, Corvallis, Blacksburg, Madison, Manhattan (Kansas), Ithaca, Iowa City, Ames, Morgantown, Lafayette (Indiana), Lawrence, Champaign, Logan, College Station and of course, Oxford Mississippi (Ole Miss is a truly special place).
So you’re lucky then, ’cause the Penn State MacAdmins Conference is back for 2013, being held in beautiful State College, PA at Penn State University. The Conference is May 22nd through 24th with a new introductory Boot Camp being held the day before (May 21st) to prep admins for the rest of the conference. And May is one of the best times to visit a place like this. Spring is in the air, kids are getting ready to graduate, the flowers are in bloom and of course, there’s no more snow to be shoveled. A month later and the school would practically be shut down, the town a ghost town.
But in late May, college towns are electric. So don’t just stay at the Penn Stater the whole time, go explore downtown and that Nittany Lion thing – and the spot where Joe Pa’s statue used to be. Take a carriage ride, swing by the Governor’s Pub, have some red meat at Otto’s and of course, perform the underclassmen ritual of throwing up on College Ave! And yes, there’s a College Ave, as there should be. Anyway, the social element of a conference like this is great. Meet those people you tell to RTFM on the ‘ole Enterprise List, the people whose feeds you read and the people whose feeds you deleted ’cause they talk about college football too much…
The Call for Proposals is now open, so to submit a talk, use http://macadmins.psu.edu/conference/submit-proposals.
This year, there will also be sponsors. To sponsor, see http://macadmins.psu.edu/conference/sponsorships.
Or to attend, see http://macadmins.psu.edu/conference/registration.
To sign up for the conference newsletter, see http://psu.us4.list-manage.com/subscribe?u=acd8b6acc541596a7bdf8e517&id=d37a7e26fd.
And for an example of what you are in store for:
PS – There are 12 teams in the Big 10. While at State College, make sure to remind everyone wearing blue of this fact.
krypted November 12th, 2012
For many environments, securing OS X is basically trying to make the computer act more like an iOS device. Some of the easier tasks involve disabling access to certain apps, sandboxing and controlling access to certain features. One of the steps en route to building an iOS-esque environment in OS X is to disable that Go to Folder… option. To do so, set the ProhibitGoToFolder key as true in com.apple.finder:
defaults write com.apple.finder ProhibitGoToFolder -bool true
Then reboot, or kill the Finder:
To undo, set the ProhibitGoToFolder as false:
defaults write com.apple.finder ProhibitGoToFolder -bool false
krypted November 11th, 2012