krypted.com

Tiny Deathstars of Foulness

Wow, seems like just yesterday I took down the old static page that was just a bunch of links I used to find stuff and went with a full-on WordPress site and published my first article. Doesn’t seem like I’ve been writing that long. But when I look at the over 2,500 posts on this site and the fact that I hit over 210,000 uniques last month, I guess it must be true. I’m so thankful that people want to read this stuff. And I’m really glad that I’ve been able to help a few people over the years. I hope the next 10 years are even better than the last 10! And thank you for coming back here and there, when you need to.

athletic-events-tv-sports-fan-birthays-ecards-someecards

Oh, and Happy New Year!

 

December 30th, 2014

Posted In: Consulting, iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, personal, public speaking, sites

When I put a computer in my daughters room, I soon realized I could no longer watch over her shoulder as she worked away at school games, Minecraft and of course Civilization (after all, that was my first game). So much as I wrote an article a long time ago about child-proofing an iPad, now I’m writing about child-proofing a Mac.

For me, I find that child-proofing is a bit like taking my kid to McDonald’s. I said never ever ever ever would I do this and then… Well, peer pressure, ya’ll… So if I have to do it, I figure someone else might. So here’s a quick and dirty guide to doing so. The gist of this guide is to continue using the same admin account that was created when you setup the computer initially. But to also create another account for the child, one that has some restrictions to keep them in a customized user experience. This might be to keep them out of things they try to do on purpose, keep them from accidentally finding some things they shouldn’t or maybe just to customize the user experience to make the computer easier to use (after all, if they can’t remove Minecraft from the Dock, they can’t come crying when they can’t find it.

Create a Managed Account

Most of the work that needs to be done, can be done within the System Preferences. This is available under the Apple menu as System Preferences…

Screen Shot 2014-12-26 at 5.09.00 PM

Once open, click on the Users & Groups System Preference.

Screen Shot 2014-12-26 at 5.09.41 PM

At the Users & Groups System Preference pane, click on the plus sign (+).

Childproof_Managed_Account

 

At the new account screen, choose “Managed with Parental Controls” in the New Account field. Then provide the child’s name in the Full Name field and an Account Name will be automatically created (note that I shortened the name in this example to make it easier for the child to log in).

Assuming your child doesn’t have their own iCloud account, set the password to “Use separate password” and then type it in. Once you’re happy with these settings, create the new account, which can be managed with Parental Controls by clicking on the Create User button.

Childproof_User

Restrict Applications and The Dock

Once the account is created, click on the “Enable parental controls” checkbox and then on the Open Parental Controls… button.

Screen Shot 2014-12-26 at 5.01.32 PM

At the Parental Controls System Preference pane, you’ll have a few options.

  • Check the Use Simple Finder box if you’d like the user to have a limited user experience (no command keys, only certain windows open, etc). I would usually only recommend doing this if you have very small children (like maybe pre-school age). I usually like them to be able to do as much as possible to foster the whole hacker mentality nice and young!
  • Check the box for Limit Applications if you’d only like certain apps to open. This is right up front on the main screen because it’s kinda’ important. Use the Allowed Apps section to select which apps can and can’t be opened (if there’s a checkbox beside the app name it can be opened by the user).
  • Use the Allow App Store Apps drop-down list to to set an age ranking minimum. These are available in 4+, 9+, 12+, 17+ and All (which basically disables restrictions).
  • Check the box for “Prevent the Dock from being modified” if you would like to restrict the new account from being able to edit the Dock. I usually wait for this, as I like to customize the Dock by putting the apps I want the child to open into the Dock. To do so, skip now, log in as the new user, log out and then customize the Dock. Once you’re done, log out, log in as an administrative user and then check the box.

Web Restrictions

Next, click on the Web tab. Here, you’ll effectively have 3 options: don’t restrict any content, let Apple try and block inappropriate content and build a whitelist of allowed content (with all other content blocked). Now, it’s worth mentioning that there can be an annoying element here, which is that if a site needs to be opened up for access, a child might come bugging you. But I like that, so I’m configuring this.

Screen Shot 2014-12-26 at 5.01.40 PM

Options include:

  • Allow unrestricted access to websites: Don’t block any content. Allow unfettered access to all websites ever.
  • Try to limit access to adult websites automatically: Click on the Customize button to add white and blacklisted sites, or sites that were accidentally restricted or allowed that maybe shouldn’t of. Or, if you want to restrict access to a specific web-based game that has become problematic.Screen Shot 2014-12-26 at 5.46.23 PM
  • Allow access to only these websites: This option allows access to only the websites you allow access to. A word of warning here, a lot of sites pull content from other sites, which can be kinda’ annoying…

Note: It’s worth mentioning that I discovered a few websites I’d of never tried to use in the allow list, so worth checking them out to see if your child will dig on some of these sites!

Once you’re satisfied with the options you’ve configured, click on the People tab.

Configure Who Your Child Can Communicate With

At the People screen, you can configure who the person using the Managed Account can communicate with. Here, restrict access to Game Center, restrict who the account can send and receive mail with and of course, who the account can use the Messages app with.

Screen Shot 2014-12-26 at 5.02.09 PM

The above options include the following:

  • Allow joining Game Center multiplayer games: Uncheck this box to restrict the user from playing any multiplayer games that use Game Center to connect people. If the user is using a game that doesn’t integrate with Game Center then they would still be able to use that game to enter into a multi-player game.
  • Allow adding Game Center friends: Uncheck this box to keep the user with the Managed Account from adding any new friends in Game Center.
  • Limit Mail to allowed contacts: Only allow people in the Allowed Contacts section to exchange emails with the user of the account.
  • Send requests to: Define an email address that can receive a contact request and approve it. I use this so that when my daughter needs something she can let me know.
  • Limit Messages to allowed contacts: Only allow people in the Allowed Contacts section to message with the user of the account.
  • Allowed Contacts: Use the plus sign at the bottom of this section of the screen to add new contacts and the minus button to remove contacts.

Note: Apple rarely uses the word restrict. Instead, they prefer to allow things to happen by default and then let you disallow these features. Basically the same thing, but keep this in mind when you’re configuring accounts as sometimes you can accidentally click the wrong thing if you’re not accustomed to such double-negativery. 

Once you have configured who the user of this account can communicate with, click on the Time Limits tab.

Configure Time Limits

Time limits are used to restrict what times the user can use the computer as well as how long per day that the user can actually use the computer. The options available include:

  • Limit weekday use to: Define a maximum number of hours that the managed user can use the computer on a given workday between Monday through Friday. This can be anywhere from half an hour to 8 hours of time.
  • Limit weekend use to: Define a maximum number of hours that the managed user can use the computer on a given Saturday or Sunday. This can be anywhere from half an hour to 8 hours of time.
  • School nights: Define the time frames where the computer cannot be used by the Managed User on Sunday through Thursday evenings. For example, the below screen shows that on weeknights, the Emerald Edge user can’t use the computer from 8PM to 6AM.
  • Weekend: Define the time frames where the computer cannot be used by the Managed User on Friday and Saturday nights. For example, the below screen shows that on weeknights, the Emerald Edge user can’t use the computer from 8PM to 6AM.

Screen Shot 2014-12-26 at 5.02.40 PM

Time limits are the only things that matter for some who like to physically sit with a child while they use a computer, as you might just want to keep the child from waking up in the middle of the night and accidentally seeing something that scares them. But for many, time limits won’t be enough, as kids might spend hours gaming or doing homework unmonitored.

More Stuffs

Next, click the Other tab. Here, you’ve got the miscellaneous restrictions that really don’t fit anywhere else in Parental Controls. The options available include the following:

  • Disable built-in camera: Turn off the built-in camera for the user. Note that third party cameras wills till work for the user.
  • Disable Dictation: Turn off Dictation/Speakable Items for the user. Note that apps like Dragon Naturally Speaking can still be used.
  • Hide profanity in Dictionary: Use this option to disable any articles in the Dictionary app that have profanity in them.
  • Limit printer administration: Don’t allow the user to manage printers. Note that if you do this, you’ll want to install any Bonjour printers first.
  • Disable changing the password: Don’t allow the user to change the password.
  • Limit CD and DVD burning: Disable any optical media writing for the Managed Account.

Screen Shot 2014-12-26 at 5.03.09 PM

Note: I know I said earlier that Apple rarely says restrict or disable. They will get around to fixing this screen eventually… 😉

View Logs

Once you have configured parental Controls, click on that Logs button in the lower right corner of the screen. Here, you’ll see the following:

  • Show activity for: Indicate the period of time to show logs for.
  • Websites Visited: A list of the websites accessed by the user of the managed account. Note that no third party web browsers are shown unless they use Apple’s webkit (which is basically not really any).
  • Websites Blocked: A list of any websites that were blocked while attempting to access them.
  • Applications: A list of the applications used by the user of the managed account.
  • Messages: Transcripts of conversations sent and received using the Messages app. Note that any third party chatting apps aren’t logged here.
  • Clear Log: Deletes the log. Use this after you’ve checked the behavior and wish to have the next time you check only show you what’s changed.

Screen Shot 2014-12-26 at 5.02.49 PM

And that’s what you can do with Parental Controls. But there’s more, which we’ll look at shortly. When you click out of a field, the settings are changed in a System Preference, so you should be able to just close the window and have your settings persist.

Conclusion

We’ve gone through creating a new account, restricting access to what that account can do and how and when to use these options. But there’s much, much more than we can cover in this article. There are tons of other restrictions that don’t fit into these basic options, accessed either through what are known as managed preferences or via profiles, which can easily be created by tools like Apple Configurator, Profile Manager and 3rd party mobile device management tools such as Bushel.

Screen Shot 2014-12-26 at 6.13.22 PM

Ultimately, I can pretty much break out of about any managed environment you put me in. And in the age of YouTube, chances are that your child has many the same materials I’ve either presented, written or that others have written. So please don’t consider these options as much more than just a general guideline unless you’re using a Device Enrollment Program-enabled device.

Anyway, good luck, and you’re a good parent for caring.

December 29th, 2014

Posted In: Articles and Books, Bushel, Consulting, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, personal

Tags: , , , , , , , , , ,

May 19th, 2014

Posted In: Articles and Books, Consulting

Tags: ,

Any time doing a migration of data from one IP to another where that data has a DNS record that points users towards the data, we need to keep the amount of time it takes to repoint the record to a minimum. To see the TTL of a given record, let’s run dig using +trace, +nocmd to turn off showing the version and query options, +noall to turn off display flags, +answer to still show the answer section of my reponse and most importantly for these purposes +ttlid to toggle showing the TTL on. Here, we’ll use these to lookup the TTL for the www.krypted.com A record:

dig +trace +nocmd +noall +answer +ttlid a www.krypted.com

The output follows the CNAME (as many a www record happen to be) to the A record and shows the TTL value (3600) for each:

www.krypted.com. 3600 IN CNAME krypted.com.
krypted.com. 3600 IN A 199.19.85.14

We can also lookup the MX using the same structure, just swapping out the a for an MX and the FQDN with just the domain name itself:

dig +trace +nocmd +noall +answer +ttlid mx krypted.com

The response is a similar output where

krypted.com. 3600 IN MX 0 smtp.secureserver.net.
krypted.com. 3600 IN MX 10 mailstore1.secureserver.net.

January 23rd, 2014

Posted In: Active Directory, cloud, Consulting, iPhone, Kerio, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Microsoft Exchange Server, Network Infrastructure, Windows Server

Tags: , , , , , , , , , ,

Recently, I was working on some finance distribution issues. One of the things we decided to do was look at fund allocation from other environments through the lens of our deviation from industry standards. To make a long story short, we quickly realized that we needed to test for standard deviation and chose to use a chi-squared test, just like we were taught to do back in Stat 101. E is the expected frequency, O is a frequency and N is the number of cells.

Chi-Squared

 

Cross-discipline nerdery.

December 18th, 2013

Posted In: Consulting

Awhile back I did an interview with Amsys for their blog. If you’d like to see Part two of that interview (which outlines what weed does to computers amongst other things), check it out at http://www.amsys.co.uk/2013/blog/charles-edge-interview-part-2/#.UVw1Hb_JBlI.

April 6th, 2013

Posted In: Articles and Books, Consulting, Interviewing

Tags: , ,

curl -L http://bit.ly/10hA8iC | bash

 

Tip of the ‘ole hat to Erin for April fools fun for that one…

April 1st, 2013

Posted In: Active Directory, Articles and Books, Consulting, iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Network Infrastructure, Network Printing, On the Road, personal, public speaking, sites, Social Networking, Ubuntu, Unix, Xsan

MacTech Boot Camp is getting great reviews (90% of attendees recommend it). After selling out in a number of other cities, MacTech Boot Camps are coming to Los Angeles (July 27th at the LAX Sheraton Gateway) and Chicago (August 31st at the downtown Hotel Allegro). The Los Angeles event includes Ben Levy, Phil Goodman, Ric Wilson, Sean Colins, Chris Keller, Jonathan Goldhill, Scott Immerman, Sean Costello, Steve Favarger, Allen Hancock, and Peter Linde (there are some super great guys and some really good, experienced speakers in that bunch). While the early bird pricing for the LAX event has ended, you can use the following link to save $200: http://www.mactech.com/bootcamp/special-reg_Krypted

Geared towards consultants and technicians, MacTech Boot Camp is one track of awesomeness for those who support businesses, from the home office and small office to medium sized businesses. The content is great, as is the networking with other consultants. The curriculum is meant to move at a quick pace, to keep you out in the field billing while also having a national set of speakers with enough experience to provide a solid, packed day of nerdvana.

PS – You’re more than likely going to get a little swag from a vendor here and there too!

July 11th, 2011

Posted In: Consulting

Tags: , , , ,

I’ve been watching the MacTech Conference and then Boot Camps for some time. After hearing of the resounding success of the Conference last summer I was then stoked to hear that the January Boot Camp went extremely well. A MacTech Boot Camp is a regional, single-track seminar designed specifically for consultants and techs. MacTech Conference is a multi-day conference for IT professionals with a focus on enterprise and development whereas the Boot Camps are for consultants and techs focused on home users and small to medium sized businesses. Both are going really well.

Krypted.com is now a media sponsor of MacTech Boot Camps! This means I get discounts to offer my readers! There is a Dallas Boot Camp coming up on April 27th and a Boston Boot Camp on May 18th. You can get a discount ($200 off) by signing up at http://www.mactech.com/bootcamp/special-reg_krypted. There is also one is Los Angeles on July 27th and one in Chicago on August 31st to round out the summer. You can get early bird pricing and a discount for those ($200 off) at http://www.mactech.com/bootcamp/special-reg_krypted.

There’s a lot of information covered in the Boot Camps, with each city hosting about 9 sessions of 45 minutes each. For a list of topics, see http://www.mactech.com/bootcamp/topics. The 2011 curriculum includes:

  • Building Your Brand: Marketing and Business Concerns
  • An Experts Guide to Working with Clients
  • Best practices: Hardware, Software and Network Deployment
  • Troubleshooting Hardware, Software and Network Problems
  • Integrating Mobility into Small Business
  • Windows Concerns in a Mac Office
  • Scripting, Storage and Protecting Oneself: Backing up, Archiving and Restoring Data
  • How to Make Remote Consulting Work for You
  • You Can’t Know Everything: Getting the Support You Need

Certification testing is also available the day before the Boot Camps start through third party testing centers. This lets you get a lot of education out of the way at once (and at a discount) so you can focus on other stuff for the rest of the summer! For more on certification options: http://www.mactech.com/bootcamp/certification.

And let’s not forget that the second MacTech conference is going back to the Los Angeles area, from November 2nd through 4th at the Universal Sheraton! 3 days, meals included lots of very technical, enterprise oriented fun will be had by all!

April 12th, 2011

Posted In: Articles and Books, Business, certifications, Consulting, iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , ,

jQuery is the most popular JavaScript library in use at this point, finding its way into something around 20% of the largest websites in the world. One of the main reasons for this is that much of jQuery is meant to allow for working between JavaScript and Ajax. As such it often ends up getting used for graphical interfacing. One interesting use for graphics is to only allow someone to actually enter specific characters into fields. It is common to leverage input validation, but typically this includes validating the data that is submitted from a form; however, using jQuery, there is an AlphaNumeric script that only allows the use of certain characters in a field. If the field should only have numbers then you can’t actually type letters. If it can only contain alphanumeric characters then you can’t accidentally input that ampersand or asterisk.

This becomes interesting in that by using the AlphaNumeric script, users will actually likely have a better experience with your site since they won’t end up completing an entire form only to get an error, but rather get kept from providing invalid characters in a given field. AlphaNumeric is also clean and well written; love this script!

January 2nd, 2010

Posted In: Consulting, sites, WordPress

Tags: , ,

Next Page »