Category Archives: iPhone

iPhone Mac OS X Mac OS X Server Mac Security

Casper 9.62 Is Out!

Casper 9.62 is now out! And holy buckets, look at all the stuff that got fixed in this release:

Casper-Suite-9.62-Release-Notes_320_414_84_1416419790

http://resources.jamfsoftware.com/documents/products/documentation/Casper-Suite-9.62-Release-Notes.pdf?mtime=1416856726

PS – There’s also some api improvement goodness!

Bushel iPhone Mass Deployment

How To View What Payloads Do To Devices

You can see exactly what Bushel, and other MDM platforms do to your OS X devices using the System Information utility. As with all Mobile Device Management (MDM) solutions that interface with OS X, you can use the About this Mac menu item under the Apple menu at the top of the screen to bring up the System Information utility. When you open this tool, you will see a lot of information that can be derived about your devices. Scroll down the list and click on Profiles. Here, you will see all of the Device and User profiles that have been installed on your computer, the payloads within each profile and the keys within each payload.

Screen Shot 2014-12-01 at 12.00.11 PM

Inside each profile there are a few pieces of information that define how the profile operates on the computer. Click on one to see the specific details for each Payload. Payloads are a collection of settings that a policy is changing. For example, in the above  screenshot, allowSimple is a key inside the com.apple.mobiledevice.passwordpolicy payload. This setting, when set to 1 allows simple passcode to be used on the device. When used in conjunction with the forcePIN key (as seen, in the same payload), you must use a passcode, which can be simple (e.g. 4 numeric characters).

Using these settings, you can change a setting in Bushel and then see the exact keys in each of our deployed payloads that changed when you change each setting. Great for troubleshooting issues!

iPhone Mac OS X Mac OS X Server Mac Security

MacVoices Podcast With Chuck Joiner About The New Take Control Of OS X Server Book!

Yay, podcasts! Chuck Joiner was kind enough to have me on MacVoices. We did a show, now available at http://www.macvoices.com/macvoices-14223-charles-edge-helps-take-control-os-x-server

Or if you’d like to watch on YouTube or inline:

http://youtu.be/AeccoRqIrgc

Bushel iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment

Bushel Goes Into Invitation Mode!

Yesterday the Bushel team finished some new code. This code allows you to refer your friends to Bushel! This skips the codes that everyone was waiting for and lets people create accounts immediately!

Screen Shot 2014-11-24 at 10.07.02 PM

From your home screen, click on Invite Friends. Or from the Account screen, scroll down to the section that says “Invite friends to join Bushel”. From here, you can post codes to Facebook, Tweet codes, post codes to LinkedIn and even email them.

We’re not going into general availability just yet. But we’re definitely making it easier long-term to sign up and use Bushel! We hope you love it as much as we do!

Since we’re still architecting how these final screens look, the final features and stress testing the servers, also if you’re testing the system please feel free to fill out our feedback form so we know what you think of what we’re doing and where we’re going!

Or if you’re still waiting for a code, use this link to skip that process https://signup.bushel.com?r=fd0fcf9e6d914a739d29c90421c0fb45.

Bushel iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Minneapolis

Bushel: The Device Enrollment Program (DEP) In Action

Apple’s Device Enrollment Program (DEP for short) allows you to automatically setup devices with the settings you need on devices that your organization purchases. In Bushel, we give you the ability to link an Apple DEP account up with your Bushel account. This allows devices to add themselves automatically to your Bushel when the devices are activated. We tend to think this is the coolest thing since sliced bread and so we want to make sure you know how to use the feature.

Setup Device Enrollment Program in Bushel

To get started, log into your Bushel and click on Devices. Here, click the button for Device Enrollment Program.

XcKrpO-M0gXF27l0exLKtVbNMLdI1itn8ThiXRqW3xQ

Download your certificate and go to deploy.apple.com and log into your Device Enrollment Program account. Click on Manage Servers in the Deployment Programs sidebar.

Screen-Shot-2014-10-14-at-2.12.49-PM

Next, click on Add MDM Server and provide the certificate we gave you and a name. Once Bushel has been added to your Device Enrollment Program (DEP) account, click on Assign by Serial Number to add your first device. Assuming the device is part of your DEP account, enter the serial number for the device and choose which server (the one you just added) that the device should reach out to on activation to pull settings from.

Screen-Shot-2014-10-14-at-2.13.53-PM

Once you’ve added the server, you’ll be greeted by a screen that says Assignment Complete. You can now wipe the device and upon reactivation the device will pull new settings from your Bushel.

Screen-Shot-2014-10-14-at-2.13.58-PM

The Device Enrollment Program in Bushel

Click OK and you can add more devices. Once your devices are added into the Apple DEP portal they will automatically appear in the DEP screen of your Bushel. Click on a device to assign a username and email address, if you will be using email.

xdWSZrVkYs6wWHgmzfmdkOdmZjSXVMDqrypOkqCaC3w-1

Good luck!

iPhone Mac Security Network Infrastructure

Listen To iOS Network Communications

OS X has a command called rvictl, which can be used to proxy network communications from iOS devices through a computer over what’s known as a Remote Virtual Interface, or RVI. To setup an rvi, you’ll need the udid of a device and the device will need to be plugged into a Mac and have the device paired to the Mac. This may seem like a lot but if you’ve followed along with a couple of the other articles I’ve done recently this should be pretty simple. First we’ll pair:

idevicepair pair

Then tap Trust on the device itself. Then we’ll grab that udid with idevice_id:

idevice_id -l

Next, we’ll setup a rvi with rvictl and the -s option (here I’m just going to grab the udid since I only have one device plugged into my computer):

rvictl -s `idevice_id -l`

Then we can list the connections using rvictl with the -l option:

rvictl -l

Next, we’ll run a tcpdump using this newly constructed rvi0:

tcpdump -n -i rvi0

Next, we’ll get a lot of logs. Let’s fire up the Nike FuelBand app and refresh our status. Watching the resultant traffic, we’ll see a line like this:

22:42:29.485691 IP 192.168.0.12.57850 > 54.241.32.20.443: Flags [S], seq 3936380112, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 706439445 ecr 0,sackOK,eol], length 0

There’s an IP in there, 54.241.32.20. We can look this up and see that the servers are sitting on Amazon Web Services and verify it’s Nike. Watching the traffic with tcpdump we can then obtain GET, POST and other information sent and received. Using wireshark we could get even more detailed data.

Overall though, this article is meant to focus on the iOS side of this and not on debugging and refining the approach to using tcpdump/wireshark. rvictl is a great tool in the iOS development cycle and for security researchers that are looking into how many of the apps on iOS devices exchange data. Enjoy.

iPhone Mac OS X Mac OS X Server MobileMe Network Infrastructure

Use libimobiledevice To View iOS Logs

Xcode and other tools can be used to view logs on iOS devices. One of those other tools is libimobiledevice. I usually install libimobiledevice using homebrew, as there are a few dependencies that can be a little annoying. To install homebrew if you haven’t already, run the following command:

ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Once run, follow the prompts to complete the installation. Once homebrew is installed, run the following brew command to download the required components and then libimobiledevice:

brew install -v --devel --fresh automake autoconf libtool wget libimobiledevice

Then run ideviceinstaller:

brew install -v --HEAD --fresh --build-from-source ideviceinstaller

Once these are installed, you can plug in a paired device, unlock it and use the following command to view the logs on the screen:

idevicesyslog

This is akin to running a tail against the device. Again, the device must be paired. You can use the command line (e.g. if you’re running this on Linux) to view the logs, but if you’re not paired you’ll need to use idevicepair to pair your device, followed by the pair verb (which is very different from the pear verb):

idevicepair pair

You can also unpair using the unpair verb:

idevicepair unpair

When pairing and unpairing, you should see the appropriate entries in /var/db/lockdown. The final option I’m going to cover in this article is the date (very useful when scripting unit tests using this suite. To obtain this, use the idevicedate command, no operators or verbs required:

idevicedate

iPhone Mac OS X Mac OS X Server

Startup Profiles

The profiles command in Yosemite (and Mavericks for that matter), can configure profiles to install at the next boot, rather than immediately. Use the -s to define a startup profile and take note that if it fails, the profile will attempt to install at each subsequent reboot until installed. To use the command, simply add a -s then the -F for the profile and the -f to automatically confirm, as follows (and I like to throw in a -v usually for good measure):

profiles -s -F /Profiles/SuperAwesome.mobileconfig -f -v

And that’s it. Nice and easy and you now have profiles that only activate when a computer is started up.

iPhone personal

10 Reasons Uber Kicks Ass

I’ve spent way too much time traveling in my life (and way too little time writing about non-technical things). It’s had ups and it’s had downs. But these days, a bunch of fun little technical breakthroughs that make traveling incrementally better. And one of those things is Uber (and other similar services) who have disrupted the short-range ground transportation game. And I like them so much, I decided to write a little list of the reasons why! While writing, I also realized that you can use this code and we both get Uber credit I never used a promo code. But you can: https://www.uber.com/invite/uberkrypted. Has nothing to do with why I wrote this, but it’s a nice thing for me to find while writing…

Screen Shot 2014-11-08 at 5.33.25 PM

So here’s my top 10 reason Uber rocks:

  1. I believe in the model. People work when they want and seem generally happy. I’ve had a lot of students and people who drive a little after their day job just here and there whenever they feel like it. And they love it. It’s transparent. Everyone is wide open when it comes to talking about what they do and how the process works. Even in the apps, it’s all very transparent. The app requires the credit card, but you never have to give the card to the driver. You can text the driver (e.g. if you accidentally drag the pin a little when you’re a bit buzzed to let them know where to get you).
  2. The reason the model and the transparency are possible is that the tech is great. I can see a map of all the cars, the route they’re going to take, the exact(ish) number of minutes before they show up and the payment is all kinds of working for me. In fact, the tech is so great that I reference their interface here and there in UX meetings. For example, how that whole awesome credit card entry screen works (if you haven’t seen it, it should be the design everyone uses forever cause it’s that rad). But my credit card never goes in their hands. The maps are great and up-to-date and the app is bad daddy, sleek and probably should earn their UX team some awards (not awards like getting knighted but awards like getting a trophy or something). They email receipts, so I don’t have to cart around printed receipts to do an expense report. They have a web lost and found.
  3. It’s been faster than getting a cab every single freakin’ time! For some areas it’s like half an hour faster. Boom. And I don’t have to setup an appointment the night before with some craptastic Danny DeVito-style operator who still needs me to read out an address and then have that cab show up 15 minutes late when I’m in a hurry or 15 minutes early when I’m still in the shower and start calling over and over. I can see where the car is on a map. Love that. And if you tell a driver a better route, they actually listen…
  4. It’s not possible to tip in the app. Or not that I’ve found. I do still throw a few bucks their way here and there when I actually have cash because they’re awesome. But when I’ve not had cash it’s a no harm no foul kind of situation. They don’t expect it and they’re great people so usually deserve something more than $15 or whatever for the amount of time I spend with them…
  5. You rate the drivers. I have given all of mine 5 stars. And they can rate me. And they’ve all given me 5 stars. It’s not possible my experiences will absolutely always be this awesome (YMMV I’m guessing) but it’s definitely been a great run.
  6. Cab drivers are rushing around and rude drivers. Nothing harshes my calm more than feeling like I get some negative karma points for someone else hurling their car around like a vehicular version of the Jerky Boys.
  7. Credit cards. In the past year or two, at least half the time I’ve taken a cab, the driver gets annoyed if I can’t tip in cash, or sometimes pay in cash. I shared a cab with my friend Zack (@acidprime) once and since we were paying with credit cards the driver wouldn’t even charge us at all. Totally annoying… This does seem to be getting better with the cabs that have the video screens in the back. But I’d almost rather them get annoyed than having some of the early versions of those things screaming at me while I’m trying to talk during a conference call…
  8. The drivers are quirky and interesting. I have had a great run with this. I did have a funny little moment with this recently where a lady driver was telling me about her grandkids, which I thought was natural, but then she started telling me all about the “arrangement” she has with her husband and referencing knocking off early and hitting my hotel bar. Alright, it was fun to get hit on by my first Uber driver, even if she was 20 years older than me! The one on the way back to my hotel later that night was telling me all about his Tinder whoreness. Hilarious conversationing! Also, they all know how it works. I tried to get in the wrong Uber the other day and even though the guy got stood up he was like “no thanks.” I’ve had cab drivers from the same company pick me up and not radio it in and then I get nasty calls from dispatch when I thought I was getting in the right cab ’cause they lied about it! Teh lamer…
  9. Oh, and did I mention that Uber is cheaper than a cab. I once got a little too tipsy to drive and took a cab from the Los Angeles Airport (LAX) up to Hollywood. It cost over $100. I took an Uber to Sunset and started further away than LAX and it was $41. .
  10. Because it’s so much cheaper than a cab, there’s even less of a reason to get a DUI too. It seems like I see less drunk drivers later at night since it became a thing, too. So for the final one: Uber saves babies and makes the world a safer place.

Having said all these generalizations, I’ve had some absolutely wonderful cab drivers in my life. I was once riding around with a customer of mine and the driver was so awesome that my customer sent him a pallet of the product my customer makes. So YMMV, but this has been my experience thus far! And before anyone says it: I know Lyft is supposed to be cheaper and whatever, but I’ve had more experience with Uber, and I’m sure they’d be similar if it had been with another service…

Also, Uber continues to experiment with additional services and features. Black, Taxi and other options are the most obvious, but they also experimented with delivering Halloween costumes and makeup artists to your house for Halloween this year and I’m guessing they’re going to continue thinking of cool, quirky add-ons to the service. I love bringing an MVP to market in the app and then adding little tweaks here and there when the MVP actually works and people love it love it love it (yes, that’s an Eloise reference).

Finally, Uber isn’t for everyone just yet. Check to see it it’s in your city yet: https://www.uber.com/cities.

PS – Double  Amex points if you use that to pay for Uber.

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Network Infrastructure Xsan

Upgrading To OS X Server (4.0) on Yosemite

Setting up OS X Server has never been easier. Neither has upgrading OS X Server. In this article, we’ll look at upgrading a Mac from OS X 10.8 or 10.9 running Server 2 or Server 3 to OS X 10.10 (Mavericks) running Server 4.

The first thing you should do is clone your system. The second thing you should do is make sure you have a good backup. The third thing you should do is make sure you can swap back to the clone should you need to do so and that your data will remain functional on the backup. The fourth thing you should do is repeat all that and triple check that your data is there!

Once you’re sure that you have a fallback plan, let’s get started by downloading OS X Yosemite from the App Store. I would also purchase the Server app first while Yosemite is downloading. Screen Shot 2014-11-04 at 7.15.56 PM Once downloaded, you’ll see Install OS X Yosemite sitting in LaunchPad. Once downloaded, you’ll see Install OS X Yosemite sitting in LaunchPad, as well as in the /Applications folder.

Screen Shot 2014-11-04 at 5.09.18 PM

Open the app and click Continue (provided of course that you are ready to restart the computer and install OS X Yosemite).

Screen Shot 2013-10-04 at 4.45.46 PMAt the licensing agreement, click Agree (or don’t and there will be no Mavericks for you).

Screen Shot 2013-10-04 at 4.45.48 PMAt the pop-up click Agree again, unless you’ve changed your mind about the license agreement in the past couple of seconds.

Screen Shot 2013-10-04 at 4.45.52 PMAt the Install screen, click Install and the computer will reboot and do some installation fun stuff.

Screen Shot 2013-10-04 at 4.45.54 PMOnce done and you’re looking at the desktop, download the latest version of the Server app you should have purchased previously, if you haven’t already. Then open it.

Screen Shot 2014-11-04 at 5.13.05 PM
If prompted that the Server app was replaced, click OK. Then open the app.

Screen Shot 2013-10-04 at 5.48.52 PMAt the Update screen, click Continue (assuming this is the server you’re upgrading).

Screen Shot 2014-11-04 at 5.13.09 PMAt the Licensing screen, click Agree.

Screen Shot 2014-11-04 at 5.13.12 PMWhen prompted for an administrator account, provide the username and password of an administrator and click OK.

Screen Shot 2014-11-04 at 7.28.07 PMWhen the app opens, verify DNS (absolutely the most important element of this upgrade), etc and then check that configured services still operate as intended. If you end up deciding that you no longer need OS X Server, just delete the app and the contents of /Library/Server and you’re good. Handle with Care.