Updated My Apple Admin Conferences Page

I’ve been keeping a list of Apple Admin conferences for a few years now. I probably should have versioned it and kept each iteration, but… no need to pollute the interwebs with more outdated stuffs than I already have. So here’s the link for the latest version, updated with all the event dates announced thus far: http://krypted.com/community/macadmin-conferences/

Hope to see you at some!

Simple Stats in macOS

There’s a gem called iStats. It shows you fan speeds, cpu temp, battery cycle stats, and battery temp. Reason this came up for me is that I was asked a question on what the highs and lows were for computers to stay healthy in a remote sensor capacity. I typically try to keep computers above 25 (around -5 Celcius) and while the computer will shit itself off at 212 Fahrenheit (actually between 85 and 100 Celcius), it’s a good idea to keep it below 95 degrees (see https://support.apple.com/en-us/HT201640 for more information on preferred operating temperatures).

So you can use iStats to pull a few temperatures and then automatically send yourself an alert when the computer is getting to an inappropriate temperature (or automatically turn the heat or air on in a space that the computer is in. Anyway, to install iStats:

sudo gem install istats

And to then invoke iStats simply run the istats command:

Disable Finder Animations

The more I push my machines, the more I disable some of the cool stuff in macOS. So this is a minor one, but you can easily disable finder animations by dropping the DisableAllAnimations key into com.apple.finder using the defaults command, as follows:

defaults write com.apple.finder DisableAllAnimations -bool true; killall Finder

To reverse the change:

defaults write com.apple.finder DisableAllAnimations -bool true; killall Finder

Extension Attribute to Detect WindShift in macOS

Patrick Wardle has been researching WindShift and done an extensive writeup at https://objective-see.com/blog/blog_0x3B.html on the emerging malware threat. Based on his research, this extension attribute will check lsregister for usrnode.

It’s pretty basic and variants will obviously change their behavior. For example, openurl2622007 has already changed, which is why I didn’t check for that. And the file name, path, and signature are changing of course. But it does seem checking lsregister for the name of the binary appears consistent. Ergo, ymmv with how effective this is en masse, but a good early warning system since this doesn’t seem to get picked up properly by antivirus yet.