Tiny Deathstars of Foulness

The 4th Generation of the Apple TV supports installing apps. And part of playing around with new apps is sometimes you’re not going to want them on your TV any more. To remove apps, the process is similar to that of an iPad. Highlight an app that you’d like to remove and then hold down the clicker on the app.

Screen Shot 2015-11-02 at 10.03.21 PM

The app will go a little larger. Click on it again and you’ll get the option to Delete the app.

Screen Shot 2015-11-02 at 10.03.32 PM

Click Delete and the app disappears.

Screen Shot 2015-11-02 at 10.03.39 PM

That’s it. The app, and any storage that is being consumed by the app, is then freed up.

November 7th, 2015

Posted In: Apple TV

Tags: , , , , , , ,

Can I push out Apps without VPP? Yes. You can push free apps to iOS devices without a VPP account. Paid apps of any kind will need a VPP account, as will free apps on Macs.

To Find Out The Answers To Other Common Questions About Apple’s Volume Purchase Program (VPP) and Bushel, Check Out The Bushel Blog Here

May 19th, 2015

Posted In: Bushel

Tags: , , , , , ,

You’ll use this Apple ID for the Volume Purchase Program (VPP) and the Device Enrollment Program (DEP). If this is your first time enrolling in any program on the Apple Deployment Programs website, you can create a new program agent account by following the steps below:

For More On Apple IDs and MDM, See The Bushel Blog

March 27th, 2015

Posted In: Apps, Bushel, iPhone, JAMF

Tags: , , , , ,

Getting a bunch of iOS and Mac devices setup is more of a logistical challenge than a technical hurdle. When you buy a couple iPads, it’s pretty simple to set them up for the email, security settings and apps that you need those devices to have. You can put them all on a table, give them an Apple ID and then set them up identically to give to users. But the first time someone wipes a device, or looses a device that you need to wipe, you’ll have to do that manual labor again. And if you’re buying more than a couple of Apple devices, then the amount of time becomes amplified to manage all of these tasks. This is where a management solution comes into play.

For More On Device Management and How It Impacts Manual Labor Click Here

March 20th, 2015

Posted In: Apple Configurator, Bushel

Tags: , , , , ,

Merry Christmas ya’ll!

On the first day of Christmas my true love gave to me one 32 gig iPad

On the second day of Christmas my true love gave to me two bash one-liners

On the third day of Christmas my true love gave to me three Red Hat servers

On the fourth day of Christmas my true love gave to me four email blasts

On the fifth day of Christmas my true love gave to me five retweets

On the sixth day of Christmas my true love gave to me six regular expressions

On the seventh day of Christmas my true love gave to me seven lines of perl

On the eighth day of Christmas my true love gave to me eight app store apps

On the ninth day of Christmas my true love gave to me nine AWS instances

On the tenth day of Christmas my true love gave to me ten Active Directory forests

On the eleventh day of Christmas my true love gave to me 11 crappy python scripts

On the twelfth day of Christmas my true love gave to me 12 craft brews


December 25th, 2014

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , , , , , , ,

The good folks at Amsys have built a nice little app called Services Test for verifying outbound connectivity to critical services to make iOS devices work.  If you are having problems connecting to these services or activating devices, simply open the App and tap on the play button in the upper right hand corner of the screen.

photo 1

Click on the Info button to see what each of these servers do during the activation and management process.

photo 3

The app can also test a few common server services, including connecting to an OS X Server, Casper and AirWatch. These are typical services used in an iOS and Mac environment.

photo 2

Overall, this is a really nice little app for testing connectivity to typical iOS services and a very nice tool Amsys is providing to the community!


January 17th, 2014

Posted In: iPhone

Tags: , , , , , , , , , ,

At first I didn’t think that I was going to write a review of my Pebble. Then, I realized that my perspective is probably different than most, so I changed my mind and decided to jot down 10 things to know about the Pebble. Before I get into that though, I’m one of those weird people that still wears a watch. Yes, I know, how very dated I must look. But hey, I really don’t care so I keep wearing it. Therefore, a different device on that wrist really doesn’t move the needle, it’s just a device that isn’t the other one that I wore for 20 years… I have stopped wearing my Tag completely, but that’s OK, it’s getting a little long in the tooth anyway.


The Pebble has a lot of promise. A lot is fulfilled and more yet has yet to be fulfilled. Let me explain, starting with the things I love (the promise that is fulfilled):

  • The Pebble has an SDK. Using the SDK, developers can design apps and sell them or post them online.
  • The battery of a Pebble lasts me about 5 or 6 days, depending on how many push alerts the device gets over the low power bluetooth connection back to my phone.
  • The screen is monotone and epaper, which is to say that it is not designed to emit light (unless shaken) and so you can see the screen very well in sunlight, much like the pump at a gas station.
  • The Pebble receives low power bluetooth push alerts from your phone. This means that when someone says something on Instagram, likes a photo on Facebook or sends you a text, you see it on the phone and on the watch. Since many alerts you just look at, this keeps you from taking the phone out of your pocket. You can’t really do anything with most alerts, but you can see them and just file the piece of information for later. The alert will still be on your phone when you take it out of your pocket.
  • When someone calls, you see caller ID and contact info on the watch.  You can then answer a call right from the watch. If you’re wearing headphones and a mic then you never have to take the phone out of your pocket to answer calls.
  • You can control music on your iPhone through the watch. This means you can go forward and backward without taking the phone out of your pocket. When I’m on my morning runs this is especially helpful when I’m on a treadmill as taking my phone out of my pocket on the treadmill often makes me just unstable enough to possibly wipe out on the treadmill. I’ve only had it in the winter here in Minnesota so I’m not sure if that will matter to me when I get to run outside again.

The promise to be fulfilled:

  • I think this starts with a true app store, like Apple has. There are accelerometers and other doohickeys in these things that mean they can really do a lot more than what they can today. The app store isn’t out yet, although you can buy or download apps at the Pebble site (it’s just not a simple process all the time and better apps typically tend to get written when people make money from them).
  • There are fitness apps but the device doesn’t yet replace a FuelBand or a FitBit. It doesn’t track steps (which with an accelerometer should be simple to do), calculate burned calories, etc. I’d like to see an app that allows you to choose foods you tell an app on your phone you like so you can calorie count at the dinner table without busting out your phone. I’d also like to see a step tracking app that can sync to FitBit so I can stop wearing my Force.
  • Watchfaces are currently the big thing most apps allow you to control. I don’t give two craps about changing the watch to look different.  However, if you want to make your own “Haz Cheezburgur” watch face, feel free (this isn’t really a bad thing, just a lot of time wasted designing pixelated and monotone watch faces that could have been spent writing cool apps).
  • The device is currently half way between SDK 1 and SDK 2. This means there are cool features that you can only get if you go through a lengthy upgrade process that includes sending them a UDID for your iOS device. It’s not a terrible thing, like the other promises to be fulfilled with the Pebble, it’s just a thing.

Overall, I love the Pebble. The nerd factor around not having to take your phone out of your pocket, the ability to skip songs, the ability to look and see which push alerts you actually care about are all awesome. I hope that the app store brings with it a bunch of new apps that give you access to lots of things and that I can get rid of my Nike FuelBand or FitBit soon, but that could be 2 weeks from now or 2 years for all I know. It’s a quality device that’s well worth the money if the things I mention are things that you’d like to have. However, for now it’s not a replacement for that Garmin, FuelBand, etc type of device you may be using for fitness purposes. Anyway, if it’s the type of thing you’re into then good luck and I hope you enjoy it!

January 5th, 2014

Posted In: Wearable Technology

Tags: , , , , , , , , , , , , , , , , , , ,

December 19th, 2012

Posted In: Articles and Books, iPhone, Mass Deployment

Tags: , , , , , ,

Profile Manager first appeared in OS X Lion Server as the Apple-provided tool for managing Apple devices, including Mobile Device Management (MDM) for iOS based devices as well as Profile management for OS X based computers, including MacBooks, MacBook Airs, Mac Minis, Mac Pros and iMacs running Mac OS X 10.7 and up. In OS X Mountain Lion, Apple has added a number of new features to Profile Manager, most notably the ability to push certain types of apps to mobile devices.

In this article, we’re going to look at setting up Profile Manager from scratch. If you’re upgrading to OS X Mountain Lion Server (10.8 Server) from OS X Lion Server (10.7 Server) then review this link for upgrade instructions.

Preparing For Profile Manager

Before we get started, let’s prep the system for the service. This starts with configuring a static IP address and properly configuring a host name for the server. In this example, the IP address will be and the hostname will be We’ll also be using a self-signed certificate, although it’s easy enough to generate a CSR and install it ahead of time. For the purposes of this example, we have installed Server from the App Store (and done nothing else with Server except open it the first time so it downloads all of its components from the web) and configured the static IP address using the Network System Preferences. Next, we’ll set the hostname using scutil.

sudo scutil --set HostName

Then the ComputerName:

sudo scutil --set ComputerName

And finally, the LocalHostName:

sudo scutil --set LocalHostName mdm

Now check changeip:

sudo changeip -checkhostname

The changeip command should output something similar to the following:

Primary address =
Current HostName =
DNS HostName =
The names match. There is nothing to change.
dirserv:success = "success"

f you don’t see the success and that the names match, you might have some DNS work to do next, according to whether you will be hosting DNS on this server as well. If you will be hosting your own DNS on the Profile Manager server, then the server’s DNS setting should be set to the IP address of the Server. To manage DNS, start the DNS service and configure as shown in the DNS article I did previously:


Provided your DNS is configured properly then changeip should work. If you’re hosting DNS on an Active Directory integrated DNS server or some other box then just make sure you have a forward and reverse record for the hostname/IP in question.

Now let’s open the Server app from the Applications directory. Here, use the Next Steps drawer at the bottom and verify that the Configure Network section reads that “Your network is configured properly” as can be seen here:

Profile Manager is built atop the web service, APNS and Open Directory. Therefore, let’s close the Next Steps drawer, click on the Web service and just hit start. While not required for Profile Manager to function, it can be helpful. We’re not going to configure anything else with this service in this article so as not to accidentally break Profile Manager. Do not click on anything while waiting for the service to start. While the indicator light can go away early, note that the Web service isn’t fully started until the path to the default websites is shown (the correct entry, as seen here, should be /Library/Server/Web/Data/Sites/Default) and a View Server Website link is shown at the bottom of the screen. If you touch anything too early then you’re gonna’ mess something up, so while I know it’s difficult to do so, be patient (honestly, it takes less than a minute, wait for it, wait for it, there!).

Once the Web service is started and good, click on the View Server Web Site link at the bottom and verify that the Welcome to Lion Server page loads.

Setting Up Profile Manager

Provided the Welcome to Lion Server page loads, click on the Profile Manager service. Here, click on the Configure button.

At the first screen of the Configure Device Management assistant, click on Next.

Assuming the computer is not yet an Open Directory master or Replica, and assuming you wish to setup a new Open Directory Master, click on Create a new Open Directory domain at the Configure Network Users and Groups screen. Then click on Next.

At the Directory Administrator screen, provide the username and password you’d like the Open Directory administrative account to have (note, this is going to be an Open Directory Master, so this example diradmin account will be used to authenticate to Workgroup Manager if we want to make changes to the Open Directory users, groups, computers or computer groups from there). Once you’re done entering the correct information, click Next.

At the Organization Information screen, enter your information (e.g. name of Organization and administrator’s email address). Keep in mind that this information will be in your certificate (and your CSR if you submit that for a non-self-signed certificate) that is used to protect both Profile Manager and Open Directory communications. Click Next.

At the Confirm Settings screen, make sure the information that will be used to configure Open Directory is setup correctly. Then click Set Up (as I’ve put a nifty red circle next to – although it probably doesn’t help you find it if it’s the only button, right?).

The Open Directory master is then created. Even if you’re tying this thing into something like Active Directory, this is going to be a necessary step. Once Open Directory is setup you will be prompted to provide an SSL Certificate.

This can be the certificate provided when Open Directory is initially configured, which is self-signed, or you can select a certificate that you have installed using a CSR from a 3rd party provider. At this point, if you’re using a 3rd party Code Signing certificate you will want to have installed it as well. Choose a certificate from the Certificate: drop-down list and then click on Next.

If using a self-signed certificate you will be prompted that the certificate isn’t signed by a 3rd party. Click Next if this is satisfactory.

You will then be prompted to enter the credentials for an Apple Push Notification Service (APNS) certificate. This can be any valid AppleID. It is best to use an institutional AppleID (e.g. rather than a private one (e.g. Once you have entered a valid AppleID username and password, click Next.

Provided everything is working, you’ll then be prompted that the system meets the Profile Manager requirements. Click on the Finish button to complete the assistant.

When the assistant closes, you will be back at the Profile Manager screen in the Server application. Here, check the box for Sign Configuration Profiles.

The Code Signing Certificate screen then appears. Here, choose the certificate from the Certificate field.

Unless you’re using a 3rd party certificate there should only be one certificate in the list. Choose it and then click on OK. If you are using a 3rd party certificate then you can import it here, using the Import… selection.

If you host all of your services on the one server (Mail, Calendars, VPN, etc) then leave the box checked for Include configuration for services; otherwise uncheck it.

Now that everything you need is in place, click on the ON button to start the service and wait for it to finish starting.

Once started, click on the Open Profile Manager link and the login page will open. Adminsitrators can login to Profile Manager to setup profiles and manage devices.

The URL for this (for is Use the Everyone profile to automatically configure profiles for services installed on the server if you want them deployed to all users. Use custom created profiles for everything else.

Enrolling Into Profile Manager

To enroll devices for management, use the URL (replacing the hostname with your own). Click on the Profiles tab to bring up a list of profiles that can be installed manually.

From Profiles, you’ll need to install a Trust profile in order for the client to enroll. Tap or click on the Install button for the Trust Profile and complete the installation process.

Click back on the Devices tab. From here, click or tap on the Enroll button and complete the enrollment process on the client (following the defaults will suffice).

On the devices, you’ll then be prompted to install the profile. On iOS tap Install then Install then Done. On OS X, click Continue, then Install.

Once enrolled, you can wipe or lock the device from the My Devices portal. Management profiles from the MDM server are then used. Devices can opt out from management at any time. If you’re looking for more information on moving Managed Preferences (MCX) from Open Directory to a profile-based policy management environment, review this article.

If there are any problems when you’re first getting started, an option is always to run the script that resets the Profile Manager (aka, devicemgr) database. This can be done by running the following command:

sudo /Applications/

Automating Enrollment & Random Management Tips

The two profiles needed to setup a client on the server are accessible from the web interface of the Server app. Saving these two profiles to a Mac OS X computer then allows you to automatically enroll devices into Profile Manager using Apple Configurator, as shown in this previous article.

When setting up profiles, note that the username and other objects that are dynamically populated can be replaced through a form of variable expansion using payload variables in Profile Manager. For more on doing so, see this article.

Note: As the database hasn’t really changed, see this article for more information on backing up and reindexing the Profile Manager database.

Device Management

Once you’ve got devices enrolled, those devices can easily be managed from a central location. The first thing we’re going to do is force a passcode on a device. In this case, it’s an iPad. We’re going to click on the device in Profile Manager’s admin portal, located at https://<SERVERNAME>/profilemanager (in this case

From the device (or user, group, user group or device group objects), click on the Profile tab and then click on the Edit button.

Here, you can configure a number of settings on devices. There are sections for iOS specific devices, OS X specific settings and those applicable to both platforms. Let’s configure a passcode requirement for an iPad. Click on Passcode, then click on Configure.

At the Passcode settings, let’s check the box for Allow simple value and then set the Minimum Passcode Length to 4. I find that with iOS, 4 characters is usually enough as it’ll wipe far before someone can brute force that. Click OK to commit the changes. Once configured, click Save.

At the “Save Changes?” screen, click Save. The device then prompts you to set a passcode a few moments later.

The next thing we’re going to do is push an app. To do so, first find an app in your library that you want to push out. Right-click (or control-click) on the app and click on Show in Finder. You can copy the app from your library or browse to it at the location it is in later.

Then, from the https://<SERVERNAME>/profilemanager portal, click on an object to manage (in this case it’s a group called Demo) and click on the Apps tab.

From the Apps tab, click on the cog wheel icon and then click on Edit Apps.

At the Add Apps screen, click on upload and then browse to the app we found earlier.

The app is then uploaded and displayed in the list. Click Add to add to the selected group. Then, click on Done. Then click on Save… and an App Installation dialog will appear on the iOS device you’re pushing the app to.

At the App Installation screen on the iPad, click on the Install button and the app will instantly be copied to the last screen of apps on the device. Tap on the app to open it and verify it works. Assuming it does open then it’s safe to assume that you’ve run the App Store app logged in as a user who happens to own the app. You can sign out of the App Store and the app will still open. However, you won’t be able to update the app as can be seen here.

This brings up an interesting limitation of how Profile Manager interacts with the App Store. It kinda’ doesn’t. If I were pushing apps to elementary school iPads in a 1:1 I could either use Apple Configurator (if I wanted to burn up a VPP code per student per year) or I could use iTunes (if I wanted a labor intensive process of restoring an iPad per computer rather than a parallel process). But either way, I’m gonna’ stay away from Profile Manager for apps.

So if you push an app to a device and the user taps on the app and the screen goes black then make sure the app is owned by the AppleID signed into the device. If it is, have the user open App Store and update any other app and see if the app then opens.

Finally, let’s wipe a device. From the Profile Manager web interface, click on a device and then from the cog wheel icon at the bottom of the screen, select wipe.

At the Wipe screen, click on the device and then click on the Wipe button again. The iPad then says Resetting iPad and just like that, the technical walkthrough is over.

Note: For fun, you can use the MyDevices portal to wipe your iPad from the iPad itself.


So where are all these new features that justify a new version number? To quote Apple’s Profile Manager 2 page:

Profile Manager simplifies deploying, configuring, and managing them all. It’s one place where you control everything: You can create profiles to set up user accounts for mail, calendar, contacts, and messages; configure system settings; enforce restrictions; set PIN and password policies; and more. Because it’s integrated with the Apple Push Notification service, Profile Manager can send out updated configurations over the air, automatically. And it includes web-based administration, so you can manage your server from any modern web browser. Profile Manager even gives users access to a self-service web portal where they can download and install new configuration profiles, as well as clear passcodes and remotely lock or wipe their Mac, iPhone, or iPad if it’s lost or stolen.

Wait, it did that before… Which isn’t to say that for the money, Profile Manager isn’t an awesome tool. Apps such as Casper MDM, AirWatch, Zenprise, etc all have far more options, but aren’t as easy to install and nor do they come at such a low price point. Profile Manager is a great option if all of the tasks you need to perform are available within the tool. If not, then it’s worth a look, if only as a means to learn more about the third party tools you’ll ultimately end up using. One thing I can say for it is that Profile Manager is a little faster and seems much more stable (in fact, Apple has now published scalability numbers, which they have rarely done in the past). You can also implement newer features with it, including Gatekeeper and Messages.

August 12th, 2012

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Microsoft Exchange Server, Network Infrastructure

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Cryptix is a nice little app available on the App Store that allows you to encrypt and decrypt files using a variety of algorithms. However, while an easy to use encryption tool, it’s actually an even better learning tool for figuring out how various types of encryption techniques actually work.

When you first open Cryptix, you’ll see a list of supported algorithms for encrypting files and passphrases. That part is simple enough, but click on the Tools icon in the toolbar.

Here, you’ll see a number of features along the sidebar, including Checksum, which performs a quick checksum of files dragged on top of the green arrow and tracks hashes, based on the algorithm you choose. Below that can be found more detailed information about interfaces, man page access and a few other things that show the developer was learning how to do a few neat things while writing the tool (such as using DNS from the tool).

Overall, the encryption and decryption aspects of this tool alone are worth the price on the App Store. The checksums are super fast. The other features are interesting as well. I don’t do a lot of app reviews, but this one unexpectedly caught me off guard as something I’d recommend.

July 9th, 2012

Posted In: Mac Security

Tags: , , ,

Next Page »