krypted.com

Tiny Deathstars of Foulness

I’ve worked with a lot of organizations switching between Mobile Device Management (MDM) solutions in my career. And I’ve seen the migration projects go both really, really well, and really, really poorly. In most cases, the migration is somewhat painful no matter what you do. But in this (my first) article on the JAMF blog, I try and organize my thoughts around a few things to look out for when migrating between MDMs/MAMs, and some context/experience around those.

https://www.jamfsoftware.com/blog/10-things-to-consider-when-switching-between-mobile-device-management-solutions/

Screen Shot 2016-06-23 at 11.45.32 AM

June 23rd, 2016

Posted In: Articles and Books, iPhone, JAMF, Mac OS X

Tags: , , , , , ,

The seventh episode of the MacAdmins podcast is now available! This is my first time sitting out an episode, which might explain why it’s the best episode so far!

June 21st, 2016

Posted In: MacAdmins Podcast

Tags: , , , , ,

Hey Devops peeps! Got this, so just quoting and posting:

Just a reminder that the Early Bird rate for the MacDeployment Conference ends on Monday (May 16) at 23:59 MT. This applies both to the Conference day (June 16, CAD $75) as well as the Conference + Workshop days package (June 16 + 17, CAD $275). While the conference is meant to serve (and further build) the Mac Admins community in Alberta (Canada), it is open to all. Speakers include Tom Bridge, Luis Giraldo, Tim Sutton, and Teri Grossheim. For further information, visit macdeployment.ca.

You should go.

May 16th, 2016

Posted In: Consulting, Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast, Mass Deployment

Tags: , ,

May 6th, 2016

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , , ,

A number of systems require you to use complex characters in passwords and passcodes. Here is a list of characters that can be used, along with the name and the associated unicode:

  •    (Space) U+0020
  • ! (Exclamation) U+0021
  • ” (Double quotes) U+0022
  • # (Number sign) U+0023
  • $ (Dollar sign) U+0024
  • % (Percent) U+0025
  • & (Ampersand) U+0026
  • ‘  (Single quotes) U+0027
  • ( (Left parenthesis) U+0028
  • ) (Right parenthesis) U+0029
  • * (Asterisk) U+002A
  • + (Plus) U+002B
  • , (Comma) U+002C
  • – (Minus sign) U+002D
  • . (Period) U+002E
  • / (Slash) U+002F
  • : (Colon) U+003A
  • ; (Semicolon) U+003B
  • < (Less than sign) U+003C (not allowed in all systems)
  • = (Equal sign) U+003D
  • > (Greater than sign) U+003E (not allowed in all systems)
  • ? (Question) U+003F
  • @ (At sign) U+0040
  • [ (Left bracket) U+005B
  • \ (Backslash) U+005C
  • ] (Right bracket) U+005D
  • ^ (Caret) U+005E
  • _ (Underscore) U+005F
  • ` (Backtick) U+0060
  • { (Left curly bracket/brace) U+007B
  • | (Vertical bar) U+007C
  • } (Right curly bracket/brace) U+007D
  • ~ (Tilde) U+007E

April 29th, 2016

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , ,

April 26th, 2016

Posted In: Apple TV, iPhone, Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

Tags: , , , , , , ,

A little while back, I did a little writeup on how the OS X Caching Server caches updates at http://krypted.com/mac-security/how-the-os-x-caching-server-caches-updates/. The goal was to reverse engineer parts of how it worked for a couple of different reasons. The first was to get updates for devices to cache to my caching server prior to 15 people coming in before it’s cached and having caching it down on their own.

So here’s a little script I call precache. It’s a little script that can be used to cache available Apple updates into an OS X Server that is running the Caching Service. To use, run the script followed by the name of the model. For example, for an iPad 2,1, you would use the following syntax:

sudo python precache.py iPad2,1

To eliminate beta operating systems from your precache,use the –no-beta argument:

sudo python precache.py iPad2,1 --no-beta

I’ll probably add some other little things nee and there, this pretty much is what it is and isn’t likely to become much more. Unless someone has a good idea or forks it and adds it. Which would be cool. Enjoy.

Screen Shot 2016-04-24 at 12.24.23 PM

April 25th, 2016

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , ,

Things to Do In Austin In May

Diverse, fun and infused with culture, Austin is the capital of Texas and home to a prosperous community and a wide variety of culture, from the world class cuisine in the many fine restaurants, the growing population of infamous tech companies, the summer festivals and creative atmosphere, to the magnificent country music in what is also referred to as the Live music capital of the world (although Nashville, Athens, and other cities might have some arguing of that point).

Here are some great things to do when you visit Austin: 

  1. Austin City Limits

I grew up seeing acts including Willie Nelson, Little Feat, Stevie Ray Vaughn, Lyle Lovett, Merle Haggard, George Strait, REM, and everyone who was anyone play at Austin City Limits. The same is true today. It’s like playing at the Grand Ole Opry, but open to acts that today include the Arctic Monkeys, Lumineers, Alabama Shakes, Bon Iver, and this year Robert Plant even played. I put this as number on on my Austin list. If you never come back, you have to do this. Even if you’re a vegetarian (‘cause yup, #2 is eat BBQ).

You should also check out the Paramount theatre. But not until you’ve seen a show at Austin City Limits.

  1. Enjoy some of the best BBQ food in the world

Smokey Denmark’s, Valentinas Tex Mex, Lamberts and Rollin Smoke  BBQ; Austin is overflowing with amazing restaurants serving the most succulent meats, steaks, ribs and barbecue delights. While the town may be synonymous with live music, this is certainly the case when it comes to food and in particular, barbecued food. You would be hard pushed to find a better selection of barbecue restaurants anywhere in the US, or the world for that matter.

Freedman’s, Blacks and Kerlin all have an incredible menu on offer although they can also be a little expensive depending on your budget. However, if you make it to Ruby’s BBQ in the early evening, you can join the many students taking advantage of special promotions.

  1. Vegetarian

If you’re a vegetarian, go to Veggie Heaven instead

  1. Sample the infamous Austin nightlife

Often referred to as the “Live music capital of the world”, a night out on 6th Street in Austin is simply unforgettable and little wonder given how there are more than 150 live music venues offering a sublime mix of blues, jazz, rock, hip-hop and more. Some of the most famous of these venues are Club DeVille and The Mowhawk, while the Continental Club is renowned for being the birthplace of the music venue scene. And then there are the traditional dance halls where visitors can learn Texas Two Step, the Broken Spoke is arguably the most popular dance hall in Texas. Regardless of your interest, when you visit Texas in May, there will be no end of amazing experiences to sample after dark.

  1. Have food and nightlife

And for a fusion food/nightlife moment, check out the calendar for Stubbs and see if there’s a show you’d like gorge yourself by: http://www.stubbsaustin.com.

  1. Explore the attractions in Zilker Park

Across the river in Austin, an enormous park is waiting to be explored, where you can hike, swim, climb of follow on of the many trails through stunning scenery. Zilker Park offers a quick escape from the bustling city and it is not only a leafy or scenic place to enjoy, but also home to several attractions including the UMLAUF Sculpture Garden & Museum, the Botanical Gardens and a Nature and Science Center which gives you the opportunity to unearth some dinosaur fossils.

  1. Take a cultural tour of the State Capitol

Restored in the 1980’s, the State Capitol is a prime example of the many cultural buildings still standing in Austin today. Originally opened to the public in 1888, the unusual pink color gives the architecture a unique identity and the exterior makes for an awe inspiring sight.

Visitors can take a fascinating tour of the interior of the building which includes the original hall chamber and the governor’s receiving room, while a self guided brochure will explain the background of each monument or room, and most of the grounds are also open for the public to explore.

  1. Get your hike on at Lady Bird Lake

Bike, hike, or just take a picnic to a beautiful spot, that is sure to delight. How much more Texas do you get when Longhorn Dam makes Lady Bird Lake in downtown Austin? Apparently, the former First Lady, Lady Bird Johnson was integral to the creation of this lake, and so it was later named after her. It’s like many lakes throughout downtown areas of major cities, with the addition that teams from the University of Texas can be seen here pretty much year round. I’ve seen people fishing here and while there are obviously polluted lakes around cities, this isn’t one of them. I might swim in it, but I certainly wouldn’t eat fish out of it. And if you happen to be there wen there are fireworks, it’s seriously amaze amaze amazing.

  1. Hike Some more

Mount Bonnell has a great view and a bit more expansive. Earlier in the summer is way prettier, before the dust makes everything a bit tan/reddish. It’s like Camelback in Phoenix.

  1. Check Out LBJ’s Presidential Library

From Monticello to the Carter Presidential Library, most former presidents have some kind of tribute to their time in office. And these offer a candid snapshot not only to the person who served that role, but also to the world they were in, and how that shaped their candidacy and presidency. LBJ was one of the more interesting presidents, serving in the House of Representatives from 1937-1949, as a US Senator from 1949 to 1961, as Vice President under Kennedy from 1961-1963 and then as President from 1963 to 1969. He served as president during Vietnam, civil rights turmoil, Medicare, immigration reform, reforms to social security, and so much more. But perhaps the most important thing about LBJ that I learned from visiting his library was just how much of a political machine he built, and how he could have run for another term, but had basically lost control of the party by the race in 1968. I love going to these kinds of places!

  1. Breakfast Tacos

Get your Torchy’s breakfast tacos. Seriously, almost as good as the breakfast burritos on that spot on Main Street in Santa Monica that I don’t think has a name. Crazy noms. Speaking of breakfast tacos, Polvos has the best guac in town in my opinion. I realize that might be fighting words for some. But rather than fight about it, I’d prefer to be proven wrong. J

  1. Keep getting your museums on

OK, so the Bullock Texas State History Museum, dozens of museums around the campus at the University of Texas, etc. Like mot capital cities, this one has no shortage of publicly funded places to see political, art (The Blanton Museum of Art), and other museums. Most importantly though, all things Texas. The Harry Ransom Center, and the list goes on and on.

  1. Circuit of the Americas

F1 racing. No need to say more! I think one of only 3 F1 tracks I’ve been to. Fun times and very different from other kinds of racing! And when you’re done, head over to K1 Speed of Austin for some racing of your own!

  1. Festivals in Austin, Texas

As with much of the summer months, Austin is a hive of activity in the month of May (e.g. if you’re there for www.acesconf.com with a large number of festivals taking place. For anyone interested in film, the Cine Las Americas International Film Festival covers a variety of films from the Americas, the Caribbean and even the Iberia Peninsula. Most of these movies are of Latin origin, although some are based on other natives in the regions. The Old Pecan Street Spring Arts Festival is an enormous art festival which is most ideal for families and then the West Austin Studio Tour is a festival of a more general nature, showcasing the creative talent in the are through art galleries and exhibitions. Regardless of which one you choose, the festivals in Texas make for a great time to visit. Of course, there’s www.sxsw.com as well, although I think Aces will be a little more fun. 😉

  1. Karaoke

All college towns (and yes, Austin, I’m lookin’ at you as a college town) have decent to fair karaoke. Never great, never awful. Sing your heart out at Karaoke Underground. I did Public Image Limited. I was sober. OK, no, I did Sex Pistols and wasn’t…

  1. Learn to Two Step

Hit the Broken Stpoke or another bar to see people dancing the night away, the same way they’ve done since the 30s. Cowboy hats, boots, belt buckles, and a disposition that’s the only thing sweeter than the tea in these parts.

  1. Have great coffee

I like Dominican Joe. But like all the coffee shops in all the college towns in all the universes, I really don’t think you can go wrong… For example, Spiderhouse doesn’t have great anything, except peoplewatching.

  1. Foooooootball

I love me some sportsball. Especially football. And few places sport better fans than the University of Texas at Austin. People here bleed Burnt Orange. Not all, but most. This article is more for visiting in the spring (e.g. for Aces), but you know, even if you can’t see a game that time of the year, you can still ask a local “What do you think of Coach Strong?” Even if you don’t know anything about foosball (yes, that’s another pop culture reference), it’s still the right thing to do.

  1. Check out a movie at the Alamo Drafthouse

It’s one of those “Keep Austin Weird” kinda’ places. It’s an amazing theatre, where you can enjoy cult classic movies with a beer. Similar to the State Theater in Athens, Georgia. Big, cheep, usually crappy beer pairs very, very well with movie marathons.

  1. Buy weird stuffs

So much awesome. Such happy. Stop by the City Wide Garage Sale, Uncommon Objects, Charm School, and Monkies Vintage. And then head to the Cathedral of Junk so you don’t buy too much of it!

The sun rising over the Wells Fargo building in Austin, TX in February 2013

April 24th, 2016

Posted In: personal, public speaking

Tags: , , , , , , , , , , ,

The Caching Server in OS X is a little bit of a black box. But, it’s not all that complicated, compared to some things in the IT world. I’d previously written about command line management of the service itself here. When you enable the caching service, the server registers itself as a valid Caching Server. Nearby devices then lookup the closest update server with Apple and register with that update server using a GUID:

/Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin settings caching:ServerGUID

Then, each time the device looks for an update, it does so against http://mesu.apple.com/assets/com_apple_MobileAsset_SoftwareUpdate/com_apple_MobileAsset_SoftwareUpdate.xml using the device model. Noticed this with this line in my proxy logs:

"GET http://mesu.apple.com/assets/com_apple_MobileAsset_SoftwareUpdate/com_apple_MobileAsset_SoftwareUpdate.xml HTTP/1.1" 200 - "-" "MobileAsset/1.0"

Let’s say that the device is an iPad 2,7, then the following information is used for the update, with a URL of http://appldnld.apple.com/iOS9.3.1/031-56322-20160331-F8B29F9E-F68D-11E5-AF11-0744ED25FABD/com_apple_MobileAsset_SoftwareUpdate/1c02ea51b4d2d50b04526c4ec29780b8e02dfe76.zip, which is created using the _BaseURL string followed by the _RelativePath string:

<dict>
<key>ActualMinimumSystemPartition</key>
<integer>1965</integer>
<key>Build</key>
<string>13E6238</string>
<key>InstallationSize</key>
<string>0</string>
<key>MinimumSystemPartition</key>
<integer>2017</integer>
<key>OSVersion</key>
<string>9.3.1</string>
<key>ReleaseType</key>
<string>Beta</string>
<key>SUDocumentationID</key>
<string>iOS931GM</string>
<key>SUInstallTonightEnabled</key>
<true/>
<key>SUMultiPassEnabled</key>
<true/>
<key>SUProductSystemName</key>
<string>iOS</string>
<key>SUPublisher</key>
<string>Apple Inc.</string>
<key>SupportedDeviceModels</key>
<array>
<string>P107AP</string>
</array>
<key>SupportedDevices</key>
<array>
<string>iPad2,7</string>
</array>
<key>SystemPartitionPadding</key>
<dict>
<key>1024</key>
<integer>1280</integer>
<key>128</key>
<integer>1280</integer>
<key>16</key>
<integer>160</integer>
<key>256</key>
<integer>1280</integer>
<key>32</key>
<integer>320</integer>
<key>512</key>
<integer>1280</integer>
<key>64</key>
<integer>640</integer>
<key>768</key>
<integer>1280</integer>
<key>8</key>
<integer>80</integer>
</dict>
<key>_CompressionAlgorithm</key>
<string>zip</string>
<key>_DownloadSize</key>
<integer>1164239508</integer>
<key>_EventRecordingServiceURL</key>
<string>https://xp.apple.com/report</string>
<key>_IsZipStreamable</key>
<true/>
<key>_Measurement</key>
<data>Rfrw7jNYWH8xNS67pXoq7NEhpUI=</data>
<key>_MeasurementAlgorithm</key>
<string>SHA-1</string>
<key>_UnarchivedSize</key>
<integer>1235575808</integer>
<key>__AssetDefaultGarbageCollectionBehavior</key>
<string>NeverCollected</string>
<key>__BaseURL</key>
<string>
http://appldnld.apple.com/iOS9.3.1/031-56322-20160331-F8B29F9E-F68D-11E5-AF11-0744ED25FABD/
</string>
<key>__CanUseLocalCacheServer</key>
<true/>
<key>__QueuingServiceURL</key>
<string>https://ns.itunes.apple.com/nowserving</string>
<key>__RelativePath</key>
<string>
com_apple_MobileAsset_SoftwareUpdate/1c02ea51b4d2d50b04526c4ec29780b8e02dfe76.zip
</string>
</dict>

You can then use these dictionaries to assemble this path for all items in the dictionary with “iPad 2,7” in the SupportedDevices key. You can also choose to assemble this path for all items with the OSVersion of a given string, such as 9.3.1 in this case. You could curl these updates down to a client, or request them through the caching service, which would cache them to the Caching Server, using the IP of the server (e.g. 10.1.1.2) http://10.1.1.2:55491/iOS9.3.1/031-56322-20160331-F8B29F9E-F68D-11E5-AF11-0744ED25FABD/1c02ea51b4d2d50b04526c4ec29780b8e02dfe76.zip?source=appldnld.apple.com

Found the above URL using a reverse proxy. This URL is generated based on an http request to the IP address of the caching service, followed by the port. The port is derived using the serveradmin command and query the settings for caching:Port as follows:

/Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin settings caching:Port

In this example, the URL is then

http://10.1.1.2:55491/

But the URL then splits the _BaseURL into two parts, taking appldnld.apple.com from the URL and appending ?source=appldnld.apple.com. So without the update, the URL would be the following:

http://10.1.1.2:55491?source=appldnld.apple.com

OK, so now we’ll pop the other part of that _BaseURL in there:

http://10.1.1.2:55491/iOS9.3.1/031-56322-20160331-F8B29F9E-F68D-11E5-AF11-0744ED25FABD?source=appldnld.apple.com

And then there’s one more step, which is throw the zip in there:

http://10.1.1.2:55491/iOS9.3.1/031-56322-20160331-F8B29F9E-F68D-11E5-AF11-0744ED25FABD/1c02ea51b4d2d50b04526c4ec29780b8e02dfe76.zip?source=appldnld.apple.com

Viola. Curl that and the caching server will download that update and make it ready for clients to access. Everything is hashed and secure in the directory listed using this command:

/Applications/Server.app/Contents/ServerRoot/usr/sbin/serveradmin settings caching:DataPath

April 18th, 2016

Posted In: Apple Configurator, Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , , , ,

Creating a classroom is a pretty straight forward process in Profile Manager. To do so, open the Profile Manager web interface and click on Classes in the sidebar. For your first class, click Add Class (for future ones, click the plus sign (+).

Screen Shot 2016-04-14 at 9.39.39 PM

At the New Class screen, click into New Class in the title bar and provide a name for the class. Optionally, provide a description, as well. Click on the Save button to save the class.

Screen Shot 2016-04-14 at 9.40.04 PM

Then click on the Instructors tab and use the plus sign towards the bottom of the screen and then choose the user or group you’d like to add as the Instructor for the class. Click on the Students tab to add a user or group as a student.

Screen Shot 2016-04-14 at 9.40.17 PM

Next, click on the Devices tab and then click on the plus sign (+) at the bottom of the screen. Here, click on Add Device Groups to add a group of devices.

Screen Shot 2016-04-14 at 9.41.27 PM

Additionally, check the box for Shared if the iPads will be shared iPads.

Screen Shot 2016-04-14 at 9.41.18 PM

Click OK once you’ve added the appropriate Device Group, and then click on the Save button to save the class setting.

April 15th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , , , ,

Next Page »