Screen Time And Setting Limits For Ourselves And Our Families

Do you know how much time you spend in various apps and on your device? Do you want to gently be reminded of how much time you’re staring at screens and maybe even be limited in how much you can be lost on the screen? 

First, let’s Let’s do this limiting the time you can be on the device in the first place, using a feature of Screen Time called Downtime:

  • Open Settings
  • Tap on Screen Time
  • Tap Downtime

Tap on and then set the start of Downtime and the stop of Downtime. Tap back on Screen Time in the upper left hand corner of the screen. Now, let’s setup an app limit for social apps (because really, most of us are on those wayyyy too much:

  • Open Settings
  • Tap on Screen Time
  • Tap App Limits
  • Tap an app category (e.g. Social Networking)
  • Set the number of hours you can use that type of app (note, if you set 23 hours and 59 minutes you are totally cheating)
  • Tap Add

Should you want to remove those limits you created, just tap Delete Limit. Or better, just configure apps that are allowed to bypass the limits you’ve made by tapping Always Allowed and adding apps that are always allowed to work. This allows you to limit all your apps except, as an example, Maps and Camera. 

Another option in Screen Time is Content and Privacy Restrictions. To configure these:

  • Open Settings
  • Tap on Screen Time
  • Tap on Content & Privacy Restrictions
  • Turn Content & Privacy Restrictions on by tapping the slider
  • Tap on iTunes & App Store Purchases

Here, you can limit installing apps, deleting apps, or making in-app purchases on the device. You can also just force a password in order to make any purchase from iTunes, Book Store purchases, or App Store purchases

  • Tap the back button
  • Tap Allowed Apps
  • Use the indicator light to disable any app you don’t want to be able to access on this profile
  • Once all apps are configured, tap the back button
  • Tap Content Restrictions

There are a lot of restrictions available. Most are mirrored with a profile and so can be controlled by an MDM as well:

  • Country: Start with the country your ratings are set for. 
  • Music, Podcasts, & News: Then, choose what whether or not explicit content is allowed (and by content we really mean music, podcasts, & news). 
  • Music Profiles & Posts: Then choose whether the device is allowed to publish music options and posts about music. 
  • Movies: Then set a maximum AFTRA rating (e.g. PG-13 or R) for content.
  • TV Shows: Select the TV ratings allowed (e.g. TV-G or TV-MA for mature audiences)
  • Books: Luckily, Tipper Gore never got her way so there’s no true rating systems for books. Just select Clean or Explicit.
  • Apps: Choose an age that ratings for apps are most appropriate
  • Web Content: Limit access only to specific websites, limit access to adult websites, or provide unrestricted access to web content
  • Web Search Content: Allow Siri to access the web to search
  • Explicit Language: Allow or restrict Siri from using dirty words
  • Multiplayer Games: Allow or deny access to multiplayer games
  • Adding Friends: Allow or deny access to add friends within the Game Center app
  • Screen Recording: Allow or deny access to screen recordings

Next, go back and in the privacy section, configure what apps are able to access Location Services, Contacts, Calendars, Reminders, Photos, Share My Location, Bluetooth Sharing, Microphone, Speech Recognition, Advertising, Media And Apple Music. 

Finally, under allow changes, configure whether you’ll be able to make changes to Passcode Changes, Account Changes, Cellular Data Changes, Volume Limits, Do Not Disturb While Driving, TV Providers, and Background App Activities. 

Security Considerations When Selecting Cloud-Based Software

My latest piece on Huffington Post:
OMG the cloud! Everything must go to the cloud, and now! And sometimes finding a tool is about workflow. And the workflow should make sense and be awesome. But there’s an argument that you shouldn’t even keep a lot of data unless it’s kept confidential and therefore properly secured. The liability of keeping information about other people and what they do is just too great to outweigh what you might otherwise use that data for. Security matters. Workflow matters. And with the number of services out there that you can use for any given task, if any aren’t secure enough then there are probably ten others you could use that are. So why might you choose to use a given service:
To read more, check out http://www.huffingtonpost.com/entry/58e26367e4b0d804fbbb7501

List of Safe Complex Characters for Passwords

A number of systems require you to use complex characters in passwords and passcodes. Here is a list of characters that can be used, along with the name and the associated unicode:
  •    (Space) U+0020
  • ! (Exclamation) U+0021
  • ” (Double quotes) U+0022
  • # (Number sign) U+0023
  • $ (Dollar sign) U+0024
  • % (Percent) U+0025
  • & (Ampersand) U+0026
  • ‘  (Single quotes) U+0027
  • ( (Left parenthesis) U+0028
  • ) (Right parenthesis) U+0029
  • * (Asterisk) U+002A
  • + (Plus) U+002B
  • , (Comma) U+002C
  • – (Minus sign) U+002D
  • . (Period) U+002E
  • / (Slash) U+002F
  • : (Colon) U+003A
  • ; (Semicolon) U+003B
  • < (Less than sign) U+003C (not allowed in all systems)
  • = (Equal sign) U+003D
  • > (Greater than sign) U+003E (not allowed in all systems)
  • ? (Question) U+003F
  • @ (At sign) U+0040
  • [ (Left bracket) U+005B
  • \ (Backslash) U+005C
  • ] (Right bracket) U+005D
  • ^ (Caret) U+005E
  • _ (Underscore) U+005F
  • ` (Backtick) U+0060
  • { (Left curly bracket/brace) U+007B
  • | (Vertical bar) U+007C
  • } (Right curly bracket/brace) U+007D
  • ~ (Tilde) U+007E

Simple Swift Project To Run A Bash Script When A User Clicks A Button

New project on Github to run a bash script when a user clicks on a button. This is pretty basic, easily customizable, lots of stuff you could add, and with a license I’m sure anyone can appreciate. Screen Shot 2016-03-08 at 8.26.13 PM Hope you enjoy.

My 16 Mac Security Advances Article On TechCrunch

Ever since the kids from Silicon Valley went to TechCrunch, I’ve been thinking that at some point I’d want to put a piece there. Luckily, I recently got the chance. Today, 16 Apple Security Advances To Take Note Of In 2016 went up on TechCrunch. You can access the article here. Screen Shot 2016-01-18 at 7.36.16 PM The original article actually listed the year that each was introduced in order. It was a lot of work to go back in time and piece the timeline together, so since the years didn’t make it through editorial, I list them here (not that anyone actually cares):
  • 2002: Managed Preferences
  • 2003: FileVault
  • 2004: Require all software installers that need system resources to prompt for a password
  • 2005: Restrict setuid and setgid in scripts
  • 2007: Time Machine
  • 2007: Application Firewall
  • 2007: ASLR(Address Space Layout Randomization)
  • 2009: Application Sandboxing
  • 2009: XProtect, or File Quarantine
  • 2008: Antiphishing
  • 2010: The Mac App Store
  • 2012: Gatekeeper
  • 2012: Mobile Device Management
  • 2013: iCloud Keychain
  • 2015: System Integrity Protection, or SIP
And yes, since I was there for each of these, I did feel old writing this… :-/ And yes, thank you for asking, I did just publish another book on Mac Security, which you can buy here. 🙂

Programmatically Extract Saved Wi-Fi Passwords In OS X

Previously, I covered how to Programmatically Obtain Recent Wi-Fi Networks On A Mac. But, here I’m gonna’ go a step further and look at how to extract the password for a network as well. The two are stored in different locations. The recent networks are in the /Library/Preferences/SystemConfiguration/com.apple.airport.preferences defaults domain. If you pull one of those, then you can use the security command to extract the password itself. security find-generic-password -ga "Krypted Home" The output is as follows, showing everything that is tracked about this network in the keychain. keychain: "/Library/Keychains/System.keychain" class: "genp" attributes: 0x00000007 <blob>="Krypted Home" 0x00000008 <blob>=<NULL> "acct"<blob>="Krypted Home" "cdat"<timedate>=0x32303135313230373135313731375A00 "20151207151717Z\000" "crtr"<uint32>=<NULL> "cusi"<sint32>=<NULL> "desc"<blob>="AirPort network password" "gena"<blob>=<NULL> "icmt"<blob>=<NULL> "invi"<sint32>=<NULL> "mdat"<timedate>=0x32303135313230373135313731375A00 "20151207151717Z\000" "nega"<sint32>=<NULL> "prot"<blob>=<NULL> "scrp"<sint32>=<NULL> "svce"<blob>="AirPort" "type"<uint32>=<NULL> password: "test" You can constrain the output with awk and grep so that you’d only see the password as the output of the command. Then, you can feed it back into other objects, like a new .mobileconfig.

No git Commit Message #tomhardy

Click for lightning. Merge-your-damn-self. barker But if you commit with a well written message (and not just a period to get past a sanity check), I’m happy. Tom Hardy likes it when you tell me wtf.

via GIPHY

Guest Blogging for the #jnuc on Vulnerability Assessments

In case anyone missed this fact: I love to write. The nerdier the content, the better. And when I heard that the JAMF Nation User Conference had a session for InfoSec (and specifically around how we do vulnerability assessments), I knew that was my kind of session. So, the marketing team was kind enough to let me write it up. Here it is on the JAMF Software blog: http://www.jamfsoftware.com/blog/jamf-software-security-and-vulnerability-assessments/. Screen Shot 2015-10-13 at 5.29.22 PM

Childproof Macs With Bushel And Beyond

At Bushel, we’ve been getting a lot of inquiries into how to use Bushel to childproof a Mac. We really had a target audience of organizationally owned devices when we sat down to write Bushel, but we realize that especially in a small business, devices end up very mixed use. Discover Childproofing Your Macs Here…