UEFI, 10.13/APFS, and You(r Imaging)

UEFI, 10.13/APFS, and You(r Imaging)

Let’s discuss the basic input/output system for IBM PC compatible computing devices, aka BIOS. Wait, that’s not a good start, P.eople C.an’t reM.ember C.omputer and I.nternet A.cronyms. Ok, EFI – that’s a thing that’s like BIOS, right? You can lock it, it makes sure all your most vital hardware components […]

Read more

Hook The Lintings

Friends don’t let friends commit puppet code with obvious errors. Especially when you’re working with a team, having a consistent style enforced by something like puppet-lint means less messy diffs as you send changes to each other to review. And if you’re leveraging stuff like r10k, you definitely don’t want […]

Read more

Hipster Software Management

Hipster Software Management

Socially, Slack and Twitter are the two poles I gravitate between: Slack for when I’m hoping to be a burden on or distracted by our always-up-to-something community, and Twitter when I’m more in the mood to consume the echo chamber than reverberate sound out in to it. And then there’s […]

Read more

Arbitrary Code via Puppet instead of Jamf (Pro)

Arbitrary Code via Puppet instead of Jamf (Pro)

If you are familiar with Jamf Pro’s (formerly the JSS/Casper Suite’s) model of smart groups and extension attributes (or EA’s), they provide a way to run code that can (among other things) inventory the state of a computer. Every recon run, they run the provided scripts configured server-side, and through […]

Read more

Proactive Mac Security: Santa 🎅

Proactive Mac Security: Santa 🎅

For the next stop in our journey, we’ll review that jolly ol’ soul, Santa. It’s a system for either monitoring what apps are launched and blacklisting the ones you decide are bad, or locking down a macOS computer to only run the ones you’ve whitelisted. Despite what The Register seems […]

Read more

Stop All The Downloadin’

Stop All The Downloadin’

Just a quick one, to remind you that there are ways you can have a dialog with users about tightening security controls. We’re beating the drum about Flash dying a death, and haven’t included it in our image since the Great Analytics Fiasco of 20.0.0.235. I’m not the most tolerant […]

Read more

Proactive Mac Security: osquery

Proactive Mac Security: osquery

There are two reputations(at least) that your faithful writer is hoping to shake: #1, I do not work for Google. #2, I am not the ‘osquery guy’. I don’t even know any C++! (I’m going to make time for this eventually, though.) However, for three events over the course of […]

Read more

Proactive Mac Security, Introduction

Proactive Mac Security, Introduction

Let’s say your company is a place where no one works day-to-day logged in as an admin on their Mac. Everybody in this environment is also a computer expert, and therefore aren’t as prone to tomfoolery such as letting family members use their login to play Chrome games, and of […]

Read more

Ep. 4 – MacAdmin Easter Egg

Just in time for WWDC, another special guest on the Frogor 45 – Tim Sutton, of Mac Operations fame, here to discuss things non-Adobe… like mcxToProfile. Mastering by AD⚡️CB logo designer Pepijn Bruienne Other things mentioned: Bluetooth fingerprint unlock apps that shall remain nameless Ollllld topics like ManifestDestiny The first […]

Read more

ICYMI – LISA Conversations, with Google

Just a quick post for folks that missed it (I follow Clay on the twitters but got notice it was happening a bit too late), the well-regarded ‘Managing Macs at Google Scale’ talk Clay Caviness and Ed Eigerman gave for LISA ’13 was revisited for their video series, embedded below. […]

Read more