The Secret Service has lately been in some hot water because they failed to backup the text message (and iMessage?) history of the devices issued to their staff during an MDM transition. I talked some with Jason Snell from Six Colors in a recent piece about what happened:
iMessage histories may be device specific and limited, and if they were not utilizing iCloud Backup (for Federal Government Cloud Reasons) it is possible that when the devices were wiped and setup anew with the MDM — so that the devices are supervised by the new MDM — the previous history was lost.
In short, I suspect they were prohibited from using any iCloud service because iCloud isn’t FedRAMP certified for security, and when they wiped the device to set them up with the new MDM service, they could not restore even a local on-disk backup, because those backups would’ve stored the supervision identity and the MDM enrollment from the previous MDM service.
I love Independence Day. I have for a long time. That doesn’t mean I love who we are as a nation right now, or that we should stop trying to make it a better place, safer for all, more equitable, more loving.
I don’t have a ton of patriotism right now. Our democracy feels broken, wracked by backlash against progress, tearing at the seams of our institutions by appointees of a corrupt tyrant who couldn’t fathom his own illegitimacy.
Where I do have love for our nation is with all those who want to be here, who risk everything wanting to work here, wanting to live here, wanting to escape violence and tyranny. We spent the day y’day with a family of 3 who were bussed here from Arizona after arriving.
The two kids spoke little English, but soon fell in playing with our gaggle of neighborhood kids. Our Spanish-fluent neighbors helped their mom call home to tell their family they’d arrived, and helped them navigate some local resources. Another family is giving them shelter.
The values of our neighbors, caring for the newly-arrived, are our American values on display: charitable, loving, caring, welcoming. That’s what I love about our nation when we can display it. Selflessness and service, sharing and communitarian, that is America at its finest.
Those are the values I celebrate today, not the fascist worship of the modern GOP. Their part-time affinity for life — that is, when it cannot hold them accountable for their failings — is a failed vision of paternalistic authoritarianism, of homogeneity, of forced unity.
The only messages they have now are ones that they bring to bear at the point of a weapon, or of the deployment of force. They claim to be the true America, but instead, they’re the Britain that we revolted from in 1776. Their insistence of right by might is undemocratic.
There are things I love about the old GOP. There’s no question I’m a capitalist, and that I think having the freedom to start your own business is a critical freedom in America. I spent 15 years running one, and struggling sometimes to deal with the regulatory frameworks.
Lord knows there are tons of regs that have served their purposes that ought be retired, as well as others with unintended consequences. Of course, the old GOP also believed in taxes at much higher rates than we’re currently paying.
Eisenhower spoke about the dangers of the Military Industrial complex and how it might distort our servicemen and -women, and boy howdy has it. Sure, we’re the arsenal of democracy — Ukraine has appreciated that, to our credit — but at what cost for our Homefront?
My love for America is complicated. All relationships with love are complicated. We love in spite of failings, and because of foibles. We love for the idealism of loving something great. We love sometimes when we want to change it. I love America. Just not this one, right now.
So, for all my fellow Americans not feeling it today, I stand with you. Our nation’s once brilliant light is dim and tarnished, and the people responsible for its care are failing us on every level.
But I love it, still, for I know what it can be, and will be again, with work.
Last week, Apple released beta versions of the macOS Ventura operating system for desktops and the iOS 16 mobile operating system for mobile devices. What does the iOS update mean for MDM?
That’s exactly what a friend in the Mac Admin community asked me recently. I thanked them for their candor and request as many of us have yet to dive into Apple’s MDM documentation.
So, I rolled up my sleeves and got to it. Keep reading for an overview of what types of changes you can expect and how to optimize your mobile device management strategy.
The most important consideration here is not just how to cut costs out of your team, which is usually a euphemism for getting rid of staff. Instead, the main goal should be how to understand business needs and priorities for the future. Should you keep the same model in place to deliver on those needs, or should you redesign your process to get the same result in a different way? What can make your budget go further and display more of a return on investment, either through more productivity or cutting costs elsewhere?
IDG picked up a piece by me on dealing with the current moment without cutting your staff to the bone. Now’s the time to figure out how to get more from all your tools, cut what you don’t need, and build platforms that work best for your environment, instead of depending on point solutions.
I’ve talked about Charlie here before. He’s a large part of my talks these days, as children are often the dominant part of their parents’ lives. Charlie’s 8, he’s in third grade at Capitol Hill Montessori, in a class of just shy of 30 first, second, and third graders. He loves to play with Lego, he loves to make puppets out of paper and play with them, he loves to draw and read books about Minecraft.
Charlie’s a big part of the future I’m working for constantly. He’s why I get up in the morning, so I can get him fed, dressed, and ready for school each day. His safety, and his needs, are a big part of what my wife and I do every day, like so many parents out there. Our children are our everything. Their smiles and hugs shine the bright lights on us. They can pick up a bad day, they can turn it all around. Their tears and their fears can just as easily remind us of our own fears and how we’ve overcome them.
Every day when I get up and take him to school I make sure that I tell him that I love him, that I hope he makes good choices and does good work. I always makes sure he knows that he’s loved unconditionally.
I make sure he hears that because I’m terrified that something like what happened in Sandy Hook, or what happened today in Uvalde, will happen here, too. That someone will bring loaded guns into his school and start shooting. And that just like that, the future I will have worked to build and craft, like so many parents who’ve lost everything, will be wiped out in an instant.
That is is my single greatest fear.
I think of all the families tonight who are grieving the loss of their future. I think of all the excuses that we’ve made as a society to keep guns in the hands of a whole bunch of people who have no business having a lethal weapon. We have to do better. For the future.
Today, Apple announced a new pair of certification exams for Mac Admins. This is a new version of the standard Apple Certified Support Professional exam, that comes with a self-paced training course, as well as the completely new Apple Certified IT Professional exam, which also comes with a self-paced training course.
I can also say that I’ve taken and passed both exams. They’re serious efforts, and they show a broad range of knowledge that’s required by our professions as Mac Admins. Knowing how deployment works — not just how rote practices work but the theory behind it — is the hallmark of a solid Mac Admin, and there’s more required of Mac Admins every year. I’m excited to see Apple putting effort into this program.
In addition to the new exams, Apple’s announced a program working with the Mac Admins Foundation to make sure that those who can’t afford to take this exam, or whose employers won’t pay, can still get certified. The Mac Admins Foundation is a brand new 501(c)(3) non-profit whose mission is to support the people who manage Apple products, starting with the Mac Admins Slack, and moving onward to making conferences more approachable for people just starting out in this industry.
We’ll have more to say in the next few weeks, but it is the honor of a lifetime to be Co-Chair of this incredible organization.
Last night, Friday Night Baseball debuted on AppleTV+. The Nationals and Mets faced off, and there was high drama between Max Scherzer starting against his former club, and some shenanigans about batters hit by pitches. When Apple announced that they were going to be showing Friday Night games during the season, I was a little skeptical. Last night cured that skepticism entirely. Let’s talk about why.
Picture Quality Matters
I was absolutely astonished at how great the game looked on my Apple TV. I’m an mlb.tv subscriber, and I’m used to a highly compressed image, with a fair amount of color mutes. You’re watching because this is the only way you can watch, not because it’s a joy to watch. They must have been shipping 4K video last night with a proper color gamut, because the game just looked crisp and beautiful.
In addition, they were working what felt like twice as many camera angles as I’m used to seeing on a MASN broadcast here in DC. It was a playoff-quality broadcast in terms of direction and angle work, and that’s a hard thing to pull off. The shallow shots from near the dugouts gave it a very human feel to go with the long glass shots from the outfield. I was definitely smitten with how great it looked, which takes us to…
Apple Does Chyrons Right
I didn’t realize that the word “chyron” wasn’t a commonly known word, but it comes from the Chyron company that produces many of the video overlays that we see on our TVs. I have seen a lot of truly terrible chyron work on various RSNs over the last decade, most of which were gimmicky and ugly, trading for gaudiness what they should have invested in information architecture.
Apple did a banger of a job:
Player information cards used the familiar rounded rect that is a lingua franca for Apple aficionados, simple but good use of color, clear information stated clearly. This is great IA.The score block in the upper left is super simple. Team logos in color, score in large digits, standard runner/outs imagery plus the count and a pitch count. The batter card at the bottom gives you solid clarity on who this is, and what their stats are like for last season (since it’s the first week of the season!)
Imagery here was captured by Brandon Costa and included from a tweet. I tried to take some screenshots, but Apple frowns on that in their TV app! Just captures a black frame instead, sadly.
The most controversial for me was the information stat in the lower right corner. Sometimes, it’s helpful info (probabilities for reaching base, scoring runs, etc), and sometimes it’s a load of useless shit (like gambling odds). I loved that they identified the batters’ walk-up tunes with Apple Music icons, that was a lot of fun. They also advertised that they have some Apple Music Playlists like this one for the Nats.
The graphics overall were inviting and inobtrusive, and not once did I get crypto advertised in a dancing add inside the chyron. Wins galore here.
A Younger Announcing Team
Look, I’ll be the first to say that I cannot stand Bob Carpenter and his Grandpa Simpson act. There’s no question that the average age of a baseball broadcasting team is probably something closer to 60 than my 43. Actually getting some younger broadcasters on the scene is fantastic, and I loved the more youthful feel of the broadcasting crew for the Mets/Nats game.
There’s been some pushback from the largely white, largely old, definitely largely dudebro audience on the Twitter machine, and given how hostile fans can be to anything new involved in this sport, it’s no surprise some people were upset. I, however, was really appreciative of Melanie Newman’s play-by-play, and Chris Young and Hannah Keyser did a fine job on color commentary. They were erring a little bit to the “saying more” part of the job, and I think they overindexed on talking. But, what they did say was fun, and this was a crew that was clearly having a good time, even if Keyser’s own mom wasn’t onboard:
Tonight I'll help broadcast the Mets-Nationals game on Apple TV+, the first time I've ever done anything at all like that. Which is, frankly, surreally cool.
When I told my parents about it, my mother — diehard Mets fan — said: "Oh, I hate when it's not Gary, Keith, and Ron."
I want to see what this crew sounds like when they’ve been working together for months, because I suspect that’s going to be a really fine broadcast. Keep it up.
It Wasn’t All Roses
I had a few times where the stream locked up, and I couldn’t get it started again. These are volume issues, and I’m sympathetic. They’ll get it figured out. They need to.
Sometimes the announcers kept going on something unrelated — well, tangentially related — and it turned into a gag that I just didn’t find funny. Sure, Juan Soto asked for AppleTVs for his teammates, and sure Apple came through for them, but that didn’t need to be a multi-inning gag.
Overall? Pretty Solid
I’m here for what happens next. Count me on the regular watchers’ list. I loved how great the game looked, I loved how well-presented the information was, I loved that it was just the right balance of stats and situational data, all without too much pretention. I loved the younger announcing team, and I can’t wait to see what they can do!
Tune in, Friday nights, on Apple TV+ on your Mac, iPhone, or Apple TV app. It’s worth it.
My deepest thanks to the Amsys and Datajar teams for the invitation to speak at this year’s MacAD Conference in Brighton. It was a real joy to spend time with Mac Admins from all over talking about how experiences matter. This presentation was a joy to write. It’s not like other conference vendor presentations, because these topics really aren’t specific to JumpCloud. Good IT Philosophy shapes products, and the vision that I’m espousing here, backed by data, is what we’ve already built and what we’re building in the future.
What follows here is the IT Code I’ve settled on, and I think it’s instructive.
As an IT Professional, I will do my best to –
Preserve company data from carelessness and compromise
Protect my people from attack and their occasional inattention
Defend the integrity of our organization against bad policies, poor security, and short-sightedness.
Empower your people with knowledge.
Making a difference for your coworkers’ experience is how you make your coworkers’ like working with IT, as much as that’s possible in 2022.
Related to Apple Hardware, I gave Apple a 5, saying:
“The 2021 MacBook Pro [is] the most important product Apple has released since the 2012 MacBook Pro sported the first Retina display on an Apple laptop. Apple has redeemed some poor choices, and built a product that’s suited for the Pro moniker. Great work, Apple”
Related to the iPad, I gave Apple a 4, saying:
“iPadOS remains a second class citizen in terms of adoption, focus and attention for Apple, and that makes the best-in-class hardware seem a bit less shiny. No question that the new iPad mini is the best device to carry the moniker, but it still isn’t quite enough of a workhorse. Until the software catches up with the hardware, the iPad is going to be a pretty niche player.”
Related to Apple Wearables, I gave Apple a 4, saying:
“In 2021, I changed jobs, and suddenly had to spend a lot more time on videoconferences. My podcasting headphones were deeply uncomfortable after a few hours of wear. I visited an Apple store for an iPhone repair and tried on a pair of AirPods Max. I swore audibly, and an Apple employee came to check on me to make sure I was okay. I was okay—they fit like a dream, they moved the right way, they didn’t pinch where the temples on my glasses met the ear cup, they sounded incredible. I was so mad that I was about to spend $549, but when you wear them 6-8 hours a day, every day, and they cause you no pain or confusion? That’s money well spent.”
I will also say that I am really enjoying Spatial Audio in my office, and that I hope this comes more places. It is actually something I deeply enjoy.
Related to Services, I gave Apple a 4, saying:
“I remain a happy customer of the Apple One bundle. This is a good product, composed of some excellent items (iCloud, Apple Fitness+, Apple TV+), some okay items (Apple Arcade, Apple Music, Apple Card), and AppleCare remains a product in Apple’s lineup.”
Related to HomeKit and Home Automation, I gave Apple a 2, saying:
“Apple needs a better story here, but the HomePod mini is a solid entrant in the home speaker line. The poor, neglected HomePod, though, is suffering service and experience degradation that needs to be addressed. I am hopeful for a new standard with new material to help uncloud the picture, but we’re still a long way from good.”
Related to Software, I gave Apple a 3, saying:
“macOS Monterey is an incremental improvement, but there’s a long way to go here. Apple only just expanded bike directions for Maps beyond a few core cities, and they have a long way to go to bring the Maps experience to an appropriate level of experience everywhere they promise it. Overall, the Mac’s software is aging poorly. Calendar, Mail and Contacts remain stuck in a much earlier, much less interesting world of personal information management. Mail cannot scale to meet the needs of modern mail experiences, and that’s, frankly, a bit criminal in this world. While Monterey is an improvement over Big Sur — especially for organizations that support Macs at scale as part of business environments — there’s a long way for Apple to go. It feels as if the bold Apple is gone, and it’s replaced by a meek Apple, afraid of making big strides.”
Related to Developer Relations, I gave Apple a 3, saying:
“We need better relationships between MDM developers and Apple, with more give and take, more conversations, more impactful input, and a better cadence for partnerships. I know that my take is different than many, but I’m a different sort of developer in my day job than most. When it comes to the App Store, Apple has some hard choices to make, lest they risk having the whole thing slip right through their fingers in the form of federal regulation of their spaces.”
The single best feature of macOS Monterey, in the eyes of the Mac Admin, is without question the arrival of Erase All Contents & Settings (styled EACS, pronounced “Eeks”), which allows a Mac Admin to restore a properly-equipped Mac computer to the Setup Assistant with no user data remaining in 5 minutes or less. This feature is a massive time-saver for Mac Admins, a huge boon to the average user looking to part ways with their device quickly and securely, and represents a huge step forward for return to service workflows.
What does EACS require to work?
EACS requires a few conditions in order to work correctly:
The Mac computer must be running macOS 12 Monterey at the time of operation
The Mac computer must have an Apple silicon process, or an Intel processor with a T2 coprocessor
What happens if things don’t go as planned with EACS?
In the event that EACS does not complete as expected, what the system does will be determined by the default behavior, and the ObliterationBehavior command argument as supplied by the MDM. During EACS, there is a preflight conducted on the system, and that preflight can succeed (which will result in EACS), or it can fail, which will conduct the assigned ObliterationBehavior.
If the command is sent with the behavior set to DoNotObliterate, the system will just error back to the MDM, but do nothing to the device. There are very few scenarios that I can imagine where this behavior is desirable, but if you happen to have one of those, changing the Erase Device command to include this behavior.
If the command is sent with the behavior set to ObliterateWithWarning, the device will log an acknowledgement with the MDM before completing the task, which will erase the device completely, OS included. Under this circumstance, your MDM will understand that the device was not in a state where EACS was possible, and that the device is in a state where it would be totally wiped.
If the command is set without a behavior set, the device will execute the default behavior, which will log an error with the MDM, including an ErrorChain, before completing the task, which will erase the device completely, OS included.
I can’t quite derive the importance of the difference between ObliterateWithWarning and the Default behaviors, as both items will result in a wiped system, but the logging will be slightly different. I will update this post if that becomes clearer.
Cannonball 