🔒 Patreon Special

IT Pros: exclusive shows await you on Patreon, focusing on the more challenging aspects of running your practice and working with clients and employees.

241: "Not Dead Yet" With Weldon Dodd of Rewind Tech - Denver, CO

/

Topics:

-To start the new year, we are very pleased to be joined on our first live show of 2018 by Weldon Dodd of Rewind Technology in Denver, CO.  Weldon hangs with the crew as another host in case Sam goes missing again.
https://rewindtech.com

-Some things never change, the old HCS land grab jokes are in full swing

-Joe discusses the first zero day exploit of 2018, actually launched via tweet on New Year's Eve. Check out the IOHIDeous narrative on GitHub, kind of interesting! The vulnerability exists in a process called IOHIDUserClient which the macOS limits to having only a single instance at any given time, which happens to be spawned by WindowServer. So in order to exploit the vulnerability, we need to kill the WindowServer process. But terminating it requires admin privileges and essentially reboots the GUI, so this is not a viable mode of exploitation. But it turns out that by logging out the user, WindowServer releases its IOHIDUserClient temporarily, giving the exploit enough time to spawn its own instance of IOHIDUserClient and leverage it to compromise the system. The exploit can use "launchctl reboot logout" which does not display a warning dialog. The exploit can also use an AppleScript command to send loginwindow an event called "AppleEventReallyLogOut" (osascript -e 'tell application "loginwindow" to «event aevtrlgo»'), and loginwindow apparently doesn't care who sent the event, but it does display a dialog box as if the user selected "Log Out" from the Apple menu.

-Jerry wonders if this will be on the CCP test

-Sam recalls a story working after hours at a client when the alarm goes off

-Weldon shares his story of a Promise RAID gone wrong. Friends don't let clients pull drives out of RAID drive bays.  It also leads to a further discussion about how to handle RAID solutions and future expansion.

-A handy virtualization app for Synology, which Sam has used in conjunction with CrashPlan, is Docker: https://www.synology.com/en-us/dsm/feature/docker

-Jerry is busy building Minecraft worlds on Synology. He ends up needing a volume formatted as Btrfs.  Read more here: https://www.synology.com/en-us/dsm/Btrfs

-Time Machine and Synology has had a spotty past

-Sam discusses a Wi-Fi upgrade in NYC and replaced aging equipment with Ubiquiti Unifi. He also has some advice on utilizing a Cloud Key.

-He also mentions a handy workaround to test network settings remotely while still needing to reconnect to the remote computer.  Joe recalls a similar solution for another problem.

-Jerry talks about the Unifi In Wall units that he has set up recently: https://inwall.ubnt.com

Thanks as always to our Patreon sponsors!

IMG_0890.JPG

Listen to the outtakes and learn the origin of this picture!

240: From The Cutting Room Floor

/

TOPICS:

- Time Machine and its network-equipped brother, Time Capsule, are superb innovations. They make backup seamless, invisible and easy. They’re also slow. Really slow. I’ve had to wait before I put my MacBook Pro to sleep sometimes while a backup finishes and, of course, the initial backup can literally take days.

Here’s how to fix that.

Open a Terminal window, which you’ll find in the Utilities folder within the Applications list, and paste in the following, typing your login password when prompted:

sudo sysctl debug.lowpri_throttle_enabled=0
This command prevents Time Machine’s backup process assuming a low CPU priority, allowing backups to complete insanely quickly. In fact, you’ll see MB and GBs tick past on the Time Capsule progress display in a second-by-second fashion (provided your Mac isn’t very busy with some other task).
http://www.mackungfu.org/massively-speed-up-time-capsule-time-machine-backups

- Karaoke Style With Taylor Boyko

Running With Adam Engst

Adam C. Engst is the publisher of TidBITS, one of the oldest and most-respected Internet-based newsletters, distributed weekly to tens of thousands of readers. He has written numerous technical books, including the best-selling Internet Starter Kit series, and many magazine articles - thanks to Contributing Editor positions at MacUser, MacWEEK, and Macworld. His innovations include the creation of the first advertising program to support an Internet publication in 1992, the first flat-rate accounts for graphical Internet access in 1993 (with Northwest Nexus for Internet Starter Kit for Macintosh), and the highly successful Take Control electronic book series. In addition, he has collaborated on several Internet educational videos and has appeared on a variety of internationally broadcast television and radio programs. His indefatigable support of the Macintosh community and commitment to helping individuals has resulted in numerous awards and recognition at the highest levels. In the annual MDJ Power 25 survey of industry insiders, he ranked as the second (2000)third (20012002), fourth (2003), fifth (2004), and third (2005/2006) most influential person in the Macintosh industry. He has also been included on the MacTech 25 list of influential people in the Macintosh technical community for both 2006 and 2007, and he was named one of MacDirectory's top ten visionaries. And how many industry figures can boast of being turned into an action figure?

Will O'Neal, founder and president of both Mid-Atlantic and Metro-Atlanta Computer Solutions, has been supporting Macintosh for nearly twenty years. He began his career in 1989 operating Linotronic Typesetters for Darby Graphics and worked his way into technical support after becoming an expert with early versions of page layouts, image editing applications and font management issues. He started MACS in 2002. Since then, the company has grown from just Will to twelve Apple enthusiasts, including six Apple Certified outside technicians. Will holds the title of Apple Certified Technical Coordinator, and he regularly attends classes around the world to stay on top of the latest hardware, software and solutions for business of all types and sizes. Because of Will’s vast experience and desire to stay current on ‘all things Apple’, he is also the Lead Technical Advisor for MACS. He has a passion for providing exceptional service and solutions to his customers. 

239: Joe's Super Secret Password - PSIMacRules!

/

We're sponsored this week by Watchman Monitoring, a favorite tool of ours that should be in every professional consultant's toolkit.

Visit WatchmanMonitoring.com/cmdctrlpwr and sign up for your free trial to find out how Watchman Monitoring can keep an eye on your client machines and notify you of over 100 issues. Be sure to tweet @cmdctrlpwr #CCPsentme to support the show!

TOPICS:

aca5bb517cf52056ea1d92214be167cf.jpg
VqZeE9Ai_400x400.jpg

 

 

 

 

 

 

The Kim Komando Show ® and all material pertaining thereto is a Registered Trademark / Servicemark: No. 2,281,044. America's Digital Goddess
https://www.komando.com

1200x630bb.jpg

238: Interview With Pepijn Bruienne Of DUO Security & The Mac Admins Podcast

/
pb.jpg

Pepijn Bruienne is a Research and Development Engineer at Duo Security in Ann Arbor, Michigan. He breaks Macs to help his employer's customers be more secure. With more than a decade and a half of experience in a variety of Mac Admins areas, his skills include Systems Administration, Operations Management, Mac/Linux/Windows Server and Desktop integration, software deployment, configuration management and process automation.

Pepijn is also co-host of the popular Mac Admins Podcast and friend to our show.  Subscribe today and listen to Pepijn and the crew discuss all things in the Apple IT world.  Listen to the first Command Control Power/Mac Admins crossover show here:
https://podcast.macadmins.org/2017/10/01/episode-53-cultural-exchange-with-sam-valencia/

Mac-Admins-Podcast-Retro-Colors-1.png

237: Beeping not Clicking

/

- Justin Esgar of the ACEs Conference and Will O'Neal, President of Mid-Atlantic Computer Solutions, join us to discuss ACEs 2018 in Baltimore, MD

- listeners get a 10% discount on ACEs Conference: https://acesconf.com/go/ccp

- Sam helped his Mom with iOS 11 update

- Jerry has MacBook Pro followup: he upgraded to a two year old machine

- buying on eBay

- selling used Macs on eBay or Mac Of All Trades

- Johnny Ive responds to criticism of MacBook Pro

- iPhone X impressions

- Sam fixed a failing drive that was beeping, not clicking: Opened up 2.5” hard drive to repair (moved the heads into park position while turning platter counterclockwise (it was beeping, NOT clicking)

https://www.youtube.com/watch?v=WNJqTPutrJ4

The Piezoelectric Effect

- Text Expander Snippet For Email Advice

- High Sierra PSA courtesy of Jason Campbell, ZMS Consulting:

“Scenerio: A Mac workstation running High Sierra is working off a Mac server. The Mac server is running macOS Server.app 5. 

Issue: The lock files generated when opening files that live on the Mac server aren’t deleting when the file is closed. This causes ‘file in use’ messages when trying to open the file again. It times out in about 10 minutes but still another reason to hold off on upgrading businesses to High Sierra. Apple engineers are aware of this and are working to resolve.”

Credit to Jeff Satterwhite for finding the issue. He’s the owner of Post Mod Tech out of Austin, TX. He’s a longstanding ACN member and FileMaker developer. 

Thanks to our Patrons for sponsoring Command Control Power!

236: MacBook Pro - Turn Back Time

/

Topics

  • Root login issue

    • needs catchy name... “Higher Sierra. Even Higher Sierra? Too High Sierra...”

    • Joe wonders if FileVault was affected, assumes not. Probably need to log into existing user account first. From Addigy's email: "Gaining access to user accounts and turning off FileVault encryption"

    • ARD was susceptible. (Another reason not to forward ARD/SSH port from WAN to LAN!)

  • Our friends at Addigy put out an immediate fix: https://www.addigy.com/fix-the-high-sierra-root-exploit

  • Clients ask, "should I update to the new macOS?" We usually recommend waiting a few months, especially with the major filesystem changes in High Sierra. Our previous best practice was to recommend waiting until the 10.x.3 update. Should we go back to that recommendation? Note that the issue existed in the current beta of 10.13.2 in addition to the latest release of 10.13.1.

    • The sweet spot of macOS releases: 10.x.3 - 10.x.n

    • Note the latest release of each macOS version, e.g. 10.5.8, 10.6.8 v1.1, 10.7.5, 10.8.5, 10.9.5, 10.10.5, 10.11.6, 10.12.6, etc.

  • Sam talks about "winging it" with a product he used to support - Canto Cumulus

  • Jerry starts a good discussion about the current lines of MacBook Pro models and the changes that have not been well received. He mentions Marco Arment's blog posts
    -The best laptop ever made: https://marco.org/2017/11/14/best-laptop-ever
    -Fixing the MacBook Pro: https://marco.org/2017/11/24/fixing-the-macbook-pro

  • Joe has some follow up on removing the Temp user account when the minus button is not available: you can also use Directory Utility. Open Directory Utility, authenticate as the Temp user, then remove the Temp user. Verify Temp user has been removed in Users & Groups, then manually delete home folder of Temp user. Note that we also tried changing the user's password from within the existing user (to avoid keychain issues) and it didn't work.