🔒 Patreon Special

IT Pros: exclusive shows await you on Patreon, focusing on the more challenging aspects of running your practice and working with clients and employees.

314: Give Your Dough To The Baker

/

Topics:

-Sam has some follow up regarding his “Ubiquiti Hell” from a few weeks ago.  In the end, it turned out to be a bad UniFi USG device.

-Joe has some wise sayings to share that ring true in our industry and the value we bring as consultants:
"Let the Baker Bake the Bread, even if he takes half the Dough" - Persian Saying 

“Give your Dough to the Baker, even if he will eat half the bread.” 

-Sam says we are like bomb technicians.  “You are paying us to know which wire to cut.”

-Jerry has some follow up about two factor authentication being baked in to one of our favorite apps, 1Password.  This was brought to our attention by long time listener, Michael Reinhart.

-Jerry is curious about the various methods of how 1Password can sync you data and what Joe & Sam use

-1Password’s secure options for recovering your security related data can sometimes be off-putting for some users and drive them away from password management tools

-1Password has an affiliate program that is fairly easy to sign up for.  It is run by commission junction.

-Moving back to Addigy territory, Joe expresses his frustrations with the interface at times

-Joe shares a tip about creating a custom table view. There is a view option in the column toggle icon in the top right of the Devices list.  Then you can adjust it and Save the changes using the table view menu in the top left of the Devices list.

-Joe encourages the group to scratch beneath the surface of Addigy and find resources available in the community

-For Sam, he’s been utilizing Addigy to enable MDM features like white listing Kernel Extensions (KEXT) and deploying PPPC profiles.  In the case of PPPC, there is a great Git Hub project that makes the process easier for those who are not familiar with these profiles:
https://github.com/jamf/PPPC-Utility

-Joe covers the topic of User Approved MDM and Sam tags along with a discussion of Apple Business Manager and enrolling into MDM at Setup Assistant.

-Another Git Hub project, UMAD, provides a nice GUI interface to encourage your users to onboard and enroll into UAMDM
https://github.com/erikng/umad

313: Addigy And More...

/

Topics:

-Joe has spent time recently dedicating his focus on Addigy and Watchman Monitoring and understanding how to best leverage those tools

-Scripts has been what Joe has been concentrating on and he has found a tremendous amount of help and support through the MacAdmins Slack and the Addigy community

- Joe created a script to help ensure your client's Mac fleet gets restarted regularly, according to the best practice you decide. Initial prompt to gently suggest a restart after a "recommended" uptime, default to do nothing if ignored. Second prompt when uptime reaches "preferred", defaulting to gracefully restart if ignored. Final prompt when uptime reaches "limit", defaulting to try a graceful restart and then try a forcible restart if needed. Default values: 7 days, 21 days, 75 days. "I prefer HyperCard"

- Joe's script, for Addigy users: Restart Mac per Best Practice gets approved while recording the show!

-Sam talks about the “Easy Button” he learned while working with Jamf. He likes the thought of empowering the users to have them complete step 0 before calling support.

-These conversations seem to always point to how it weaves into your managed services or hourly plans. And having clients wonder why they have you if things are working so well.

-Joe also created a couple of great scripts to work with Watchman Monitoring functionality:
— This script to easily "Adjust Watchman Monitoring Time Machine Warning", default 21 days. For those users who just can't seem to run a backup regularly whether by circumstance or habit. Previously used to connect remotely to adjust this, since it can't be changed remotely in the Monitoring Client web interface. Now we can deploy it remotely, even across multiple machines or an entire client!
—Another script to "Adjust Watchman Monitoring Root Capacity Warning", default 95%. For those users who perpetually, or periodically, ride the edge of Apple's recommended best practice and you want to give them a bit more leeway. Again, it can't be changed remotely in the Monitoring Client web interface and we used to have to connect remotely to adjust this.

-Jerry gets a call from a new client in a remote location and discovers a 2011 iMac that was fairly unresponsive. Jerry is tasked with the job of migrating to a new iMac. He sees an old version of TeamViewer on the computer and discovers a surprise!

-Jerry & Joe discuss an episode of the CYBER podcast - Snowden on iPhone: with Android, patching landscape is a disaster because manufacturers discontinue phones quickly and don't continue providing software updates, and because phone vendors don't control chipset updates like for WiFi and cellular chips. This leaves many older phones vulnerable but in many different ways so there's no simple exploit or "skeleton key" for all devices. This mitigates the kind of widespread attack that can be developed for iPhone, since so many iPhones are running the same versions of iOS and have the same chips and firmware running on the chips.

-A worrisome story about sharing sensitive data with others on Dropbox is shared by Joe. It leads him to think of a method of phishing or scamming end users: create phony Dropbox accounts, create shared folders, share some data with strangers "accidentally" in a folder with a generic name like “SECURE”. Listen as Joe talks about how he would set his trap.

-Dave Provine brought up the SS7 vulnerability in the MacAdmins Slack, which was originally demonstrated at the Chaos Communication Congress hacker conference in 2014 and made some news on 60 Minutes in April 2016. It exploits vulnerabilities in a system called Signaling System No 7 (SS7), originally developed in 1975. So it's not just SIM hijacking that makes SMS a weak link. By hacking SS7, an attacker could silently snoop on SMS text messages, phone calls, and access phone location data. Yikes!

-iOS 12.3 and macOS 10.14.5: wow they fixed a lot of security issues! "An application may be able to execute arbitrary code with system privileges" and "A malicious application may be able to read restricted memory" and "A malicious application may be able to elevate privileges" and "A local user may be able to modify protected parts of the file system" and "Processing maliciously crafted web content may lead to arbitrary code execution"

312: The Sunk Cost Fallacy

/

Special Thanks To Our VIP Sponsors!

Topics:

-Jerry discusses the origin of the Jer-RE-SEND

-Jerry’s dad gets schooled on email security. His dad makes a statement that many of our clients share: “how am I supposed to know these things?"

-One of Joe’s clients thinks Touch ID will be “hacked”

-While on the topic of security, 1 Password is highly recommended by us but the built in iCloud Keychain has come a long way and may fit the bill for some customers

printshop.jpeg

-Jerry’s dad provides some additional comic relief during a modem upgrade

-This story reminds Joe of The Print Shop software by Broderbund and the “tractor feed” paper

-Sam gets a little salty when describing a day that went sideways when attempting to adopt Ubiquiti Unifi equipment on site.  Something he aways recommends against.

-We discuss the important concepts of the sunk-cost fallacy, or escalation of commitment. How can we know when we're being tenacious, and when we're succumbing to commitment bias?

-Joe's issue connecting to public WiFi, captive portal login page doesn't load. There are workarounds, like closing the popup login page (which displays "A problem occurred: The web page couldn't be loaded.") and then manually loading captive.apple.com in Safari, and refreshing the page repeatedly when necessary. Or loading the router's IP address in Safari. But it turns out that it's a bug in Sophos Home that affects Mojave, and they are working on a solution: Captive Portal / Login Page does not load on MacOS when connecting to a Public/Guest Wi-Fi Hotspot

- Joe uses a resource by Matt Coneybear to automate the process of connecting to VPN when on non-secure networks:
http://matt.coneybeare.me/how-to-setup-an-auto-reconnect-script-for-an-ikev2-vpn-service-on-your-mac

311: Interview With Chris Stout Of STOUT

/

Topics:

Interview with Chris Stout of STOUT

-Chris shares how he and Sam met at the Jamf Nation User Conference (hint: it involves a Command Control Power t-shirt)

-Chris has a great and unique domain at stout.computer.  He discusses acquiring that domain and some of the initial challenges with a different URL and email address

-Jerry is a fan of the site and the design

-Sam is curious about Chris’ business relationships in the field to grow his operation.  A reliable wiring person can go a long way

-Chris made the push to become a Jamf Integrator about a year and a half ago and tells our audience how that relationship works and how he uses it to help grow his business

-Moving to CA while his wife had worked lined up became the catalyst for him to be able to pursue becoming a Jamf Integrator

-A question Sam posed to the group: have you acquired a new client that had networking equipment you were not familiar with and if so, how do you handle it?

-A subject that Chris is familiar with is surveillance and IP cameras

-Chris backs a product called Security Spy, which is a Mac based product:

https://www.bensoftware.com/securityspy/

-The most common conversation that Chris has is comparing closed circuit camera systems like Security Spy or Surveillance Station to the simple cloud services like Nest or Canary

-Giving users the ability to maintain their own recordings and the ability to fully control who possesses the video is a big selling point

-When making camera solution suggestions, Chris is always looking to spec for growth

-Bringing it all home to managed services, Chris is looking to tie in his security offering to be included in an ongoing monthly management piece

310: What Is Your Specialty?

/

Topics:

- Jimmy Obomsawin at jimmymacsupport.com in Washington DC and suburban Maryland had some followup to Joe's story about batch renaming files using the Finder, which Joe found out through this iMore article. Jimmy did some investigative work to determine this feature was released back in Yosemite!

- We discuss clients taking matters into their own hands: Jerry's client unplugs Ethernet cables because they claim he told them that would fix it, and Sam's client reset the AirPort back to factory defaults... "was that bad?"

- Joe shares the story of a one-time client with all the wrong equipment, which had been recommended and configured by a "computer friend". The Seagate NAS RAID enclosure failed, and now she's running off of RAID 0 primary storage. Needs new primary storage and new backup, and new workflows, and doesn't have the budget or interest. Sam points out the importance of walking away from a scenario like this before taking on the responsibility (and liability), and Jerry seconds this: "run away!"

- Sam has an update about a client forwarding his recommendations to the former (current?) "IT guy" who will be doing the new equipment setup remotely from Florida.

- Sam talks about lessons shared by Jerry and Joe on a previous show, about how to navigate personal relationships with clients.

- Sam talks about the challenges of selling subscription security services on firewalls, and clients finding parts for cheaper online.

- Jerry reveals a new wrinkle with his MacBook Pro 13-inch 2015 model that may have fallen off the back of a truck, when it comes back from repair and shows it's under management by Amazon

IMG_4823.png

309: The Tech Power Of Magnets

/

Topics:

-Sam discusses the work/life balance when he’s on the road

-Jerry describes being in “BusyCal Hell” with a small medical office. Joe & Sam weigh in with their thoughts

-As Jerry describes this situation as a hornet’s nest, it reminds Joe of Apple Knowledge Base Article HT201657 where they describe sync services “as if it were a swarm of bees”.

-Jerry reminds us of how BusyCal/BusyMac has changed hands some time ago

-The former “IT guy”. Trust is large part of our relationships and Sam spins a yarn about how that trust was completely broken with a new client relationship.

-An episode of Command Control Power wouldn’t be complete without a gripe from Joe. Safari suggestions is his latest target.

-In some truly amazing sleuthing, Joe shares a client story where he diagnosed an issue with a Mac going dark at seemingly random moments. From afar, he appears to have correctly pointed towards a multitude of magnets that the customer wears. He also recounts a similar story from episodes of the past where he diagnosed an issue with lighting and solar powered keyboards.

-Jerry shares a PSA about Startup Security Utility on Mac computers with a T2 chip: https://support.apple.com/en-us/HT208198

-Joe has real time follow up! While recording the show, he heard back from the magnetized client who confirms that he was right on the money with his diagnosis.