🔒 Patreon Special

IT Pros: exclusive shows await you on Patreon, focusing on the more challenging aspects of running your practice and working with clients and employees.

316: Wi-Fi On A Stick

/

Special Thanks To Our VIP Sponsors!

Topics:

wifistick.jpg

-Sam has a first run working with the ”Wi-Fi on a stick” method of mapping out Wi-Fi. He uses a product from wifistand.com and NetSpot to create a map":
https://wifistand.com

-Joe brings up a great tool called Magic Plan to create floor plans on iOS:
https://www.magicplan.app/en/

-The nanoHD is a particular Ubiquiti model that same used and likes to deploy

-Joe warns of things to be aware of when scouting out an environment for Wi-Fi

-Another new monthly service that Sam is offering is hosting a UniFi controller in his environment to manage firmware updates and alerts. Joe weighs the responsibilities that comes with such an offering.

-Joe throws Sam a curve ball explaining how he has a singular login for his clients

-Another issue in the long line of networking troubles that Sam has experienced: finding incompatibility between a SonicWall and WAN connection at a NYC client. The fix? A dumb switch!

-That story rings a bell for Joe who has a similar story to tell about a Zywall and WAN connection that turned out to be a multi pronged problem.

Thanks to our Patreon Sponsors!

Thanks to our Patreon Sponsors!

315: The Skeleton Just Popped Up!

/

Topics:

-Jerry has a “non-technical” gripe about health bowls he wants to share

-Drink every time Joe says açaí

-To bring it back to technology, Jerry has issues with the motivational announcements on the Nike Run app

-Client perceptions and marketing terms often are deceiving

-clients that won’t spend money are nothing new. But Joe & Jerry dive deeper into the disfunctional relationships that persist through time.

-The “computer friend” is a red flag

-A potential customer approaches Jerry about doing project work or “cost plus” work before establishing an ongoing relationship

-A move to G Suite ends up being a challenge for Jerry as he gets bounced around support.

-Joe flips the conversation to show when clients can be correct and prove us wrong

-A shoutout to TidBITS Content Network (https://tcn.tidbits.com)

and all that they provide to us on a regular basis, as well as the bonus material during Apple announcements

-Joe compares directing a client to your blog to explain something as a customized “Let Me Google That For You”

-Sam wishes he was a part of the conversation as Jerry & Joe have a good ole’ fashioned gripe session about client habits

WWDC Skeleton.jpg

-“Oh no the skeleton popped up” - One of Joe’s clients saw Apple's branding for WWDC on apple.com and thought it was a result of her recent hacking, calling it a skeleton

314: Give Your Dough To The Baker

/

Topics:

-Sam has some follow up regarding his “Ubiquiti Hell” from a few weeks ago.  In the end, it turned out to be a bad UniFi USG device.

-Joe has some wise sayings to share that ring true in our industry and the value we bring as consultants:
"Let the Baker Bake the Bread, even if he takes half the Dough" - Persian Saying 

“Give your Dough to the Baker, even if he will eat half the bread.” 

-Sam says we are like bomb technicians.  “You are paying us to know which wire to cut.”

-Jerry has some follow up about two factor authentication being baked in to one of our favorite apps, 1Password.  This was brought to our attention by long time listener, Michael Reinhart.

-Jerry is curious about the various methods of how 1Password can sync you data and what Joe & Sam use

-1Password’s secure options for recovering your security related data can sometimes be off-putting for some users and drive them away from password management tools

-1Password has an affiliate program that is fairly easy to sign up for.  It is run by commission junction.

-Moving back to Addigy territory, Joe expresses his frustrations with the interface at times

-Joe shares a tip about creating a custom table view. There is a view option in the column toggle icon in the top right of the Devices list.  Then you can adjust it and Save the changes using the table view menu in the top left of the Devices list.

-Joe encourages the group to scratch beneath the surface of Addigy and find resources available in the community

-For Sam, he’s been utilizing Addigy to enable MDM features like white listing Kernel Extensions (KEXT) and deploying PPPC profiles.  In the case of PPPC, there is a great Git Hub project that makes the process easier for those who are not familiar with these profiles:
https://github.com/jamf/PPPC-Utility

-Joe covers the topic of User Approved MDM and Sam tags along with a discussion of Apple Business Manager and enrolling into MDM at Setup Assistant.

-Another Git Hub project, UMAD, provides a nice GUI interface to encourage your users to onboard and enroll into UAMDM
https://github.com/erikng/umad

313: Addigy And More...

/

Topics:

-Joe has spent time recently dedicating his focus on Addigy and Watchman Monitoring and understanding how to best leverage those tools

-Scripts has been what Joe has been concentrating on and he has found a tremendous amount of help and support through the MacAdmins Slack and the Addigy community

- Joe created a script to help ensure your client's Mac fleet gets restarted regularly, according to the best practice you decide. Initial prompt to gently suggest a restart after a "recommended" uptime, default to do nothing if ignored. Second prompt when uptime reaches "preferred", defaulting to gracefully restart if ignored. Final prompt when uptime reaches "limit", defaulting to try a graceful restart and then try a forcible restart if needed. Default values: 7 days, 21 days, 75 days. "I prefer HyperCard"

- Joe's script, for Addigy users: Restart Mac per Best Practice gets approved while recording the show!

-Sam talks about the “Easy Button” he learned while working with Jamf. He likes the thought of empowering the users to have them complete step 0 before calling support.

-These conversations seem to always point to how it weaves into your managed services or hourly plans. And having clients wonder why they have you if things are working so well.

-Joe also created a couple of great scripts to work with Watchman Monitoring functionality:
— This script to easily "Adjust Watchman Monitoring Time Machine Warning", default 21 days. For those users who just can't seem to run a backup regularly whether by circumstance or habit. Previously used to connect remotely to adjust this, since it can't be changed remotely in the Monitoring Client web interface. Now we can deploy it remotely, even across multiple machines or an entire client!
—Another script to "Adjust Watchman Monitoring Root Capacity Warning", default 95%. For those users who perpetually, or periodically, ride the edge of Apple's recommended best practice and you want to give them a bit more leeway. Again, it can't be changed remotely in the Monitoring Client web interface and we used to have to connect remotely to adjust this.

-Jerry gets a call from a new client in a remote location and discovers a 2011 iMac that was fairly unresponsive. Jerry is tasked with the job of migrating to a new iMac. He sees an old version of TeamViewer on the computer and discovers a surprise!

-Jerry & Joe discuss an episode of the CYBER podcast - Snowden on iPhone: with Android, patching landscape is a disaster because manufacturers discontinue phones quickly and don't continue providing software updates, and because phone vendors don't control chipset updates like for WiFi and cellular chips. This leaves many older phones vulnerable but in many different ways so there's no simple exploit or "skeleton key" for all devices. This mitigates the kind of widespread attack that can be developed for iPhone, since so many iPhones are running the same versions of iOS and have the same chips and firmware running on the chips.

-A worrisome story about sharing sensitive data with others on Dropbox is shared by Joe. It leads him to think of a method of phishing or scamming end users: create phony Dropbox accounts, create shared folders, share some data with strangers "accidentally" in a folder with a generic name like “SECURE”. Listen as Joe talks about how he would set his trap.

-Dave Provine brought up the SS7 vulnerability in the MacAdmins Slack, which was originally demonstrated at the Chaos Communication Congress hacker conference in 2014 and made some news on 60 Minutes in April 2016. It exploits vulnerabilities in a system called Signaling System No 7 (SS7), originally developed in 1975. So it's not just SIM hijacking that makes SMS a weak link. By hacking SS7, an attacker could silently snoop on SMS text messages, phone calls, and access phone location data. Yikes!

-iOS 12.3 and macOS 10.14.5: wow they fixed a lot of security issues! "An application may be able to execute arbitrary code with system privileges" and "A malicious application may be able to read restricted memory" and "A malicious application may be able to elevate privileges" and "A local user may be able to modify protected parts of the file system" and "Processing maliciously crafted web content may lead to arbitrary code execution"

312: The Sunk Cost Fallacy

/

Special Thanks To Our VIP Sponsors!

Topics:

-Jerry discusses the origin of the Jer-RE-SEND

-Jerry’s dad gets schooled on email security. His dad makes a statement that many of our clients share: “how am I supposed to know these things?"

-One of Joe’s clients thinks Touch ID will be “hacked”

-While on the topic of security, 1 Password is highly recommended by us but the built in iCloud Keychain has come a long way and may fit the bill for some customers

printshop.jpeg

-Jerry’s dad provides some additional comic relief during a modem upgrade

-This story reminds Joe of The Print Shop software by Broderbund and the “tractor feed” paper

-Sam gets a little salty when describing a day that went sideways when attempting to adopt Ubiquiti Unifi equipment on site.  Something he aways recommends against.

-We discuss the important concepts of the sunk-cost fallacy, or escalation of commitment. How can we know when we're being tenacious, and when we're succumbing to commitment bias?

-Joe's issue connecting to public WiFi, captive portal login page doesn't load. There are workarounds, like closing the popup login page (which displays "A problem occurred: The web page couldn't be loaded.") and then manually loading captive.apple.com in Safari, and refreshing the page repeatedly when necessary. Or loading the router's IP address in Safari. But it turns out that it's a bug in Sophos Home that affects Mojave, and they are working on a solution: Captive Portal / Login Page does not load on MacOS when connecting to a Public/Guest Wi-Fi Hotspot

- Joe uses a resource by Matt Coneybear to automate the process of connecting to VPN when on non-secure networks:
http://matt.coneybeare.me/how-to-setup-an-auto-reconnect-script-for-an-ikev2-vpn-service-on-your-mac

311: Interview With Chris Stout Of STOUT

/

Topics:

Interview with Chris Stout of STOUT

-Chris shares how he and Sam met at the Jamf Nation User Conference (hint: it involves a Command Control Power t-shirt)

-Chris has a great and unique domain at stout.computer.  He discusses acquiring that domain and some of the initial challenges with a different URL and email address

-Jerry is a fan of the site and the design

-Sam is curious about Chris’ business relationships in the field to grow his operation.  A reliable wiring person can go a long way

-Chris made the push to become a Jamf Integrator about a year and a half ago and tells our audience how that relationship works and how he uses it to help grow his business

-Moving to CA while his wife had worked lined up became the catalyst for him to be able to pursue becoming a Jamf Integrator

-A question Sam posed to the group: have you acquired a new client that had networking equipment you were not familiar with and if so, how do you handle it?

-A subject that Chris is familiar with is surveillance and IP cameras

-Chris backs a product called Security Spy, which is a Mac based product:

https://www.bensoftware.com/securityspy/

-The most common conversation that Chris has is comparing closed circuit camera systems like Security Spy or Surveillance Station to the simple cloud services like Nest or Canary

-Giving users the ability to maintain their own recordings and the ability to fully control who possesses the video is a big selling point

-When making camera solution suggestions, Chris is always looking to spec for growth

-Bringing it all home to managed services, Chris is looking to tie in his security offering to be included in an ongoing monthly management piece