On the road with customer calls

Today I’m coming to you from a Flying J station in Gillette WY between customer calls. Successes so far! Two calls from the road with zero issues. These Pilot Flying J stations are nice as they have done recent WiFi upgrades, and often the wifi extends out to the truck/RV parking areas beside the stations. These nice breaks in the driving give you a safe, reasonably quiet place to do the calls.

One disappointment so far has been the Netgear Nighthawk M1 router on AT&T. The router for some reason needs to be rebooted on a fairly regular basis as the SSID stops announcing itself. I’ve checked settings to disable that, but the ol’ “turn it off and turn it on” seems to fix itself. Plus, even though my iPhone had clear, perfect AT&T network pulling down about 5 Mbs, the Netgear said it was roaming on T-Mobile and had no network connection. The SIM I used for the hotspot was pulled from an iPad Pro, so my only thought is AT&T cheaped out on the data plans there, didn’t want to pay for data in rural Wyoming, and only shows it’s “more bars in more places” to voice capable devices as a money saver.

Side note: Jamf Pro has been an absolute show stopper. If you can set up a Mac from a truck stop off a wireless hotspot, it will work anywhere.

Plan B at Day One?!?

Welp, this is looking promising. We’ve got the trailer after an hour and a half delay to start, and the next plan B is… there is no plate. No temp plate either. Not too thrilled with Airstream right now – a combo of failure to plan, lost passwords, and an unwillingness to call the bank to get their crap together.

So plan B is to drive with no plates (not even a plate frame!) with a 15 day temp moving permit in the window. So… this can’t go wrong when you’re gone for a month and a half!

Not impressed for a company claiming to sell a premium product with premium prices.

Tales from the Hop Inn

Ah, the digital nomad. Going from city to city, laptop and iPhone with hotspot in hand. This will be a short post, but that’s what Andrew and I are going to attempt this fall, a coast to coast trip from Las Vegas NV to Boston MA. The last character in this tale, a 2019 Airstream Globetrotter 27FB. We’ll have photos from the road, best practices, and some “plan B” stories as well I’m sure. The trip starts August 28, the planning and packing is happening now!

Keep track of the tales by following us on the web at hopinncoffee.com and social media to come.

Creative Data Mining with zone.vision

Your DNS records reveal more about your company than you think, especially if you’re using cloud services.  To verify your identity, Microsoft, Google, Cisco, Atlassian, Docusign, Dropbox, SalesForce, and more use a TXT record to make sure you’re an administrator on a company domain.

As a sales engineer, you can use this information for those meetings where you’re headed in blind.  It happens!  Sometimes you don’t have enough discovery to really have a quality conversation with a customer.  Here’s some tricks to use https://zone.vision (from the folks at DNSimple) to see what DNS is announcing to the world. Continue reading “Creative Data Mining with zone.vision”

Called it! Apple’s T2 Chip and You

Called it.  Apple’s new MacBook Pro line now features the T2 Chip, a new level of security for the machine.  One of the last security vulnerabilities with macOS is physical – got the machine in your hands? Then you can still mess with it.

The T2 chip changes all that.  Introduced with the iMac Pro in 2017, the T2 will prevent you from changing the firmware password on the machine even if you have physical possession.  You’re prevented from booting an OS without verifying its properly signed, and you can be restricted from booting from an external at all.  Finally, any data that goes to the hard drive MUST go through the T2 chip for always on encryption.

“But Sean, what happens if the T2 chip fails?  Wouldn’t that kill every bit of data on my computer?” Eyup.  The chip dies, your encryption dies.  Be sure you back up.

“But Sean, how do I fix the T2 chip if it goes bad?” Well, I’m assuming you’re an IT professional if your answer isn’t “go to the Apple Store.”  Time to investigate a little program called Apple Configurator

“But Sean, all this sounds terrible and possibly dangerous!  I don’t want this in a computer…” The security far, far outweighs the danger in this case.  And, hate to break it to you, you’re stuck with it.  Apple is putting it in every new MacBook Pro (and plan on that to be in the MacBooks, the iMacs, the MacBook Air…. the Mac Mini if they ever get around to it, grumble, grumble…)

You can read a little tiny bit more about the T2 security with the Apple macOS Security Overview. It’s dry, dull, and like awful tasting medicine, completely necessary.  Read it, love it, embrace it.

Now, if you’re a company with a fleet of computers, this is both a benefit and a bit of a problem to solve…  Obviously, security is key.  If the bad guys aren’t after you, you’re deluding yourself.  Of course they’re after you.  They’re after everyone.  This is one more tool to protect, but you’re going to need a plan for how to deploy, protect, and maintain over time.

First, if you’re rolling out a new machine to someone, that old school “flash it and hand it” method of disk imaging is done – Apple says you can’t trust any OS that isn’t its official signature.  Kinda the InfoSec version of “Trust nobody over 30.”  Get on Device Enrollment Program and learn the wonders of the trusted, bootable OS install…  https://support.apple.com/en-us/HT208020

Second, you’re going to want to turn on that firmware and FileVault password. Gonna keep all those passwords in an Excel spreadsheet, buddy?  Maybe in Notepad?  On a post-it in your desk?  Don’t think so, pheasants.  This is a league game!  If you’re not going to keep the keys secure, welp.  Let me know how that works out for you when you’re job hunting.  Plan on a proper inventory management and tracking system.  (Hint: jamf.com)

Third, if you tell your legal team they have a fleet of laptops that potentially could be subject to a legal hold that you have no way to decrypt without the employee handing over a password that you can’t control…  Ever see a lawyer go from almost fainting to murderous rage within 3 seconds?  Stop reading right now and try; we’ll wait for you.

Did you try it?  And survive?  Then you better have a policy to get a copy of those decryption keys.  (Hint: jamf.com)

You will need a plan yesterday for physical security, password security, legal hold unlocks, and while you’re at it, might be a good idea to make sure the machine isn’t pwnd while the user is using it too; let’s keep that software up to date.  It’s time for a management system.  I happen to know a guy to help your Macs… (*cough cough jamf.com cough*)

“But, we don’t have Macs in our business, Sean, haw haw, joke is on you!” Apple has been leading the way in computer design and architecture for 10 years at least now.  Think this isn’t going to affect your Windows fleet?  Your random Ubuntu boxes? Secure computing is coming, folks.  Start planning for winter.

In memoriam: Sean Kipp Rabbitt (1942-2018)

Sean Kipp Rabbitt, my father, passed away last night.  The general cause of death was being old and sick; he had a quad bypass, a lung removed, a stint in his heart, and the cancer that came back was being treated.  He got up from his chair at home and fell dead on the floor in front of my mother and didn’t get up again. He was 75 years old.

To borrow an analogy from Mr. Douglas Adams, our family is religious much in the same way a brick hovers in the air.  There will be no service, no burial, no pomp and circumstance, so this is my way of eulogizing the man, a self-serving bit of pride for my father and a self-reflection on who I have become because of him.  I loved him, and he was one of the good guys.

I think one of the best ways to describe him would be a story of his days as an engineer.  The accuracy of this story is questionable, but the co-conspirators, if also still around and kicking, would agree to the tone if not the exact substance of this story.

Dad worked for a company named Amperex Electronic Corporation, a company lost now to the progress of technology.  Amperex made vacuum and imaging tubes used in studio video cameras, giant hulking pieces of electronics on enormous casters, pulled around the television studio by giant, hulking men wearing giant, hulking headsets, taking instructions from a team of engineers in a control room surrounded by cathode ray tube television sets and giant, hulking electric control boards to create the entertainment you got in your living room.  Dad was a sales engineer for their successful Plumbicon imaging tubes — red, green, blue — three each for the giant, hulking cameras.  He sold to all the studios and all of the three (and at the time, only three) networks: ABC, NBC, and CBS.

If you pull out your iPhone and look at the back of it, you’re going to see where this story of video cameras is eventually going.

In the 80s, the move was well on the way for giant, hulking studio cameras to be replaced by smaller, portable CCD imaging cameras, and the big player in that market was Ikegami.  The quality was definitely not what you have for imaging today.  Cameras were still in low definition compared to your 80-inch 4K HD TV hanging on the wall of your living room, and when you used a CCD camera to record a fast-moving object like a football, the image streaked across the screen with a blur, the imaging chips unable to keep up with the speed of the motion.

Near the end of the reign of the Plumbicon cameras, one of the last holdouts from switching over was the sports division of ABC.  They had Monday Night Football, and the quality of the tube cameras was superior to the Ikegami competition.  But the writing was on the wall: CCDs were getting better, and it was cheaper, so the ABC team of engineers, and my father with whom he was friends with for over 20 years prior, knew what was inevitable.  This did not stop them from screwing with the newcomers, however…

My father, his boss, the sales team from Ikegami, and the ABC engineers and pencil pushers were pulled into a meeting in NYC.  Put up or shut up.  ABC was deciding what they were going to do.  Ikegami did its presentation showing of the latest equipment: lighter, cheaper to maintain, superior quality for imaging, saving ABC Sports zillions of dollars, etc.  The usual pitch.

Then came my father’s turn.  Unbeknownst to his boss, he reached down and opened his briefcase, pulling out a tube.  “We have a new product that can save you from having to replace all of your cameras yet give you the reliability of the CCD imaging.  We call it the Chippacon.”  Quickly he produced a standard Plubmicon tube, a hand-built vacuum tube about five inches long with a carefully crafted analog imaging sensor at the end lovingly adorned with a memory chip he pulled from one of our old IBM PC computers and hot glued to the business end of the tube.  He turned to the lead engineer of ABC and showed it to him, hiding it from the now suddenly pale faced and shocked team of Ikegami sales people.

The ABC engineer took it and cupped it in his hands like a precious object, hiding the top of the tube and its analog to digital hot glue converter and appraised it approvingly.  “Oh, this will be perfect!  And we don’t need to do any modifications to our fleet of existing equipment?”  Straight faced, he started passing it down the table to the other ABC engineers as the Ikegami team scrambled to attempt to see this miracle of technology.  “Correct,” said my father, “it is a perfect plug and play replacement.  We’re seeing replacement life in the 10,000 hour range in our tests in house.”

The ABC pencil pusher had absolutely no idea what was going on when the lead engineer said, “Gentlemen, this changes everything.  Let’s adjourn and we’ll let you know.”  The engineers passed the tube back down their side of the table, and my father put it back in the suitcase and locked it.  The Amperex and ABC team stood and walked out of the room, chatting up my father about this “new technology” leaving the Ikegami team stunned and unable to respond.

Did ABC end up buying Ikegami cameras?  Of course.  But that wasn’t going to stop a group of engineers from screwing with a bunch of upstarts who didn’t know any better when presented with obvious BS.

Is there a moral to this story or a great takeaway as a son having experienced him telling this story?  Nope.  But I think it summed up my father’s life philosophy: none of us are getting out of this alive, so have fun while you’re doing it.

I’ve grown up well into being middle aged, and I’m a sales engineer myself now.  For my new coworkers, be forewarned that the apple doesn’t fall far from the comedy tree, but at least we’ll all have a great show.  I’ve got Kipp to blame for that.

Thanks, Dad. I’m going to miss you.

– Sean Rabbitt, June 15, 2018.

 

Yet another security issue…

https://9to5mac.com/2018/05/20/teen-safe-apple-id-password-leak/

Apple ID passwords included in teen phone monitoring app’s data breach

Apple has the tools to solve this, folks. Use Parental Controls and Family Sharing. Apple even offers classes on it – hit apple.com/today. 

And if you’re extra paranoid, call an ACN in your area for help to supervise your kid’s device and toss Jamf Now on it. 

At that point you may want to consider NOT giving your kid a device… no matter what they say, if you can’t trust your kids, they don’t NEED an iPhone.