Called it! Apple’s T2 Chip and You

Called it.  Apple’s new MacBook Pro line now features the T2 Chip, a new level of security for the machine.  One of the last security vulnerabilities with macOS is physical – got the machine in your hands? Then you can still mess with it.

The T2 chip changes all that.  Introduced with the iMac Pro in 2017, the T2 will prevent you from changing the firmware password on the machine even if you have physical possession.  You’re prevented from booting an OS without verifying its properly signed, and you can be restricted from booting from an external at all.  Finally, any data that goes to the hard drive MUST go through the T2 chip for always on encryption.

“But Sean, what happens if the T2 chip fails?  Wouldn’t that kill every bit of data on my computer?” Eyup.  The chip dies, your encryption dies.  Be sure you back up.

“But Sean, how do I fix the T2 chip if it goes bad?” Well, I’m assuming you’re an IT professional if your answer isn’t “go to the Apple Store.”  Time to investigate a little program called Apple Configurator

“But Sean, all this sounds terrible and possibly dangerous!  I don’t want this in a computer…” The security far, far outweighs the danger in this case.  And, hate to break it to you, you’re stuck with it.  Apple is putting it in every new MacBook Pro (and plan on that to be in the MacBooks, the iMacs, the MacBook Air…. the Mac Mini if they ever get around to it, grumble, grumble…)

You can read a little tiny bit more about the T2 security with the Apple macOS Security Overview. It’s dry, dull, and like awful tasting medicine, completely necessary.  Read it, love it, embrace it.

Now, if you’re a company with a fleet of computers, this is both a benefit and a bit of a problem to solve…  Obviously, security is key.  If the bad guys aren’t after you, you’re deluding yourself.  Of course they’re after you.  They’re after everyone.  This is one more tool to protect, but you’re going to need a plan for how to deploy, protect, and maintain over time.

First, if you’re rolling out a new machine to someone, that old school “flash it and hand it” method of disk imaging is done – Apple says you can’t trust any OS that isn’t its official signature.  Kinda the InfoSec version of “Trust nobody over 30.”  Get on Device Enrollment Program and learn the wonders of the trusted, bootable OS install…  https://support.apple.com/en-us/HT208020

Second, you’re going to want to turn on that firmware and FileVault password. Gonna keep all those passwords in an Excel spreadsheet, buddy?  Maybe in Notepad?  On a post-it in your desk?  Don’t think so, pheasants.  This is a league game!  If you’re not going to keep the keys secure, welp.  Let me know how that works out for you when you’re job hunting.  Plan on a proper inventory management and tracking system.  (Hint: jamf.com)

Third, if you tell your legal team they have a fleet of laptops that potentially could be subject to a legal hold that you have no way to decrypt without the employee handing over a password that you can’t control…  Ever see a lawyer go from almost fainting to murderous rage within 3 seconds?  Stop reading right now and try; we’ll wait for you.

Did you try it?  And survive?  Then you better have a policy to get a copy of those decryption keys.  (Hint: jamf.com)

You will need a plan yesterday for physical security, password security, legal hold unlocks, and while you’re at it, might be a good idea to make sure the machine isn’t pwnd while the user is using it too; let’s keep that software up to date.  It’s time for a management system.  I happen to know a guy to help your Macs… (*cough cough jamf.com cough*)

“But, we don’t have Macs in our business, Sean, haw haw, joke is on you!” Apple has been leading the way in computer design and architecture for 10 years at least now.  Think this isn’t going to affect your Windows fleet?  Your random Ubuntu boxes? Secure computing is coming, folks.  Start planning for winter.

In memoriam: Sean Kipp Rabbitt (1942-2018)

Sean Kipp Rabbitt, my father, passed away last night.  The general cause of death was being old and sick; he had a quad bypass, a lung removed, a stint in his heart, and the cancer that came back was being treated.  He got up from his chair at home and fell dead on the floor in front of my mother and didn’t get up again. He was 75 years old.

To borrow an analogy from Mr. Douglas Adams, our family is religious much in the same way a brick hovers in the air.  There will be no service, no burial, no pomp and circumstance, so this is my way of eulogizing the man, a self-serving bit of pride for my father and a self-reflection on who I have become because of him.  I loved him, and he was one of the good guys.

I think one of the best ways to describe him would be a story of his days as an engineer.  The accuracy of this story is questionable, but the co-conspirators, if also still around and kicking, would agree to the tone if not the exact substance of this story.

Dad worked for a company named Amperex Electronic Corporation, a company lost now to the progress of technology.  Amperex made vacuum and imaging tubes used in studio video cameras, giant hulking pieces of electronics on enormous casters, pulled around the television studio by giant, hulking men wearing giant, hulking headsets, taking instructions from a team of engineers in a control room surrounded by cathode ray tube television sets and giant, hulking electric control boards to create the entertainment you got in your living room.  Dad was a sales engineer for their successful Plumbicon imaging tubes — red, green, blue — three each for the giant, hulking cameras.  He sold to all the studios and all of the three (and at the time, only three) networks: ABC, NBC, and CBS.

If you pull out your iPhone and look at the back of it, you’re going to see where this story of video cameras is eventually going.

In the 80s, the move was well on the way for giant, hulking studio cameras to be replaced by smaller, portable CCD imaging cameras, and the big player in that market was Ikegami.  The quality was definitely not what you have for imaging today.  Cameras were still in low definition compared to your 80-inch 4K HD TV hanging on the wall of your living room, and when you used a CCD camera to record a fast-moving object like a football, the image streaked across the screen with a blur, the imaging chips unable to keep up with the speed of the motion.

Near the end of the reign of the Plumbicon cameras, one of the last holdouts from switching over was the sports division of ABC.  They had Monday Night Football, and the quality of the tube cameras was superior to the Ikegami competition.  But the writing was on the wall: CCDs were getting better, and it was cheaper, so the ABC team of engineers, and my father with whom he was friends with for over 20 years prior, knew what was inevitable.  This did not stop them from screwing with the newcomers, however…

My father, his boss, the sales team from Ikegami, and the ABC engineers and pencil pushers were pulled into a meeting in NYC.  Put up or shut up.  ABC was deciding what they were going to do.  Ikegami did its presentation showing of the latest equipment: lighter, cheaper to maintain, superior quality for imaging, saving ABC Sports zillions of dollars, etc.  The usual pitch.

Then came my father’s turn.  Unbeknownst to his boss, he reached down and opened his briefcase, pulling out a tube.  “We have a new product that can save you from having to replace all of your cameras yet give you the reliability of the CCD imaging.  We call it the Chippacon.”  Quickly he produced a standard Plubmicon tube, a hand-built vacuum tube about five inches long with a carefully crafted analog imaging sensor at the end lovingly adorned with a memory chip he pulled from one of our old IBM PC computers and hot glued to the business end of the tube.  He turned to the lead engineer of ABC and showed it to him, hiding it from the now suddenly pale faced and shocked team of Ikegami sales people.

The ABC engineer took it and cupped it in his hands like a precious object, hiding the top of the tube and its analog to digital hot glue converter and appraised it approvingly.  “Oh, this will be perfect!  And we don’t need to do any modifications to our fleet of existing equipment?”  Straight faced, he started passing it down the table to the other ABC engineers as the Ikegami team scrambled to attempt to see this miracle of technology.  “Correct,” said my father, “it is a perfect plug and play replacement.  We’re seeing replacement life in the 10,000 hour range in our tests in house.”

The ABC pencil pusher had absolutely no idea what was going on when the lead engineer said, “Gentlemen, this changes everything.  Let’s adjourn and we’ll let you know.”  The engineers passed the tube back down their side of the table, and my father put it back in the suitcase and locked it.  The Amperex and ABC team stood and walked out of the room, chatting up my father about this “new technology” leaving the Ikegami team stunned and unable to respond.

Did ABC end up buying Ikegami cameras?  Of course.  But that wasn’t going to stop a group of engineers from screwing with a bunch of upstarts who didn’t know any better when presented with obvious BS.

Is there a moral to this story or a great takeaway as a son having experienced him telling this story?  Nope.  But I think it summed up my father’s life philosophy: none of us are getting out of this alive, so have fun while you’re doing it.

I’ve grown up well into being middle aged, and I’m a sales engineer myself now.  For my new coworkers, be forewarned that the apple doesn’t fall far from the comedy tree, but at least we’ll all have a great show.  I’ve got Kipp to blame for that.

Thanks, Dad. I’m going to miss you.

– Sean Rabbitt, June 15, 2018.

 

Just some thoughts

When one gets married one usually becomes a member of the other’s family and social circles. When I married, I was fully embraced by my spouse’s family. I was a welcome member at dinner, holidays, and events around the house. After twenty plus years being together I’ve become comfortable with my family. This past week we lost Dad Rabbitt.

I was adopted by the Rabbitt Family when I started dating Sean. When Kipp learned that I enjoyed sailing  and that I worked ten minutes away from his house, he would routinely call and say he was looking for some crew for the day. Every time this happened, I would reschedule my meetings and meet him at the boat for an afternoon of sailing. 

On weekends Sean would come down, sometimes our sister would join, and the four of us would spend the day out on the water chatting, enjoying Narragansett Bay, just enjoying life. Kipp knew all the places to stop for lunch up and down the Bay. One of his favorite spots was Chelo’s, but he wouldn’t say no to hitting Iggy’s for clam cakes and chowder.

Another thing Kipp would call for was yard work. I do enjoy working outdoors with my hands. One day I got the call that Kipp wanted to burn some yard debris and had obtained a permit from the town, so I headed on over, and there was Kipp with a flare gun starting a fire of epic proportions. The next few hours were spent making sure none of the trees around the are caught fire. It was classic Kipp.

Kipp reminded me a lot of my grandfather who I lost earlier this year. 

Two great men that I looked up to have passed. 

It’s been a busy year…

To say it’s been a busy year is an understatement…

…It all started in January with the Consumer Electronics Show followed by a trip to California for Knott’s Berry Farm and Downtown Disney. Then in February we went to LA to see WorkJuice Under Coverfollowed by Folf visiting for an epic photo shoot (brush brush brush); immediately followed by a trip to Boston for Anthro New England. We ended up back in Boston the following week for my grandfather’s funeral. Our Corgi friend visited in March and I had another California Trip to teach the California Department of Public Health how to test cannabis for aflatoxins. April started strong with Motor City Fur Con followed by a week long team summit in held in Nevada. Then it was off to Reno for Biggest Little Fur Con! After that I headed to Vancouver for the ICANN (Clap Clap Clap) GDD Industry Summit while Sean held an Aflatoxin Training session for Harris Ranch and P-R Farms in the California Central Valley. The next week we were at ChefConf in Chicago and now are in Minneapolis for another industry summit

June and July will be met with house guests, which is always fun. We really do enjoy cooking and sharing our home with friends and family.

August gears up for more travel with trips to Denver, Minneapolis, France, followed by San Jose, Phoenix, and Chicago.

What have you been up to the first half of the year?

GDD Industry Summit, May 2018 Recap

Greetings and welcome to my first blog post here at DNSimple. As Anthony mentioned in a prior post I recently joined the DNSimple team to assist with sales and marketing pursuits. One of core activities of the sales and marketing is attending industry events. Conferences, industry events, meetings, and trade shows can easily fill the calendar if one lets them. The crafty sales team picks and chooses each event with care with specific goals in mind. For my first event, it was the GDD Industry Summit held in Vancouver, British Columbia in May of 2018. My goals were clear, to meet industry leaders, attend sessions on a variety of topics, and learn from my co-workers. In addition to the GDD Industry Summit I had the opportunity to meet with prospects with one of our valued partners.

Tony Kirsch kicked things off for me at the Success Stories of New gTLDs: From Brands to Generics to Citiespanel. The session was packed full of examples of how new gTLDs can be used to focus a person/organization/company’s internet presence. When talking about brands and brand TLDs the primary advantage is brand image. That said, brand TLDs allow companies to create lots of second-level domains for campaigns and products. Take BMW for example, who use the .bmw TLD in their marketing (used next100.bmw to promote the next 100 years of BMW – it currently points to their .com home page). From a brand marketing point of view, brand TLDs allow for shorter and more memorable URLs. While not as popular as .com some generic new gTLDs are gaining acceptance including .blog, .cloud, .io, .shop, and .works.Perhaps the most important of the new gTLDs are those focused on cities. The .vegas TLD and .nyc TLD have worked in favor of both Las Vegas and New York City.Overall it was a very informative session. As more and more people and companies adopt the use of gTLDs their acceptance will grow. I envision a future where .blog, .works, .shop, and more (link to TLDs Page) are just as respected, or more-so as .com.

The next panel discussion I attended, Industry Led Initiatives to Improve Domain Name Adoption & Use: DomainConnect.org, id4me.org, and more, highlighted some of the things key players in the industry are doing to help end users seamlessly interact with their domains. Many of the services discussed are currently offered by DNSimple – our one-click-services (link to services) allow users to instantly connect popular services to their domains so they can be up and running quickly without having to manually create domain records. One of the things that I thought was interesting was an authentication scheme still in development, id4me. This is is an open, public, user-friendly Internet identity system that provides authorization of a user for access to any third party accepting ID4me identifiers and controlled communication of the user’s personal information to said third parties accessed by the user. (Link to graphic from slide at http://id4me.org/wp-content/uploads/2018/01/did-techbrief-concept.png.)

After lunch I attended a compliance session. Entire blog posts can be written about that hour and fifteen minutes – by someone not me.

My final round table discussion of the day was by far the most informative. Lead by Frédéric Guillemaut, the Marketing Premium Namessession went over the pitfalls and benefits of premium and reserved domain names.

Premium domain names are those that are already owned by a person or registry but are available for sale at an increased cost or those domain names held back from general registration by the registry due to their perceived higher value. Held back premiums are those that make the domain appear more valuable – such as fast.car, sports.car, double and triple letter names, and single character names for that TLD. Secondary market domains of high value are considered premiums due to the costs involved and the often need of a broker to handle the exchange between the current owner and the prospective owner. One of the issues discussed was the radically different pricing structure for these higher value names. Some charge a higher registration fee and then a lower annual renewal fee, others charge a higher than standard domain registration fee and then the same amount annually…others have multiple pricing tiers that have their own renewal fees. I guess the simplest way to talk about these special names is to say it’s complicated.

Other topics in the round table included early access periods for new TLDs, post payment vs pre-payments for registrars, and harmonization of the Extensible Provisioning Protocol (EPP).

While I’m not a real fan of early access periods or domain name auctions, I do understand that these are components of the industry. I also understand that trademarks need to be honored and that the Trademark Clearinghouse is a vital component in the creation of new gTLDs. The Trademark Clearinghouse is the repository for validated trademarks for the purpose of protecting brands in ICANN’s new gTLD program (http://www.trademark-clearinghouse.com).

After the last session I met up with the rest of the DNSimple Team at the event and we shared what we had learned. Overall it was a very educational summit for me.

Yet another security issue…

https://9to5mac.com/2018/05/20/teen-safe-apple-id-password-leak/

Apple ID passwords included in teen phone monitoring app’s data breach

Apple has the tools to solve this, folks. Use Parental Controls and Family Sharing. Apple even offers classes on it – hit apple.com/today. 

And if you’re extra paranoid, call an ACN in your area for help to supervise your kid’s device and toss Jamf Now on it. 

At that point you may want to consider NOT giving your kid a device… no matter what they say, if you can’t trust your kids, they don’t NEED an iPhone.

Smart Luggage – Why do we accept bad engineering?

https://www.linkedin.com/feed/news/smart-luggage-takes-another-hit-1372250

I’m not surprised by the fear over bad batteries; it’s our own fault for poor engineering and consumer acceptance of a lack of UL certification. I actually picked the Away Travel bag specifically for the removable battery. http://fbuy.me/iVRGy

And for the “smart” part, I picked a simple Tile. http://ssqt.co/medN4d4

So far it’s worked pretty well; the Tile has let me know my bags are on board almost at the same time my Delta app has notified me they’re loaded

Home Meal Delivery Services – A Review

Back in 2013 a friend, let’s call her Amy, introduced me to the concept of Blue Apron (https://www.blueapron.com) and every week (except when traveling) since then I’ve received a box containing three meals for two people. The services has been excellent with only two meals being less than ideal and a handful of selections that I wouldn’t cook a second time. There are many that I have duplicated for friends and the cooking techniques imparted by Blue Apron have made kitchen time more enjoyable. I’ve shared Blue Apron with friends, though admittedly many have not stuck with the service as long as I have. Over the last two years I’ve expanded beyond Blue Apron to include Plated (https://www.plated.com), Munchery (https://munchery.com)  HelloFresh (https://munchery.com), and Smith’s (https://www.smithsfoodanddrug.com) into my kitchen: alternating weeks between the three dinner delivery services and using Munchery as a lunch service as needed and Smith’s to fill in the gaps on travel weeks. This has not eliminated the need for grocery shopping as these services are only replacing three meals a week, allowing my spouse and I to experiment or go out the remaining evenings.

The purpose of this post is to review each of the services as they compare to each other and my experience with each. The reviews will be in no particular order.

What Do These Services Offer:

Each of the four services send fresh ingredients with no preservatives to you home in a box packed on reusable ice blocks. Inside the box are the recipes to go with the foodstuff. Everything is labeled. Digital versions of the recipes are also available for Blue Apron, HelloFresh, Munchery, and Plated. Blue Apron has a social media (Facebook) integration allowing people to see tips from other users on a per recipe bases. They also include video tips and cooking techniques for the novice chef to learn how certain things are done, like chopping and egg separations. All of the services include nutritional information for each of the meals provided. To a lesser extent HelloFresh and Plated have similar offerings. Munchery also has an extensive tips and hints for many of their recipes. The Smith’s product offering provides only the recipe card in each box.

Now to review each service…

Blue Apron:

  • Skill Level: Intermediate
  • Food packaging: Everything is labeled, but loose in one box. Meats are individually wrapped.
  • Delivery: UPS and OnTrack (Depending on where you live)
  • Price: $59.94 (9.99 per meal – 6 plates total / 3 Unique Meals)
    • Offers a family plan for more than 2 people
    • Cooking Time: 45 – 90 minutes per meal.
    • Required Pantry Ingredients: Salt, Pepper, Oil

Summary:

By far one of the longest running meal delivery services Blue Apron always impresses me. There have been very few meals that disappointed us. Blue Apron requires a certain cooking skillset, but offers the tools to teach if one does not possess that skill set in the form of videos on their website.

Things to keep in mind, if you know where a recipe could use extra garlic or an onion that is not included in the recipe card, you’ll enhance your experience. Also note that an additional piece of protein can stretch almost every Blue Apron meal to three portions. This is not true of the other services.

All in all my favorite of the delivery services.

Munchery:

  • Skill Level: Novice
  • Food Packaging: Individual boxes containing all the ingredients for each meal. Meats are individually wrapped.
  • Delivery: UPS (Depending on where you live)
  • Price: $4.95 Monthly Membership – Pay per meal price, 15% off for members. Meal kit prices vary… Works out to be slightly more expensive than Blue Apron.
  • Cooking Time: 20 – 30 minutes per meal
  • Required Pantry Ingredients: Salt, Pepper, Oil

Summary:

Munchery is ideal for planning lunches. You get to pick everything that is delivered based on your pricing needs. Time to cook is the shortest as they have done all the work for you. It’s simpley heat and eat.

Plated:

  • Skill Level: Novice
  • Food Packaging: Individual bags containing ingredients for each meal, larger items are bagged separately. Meats are individually wrapped.
  • Delivery: UPS and FedEx (Depending on where you live)
  • Price: $59.70 (9.95 per meal – 6 plates total / 3 Unique Meals)
  • Some recipe selections are a slightly higher price
  • Add on dessert recipes are $4.00 per dessert
  • Offers a phone number to call if you are planning for a larger event and need more than two plates of the same meal
  • Offers a family plan for more than 2 people
  • Cooking Time: 30 – 60 minutes per meal
  • Required Pantry Ingredients: Salt, Pepper, Oil, The occasional Egg

Summary:

Plated is the most cumbersome of the services as they often require you to have things in your pantry that you might not have around – like an egg for batters and coatings. This means you can’t do that meal until you have said egg.

Otherwise it’s a very pleasant service.

HelloFresh:

  • Skill Level: Novice
  • Food Packaging: Individual bags containing ingredients for each meal. Meats are individually wrapped.
  • Delivery: UPS and FedEX (Depending on where you live)
  • Price: $59.94 (9.99 per meal – 6 plates total / 3 Unique Meals)
  • Offers a family plan for more than 2 people
  • Cooking Time: 30 – 90 minutes per meal
  • Required Pantry Ingredients: Salt, Pepper, Oil

Summary:

HelloFresh is almost exactly like Blue Apron.

Smiths:

  • Skill Level: Novice
  • Food Packaging: Individual boxes containing ingredients for each meal
  • Delivery: Local Pickup at grocery store only
  • Price: $16.00 per two meal box regular price, $8.00 per two meal box sale price if used same or next day (read: about to expire boxes).
  • Cooking Time: 30 – 45 minutes per meal
  • Required Pantry Ingredients: Salt, Pepper, Oil

Summary:

Smiths is a good service if you need something that day or the next day as you can go and pick up the box you need that day. No waiting on deliveries and if you need something else it’s right there.

Conclusions:

I very much enjoy these services. It adds a verity to my cooking with little thinking effort on my part. I will stick with Blue Apron as my primary, and continue to alternate through the others as needed.

In writing this I realized that these services are pretty much the same at very similar price points. I have over four years’ worth of recipe cards in binders on my cooking shelf. The meals I often repeat come from Blue Apron and HelloFresh. The services that have offered me the most education have been Blue Apron and Plated as their tips & tricks and education aids are far superior to the other services.

Bottom Line:

All the services are fun way to spend time in the kitchen with my spouse. We really enjoy cooking together and these services take the guess work out of that process. They take the thinking out of what to eat and provide the tools for success. The price works out to be less than going out to eat but more than grocery shopping (except Smiths). The portions are controlled so it makes dieting and weight management easier. We’ve never felt hungry after any of the meals we’ve cooked with these services.

For a slightly outdated photo blog of my cooking check out https://fox.rabbitvalley.com/Rifka/Rifkas_Cookbook/Rifkas_Cook_Book/Rifkas_Cook_Book.html

 

More passwords compromised…

Is it a day ending in “y”? Then it must be time for a brand new enormous company to announce they’ve been compromised!  This time it’s our friends at Twitter saying their programming mistake managed to copy your password in plain text into their log files.

Brilliant.

If you aren’t putting a unique password on every site, now is the time.  It’s easy with Apple devices.  Simply go to Safari -> Settings -> Autofill

Make sure User names and passwords is checked.  Now, when you visit a website, Safari will offer to save the password.  Here’s the best part.  Go change your dang’ed password!  Safari will offer a random password for that site AND remember it for you.

Sync that Stuff with iCloud!

If you’re a Mac user, you’re in luck with iCloud.  Go to  -> System Preferences -> iCloud.  Turn on Keychain.  This secure, encrypted password will now sync automagically to your macOS and iOS devices.  No more fat fingers with passwords on your iPhone, my friends.