This week’s Techno Bits newsletter has a summary of the Broadcom Wi-Fi SOC exploit, some great links from Emily Kausalik and Charles Edge on macOS Sierra’s logging system, and some backstage sneak peeks into Merriweather Post Pavilion’s new stage house and the network that supports it, as well as a thank you to Walt Mossberg for his incredible career in tech journalism.
At least two MDM vendors are going to be supporting the `InstallApplication` verb in the MDM Specification for the Mac. Why does this matter? As Apple encourages the adoption of MDM and DEP together for configuring user machines, the Munki community (and for that matter, the Puppet and Chef community) saw a path forward that didn’t include our favorite open source software installation agent. No longer.
Techno Bits vol. 97: Your Imaging Workflow Is Probably On Fire
Also included: Rackmount refrigerators, why decrypting TLS traffic may make your users less secure, and the arrival of spring.
This week’s Techno Bits Newsletter is all about reading the tea leaves, and how the work of Erik Gomez and others is looking promising for leveraging DEP and MDM with existing management systems like Puppet, Chef and Munki. Are we finally seeing the light on the horizon? Could well be.
This week’s Techno Bits focuses on my Summer Engineering Project: using Raspberry Pis for fun and profit! It was a lot of fun to do some hardware stuff for once, and I’ve ordered some extra kit goodies to try and do some other fun stuff with the Raspberry Pi with cameras and sensors and stuff. I also explain how to buid a RetroPie machine for retro gaming.
What’s the sane way to make sure that you’re not aggressively stupid with Munki changes? How do you maintain an orchestra of munki servers without relying upon a source control scheme?
This Week’s Newsletter has a doozy:
Conferences also show you exactly how much work you have left to do. And that’s okay, work isn’t a bad thing. It just sometimes puts that workload in stark relief and that can feel a little bad sometimes. Technical Debt is difficult to overcome because it requires a change in understanding – and often times training – but it serves to make your organization stronger.
This is part of Techno Bits Vol. 71. If you’d like to read more like it in your email every week, sign up
There’s been a lot of talk lately about Apple’s competitive advantage, and how we’re standing at some sort of mobile precipice that might find Apple on the receiving end of the same treatment Apple gave to RIM a while back. It’s good to stop and think about these kinds of things, and that’s important.
But in this case, I don’t see the case being adequately made.
I think we are at a technological inflection point, but in a lot of cases, it’s Apple pushing the marketplace forward, not sitting still. The first of these cases is Apple Pay. The state of payment structures in the US is antiquated and terrible. We pay with plastic cards with magnetic stripes that are easily duplicated, a technology that has been subject to fraud since before I left college more than 15 years ago.
Europe banded together years ago with Visa and Mastercard to create the EMV Chip-and-PIN system to build better cards. I’ve had one in my American Express since 2001 or so. But only within the last year have I ever used it to make a payment. Why? Because no one’s incentivized a movement away from the stripe payment system. This past year, a change in liability for fraud started to push more contactless and chip reader terminals to the forefront.
I’ve spent the past three months on a project replacing all of the old stripe readers with new chip and contactless systems for a client with a large venue. We’re now four big events in, and I can tell you more about the problems in the payment space than I thought I’d ever be able to. The biggest problem with chip card transactions? Time and User Awareness. If you get a user that’s never used their chip card before, even with the best terminals on the market today, you’re adding 30 to 60 seconds of frustration and delay to the transaction. And that’s with the best terminals on the market today!
What about the mom and pop shop on the corner that has no control over that experience?
It’s pretty bad.
Even with the shiniest new terminals, they’re still not the bulletproof credit card swipers that we’re used to, the ones that rarely if ever malfunction, because their software was treated like the software to keep astronauts alive: it can only fail safe, it can only be changed rarely. It was ossified technology for good reason: it worked, and it worked well, and it worked for people who didn’t want or need to understand every moving part behind it. The credit card industry had made it simple by taking on the technical requirements and adhering to them in an act of ironclad religious devotion that you might find admirable in a cargo cult.
Sure, contactless is a better experience, thanks to Apple Pay, because they put a lot of thought into the user experience, but it’s still a vanishingly small percentage of commerce. Apple can do better here by evangelizing the ease of use to both commercial institutions and users alike. This needs to be better if we’re going to complete that changeover. In addition, these transaction times need to get better and not worse.
But, if you want to see what the future looks like for payments, read what happened when a Buzzfeed writer lived only off contactless and bitcoin for a period of time.
Let’s slide onwards here to another advantage that Apple has: research and engagement with the scientific community. Last year, they released ResearchKit, designed to provide the research community with necessary and almost futuristic backends for collecting complex data from layman users. It was a huge project, to the point it was released in a keynote by now-COO Jeff Williams last year.
Better still, Apple both open-sourced ResearchKit, and then released CareKit to help medical environments make apps that can persist outside of the care environment.
Apple has an unquestionable commitment to medical research with iOS devices as tools to help gather data.
Meanwhile, Android has ScienceJournal which looks like a tinker toy.
So, I don’t think that Apple is nearly as poised to fall as quickly as RIM fell, especially not with their massive cash reserves and revenues. But it’s important to stay agile, and I expect Apple won’t disappoint. Even if I don’t want a Siri bridge for home, it would make sense to build it elsewhere if only to help mollify concern they’re missing a crucial interface.
So, it’s not all bad. Even if the markets make it seem that way. Apple is best when they have to compete for their lives. I look forward to seeing them hungry and behind. It’s when we get the best work from them.
Links to Read
- Blacktip: We’re moving from Google to Office 365. [Blacktip IT]
- Windows 7 (Sort of) has a Service Pack 2 [Ars Technica]
- A 4K Display that can actually be 4 different HD displays. I want this SO HARD [The Verge]
- A real virus affects Ubiquiti AirMax Antennas [UBNT Community Forums]
- Collecting 802.1X data using Python [Mike Lynn’s Github]
- Dealing with Documentation Debt [18F]
This week’s edition of Techno Bits is now out in the wild, and this week I’ve written about the ransomware trojan that was embedded in Transmission 2.90 by an unknown party who both had an Apple code-signing certificate and access to Transmission’s web server. That’s a huge threat vector, so it might be time to start thinking about using Extinguish on a full-time basis.
Also included are the latest update to Munki-in-a-Box, and some thoughts about the nature of web security, and the state of my iPad Pro fascination.
A special edition of Techno Bits due to yesterday’s court events surrounding the iPhone and Encryption:
Late yesterday, Apple released a letter to their customers, signed by CEO Tim Cook, concerning device encryption. Earlier in the day, a Federal Court, at the request of the Department of Justice, issued a technical assistance order to Apple to get them to comply. The phone belongs to a deceased person accused of shooting a number of people in an attack on a county facility in San Bernardino, California, and the iPhone 5C is locked. The FBI would like access to the locked device, presumably to determine whether the deceased was part of a terrorist cell, acting alone, or something even far more nefarious. Given the FBI’s mandate, it is not a surprise that they want access to the phone.
While this particular request is grantable (and attacks against A7 phones and later is not), it shouldn’t be granted, because we should not be giving anyone the ability to crack a locked iPhone, because developing those tools is admitting that they should be given to any government, not just ours.