‘Tell My Wi-Fi Love Her’

Meetup notes – July 15, 2015

We took a small hiatus from our monthly meetups in June but returned in July with plenty to discuss.

Conference season started with Apple’s World Wide Developers Conference (WWDC) in June followed by Penn State’s MacAdmins Conference in early July and IDG’s MacIT Conference just a week later. Conferences are perfect opportunities for deep-diving into both new and existing technologies. Nothing beats removing the distraction of the office and immersing yourself in a few days of concentrated career education.

But almost everyone who attends a Mac admins conference says the most valuable experience is between sessions in the hallways. That’s where you strike up conversations with complete strangers who, coincidentally, have the same frustrations and problems to solve as you. That’s where I met Tom Bridge a little more than a year ago.

Question: What do these have in common?
Full beer kegs
Full Beer Kegs
Tom Bridge
Tom Bridge
Brick wall
Brick Wall

Since that time, Tom and I have seen each other at more conferences and kept in touch mostly over Twitter. Tom lives and works in Washington D.C. but when I heard he was passing through the Twin Cities on his way to the North Shore for a family reunion and vacation, I asked if he’d take a side trip to speak at our next meetup. By the next afternoon, we’d ironed out the logistics.

Notes

Our host for July was Will Pierce with Colle+McVoy (pronounced call-mcvoy), a Twin Cities advertising agency with a 70/30 split of Mac/Windows machines and non-managed BYOD iOS devices. Colle+McVoy is a longtime Casper user (since v2.1) with more than 35 years of support experience among its very small support staff.

Colle+McVoy hosted 23 Mac admins in its common area for the meetup and we seated a dozen around the table at Kieran’s Irish Pub for our after-meetup gathering for dinner and drinks. Nearly a third of attendees were new faces, including one from Green Bay, WI. Thanks, Bryce, for driving four hours each way to join us! We hope to see you again.

Introduction

John introduced Will, who spoke a few minutes about Colle+McVoy. But the technology showstopper was their TapServer.

This year-long project in the making by the creative technology and IT teams incentivizes employees to complete their timesheets for free beer at the end of the day. The server ties in to Active Directory and requires employees swipe their cards for a pour of four draft beer choices selected via iPad interface. NPR, Food & Wine, and USA Today have all featured the TapServer. Timesheet submissions are up 90%.

The TapServer’s node.js code isn’t currently open source but Colle+McVoy is looking at cleaning it up and publishing it.

Round-table

We allot time to discuss current issues in the Mac admin community. John spearheaded the talks.

WWDC announcements
  • For the first time, Apple made all its session videos available online either the day of the sessions or by the next day.
  • “Snow Yo” (short for Snow Yosemite) = OS X 10.11. Easier to say than “El Capitan”, right?
  • Apple made no hardware announcements but the new iThing will probably come this fall.
  • OS X Server has some big improvements coming to its caching server service. It will cache iCloud drive information. Keep this in mind for users who have a lot of photos. Invest in bigger drives.
  • Installing iOS 9 should require about 1.3 GB of free space vs. iOS 8, which required nearly 5 GB. This should triple the percentage of 16 GB iPad (the smallest available storage size) users who can upgrade compared to iOS 8.
  • App thinning for iOS apps means installed code is optimized for the current device and large one-time assets are deleted once played.
  • App thinning is a little scary for developers because they have to trust Apple to correctly thin their code for devices. It also means additional bug testing for administrators and could possibly introduce hardware specific bugs.
  • Rootless or System Integrity Protection (SIP) is new on OS X. Not even admins will have permission to modify certain directories of the OS.
  • Apple is open sourcing most of its programming language Swift. This probably got some of the loudest cheers from developers.
  • iOS 9 will introduce two-finger keyboard gestures to make selecting and manipulating text easier.
  • Picture-in-picture (PIP) looks pretty sweet for newer devices that can support it.
  • iOS 9 will also introduce a new feature to block provisioning profiles. For K-12 education, that should mean the end of their VShare problems with students.
PSU MacAdmins 2015PSU MacAdmins Conference
  • Several of us from the Twin Cities attended the conference this year.
  • It’s a very well-rounded conference with technical workshops and sessions.
  • It also included sessions on careers and being a well-rounded Mac admin.
  • It’s a very supportive community too with a good mix of networking and information.
  • This is a very “human” conference with a very different flavor from MacIT.
  • Slack revealed a huge difference in community when comparing PSU MacAdmins to MacIT.
  • The #psumac channel had over 250 users with many collaborating to post session notes online for others and then consolidating all the notes into a list.
  • The #macitconf channel was nearly dead in comparison with less than 35 users and little collaboration.
  • From the presenters to the facilities to the meals, everything is covered and the content is both deep and broad—munki, Absolute, Casper.
  • The conference offers someone with little to no knowledge of a particular technology an opportunity to learn something new.
  • It’s the best bang for the buck and the least expensive conference in the U.S.
  • Cost to attend was less than half compared to attending the west coast MacIT conference. Many are able to drive instead of fly. Cost is only $600 for one full-day of workshops and 2-1/2 days of sessions.
  • Breakfast, lunch and dinner were included most days as well as entertainment some evenings.
  • Senior-level directors as well as junior admins will each get a lot out of that conference.
  • This was the first year the full-day workshops were included in the overall cost of the conference instead of being optional.
  • It’s also about making the whole ecosystem work.
  • K-12 as well as higher education has a strong presence at the conference but it’s not focussed just on education and it’s not focussed just on enterprise. Content is very agnostic.
  • Content is also varied between commercial and open source solutions. Even vendor presentations feel less like sales pitches and more like education and the conference includes a wide variety of sponsors.
  • The initial conference started six years ago and was only for Mac admins working at PSU. Since 2013, the conference has strived to cast a wider net to get a more diverse audience.
  • 2013 and 2014 both sold out. 2015 almost sold out but it was also expanded to include more people.
  • Consensus is “If we had to pick one conference, it would be this one.”
  • Most sessions were recorded and will be available online in a few weeks. (Follow @mspmacadmns and we’ll let you know.)
  • The next MacAdmins Conference is June 27-30, 2016.
Microsoft releases Office 2016 for Mac for Office 365 customers
  • Bill gave a talk at PSU MacAdmins about Office 2016, which was released July 9, the day after his presentation.
  • Check out the slides (and video soon): Administering Office 2016 for Mac.
  • Currently, just for Office 365 customers.
  • Volume license should be released before August 9, when the Office 2016 for Mac Preview expires.
Hello, rootpipe, my old friend!
  • Rootpipe is a vulnerability in OS X that enables a non-admin to gain admin privileges.
  • This new vulnerability allows someone to write a dictionary plug-in, move it into a folder where they have access to write and gain admin privileges.
  • Rootpipe has been patched a few times already for OS X 10.10 (Yosemite).
  • Apple says it’s not going to patch this vulnerability for anything lower than 10.10. It has been found as far back as Mac OS X 10.6.8, which means these vulnerabilities are also in 10.7, 10.8 and 10.9.
  • This vulnerability isn’t going away for some reason.
SlackSlack tops 700 Mac admins
  • Most of the attendees didn’t know what Slack is.
  • This is a chat service that’s become popular in business and recently popular with Mac admins.
  • To get access to the Slack MacAdmins team, visit http://macadmins.org/. Do this first.
  • The MacAdmins team on Slack is a newly forming community that’s only been around 2-3 months.
  • 727 Mac Admins in one spot as of meetup night.
  • Ask questions. Bounce ideas of each other. Support each other.
  • Is this an effort to move away from the IRC channels Mac admins have been using? It’s having an effect and slowly overtaking the IRC channel because so many users are moving here.
  • Slack is a commercial product but we Mac admins are not paying for the service. At the current rate of users, someone has estimated the cost would be about $5,000/month.
  • We’re still trying to figure out how we’re being allowed access. Hoping this isn’t something that will go away after a little while. We suspect one of the team admins knows someone at Slack and is getting a special favor.
  • This has gotten a lot more Mac admins involved than IRC, even if they’re only lurking. That’s a good thing.
  • The team has over 100 channels (different topics) to organize discussions.
  • The #psumac channel was booming during the conference.
  • Slack integrates with other technologies such as bitbucket.org to send notifications of changes to code.
  • It also integrates with systems such as Zendesk to alert admins to new tickets when a monitoring system such as Watchman Monitoring generates an alert.
  • Integrates with Trello.
  • Join for the #mspmacadmins channel to chat and keep in touch with Twin Cities Mac admins.
Google and Mozilla pull the plug on Adobe Flash
  • Both Google and Mozilla immediately disabled the Adobe Flash plug-in in latest updates.
  • Right on the heels of the blacklist, the Chief Security Officer of Facebook called for Adobe to announce an end-date for Flash. (Applause.)
  • Developers need to get their stuff into HTML5.
  • Steve Jobs saw this coming five years ago.
  • The story behind Google and Mozilla blocking Flash stems from the Hacking Team getting hacked itself and losing a long list of Flash vulnerabilities it had found.
  • The Hacking Team is a company that used these vulnerabilities over the past five years to profit from governments wanting to spy on its citizens or anyone else.
  • All the Flash vulnerabilities this company was using to spy on us on behalf of governments are now out in the world and Adobe has a massive job trying to patch them.
  • Google and Mozilla are finally saying, “Enough’s enough.”
  • At least HTML5 is open code, whereas Adobe Flash, Microsoft Silverlight and similar plug-ins are proprietary company-owned codebases.
  • Companies with internal Flash-based code now have to move to another development platform.
  • Online testing companies that deliver rich content as part of their tests are probably in a world of hurt.
From the community

Daren is a new full-time Mac admin for his school and has no experience with Macs bound to Active Directory and using portable home directories (PHDs) via the plug-in. He’s inherited a group of Macs using NIS for directory services and NFS for connecting to home directories. He’s found Apple isn’t putting much effort into supporting these technologies for the long-haul.

The writing on the wall at his school is that Active Directory is the future of directory services. He’s been testing binding Macs to Active Directory and finds that PHDs with local accounts works fine. However, mobile accounts and full network drives “bomb, bail, fail” all the time—slow performance.

Daren has found Spotlight is trying to index these directories and is eating a lot of network bandwidth. He’s aware of the fixes to disable Spotlight indexing but he’s concerned this isn’t going to solve his problem.

What’s everyone’s experience with Active Directory and portable home directories?

  • From the audience: “No!”
  • Will with Colle+McVoy says seven years ago when he started working there, they were using PHDs. Over the years, though, as OS X was updated support got worse and worse and worse.
  • They eventually said, “Screw it!”
  • Active Directory binding is OK. PHDs are not.
  • Mobile accounts work OK but sometimes cause problems when syncing files to the server.
  • The use-case for PHDs at Daren’s school is to keep the new environment similar to the NIS/NFS setup with little user data stored on the desktop. Students may use different Macs but need access to their own files.
  • An option to this is to auto-mount shares for users to give them access to their files on servers without having to store their home folders on the servers. Users would need to be trained their desktop is just a machine for working and not backed up. “If you care about anything, put it on the server.”
  • Consider using an online backup solution such as CrashPlan to protect user data when network servers aren’t available.
  • Daren, you can stop beating your head against the wall. 🙂

Featured Presentation

Tom Bridge is a Partner at Technolutionary, LLC, in Washington DC and frequent presenter at various Mac technical conferences. At PSU MacAdmins this year he teamed up with Chris Dawe of Wheelwrights, LLC, in Seattle to host an all-day workshop about the physics of Wi-Fi or “A Fight With Physics”.

Tom condensed much of their workshop into an hour-long talk for our Twin Cities Mac Admins meetup this month.

A Fight With Physics

Some highlights and talking points from Tom’s presentation:

  • Wi-Fi has grown from a technological curiosity to a ubiquitous and non-negotiable service over just the last 10 years.
  • You may not be the network guy or the Wi-Fi guy, but you may need to gather data about your Wi-Fi network when troubleshooting issues.
  • Keep in mind your Macs may not be the problem, but rather your Wi-Fi network.
  • The 802.11 standards start at the very end of the 1980s with the first fully functional specification in 1997.
  • The FCC allocated the 2.4 GHz spectrum to Wi-Fi in 1985. This is a totally unlicensed spectrum that doesn’t require certification by the government to operate in that space.
  • The reason we were given the 2.4 GHz spectrum was because of the Science Oven (NSFW).
  • The original microwaves had very little shielding and emitted frequencies in that same spectrum. The FCC couldn’t do anything with that space anyway.
  • Wi-Fi radios are equivalent to network hubs not switches.
  • Wi-Fi works using collision avoidance not collision detection, which means all communications are half duplex.
  • 802.11 (1997) – maximum speed of 2 MB per second.
  • 802.11g (2003-2006) – maximum speed of 54 MB per second with WPA2 encryption.
  • Don’t use Wireless Distribution System (WDS) or wireless repeaters unless absolutely necessary. Each hop in a WDS environment halves the available bandwidth. A site using four WDS repeaters found its network virtually unusable down the line.
  • 802.11n (2006-2011) – Either 2.4 or 5 GHz and allowed for doubling channel widths. Anyone who runs a 40 MHz channel widths in the 2.4 GHz band. We call these people “jerks” because they’re stepping all over the spectrum for the rest of us.
  • TDWR = Terminal Doppler Weather RADAR also uses the 5 GHz range. It detects wind shear around airports and saves lives. Wi-Fi must not operate in this range if it detects TDWR signals.
  • 802.11ac (2013) – 5 GHz only or go home! 1.2 GB theoretical throughput, which is faster than 1 GB wired networks.
  • 802.11ac Wave 2 (2014) – Very, very new. Has a higher theoretical throughput of 7 GB. Requires at least a 10 GB backbone to take advantage of the speed. Currently, no client radios exist for this specification.
  • Attenuation is the loss of signal as it passes through any medium. (The answer to the question above is: They’re great attenuators, of course!) When troubleshooting for a customer, Tom found the Wi-Fi signal was greatly reduced by the stacked empty beer kegs. Full beer kegs would have been worse. Brick walls are bad too as well as whiteboard paint on walls.
  • Interference is caused by other devices broadcasting radio waves in the same frequency range as Wi-Fi.
  • RSSI is the Received Signal Strength Indication or how loudly you hear what’s being said. Unfortunately, this is non-standard and two devices sitting next to each other could report different RSSIs.
  • Wi-Fi Signal – a tool available in the Mac App Store for 99¢.
  • Wi-Fi Explorer – another tool available in the Mac App Store for $14.99. Tom says he’d easily pay 10x the price for this tool.
  • Noise is a source of signal interference. OS X uses CoreWLAN framework for evaluating noise.
  • Signal to noise ratio (SNR) combines the values of signal and noise for a better value (RSSI – Noise = SNR). Apple’s Wi-Fi menu displays both values but not the SNR calculation. Tom suggests submitting requests now to Apple to have that added since we’re in the middle of a development period for OS X.
  • Modulation and Coding Scheme (MCS Index) – very important: This is what determines the maximum data rate we’re transmitting or how effective our clients will be communicating with our network. Handy chart: http://mcsindex.com.
  • Network planning must include a site survey—pay attention to construction, elevator locations, water heaters, metal furniture such as storage cabinets, etc.
  • NetSpot – heat mapping tool, inexpensively priced—about $150.00.
  • Map your network to discover changes over time.
  • Take advantage of split half-testing (similar to troubleshooting extension conflicts in Mac OS) to troubleshoot and isolate network issues.
  • Check Tom’s resources at the end of his presentation.
  • Tom’s newsletter: http://tinyletter.com/technobits/.

Next meeting

Details for our next meetup aren’t yet finalized, but look for announcements on JAMF Nation, the MacEnterprise mailing list, the MN-EDU mailing list and Twitter. (Tell us if we should announce elsewhere too!)

Let us know in the comments below what you’re interested in seeing. Do you like the format of the events? Should we add or remove something? Make something a little longer or little shorter?

Dates and times are based on the venue. If you can suggest a venue that can accommodate about 20-30 Mac admins we’d appreciate that feedback too.

Call for presenters

We’re looking for presenters! If you’ve had to solve a problem and think someone else could learn from it then contact us and we’ll help you put a short or long presentation together for the group.

Comments are closed.