Posts Tagged ‘iOS’
Thursday, January 3rd, 2013
Any managed IT environment needs policies. One of the obvious ones is to refresh the hardware on some sort of schedule so that the tools people need are available and they aren’t hampered by running new software on old hardware. Commonly, security updates are available exclusively on the newest release of an operating system. Tablets are just the same, and education has been seeing as much of an influx of iOS devices as anywhere else.
Fraser Speirs has just gone through the process of evaluating replacements for iPads used in education, and discusses the criteria he’s come up with and his conclusions on his blog
Tags: Education, Fraser Speirs, iOS, iOS Deployment
Posted in General Technology, iPhone, IT Management | Comments Off
Friday, December 28th, 2012
While we don’t normally cover web development security basics, or find much to report when poking around in iOS apps, a great example of independent investigative tech journalism related to these topics broke late last week. On Nick Arnott(@noir‘s) blog Neglected Potential, he expands on a previous post involving how data is stored within an app(nice shout-out to a personal fave, PhoneView by Ecamm,) to talk about how it communicates with whatever services it may be hooked up to. Generally speaking, SSL and PKI don’t magically solve all our issues(as comically referred to here: This is 2012 and we’re still stitching together little microcomputers with HTTPS and ssh and calling it revolutionary,) and end users reflexively clicking ‘accept’ on self-signed cert warnings is the front lines of the convenience vs. security battle. No, you shouldn’t send auth in plaintext just ’cause it’s SSL. (Yes, you should be seeding any straggler self-signed certs on the devices in your purview so you don’t need to say ‘just for this ONE sites self-signed cert, please just click Continue’.) The fact that a banking users SSN number was being sent to the app on every communication was… surprising, and corrected immediately after the heightened interest resulting from the aforementioned blog post.
Security via public trust
After the publicity surrounding the post, however, folks were reassured by getting an immediate audience with the Director of Engineering at Simple, Brian Merritt(@btmerr.) Perhaps the flaw may have been considered too contrived a process for traditional(read: an email to their security team) channels at Simple to respond in a way that satisfied Mr. Arnott before he went ahead and published his post. “If only Jimmy had gone to the police,” the saying goes, “none of this would have happened” – please do note that while responsible disclosure was attempted, the issue is with PKI and not Simple itself, and updates were added to the post when clarifications were worth mentioning to present the facts in an even-handed manner. A key take-away is the fact that there is no live, zero-day exploit going on, just the relative ineffectiveness of PKI being exposed.
Although a process can enable the snooping of traffic, by default proxy’d SSL wouldn’t be allowed to start a session
But even more importantly, the fact that observing the traffic was even possible (thanks to CharlesProxy, also recently mentioned on @tvsutton‘s MacOps blog) highlights the ease with which basic internet security can be thwarted, and how much progress is left to be made. Of the improvements out there, Certificate Pinning is one of those ‘new to me’ concept enhancements regarding PKI, which luckily already has proposals in for review with the IETF. (An interesting contender from about a year ago is expounded on at the tack.io site.) There are quite a few variables involved that make intelligent discussion of the topic difficult for amateurs, but the take-away should be that you can inspect these things yourselves, as convoluted as it may be to get to the root cause of security issues. Hopefully we’ll have easier-to-deploy systems that’ll enable us to never ‘give up’ and use autosign again.
Thanks to Mr. Merritt, Michael Lynn and Jeff McCune for reviewing drafts of this post.
Tags: CharlesProxy, customer service via twitter, doin it rong, InfoSec, iOS, PhoneView, security, SSL, you must learn
Posted in General Technology | Comments Off
Wednesday, December 12th, 2012
If you’re like us, you’re a fan of our modern era, as we are (for the most part) better off than we previously were for managing iOS devices. One such example is bootstrapping, although we’re still a ways away from traditional ‘imaging’. You don’t need Xcode to update the OS in parallel, iPCU to generate configuration profiles, and iTunes for restoring backups anymore. Nowadays in our Apple Configurator world, you don’t interact with iTunes much at all (although it needs to be present for assisting in loading apps and takes a part in activation.)
So what are backups like now, what are the differences between a restore from, say, iCloud versus Apple Configurator? Well, as it was under the previous administration, iTunes has all our stuff, practically our entire base belongs to it. It knows about our Apple ID, it has the ‘firmware’ or OS itself cached, we can rearrange icons with our pointing human interface device… good times. Backups with iTunes are pretty close to imaging, as an IT admin would possibly define it. The new kids on the block(iCloud, Apple Configurator,) however, have a different approach.
iOS devices maintain a heavily structured and segmented environment. Configuration profiles are bolted on top(more on this in a future episode), ‘Userspace’ and many settings are closer to the surface, apps live further down towards the core, and the OS is the nougat-y center. Apple Configurator interacts with all these modularly, and backups take the stage after the OS and apps have been laid down. This means if your backup includes apps that Apple Configurator did not provide for you… the apps(and their corresponding sandboxed data) are no longer with us, the backup it makes cannot restore the apps or their placement on the home screen.
iCloud therefore stands head and shoulders above the rest(even if iTunes might be faster.) It’s proven to be a reliable repository of backups, while managing a cornucopia of other data – mail, contacts, calendars, etc. It’s a pretty sweet deal that all you need is to plug in to power for a backup to kick off, which makes testing devices by wiping them just about as easy as it can get. (Assuming the apps have the right iCloud-compatibility, so the saved games and other sandbox data can be backed up…) Could it be better? Of course. What’s your radar for restoring a single app? (At this point, that can be accomplished with iTunes and manual interaction only.) How about more control over frequency/retention? Never satisfied, these IT folk.
Tags: air-quotes, Apple Configurator, backup, backups, firmware, iOS, iOS Deployment, iPCU, itunes, sandbox, xcode
Posted in iPhone, IT Management | Comments Off
Thursday, September 20th, 2012
318 Inc. CTO Charles Edge and Solutions Architect alumni Zack Smith were back at the MacSysAdmin Conference in Sweden again this year, and the slides and videos are now available! All the 2012 presentations can be found here, and past years are at the bottom of this page.
Tags: Charles Edge, conferences, Hosting Mac Services on Windows, iOS, iOS Deployment, MacSysAdmin, OD to AD, Presentations, Zack Smith
Posted in Directory Services, General Technology, IT Management, Mac OS X, Mac OS X Server, Mass Deployments, Scripts | Comments Off
Thursday, October 27th, 2011
Squid is an open source package available at http://www.squid-cache.org that caches web files to a local server, increasing throughput for users and decreasing the amount of traffic on WAN connections. A Mac OS X software package named SquidMan, which includes Squid is available at http://web.me.com/adg/squidman/index.html. SquidMan makes installing and using Squid much easier, giving nice buttons to use for management rather than managing Squid using configuration files.
Once SquidMan is downloaded, copy the SquidMan application bundle to the /Applications directory. Then open it. At the Helper Tool Installation screen click on the Yes button.
At the Squid Missing screen click on the OK button to install squid itself.
The Preferences screen then opens. Click on the Clients tab and, if you would like to restrict access to only a set of IP addresses, define them (or use the net mask to define a range).
Click on the General tab. Here, provide the following information:
- HTTP Port: The port number that the proxy will run on.
- Visible hostname: The hostname of the server (e.g. proxy.318.com).
- Cache size: The total amount of space used for the proxies cache.
- Maximum object size: The maximum size of single cached files.
- Rotate logs: The frequency with which log files are rotated (I usually use Manually here).
- Start Squid on launch: Automatically start squid when SquidMan is launched, and delay start by x number of seconds.
- Quid Squid on logout: Define whether logging out of the server also stops squid.
- Show errors produced by Squid: Displays squid’s errors in SquidMan.
Click on the Parent and define a proxy server that this one will use (if there is one, otherwise it just uses the web to directly access files). This feature is only used if you are daisy chaining multiple squid servers.
Click on the Direct tab and enter any sites that should not be proxied. Internal staging environments are a great example of sites that should bypass proxy servers.
At the Template tab, enter any custom variables.
Squid is usually used to cache and speed up web access, so the default configuration file is optimized for small files. In order to cache larger files effectively, change the configuration to allow for larger files (up to 64 megabytes) and allow for more total disk storage of cached files (up to 8 gigabytes in our tests for a few specific projects, but much larger is fine). This usually depends on the total available disk space on the machine which will run squid.
These are some of the options which we updated for a specific project we’re working on in the squid.conf (Template):
http_port 3128 transparent (add transparent if using NAT to redirect http requests):
maximum_object_size_in_memory 65536 KB
cache_dir ufs /usr/local/var/squid/cache 8192 16 256
maximum_object_size 65536 KB
These days, we prefer to use squid running in NetBSD’s pkgsrc, although any method of installation (such as the squidman approach) should be acceptable.
Next, click on the SquidMan application which should have been running the whole time and click Start Squid.
The squid daemon then starts. Looking at the processes running on the host reveals that it is run as follows:
/usr/local/squid/sbin/squid -f /Users/admin/Library/Preferences/squid.conf
Client systems can then be configured to use the squid proxy, or PAC (Proxy auto-config) file can be configured to configure clients. Another option being transparent parodying:
rdr de0 0.0.0.0/0 port 80 -> (local Squid server) port 3128 tcp
Tags: App Store Proxy, auto-configure, bypass proxy, cache size, direct, dynamic content, iOS, Mac App Store, maximum objects, PAC file, port, proxy, redirect, squid, Squidman, tcp, visible hostname
Posted in General Technology, Mac OS X, Mac OS X Server, Scripts, Security, Web Development | Comments Off
Monday, April 18th, 2011
Syncing and Managing Additional Google Apps Calendars on your iOS Device
Google Apps allows users to easily setup multiple calendars in their account and access other uses calendars via a web browser or calendar client such as iCal or Outlook. Duplicating this functionality on iOS devices requires some additional configuration steps:
1. Configure your device(s) with Exchange Active Sync for your Google Apps account. See http://www.google.com/support/mobile/bin/answer.py?answer=138740&topic=14252 for instructions.
2. On your iOS device (iPad, iPhone or iPod Touch) use the Safari web browser to navigate to http://m.google.com
3. Scroll to the bottom of the page and tap the Google Apps user? button.
4. A popup will appear prompting you to Enter your Google Apps domain. Enter your domain (everything after the @ in your email address) and tap Go.
5. Sign into your Google Apps account if prompted.
6. A Google Mobile page will load, with buttons for various services. Tap the Sync button.
7. A Manage Devices page will load. Tap to select the device you would like to add/delete calendars from (i.e. your iPhone).
8. Tap to check the box next to each calendar you want to sync. Tap to uncheck any calendar you wish to stop syncing.
9. Click Save.
The calendars for which you enabled sync should now be displayed in the iOS Calendar app. You may have to tap Calendars to return to the calendar selection and turn on the additional calendars if they are not displayed immediately.
Note: these instructions differ slightly from the published Google instructions pertaining to generic Gmail accounts (primarily skipping steps 3 and 4). If you would like to setup additional calendars for your personal Gmail account please follow the steps here: http://www.google.com/support/mobile/bin/answer.py?answer=139206
Tags: Calendars, google, google apps, guide, HOW-TO, Howto, iOS, setup, step-by-step
Posted in General Technology, iPhone, IT Management | Comments Off
Monday, March 7th, 2011
Since the introduction of AirPrint in iOS version 4.2.1, a handful of shareware and freeware solutions have been introduced that allow iOS devices to use AirPrint to print documents on “unsupported” printers (namely, those printers that do not have the necessary AirPrint features built-in). This typically requires enabling printer sharing on a Mac system, as well as making a slight modification to the CUPS configuration file at /etc/cups/cupsd.conf, which the software typically does for you.
However, one of the more prominent solutions available, AirPrint Activator from Netputing.com, does not work properly on a Mac OS X Server system when following the provided instructions, which appear to be aimed at users running the non-Server version of Mac OS X. Here are the steps you can follow to get Mac OS X Server v10.6 to share printer queues to AirPrint-enabled iOS devices:
Prerequisites: Mac OS X Server v10.6.5 or later (I have only tested on 10.6.6), one or more networked or local printers, and one or more iOS devices running iOS 4.2.1
1. In the System Preferences > Print & Fax preference pane, delete all existing printer queues from the server.
2. Download AirPrint Activator from http://netputing.com/airprintactivator/ to the Mac OS X Server system from which you wish to host print queues.
3. Launch the AirPrint Activator program and slide the Activator switch to On (you will be prompted to authenticate).
4. With your favorite text editor, open the file /etc/cups/cupsd.conf
5. Locate the line that reads Browsing Off and change it to read Browsing On. Save the changes.
6. Open Server Admin and enable and Start the Print service.
7. Open the System Preferences > Print & Fax preference pane and add the printers that you wish to share, being sure to give the shared print queue a unique Sharing Name a Location. If you are only using the Print service to connect iOS devices, you may want to include “AirPrint” in the queue or location name (ie, “AirPrint to Accounting Printer”).
8. In the Print service window, select the Queues tab and select the print queue you wish to share.
9. Enable the IPP protocol. You can enable the other protocols if you want to enable printer sharing to platforms beyond just your iOS devices.
10. Follow steps 7 through 9 with the other printers that you wish to use for AirPrint.
11. From an iOS device, open a supported document such as a PDF, JPG, or other printable file.
12. Click the box with a curved arrow pointing to the upper right to invoke the Print command.
13. Select the Printer from the menu and print your documents!
Tags: AirPrint, configuration, freeware, guide, HOW-TO, Howto, iOS, Printing, setup, step-by-step
Posted in iPhone, IT Management, Mac OS X Server | Comments Off
Friday, March 4th, 2011
Charles Edge, the Director of Technology for 318 was interviewed recently by CIO magazine, shortly after the announcement of the iPad 2. In the interview, enterprise viability of iPad 2 and a number of other items around iOS in the enterprise were discussed.
See the full article here:
http://www.cio.com/article/672117/Do_iPad_2_iOS_4.3_Make_Enough_Gains_for_Enterprise_?source=rss_news
Tags: Charles Edge, cio, CIO magazine, Enterprise, iOS, ipad 2
Posted in iPhone, IT Management | Comments Off
Tuesday, December 28th, 2010
318 has been a leader in bringing iOS into the Enterprise for some time. We have been sitting alongside our customers, working to get iPhones integrated into organizations of all sizes for years. Since the release of the iPad the quantity of projects we are involved with continues to increase. Now, 318 has been featured in a slide show on IT Business Edge illustrating “how 318’s team is advising clients who are trying to bring iPads and iPhones into enterprise environment.”
And if you would like to discuss how your organization can deploy iPhone, iPad or iPod Touch please feel free to contact your 318 Professional Services Manager or sales@318.com for more information.
Tags: Enterprise, iOS, iPad, iPhone, slide show
Posted in iPhone, IT Management | Comments Off
Monday, December 20th, 2010
The 6th book from 318′s staff is now available: Enterprise iPhone and iPad Administrator’s Guide. In this title, Charles Edge, the Director of Technology at 318, takes a look at lessons learned in our numerous iOS integration projects, from procurement to deployment to patch management. Per the publisher, Apress, the following indicates who the book is intended for:
This book is intended for IT staff members that will be charged with planning an iPhone and ipad implementation or pilot program, as well as those that will be charged with ultimately deploying and provisioning the devices and delivering support to iPhone and iPad users. Readers should have an existing background in IT management, systems administration, and end user support working in a medium to large business or enterprise environment.
If you are considering doing a large scale integration or remediation project for iOS-based devices in your environment then contact your 318 Professional Services Manager or sales@318.com for more information on how 318 can assist you in your endeavors.
Tags: Charles Edge, enterprise deployment, iOS, ios integration, iPad, iPhone
Posted in General Technology, iPhone, IT Management, Mass Deployments, Security | Comments Off
Friday, December 17th, 2010
Today, 318 released two press releases pertaining to initiatives within the mobility space. These include the following:
http://www.marketwire.com/press-release/Challenged-by-Deployment-of-Apple-iPads-in-Your-Enterprise-Tips-From-318-Consulting-1371111.htm
http://www.marketwire.com/press-release/Leading-Enterprise-Class-Apple-Consultancy-318-Becomes-iPad-Reseller-1371114.htm
Also worth note is that 318 has been a reseller for Research in Motion, the makers of the Blackberry and Blackberry Enterprise Server, Google Apps and a number of other solutions that fit nicely into the mobility space. If you would like to discuss any of these topics please reach out to us at 877.318.1318 for more information on services and products that 318 can work to integrate and manage for your organization.
Tags: airwatch, consulting, iOS, iPad, iPhone, Mac OS X, press release
Posted in IT Management | Comments Off
Tuesday, June 29th, 2010
The newest release of the iPhone operating system, the re-branded iOS 4, launched last week from Apple’s busy servers. According to Apple, iOS 4 works with iPhone 4, iPhone 3GS and iPhone 3G (but not all new features are supported on older hardware). The update will also install on second and third generation iPod Touch devices.
As with all major software upgrades, be sure to backup your current environment using iTunes before proceeding with the installation. This Apple knowledge base article describes the process in detail.
The upgrade process is also managed in iTunes and took a fair amount of time to complete on an iPhone 3GS. Reports of slowness and instability on older hardware were confirmed on one test 3G unit we tried, but others report no issues.
So what do you get after upgrading? Some key features:
- Folders – works as advertised and helps reduce the number of pages you need to scroll through to find the app you need.
- Mail Improvements – welcome options for combined inbox and threaded discussions.
- Multitasking (3GS and 4 only) – double-click the home button to reveal a row of other running apps you can switch to right away. Might take some time to get used to this one.
- Home screen wallpaper (3GS and 4 only) – purely cosmetic, but nice in day-to-day use.
- iBooks app – just like the iPad version, only smaller. Bookmarks are supposed to sync between the two versions, but it doesn’t seem like one knows what the other actually holds as far as books go.
- Camera – older hardware gets the digital zoom feature, but quality is, well, like a digital zoom.
- Bluetooth keyboard support – haven’t tried this, but could be useful.
The new iPhone 4 hardware enhances some features of iOS, such as FaceTime video conferencing, improved camera performance, HD video support/editing and the high-quality retina display.
To find out more about how to utilize the iPhone platform in your organization, call your 318 account manager today, or email sales@318.com for more information.
Tags: announce, iOS, release notes, Retina
Posted in General Technology, iPhone | Comments Off
Wednesday, April 21st, 2010
Note: For more information about the information contained in this article, contact us for a professional consultation.
As the iPad eeks its way into businesses we’re starting to hear a very common question: How do I access my files on the server? While you can enable WebDAV on most modern file servers and access data that way, or look to the cloud, many simply want a way to tap into existing SMB file shares. Well, you’re in luck!
Stratopherix (http://www.stratospherix.com) has released FileBrowser, an application for the iPad that can mount a file share and provide access to the resources on the share. FileBrowser will allow you to connect to servers and then access files as you would from a regular desktop computer, wirelessly or over a network connection.
If you find that you cannot access file shares once installed, then we have seen some policy issues on file servers (mostly those that do double-duty as a domain controller) or if you are remotely then you might need to either forward ports to the server or first establish a VPN into the environment. If you still cannot access them then contact your 318 account manager and we will be happy to assist with any needs you might have.
Happy File Browsing!
Tags: app store, file share, File Sharing, iOS, iPad, iPhone, WebDAV
Posted in General Technology, iPhone | Comments Off
Monday, May 11th, 2009
First, you need to download the iPhone configuration utility. You can find it at http://support.apple.com/downloads/iPhone_Configuration_Utility_1_1_for_Mac_OS_X
Once you have downloaded that and installed it. You go to your /Applications/Utilities folder and find the iPhone Configuration Utility app.
Open that up and go to the Configuration Profiles and click on New up on the top menu bar.
From there it will give you a bunch of different parameters that you can customize for a given profile. If you go to the Email tab, you can configure mail for the client so that all they have to do is just enter their password and it will set it up by itself.
Once you are done with all of the configurations, you can either export it or just email it by either of the 2 buttons on the top menu bar.
Once mailed to the client they will just have to agree to install it on their phone, entering their password, and than they have the settings.
You want to make sure that if they had a previously setup email address with these settings you are sending them, that they delete that account. You will have to email it to a different email address than the one it will be setting up.
————————
To delete the account, on the iPhone, go to the Settings – General – Profiles. You can uninstall the profile from that screen.
Tags: email, guide, HOW-TO, Howto, iOS, iPCU, iPhone, iPhone Configuration Utility, iPhone in the Enterprise, iPod Touch, mail, MDM, Mobile Device Management
Posted in General Technology, iPhone, IT Management, Mass Deployments | Comments Off
