headmin

headmin

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>Services</key>
			<dict>
				<key>SystemPolicyAllFiles</key>

headmin

import argparse
import os
from yaml import load, SafeLoader


TEMPLATE = """resource zentral_munki_script_check "mcs-{section}-{rule}" {{
  name            = "{name}"
  description     = trimspace(<<EODESC
{description}
EODESC

headmin

#!/usr/bin/python

import os
import sys

from CoreFoundation import (CFPreferencesAppValueIsForced,
                            CFPreferencesCopyAppValue,
                            CFPreferencesCopyValue,
                            kCFPreferencesAnyUser,
                            kCFPreferencesAnyHost,

headmin

How to install Ansible and Python on macOS - simply in minutes

Here we are going to install the latest Python (3.11.2 as of this writing) and Ansible on macOS Ventura in the most clever and simplistic way. All artifacts are installed in user and not system context.

How does it work? The awesome asdf-vm project is designed for version management of developer runtimes. Here we use a small feature to also directly install default-python-packages and pick Ansible as our choice (could be pipenv or others).

Some features here have been presented in my talk "Runtime and tools – version management on macOS" at the MDO:YVR 2022 conference.

Requirements

headmin

Blogpost / MacSysAdmin 2021

• https://blog.macadmin.me/posts/mtls-lab-setup/
• https://www.macsysadmin.se/program/program.html

Useful readings on certificate chains

• https://medium.com/@superseb/get-your-certificate-chain-right-4b117a9c0fce
• https://support.dnsimple.com/articles/what-is-ssl-certificate-chain/
• https://stackoverflow.com/questions/25482199/verify-a-certificate-chain-using-openssl-verify

headmin

set -e, -u, -o pipefail

The "set" lines These lines deliberately cause your script to fail. Wait, what? Believe me, this is a good thing. With these settings, certain common errors will cause the script to immediately fail, explicitly and loudly. Otherwise, you can get hidden bugs that are discovered only when they blow up in production.

set -euo pipefail is short for:

set -e
set -u

headmin

#!/usr/bin/python -tt
__author__ = 'Zack Smith @acidprime'
__version__ = '0.1'
import sys
import getopt
from Cocoa import NSMutableDictionary

global debugEnabled
debugEnabled = True 

headmin

q 
a

headmin

My OS X “VPN only” Setup For #30C3

You should never let passwords or private data be transmitted over an untrusted network (your neighbor’s, the one at Starbucks or the company) anyway, but on a hacker congress like the #30C3, this rule is almost vital.

Hackers get bored easily, and when they’re bored, they’re starting to look for things to play with. And a network with several thousand connected users is certainly an interesting thing to play with. Some of them might start intercepting the data on the network or do other nasty things with the packets that they can get.

If these packets are encrypted, messing with them is much harder (but not impossible! – see the end of this article). So you want your packets to be always encrypted. And the best way to do that is by using a VPN.

Target audience