Apple Fun Times

An Apple Story

Well another day, more fun with big Tech. Today… Apple.

People love em, People hate em. Me I tend to swing to the latter, why, cause I’ve always been one who doesn’t believe in giving up freedoms for security. With Apple that’s exactly how it works.

In the Apple world (that beautiful utopia), all Apple software is run only on authorized Apple hardware. Apple even has the audacity to take it so far as to secretly  “pair” modular parts of the phone (such as the camera) to be “locked/usable” to only the board it came from, watch this YouTube video on the matter that has a crazy 10 mil views.

I won’t go too much into this, insane design choices. Instead I’ll simply attempt to cover some “things” I discovered simply attempting to deploy a couple new iPhones.

Thing 1 (How it began)

The first thing to note is… How did we get here? In this case I mean, let’s face it, Apple primary stakeholders were individuals, selling products to, well, people. The thing is they became so popular that people, being people, started to use these devices for a lot. Overtime they crept there way into the business world, which of course left a freaking huge gap as to how to…. you guessed it manage these devices.

Now if you are even slightly familiar with teh Apple ecosystem, at least in terms of their mobile phones and the iOS operating system. You maybe aware of a change to the factory restore process, roughly around iOS ~7 saga. That change was that if you happened to put a device into DFU mode, and attempt to set it as a new phone, you will be prompted to authorize that from the account (AppleID) that was previously associated with that device. This is a problem if a corporation owns the device, but a user uses a personal AppleID, tied to a personal Email address. In this case before you’d have to jump through some hoops with Apple. Such as provide proof of purchase and all this other fun jazz that can take a fair amount of time.

Bring in MDM (Mobile Device Management), Now if this was simple, I would have no issues with this. The fact is, there are far more hoops you have to jump through then you realize to make this a reality.

Thing 2 (Apple Business Manager)

Apple’s take on MDM is Apple Business Manager (ABM). Now as far as I know, ABM is not in itself MDM, it is merely a prerequisite required to actually starting use an MDM (from another provider) to manage iPhones, and other iDevices.

I’ll do my best to cover the processes here, but please note the entire process was not actually gone through in its entirety. So there will be more questions than answers through most of this blog post. I do apologies for this and if you want to stop reading you certainly can at this point.

So here’s the simplified overview PDF of ABM…

Overview of Managed Apple IDs for Business

And this is what the login page looks like:

Once you are logged in, it’s a super simplified Web UI that looks like a 4 year old designed it (in California of course). Now before you can even do anything at all, the very first step is to “authorize your domain”.

How do you do this? OK let me take one quick step back here. Reading this More detailed guide to ABM, the first part is signing up for ABM, in more cases than not, this will be handled by a Value Added Reseller. Once you are signed up, and have defined the “administrators”, they will have to be the one to “Validate the domain”, which (from experience) is nothing more than  a specially generated string you have to create a TXT record for on your external DNS provider for said domain. (Pissssst AKA DNS Validation).

Funny enough, even though I know (again from experience) that this is a required step, it was not anywhere in the Get started guide PDF I just referenced. Here’s how to do it though (according to Apple).

Thing 3 (Federation)

This part, honestly has me so confused. Throughout the history of Apple, they don’t integrate with anything else, unless it is Apple. Yet there’s this….

  1. Is federation a requirement to use ABM and MDM for Apple devices?
    I don’t know… lets ask someone on the Apple IRC channel…
    Apparently it is, and apparently MS Azure AD is the only auth provider to federate with? Uhhh ok, Not sure what suited donkeys sucked whos dick to make that deal….*Note* The IRC user that helped me above was a really cool guy.
  2. MS Azure AD is the only listed auth provider for federating.

Well that sure sounds like a bag of ass.

This is sort of where the road dies for me. As there is no Azure AD for us to use. So great, not sure where this requirement is listed. So anyway… normally…

Thing 4 (Mobile Providers and Reseller IDs)

If you did manage to federate, the next thing you need to do is “authorize” resellers and cell providers. You do this by taking the resellers ID (usually given to you by the VAR), then in the ABM click settings (lower left), then Device Management Settings, then edit Customer Numbers, and add them.

Simple.

Thing 5 (MDM)

I’d love to cover this in more details, however since Thing 3 didn’t fly, I’m not exactly sure how this part works. When I clicked the “Add MDM server” it seemed to have wanted to simply generate a key pair, then I fully assume here, you use the public key by adding to the MDM server of choice.

When I figure out which MDM servers actually are available to use, and how to make them work, I plan to extend this blog to help cover those steps.

What now?

Well I guess if you don’t have Azure AD then the options available to you to manage Apple devices seems rather limited. There are limited control and auditing one can do with ActiveSync, but that’s only through MS Exchange servers if you have them.

New Phones!

So got some new Apple phones to deploy. Just note I’m not a fan of Apples hardcore stance on hardware lockdown (“for security”), including this now even swapping good working parts from another good working phone. Unreal…

First User, First Issue
Restore/Update UI Wizard Logic

First users transfer, the main thing was the user was excited that they stated their phone was fully up-to-date. While normally I would love to hear this, it actually caused me grief in when I went to upload the back up profile to the phone and got this nice alert from iTunes “iOS on  phone to old”…

Now, I would have assumed by this day and age computers would be more intuitive then this. So instead of iTunes having a nice prompt “Would you like me to update to the latest version for you and load your saved profile?” it gives the ugly prompt above, and expects you to jump through all the OOBE prompts of the phone, connect it to a network and update it before you can load your profile. Redic.

*Note* I managed to click on “setup a new phone” in iTunes, then I could click the phone icon on the upper bar area, then click on  update device. So it is possible in iTunes, it’s just not as intuitive as one would like.

Second User, Second Issue
Backup Encryption Logic

Now you figure without ABM/MDM issues would be less, but I digress.

With the second user, created a backup in iTunes. Now this is where I really got my knackers in a twist. After successfully creating a backup then go to restore it onto the new phone randomly get a prompt.. “Please enter the password for the backup.”

Like wtf you talking about.. I didn’t set a password when I created the backup, where did this password come from? Off to Google!

First result!

“Upon first turning on “Encrypt iPhone backup” in iTunes, a password must be set for your encrypted backups. This applies automatically to all future backups, without needing to enter it again.

If you later wish to turn off backup encryption or to restore from an encrypted iTunes backup, it is necessary to enter the current backup encryption password.

If you have forgotten or do not know the password, then encryption cannot be turned off and the iTunes backup cannot be used. There is no way around this feature.

An alternative solution for transferring the content and settings to your new iPhone is to back up your old iPhone using iCloud and then to restore your new iPhone from the iCloud backup. (iCloud backups are encrypted as standard, so will also include your sensitive data).”

Like, yeah ok, I could use iCloud but that will encrypt it with the same password I’d imagine, either way wanted to do it via iTunes to save a bit of time. Keep looking.

Second Result!

Wow there’s everything from try the iTunes password, to 0000, to windows admin password, to “your first ever iTunes password”. Get outta here, sure enough none of them worked, even though the comments appears the answer is all over the place. If you get lucky with any of these, congrats. Moving on.

Third Source!

“You can’t restore an encrypted backup without its password. With iOS 11 or later, you can make a new encrypted backup of your device by resetting the password. Here’s what to do:

On your iOS device, go to Settings > General > Reset.

Tap Reset All Settings and enter your iOS passcode.

Follow the steps to reset your settings. This won’t affect your user data or passwords, but it will reset settings like display brightness, Home screen layout, and wallpaper. It also removes your encrypted backup password.

Connect your device to iTunes again and create a new encrypted backup.

You won’t be able to use previous encrypted backups, but you can back up your current data using iTunes and setting a new backup password. If you have a device with iOS 10 or earlier, you can’t reset the password.”

Which lucky for me was the case this time. So this method actually worked, who’d thought that the encryption password is just part of the system settings. Oh Apple.

Anyway so this is why this really puts a knack in my gears, If someone made a backup on just iTunes, thinking there were good, and only when they restore do they get the password prompt, and they had lost their old phone, they’d be pissed. Frankly so would I, iTunes should state that fact as soon as a backup is being created to prompt for the password to ensure the user is 1) aware that there phones data is encrypted with a password and 2) that they know what that password is.

Third User, Third Issue
Storage Check Logic

Yeah, or should I say lack there of. When I started to complete the transfer of this user device, the storage used was much higher then the rest. However low and be hold I started the iTunes backup process not even thinking about that, cause, well why would I?

Now, I’ve been called out on being a “resource monitor” and by that I mean I spent a fair amount of time ensuring a system is working as intended by validating theory’s and deployments by, non other than looking at the data. In this case Windows Task Manager. If your really want to get in the weeds you can use Sysinteral’s Tools. Anyway, I noticed the hard drive space getting low, and the process bar and iTunes not being anywhere near the end (you’ve figure it show some stats, but just a bar).

It wasn’t long till it ran out, now I’m kind of shocked there’s not some simple validation logic coded here. It simply just took up all the data it could, and prompted an error telling me to “clear space”. I’ll not I did a whole bunch of that till there was nothing left to clear and it still sucked the hard disk dry. Now I wanted to see if I could simply point the iTunes install to another path like an external USB hard drive and use that, might lose some speed on the slower bus but should still be decent. Funny it was asked by this person and it was the answer by Doug which worked for me, the only reason the person asking the question didn’t understand the answer was cause of how iTunes for windows is hardcoded to use the Windows Users AppData location (Windows environment Variable %appdata%) which will always by default be the windows install drive. So even though they installed iTunes on the external drive it won’t use it to say the backup data. I would have expected there to be an option, which one was stated is available under the “advanced” area of the settings, but that clearly didn’t work cause after setting it and running the iTunes backup I could see it still using the windows install drive and the users appdata location, via resource monitor. Only after I created a syslink for that folder to the external drive was it using it to create a backup of the phone.

What a pain…

 

Noted Changes

  1. 6 Pin default for unlock code, can be changed to 4, but depends on if you use it to store pay stuff then, it might not be available.
  2. This one really pissed me off… It’s not a “power button” no that’s just to universally known, and far to single purpose driven. So instead let’s call it a “Side Button” and completely change the normal operation of powering on n off a phone. User comes up and the phone is stuck in a process “signing in to cloud” or some rubbish…. I look at the phone and go… well… did you reboot it? They laugh, I laugh, they look at the phone… try a bit and say… How do I do it? They laugh, I laugh, and then I press down the button and Siri listens to me swearing at it cause they made the power button the siri button…. brilliant!You can read here for more details. So from universal “Press and hold the power button” is now
    “One method is to press and hold either the Volume Up button or the Volume Down button and the Side button simultaneously until you see the Slide to Power Off slider.NOTE: Quickly pressing the Volume Up button and the Side button takes a screenshot instead of showing the Slide to Power Off slider.

    Alternatively, you can quickly press the Volume Up button followed by the Volume Down button and then press and hold the Side button to access the Slide to Power Off slider. When using this method, the SOS slider doesn’t display. If you’re nervous about accidentally triggering a 911 call, you can use this method”

    Brilliant, I’d almost consider this to be “genius” level.

  3. Zoom vs Standard This isn’t new technically, but is worth nothing about some issues around the type you pick. (Entertainingly enough, this blogger also notes of some of the un-intuitiveness of Apple’s design choices)
  4.  I’m sure there’s more I’ll save this as a place marker. Publish for now and write a summary once I’m done with this nightmare. I don’t even have a proper category for this content, and by gawd I don’t want to make an Apple category….  *shutters*

MacOS as a VMware VM

The Story

Requirement: MacOS, or something like it to play with the OS to support people.

Problem: Don’t own a Mac.

Idea: Just VM it like everything else.

Reality: See below…

Well… Yeah this is a thing. Need to play with this so here we go?

Sources: How to Install macOS on VMware in Windows PC [Mojave] | by BuildSomeTech | Medium

First Problem – Making/Getting Image File

No ISO is usually available directly from Apple, So you have to create it… with a Mac. Well I don’t got one of those, so nopers, on that.

Solution… Trust someone else to upload a clean version of the ISO, source blogger above did that, but again have to trust the ISO.

Second Problem – Download Quota

Too many people want this ISO now… have to bypass the download quota. Spoiler requires a Google account. I wasn’t exactly sure but after logging in I was able to create a shortcut of the source folder into myDrive, then create a shortcut to that, then download the file directly.

Once I got the file I extracted it with 7zip and entered the password provided from the source blog post. I then proceeded to create a new VM on my ESXi 6.7 hosts managed by vCenter 6.7.

Create VM

Only main thing was much like the source was to pick the MacOS under other:

I was not as nice with the hardware specs and left them default minimum:Ahh crap, I have to up the memory, to “min 4 GB”, fine, my host not gonna like me haha. So right click the VM, edit settings, bump up the memory to 4GB, while we are here, click VM options -> Advanced -> Edit Configuration

Then add a config: smc.version with value of 0

Also ensure to force boot into BIOS/EUFI menu so you can mount the ISO from above. Little trick (the Disc icon is greyed out till the VM is powered on in the VMRC (VMware Remote Console). So you can mount it and reset the VM to boot the ISO.

but when on..

Third Problem – Need the Unlocker

I got an error telling me that there are no compatible hypervisors, wait what?

Ohhhh!!!! Classic Apples, that’s why all these other guides are using an “unlocker

“MacOS is only able to be installed on Apple-branded, official hardware. Apple does not license you to install it otherwise. By using that “unlocker” program–which is actually a circumvention or “crack” device–you would be violating the EULAs of both Apple and VMware. So, the only way you are legally able to run MacOS in a virtual machine is on official Apple hardware. Any other installation type is illegal.” – daphnissov

Yeap… Apple, Apple, Apple… Ugh

So I went created a temp account on the unlocker site, downloaded the 208 version and ran it on a test ESXi host I had:

and rebooted it… Server rebooted, create new VM, set guest to MacOS and…

man… FFS… after even more research, managed to find newer version of the unlocker from better open sources (Git) 🙂

Like this one, and this one and one other one my colleague pointed me to, but I don’t have the link. Either way, downloading the package and running the command to install….

(┛ಠ_ಠ)┛彡┻━┻

for reals…. this project is pissing me off.

So after Googling this, I found this reddit thread...

“the unlocker.tgz is not included in the master commit , dunno why, do this…” -KciNicKGX

Well **** off…. my nice colleague managed to check ou the build python script and noted a view things, and managed to create a unlocker package for me with the required unlocker.tgz file with in it… using it…

Finally! I can pick GuestOS MacOS 10.14 and the VM actually Boots!

Mount the ISO

OK… Now if you power on the VM you should see the disc icon available…

(I wonder how many people are just trippin cause my VM name is Majove and not Mojave… lol)

don’t let the greyed out icon fool you, just right click it and you’ll be able to mount the ISO from your local workstation without having to upload it to a datastore.

Let’s mount the ISO we had such a hard time getting above.

Now boot it by picking the virtual CD-Rom in the list…

so I finally got an Apple logo wooo..


Result Failure!

and does it work…. Nope.. Boot loop…

I found one other reference to a boot loop, all the comments state is to try alternative ESXi host version, which right now I don’t have.

You know what… Fuck this stupid ass fucking dumb shit.

I’m out.

3D Printing

3D Printing

Overview

I wanted a 3D printer for a while since being introduced to it from our current hackerspace in the city; Skullspace. Check em out. Many of the awesome guys I know are right on the homepage. Amazing people.

Anyway, they had some first couple version that had many issues which had me worried when getting into it. However it turns out the Ender 3 has amazing reviews, and a solid following with it being introduced into some good software we will cover aa bit later in this blog.

Buy a 3D printer

So I finally pressed the trigger and bought a 3d Printer… since I got an amazon gift card I searched 3D printer on amazon and the main thing that showed up was a Ender-3 as their choice pick.

Set up Printer

Was a really good price specially with the gift card I had. I got it really quickly too, and on top of it came really well packaged with minimal assembly required. I was a confused at only a couple steps during the setup so I watched this guys YouTube video to get it assembled. Which was an amazing help, he even provides upgrade parts you can print once you get the printer running, which I’m currently printing as I write this.

However there was one part I was a bit confused about and that was how to level the bed.

Leveling the Bed

Now as mentioned by Vlad in his setup video, he was surprised to find there was no auto leveling. This doesn’t surprise me for the price of this amazing machine, beggars can’t be choosers and let’s level the bed.

For this I watched this great video by 3dprintingcanada on youtube.

After following these 2 video I was ready for printing and my first couple prints came out amazing. Of course this requires other basic knowledge I haven’t covered yet.

How 3D Printing Works

Now in order to understand what’s going on in the next bit it’s important to understand how 3D printing works. and that’s basically like this: “A 3D printer essentially works by extruding molten plastic through a tiny nozzle that it moves around precisely under computer control. It prints one layer, waits for it to dry, and then prints the next layer on top.”

In order to do this normally you model your object (with FreeCAD, or Fusion360, or whatever) and once you export your model out it usually comes in an STL file for a normal object file you can use to CnCing or other things… like “slicing” which takes the object and well “slices” it into layers which will determine the resolution of the final print (that and the diameter of the extrusion nozzle being used by the 3D printer.

Slicing

Now normally you have to do some math’s and calculate all these things and enter their values into the Slicer of choice. Two top ones right now in the FOSS area are Cura and Slic3r. I have most of my experience with Slic3r and then I read about this gem; PrusiaSlicer!

“PrusaSlicer now comes with Ender3 profile”

Sure enough running it, out of the box I could select a profile for my Ender3 (having profile is a specific set of the variables I mentioned above already configured for specific printers out of the box). Since my Endor-3 was out of the box without any modifications (to the extruder nozzle mainly) I was good to go.

With the setup and testing off all parts good (as mentioned and linked to the two YouTube video to accomplish this) it was time to grab an object and slice it.

The First Print

The first thing I printed was a Ghost from Packman.

Then I quickly went to upgrades to the Ener3, starting with the main upgrade which was the upgraded blower nozzle.

Final Thoughts

Over all the first couple prints without changing any infill settings, or supports were super easy going, and I’d say the industry has finally got it down pretty well and cheap enough I’d say go for it. This is a great starter printer.

Watch this video on more about how to customize supports in PrusiaSlicer.

If you run a 3D printer let me know what you run in the comments, or if you have suggestions.

Thanks for reading!

WinXP a Timeless Classic

Something about it that I loved, I rocked the vista themed copy for so long, you know when the Vista Fiasco was the Windows 8 fisaco, that was the uhhh yeah anyway…

Just look at that dark epic theme, a couple pieces of junk, but nothing modern live tiles brings… a Japanese checkers board to appease someone with the shortest attention span one could ever imagine. But not this classic beauty, just look at that recycle bin, made from fine glass.

Holy ball sacks, I was able to download Chrome via IE7 and it worked… in 2019!!

That’s just amazing, chrome supported XP till 2015, if there’s a die hard OS, XP was it. Holy crap… there’s people still commenting about this… like now…

Well, if you’re lucky like me and my old netbook, they manufacture made and it’s third party hardware peeps made drivers up till Windows 7, so I managed to install Windows 7 with an SSD and my old laptop is great, regardless of how many people complain on these comments, haha. 😀 Which is crazy considering…

Yes, Windows 7 Extended support is coming up… Another Solid beast I hope gets the extended life support it deserves. :D.

This was pretty much just a blah post but whatever… xP

I just needed a VM to test my OPNsense VM lol, figured I had the old ISO why not…

Classic Editor

Ahhhh Yes!!!!! The Classic editor where life is easy!

CHeck this out!

Ohhhhh man! That took me 2 seconds! and it’s perfect!

Go Classic editor, simple and it works! Leave fancy editor stuff for plug-ins WordPress…. You’re bloating WordPress like MS bloated Windows…

At least Classic Editor will be supported till 2021, and my guess with how crappy the new editor seems, it’ll probably be supported longer. like XP, good things die hard. New shitty things die fast.

WordPress 5 and Blocks

Here I am, trying out WordPress 5+ and it’s new content editor.

Big Gaping Asshole… I mean spacer Block!!! OMG Now I can move My big Gaping Spacer Block using Arrows… OMG!!! AMAZING… meh

My old ways don’t work and it’s painful to do something that was super easy before.

I sound like like an old fart but I liked the old way, not that I don’t like the ingenuity and clearly the scaleabilty of the new way, but things were obviously missed…

for instance I used to be able to paste my imgur links and then using my old plug in options mark them clickable and pop out. Now if I paste it, it tatoos the living crap out of the image with imgur crap all over it….

God look at this garbage

But hey at least I can caption my shit and move them around, cause you know how often I screw up the order of my post when I make them….

This paragraph, I can, cause you know how people love to mess up there paragraphs and have to rearrange them all the time!

Now when I press enter it simply adds a new “Document” block, so If I wanted this paragraph after ^ That Paragraph.

If that was confusing trust me so is finding the Point of these “blocks” if I had maybe some horizontal control I could see some use, but it’s literally just vertical, up down that’s it… wooo, man it was so hard before selecting content with the mouse and using, keyboard shortcuts (Ctrl + X to cut, move to location, Ctrl+v to paste) in those times you needed to re-arrange… boy that stuff sure was hard to do. I’m glad I have blocks now to waste my life learning how to get something simple as my old pop up image plug-in to work again….. Pricks….

Time to install the Classic editor!

Zewwy Joins GitHub!

Actually I created my account apparently over 6 years ago :O…..

Sadly in those 6 years all I contributed was a couple really lousy DDWRT scripts…. and that OS was painful as getting help with it was near impossible.

I’ve updated my blog social links to include my GitHub Link. I moved my PowerShell Center Write-Host function there. I hope to move my SharePoint script I had written for the SharePoint migration at work. As well as some other contributions coming up soon. Maybe I’ll fork GhettoVCB and finally do part 3 of my Free Hypervisor Backup series. I’m sure everyone’s been waiting so eager for. 🙂

This was a short one. I hope to provide some more meaningful content in the short while. Just been a rough couple days recently.

Splitting WordPress Titles
Post Headers

I wanted to do this since I noticed my one header being really long and was unsightly… I decided to google this, like I google everything…

First one I found, I didn’t want to dink with code, I like coding but mostly PowerShell (If you haven’t noticed based on my categories)… Sorry you’re out!

Second one I found, I didn’t like cause it used a plugin… However there’s always something great to learn form the comments, specially “pessimists” *Cough* realists such as this great comment by “KRZYSIEK DRÓŻDŻ”

“Wow, you really need a plugin for that?

Why don’t you just insert tag? Installing million plugins, that aren’t doing anything really isn’t a good idea… Especially, if such plugin is not popular, so very few people have looked at/controlled it’s code (this plugin had 30 active installs).”

Made me gooo, waaaaaa that’s it? So sure enough I add <br> in my Title, and Bam! The Title is split on 2 lines, now that was easy. Thanks Krzysiek!

Looks like my third source basically does the same thing.