2024-12-17 09:35:36
A few days ago I wrote about my adventures with Apple IDs. I was able to resolve the situation by resetting the original work Apple ID I had created.
After resetting the password, I signed into the account.apple.com page. There I setup new security questions, and I set up the shipping address and added a phone number. I couldn’t reuse my cell phone number but I was able to use a freshly created Google Voice number.
Then I signed into the Apple ID in the Settings app in MacOS. Finally I opened up the App Store, and when I was asked to review my account information, it was pre-filled, and the form worked as expected. Previous the form had not be pre-filled, leading me to think I had inadvertently done something out of order.
With a working Apple ID based on my work email address, I am one step closer to separating my work and personal computing personas. I am not done, however.
I have two work provided computers: a M2 14" MacBook Pro, and the new M4 Mac Mini. The MacBook Pro still has the previous generation JAMF remote management software in place, which has less strict policies. I can use Passwords on that machine. I expect JAMF to be replaced at some point (likely with little or no warning), so I want to migrate it to the new Apple ID. Lots of things are tied to ones Apple ID, so I need to make sure I have back ups, and know which settings and apps will need to be redone following an Apple ID switch.
The other place where my work and personal worlds collide is GitHub. I’ve been using my personal account for work. I added my work email address, and I use that when doing any Git related work for my employer, but it is still my personal account.
Where this gets messy is two-factor authorization. What started all this was the inability to use the MacOS Passwords app under the Intune remote management policies in place. Passwords is where the 2FA token for my GitHub account is generated. (Yeah. Using the same software to store both the password and 2FA token for an account defeats the purposed. That’s a problem for another day.)
If I don’t create a work GitHub account, that has its own 2FA token, then I’ll have to use my iPhone or personal laptop anytime I need to provide GitHub with a 2FA token. Cumbersome, but doable.
If I do create a new work GitHub account, there is some work to be done to get me added to the organization, and setup on all the teams and repositories I have access to. Not much work, but some.
My configuration for Git (and most other tools I use), is stored in a “dotfiles” repository. Recently I read Configuring SSH Keys for Multiple GitHub Accounts, which shows how to setup your Git configuration to seamlessly switch between GitHub accounts. By employing that, I could keep a unified Git configuration in my dotfiles repository, and use separate accounts for my personal and work Git activities.
All of this may seem like a lot of work for very little gain. It may even seem unnecessary, but as security concerns at work are generating more and more controls and checks, I want to have as much separation between my stuff and their stuff.
2024-12-13 07:29:01
Two days ago I received a new work computer, an M4 Mac Mini with 32GB memory and 1 TB storage. Yay me. Getting it setup and configured as been surprisingly difficult.
My employer is using remote management software on all computers. This is the only sane way to ensure that devices are kept up-to-date, and that unwanted or unsafe software and configurations aren’t employed.
Getting the policies fine tuned is the tricky part.
During the initial boot of the Mac Mini, I created a user account for myself.
Since it was the only account on the machine, by default, is was an Admin
account. During the initial startup following that there was a notification
about Intune running. Intune
is the remote management software being used. Unbeknownst to me, one of the
policies it applied converted my account from Admin to Standard. More on this later.
Another policy blocks using iCloud, in particular the syncing of the Passwords app. Without iCloud, Passwords won’t work. The answer from our help desk was to use the officially supported LastPass.
In order to not have to copy and paste passwords all day, I’d need to either (a) install the LastPass extension in Safari (my browser of choice), or (2) use a different browser, like Firefox.
After downloading Firefox I tried to install it and was blocked. When I put my
password in I wasn’t allowed to add the program. After trying a couple times,
and even re-downloading the app in case it was corrupt, I stated poking around.
Eventually I looked at my user account and saw that it was set to Standard.
With a call from my boss, and a trouble ticket I was given an id and password I
could use to elevate my account to Admin. Once I did that I could install
Firefox.
The mistake I made many, many years ago, was not creating a separate AppleID for work. Instead, I, like I suspect many people, simply used my personal AppleID for work. This has not been an issue.
The issue now is not wanting to have the LastPass extension in Safari on my personal machines. Thanks to my AppleID that’s exactly what will happen if I add the extension on my work computer.
So I created a new AppleID. At first I tried to resurrect an old, unused
AppleID created with my work email address years ago, that I never did anything
with. Unfortunately it doesn’t have two-factor authorization setup and I
wasn’t able to authenticate it. So a new AppleID. I work for (perhaps) the only
University that has two .edu domains. Normally I use the shorter one, but by
using the other one, I could create a new AppleID that still used my work
email.
After creating the AppleID I was able to sign in to my account inside the Settings app. However, when I tried to apply app updates via the AppStore, I needed to sign in again, and provide an optional payment method, a shipping address, and a phone number.
Every time I filled in the form and hit submit it would highlight the address fields, and the phone number field and tell me to fill them in. Which they were already.
This led to the first of several Apple Support Chats. We tried signing into music.apple.com and into icloud.com. The iCloud sign in worked, but music.apple.com just displays a blank dialog with a spinner that never completes.
I was told to clear the cache and cookies, and erase the browser history. Which killed that chat session. I was told to try from a different WiFi access point. I said, “Really? How many access points do you think I have at home? And, by the way, I’m connected via Ethernet.”
After being passed around to different advisers, I was told to try updating my shipping address and phone number through icloud.com. That dialog gave an error message that said it couldn’t verify that phone number as it was already in use. Which is true. It’s my only phone number and is associated with my personal AppleID.
While the adviser was talking to someone else about this, I pulled up Google Voice and created a new phone number. Entering that phone number did not solve the issue. The phone number is updated in icloud.com, but trying to update apps via the AppStore still pulls up the account review dialog, which still insists I haven’t filled in the address and phone number fields.
Maybe it’s a timing issue. That not enough time as elapsed from changing the phone number in iCloud to accessing the AppStore. The fact that iCloud had a shipping address previously, and the AppStore didn’t pick up on it, makes me think it’s not a timing issue. But who knows?
The Apple support adviser wants me to make a screen capture of my trying to update apps, and send that to them. They are also going to contact me to capture some diagnostics. Apparently the diagnostic level of support could take up to 5 business day. Effectively a week from today. Which is nuts. And unacceptable.
The whole thing is now in a pending state. I can setup and install software that dos not come via the AppStore. But there are several apps I need from that source.
In the past my Apple “out of box” experiences have been far superior to this. Some of the issue is on Apple (why doesn’t their form work?) and some of it is on me (does separation of my personal AppleID and work AppleID really matter?). I know (hope) it will all be resolved, and soon.
If I could send a message to me in 1993, I’d say, “Create a separation between your computing and your employer’s. Don’t reuse accounts or share resources.” Sounds like common sense, but not having to create separate accounts for the same resources is that path of less resistance.
The epilogue to all this is my work laptop. Until now it has used my personal AppleID. Once I get the Mini sorted out, and the new work AppleID is working, I’ll sign out of the personal account and into the work one on that machine. Fingers crossed that this doesn’t result in another day and a half of frustration.
2024-12-01 11:22:58
For Thanksgiving 1984 I traveled from Decatur IL to Orlando FL. It was my first commercial airline flight. Turboprop plane on Ozark Airlines. I vaguely remember getting breakfast on the flight. It was new, exciting, and made me feel like an adult.
Today, more or less forty years to the day later, my wife and I traveled from Manhattan KS to Las Vegas NV via Dallas. Flying has changed a lot in forty years, some things are better perhaps, others are worse.
For only the second time in my life, we flew first class. We upgraded a couple weeks ago, deciding that we could splurge a bit. This morning when we got up it was snowing, fairly heavily. As we were about to depart the house I got an email saying our flight had been delayed. Our connection time in Dallas was already short enough that our boarding passes had a warning on them about minimal time to get from gate to gate.
When we checked in at the Manhattan airport the agent said we would certainly miss our connection in Dallas. She booked us on a later flight, but wasn’t able to put us in 1st class. Instead we were in rows 34 and 36, on the aisle.
Our delayed flight made up lots of time and we landed in time to get to our original flight. But we weren’t on that flight any more, and there was no room for us. We hiked to the nearest service desk, where we were able to get two seats in 1st class on the replacement flight, again in different rows.
When we got to the gate I was ready to pounce on the agent to see if someone would trade, allowing my wife and I to sit together. With about 30 minutes to go we noticed that sign at the gate had changed, our flight was now in a different terminal. Since we had switched flights we weren’t getting delay notifications on our phones. Fortunately we were able to get to the changed gate in time.
We were able to swap seats with someone, which allowed us to sit together for the 3 hour flight to Las Vegas. The extra space was marvelous.
Both of us were pleasantly surprised to learn we got a meal. Not just half a can of soda and some stale pretzels, an actual meal. On plates. With metal silverware. A surprisingly good meal– chicken enchilada with rice, a little salad, and some cheesecake. Outstanding.
In the end it was a good day, we arrived safely, all our bags arrived with us, and we got to ride in 1st class. Flying does save time. It would have been a 17 hour drive to get from Manhattan to Las Vegas. This being the first week of December, an extended road trip through the Rockies, seemed like a bad idea. Door to door was 11 hours flying.
We were both exhausted by the end of the day, partly due to traveling, but also due to not being used to so many people, and so much stimulus. We live a quiet life, and, especially since the pandemic, we have lost our ability to “be out among the English”.
We both enjoy going places and seeing things, but we are aware that it is costly, and not only monetarily but emotionally and mentally.
2024-11-14 21:14:16
A moving article about using ingenuity and software, with an e-ink display, to vastly improve a parents quality of life.
2024-11-14 08:00:56
The greatest gift my parents gave me was a love of reading. I read every day. Most of the time I am reading several books at once. Here’s a list of what I’m currently in the middle of, and what is in the “to be read” pile.
Note: In my book (ha!) an audiobook counts as reading the book. You hear every word, no skipping around. A well read audiobook is a delight.
2024-11-07 20:43:10
In my email inbox this morning I found this email.
Hi, Mark
How is it possible to have so much hate against one person who show how it works much better, than all Biden Harris bullshit ever can do? You are exact this what you are describe over and over on your website… you can see that in your friendship description very well.., Trump will fight for you too. to make your current shit hole country great again or you and we will end in a dystopi made by peoples like you and your most corrupt and cheating democrats…
hope as we in Germany say " Es möge dir ein Licht aufgehen" Mark
may be you leave the states too. like all the stupid democrats promised 2016, but never done
here another German saying for you
" Schuster bleib bei deinen Leisten "
as nerd and It enthusiast you are welcome
m. bortolon
Here is my public response.
Herr Bortolon,
I don’t hate the current President-Elect, he’s not worth that much emotional investment on my part. I do find him odious, and I am staggered by the seemingly limitless bounds to his stupidity.
The America you call a “current shit hole” only exists in the President-Elect’s mind. Wages are up, inflation is down (and without creating a recession), crime is way down, investment in American industries and American jobs is up, unemployment is way down. By any factual statistical measure, America is demonstrably better off today than it was 4 years ago.
The “distopi” you speak of may very well come in the chaos that will result from the President-Elect’s intended actions. Europe already has the largest land war since World War II on-going in Ukraine. Do you honestly think that the Russian dictator will stop there? A weakened or broken NATO could well have grave consequences for Western Europe.
I don’t expect any of what I’ve said to sway your opinion, based on comments like “Biden Harris bullshit”, “current shit hole country”, “most corrupt and cheating democrats”, and “stupid democrats”, it appears to me that your information source(s) are clouded by extreme right-wing rhetoric.
As Maya Angelou said, “When someone shows you who they are, believe them the first time.” We’ve seen who the President-Elect is, and a legitimate majority of the voters want that again. If I hate anything about this, it is that so many people will be harmed as a result of one man’s ego and vanity. And not only the people who didn’t vote for him, but the people who did vote for him.
