Author: Mike Page 1 of 5

Smart Home, Part 3

I can’t believe it’s been almost 3 years since I wrote about this! Things have settled down a bit, so I figured I’d post another follow-up.

First, I built Mike and Joyce’s Smart Home Inventory if you’d like a quick glance at what we have installed. I’ll keep it updated as we make changes.

Things are mostly stable here, though. Apple has spent the past couple of years working on Matter. The Home app was redesigned, but most of the changes have been behind the scenes. I’m hopeful we’ll see more improvements as Matter matures.

Almost two years ago, our router (a Synology RT2600ac) added support for multiple VLANs, so I added a separate network specifically for smart home devices. This allowed me to broadcast dedicated 2.5 GHz and 5 GHz SSIDs for this network, since many smart home devices are only compatible with 2.5 GHz. Eventually, I hope I can firewall it off from the rest of the network, but I’m not sure how I’m going to accomplish that with the Apple TVs needing to connect to this network and the primary VLAN.

Plugs and Bulbs

We’re still very happy with Philips Hue! We use Adaptive Lighting extensively, and the HomeKit integration is top notch.

Here’s one great feature that was added recently: we have a Philips Hue Dimmer Switch in the bathroom, which controls three bulbs. Philips recently added the ability to do time-based lighting, which I absolutely love. Here’s how it works: when you turn on the lights, you can set a different brightness based on the time of day. For the bathroom, we have bright lights during the day, warmer lights in the evening, and very dim lights from bedtime until sunrise. Of course, if you need to override that, you can easily use the buttons to change the brightness. Next time you turn on the lights, it’ll go back to the defaults. It’s really nice to use the bathroom at night without being blinded!

Joyce wrote a Python script for rotating the light strips in our front windows through Christmas colors. We’re planning to expand that to other holidays, too. Once I’ve got that Dockerized, I’ll post here!

We also phased out all WeMo devices. It’s unfortunate, because Belkin / WeMo were one of the first companies to do this kind of stuff, but they haven’t kept up with the times. For one thing, they’ve all but dropped support for our light switches, dimmer switch, and smart plugs – I had a lot of difficulty adding them back to HomeKit once they were wiped. For the ones that support HomeKit natively, I couldn’t get the WeMo app to recognize them for firmware updates. They initially announced Matter support, then backed out. It’s time to move on.

While TP-Link has been hit or miss over the years, they bought a company named Kasa that makes really good smart home products. We bought a TP-Link / Kasa dimmer switch and several smart plugs to replace the WeMos. I’m impressed that they already support Matter, are easily added to HomeKit, are very stable, and reliably (and automatically) update their firmware through the Kasa app.

As mentioned in Finding Balance While Working Remotely, we added Nanoleaf Shapes to our home offices. We’ve found that although they support HomeKit, it’s best to just control the lights through the Nanoleaf app. The LED panels have added a lot of light and color to our home.

Also, it’s not exactly a plug or a bulb, but we have several sensors for triggering lights throughout the house and in the garage. I’ve been very impressed with the Philips Hue Motion Sensor – we have one in our stairwell that is triggered multiple times a day. I can’t remember the last time I changed the batteries, but it’s been at least a year or two. They’re tiny, have a magnet on the back for sticking to surfaces, and you can drill a screw through a hole in the magnet to mount it anywhere. More devices like this, please!

We also have a few Eve Motion sensors, but batteries don’t last nearly as long in those. At this point, I’m leaning towards replacing those with more Philips Hue sensors instead.

Water Leak Detectors

We still have the Flo by Moen water leak detectors. Although we haven’t had any incidents, we sleep better at night knowing that we’ll be alerted if something were to happen.

In fact, we purchased the Flo by Moen smart water shutoff shortly after the last blog post. It’s easy to integrate with the water leak detectors – for example, if the toilet exploded, the water leak detector would screech, the app would send a push notification to our phones, we’d get an email and phone call, and Moen would instruct the shutoff in the basement to stop the flow of water to the rest of the house. Water leaks have the potential to do significant damage, but this setup minimizes the effects.

When we go away on vacation, we set the Moen shutoff to “away” mode, which means that any water used will trigger an alert, shutting off the water for the whole house in the process. Our homeowners’ insurance gives us a yearly discount for having the system installed, and we can download a certificate from the Flo by Moen web console.

The water shutoff also has its own logic to determine if you’re using an unusual amount of water, but pairing it with a water leak detector is significantly more accurate. Our humidifier consistently tricks the water shutoff into thinking we have a leak somewhere, and I’ve had the water turn off during a shower too many times to count.

If you’re thinking about buying the smart water shutoff, the extended warranty is absolutely worth the monthly cost. Ours stopped working due to mineral deposits building up inside, and support sent me a replacement part right away.

Unfortunately, the water leak detectors chew through batteries a little too quickly for my liking. The app shows the battery at 100%, then suddenly it’s dropped to 40%, then it’s offline. It’s impossible to know when we’ll need to replace a battery, making them way less useful when they die while we’re traveling.

One other downside: the Flo app hasn’t been updated by Moen for a very long time. There are numerous improvements that Moen could make to modernize the app, such as Time Sensitive Notifications, Siri support, or allowing multiple users on the account. At the moment, Moen only supports a single phone number for emergency calls, which makes it tough for the two of us to respond to notifications quickly.

It looks like Moen is building a brand new app, but it’s not compatible with our Flo devices yet. I hope they’re working to add the improvements I mentioned above. I’d love to use more of these kinds of devices in the future. The smart shower controls look awesome, and they have a very fancy toilet…if only it sounded like Jon Hamm.

Cameras

I’m hoping to see some improvement in this space soon. We’re still with Arlo, but their support is absolutely terrible. In the past few years, we’ve replaced all of the Arlo cameras a couple of times, hoping for better stability, but it hasn’t quite happened yet.

Right now, we have the Arlo Pro 5S, the solar panel, the Video Doorbell, and the Chime 2. We replaced everything because newer Arlo devices connect directly to WiFi, rather than to the old wired base station, so I figured they’d be more reliable. Now, we notice that one (or all) of the cameras just stop recording randomly until they’re rebooted through the app. It’s not great.

Arlo promised the Pro 5S cameras would be able to be added to HomeKit in 2022, but as of now, that still hasn’t shipped yet. Lots of “coming soon” promises in their forums, posted every few months (including last month). No word on whether they’ll get around to adding HomeKit support for the new Video Doorbell, either. Although I didn’t stream the camera feeds in the Home app, I liked being able to use the camera’s sensors to trigger outdoor lights.

One camera has a solar panel connected, but it just doesn’t provide enough power to keep the camera from needing to be charged every couple of months. So, we manually charge both cameras as needed. In the future, I’d like to permanently connect them to power, but that’ll have to wait until we can add some outlets outside. At least the batteries last long enough that we only need to do this every couple of months.

Every time I’ve thought about switching away from Arlo, I’ve found the competition is much worse: Ring apparently works well, but I don’t want to send our footage to Amazon. Similarly, Nest requires that we send our footage to Google. Eufy, despite being an Anker brand, had all sorts of terrible security issues (and lied about them to The Verge). Logitech outdoor cameras have a reputation for melting in direct sunlight, even on mild 70 degree days. HomeKit Secure Video cameras are limited to 1080p video, and Wirecutter found that they miss important events such as detecting people or packages. I think we’re stuck with Arlo for a bit longer.

Thermostat

We absolutely love our ecobee thermostat. It integrates with HomeKit, but the app also works well on its own. Our energy bill skyrocketed as Russia invaded Ukraine, but we’re pretty sure it’d be worse if we didn’t have this thermostat to keep things as efficient as possible.

We also bought a bunch of ecobee room sensors, which immediately paid for themselves. Having these sensors in nearly every room has allowed us to fine tune temperatures for the whole house. I can’t recommend ecobee enough.

Follow-Ups

Some things haven’t changed, but I can give detail on how well they’ve worked over the past few years:

We’ve still got all of the Sonos speakers, though we’ve had frequent stability issues. I’ll probably need to factory reset the entire system again. When it works, it works well, but when it doesn’t work, it’s very frustrating. Their phone support is surprisingly good, however. If I had to do it all again, and we used Apple Music instead of Spotify, I’d take a hard look at the HomePod minis.

We still have our Yale / August door locks. They mostly work fine, though I can’t recommend their support team at all. The August Connect for one of our doors stopped working (this connects the lock to HomeKit), and it took weeks of emailing back and forth to determine that they weren’t going to fix or replace it. Each reply came from a different person, who’d suggest yet another factory reset.

Otherwise, it’s been nice to have a keypad on the front door. I haven’t had to use the physical key once in the past 5 years – the door unlocks automatically via Bluetooth, manually via the app, or with my PIN on the keypad. We’ve also been able to generate emergency codes for family. I can’t help but feel that HomeKey would be a downgrade, as I’d have to tap my phone or my watch to the door lock. That’s hard to do when your hands are full of groceries!

We still have the Roborock vacuums. We run them every day, and our floors are noticeably clean. Each vacuum has required a few replacement parts, which are easy to buy on Amazon. No complaints there. Newer models also mop, empty their own dustbin, and are hopefully quieter, but it’s hard to justify the cost of replacing two fully working vacuums.

The Future

I’m hopeful that Matter will bring all kinds of improvements: more devices from other manufacturers that now integrate with HomeKit, as well as new types of devices that HomeKit doesn’t currently support. More competition generally means lower prices, too.

Plus, being able to integrate devices with each other is the best part! There are so many possibilities. People have been talking about Matter for a couple of years now, and I’m looking forward to seeing it finally take off soon.

Finding Balance While Working Remotely

Alright, back to the technical stuff. Well, sort of.

Something that’s been new to me is working remotely for a company where many of my coworkers are in different time zones. Although I was fully remote at SJU for the last few years of my time there, everyone I worked with started and ended their day at around the same time. That doesn’t happen when you’re working for a global company! To have a work / life balance these days, I need to be mindful of my own schedule. Here’s how I’ve used technology to help me do that.

Focus

macOS Ventura, iOS 16, and iPadOS 16 arrived at exactly the right time for me. I had just started at DoorDash, and was already familiar with Do Not Disturb mode and using the Health app to set a sleep schedule. I’m really glad Apple gave this feature so much attention with the Fall 2022 releases.

To get started, Apple has excellent documentation for iOS / iPadOS and macOS. You have a lot of flexibility to create different Focus modes, but I’ve settled on four: Sleep, Do Not Disturb, Personal, and Off. I work from 10 AM until 6 PM Monday through Friday, so I’ve built my Focus modes around those times.

Sleep: Sleep is a good place to start, since it has to be set up in the Health app on your iPhone. Pick what time you want to go to sleep, and what time you want to wake up. On the weekends, I give myself a slightly later bedtime, and a later wake time. You can pick an alarm if you want to, but I rely on our bedroom Sonos speaker for that, instead, so I can wake up to music. šŸ˜„

I’d recommend setting “wind down” to 0 minutes. It just activates Sleep focus early, which is somewhat unnecessary.

In Settings > Focus > Sleep, you can customize a number of things. For me, Sleep focus is my most restrictive – I have a custom Lock Screen (I’m using “Astronomy” which looks great at night), and the brightness is significantly dimmed. I only allow some apps to send push notifications – mostly ones like 1Password, in case I need an MFA code. I also made a page of apps solely comprised of ones that I’d need if I woke up at night or was getting ready for bed. I also have some shortcuts for actions such as the “good night” scene in Home or to quickly make a new to-do item in OmniFocus. I filter out my work email, too. Lastly, all badges are disabled.

Do Not Disturb: I want this to activate at 10 PM on weeknights, and 11 PM on weekends, well ahead of my actual bedtime. The end time doesn’t matter, since Sleep focus will take over. This is my own “wind down” time, where all notifications are silenced (again, except for apps like 1Password). I have a custom Lock Screen here too, so I can tell at a glance that I’ve activated Do Not Disturb. I picked an excellent wallpaper from Wallaroo and set it to greyscale, taking a colorful beach scene and turning it into a snowy evening. I also filter out my work email here, so I only see my personal email.

Personal: For obvious reasons, this is my favorite. I have a custom Lock Screen with a picture of my wife. It activates at 6 PM each weekday, but also in the mornings – my wake up time is at 9 AM, so it also covers from 9 AM until 10 AM (so I’m not hit with work emails as soon as I get out of bed).

Off: This is what’s in place during my work hours. “Off” is simply no focus activated – the default behavior for an iPhone. Since I manage Macs, I have a Apple-themed Lock Screen and Home Screen. All email accounts are shown in a unified inbox, and no notifications are silenced. I experimented with creating a “Work” focus, but for my purposes, it was kind of overkill to create a separate focus just for that.

Off Lock Screen

Outside of those schedules, I’ll frequently toggle Do Not Disturb during the work day if I’m joining a Zoom call and don’t want to be distracted by notifications. When I’m on vacation, I manually toggle Personal on, so I don’t see any work emails. I used to fully remove my work account from my phone while on vacation, but this is significantly easier!

One of the best additions to macOS Ventura is that you can add a menu bar icon for Focus mode, allowing you to quickly switch to a different mode. All of your iCloud-connected devices will instantly adopt the same mode.

Slack

Slack has an excellent guide to configuring notifications. I set my work hours in there, so I don’t receive any notifications in my off-hours. Coworkers can still push DM notifications through if it’s an emergency, but otherwise, it’s all silenced at the end of the day.

One additional consideration: since I have both my work Slack and the Mac Admins Slack on my phone, I found that I was still seeing badge notifications for DMs on my work Slack, even in my off-hours. This became hard to ignore, so my solution was to disable badges for Slack on iOS altogether. For similar reasons, I don’t have my work Slack on my home computer, as I found myself checking work notifications in my off-hours just to clear the badge.

Google

You can set your work hours in Google Calendar, too. My main recommendation here is to pad the time – in my case, I set my work hours from 10:30 AM to 5:30 PM. That gives me 30 minutes at the start of the day to catch up, as well as 30 minutes at the end of my day to wind things down.

Note that I’m not signed into my work email on my personal computer, and I’m not signed into my personal email on my work computer. However, I am signed into all of my calendars on both computers and my phone – this prevents me from double-booking events and makes it easy to block time on my work calendar as necessary.

Smart Home

I’m extremely lucky to have my own home office – that was one of the reasons we bought our house in the first place. Even though that’s where I work from during the day, it’s also where I keep my personal computer and video game systems. I typically spend a lot of non-work time in my home office.

We picked up some Nanoleaf Shapes LED panels on sale a year or two ago, and I’ve grown really attached to them. I made an ugly fish with big teeth! They provide a lot of great light, but since they’re so customizable, I’ve set them to change on a schedule:

9:30 AM (30 minutes before I start work): Be Productive

6:00 PM: Jungle

10:00 PM (or 11:00 PM on the weekends): Starlight

This helps provide visual signals when my day has changed. The moment the panels go from light blue to green, I know my work day is over. Since Nanoleaf supports HomeKit, I also have the panels turn off as part of the “good night” scene when I go to bed.

Conclusion

If you’re working remotely, I hope this helps give you ideas on how you can use technology to have a better work / life balance. It’s certainly helped me!

Making History

I’ve been super lax about posting here. I wrote something last week about Mr. McCormick’s retirement from the Historical Society of Riverton. Please take a look:

Some personal news

It’s been a while since I’ve posted anything non-technical here, but I have some news! I’m excited to announce that next week, I’ll be joining DoorDash’s IT team! I’ll be working as a Client Platform Engineer, helping to manage all of the devices. I seriously can’t wait!

I was at Saint Joseph’s University for almost nine years, and I couldn’t be more proud of the work I’ve done there. My CIO, Fran DiSanti, sent this to everyone in the Office of Information Technology (and gave permission for me to repost it publicly):

Hello Colleagues,

Many of you may already know that Mike Solin will be leaving SJU this Friday, October 21 to pursue a new job opportunity as a Client Platform Engineer with DoorDash.  Mike is very excited to be joining a new team of client engineers which has been taking shape at DoorDash for the past year.  Iā€™m confident that Mike will do great things for DoorDash just as he has for SJU over the past 9 years. 

Mike started as Technology Support Specialist in OIT and over time was promoted to his current role as Senior Client Platform Engineer.  Throughout his tenure in OIT, Mike has contributed much to our organization and to the University community. He completely reimagined and reengineered the way that we manage our macOS and iOS environments.  When he started at SJU, Mike envisioned a zero-touch, modern approach to device management and he successfully realized this vision by delivering an out-of-the-box deployment experience for Mac users.  His approach was secure, highly automated and allowed users to select and install pre-packaged apps from a software catalog.  In addition to his Mac expertise, Mike became very proficient with our Windows environments and Active Directory.  

Mike has been instrumental in the design, development and deployment of a number of strategic technologies which have had a significant impact on the way in which we manage our endpoint devices, including:

  • An automated data-backup solution (Code42)
  • Endpoint detection and response software (Malwarebytes)
  • Adobe Creative Cloud implementations
  • Mobile Device Management software (Workspace One)
  • Computer encryption
  • Microsoft Azure environment
  • Automated delivery of iPads to users

Clearly, Mike has made many important contributions through the years and along the way, he has continually developed his knowledge and skills.  I am truly grateful for all that Mike has done for our division and the community.  Please join me in thanking Mike and wishing him well in the next chapter of his chapter. 

Fran

Prior to joining SJU, I had moved from Philadelphia to State College, PA, then Richmond, VA. Being a Mac admin is very specialized, and at the time, remote work wasn’t as common as it is now. I missed my family terribly, and regularly used all of my vacation time to drive back for visits. I was incredibly lucky that the opportunity at Saint Joe’s opened up – it brought me home.

Moreover, it gave me the chance to work with a great team. One of the best things about working at SJU was that nothing was off-limits – I was encouraged to learn anything that interested me, and to use those skills to make things better for the university. When the position is posted, I absolutely recommend applying.

Going forward, I’ll still be local to the Philly area! I’m still involved with Greater Philadelphia Mac Admins, and plan on continuing to post to this blog, present at conferences, and participate in the MacAdmins Slack. šŸ˜„

Controlling Munki via Workspace ONE and Active Directory

I got something working recently, and I thought it was interesting enough that it’d be worth sharing.

Our MDM server is a SaaS instance of Workspace ONE UEM, and we have the AirWatch Cloud Connector installed in an on-prem VM to provide integration with Active Directory. Although WS1 bundles its own (modified) version of Munki, we don’t use it – we have a separate on-prem VM for our vanilla Munki server.

Unfortunately, this post is partially about printers (sorry). The challenge with setting up LPD printers on the macOS, is that the drivers need to be installed before the printer is added (or the printer is added with a generic driver, and must be removed and reinstalled). Munki is an excellent use case for this, as the requires and update_for pkginfo keys are perfect for setting up dependencies.

For several years, I used Graham Gilbert’s printer-pkginfo script to deploy printers with Munki. That, combined with my NoMAD group condition script, allowed me to deploy printers to only certain people’s devices – their user accounts in AD needed to be a member of a particular group.

With macOS 12.3 dropping Python 2 from the OS, I needed another solution. I landed on wyncomco’s fork of Nick McSpadden’s PrinterGenerator script. It works well, but with our move from NoMAD to Jamf Connect, how would we be able to leverage our AD groups to deploy these printers?

Thanks to the AirWatch Cloud Connector, I was able to add the AD security group to WS1 (in Accounts > User Groups > List View). The group in WS1 syncs periodically with AD, so users added to AD will appear in the WS1 group after a few hours.

In my case, though, I needed a Smart Group (sometimes called an “Assignment Group”) to actually make use of the user group. In Groups & Settings > Groups > Assignment Groups, add a new Smart Group where the first criteria is the Organization Group that contains your devices. Scroll down to User Group, and select the group you’re synching from AD. Name your Smart Group and click Save.

The last piece was how I’d get the printer to these users. Around the same time, VMware added the ability to run scripts through Workspace ONE. I had remembered Nick McSpadden’s post about Local-Only Manifests in Munki, which was perfect for this. I’d set up a separate manifest for WS1 to write to, and Munki would install the printer driver and the printer automatically.

First, in your Munki configuration profile, add this:

<key>LocalOnlyManifest</key>
<string>LocalOnlyManifest.plist</string>

This tells Munki to check this additional manifest for potential items to install. There’s no need to create the file – if it doesn’t exist, Munki proceeds as normal, without printing any warnings/errors.

Lastly, add this script to WS1 (in Resources > Scripts), and assign it to your Smart Group. Set the language to Bash, and the execution context to System.

#!/bin/bash

defaults="/usr/bin/defaults"
grep="/usr/bin/grep"

printer_installed=$(${defaults} read "/Library/Managed Installs/manifests/LocalOnlyManifest" managed_installs | ${grep} "MyPrinter")

if [ ! "${printer_installed}" ]; then
 ${defaults} write "/Library/Managed Installs/manifests/LocalOnlyManifest" managed_installs -array-add "MyPrinter"
else
    exit 0
fi

exit

In my case, I have it run immediately upon device enrollment, as well as when the network interface changes. The code runs a check to see if the Munki item MyPrinter is in the LocalOnlyManifest, and if not, it adds it. The next time Munki runs a background check, it will install the driver and printer automatically.

The end result is that when a user requires our printer, any AD admin can add the user to a particular group. Some time later, the user will receive the printer without needing to do anything. If the user already has our printer, but receives a new computer, the printer will be added as soon as the computer is set up – no additional admin work necessary.

I hope someone finds this useful for more than just printers!

MunkiReport in Azure

Following up on my last post – up until a couple of months ago, our production MunkiReport server was running Windows Server 2012 R2. Yep, MunkiReport was running in IIS, and MySQL was installed in the same VM. The server was about 8 years old, and while it had served us well, it was time to migrate to something more modern.

As we’re pushing to move more stuff into Azure, and containers are the future of these types of deployments, I spent a bunch of time figuring out how to get MunkiReport running as a Docker container in Azure. Even better: I automated it, so you can do it, too!

Please check out my GitHub repo for the script.

We’ve had this running in production for a couple of months now, and it’s averaged out to about $4.60/day for ~700 clients.

Due to some upcoming life changes, I’m not sure how much further development the script will receive from me. I intend to add some documentation, but there are definitely improvements that could be made (such as migrating to an ARM/BICEP template, or making some portions of the script optional). Please check out the script and let me know what you think!

MacDevOpsYVR 2022 Workshop

It’s been really quiet here, but that’s because I’ve been busy!

For starters, I participated in a workshop in June for the consistently excellent MacDevOpsYVR conference. We discussed various ways of deploying MunkiReport. I strongly encouraged everyone to take a look at Docker!

Many, many thanks to Mat X for inviting me to share my experiences, and for his skillful editing of the video recording.

My diagrams are included in the video, but I’m posting them here for posterity. 😎

More to come on this topic!

Modern Bootstrapping Presentation

I had the honor of presenting at the University of Utah’s May 2021 MacAdmins Meeting this week.

The slides and video are already up – check them out here!

Modern Bootstrapping: Part 2 (Building the Packages)

This is the second post in my multi-part series on modern bootstrapping with Workspace ONE UEM. If you haven’t read the first one, you can find it here.

Modern Bootstrapping: Part 1 (Intro)

For a while now, I’ve been meaning to post about how I’m bootstrapping our Macs using Workspace ONE UEM and several open source tools. This will be a multi-part series, and will culminate with a presentation at the University of Utah’s MacAdmins meeting for May 2021. I feel that it’d be best to start with some historical context and how bootstrapping has evolved since I joined the industry.

Page 1 of 5

Powered by WordPress & Theme by Anders Norén