My work in 2017

7 minutes

2017 is coming to an end and unfortunately this blog has not seen many updates. But I’ve written articles for other platforms and made quite a bit of contributions in my Github timeline. I wanted to take the end of the year as an opportunity to quickly summarize and reflect on the work I’ve done in the past 12 months.


In the second half of 2016 I joined Kolide, a new startup focused on building tools that leverage the power of osquery. Joining Kolide was the end of my official tenure as a MacAdmin, as my new role was SRE. But my new job didn’t end my involvement with the MacAdmin community, which I’m grateful to be an active member/participant in. Over the course of the year I also became an active member of the osquery community, helping answer questions on Slack, and doing my best to document relevant issues.
An interesting issue I had to deal with here was the lack of accuracy of the macOS preferences table. Osquery has had the preferences table for a while, but the table had a few bugs and wasn’t well understood by its users. Many osquery examples featured queries like SELECT * from preferences, but the macOS APIs do not support enumerating preferences. Querying preference values correctly requires deeper insights into a somewhat confusing system API. Users of the table weren’t getting reliable results from the table.

A few changes were made as a result of these bug reports. The preferences table recommends that the user specify a WHERE clause, indicating the user and domain of the value. Reading the values from a plist file has also been separated into an independent table. Now the preference table is (hopefully) less confusing to use, returns accurate results and takes into account preferences that are managed by a profile and those set by a user.

Even with this changes, the preferences table remains somewhat difficult to use. With the release of 10.13, Apple made it impossible to query the state of the screensaver lock timeout, by moving the storage of the setting into the user’s LocalItems keychain. I ended up blogging about this change.

We’ve been having bi-weekly office hours discussions with the osquery team and the rest of the community. One of the ideas that came up in office hours is setting up Special Interest Groups (SIG) that would represent the interests of various parties within the osquery community. I proposed that I could contribute to an “accuracy on macOS” group. Although SIGs are still a discussion point, I’d like to invest more time in 2017 dedicated to the UX of osquery on macOS — improving documentation, additional testing and implementation of new virtual tables.

Something else I’ve put a lot of time and effort in are the open source Go projects we’ve released at Kolide.


I’ve blogged a bunch about writing an MDM over the last couple years. The code was always out there, but it required a lot of dedication to get going. Earlier this year MicroMDM got a new release, focused on production deployments and usability by admins. I adopted MicroMDM at work and blogged about how it’s used to bootstrap DEP macs for remote employees. The release of MicroMDM was timely as Apple also made a few changes in High Sierra which more or less make MDM mandatory for enterprise deployments.

MicroMDM is not just a free MDM solution that enterprise administrators can deploy. It also aims to be an API platform onto which custom MDMs could be built. It accomplishes the above goal by faithully implementing the spec with few additional abstractions on top. Instead of creating an opinionated workflow for its users, MicroMDM is providing APIs and a data pipeline others can use to build a custom solution. This is an aspect I’m particularly excited to expand on in the upcoming year.

The next year is looking to be the year where everyone will be adopting a new MDM solution and I’d like to make MicroMDM a viable option for anyone who has the need. Besides working on the API, I plan on expanding work on the documentation and community.

Other projects

SCEP, a project I created to support MicroMDM last year also gained some adoption this year. I refactored the code and added compatibility for working with Microsoft NDES servers. While working with SCEP this year, I created a supplementary repository for testing the server and client in different environments.

Squirrel, is another project I launched this year, although I did not advertise it outside the MacAdmins Slack. Squirrel is a simple Go server, which serves a Munki repository, but comes with a few ease of use features for its users:

Although you can accomplish everything above using a general purpose webserver like NGINX or Caddy, I felt it was important to create a custom solution which could help new Munki users with their server configuration. I also wanted the ability to extend the server in the future by implementing the Munki API specification and other admin focused features.
This year I also played with a Simian deployment which features a neat certificate based authentication flow for Munki clients. I am considering adding that auth mechanism to Squirrel.

Speaking of Simian, I made a little utility which allows AutoPKG users to automatically add new packages to a Simian server.

Next up, Moroz was a small project I released for managing configuration of Santa endpoints. I didn’t advertise the project much, but it still found a few happy users and even got a mention in the end of Google’s fleet management whitepaper. The Santa team announced they’re releasing Upvote(future link) early in 2018. Upvote is Google’s internal solution for managing Santa whitelists.


Looking back at this past year I’ve gained a lot of experience with Go, especially writing endpoint management services. I’ve also been an active Kubernetes and GCP user for > 1 year, but I haven’t had a chance to blog about what I’ve done in those spaces yet. I’m definitely more comfortable sharing work related to Mac admin work, but I look forward to breaking that cycle in the upcoming year.

Another thing I’ve done a lot of in 2017 was provide end user support on Slack. All the projects I mentioned in the blog post were new, so helping new users is somewhat expected. But I realized I’ve been spending time doing that work at the expense of writing better documentation. In 2018 I plan to explore more scalable ways of helping users, focusing on more accessible documentation and growing the community around each project.