Robert Terakedis

SSO Is Not a Flip Switch

Fri, 15 May 2026 00:00:00 +0000

When we started modernizing the LMS infrastructure, the first thing someone asked was: "Can we just add SSO to the LMS?"

It's a reasonable question. It sounds like a small ask — flip a switch, wire up a login button, done. But the moment you start pulling on that thread, you find out it's not a switch at all. It's a decision about where identity lives across every system you own, and getting it wrong means you end up with the same mess you started with, just with a single sign-on button in front of it.

The $300K Spreadsheet: How Manual Provisioning Became a Liability

Sat, 18 Apr 2026 00:00:00 +0000

Last year I got pulled into a project where the team was drowning in spreadsheets. Not the good kind, but rather the unfortunate kind: manual user provisioning lists, copy-paste operations between systems, and a recurring cloud bill that kept climbing because of over-provisioned resources sitting idle.

The kicker? Along with all the manual inefficiences, we incurred $300,000/year in overprovisioned cloud spend. And that was before we even talked about the staff time or the risk of things breaking when a step in the process was missed.

How to host blog images for free with Backblaze B2 and Cloudflare

Sat, 21 Mar 2026 00:00:00 +0000

When I migrated this blog to Hugo, I had to figure out where images would live. My original thought was simple enough: store them in the GitHub repo. That worked fine for six months. Then I started thinking about what happens when I have hundreds of posts with images, and the repo turns into a photo dump.

I looked at Cloudflare Images next. It seemed obvious—I'm already paying for Cloudflare for DNS and SSL. But the pricing pushed me away: the transform API costs add up if you're generating variants (WebP, different sizes), and I'd be locking myself into Cloudflare's image manipulation if I ever wanted to migrate. That didn't feel like room to grow.

Setting up our Calendar Max

Sun, 11 May 2025 00:00:00 +0000

If you’ve ever struggled to keep your family’s schedule in sync—or just wanted a little less chaos in your mornings—the Calendar Max might be your new best friend. After seeing it pop up in a Mother’s Day promo, we decided to give it a shot. Spoiler: our living room wall makes me smile every time I walk by, and even our kids are excited to check what’s coming up next!

Postman Pre-Request Script for Docebo API

Wed, 22 Jan 2025 00:00:00 +0000

I've recently been involved with a project at work to modernize the processes around Docebo, our Learning Management System (LMS). A significant portion of this project involves workflow automation and passing data/events between multiple systems. We accomplish this automation using webhooks and a number of API calls (which you can view at Docebo's API Browser). Early in the process, I stumbled onto the Docebo Community post about Using Postman (and the on-demand Community Coaching Session) which contained a downloadable Postman API collection. This was a GREAT starting point, but the collection used an interactive login to get oAuth2 tokens. I wanted to automate the authentication process and avoid the interactive logins when I was testing against our sandbox LMS instance.

HomePod Mini Ignoring Family Explicit Content Settings

Wed, 04 Jan 2023 22:28:08 -0500

Sudden panic set in as I walked by my child's room and heard the lyric from Monsters by All Time Low -- "I don't mind while you f**k up my life." Yes, I just had the realization that the critical parental controls on the Homepod Mini's in my children's rooms were no longer working as intended. This set off a multi-hour troubleshooting session, with some involvement from AppleCare, that got things working until it didn't (again). As it usually goes, "It Just Works"... until it doesn't.

Apple's Missing Hardware - A KVM Switch

Fri, 25 Nov 2022 15:40:35 -0500

Let me start by saying that I'm assuming many of you out there are in a situation quite similar to my own. This situation; having a personal Mac and a work Mac (and maybe an iPad Pro thrown into that mix also). But if you're also like me, you have limited space on your desk and don't want to be surrounded by monitors! This leads me to my most potent complaint about Apple hardware; the lack of a KVM switch.

My First Dive into BrickLink Studio and a Brick Sketch Template

Mon, 27 Jun 2022 15:20:19 -0400

I was a total "builder" when I was young. I loved pretty much anything that let me create my own structures: Construx, Lego, Lincoln Logs, Marble Runs, etc. Looking back, it really ended up being Lego that I most enjoyed playing with. Back in my Lego heyday, Magtron and Blacktron were the sets most captivating to me. I was fascinated by space (thanks grandparents for the trip to Kennedy Space Center). Some of my favorite sets (which I still have some of the pieces):

Ensuring Domain Name Survival

Fri, 24 Jun 2022 21:54:25 -0400

I was listening to the Security Now Podcast the other day, and a GREAT topic came up that I wanted to write about. That topic, as covered by Leo and Steve, involves ownership (specifically registrants) of Domain Name System (DNS) records. I know from past experience, domain "ownership" never seems to be front-of-mind for many folks deciding to start a website. Whether you're simply looking to blog, or starting a new business, the focus tends to be on the outcome ("I have a new website") than the path to get there. In this article, I want to cover some of the common ways domains are registered and how you can protect your domain name should something ever happen.

New Job in the Privacy Industry at OneTrust

Fri, 24 Jun 2022 21:54:25 -0400

Lots of changes afoot in my professional life. This past February, I joined the ranks of many folks in the Great Resignation and made a career shift. With my new role, I'm working for OneTrust -- a company that creates software to help other companies manage their privacy and regulatory compliance. It's been a total shock to the system --> completely new vocabulary, new verticals, everything. To say I'm feeling impostor syndrome would be an understatement, but I welcome the opportunity to get out of my comfort zone and learn something new.

Change From Beautifulhugo to Clarity Theme

Fri, 11 Feb 2022 12:24:02 -0500

Since I first started this blog, I was using a theme called BeautifulHugo. The theme was great and for the most part visually appealing. However, there were some changes I was hoping to see made to the theme that never really manifested. I had even contributed back some of my own changes, but it appeared the theme had been abandoned by it's creator. I set about looking for a new theme and stumbled onto hugo-clarity. Not only was this theme visually appealing to me, but I could see regular changes being made to the theme. Yes, a theme still under active maintenance!

Mapping Concepts from Munki to WS1 UEM

Mon, 23 Aug 2021 00:00:00 +0000

Since Workspace ONE UEM version 9.3, VMware has included the open-source munki binaries in the Workspace ONE Intelligent Hub for macOS. The intent of this integration was to give macOS admins the ability to distribute 3rd-party non-store macOS apps, without the need to host any backing instrastructure for munki. Because this integration was meant to give admins some of the commonly used functionality, it was not integrated in such a way to include support for ALL munki's functionality. This has left some confusion in the community, particularly with Workspace ONE UEM administrators with extensive munki knowledge/background.

Best Practices for Apple Admins in Workspace ONE UEM

Thu, 15 Jul 2021 00:00:00 +0000

I was recently reading a post about What to do when you have to lay off your Jamf administrator, and it got me thinking. The Workspace ONE UEM documentation generally specifies what you need from a software and hardware perspective in pre-requisites. That said, over the years I've come to know a few unwritten (or written but obscure) best practices for setting up Workspace ONE UEM to manage Apple devices. Hopefully you find this post helpful, but I welcome any comments and feedback!

Great Free Resources to Learn GitHub

Fri, 19 Mar 2021 00:00:00 +0000

Source control used to be a scary, odd thing for me back in college and early in my career. Branching, merging, commits... all the buzzwords I remember from my early days dealing with Microsoft Team Foundation Server (TFS) and Subversion. Admittedly, I never felt like I spent the time required to understand how it all worked. Fast forward to mid-2017, when a group of us within VMware needed to share some of our tips and tricks with the broader VMware community. The EUC-Samples repository was born on GitHub, and my journey like Alice down the rabbit hole began. Over the years, as we've encouraged participation and knowledge sharing amongst those within the community, I still see a hesitation to learn git/GitHub and contribute to the repository.

Converting Jamf Custom Schema JSON for Workspace ONE UEM

Tue, 09 Mar 2021 00:00:00 +0000

Periodically, I see app vendors providing custom JSON schema files to help build app-specific configuration profiles for MDM (specifically Jamf). Workspace ONE UEM supports app-specific configuration, but currently via Custom Settings in an XML format. While many vendors also suppply a custom mobileconfig file or Custom Settings dictionary that can be used with Workspace ONE UEM, I hope in this post to show how any Workspace ONE admin can manually convert a Custom Schema JSON file to Custom Settings XML.

Troubleshooting macOS Management with Workspace ONE

Tue, 27 Oct 2020 00:00:00 +0000

Short post today - just to cover some thoughts on my most recent asset published to TechZone. I finally sat down and dug out all my notes on troubleshooting macOS and put them all together into a single, comprehensive macOS Troubleshooting Guide. This thing was the result of almost 46 hours of fingers on keys: typing, formatting, and testing. I truly hope you all get some value out of it, and do feel free to send me feedback if you'd like it extended and/or notice something missing.

Updated GitHub Actions to Publish Hugo Site From Private to Public Repo

Tue, 27 Oct 2020 00:00:00 +0000

When I restarted my blogging journey last year, I went with Hugo to generate a static website hosted as a GitHub Pages site. As mentioned, Blogger and WordPress always suffered recurring problems, and maintenance with WordPress still turned into a time suck due to its complexity. By comparison, GitHub has been a nearly painless hosting provider, and the way I've configured it has allowed me to keep drafts hidden by staging in a private repository.

Deploying NoMAD over VMware Per-App Tunnel

Fri, 16 Oct 2020 00:00:00 +0000

Some folks recently reached out to me asking for help figuring out how to route NoMAD traffic over VMware Tunnel. Basically, the ask was to use Per-App Tunneling to give NoMAD the ability to obtain Kerberos Tickets and Sync AD passwords without being directly on the Enterprise network. If you're familiar with my previous article about the macOS Catalina Kerberos SSO Plugin, you'll know that Apple's built-in functionality in Catalina doesn't work well with Per-App Tunneling.

Modify ZShell Defaults in macOS

Mon, 21 Sep 2020 00:00:00 +0000

I'm finding myself using the Terminal quite a bit more in my job. I spent a few minutes over the past few days looking at different ways to make the default terminal layout in macOS better. While there are many plugins out there for doing this (Oh-My-Zsh), I wanted to do something a little more straightforward.

How You Change zsh Default Layouts

Armin Briegel has a great article about customizing the zsh prompt in his moving to zsh series. The basics come down to the following - make some changes to the file at ~/.zshrc and then enjoy the fruits of your labor! This file is also where you can add zsh functions (e.g. reusable pieces of code.)

macOS Big Sur and Kerberos SSO via Per-App Tunnel

Fri, 14 Aug 2020 00:00:00 +0000

If you've read my blogs about macOS Catalina Kerberos SSO over Per-App Tunnel and the followup, you'll know that this has been a use-case I'm interested in solving. I put a great deal of effort into filing feedback with Apple and providing steps to replicate the issue. I was quite excited when I saw the per-app Tunnel improvements specifically mentioned in the WWDC videos, and hoped perhaps some changes were made to enable this functionality.

Using GitHub Actions to Publish Hugo Site From Private to Public Repo

Fri, 14 Aug 2020 00:00:00 +0000

I restarted my blogging journey earlier this year when I started looking into ~~Jekyll~~ Hugo to generate a static website. I had past experience with Blogger and Wordpress, but frankly had periodic problems with both platforms that ended up being a time suck. As it has been, Hugo has been a simplistic publishing method and GitHub a reliable (and FREE) hosting provider. Yet, my desire to keep my drafts private (.e.g the use of 2 separate repositories) has created a small overhead in that I have to build and manually commit the website changes to the public repository to make them live.

macOS Catalina Kerberos SSO over VPN Followup

Sun, 22 Mar 2020 00:00:00 +0000

I've been going back and forth with Apple about some of the issues I previously found using the macOS Catalina Kerberos SSO over Per-App VPN. As it turns out, they acknowledged some of the issues I was seeing and are supposedly working on a fix. I've been watching the past few beta releases for macOS, and I've not yet seen anything in the release notes to indicate they've implemented any fixes.

New Key Added to SoftwareUpdate Command in macOS

Thu, 19 Mar 2020 00:00:00 +0000

When Big Sur released, I noticed an issue trying to discover what macOS versions were available in SoftwareUpdate. I worked around this by using the installinstallmacos.py script to download full installers from the store. This script/tool is solid, but I was really hoping to be able to just do the updates using softwareupdate. Awhile back I filed feedback with Apple to the following:

The --fetch-full-installer parameter for the softwareupdate command line tool is awesome, but there's currently no way to discover the list of available values for the --full-installer-version parameter. Can you please add a --list-installer-versions parameter (or something to that effect) that would show the list of available full installer versions that softwareupdate can download? My understanding is the installer versions relate to the product marketing version (like 11.0, or 10.15.7), but as those versions are added/removed it would be nice easily discover that from the command line.

Another GitHub Actions Update - Using Deploy Keys Instead Of Personal Access Tokens

Fri, 06 Mar 2020 00:00:00 +0000

When I restarted my blogging journey in 2020, I switched from Jekyll to Hugo hosted in GitHub pages. It's been a relatively painless journey, and kudos to GitHub as a rock-solid hosting provider. I've covered it before (Initial Setup and First Update), but I've been incredibly happy with private-to-public publishing workflow that allows me to keep drafts and work-in-progress hidden. That said, a recent comment gave me reason to make another update to the Workflow. Read on for more detail...

My Adapted Digital Bullet Journal via iPad Pro and GoodNotes 5

Fri, 06 Mar 2020 00:00:00 +0000

Last year, my wife introduced me to an entirely foreign-to-me concept of journaling known as Bullet Journaling. For those of you uninitiated, think of bullet journaling as an extensible planner with a heavy focus on the index to help bring order to chaos. A bullet journal is flexible, allowing you to organize tasks, events, collections (groups of tasks, ideas, and more). Bullet Journaling was born of a need to bring all the ideas/tasks/events plaguing us in the digital age and put them to paper in a single place. By doing so, there was less chance of forgetting things, and the repetition of writing helped bring mindfulness to the list.

Deploying Microsoft Defender ATP for macOS using Workspace ONE UEM

Tue, 18 Feb 2020 00:00:00 +0000

I had a few folks recently approach me on the MacAdmins slack asking for help with deploying Microsoft Defender ATP for Mac. We got it working, but it came down to 2 issues: conflicting documentation and Jamf/inTune specific templates. Once I was able to parse through the Jamf/InTune documentation, we were able to put together some guidance. We recently published this guide to the EUC Samples GitHub Repository.

Conflicting Documentation

The initial problem I found was some confusion generated by Microsoft's documentation. The first article, Set Preferences for Microsoft Defender ATP referenced a payloadType of com.microsoft.wdav. These preferences seem related to the UI and various configuration settings. In other words, it controls what changes can be made in the UI if opened by the end-user.

Testing macOS Catalina Kerberos SSO Extension Over VPN

Tue, 04 Feb 2020 00:00:00 +0000

Working at VMware, I'm surrounded by great technology and super-smart folks! In our portfolio of technologies, the folks in our R&D have recently been putting quite a bit of effort into building out macOS capabilities for our Workspace ONE Tunnel client for macOS. Workspace ONE admins can leverage the same VMware technology they used to enable per-app VPN for iOS and Android, but now on macOS! There's a bit of nuance to configuring the VPN client if you're previously familiar with iOS (look for my Operational Tutorial soon to hit TechZone). That said, the premise is the same -- by configuring the appropriate rules, the Tunnel app redirects traffic from whitelisted applications back into your network through the Unified Access Gateway.

Welcome to Hugo (from Jekyll)

Fri, 15 Jun 2018 00:00:00 +0000

Welcome to my wholly reworked website! This time, I've dropped the complexity of Wordpress and opted for something significantly simpler: ~~Jekyll~~ Hugo and GitHub.

Having now hosted the site in GitHub Pages, here was the process I started with Hugo:

Created the Github Pages repo (rterakedis.github.io) -- this is where github pages looks for the blog's generated site files.
Created a 2nd Github repo: rterakedis.github.io.hugo -- this repo holds the source files for Hugo to parse and generate the site.
Added the GH Pages repo (rterakedis.github.io) as a submodule for rterakedis.github.io.hugo
Edited the config.toml in the hugo files to include the following:

baseURL = "https://terakedis.dev/"
publishdir = "rterakedis.github.io"

Add the CNAME file into the rterakedis.github.io repo and enable the custom name/https in the repo settings
Ensure the output from hugo builds into the rterakedis.github.io directory in my local rterakedis.github.io.hugo directory
Commit and push everything to GitHub

A few quick links that I found particularly helpful when I was working with Jekyll:

Robert Terakedis

SSO Is Not a Flip Switch

The $300K Spreadsheet: How Manual Provisioning Became a Liability

How to host blog images for free with Backblaze B2 and Cloudflare

Setting up our Calendar Max

Postman Pre-Request Script for Docebo API

HomePod Mini Ignoring Family Explicit Content Settings

Apple's Missing Hardware - A KVM Switch

My First Dive into BrickLink Studio and a Brick Sketch Template

Ensuring Domain Name Survival

New Job in the Privacy Industry at OneTrust

Change From Beautifulhugo to Clarity Theme

Mapping Concepts from Munki to WS1 UEM

Best Practices for Apple Admins in Workspace ONE UEM

Great *Free* Resources to Learn GitHub

Converting Jamf Custom Schema JSON for Workspace ONE UEM

Troubleshooting macOS Management with Workspace ONE

Updated GitHub Actions to Publish Hugo Site From Private to Public Repo

Deploying NoMAD over VMware Per-App Tunnel

Modify ZShell Defaults in macOS

How You Change zsh Default Layouts

macOS Big Sur and Kerberos SSO via Per-App Tunnel

Using GitHub Actions to Publish Hugo Site From Private to Public Repo

macOS Catalina Kerberos SSO over VPN Followup

New Key Added to SoftwareUpdate Command in macOS

Another GitHub Actions Update - Using Deploy Keys Instead Of Personal Access Tokens

My Adapted Digital Bullet Journal via iPad Pro and GoodNotes 5

Deploying Microsoft Defender ATP for macOS using Workspace ONE UEM

Conflicting Documentation

Testing macOS Catalina Kerberos SSO Extension Over VPN

Welcome to Hugo (from Jekyll)

Great Free Resources to Learn GitHub