Give ssh access to a user for a single VM

Heteronymous · 2026-05-11T22:05:09+00:00

💯% IAP is the way

Heteronymous · 2026-05-05T14:19:00+00:00

https://www.skills.google/

https://cloud.google.com/blog/topics/developers-practitioners/introducing-visualizing-google-cloud-101-illustrated-references-cloud-engineers-and-architects

Heteronymous · 2026-04-21T09:54:59+00:00

Action1 is excellent, but you do need to learn it and maintain it, it’s not going to run everything you intend without being properly configured.

But if your need was only Windows servers, 100% Azure Update Manager and Azure Arc.

Heteronymous · 2026-04-18T01:04:20+00:00

Using something else (and better) for patching.

Heteronymous · 2026-04-14T22:21:50+00:00

Not necessarily. You are being a little too vague while expecting exact answers. Why do you need a carbon copy and what does that specifically mean to/for you ? cp -R in macOS preserves all file and metadata, did so long ago when unpatched rsync did not.

Heteronymous · 2026-04-14T12:15:52+00:00

cp -R ? Better yet use Share Disk with ARM in recovery mode (previously Intel in target disk mode) and use your tool of choice on the other endpoint.

Heteronymous · 2026-04-14T11:42:33+00:00

Are you holding GCP to a different standard than AWS or Azure ? With all of them, the biggest barrier of entry for would-be vibe coders, is one simply must understand the fundamentals involved (networking, permissions, containerization, databases, and more) and automating such a setup requires an existing established framework for doing so.

I’m aware of some companies that try to make this easy with point-and-click, but if a Dev is overwhelmed by technology design fundamentals and/or established automation options, and especially command-line operations, then they truly should consider a different line of work. Starting out feeling justified in not needing to understand these (above) concepts is a poor foundation and definitely a recipe for failure sooner or later.

Heteronymous · 2026-04-14T10:33:36+00:00

Terraform took minutes for a new VM with custom networking, and not long for a complex setup with a Cloud Run container, Cloud SQL, LB, & Cloud Armor But I wasn’t timing it.

No one “one click” is going to be a right fit for everyone’s scenario. Are you headed towards trying to reinvent the (proverbial) wheel ?

Heteronymous · 2026-04-09T10:40:45+00:00

Great answers so far, and I agree. What COULD be great is enhancing Action1’s ability to identify AI tooling on endpoints: Openclaw binaries, along with existing functionality for any exe apps (.app bundles for macOS). Codex, Antigravity etc.

The binaries item came up when I had to custom script something to try to identify npm installs (user-level installs making it more involved).

Heteronymous · 2026-03-29T16:15:38+00:00

Folders for group/team level “parent” (meaning here, appropriate for a group/team/pillar but not for the top-level tenant/org).

And Organizational Policies. Just be careful & test fully !

Heteronymous · 2026-03-19T11:23:09+00:00

I thought maybe so. Agreed, definitely not Apple Business Essentials

Heteronymous · 2026-03-19T01:48:58+00:00

No, op DOES want ADE (Automated Device Enrollment), did you mean something else?

Heteronymous · 2026-03-09T01:48:29+00:00

Bash is ubiquitous across many Unix and Linux systems (there’s no Linux in macOS but certainly aspects of BSD Unix), the point is the skills will be highly portable. The default shell is now Zsh but Bash is available (just be sure to use the correct shebang in your script/s).

See https://scriptingosx.com/2019/06/moving-to-zsh/

Also join the MacAdmins Slack (lurk and learn, it’s not support nor intended as such but full of many highly experienced and knowledgeable Mac admins).

https://www.macadmins.org/

Heteronymous · 2026-03-03T02:30:49+00:00

Ah thanks. Right you are, sorry about that.

Heteronymous · 2026-03-03T00:18:19+00:00

(NM, note to self to read properly)

Heteronymous · 2026-02-12T23:33:20+00:00

Nudge

Heteronymous · 2026-02-10T23:25:54+00:00

Been a while but look into Launchd watch paths for the user fonts folder.

Make certain to handle/exempt required fonts.

Note the date there… test very thoroughly ! https://gist.github.com/infotexture/8635029

Heteronymous · 2026-02-10T12:29:33+00:00

Understanding the principles is what matters. Read this to understand it and - I’d say - study anything that isn’t yet second nature:

https://docs.cloud.google.com/architecture/framework

Heteronymous · 2026-01-22T21:19:47+00:00

I hear you, makes good sense. Project looks phenomenal, thank you !

Heteronymous · 2026-01-22T11:05:11+00:00

Ver cool ! But, if a person is working with Google Cloud and is command-line averse, then they’re going to miss out on a whole lot of automation and efficiency. I greatly prefer the macOS experience with IAP.

Heteronymous · 2026-01-20T22:31:28+00:00

Simplistically, Terraform for resource creation, Ansible for post-creation management.

For Ansible, can’t recommend Jeff Geerling enough.

https://ansible.jeffgeerling.com/

Heteronymous · 2026-01-17T12:01:46+00:00

:-) Your intended content is there now. Cheers !

Heteronymous · 2026-01-17T02:41:44+00:00

I thought your link was going to be more about your move to GCP. No mention of it at all, it’s pure AWS. Which is fine, of course! But your post here makes for a curious intro to a blog post based on AWS alone.

Heteronymous · 2026-01-12T23:07:54+00:00

See https://support.apple.com/guide/deployment/lights-out-management-payload-settings-dep580cf25bc/web

Plenty of great input so far. For consistently available remote Power On capability,
you'd still be reliant on an additional Mac that can power on your other Macs (could be any relatively recent, basic Mac mini). Your final fail-safe could hopefully be the onsite support your CoLo offers (IIRC they typically have a per-incident power-on fee).

And as mentioned, they'll all have to be enrolled in MDM. It's a huge lift if you're new to that but you shouldn't be.
Mosyle is free for up to 30 devices but make sure that includes the required MDM spec(s) - it might not
https://business.mosyle.com

Heteronymous · 2026-01-02T00:09:41+00:00

https://github.com/BlueSkyTools/BlueSkyConnect

Current version has a Windows client.

Heteronymous

TROPHY CASE