ProfileCreator
ProfileCreator | standards-positions | |
---|---|---|
30 | 180 | |
1,251 | 598 | |
0.9% | 1.0% | |
0.0 | 7.6 | |
14 days ago | 2 months ago | |
Swift | Python | |
MIT License | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ProfileCreator
-
The Right to Lie and Google’s “Web Environment Integrity”
> How many users have devices that they are really administrators of? Fewer and fewer.
As long as nobody has forced you to join your computer to a domain and accept the installation of group-policy overrides, you're still fundamentally an administrator of that machine.
You might not ever feel the need to administrate it, because the OS vendor is often co-administering the machine (see: Windows or macOS when you use a local account rooted in their cloud SSO) but the OS vendor hasn't restricted you from doing your own administration in the way that a corporation or institution administering the domain your device belongs to would restrict you. You still have the ambient authority to administer your machine, whether you ever bother to elevate yourself or not.
You can still install your own X.509 roots of trust. Even on, say, iOS! (You must administer the iOS device using tools — e.g. https://github.com/ProfileCreator/ProfileCreator — that run outside of the device on a "real computer"; but that's just a fact of history, to do with how system administrators generally prefer to interact with computers, not a property of the target device's security. A config profile is just a file format; if someone ever wanted to make a profile editor that ran on iOS itself, they could.)
(And if we're talking about a machine that is corporate or institutionally controlled? Well, then it's the responsibility of the people who manage your device — your IT department — to decide whether a given cert should be given trust.)
> What is the technical challenge of setting up your own HTTP server that can be browsed with an off the shelf browser on your local computer?
The approach where you run a proxy that wraps untrusted connections into trusted ones is fully general, but yes, only really applicable to the most advanced users. But then, only the most advanced users really need the full power of this approach. Only someone with a lot of experience in network security should consider themselves capable of vouchsafing a non-TLS HTTP connection as worth being trusted. You have to basically come up with an "attestation heuristic" for the remote yourself — that it stays on the same IP, that its DNS records haven't changed owner, that the server is still sending the same Server response header, etc.
If your needs are slightly weaker — if you can assume that every remote is at least using self-signed TLS certs rather than not using TLS at all — then the problem is vastly simplified: you can directly trust any cert by putting it that cert directly into your X.509 trust store (in effect making it a root-of-trust — though it doesn't have the X.509 property that enables other certs signed by the cert to be trusted transitively, so it's a leaf-node root-of-trust. A "stump of trust", if you will.) You don't need to run any local servers to do this.
-
Users using their own Icloud.
I don't have much experience with Jamf specifically so I don't know if they have a tool for this, but you can you software like iMazingand ProfileCreator to create the profiles from a GUI and then push the profiles from to devices using Jamf. Using either of these apps, under "Restrictions", you'll be able to deselect whatever iCloud service you want to be blocked and then save it to a profile.
-
Custom JSON Configuration Profiles
In Mosyle in the management profiles section you have an option called Certificates/Custom Profiles, there you can upload a .mobileconfig created with for example Profile creator: https://github.com/ProfileCreator/ProfileCreator which nicely includes the Nudge schema and other common used apps :-), this should be the same effect than in the JAMF video, its almost the same thing instead of cut an paste from the AJMF article, upload de .mobileconfig created by the App.
- How can I have a user account which absolutely CANNOT access the internet?
- Need assistance building .mobileconfig files for 3rd Party apps?
-
Is there a bash command for a device to give permissions for remote session control apps like Zoom/LogMeIn?
There are many examples and several ways to generate a profile that will grant the appropriate perms, personally I have used ProfileCreator: https://github.com/ProfileCreator/ProfileCreator
- How do I edit plists using Xcode?
- How do I allow non admins to Screen-share from payload/profile in macOS via MDM (workspace one in my case)?
-
Custom MacOS configuration profiles
On a side note, you might try this for manually creating profiles. https://github.com/ProfileCreator/ProfileCreator
-
iOS supervised device settings possibility question
If you have a Mac available ProfileCreator works well as an alternative to Apple Configurator, and it has a few more options.
standards-positions
-
Firefox Webserial Addon
You can read through the conversations to understand more of the context
https://github.com/mozilla/standards-positions/issues/100#is...
https://github.com/mozilla/standards-positions/issues/95#iss...
https://github.com/mozilla/standards-positions/issues/336
The main struggle is around giving informed consent that explains the risks. Understandably, browsers don't want to ship a "Set my printer on fire" button.
-
iOS404
You can check why Mozilla and Apple have opted to not support this.
https://github.com/mozilla/standards-positions/issues/154
https://github.com/WebKit/standards-positions/issues/28
Neither Mozilla or Webkit are satisfied that the proposal is safe by default, and contains footguns for the user that can be pretty destructive.
-
Show HN: DualShock calibration in the browser using WebHID
FWIW Mozilla updated their position on Web Serial API to "neutral" and clarified that they might be okay with enabling the API with an add-on.
https://mozilla.github.io/standards-positions/#webserial
Allowing serial but not HID would be really strange. With HID you get standard identifiers that let you filter out devices that are too dangerous for the web. With serial you get nothing. Even if you know a device is dangerous, there's no way to protect users from it.
-
Tailwind CSS v4.0.0 Alpha
Hasn't FireFox been dragging their asses on @scope? https://github.com/mozilla/standards-positions/issues/472
It took years to just convince them of the need for it. And I'm not sure anyone got convinced vs Chrome had already shipped it and Safari has it planned so they caved in.
Hard to believe FireFox used to be a leader of the modern web.
-
An HTML Switch Control
As mentioned by others, OK idea, but not a fan that this isn't standardized. After a quick search+peruse, these seem to indicate that it's not around the corner either. Happy (/hope) to be corrected.
https://github.com/whatwg/html/issues/4180
https://github.com/mozilla/standards-positions/issues/990
-
Platform issues which disadvantage Firefox compared to first-party browsers
Mozilla's position on these specs is nicely outlined publicly and transparently as part of their standards-positions project: https://github.com/mozilla/standards-positions/issues/100
I'm kinda glad it's not implemented in my browser, to be honest, because the whole thing seems like a security nightmare.
It's a shame it impacts some hobby usecases, but I don't think this outweighs the reasoning set out on the GitHub issue.
-
What Progressive Web App (PWA) Can Do Today
This should have big warnings on it. Some of these are not web standards; they are features implemented unilaterally by Google in Blink that have been explicitly rejected by both Mozilla and Apple on privacy and security grounds.
Take Web Bluetooth, for example:
Mozilla:
> This model is unsustainable and presents a significant risk to users and their devices.
— https://mozilla.github.io/standards-positions/#web-bluetooth
Apple:
> Here are some examples of features we have decided to not yet implement due to fingerprinting, security, and other concerns, and where we do not yet see a path to resolving those concerns
— https://webkit.org/tracking-prevention/
This is Microsoft’s Embrace, Extend, and Extinguish bullshit applied to the web platform by Google. Google keeps implementing these things despite all other major rendering engines rejecting them, convinces people that they are part of the web, resulting in sites like this, then people start asking why Firefox and Safari are “missing functionality”. These are not part of the web platform, they are Google APIs that have been explicitly rejected.
-
Why Are Tech Reporters Sleeping on the Biggest App Store Story?
Is BLE a PWA requirement? I think they explained their position pretty well here, regardless of whether I agree:
https://github.com/mozilla/standards-positions/issues/95#iss...
-
Reason to Use Firefox Is Sync That Works
I took a glance at Can I Use what the difference between the last public release of Firefox and Chrome is [1] and they don't really have that big of a difference in the eyes of normal use-cases? Some of these aren't implemented purely because of privacy reasons, the proposals aren't finished yet or complexity [2].
Why would Firefox need to change to Chromium engine? The only websites I notice that don't work with Firefox is because of user-agent targetting or just putting 5-second time-outs in Youtube code on non-chrome webbrowsers [3].
Can you give some examples of websites not working on Firefox?
[1] https://caniuse.com/?compare=chrome+120%2Cfirefox+121&compar...
[2] https://mozilla.github.io/standards-positions/
[3] https://www.neowin.net/news/youtube-seemingly-intentionally-...
- Mozilla's Position on CSS Scope
What are some alternatives?
PPPC-Utility - Privacy Preferences Policy Control (PPPC) Utility
webcontainer-core - Dev environments. In your web app.
Installomator - Installation script to deploy standard software on Macs
WHATWG HTML Standard - HTML Standard
openhaystack - Build your own 'AirTags' 🏷 today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network.
wpt - Test suites for Web platform specs — including WHATWG, W3C, and others
ProfileManifestsMirror - Jamf JSON schema manifests automatically generated from ProfileCreator manifests (https://github.com/ProfileCreator/ProfileManifests)
firefox-ios - Firefox for iOS
mcxToProfile - Convert macOS property lists, defaults and MCX into Configuration Profiles with Custom Settings payloads
WebKit - Home of the WebKit project, the browser engine used by Safari, Mail, App Store and many other applications on macOS, iOS and Linux.
outset - Automatically process packages, profiles, and scripts during boot, login, or on demand.
Fakeflix - Not the usual clone that you can find on the web.