A new version of DAVE is now available. According to the latest release information from Thursby:
DAVE 8.1 is geared to professional use in design, publishing, production, colleges and businesses requiring enterprise Mac-Windows file/print integration with:
- Snow Leopard (OS X 10.6) and Leopard (OS X 10.5)
- Includes full Microsoft DFS support, not part of OS X
- Includes commercial grade network volume support for files/directories/home folders around Mac apps such as Adobe Creative Suite, Apple Final Cut Pro, Avid and Microsoft Office for Macs
- Native OS X/SMB *enterprise* network volume use can lead to loss of files and corruption since it is geared to home/small office work
The jamf command that is placed inside the /usr/sbin directory has a number of things it does really well. Many of the tasks exposed in Casper Admin can be tapped into using shell scripts.
One nice option that the Casper Suite has for the mobile users in many an enterprise is the ability to restore a given machine to a known good working state. Casper addresses this using a concept known as a restore partition. The restore partition can be used to deploy a base set of packages to a client, or maybe just a functional operating system that hooks back into the JSS, or JAMF Software Server. Because you want the restore partition to be somewhat undefiled, you can hide it. Then, if a user needs to boot to the restore partition, they would simply boot the computer holding down the option key and select Restore (or whatever you have named it).
The /usr/sbin/jamf command can then be used to hide that restore partition using the hideRestore option. For example, assuming that the restore partition is named Restore, the following command will hide it:
/usr/sbin/jamf hideRestore
But, you might find that you want to deploy multiple hidden partitions. So let’s say that you had another for running disk tools. In our environment we could call it 318Tools. So to hide it as well, we would use the same command, but with the -name option followed by the name of the other partition we would like to hide, like so:
/usr/sbin/jamf hideRestore -name 318Tools
Overall, there are a number of uses other than simple patch management with the Casper Suite, and this is just one of the small things you can do with the jamf command, an integral part of the Suite.
According to a press release currently making the rounds, the Retrospect product has now been sold to Sonic Solutions, the makers of Roxio. To quote the press release:
We are pleased to let you know that Sonic Solutions purchased the Retrospect backup and recovery software from EMC on May 18, 2010 and is responsible for all aspects of the Retrospect product line and business going forward.
Retrospect will be part of the Roxio Division of Sonic, a leader in digital media software. Adding to our broad range of products for content creation and management capabilities for businesses and individuals, Retrospect plays a critical role in expanding the Roxio business in the backup category. We understand that backup and recovery is critical to both your business and to your customers, and the Retrospect product line significantly enhances our ability to meet these needs.
Adobe CS5 is now shipping. To download a demo check out https://www.adobe.com/cfusion/tdrc/index.cfm?product=design_premium. Some new features include perspective drawing, width tool, shape builder, live view, browser lab, multiple page sizes, spanning, splitting and a new gap tool. Lots of new goodness here!
Whether you are installing it for 2 computers or 2,000, 318 can help with all aspects of your upgrade. Contact your account manager today, or sales@318.com for more information.
The annual Apple WorldWide Developers Conference, WWDC, has been announced for June 7th through June 11th. The Developers Conference will again be held in the Moscone Center in San Francisco and this year will be solely focused on development, having no IT track. To see a list of sessions, click here.
As part of WWDC, Apple also hands out a number of design awards. If you have any applications you would like to nominate for a design award then you can do so here.
Their use of sandbox is really over and above what we’ve seen from any other vendor. Each installation contains 3 distinct sandbox profiles (currently I have 4.0.249.49 and version 5.0.342.9 although mileage here may vary according to updates), each profile allowing access to only files and resources that are absolutely necessary to complete the task that the process that leverages them requires. You can see the specific resources that are accessible by looking at these profiles. The profiles are located at:
You can then edit the profiles easily. For example, if you want to enable debug logging for sandbox, etc. This allows you transparency into what Chrome is doing but also allows you to further tighten security. Although, they have really taken their time to secure Chrome well and locked things down, so we doubt much further restriction is necessary or really possible. Overall, Chrome provides a great example of taking sandbox to the next level and extending it much more into the applications with graphical user interfaces than we’ve seen it extended to thus far.
While many will be standing in lines for hours at Apple stores around the country, you can also contact 318 and we will work with you to get an order processed without having the long wait. 318 has also been working with many customers preparing to deploy the iPad, and so if you have Exchange integration or mass deployment questions please feel free to contact your account manager today, or for new customers, the office at 310-581-9500.
For those who have had issues with Samba saving to file shares hosted on Windows Server, EMC or NetApp targets from within Microsoft Office (amongst other minor issues), you’ll be happy to note that Mac OS X 10.6.3 and Mac OS X Server 10.6.3 are now available for download. You can run softwareupdate to pick up the updates, or to download the updates manually see the links below:
This week, Apple launched their newest product: the iPad. The sleek iPad is a revolutionary new look at the NetBook, but able to run most of the 140,000 applications that are in the App Store for the iPhone. Given the popularity of the App Store so far and the new development methods introduced for the iPad you can rest assured that even more feature rich applications will be developed for the iPad as time goes on. Not that Apple hasn’t led the charge in using the new iPad APIs: iWork has been ported to the iPad. This means that you can create rich Pages, Numbers and Keynote presentations in addition to interacting with a number of cloud based services and leveraging those existing iPhone applications.
The iPad is aluminum and glass, comes with up to 64GB of space, a multi-touch LED screen, 802.11n, Bluetooth and can have a 3G data connection for only $29.99 per month. All of this in a secure, easy-to-use interface that we’ve all grown accustomed to!
Want help integrating the iPad into your Enterprise? Let 318 know if you have interest with mass deployment, purchasing or development: our developers are on hand to work with you on commercial and enterprise applications as needed!
The permissions that a user obtains for NFS shares will boil down to effective permissions. NFS doesn’t support ACLs, but it does honor them for Mac OS X NFS clients when bound to the directory.: if a user is granted read/write via an ACL, they WILL have read/write access via NFS. However, there are a few things to note here.
First and foremost, granular ACL’s won’t translate completely. Secondly, although you might have effective write privileges via ACL’s, if you don’t have write privileges via POSIX, it will *look* like you don’t have privileges when you do an `ls` on the mounted NFS volume, however, if you try to read or write a file, it will work without issue. Poorly written software might inspect the POSIX permissions and determine that you don’t have access when you really do. Most software will attempt to read/write an asset and will report errors when encountered (as it should). Lastly, ACL inheritance IS honored over NFS as well, so any files/dirs your users will create will have the appropriate ACL’s assigned on the backend, though displayed POSIX permissions once again won’t be especially accurate.
If you have been wondering what more you can do with that shiny new Mighty Mouse then get ready. MagicPrefs, from Vlad Alexa allows you to do the following:
- It features the ability to bind a variable number of finger clicks, taps, swipes, pinch and other gestures to functions like Middle Click , Hold Down Both Mouse Buttons , Spaces , Expose, Dashboard etc.
- Touch Sensitivity implements a single point control for a number of factors impacting the algorithms of the taps, swipes, pinche and other gestures.
- Tracking Speed adds the ability to increase the maximum mouse speed by a extra 200%.
- Also featured is a real-time display of the fingers touching the surface of the mouse that you can enable to test and monitor the way the mouse sees fingers.
318 has open sourced our mergeSafBookmarks python script. This tool can read in a pair of property lists and merge them into a single resultant bookmarks file for Safari. This takes a lot of the work out of pushing bookmarks to existing users as part of your deployment. You can find it here:
318 has decided to open source our ASR Setup Tool under GPLv3. The tool can now be found at http://asrsetup.sourceforge.net. The ASR Setup Tool is built as a wrapper for the asr command line suite from Apple. The description from SourceForge:
Developed by 318 Inc., ASR Setup Toll is an application for setting up Apple Software Restore (“ASR”). In the context of the ASR Setup Tool, ASR is used for setting up a multicast stream that can then be leveraged for imaging Mac OS X computers.
For what it’s worth, we take ours from the command line. It helps keep proper track of the names screens. Simply open up a terminal window on a remote server via Apple Remote Desktop (ARD) and run the following command:
sleep 3; screencapture -iw ~/Desktop/filename.png
When you run that full string as a command you’ll have 3 seconds after hitting enter to highlight your target window, at which point your cursor will switch to the photo in window selection mode. Alternatively, you can run:
sleep 3; screencapture -iwc
Which will capture the picture to the remote machines clipboard (and can then be copied via ARD, and opened in Preview (File->new from clipboard).
For those considering a migration for Snow Leopard or those who have already moved into Snow Leopard, you will be interested to know that Apple has released the 10.6.2 update that has been in progress for some time. Updates and issue resolutions that are included (from Apple):
an issue that might cause your system to logout unexpectedly
a graphics distortion in Safari Top Sites
Spotlight search results not showing Exchange contacts
a problem that prevented authenticating as an administrative user
issues when using NTFS and WebDAV file servers
the reliability of menu extras
an issue with the 4-finger swipe gesture
an issue that causes Mail to quit unexpectedly when setting up an Exchange server Address Book becoming unresponsive when editing
a problem adding images to contacts in Address Book
an issue that prevented opening files downloaded from the Internet
Safari plug-in reliability
general reliability improvements for iWork, iLife, Aperture, Final Cut Studio, MobileMe, and iDisk
an issue that caused data to be deleted when using a guest account
Mac OS X 10.6.2 represents Apple coming another step to making Snow Leopard ready for mass integration in most any environment. If you have not already done so, consider contacting your 318 representative now to start planning for your migration!
The vm_stat command in Mac OS X will show you the free, active, inactive, wired down, copy-on-write, zero filled, and reactivated pages for virtual memory utilization. You will also see the pageins as well as pageouts. If you wish to write these statistics routinely then you can use the vm_stat command followed by an integer. For example, to see the virtual memory statistics every 5 seconds:
Ever lost the data on your computer and then realized that your media library was on your iPod or iPhone but not on your computer? Or maybe you had some data backed up but not your massive media library? Well what you need is iTunes backwards: copy the media files from your iPod or iPhone to you computer. Luckily there’s Senuti, which is iTunes spelled backwards because it does just that; it copies data from your mobile device into the iTunes library. This should not be used as a backup tool but it does make for a nice recovery path in some cases!
When you plug in the iPhone, iTunes opens up automatically as does iPhoto if you have any images in your Photo Roll. But what if you want to use your iPhone as a regular old USB jump drive? Run this little program: http://code.google.com/p/iphonedisk/
Have you struggled with Open Directory backups? Do you open up Server Admin and click on the Archive button when an alarm in your calendar tells you to do so? Well, we’re gonna’ help you out then. We’re going to automate backing up your Open Directory. We’re going to invoke the backups through launchd and we’re going to keep them for an amount of time you determine and automatically prune the old ones. We’re going to let you choose the location to store them and the password to unlock them. And we’re going to let you do all this through a graphical package called the 318 Auto Archiver.
Originally written for our own staff we now open it up to you as well.
318 is proud to announce that we will have 3 speakers doing a total of 4 sessions at the upcoming MacWorld Conference & Expo in San Francisco in February. Speakers will be Beau Hunter, Zack Smith and Charles Edge.
We will also be announcing some events as the conference gets closer. If you are planning to attend then you can sign up here. We hope to see you there!
Virtual Private Networks, abbreviated “VPN” is technology that that allows users to connect from one place to another securely. What makes it secure is that the connection between point A and point B is encrypted. An encrypted tunnel is built between Point A and Point B, and then data is passed through that tunnel.
VPN’s come in many different types (protocols). Some of the most common include the following:
PPTP
Often called “dial up VPNs”, it technically extends the functionality of PPP. It was originally started by Microsoft, US Robotics, Ascend Communication, 3Com, and ECI Telematics. Their first draft of their IETF document for the protocol extension was submitted in June, 1996. The protocol extension is supported by Linux, Mac and Windows workstations.
Current versions of all three operating systems include the VPN Client application pre-installed in the operating system. All three operating system server versions can also be setup to allow PPTP connections. A Microsoft Routing and Remote Access Server (RRAS) typically uses Microsoft Point to Point Encryption (MPPE) which is based on RSA RC4 and supports up to 128 bit encryption.
IPSec
IPSec is short for Internet Protocol Security. It works on Layer 3, and is often called “Site to Site VPN”. It is usually used to connect one LAN to another LAN, most times using two hardware VPN units at each side communicating with each other. It can also be used to connect a workstation to the corporate LAN, typically using proprietary software from the VPN manufacturer/developer (although you can sometimes use the built in software in the operating system – as is the case with Windows). The protocol can function in two modes (Transport and Tunnel) and provides end to end security by authenticating and encrypting the packets between parties. It can support up to 168bit encryption with 3DES.
SSL VPN
SSL VPN is a type of VPN that allows communication to happen over https via web browsers. The main advantage of SSL VPN is that no additional client software is required besides a web browser. Since no software needs to be installed on a computer, a user can access the corporate network via VPN from just about any computer (i.e, Public Computer, kiosk, etc.). The disadvantage is that because it tends to make the applications you would normally use a web type of application, you often lose some of the intended user experience of those converted applications.
L2TP
L2TP is short for Layer 2 Tunneling Protocol. It doesn’t do any encryption on it’s own, and is often used in conjunction with IPSec (L2TP/IPsec VPN). The biggest thing to remember about L2TP is that it allows more types of applications to communicate through the VPN connection that otherwise are not supported in a standard IPSec implementation.
In a nutshell, deciding which VPN protocol to implement depends on your budget, the hardware that you have, what will be connecting (workstation/user, or LAN to LAN) and the ease of use. Please feel free to contact us, and we will be happy to help plan out your VPN infrastructure, or answer any questions that you may have.
In Mac OS X 10.5 and below, the default behavior was to take screenshots (command-Shift-4) by creating a file on the desktop automatically named Picture 1.png. The second file would be created as Picture 2.png and so forth. In Snow Leopard though, the screen shots are named Screen shot followed by the date (YYYY-MM-DD) and then the time (HH.MM.SS). So if I took a screen shot at 3pm today it would be called “Screen shot 2009-08-31 at 3.01.05 PM”. This keeps them showing up in the same order they otherwise would have. At first I wasn’t sure whether I liked this change, but now I’m sure that I do. The defaults commands that were used to change the default image type and the location are still applicable.
