Dec 012011

Courtesy of DeinosCloud

In my home lab I have a couple of machines that I want to start up as soon as the host starts up and in a particular order, that’s the AD controller followed by the vCenter Server server. Both are Windows virtual machines but the procedure works with any virtual machine actually.

The tip is described in the vSphere Basic System Administration PDF document available at, page 140.

    1. In the inventory, display the host where the virtual machine is located.
    2. Select the host and click the Configuration tab.
    3. Click Virtual Machine Startup/Shutdown, and click Properties

    1. Select Allow virtual machines to start and stop automatically with the system.

  1. Click Continue immediately if the VMware Tools starts to have the operating system boot immediately after VMware Tools starts.
  2. To have the operating system start after a brief delay, enter a Default Startup Delay time. This delay allows time for VMware Tools or the booting system to run scripts.
  3. Select a shutdown action and enter a Default Shutdown Delay value to delay shutdown for each virtual machine by a certain amount of time. This shutdown delay applies only if the virtual machine has not already shut down before the delay period elapses. If the virtual machine shuts down before that delay time is reached, the next virtual machine starts shutting down.
  4. Use Move Up and Move Down to specify the order in which the virtual machines start when the system starts.
  5. To configure user-specified autostartup and autoshutdown behavior for any virtual machine, select the virtual machine and click Edit.

In my case my Virtual Machine Startup and Shutdown Behavior looks like this:

  1. My AD controller starts first, then as soon as the VMware Tools starts but with a maximum delay of 60 seconds then,
  2. The second VM start up (vCenter Server).
  3. Then once all VMs in the Automatic Startup section have all started up, the system carries on with the VMs in the Any Order section. In my case I have a third VM which is not tied to a particular order and has different settings than the defaults.

Oct 312011

This article is reprinted from InfoWorld. For more IT news, subscribe to the InfoWorld Daily newsletter.

No longer relegated to the fringe, Macs are fast becoming integral to today’s business organization. As a result, IT can no longer rely on one or two dedicated “Mac guys” to maintain its Mac fleet. Instead, Mac management has become an issue that any CIO or systems administrator may be faced with on any given day.

Along the way, the tools and techniques of managing Macs have changed as well. Pushed beyond their traditional business niches, Macs can no longer be managed independent of other processes and infrastructure. They must be integrated with your existing directory service. They require an efficient, scalable deployment model that hooks into asset management. They require secure, auditable patch management and a device and user management solution that secures each Mac’s core OS components and apps.

In other words, Macs take the same requirements that apply to every Windows PC in your organization, as well as to a growing number of mobile devices. This Mac management guide will help you extend your existing support strategies to Mac workstations, and provide tips and techniques for embracing Macs as they become more prevalent in your business environment.

Active Directory: The hub of modern Mac management

Integration with Active Directory is the foundation for Mac management in the modern enterprise, as the OUs (organization units) in Active Directory can be used as the backbone for nearly any enterprise task, from enabling access to resources to setting group policies to pushing out updates and monitoring workstations. Through Active Directory, Macs gain access to the wide range of Windows Server tools and third-party solutions that key off Active Directory to determine which objects to affect with a given task.

In Mac-only environments, Apple’s own directory service, Open Directory, plays this role. But with Active Directory entrenched in today’s enterprise, extending Active Directory to be the central directory service for your Mac fleet is your best bet. Fortunately, Apple and third-party developers have enabled Active Directory to perform many of the same functions for Macs that it does for Windows clients, whether directly or indirectly.

Apple’s OS X directory service support is built around LDAP and includes a plug-in architecture. The company provides a small set of plug-ins that enable support for Open Directory, Active Directory, and generic LDAP services. The big advantage for enterprises, however, is that this approach allows third parties to create additional plug-ins that offer greater capabilities than what Apple includes with each OS X release.

Apple’s Active Directory plug-in has steadily updated since it was introduced five OS X generations ago, with the most notable improvement in OS X Lion being support for DFS browsing. That said, Apple’s Active Directory support has its limitations, as it is primarily aimed at providing authentication and, on its own, offers almost no client management capabilities.

A Mac joined to Active Directory will have a computer account and you can restrict access to that Mac as you would any PC. You can also grant members of certain AD groups, such as the various admin groups, local admin privileges. Beyond this, the only management capability relates to whether user credentials and home directory items are cached on Mac notebooks so that users can log in when they leave your network and sync automatically when they return.

Some versions of Apple’s Active Directory plug-in have proved problematic in certain Active Directory environments. Because of the scalability and flexibility of Active Directory, troubleshooting these problems can be burdensome. Early versions of Lion displayed issues with Active Directory, though the 10.7.2 update appears to have resolved most of them.

Leveraging Active Directory for Mac client management

Apple has traditionally relied on Managed Preferences for client management. Often abbreviated as MCX, Managed Preferences act like Active Directory Group Policies, providing a powerful, granular system for configuring a complete user environment, including system settings and application preferences. Like Group Policies, Managed Preferences can also be used to restrict access to applications and system components.

Managed Preferences are stored as LDAP objects and attributes in a directory system. Any LDAP schema, including Active Directory, can be extended to support Managed Preferences without having to rely on Apple’s OS X Server and Open Directory to provide client management via Managed Preferences.

There are three primary ways to implement Managed Preferences in an Active Directory environment:

Extend the Active Directory schema: Using Microsoft’s Active Directory Schema Analyzer, you can scan Apple’s Open Directory schema and create LDIF files that can extend the Active Directory schema with all the object data needed to support Managed Preferences data. You can then use Apple’s Workgroup Manager (freely available as part of the OS X Server Admin Tools package) to populate and manipulate that data—pointing to an Active Directory domain controller instead of an Open Directory server running on OS X Server. Workgroup Manager can also perform a handful of user management tasks for Active Directory, though the preferred (and safer) option is to use it only for client management.

OS X Server and augmented records: With Leopard and Leopard Server, Apple introduced what are known as augmented records. In this approach, OS X Server is installed and configured to connect to an existing directory, typically Active Directory. Once joined to Active Directory, the Mac server imports user data and groups from the primary directory into a secondary directory that it maintains. Mac clients connected to this secondary directory rely on the primary directory for authentication, single sign-on, and access to network resources, and the Mac server appends attributes to the primary directory’s records to provide client management and Mac-specific services. Although effective, this approach is better suited for Mac-based departments that are isolated within a larger organization, as it doesn’t scale well and limits administration to OS X Server’s simplified admin tool set.

The magic triangle: This option also requires OS X Server. In this case, however, the server hosts a full secondary directory system that scales through use of Open Directory replication. That server is joined to Active Directory, and clients are joined to both Open Directory and Active Directory. Groups specific to Mac systems and users are created in the secondary directory, then are populated with Active Directory users. Managed Preferences are set using these groups. This solution, which is usually implemented using OS X Server’s advanced administration tools, is more scalable than using augmented records. This scalability, however, is limited to Open Directory’s replication parameters, which are adequate for most environments, but not on par with that of Active Directory.

Device-based management using Lion Server’s Profile Manager

With Lion Server, Apple has introduced Profile Manager, a directory-independent alternative to Managed Preferences. Less of a client management solution than a mobile device management tool, Profile Manager offers the ability to manage both Mac workstations and iOS devices. However, as opposed to Managed Preferences, Profile Manager is device-focused. This enables IT to enroll devices (iPhones, iPads, Macs) and apply policies to them, but these policies are not applied based on user accounts or group membership—just devices.

Being device-focused, Profile Manager doesn’t allow anywhere near the granularity of Managed Preferences or third-party solutions. It simply covers the core needs of client management and allows for self-enrollment by users through a Web-based interface that supports SCEP. When policies are updated, Apple’s push notification system alerts enrolled devices to download the update. This combination makes Profile Manager worth considering as part of a BYOD program, particularly if you will also be supporting employees’ iOS devices.

Profile Manager is easy to implement. There’s no need to worry about schema extensions or multiple directories. If your organization requires minimal Mac management beyond the integration offered by Apple’s Active Directory plug-in, Profile Manager may be worth a look. Keep in mind that Profile Manager requires Lion Server, and it supports only Macs running Lion. Scalability is a factor of Web server implementation, and multiple Profile Manager servers can be used to distribute load. With Apple’s cancelation of the 1U rack-mounted Xserve hardware last fall, ensuring a scalable solution may be difficult, limiting the capability of Profile Manager in many, but not all, environments.

Monolithic imaging vs. package-based Mac deployment

There are two core ways to roll out and update Mac workstations, as there are with Windows PCs. The first is to capture a snapshot of a system to a disk image file, then push that image out to each workstation, either over a network or locally by a connected drive. The advantage of this monolithic-imaging approach is that, once a machine has had an image deployed to it, all software is installed and all configurations are preset.

The other option is package based. You start with a base system (either a stock system from Apple or a minimally configured system image), then deploy additional software or configuration files after the fact. This approach is advantageous when deploying Macs with a variety of application and configuration needs, as it eliminates the need to maintain a large number of images. It also allows you to simply add packages to an install workflow without having to edit or re-create your original system image.

Macs offer one distinct advantage over Windows-based PCs when it comes to monolithic imaging: Because Apple produces both the operating system and hardware, OS X is highly portable. A single image can be rolled out to a variety of Macs and be perfectly functional without further adjustment, providing that the hardware is not significantly newer than the OS X release in the image.

Package installation and patch management

OS X relies on specific file types to install software and updates, much like Microsoft’s .msi format. These package (.pkg) or metapackage (.mpkg) files are read by the OS X Installer service, which installs the bundled executables and support files in the requiste file system directory, usually/Library or /System/Library. This can occur manually, when package files are opened on a Mac, or it can occur unattended or in the background using a variety of tools.

Of course, some applications are installed without the use of package files. These apps often do not require support files, or they create them at first launch. As such, they can be installed simply by copying them to a Mac’s Applications folder or the Applications folder inside a user’s home directory to limit access to just that user.

Other applications, most notably software from Adobe, may use a proprietary installer. For these cases, you can use package file tools to take snapshots before and after installation to create an appropriate package file for the application, if needed. You can also include such files in a monolithic image or use a deployment tool that supports the proprietary format.

Note that package files can simply include files and no actual applications. This makes them an ideal way to mass deploy updated configuration files or documents to specific file system locations.

Apple’s deployment and patch management tools

Apple provides a number of deployment and installation tools. These include Disk Utility for creating system images and Apple Software Restore for deploying images locally or using a unicast or multicast network connection. Package Maker, available as part of Apple’s developer tools, can be used to build package files and code the installer command to install package files in the background, even via SSH. All of these features are available free of charge. (For an overview of these and other mostly free Mac management tools, see “22 essential Mac tools for IT admins.”)

As far as commercial tools available from Apple, OS X Server’s NetBoot, NetInstall, and NetRestorecan be used to streamline monolithic image deployment, enabling you to set up a network-based deployment operation for installing a variety of specific package files. This option allows you to combine a small number of base images with specific packages to automatically customize your Mac fleet during deployment. NetInstall can even be configured to roll out nonsystem package collections.

OS X Server also includes a Software Update Server feature that mirrors the contents of Apple’s update servers. This offers two advantages. First, by mirroring updates locally, it improves update performance while reducing the load on your organization’s Internet connectivity. Second, it allows administrators to vet updates for problems before making them available. It does not, however, provide a mechanism for ensuring updates are distributed, and it cannot be used to provide non-Apple updates.

As mentioned above, the scalability of OS X Server functions has become limited due to Apple’s decision to stop producing enterprise-grade server hardware. For mass deployments using only Apple technology, the ideal solution is Apple Software Restore running in a multicast configuration—with Apple’s NetRestore to automate deployment completely or a series of bootable drives (even small flash drives) with a technician touching each machine to initiate the deployment process.

Finally, there’s Apple Remote Desktop, which can be used to remotely deploy package files, run scripts, and perform other user support and administrative functions, including hardware and software inventory, to ease license management. Apple Remote Desktop is the Swiss Army knife of Mac management, an invaluable tool that every organization should consider purchasing even when supporting just a handful of Macs.

What makes the OS X Lion era different

Although most of the concepts and tools discussed in this article aren’t new or specific to Lion, the latest version of Mac OS X represents a new chapter in Mac management and Apple’s enterprise strategy.

Until last year, when Apple announced it was discontinuing the Xserve, the company continued to position its server and related technologies as a core option for Mac management and support in business environments of all sizes. There was native support for enterprise standards like Active Directory, and OS X Server had begun to offer simplified setup for small businesses, but Apple continued to push its enterprise-specific products.

That approach seems to have drastically changed. Apple no longer produces data center-ready hardware. The company has gutted many of the advanced admin tools in Lion Server, leading to a product that seems to be a transitional release. Most enterprise features are still present, but in a manner that strongly suggests they’re included for legacy support and likely to disappear in a future revision that will focus solely on small business.

At the same time, Apple seems to be building better enterprise support directly into the consumer platforms. This enables enterprises to implement them with no Apple-provided intermediary in many cases. Given Apple has never acted like a true enterprise vendor, this seems a more logical approach and will likely support and accelerate the influx of iOS devices and Macs into the workplace.

Where these products don’t offer enough enterprise abilities on their own, Apple seems content to let third-party vendors fill the void. While a better approach on some levels, it remains clear that understanding the basic concepts and Apple’s original approaches to integrating its products in the enterprise is still useful when it comes to evaluating the available solutions.

via IT’s guide to managing Macs in the OS X Lion era | Macworld.

May 262011

This has been reported over the past few weeks on many tech news sites. Yesterday Apple decided to acknowledge this threat and promises a software update “soon” to remove the MacDefender variants. This update can not come fast enough since the latest varient no longer requires administrative authentication. Sophos was one of the first, if not the first, to report this threat and their software is able to detect all the *known* variants. For specific info on all the variants head over to and do a search for OSX/FakeAV.

While I dont believe this is anything to make a big stink over, we in IT have all dealt with malware threats in the past, what makes this interesting is how Apple and the end users may respond to this. Apple is about to be forced to engage in the cat and mouse game of blocking security holes while new ones are found and exploited. As the past has shown, Apple has a hard time admitting fault and it took them about a month to acknowledge this threat publicly. How this plays out will be very telling. Considering most OSX users have been conditioned to believe OSX isnt vulnerable to malware, spyware, virus threats, etc, they may not hesitate to download random software and attempt to install it. These two things combined make Apple easier to exploit due to slow acceptance of the issue (slow to patch holes) and lack of forethought (maybe I dont need this software or should investigate further).

If you have not taken OSX security seriously in the past now is the time to start.


 Posted by at 4:13 pm
Jan 102011

Between slagging each other off with cartoons like the one above and taking each other to court over chipset licenses, there’s been no love lost between NVIDIA and Intel over the past few years — but it looks like the war is over. The two companies just announced a new six-year cross-licensing deal that will see Intel paying NVIDIA a total of $1.5b over the next five years for access to NVIDIA’s technology, while also giving NVIDIA a license to some of Intel’s patents. The two companies have also agreed to drop all pending litigation, because you know, they’re now friends who just exchanged a billion and half dollars. Crucially, Intel won’t give up rights to x86, flash memory or “certain chipsets,” so we don’t really know if this agreement allows NVIDIA to produce integrated graphics for Sandy Bridge — although most manufacturers are going with an Optimus-style discrete / integrated switchable arrangement that pairs Intel’s on-die graphics with a discrete NVIDIA chip anyway, so we’re not so sure it actually matters. We would love to see NVIDIA support Intel’s Wireless Display 2.0 and the new Insider 1080p movie service, though — and if these two coming closer together results in better Intel on-board graphics that can rival AMD Fusion, well, things will get very interesting indeed. Oh, the possibilities of peace.

P.S.- And seriously, what a turnaround for NVIDIA at CES: it’s gone from being the company that was going nowhere with Tegra to completely dominating the Android landscape with Tegra 2, finding its way into all sorts of cars, and upending the desktop processor space with Project Denver — all while pocketing $1.5b of Intel’s cash. Not bad work for one Mr. Jen-Hsun Huang.

Update: NVIDIA just said on its press call that it has “no intentions to build chipsets for Intel processors,” and that Intel will be able to use NVIDIA’s technology in Sandy Bridge, so we suppose that answers that question.

via Intel agrees to pay NVIDIA $1.5b in patent license fees, signs cross-license — Engadget.

Dec 072010

If you’re curious about OnLive, the unique cloud-based gaming service that debuted in June this year, or if you simply need an outlet for your inner video-game voyeur, you may be interested in the company’s new OnLive Viewer app for iPad.

OnLive, for those who are unfamiliar, is a streaming gaming service that does for games what Netflix does for movies and TV shows. You can install OnLive’s Mac or PC clients, or buy the company’s $99 TV appliance, then purchase daily or monthly passes to play any game from the company’s expanding library.

If that sounds a bit like other services, such as Valve’s Steam, the twist is that OnLive’s servers stream the game as you play it; you’re controlling a live video stream of the game, which is running on a server. The idea is that as long as you have a decent broadband connection, you don’t have to spend all the money or time to keep a gaming rig updated for the latest and greatest titles. And since game developers don’t have to build or port a second version of the game, even Mac users can get in on the fun.

Now, OnLive Viewer isn’t the full-blown iPad gaming client that the company hinted about when it debuted in June. Instead, it’s more of a YouTube or Ustream client for video games. You can watch any game that someone else is playing with OnLive and switch between games like surfing TV channels (except OnLive’s main characters are a little blockier than TV’s and more prone to resurrecting after losing a life). You can also watch and rate “Brag Clips”—videos that show off tough moves or funny failures—and manage your network of OnLive friends.

It should go without saying, but OnLive isn’t oblivious to the full gaming potential of an iPad client. The real challenge of bringing mainstream PC games to the iPad is interface complexity. Most desktop games, especially big-hitters like the Modern Warfare and Assassin’s Creed series that are ideal for OnLive’s service, are designed to require the complex button layouts and manipulation that only a controller or a keyboard and mouse can offer. OnLive states in its press release that full gameplay abilities will arrive in future app updates, though it stops short of mentioning which games we’ll be able to actually play when the time comes.

OnLive Viewer is available now in the App Store for free. While playing games with OnLive requires the purchase of either a daily pass or a monthly subscription which start at $5, using OnLive Viewer to peek in on games being played is free.OnLive releases iPad app for spectating live games | Games | iOS Central | Macworld.

Sep 222010

Check Point, a security company that offers various products to protect consumers and businesses, is imitating the tactics of fake antimalware programs. Over the last few days, ZoneAlarm users have been receiving a warning from their security software that tells them they are not protected against a new piece of malware. The warning is titled a “Global Virus Alert,” shows “Your PC may be in danger!” in bright red, and urges the user to “SEE THREAT DETAILS” and “GET PROTECTION.” The prompt is very poorly designed: it looks a lot like malware masquerading as an antivirus (in fact, we would say that newer fake antimalware prompts are more believable than ZoneAlarm’s warning).

The only thing saving Exhibit A from simply being a prettier Exhibit B is the branding: assuming you know your firewall is from ZoneAlarm, you might guess the prompt is actually legitimate. But why would your firewall issue a virus warning? The strategy is the same used by fake antimalware writers employ: warn users about a threat and suggest they download your solution to fix the problem.

It’s really unfortunate that the designers of this prompt did not take the time to think about how their users might interpret it. Real antimalware software should never ever stoop to the level of fake antimalware software; taking marketing advice from malware writers completely undermines the advice tech-savvy users give their friends: ignore these types of messages.

ZoneAlarm’s customers are enraged, calling the notification a scare tactic, and many of them have opted to uninstall the software. A thread on the company’s forums has now been set as a Sticky, amassing 60 posts and over 27,000 views at the time of this writing.

“We thought we were being proactive with our virus message,” a Check Point spokesperson told Ars. “After listening to consumer feedback, we realized that it was misinterpreted and have turned the pop-up message off… It was never our intent to lead customers to believe they have a virus on their computer. This was purely an informative message about a legitimate and serious virus that also included information about the differences in protection of various products, and how to get protection against it.”

Let this be a lesson to all security companies: the marketing department should not be allowed to make security warning decisions.

via ZoneAlarm caught using fake antivirus scare tactics.

 Posted by at 11:37 am
Sep 142010

High-bandwidth Digital Content Protection (HDCP), the copy protection system used to prevent the making of perfect digital copies of audio and video data sent over DisplayPort, HDMI, and DVI interfaces, may have been blown out of the water if a post made to yesterday is what it claims to be. The post purports to contain the HDCP “master key,” a 40×40 matrix of 56-bit numbers, which is used by the HDCP licensing company, Digital Content Protection (DCP), to generate the private keys used in all HDCP devices.

HDCP was invented by Intel to be a cheap-to-implement, high-performance cryptographic system suitable for use in audio and video applications. Its purpose was to create a secure digital path that could not be eavesdropped, so that pirates would not be able to make high-quality digital copies of high-definition video. HDCP also provides a mechanism for key revocation: if a device’s key has been leaked, it can be added to a list of revoked keys, effectively blacklisting it and preventing it from being used for playback of encrypted content.

Each HDCP device, whether it is a “source” (that transmits encrypted data) or a “sink” (that receives it) has its own private HDCP key. The keys are generated in such a way that each source/sink pair can decrypt the data sent from source to sink, without either source or sink having to disclose its key to the other. To enable this, the source and sink keys have to be created in a particular way: they are all generated from the same master key.

If the master key has indeed been leaked, this entire system becomes broken. With the master key, anyone can generate their own sink keys, meaning that, given suitable hardware, they could always make perfect copies of HDCP-protected content—and they could do so without risk of revocation. This is unlikely to be of much interest to the typical consumer—most people don’t have digital capture devices anyway—but it does mean that someone suitably motivated could build an HDCP sink device that could decrypt incoming HDCP data and produce full fidelity digital streams, and that this device could never be blocked. Such a system would be of interest both to pirates and those with legitimate data archival needs.

The origin of the alleged key is mysterious. A 2001 research paper stated that the master key could be reverse engineered by anyone with enough access to private keys due to weaknesses in the design of the protocol. Though private keys are supposed to be hard to retrieve, for example by being obfuscated in software players, or embedded into chips in hardware devices, this protection is imperfect, and so the master key could have been obtained in this way. Alternatively, it could have been leaked by someone who acquired access to it from DCP through some legitimate or illegitimate means.

In principle, DCP could produce a new master key and a whole new set of device source and sink keys, making the system secret once more. However, such a response is likely to be of little practical value, since it would be incompatible with all existing HDCP devices. Though some devices can have firmware or software upgrades to enable the use of a new master key, this would not be the case universally; such a move would present enormous practical difficulties. More likely, content producers will continue to use HDCP, even if it’s thoroughly broken, just as they do with the Content Scramble System (CSS) encryption on DVDs.

via Claimed HDCP master key leak could be fatal to DRM scheme.

Sep 092010

Installing Windows on Apple hardware

1. Install OSX 10.5 or above.
2. To install XP on the Macintosh, use Bootcamp Assistant in the UtilitiesFolder, to create a Windows partition, can be any size, in this case it wasdivided equally:

3. Once the partition is created, insert Windows install disk and run the installation. Be sure to CONVERT the Windows partition as NTFS. Also take care to NOT delete the 200MB “unallocated space” as this will be used to virtualize the BIOS.

4.Once the installation is completed, if not already booted in to Windows, select the Startup Disk application from the Utilties folder. Select the XP partition as the startup disk to finish the installation.
5.Install the necessary drivers (by inserting the OSX installation disk once logged in to Windows) and running Microsoft Update.

Creating a WinClone image of Windows installation

1. To create a backup file of the Windows XP partition, use Winclone. Select the “Backup” tab and choose the Windows partition, in this case it is named “UNTITLED”.
2. Optional -In the “Image Description field” be sure to note the Processor speed (i.e.2.33, 2.4, 2.6, etc) and any other info pertaining to the image. This image will only work on the same or very similar hardware.
3. Select the location to save the Winclone image.
4. Select “OK” when asked to continue5. Winclone will then proceed to make an image of the Windows partition and save it to the destination specified:

Restoring your Winclone image

To clone this image to another Macintosh, be sure to match the processor speed of the Winclone image to that of the Mac – they must be the same speed (i.e. 2.33 Ghz Mac is compatible with a 2.33GHz BootCamp image, 2.4GHz and 2.6GHz processors have been able to use the same WinColne image in testing).
Note: There also needs to be a BootCamp partition already created on the Mac as well (see Step 1 for help with partitioning the Mac).
1. Open Winclone on the system that will have the bootcamp image installed and select the “Restore” tab.
2. Select the appropriate Winclone source image to restore
3. Make sure that the “Destination” is the Bootcamp partition on the Mac.
4. Select restore and Winclone will proceed to clone the Windows image onto the Bootcamp partition.5. When first booting into Windows you will see the following screen asking to run a check disk. Allow the check disk to finish and you will boot into your Windows image.
You have now successfully installed Windows on Apple hardware, created a backup image of your installation, and possibly even imaged other like systems with the same Windows installation. The method outlined above has proven extremely helpful with Bootcamp deployments to multiple end users.
 Posted by at 1:50 pm
Sep 092010


There are more than 250,000 programs in the App store. Apple has said that it will publish the guidelines it uses to determine which programs it will sell in its App Store . to appease critical developers.

The firm, known for its keen oversight of products, has been the subject of complaints from firms who have had apps blocked from the store.

Some developers have complained that the company’s rules seem inconsistent.

Some have found apps blocked after seemingly minor updates, or for having content deemed inappropriate by Apple.

For example, the developer of Read it Later, an app that allows you to store web pages and read them offline, recently complained that Apple’s reasons for rejecting an update to his app were “contradictory”.

“For the first time we are publishing the App Store Review Guidelines to help developers understand how we review submitted apps,” the firm said in a statement.

Relaxed approach

The introduction to the new guidelines – in theory only available to developers – outlines Apple’s thinking about apps.

“We view apps different than books or songs, which we do not curate. If you want to criticise a religion, write a book. If you want to describe sex, write a book or a song, or create a medical app.”

The firm also outlined certain types of apps that it would not accept.

“We don’t need any more Fart apps. If your app doesn’t do something useful or provide some form of lasting entertainment, it may not be accepted.”

The firm said it would also make changes to its licence that developers must sign to submit apps to the App Store.

“We have listened to our developers and taken much of their feedback to heart.

“Today we are making some important changes to our iOS Developer Program license… to relax some restrictions we put in place earlier this year.”

Among the changes, the firm reversed an earlier decision to prevent developers from using tools that quickly translated code written for other products, into code designed to run on Apple devices.

At the time of the clampdown, Apple chief Steve Jobs said that the tools could result in “sub-standard” applications.

The decision effectively blocked developers from using programs that software giant Adobe was about to release.

Following Mr Jobs decision and subsequent justification, Adobe CEO Shantanu Narayen hit back, calling Mr Jobs’ words a “smokescreen”.

He said the decision had made it “cumbersome” for developers who were forced to have “two workflows”.

A spokesperson for Adobe said it was now “encouraged to see Apple lifting its restrictions on its licensing terms, giving developers the freedom to choose what tools they use to develop applications for Apple devices”.

Jamie Lemon, a developer for Precedent, said that Apple may have relaxed the rules because of increased competition in the smartphone market.

“Apple has realised it is in competition with [Google's] Android,” he told BBC News.

He said it would now be easier to develop for both Apple and Google’s Android operating system.

“You don’t have to plump for one or the other – it’s easier to deploy your app across multiple platforms.”

via BBC News – Apple lays App Store rules bare for developers.

Sep 092010

Microsoft Releases Free Cyber-Security Ebook

Microsoft has released a free—and lengthy—ebook covering a wide range of security topics. Although intended for teenagers, the book offers a solid enough look at using the internet safely, and it’s suitable for anyone looking for a primer on internet security.

It’s difficult to write books for teenagers that don’t fall into the “trying too hard to be cool” trap, but Microsoft has done an admirable job. The text is a comprehensive guide for teenagers (and new computer users) that covers everything from how to spot phishing tactics to setting up your browser to protect against browser-based exploits to dealing with cyber-stalking and bullying. It also provides interesting history and real world examples of the harm that can come from security vulnerabilities.

Microsoft Releases Free Cyber-Security Ebook

The 253 page book is a free download and Creative Common licensed. You can download the entire book at the link below or just the chapters you want to share with family members, students, or members of your organization. Have a favorite book or online resource for helping people get savvy about security and privacy? Let’s hear about it in the comments.

via Microsoft Releases Free Cyber-Security Ebook.