We are considering another rockin' AFP548.com party on one of the evenings of WWDC 2012, and want to know if enough IT folks are going to make it to WWDC to make it worthwhile.  We have a new poll posted (look down, and to the left on the page), so please take a moment to let us know if you are going to be there!

The MacSysAdmin 2012 European Macintosh System Administrator Meeting tickets are now available!  Head on over to registration and grab your ticket early, so you don't miss out.  The lineup of speakers looks awesome, and AFP548.com will be there to cover most of the sessions.  It is in Sweden from Tuesday, Sept 11 to Friday, Sept 14 2012, and will feature topics such as OS X Server, iOS, client management, 3rd party management, and much much more (see the full session list).  A huge part will be meeting up with the other IT folks to meet and discuss.  The MacSysAdmin is quickly turning into the premiere Apple IT conference to go to.  Go get a ticket before they sell out and if you can't go, be sure to check back here to AFP548.com during the conference for updates!

Apple has posted the Apple FIPS Cryptographic Module v1.1 and has an associated "How to set up and maintain a FIPS-enabled OS X Lion system" kbase.  FIPS validation is a certification program by NIST (National Institute of Standards and Technology) to verify cryptographic modules.  It appears from here that the CDSA module is 140-2 level 1 certified. For those not versed in the dark details of FIPS certification, Wikipedia defines 140-2 Level 1 as "all components must be "production-grade" and various egregious kinds of insecurity must be absent".

 The interesting piece to all this is in the "additional information" section of the "How to set up and maintain a FIPS-enabled OS X Lion system" kbase:

"OS X Lion security services are now built on a newer "Next Generation Cryptography" platform and have transitioned from the CDSA/CSP module previously validated on Mac OS X v10.6. However, Apple has re-validated the same CDSA/CSP module under OS X Lion to provide continued validation solely for third-party applications."

 So Lion is not FIPS validated, but the CDSA on Lion is, but only 3rd party apps use it.  Clear?

Well, that was fast.  WWDC 2012 tickets sold out in record time!  Hopefully you got yours, but if not, there is always the videos.  Now we just need to wait to hear the screams from the folks on the West Coast and as they wake up and realize what happened.  Not to mention our friends in Australia and Asia!

WWDC 2012 has been announced for June 11-15, and tickets are now available!.  Run, don't walk, to https://developer.apple.com/wwdc/ and grab yours now.  Every year it sells out faster, and this year should be no exception.  AFP548.com is in the planning stages for some cool stuff around WWDC, so stay tuned.  Now head over to https://developer.apple.com/wwdc/ and get your ticket already!

Everyone that is running a SUS needs to go read Apple KB:5198. Even if you only read the first line of this post, make sure you click that link!

In a nutshell here is what is going on:

1. The certificate that Apple signs software update packages with is expiring on March 23, 2012.

(For those of you keeping track of the Earth's orbit, that's TOMORROW at the time of this posting.)

2. As a result they have repackaged everything with a new certificate that is good until 2019.
3. All existing SUS packages are being reposted. The only change is the certificate signing.

What the reposting means is that if you are running a local SUS it's going to download everything again. Apple's recommendation here is to delete the SUS cache on your servers and let it pull everything down fresh. Otherwise you are going to see oddness with update validation and your SUS storage space will suddenly double.

If you have "Delete outdated software updates" unchecked:

They are not going to be reposting outdated updates in SUS. So 10.7.3 will get reposted, but 10.7.2 will not. This change only affects SUS and the older updates are still available on the Apple support page.

Why are you still here?!? Go read Apple KB:5198 now!

If you haven't noticed, lots of stuff on OS X and iOS uses the Apple Push Notification service these days. MDM, iMessage, iCloud, and on and on. There seems to be a thought though that there is a shroud of mystery around the APNs and its inner workings. Nothing could be further from the truth though as Apple has extensivly documented it on their Developer site.

That's great for developers, but not always as great for sysadmins that just need to get it working. For us the question often is, "How do we test this stuff?".

Read on and learn…

When trying to deploy FileVault 2 it becomes apparent that the 1.0 version in Lion is targeted more for individual home users. For that use case it is an amazing solution that we can't recommend enough.

For enterprise use though it's missing things like automated key escrow and the ability to force it on a Mac. Apparently this bugged the boffins over at Google as they have released their own solution to handle the deployment of FV2.

Sounding like a dapper vegetable, Cauliflower Vest gives you quite a few things:

• Forcefully enable FileVault 2 encryption.
• Automatically escrow recovery keys to a secure Google App Engine server.
• Delegate secure access to recovery keys so that volumes may be unlocked or reverted.

All for the low low price of free. The real gem in here is the csfde tool that allows for actual FileVault setup from the command line, rather than just a CS encrypted disk.

Check it out on the project page.

http://info.condreycorp.com/blog/2012/01/announcing-novell-kanaka-for-mac.html

 

January 18, 2012

Condrey Corporation announced yesterday, an agreement with Novell, Inc. to distribute Condrey Corporation’s popular Kanaka for eDirectory Mac client software for no charge to Novell Open Enterprise Server customers with current software maintenance agreements. The new Novell product will be branded Novell Kanaka for Mac and is available at the Novell Customer Center rather than download.novell.com as was specified in the press release.

Condrey Corporation will continue to provide direct support for Kanaka for eDirectory customers with Maintenance agreements. For Novell Kanaka for Mac users who want to work directly with the Condrey Corporation Support organization, you can purchase new Support Incident packs by contactingsales@condreycorp.com or calling 864-328-8528 Option 3.

Condrey Corporation will continue to distribute Kanaka for Active Directory on its own. 

Google has begun releasing some of their internal tools for managing their Macs.

The first project up there allows you to track application useage on client systems using crankd.

You can see the code on their Google Code page here. Go to the source tab and then browse to see the code files.