WWDC 2012 has been announced for June 11-15, and tickets are now available!.  Run, don't walk, to https://developer.apple.com/wwdc/ and grab yours now.  Every year it sells out faster, and this year should be no exception.  AFP548.com is in the planning stages for some cool stuff around WWDC, so stay tuned.  Now head over to https://developer.apple.com/wwdc/ and get your ticket already!

http://info.condreycorp.com/blog/2012/01/announcing-novell-kanaka-for-mac.html

January 18, 2012

Condrey Corporation announced yesterday, an agreement with Novell, Inc. to distribute Condrey Corporation’s popular Kanaka for eDirectory Mac client software for no charge to Novell Open Enterprise Server customers with current software maintenance agreements. The new Novell product will be branded Novell Kanaka for Mac and is available at the Novell Customer Center rather than download.novell.com as was specified in the press release.

Condrey Corporation will continue to provide direct support for Kanaka for eDirectory customers with Maintenance agreements. For Novell Kanaka for Mac users who want to work directly with the Condrey Corporation Support organization, you can purchase new Support Incident packs by contacting[email protected] or calling 864-328-8528 Option 3.

Condrey Corporation will continue to distribute Kanaka for Active Directory on its own. 

Apple released their new Lion Server Advanced Administration documentation. 

Has anyone yet analyzed what's new?

I filed an enhancement request asking for them to flag the differences. 

Hey folks,

It's been a while since we InstaDMG-ers were at the forefront of people's minds, and it may seem like the whole IT landscape has changed.  I wanted to briefly drop you a line with a few tidbits and subtle reminders.  For one thing, did you know InstaDMG (and InstaUp2Date) is not just Lion-ready, but can now build images for (and on) Lion Server?  New catalogs, downloads and revised docs are imminent, keep checking the instadmg.googlecode.com site and follow the @OSX_adm twitterbot (trendy!)

Also, please understand that while InstaDMG was a early star in the modular image creation revolution, which helped turn the spotlight on packages and powerful image-building, it's merely a tool that fits a need.  Just because Greg Neagle developed and released a Lion upgrade package (which complements his work on Munki) doesn't mean it could be utilized with InstaDMG.  Likewise, many have hoped InstaDMG could address certain needs involving the recovery partition Lion introduces, but please remember, that's just an additional, somewhat static partition.

So when looking over tools in your chest, old (like NetRestore, hallowed be its name) and new-ish (like DeployStudio, which can extract and lay down recovery partitions with aplomb), please remember that InstaDMG is still an effective hammer. Your problem may just not be a nail, and that's A-OK. Thanks for listening!

You can use the following command to disable the 'reopen windows when logging back in' option in Lion:

defaults write com.apple.loginwindow LoginwindowLaunchesRelaunchApps -bool false

While in Snow Leopard you may have had to script you way to fame and money to get your Mac to get a certificate from a Microsoft CA, in Lion it's mostly done for you.

Take a look at this support document for the gory details on using a profile to get your Mac to request a certificate. 

Note that you can do all of this by hand, or by script, in XML and then distribute through whatever means you want to your Lion systems.

Go directly to step-by-step instructions. 

On July 10, 2011, DigiNotar.nl (a Netherlands CA) issued a fraudulent SSL certificate for the domain *.google.com, which would be valid for all google.com domains. DigiNotar has not been forthcoming about how the attackers were able to obtain the fraudulent certificate, releasing only a PR statement without any content. This means that more fraudulent certificates may have already been issued or may be issued in the future for *.google.com or other domains. While current indications are that it was used to snoop on G-Mail communications in Iran, no one knows what other places it might be used and for what other purposes. 

Furthermore, due to the nature of the certificates system, until the DigiNotar.nl registrar is completely secured and how the attack was conducted becomes publicly available, every SSL protected website and service in the world is vulnerable. 

Microsoft IE, Google Chrome, and Mozilla Firefox already have or have announced plans to very shortly blacklist all DigiNotar.nl certificates. If you are running IE (any version) on Vista, Windows 7, Server 2008, or Server 2008 R2; or an up to date version of Firefox or Chrome, you'll be OK in the near future. This is pretty much a death penalty for the DigiNotar CA. I would have been a bit more forgiving, perhaps, but the actions of the security teams at Microsoft, Google, and Mozilla have convinced me that revoking the trust of the DigiNotar CA is necessary. 

Apple has not yet updated Mac OS X and Safari as of this writing or made any announcements about its plans.  Until Apple releases a security update for this issue, you can protect yourself on an individual Mac computer by following the steps in this article, which includes steps for managing the process via MCX and shell scripting for mass deployment.  

NOTE: Unfortunately there is no equivalent process available for iOS at this point. You can add your own trusted CA certificates via the iPhone Config Utility and Configuration Profiles, but you cannot remove or modify the trust levels for pre-installed system certificates. 

OS X Lion’s Recovery HD partition is required for some new Lion features, like FileVault 2 (http:/ /support.apple.com/kb/HT4649). Unfortunately NetRestore does not create this partition. A supported way of setting this partition up is to install a minimal OS X Lion system first.

Since NetInstall uses the installer command to create the partition we can do the same.

Read on for more… 

Apple has announced that the Volume Purchase Program (VPP for short) is coming to business. The VPP allows organizations to purchase applications in bulk. These applications can be standard apps that are on the store, and would be the same price you would otherwise pay, but acquired with a redemption code (similar to how you can gift applications) that is distributed from program facilitators rather than using a credit card. 

VPP for Education has been around for awhile and there are a few lessons we've learned from deploying it: 

• The VPP can only be used for paid apps, so no free apps
• iBooks and In-App Purchases are not part of the VPP
• The first step is to enroll
• To enroll, you need a Dun & Bradstreet number (DUNS)
• The address you use needs to match the D&B database
• You'll then create a new Apple ID used to manage the account (same ID developers will use if you're using B2B apps), which becomes the Authorized Purchaser
• Once you are logged in as the Authorized Purchaser, you can then search for an App and purchase an unlimited number of them (again, no free Apps) using a credit card, PCard or Paypal (Education customers can buy tax exempt vouchers)
• Then download codes for each installation of the App and email or distribute them as needed (you can have multiple Program Facilitators to do this)
• Codes are distributed in a URL, where users use their Apple ID to redeem the codes (think tap a link and you just bought an app).

Originally, distribution of codes was done manually. I would expect that the future of software distribution using these codes will be through MDM providers. VPP codes can be managed via JAMF, FileWave and others today (think recommended apps), taking a lot of the pain out of software distribution via the App Store. 

Additionally, Apple now offers Custom B2B Apps, which as the name implies are custom applications that undergo the same App Store approval process as other apps and can then be distributed via the App Store, which opens up the distribution of private white labeled application versions of apps that are already on the App Store as well as a marketplace for custom developers and enterprise software makers. These apps do have a minimum of $9.99 but there are a number of ways vendors can built that into licensing models.

The extension of the VPP into business and some new additions that weren't present in the education version of the VPP are welcomed to those who have been doing large deployments of iOS devices. There are still a lot of issues that need to be worked out around this strategy of application deployment; however, it's good to see a little traction!

A new release of my monitoring plugin for Nagios (and compatible) monitoring solutions is available. This version includes some added hardware monitoring for HDD, Memory & CPU Usage. There are many bug fixes which clean up a lot of the (null) and 404 errors that were occurring when run from a OSX monitoring server.

 You can down load it from https://code.google.com/p/libsrvrmgrd-osx/downloads/list

To get usage instructions just run the plugin from within a terminal with no arguments. Please get stuck in and log bugs/feature requests! 🙂

 Félim