Mac Patching

Macworld recently published an article discussing a study done by Black Hat that Microsoft appears to be better at patching vulnerabilities that Apple! This underscores my long held opinion that Macs are no more secure than Windows they are just less targeted due to their comparative prevalence. This also demonstrates the fact that Mac’s also need to be protected and secured. I have seen far to many Mac’s roaming about with no Anti-Virus installed and not employing security best practices, their owners saying that “Macs don’t need that stuff”. Hopefully Apple will improve their security posture and embrace the security community so that it can patch vulnerabilities in a timelier manner. Those active in the Apple community should demand this as Apple claims that it is far more secure than Microsoft. I think it is time that Apple put its money where it’s mouth is.

Advertisements

Forest Lake High School Veterans Event Canceled

I am an alumni of Forest Lake High School (FLHS) in Forest Lake, MN. Recently the Principal Dr. Steve Massey canceled an event where veterans from the group Vets for Freedom were scheduled to come speak to a social studies class. Dr. Massey and his staff were contacted by persons that oppose the published goals of Vets for Freedom stating that they would protest at FLHS if the event took place. Dr. Massey realizing that the appearance of protests would be that FLHS was making a political statement in support of the Iraq war was inappropriate for a educational institution.

I listened to Dr. Massey and Pete Hagseth, Executive Director of Vets for Freedom discuss the cancellation on the Jack Rice show aired on WCCO radio on 3/25/2008. Both parties were amicable but disappointed (for different reasons) that the event did not take place. It was also very evident that Dr. Massey had taken steps to ensure that the event would not contain any political positions but would simply be about the life of a veteran and what serving was and is like.

My opinion, which I also spoke to Mr. Rice about on air, is this. I agree that Dr. Massey needed to cancel the event because a public educational institution should not come off as having a political agenda. However, if the event had been put on by an opposing group like Veterans for Peace would Vets for Freedom have threatened a protest? I think it is very unfortunate that a well meaning educator was forced to cancel an event because others were unwilling to trust his judgement. It should also be noted that it was reported on WCCO Radio that the vast majority of the pressure was not from parents of the district but instead from national organizations who in my opinion should not be meddling in this district.

Bristol

I am a huge NASCAR fan and last year I got the opportunity to go to the spring race at Bristol Motor Speedway. I attended the race with my Dad Fred, my step-Mom Vicki, and one of my best friends Jarvis (his posts about the race here, here and here). I have been trying to get tickets to Bristol for several years now and I have been looking forward to this for over a year. Supposedly tickets at Bristol are extremely difficult to get, second only to the opening ceremonies at the Olympics (I have no reference for this so therefore I have to call it here-say).

In the winter of 06-07 the track went through a re-paving, during that time it switched from a uniform banking of approximately 36 degrees to a variable banking of 30-24 degrees. The first race in the spring of 2007 on the new surface delivered significantly different racing. Gone was only one way around the track, the bottom, existing now multiple grooves of racing. Also new in the spring of 2007 was the Car of Tomorrow or COT, I need to mention this in order to make my opinion here valid as both changes could have changed the racing. During this first race on the new surface the feel of the race was significantly different, while this could be a result of the COT, I think that is highly unlikely and I attribute to the track reconfiguration. The race seemed “easy”, gone was the requirement to be able to hold ones emotions in check because of the aggravating nature of the “old” track, gone was the difficult task of ensuing that your car was perfectly balanced in order to keep it on the bottom.  Now the race exhibited the behaviors of a larger 1.5 mile speedway that are far less line sensitive.

Gone was much of my excitement to attend the race yet I was hopeful that as the track and car aged the old Bristol would return. Well I can say now that after my first in person visit to Bristol this will not be a track that I attend again until the old Bristol returns. This is very disappointing to me as the Bristol facility is one of the nicest and well managed track I have been to.

If anyone at Bristol reads this please return the old track, you have removed one of the most unique and highly desirable tracks to attend. I have heard from many of my fellow race fans that they are disappointed with the new Bristol, it no longer has that draw.

SCCM x64 vs. x86 Update

There has been much discussion on the Internet as to whether or not an SCCM server should be x64 or not. One of my very good friends is far more diligent about posting to his blog than I am actually posted much of my long standing opinion here. Much to Jarvis’s chagrin I am going to change my opinion in light of some recent discoveries.

Before I go any further I want to make sure there is a clear understanding about one thing. If you are doing anything but a very small SCCM installation (1000 devices or less) at the very least I would highly suggest offloading SQL to a remote box running x64. This will allow your SCCM environment to scale far better and ensure that SQL Reporting Services will be running remotely, which in turn when SCCM R2 ships will allow your reports to also run in x64. As a more strategic recommendation a strong consideration should be made for a large, centralized, redundant, x64 SQL environment. This type of environment if done properly can have dramatic affects on operational efficiency, costs and virtualization consolidation ratios (more on this in another post some day).

On to the topic at hand; there are two reasons that I no longer recommend x64 for the SCCM site server. First and foremost, if you are monitoring SCCM with SCOM (always a good practice) the SCOM agent will not be able to correctly monitor the 32 bit SCCM processes running on the x64 system. This will result in greatly degraded monitoring and alerting. To me this reason alone pushes me over the edge as SCOM monitoring of SCCM is mandatory in my opinion to maintain a smooth running SCCM site. Secondly, and this should be temporary. When SCCM R2 ships WDS on Server 2008 will allow for multicast distribution points. Currently in the beta the function does not work on an x64 Server 2008 box. While this support has been promised for RTM the fact that it is not in the beta makes me nervous.

For now I think that the safe bet is to install your SCCM site servers in x86 and allow those processes to run natively.