Search
Search the archive with full-text matching across story titles, bodies,
and comments. Phrases are quoted; or, -word,
and parentheses behave as in a web search. Queries must be at least
3 characters.
Stories · 3,462
-
Review - Mac OS X Server 10.3, Part 1
What is the point of Mac OS X Server? Mac OS X is Unix. I have Apache, bind, sendmail, (and whatever I want) already on here. My Mac OS X box is a server already, right? I have a home network with a half dozen Macs, and have a box that does some serving, and I want it do more. So, I set out to figure out what this Server thing is. (Read on for the rest.)
Sure, I can read. I can go to the Mac OS X Server web site and read all the documentation for things related to "standards-based management," "share printers and files," "n-tier" solutions. Yawn. I know all about this stuff, and I know I can do it already. If I am paying good money for this, it better have value I can't already get for free.
First Things First
Essentially, Mac OS X Server is the same thing as Mac OS X (a.k.a. Client). It's the same core OS, it has the same versioning (10.3.2 as of this writing), it runs the same programs. But Server comes with programs and tools and configurations geared toward being a server, rather than a user's workstation.
Server comes in two flavors: a 10-client version for $500, and an unlimited client version for $1000. The only difference between the two is that the 10-client version limits file and windows sharing to 10 simultaneous clients. You can have any number of users, but only 10 can connect to those services at the same time.
With that money, you also get 90 days of "up-and-running" support covering the software that ships with Server. So if you've read the frelling manual and still can't figure out why the firewall doesn't seem to be working, you can get some help. After 90 days, you can still get help -- including more advanced topics -- but it will cost you from $6,000 to $50,000.
Hardware
The Xserve, Apple's rack-mountable computer, comes with the unlimited client version of Server preinstalled; and really, Server is built with Xserve in mind. Server Monitor, included with Server, displays uptime, temperature, drives, power, network usage, fans, and security of Xserve boxes.
You can configure Xserve boxes automatically with Panther Server preinstalled. Design your configuration on one machine, set up an LDAP server and put it in the DHCP server settings, and add your configuration file to the LDAP server. Turn on the other servers for the first time, and each one will find the DHCP server, find the LDAP server, find the configuration file, and configure itself automatically. You can also put the configuration file on a USB key or somesuch, and the machines will configure themselves that way, too.
My test box is a dual G4/1.25 GHz Power Mac; it performs with nary a hiccup. If I had a large network or many users, I can imagine wanting more power: with a Power Mac or Xserve G5, I'd be able to take advantage of an OS that is optimized for the 64-bit CPU. For me, however, this would result in a depressingly, perpetually, low CPU load.
Initial Security Considerations
Out of the box, assuming no one has set up a rogue DHCP server on your network, Mac OS X Server is mostly secure: only SSH is on by default. As other services are turned on, more security concerns are created, because new security holes may be opened.
For the most part, the default configurations of the various services are secure, but that largely depends on your specific environment. Mac OS X Server is excellent at making advanced server configuration easier, but this ease of use comes with a price: you may be opening yourself up to attack. Mac users are often not used to the idea of making themselves vulnerable just by clicking checkboxes.
This may look like a Mac, and may be easy to use, but it is no substitute for having a real live sysadmin on hand to -- at the very least -- audit the security of the system. It'd be nice if Server included audit tools; I envision UI elements that warn you when you have conflicts, or when you've opened up a hole, or when you've violated predefined security policies. On the other hand, it would be more reliable to have a third-party system to do the audit, on basic principle. But that's so un-Mac-like.
Open
Tom Goguen, Director of Marketing for Mac OS X Server, says that Apple is 100% into using open standards and open source in the core operating system.
Mac OS X Server has always been largely based on open standards, but the Panther incarnation has gone even further. Gone are Apple's proprietary mail systems; they are replaced by postfix, mailman, and cyrus. Mostly gone is NetInfo; it is replaced by LDAP. Rendezvous, also an open system that others can plug into, is a bigger part of Server now: FTP, LPR, and web services are all announced via Rendezvous.
Of course, as always, Server -- just like Client -- is based on FreeBSD (now version 4.8, with some of 5.0 stirred in), and most of the Apple core OS itself is under the Apple Public Source License.
A Case for Case
New to Panther is case sensitivity in HFS+. For many years, Mac OS has used the HFS as its file system, which treated "Foo" and "foo" as the same file. Some years ago, HFS+ was introduced to overcome many of the limitations of HFS, but case sensitivity -- seen more as a usability feature than a limitation -- remained.
But in Unix, this certainly is a limitation for many people. "Makefile" vs. "makefile" and "head" vs. "HEAD" have caused many a headache for Mac OS X/Unix users. But now case sensitivity is a formatting option.
Because case insensitivity is still seen as a usability feature, this feature is not available by default on Client, although you could always connect your drive to a Server to format it. It is also possible, in theory, to format a drive with case sensitivity in Client using various tricks.
Setting it Up
My server is connected to my home network via a 100BaseT switch, to which is also connected a cable modem and an AirPort Extreme base station. My PowerBook G4/867 connects to the network via AirPort or the switch. My wife has an iBook G3/600, and I've got a PowerBook G3/400 in my stereo closet for playing MP3s. The PowerBook doesn't have internal AirPort, and instead is connected to another switch and another Extreme base station, configured to do WDS. I've also got the PS2 connected in there. Everything is running Panther Client (except for the PS2, last I checked).
Looking at the various services offered by Server, I can already see many things I want to set up: file sharing (Apple Filing Protocol, or AFP), DHCP for guests, DNS, FTP, SMTP, printing, and web. I have most of those already set up now, but I wouldn't mind if they were easier to configure and manage.
After surveying my situation, I installed Panther Server and took a look around.
The first thing I wanted to see was what my configuration options were. And lo, there in my Dock were not the expected iMovie, iTunes, iPhoto, and the like, but icons that a mouseover revealed to be representative of programs like Workgroup Manager, the aforementioned Server Monitor, and Server Admin.
Workgroup Manager uses a lot of terminology that is completely lost on me, and I am not managing any users, really. My wife doesn't need the file server -- we can exchange files via iChat, or I can copy them to her machine via scp -- and she keeps all her own files on her machine. We won't be using any print quotas. I do use Workgroup Manager to create some basic user accounts for friends, but I don't need any features more advanced than what is in Client.
Server Admin is what I want to sink my greedy little digits into. I opened it up, clicked the "add new server" button, typed in my server name ("Sweeney.local") and password, and started playing.
As I started looking around, I remembered that there was an extra CD in the distribution called Admin Tools. It allows you to install these tools on any Client machine, so you can manage the Server remotely. I want to go hang out in my La-Z-Boy while I configure my server, so I installed the tools on my PowerBook. Nifty.
Server Admin lists each machine and the services available to it, with an icon next to each describing its status. If you select a machine's name, you see several tabs: Overview, Logs, System, Graphs, Update, and Settings. Overview reports the system version, names, and dates. Under Logs, you can view the system log, watchdog log, etc. System reports what network interfaces and volumes are available. Graphs displays CPU and network use in pretty pictures. Update runs Software Update. Settings controls the system names, the date and time and timezone.
This is basic stuff, and each service is laid out in similar fashion. All of them have at least two tabs: Overview and Settings. Most also have a Logs tab. Some have other tabs like Connections, Graphs, Clients, Activity, Accounts, Queues, and Jobs.
The available services are AFP, Application Server, DHCP, DNS, Firewall, FTP, Mail, NAT, NetBoot, NFS, Open Directory, Print, QuickTime Streaming, VPN, Web, and Windows. Somewhat conspicuous in its absence, to me, is MySQL, which is included in Server, but doesn't have an interface in Server Admin.
Server Admin does have its problems. It will crash on occasion, but I see no evidence of my settings being corrupted, or any other lasting ill effects. Some of the lists are not sortable, though they appear to be: for example, the DNS zone listings are not sortable, even though clicking on the column headers indicate otherwise.
Also, it can be slow to update. This is understandable, but annoying. Logs don't refresh immediately, and when you hit reload, the wrong log is selected, instead of the current log being refreshed. When restarting services or viewing logs, I will sometimes use the command line tools, as they are more efficient; it would be nice if Server Admin would display the path to the log you are looking at, so you can easily find and tail it in a shell.
Sharing
Some of these services are available in a minimal form in Client, in Sharing under System Preferences: file sharing, Windows sharing, web, FTP, and printing. In Server, the Sharing preferences are still there, but contain only three items: Remote Login, Apple Remote Desktop, and Remote Apple Events. Remote Login is simple: it allows users to connect with ssh/scp, and can be turned on or off. The other two require, perhaps, a bit more explanation.
Apple Remote Desktop is a way for an admin to control client computers. Previously, the client was distributed only as part of the software package of the same name, but now the client is included with Panther. It is, of course, off by default, and once turned on, each machine must define what users have access to what resources (this can be done via the command line, too). I most commonly use ARD for controlling and viewing the screen of another computer, installing packages, and copying files.
Remote Apple Events has been in Mac OS for many years, since back in version 7-dot-something. It allows controlling "scriptable" Mac applications -- such as with AppleScript -- over the network. It used to run over AppleTalk, but now runs over plain old TCP/IP. Not many people make use of remote Apple events in my experience, but I use them often; for example, I have a Perl script that queries iTunes on a remote box, and sets the current track in iChat.
Windows
I don't use Windows, and therefore can't really test the new Windows integration in Panther Server. But from what I can tell, Apple has added quite a few improvements. Samba has been updated to version 3, and the lists of Unix and Windows users can be united via Directory Services. But I confess to a crippling ignorance and apathy about this small corner of the computing world. Sorry.
To Be Continued
Tomorrow, I'll get into the details of setting up the services I use on my network.
-
Copyrighted Haiku Delivers Spam Through Filters
An anonymous reader writes "Remember that antispam company that includes a copyrighted haiku (which I can't quote here due to copyright reasons...) in emails vouching for their nonspaminess and thus bypassing spamfilters? The idea is that a spammer using said haiku to get through spamfilters can be prosecuted under the more stringent copyright laws instead of the weaker antispam ones. Well it seems said haiku has lately been figuring in a large spam run trying to pitch the usual medical remedies for various unfortunate ailments. What do you think? Is it time to start filtering for haikus or will Habeas succeed in thwarting the spam attack?" We mentioned this brilliant anti-spam scheme last April.
-
What Was the Very First MP3 You Downloaded?
Anonymous Coward asks: "I was wondering whether people remember the very first MP3 file they ever downloaded. For me it was Cher's 1998 single 'Believe.' I was at work and, after reading an article about MP3s on CNET, I figured I'd give it a try. I think it's strange that I remember it so clearly. I mean, it's not like it was a first kiss or anything. I started out using WS FTP LE and Winamp. 1000s of MP3s later, WS FTP LE is a distant memory but Winamp is still my player of choice. What about you?"
-
Ed Fries Leaves Microsoft's Game Unit
jnguy writes "According to Reuters, Ed Fries, Microsoft's game studio head, has resigned. The last major person to leave Microsoft in this fashion was Seamus Blackley. I wonder if this has any other meaning - I've seen Fries at many of Microsoft's parties and launch events, and consider him one of the biggest figures in Xbox history." CNN Money has further information on Fries' departure, noting that "he plans to remain in the gaming industry", and commenting that he was "actively involved in the development and launch of the Xbox gaming system and oversaw the acquisition of several major game developers, including Bungie Software... and Rare." They also have comments from Fries himself, as he muses on his future: "I'm looking for a situation where I have a lot of freedom around the development of our products and the way those products come to market. I've had some of that to date, but not as much as I would like."
-
Paul Mockapetris On The Future of DNS
penciling_in writes "In a CircleID article called Letting DNS Loose, Paul Mockapetris, the inventor of DNS and Chief Scientist and Chairman of Nominum, gives a good indication of what is to be expected in the upcoming years when it comes to data riding on DNS: "RFID tags, UPC codes, International characters in email addresses and host names, and a variety of other identifiers could all go into DNS, and folks have occasionally proposed doing just that. It's really just a question of figuring out how to use the DNS -- it's ready to carry arbitrary identifiers." According to Paul, there are 40 or so data types to be added to DNS: "In fact the whole ENUM scheme is built out of classical DNS technology, and NAPTR is really just the latest data type to be added to the DNS. NAPTR is also just an extension of SRV, which was an extension of MX, which are DNS data types that Active Directory uses to start itself and the Internet uses to route each piece of mail." Paul also clarifies the recent BBC story previously discussed here on Slashdot."
-
Producing a Boxed Set?
Roger Cox asks: "You've probably seen them in the 'cheap cd' section at your local store. They are all over the place anymore. Box Sets. CDs/DVDs in a nicely designed 'box'. I happen to work for a music group overseas who has out 5 full length albums out in the US. With the band's permission I was given the ok to put the 5 releases in a box set format. Despite how readily available box sets appear to be at stores, where does one go online to get pricing for such a box. Almost an entire week of researching this with search engines has turned up nothing but junk. The problem is 'box' appears to be widely associated with cardboard shipping boxes, which also are available to be 'custom printed'. I figure if I can buy a 2 DVD box set of the Little Rascals at Walmart for $5.88, it should not be this hard to find a source to do the packaging. Any pointers?"
-
Nintendo - Stodgy, Not-So-Super Mario?
Thanks to the Washington Post for their article discussing Nintendo's current position in the console wars. Although many of the usual points are discussed (despite Sony and Microsoft's efforts at innovation in online gaming and elsewhere, Nintendo has "...stuck to a philosophy that people who buy and play video games enjoy the familiar and care little for such gimmickry"), the piece also points to possible failure in Nintendo's current tactics ("The company proclaimed that the Game Boy Advance would be a 'Trojan horse' for the GameCube - but that Trojan horse never opened because very few game designers have figured out cool ways to take advantage of that connectivity.") The article ends with an analyst's concern that "...the game console market might be starting to move beyond what Nintendo can deliver."
-
On The Untapped Potential Of Abstract Videogames
Thanks to the IGDA for their 'Ivory Tower' column discussing why abstract graphics and gameplay are often unfairly ignored when making today's videogames. The writer notes that: "Quite a few classic board games are fairly abstract in design, including Chess, Go, Scrabble, Checkers, and so on... it's what's at the core of the game that matters." He goes on to argue that "the figuring out of a game can be made as interesting as any puzzle the appears within the game itself", and references newer titles such as Rez and Frequency as carrying on the abstract aesthetic pioneered by games like Tempest and I, Robot.
-
Open Source Firm Releases Patch for IE Bug [UPDATED]
An anonymous reader writes "An open source and freeware software development web site has released a patch to fix the URL spoofing vulnerability in Internet Explorer, which can be exploited by scammers who try to trick people into revealing details of online banking accounts or other private information." Naturally, the source for the patch is available as well. Update: 12/19 15:06 GMT by M : Sadly, the patch appears to contain a buffer overflow and some possibly-malicious code - see an analysis and news story, and this comment which suggests the patch author is trying to figure out who is taking advantage of the original vulnerability. Caveat patcher.
- Saddam Hussein Arrested
-
Microsoft: Patches, Patches Everywhere!
Ridgelift writes "Even though Microsoft's recently announce they would not be issuing any new patches for the month of December, the boys at Redmond were scrambling today to figure out why some systems are being patched. The reason? They haven't got a clue."
-
Pretty Women Scramble Men's Sense Of The Future
Adam_Trask writes "Psychologists in Canada have finally proved what women have long suspected - men really are irrational enough to risk entire kingdoms to catch sight of a beautiful face." The methodology is not air-tight, but how many scientists figure out a way to use Am I Hot or Not at work? See also "Women Live Longer Because Men Are Dumb."
-
Funny Things You've Seen on Resumes?
noackjr asks: "Everyone wants a great job, but writing a quality resume requires creativity and a fair bit of work (we won't go into actually having the proper skills, qualifications, or experiences -- let's not cloud the issue). Alternatively, sprucing up your resume with a few choice pieces of quasi-truth might set you apart from other 'qualified' candidates (the HR person will never figure it out, right?). A friend from college included knowledge of 'C, C+, and C++' on his resume. He had worked in C and C++ and just figured there had to be a C+ as well (too bad he didn't list C+-). He ended up getting a $50,000+/yr job with a major US tech firm using that resume. Anyone else come across funny/pathetic attempts to improve a resume?"
-
Canadian Supreme Court To Define ISP Role
Ubergrendle writes "The CBC is reporting that the Canadian Supreme Court is hearing a case regarding copyright royalties and the responsibilities of ISPs both here and abroad. From the article: 'The people who represent Canadian artists say everyone who has a hand in transmitting recorded music is liable. "Creative people should be compensated for the use and exploitation of their music," said Paul Spurgeon, general counsel for the Society of Composers, Authors and Music Publishers of Canada. "We're obviously in a struggle right now trying to figure out the best techniques to ensure that they are compensated appropriately.'" This follows on the heels of the Canadian music industry asking that this case be heard. Given the trade relations, this case should have consequences far outside of Canada proper.
-
Star Wars Collectible Miniatures Game Revealed
Klytus writes "As seen at GamingReport.com: 'A disturbance in the force seems set to take hold next summer, as news of Wizards of the Coast's plans to release their Star Wars Collectible Miniatures Game has surfaced. To debut August of 2004, the first set is to include prepainted figures from the classic era of The Star Wars Saga (episodes IV, V, VI).' Now I have to make room amongst my SW action figures..." There's more info and some packaging shots on a messageboard thread at the Creation Matrix gaming site.
-
Game Consoles, Software Have Happy Thanksgiving
Thanks to Reuters for their report rounding up the sales figures reported for Thanksgiving by the major console makers. Nintendo announced "...it sold more than 500,000 units of its GameCube console during Thanksgiving week, roughly twice what it sold in the entire month of October", and Sony indicated "...the PS2 sold more than 1 million units in November, with sales of its $199 online-enabled Combo Pack doubling from October." Finally, Microsoft "...said year-over-year hardware sales for its second-place Xbox were up 7 percent during Thanksgiving week", with Halo sales peaking 435 percent after its price cut. Reuters also has a piece talking to software publishers, in which they're cautiously optimistic over "relatively strong" game sales.
-
Kids Game Takes Aim At Music Pirates
Thanks to the San Jose Mercury News for reprinting a report about an educational videogame company who've decided to theme their next title around music piracy. According to the piece, the developers, MGI, who are not being funded by the RIAA or any other music industry groups, "...had set out to create a game about the yo-ho-ho kind of pirates. But when [MGI] started researching the topic of piracy, they were overwhelmed with information about music copyrights." An official press release on the MGI site reveals: "Loosely based on the Treasure Island story, this new PC game will... caricature music piracy, embodied especially in the figure of Captain Bootleg." The nefarious Captain Bootleg has run off with the 'Music Treasure', and "...a young boy named Ma, top agent of the Funny Bureau of Investigations ('FBI'), who... carries a laptop, must find the Island and recover the Music Treasure."
-
Open Source Makes Waves In Africa
smarquard writes "Open source has arrived in Africa in a big way. Idlelo: First African Conference on the Digital Commons, in almost-the-southern-tip-of-Africa Cape Town from 11-15 Jan 04, has attracted a strong lineup of African OSS advocates, as well as international OSS and IPR figures like Richard Stallman (FSF), Loic Dachary (FSF France), Rishab Ghosh (Infonomics), Wendy Seltzer (EFF) and Dimo Calovski (UNCTAD). Could this be the turning point for a continent that least needs to be locked into paying inflated license fees to US corporations ? The conference is co-hosted by African OSS lobby group FOSSFA and the University of the Western Cape."
-
How Crackers View Themselves
prostoalex writes "Dr. Orly Turgeman Goldschmidt from Hebrew University of Jerusalem conducted a research to figure out if there any any differences between the classic computer vandal stereotypes and the real life. After surveying 54 Israeli repondents and using the term hacker gratuitously, Goldshmidt found out many computer vandals to be "young, well-educated men without a criminal record, who belong to the middle or upper class." 3 out of 54 respondents were women, some of the respondents were married and had children. Goldschmidt's survey seemed to include somewhat low-life representatives of computer security community, the type who goes on shopping sprees on stolen credit cards, so take the findings with a grain of salt."
-
More on the University of Florida
setzman writes "According to this article, the University of Florida has implemented a software program known as ICARUS (Integrated Control Application for Restricting User Services) to monitor student activities on the campus network. If a user downloads music or videos the system deems to be illegal, they will lose their connection and be punished by being forced to watch industry propaganda, lengthy suspensions of access, or even a written reprimand. Yet the system hasn't resulted in an increase in CD sales? Hmm... Maybe they will figure out another way to improve their failing business model?" We covered this some months ago but the Associated Press is just catching on.