I managed a deployment of roughly 800 Macs across the campus of a large university using Radmind. I've also managed the campus Linux, Solaris and OpenBSD kerberos servers, web servers and file servers with the same software. Radmind's learning curve is a little steeper at first, but it's one of the most flexible deployment options out there once you get the hang of it.
Radmind's not really a competitor with tools like NetRestore. When used correctly, NetRestore is great for total reimaging of deployed hardware: nothing beats a block-copy installation for speed. Where NetRestore falls down is when dealing with deployment entropy. After imaging, the machine is in an unknown state ("post-image"), and the only way to be sure all machines are in the same state is to blow away the entire disk and reimage, usually at a cost of gigabytes of bandwidth per machine.
This is where Radmind excels. It's basically a tripwire with software deployment and roll back, all based on the differences between what should be installed and what's actually on the disk. The core utility, fsdiff, looks at all files and directories designated as managed by the administrator and generates a list of differences. You can capture those changes as a loadset and upload them to the Radmind server for deployment to other machines, or you can undo any changes detected by fsdiff and restore the client to a known good state.
The great thing about this method of management is that there's minimal bandwidth used. If fsdiff detects no changes on the filesystem, there's no reason to download anything: your system is in a known good state. On the other hand, it makes deploying Apple's system and security updates pretty damn easy. Grab the updater from Apple's website, install, and run the Radmind tools to capture the changes. Store the changes on the server, add the new loadset to your machines' profile (command file), and let your clients pull down the changes.
The Radmind community is very helpful. Most questions to the mailing list (hosted on SF.net, Google groups mirror here) are answered very quickly, and people are eager to share details about local setups and scripting solutions. A typical setup for a Radmind-managed Mac OS X client usually involves a few possible methods for initiating updates, most of which involve iHook as the UI:
Check for updates on Radmind server during logout, update client if found.
Run a nightly tripwire regardless of updates from server.
Run a Radmind update during boot if a special flag file is found on the disk.
Since we relied on students to help run our labs, we also deployed a special, unprivileged local user account, whom the students could log in as. This also triggered a Radmind update. And of course you can trigger updates over ssh (which works well in combination with something like pdsh).
We combined Radmind with NetBoot for rapid, consistent deployments. Once the hardware was in place and on the network, we netbooted, used ASR to install a minimum and relatively recent system, and let Radmind bring everything up to date, including per-host license files and location specific software.
Radmind's not perfect. It manages at the file level. If you want something to manage, say, config files on a line-by-line basis, Radmind isn't going to fit the bill (yet). Generally speaking, though, Radmind manages Mac OS X with ease. Once you've got Radmind managing your Macs, you'll find you have a lot of extra time to do interesting things instead of troubleshooting problems brought on by stale deployments.
The Radmind wiki is a decent place to start looking. Good luck.
Radmind: http://radmind.org/. Radmind's is designed for this purpose exactly. It's a tripwire with the ability to roll back changes, or capture them and store them for deployment to other systems.
Recovering from this sort of sabotage, and from the setuid root/bin/sh trick described in another reply to the parent, is easy when you're managing the system with radmind.
radmind detects changes to files (size, modtime and optionally checksum), owner, group and mode. The administrator then has the option to reverse those changes, or capture them and apply them elsewhere.
He claims to take care of the issue of privacy by removing all personal information from the files:
"There are things we have in place to ensure security and patient confidentiality. There are rules to go by. It's not the tools that pose a security risk -- it's the users. The software has a function that enables the physician to strip the image of any personal data that identifies the person, like their name, their date of birth etc. As long as that is done then it is a secure, anonymous system."
The Mighty Mouse is obviously not ideal. I've seen comments describing it as "very 1995" due to the fact that it has a cord. It's a first pass at making a mouse acceptable for novice and advanced user alike, and it necessarily follows that there will be shortcomings. What's more important, in my view, is that Apple is lowering yet another traditional barrier to adoption of the Mac. The MM can be seen as another in a series of moves from Cupertino that fly in the face of Apple conventional wisdom. First Apple introduces a $500 machine, largely removing the argument that Apple's hardware is too expensive for general consumption. Next they announce the impossible, a shift to Intel-based systems, improving the chances of cheaper hardware and eliminating the PPC v. x86 MHz controversy. Now they have a multi-button mouse.
One by one, they're resolving issues that vocal so-called "professional" users have used to criticize Apple for years.
This article is thin on everything. In fact, it's little more than a mutated form of the inevitable discussions of increased "snappiness" that occur every time Apple updates either hardware or system software. The information in the article is all vague: "as little as 10 seconds," "It's fast," etc. Most ludicrous of all is the claim that the PPC build of Firefox runs just as quickly on the x86 Mac as it does on native hardware. Bollocks, sez I. Rosetta's nice, but it's no replacement for native and never will be. Like Classic, it's value will diminish with time. It's intended to ease a transition, in this case to universal binaries. When Apple deems that transition complete, Rosetta will, I think, be deprecated, if not abandoned altogether, barring any decisions in Cupertino to switch to, say, sparc.
I've got access to a Mactel dev box, and the performance is good, but it's not so much better as to be revelatory. Compiling the source for several projects I work on is faster on the dual G5 2GHz machine than the Mactel (gcc4 on both machines). While not a great measure of performance, at least it's tangible. Of course, if you prefer to accept the nebulous claims from one of several notorious Mac rumor sites, be my guest.
If you move 3) anywhere else in the list, the project will suffer. Once you've got the project working and have people reading the code, you'll begin, in my experience, to get contributions that help with 3). Writing code that attempts to outsmart or to pass hints to the compiler can easily lead to a violation of the goal order above.
From Microsoft's music store FAQ:
If you are an iPod owner already and unhappy about this policy, you are welcome to send feedback to Apple requesting that they change their interoperability policy.source
In the same FAQ answer, Microsoft offers a workaround for getting music purchased from the MSN store on to your iPod:
[I]t is still possible to transfer MSN Music downloads to an iPod, but it will require some extra effort. To transfer MSN-downloaded music to an iPod, you need to first create a CD with the music, and then you need to import that CD into iTunes.
I appreciate how open Microsoft is to defeating their own DRM.
Apparently a computer science degree doesn't guarantee you'll be able to communicate with, say, the rest of the literate world. I'm sure your narrowly-focused education will serve you well as unimaginative code monkey, but just because you're uncurious about things beyond the scope of your computer monitor doesn't mean they don't exist or aren't important.
The "Arts" and literature requirements are often unreasonably obtuse and pervading, and can eat up a lot of time better spent doing.... anything.
Just remember, cheat all you can, then create a free-trial on turnitin.com, and check to see if it picks any cheating up. If so, edit, repeat, until it comes out clean. Works EVERY time.
Ah. Got it. That time wasted on learning things is better spent...cheating.
If you have to do a report on 'Ulysses' it takes a bit more than a few hours just to read the book - let along [sic] understand enough to do a reasonable paper on it.
Of course it does, but arguably the pay off for the work you put in is much higher. The attitude that university work is merely something to slog through confuses me. You're not required by law to continue your education beyond high school. In fact, you've made the choice to go to a university or college, and you've selected your class list. If you find the material tedious enough that you have to cheat to simply to get through it, why are you there?
Is there any progress on a kerberos authentication plugin? I'm managing several hundred lab machines, and our campus uses kerberos. Thunderbird would be the ideal cross-platform (Mac, Linux, Win) mail client, since users would have the same experience regardless of platform. Until there's kerberos support, I can't point to Thunderbird as a solution for my users.
Slashdot Mirror
Jesus, what's next? Writers criticizing writers?
I managed a deployment of roughly 800 Macs across the campus of a large university using Radmind. I've also managed the campus Linux, Solaris and OpenBSD kerberos servers, web servers and file servers with the same software. Radmind's learning curve is a little steeper at first, but it's one of the most flexible deployment options out there once you get the hang of it.
Radmind's not really a competitor with tools like NetRestore. When used correctly, NetRestore is great for total reimaging of deployed hardware: nothing beats a block-copy installation for speed. Where NetRestore falls down is when dealing with deployment entropy. After imaging, the machine is in an unknown state ("post-image"), and the only way to be sure all machines are in the same state is to blow away the entire disk and reimage, usually at a cost of gigabytes of bandwidth per machine.
This is where Radmind excels. It's basically a tripwire with software deployment and roll back, all based on the differences between what should be installed and what's actually on the disk. The core utility, fsdiff, looks at all files and directories designated as managed by the administrator and generates a list of differences. You can capture those changes as a loadset and upload them to the Radmind server for deployment to other machines, or you can undo any changes detected by fsdiff and restore the client to a known good state.
The great thing about this method of management is that there's minimal bandwidth used. If fsdiff detects no changes on the filesystem, there's no reason to download anything: your system is in a known good state. On the other hand, it makes deploying Apple's system and security updates pretty damn easy. Grab the updater from Apple's website, install, and run the Radmind tools to capture the changes. Store the changes on the server, add the new loadset to your machines' profile (command file), and let your clients pull down the changes.
The Radmind community is very helpful. Most questions to the mailing list (hosted on SF.net, Google groups mirror here) are answered very quickly, and people are eager to share details about local setups and scripting solutions. A typical setup for a Radmind-managed Mac OS X client usually involves a few possible methods for initiating updates, most of which involve iHook as the UI:
Since we relied on students to help run our labs, we also deployed a special, unprivileged local user account, whom the students could log in as. This also triggered a Radmind update. And of course you can trigger updates over ssh (which works well in combination with something like pdsh).
We combined Radmind with NetBoot for rapid, consistent deployments. Once the hardware was in place and on the network, we netbooted, used ASR to install a minimum and relatively recent system, and let Radmind bring everything up to date, including per-host license files and location specific software.
Radmind's not perfect. It manages at the file level. If you want something to manage, say, config files on a line-by-line basis, Radmind isn't going to fit the bill (yet). Generally speaking, though, Radmind manages Mac OS X with ease. Once you've got Radmind managing your Macs, you'll find you have a lot of extra time to do interesting things instead of troubleshooting problems brought on by stale deployments.
The Radmind wiki is a decent place to start looking. Good luck.
Radmind: http://radmind.org/. Radmind's is designed for this purpose exactly. It's a tripwire with the ability to roll back changes, or capture them and store them for deployment to other systems.
Recovering from this sort of sabotage, and from the setuid root /bin/sh trick described in another reply to the parent, is easy when you're managing the system with radmind.
radmind detects changes to files (size, modtime and optionally checksum), owner, group and mode. The administrator then has the option to reverse those changes, or capture them and apply them elsewhere.
He claims to take care of the issue of privacy by removing all personal information from the files:
"There are things we have in place to ensure security and patient confidentiality. There are rules to go by. It's not the tools that pose a security risk -- it's the users. The software has a function that enables the physician to strip the image of any personal data that identifies the person, like their name, their date of birth etc. As long as that is done then it is a secure, anonymous system."
The Mighty Mouse is obviously not ideal. I've seen comments describing it as "very 1995" due to the fact that it has a cord. It's a first pass at making a mouse acceptable for novice and advanced user alike, and it necessarily follows that there will be shortcomings. What's more important, in my view, is that Apple is lowering yet another traditional barrier to adoption of the Mac. The MM can be seen as another in a series of moves from Cupertino that fly in the face of Apple conventional wisdom. First Apple introduces a $500 machine, largely removing the argument that Apple's hardware is too expensive for general consumption. Next they announce the impossible, a shift to Intel-based systems, improving the chances of cheaper hardware and eliminating the PPC v. x86 MHz controversy. Now they have a multi-button mouse.
One by one, they're resolving issues that vocal so-called "professional" users have used to criticize Apple for years.
Damn it: "Like Classic, *its* value...." Grammar police.
This article is thin on everything. In fact, it's little more than a mutated form of the inevitable discussions of increased "snappiness" that occur every time Apple updates either hardware or system software. The information in the article is all vague: "as little as 10 seconds," "It's fast," etc. Most ludicrous of all is the claim that the PPC build of Firefox runs just as quickly on the x86 Mac as it does on native hardware. Bollocks, sez I. Rosetta's nice, but it's no replacement for native and never will be. Like Classic, it's value will diminish with time. It's intended to ease a transition, in this case to universal binaries. When Apple deems that transition complete, Rosetta will, I think, be deprecated, if not abandoned altogether, barring any decisions in Cupertino to switch to, say, sparc.
I've got access to a Mactel dev box, and the performance is good, but it's not so much better as to be revelatory. Compiling the source for several projects I work on is faster on the dual G5 2GHz machine than the Mactel (gcc4 on both machines). While not a great measure of performance, at least it's tangible. Of course, if you prefer to accept the nebulous claims from one of several notorious Mac rumor sites, be my guest.
1) Make it go
2) Make it readable
3) Make it fast
If you move 3) anywhere else in the list, the project will suffer. Once you've got the project working and have people reading the code, you'll begin, in my experience, to get contributions that help with 3). Writing code that attempts to outsmart or to pass hints to the compiler can easily lead to a violation of the goal order above.
From Microsoft's music store FAQ: If you are an iPod owner already and unhappy about this policy, you are welcome to send feedback to Apple requesting that they change their interoperability policy. source
Does this remind anyone else of Real's recent petition to whip up public opinion against Apple?
In the same FAQ answer, Microsoft offers a workaround for getting music purchased from the MSN store on to your iPod:
[I]t is still possible to transfer MSN Music downloads to an iPod, but it will require some extra effort. To transfer MSN-downloaded music to an iPod, you need to first create a CD with the music, and then you need to import that CD into iTunes.
I appreciate how open Microsoft is to defeating their own DRM.
Sigh.
.... anything.
obtuse
pervade
Apparently a computer science degree doesn't guarantee you'll be able to communicate with, say, the rest of the literate world. I'm sure your narrowly-focused education will serve you well as unimaginative code monkey, but just because you're uncurious about things beyond the scope of your computer monitor doesn't mean they don't exist or aren't important.
The "Arts" and literature requirements are often unreasonably obtuse and pervading, and can eat up a lot of time better spent doing
Just remember, cheat all you can, then create a free-trial on turnitin.com, and check to see if it picks any cheating up. If so, edit, repeat, until it comes out clean. Works EVERY time.
Ah. Got it. That time wasted on learning things is better spent...cheating.
If you have to do a report on 'Ulysses' it takes a bit more than a few hours just to read the book - let along [sic] understand enough to do a reasonable paper on it.
Of course it does, but arguably the pay off for the work you put in is much higher. The attitude that university work is merely something to slog through confuses me. You're not required by law to continue your education beyond high school. In fact, you've made the choice to go to a university or college, and you've selected your class list. If you find the material tedious enough that you have to cheat to simply to get through it, why are you there?
Is there any progress on a kerberos authentication plugin? I'm managing several hundred lab machines, and our campus uses kerberos. Thunderbird would be the ideal cross-platform (Mac, Linux, Win) mail client, since users would have the same experience regardless of platform. Until there's kerberos support, I can't point to Thunderbird as a solution for my users.