[Fed-Talk] Re: Fed-talk Digest, Vol 5, Issue 21
[Fed-Talk] Re: Fed-talk Digest, Vol 5, Issue 21
- Subject: [Fed-Talk] Re: Fed-talk Digest, Vol 5, Issue 21
- From: "Court Kizer" <email@hidden>
- Date: Thu, 24 Jan 2008 14:04:06 -0800
VMware Fusion is 100% coded in the US. VMware is located in Palo Alto, California. I worked for VMware specifically on the Fusion project. Most of the Fusion team is ex-apple employees. The code used in Fusion has all been written here in California. VMware does have some offsite locations overseas but none that are working on the code for it's core products.
On Jan 24, 2008 12:07 PM, <
email@hidden> wrote:
Send Fed-talk mailing list submissions to
email@hidden
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.apple.com/mailman/listinfo/fed-talk
or, via email, send a message with subject or body 'help' to
email@hidden
You can reach the person managing the list at
email@hidden
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Fed-talk digest..."
Today's Topics:
1. Microsoft Office on HUP (Bojanower Chris Civ 75 CS/SCXH)
2. Re: Fusion and Parallels - which is the better buy (Allan Marcus)
3. Re: Setting Global Policy on Client - 'pwpolicy' (Allan Marcus)
4. Re: Leopard security config timeline? (Allan Marcus)
5. RE: Fusion and Parallels - which is the better buy (Mensch, Henry)
6. Re: Leopard security config timeline? (Todd Heberlein)
7. Re: Bluetooth vs. Security (Todd Heberlein)
8. Edward Tufte on iPhone interface (David Hale)
9. RE: Fusion and Parallels - which is the better buy
(Fairbanks, Lee (contr-ird))
10. Oberthur CAC + 10.5.1 (and 10.5.2 9C16) works! (gnat)
11. Re: Oberthur CAC + 10.5.1 (and 10.5.2 9C16) works!
(Michael Bender)
----------------------------------------------------------------------
Message: 1
Date: Wed, 23 Jan 2008 13:31:09 -0700
From: "Bojanower Chris Civ 75 CS/SCXH" <email@hidden>
Subject: [Fed-Talk] Microsoft Office on HUP
To: <email@hidden>
Message-ID:
<email@hidden">email@hidden
>
Content-Type: text/plain; charset="us-ascii"
I sent a note to the HUP via the AFMC contact last Friday, they sent
back saying they will have to get back to me with that info.
Hopefully soon
Chris Bojanower
75 CS/SCXH
Hill AFB, UT
(801) 586-8324
DSN 586-8324
ITIL Foundation Certified
------------------------------
Message: 2
Date: Wed, 23 Jan 2008 16:28:42 -0700
From: Allan Marcus <email@hidden>
Subject: Re: [Fed-Talk] Fusion and Parallels - which is the better buy
To: "email@hidden
Talk" <email@hidden>
Message-ID: <email@hidden">email@hidden
>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
if it matters, Parallels is a Russian company and VMWare is a USA
company. VMWare uses Indian programmer in India (I think), whereas
SWSoft uses Russian programmers in, you guessed it, Russia. If this
is a rick or factor in your decision, you will need to decide.
Personally, I find VMWare more stable and less prone to hose my
Windows install, especially bootcamp.
---
Thanks,
Allan Marcus
505-667-5666
On Dec 19, 2007, at 10:50 AM, Hare, Lawrence CTR USA USAMC wrote:
> I have been using Parallels all year, an old version 1.something
> binary that has worked fine for me, no problems at all. Now I have
> upgraded to Leopard I find that it still works fine on my MacBook
> Pro but blow up instantly on my MacMini I have at home. I am so
> behind the curve on versions I am not too surprised.
>
> However, a good friend is using Fusion - after using Parallels -
> and he is gung-ho on the superiority of it.
>
> Does anyone have any thoughts on the subject?
>
> And - I cannot find an answer to this one - does anyone know if the
> Fusion license allows me to have a copy on my desktop machine and
> on my laptop? I use one or the other at a time, never both, and no
> one else does - dare not - touch any of my Macs...
>
> Thanks - Lawrence
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
email@hidden
------------------------------
Message: 3
Date: Wed, 23 Jan 2008 16:36:58 -0700
From: Allan Marcus <email@hidden>
Subject: Re: [Fed-Talk] Setting Global Policy on Client - 'pwpolicy'
To: Peter Link <email@hidden>
Cc: email@hidden
Message-ID: <email@hidden">
email@hidden>
Content-Type: text/plain; charset=WINDOWS-1252; delsp=yes;
format=flowed
The best I can come up with for Leopard is:
pwpolicy -n /Local/Default -setglobalpolicy "minChars=8
requiresAlpha=1 requiresNumeric=1 passwordCannotBeName=1
Note: The pwpolicy is not enforced if you are an admin resetting a
password for a non-admin. Also, there is a bug if you are an admin
setting the password for yourself: if you set it to a too short
password your will get a notification that the pw is too short, but
it makes the change nonetheless! This has been reported to Apple
(Enterprise support ticket 314128).
---
Thanks,
Allan Marcus
505-667-5666
On Dec 5, 2007, at 10:26 AM, Peter Link wrote:
> Shawn,
> Thank you for the information but the man page for pwpolicy on
> 10.5.1 needs to be updated (11/13/2002 for OSX Server) as does the
> recently released Command_Line_Admin_v10.5.pdf (11/26/07) manual.
> The new manual seems to only address using this command to access a
> remote Mac and doesn't list the syntax for a local Mac as you
> described below.
> I asked in a separate email which of the settings actually work on
> a Leopard client since there were limitations on the Tiger client.
> I believe all settings work on an OSX server when using managed
> clients but not everything worked on a Tiger standalone client. I
> would like someone else to test this since I hosed Tiger systems
> using too many settings.
>
> Thanks.
>
> At 2:30 PM -0500 11/25/07, Shawn A. Geddis wrote:
>> On Nov 19, 2007, at 10:50 AM, Michael wrote:
>>> On Nov 16, 2007, at 12:29 PM, James Alcasid wrote:
>>>
>>>> By default their are no global policy defaults for passwords on
>>>> MacOSX
>>>> Client and Server.
>>>>
>>>> For what you are trying to accomplish check the man pages on
>>>> pwpolicy.
>>>>
>>>> What you are trying to accomplish might look something like this
>>>> as an
>>>> example:
>>>>
>>>> sudo pwpolicy - a the_dmin_username -setglobalpolicy "minChars=8
>>>> maxMinutesUntilChangePassword=129600"
>>>
>>> Has anyone figured out how to get this to work in OS X 10.5
>>> without having OS X Server. Server based password control is a no-
>>> go when you have laptops and other machines not permanently
>>> connected to the network. Every other OS handles this just fine.
>>>
>>> Michael
>>
>>
>> Michael,
>>
>> You do not need Mac OS X Server for this to work. The 'pwpolicy'
>> command was brought over from OS X Server to OS X to meet
>> requirements for Common Criteria Certification.
>>
>> If you just issue the pwpolicy on Mac OS X without the nodename
>> then you will get the error that password server is not configured.
>>
>> $ sudo pwpolicy -getglobalpolicy
>> password server is not configured.
>>
>> Problem is that you need to provide the local nodename for the
>> local domain on the client.
>>
>> On Mac OS X 10.4: /NetInfo/DefaultLocalNode
>> On Mac OS X 10.5: /Local/Default
>>
>> To display the Global Policy Settings...
>>
>> $ sudo pwpolicy -n /Local/Default -getglobalpolicy
>>
>> usingHistory=0 canModifyPasswordforSelf=1 usingExpirationDate=0
>> usingHardExpirationDate=0 requiresAlpha=0 requiresNumeric=0
>> expirationDateGMT=12/31/69 hardExpireDateGMT=12/31/69
>> maxMinutesUntilChangePassword=0 maxMinutesUntilDisabled=0
>> maxMinutesOfNonUse=0 maxFailedLoginAttempts=0 minChars=0
>> maxChars=0 passwordCannotBeName=0 requiresMixedCase=0
>> requiresSymbol=0 newPasswordRequired=0
>> minutesUntilFailedLoginReset=0 notGuessablePattern=0
>>
>>
>> For example, Set the Global Policy Setting for 'minChars'
>>
>> $ sudo pwpolicy -n /Local/Default -setglobalpolicy "minChars=5"
>>
>>
>> The instructions within the man page and the CC_AdminGuide are
>> still accurate **IF** you use the correct nodename to reflect
>> which OS version you are running on as I noted earlier in this
>> message:
>>
>> On Mac OS X 10.4: /NetInfo/DefaultLocalNode
>> On Mac OS X 10.5: /Local/Default
>>
>>
>> - Shawn
>> _____________________________________________________
>> Shawn Geddis • Security Consulting Engineer • Apple Enterprise
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Fed-talk mailing list (email@hidden)
>> Help/Unsubscribe/Update your Subscription:
email@hidden
>
>
> --
> Peter Link
> Cyber Security Analyst
> Cyber Security Program
> Lawrence Livermore National Laboratory
> PO Box 808, L-315
> Livermore, CA 94550
> email@hidden
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (
Date: Wed, 23 Jan 2008 16:46:24 -0700
From: Allan Marcus <email@hidden>
Subject: Re: [Fed-Talk] Leopard security config timeline?
To: Rex Sanders <
email@hidden>
Cc: Fed Talk <email@hidden>
Message-ID: <email@hidden">email@hidden
>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
It appears that the Center for Internet Security will be working on
their Leopard document soon. I've spoken with them and they will be
basing their document on the Apple/Tiger Document with additional
input from system admins/security professionals that have Leopard
experience.
---
Thanks,
Allan Marcus
505-667-5666
On Dec 17, 2007, at 2:00 PM, Rex Sanders wrote:
> Anybody have any idea when the NSA/Apple security guidelines for
> Leopard
> will be released?
>
> Many of us are independently writing STIGs once again. I hope we
> won't see
> the long delays we saw for Tiger.
>
> Solaris 10 has been out for over a year with no NSA guidelines yet.
>
> -- Rex
>
>
>
http://www.fcw.com/online/news/150875-1.html
>
> Secure desktops not just for Vista
> By Jason Miller
> Published on November 26, 2007
>
> The Office of Management and Budget has told agencies that use
> Microsoft
> Windows XP or Vista to begin using the government's approved secure
> desktop
> configuration by February 2008, but it hinted that the Windows
> operating
> system was only the beginning of a more extensive program.
>
> ...
>
> Now NSA is developing standard configurations for Sun's Solaris 10 and
> Apple's Leopard operating systems.
>
> ...
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
email@hidden
------------------------------
Message: 5
Date: Wed, 23 Jan 2008 16:11:50 -0800
From: "Mensch, Henry" <email@hidden
>
Subject: RE: [Fed-Talk] Fusion and Parallels - which is the better buy
To: "Allan Marcus" <email@hidden>, <email@hidden
>
Message-ID:
<email@hidden">email@hidden>
Content-Type: text/plain; charset="us-ascii"
I thought this was beaten to death late last month, but I guess not. You
will be hard-pressed to find commercially-produced software product that is
created entirely in the US (even when there's a US company involved). EMC
(which is based in Massachusetts, owners of VMWare) do it, Microsoft does
it, Oracle does it, ...
Better to spend time determining if one product or the other is going to do
the job for you, IMHO.
--
Henry Mensch / Storage Manager
Center for Imaging of Neurodegenerative Diseases
VA Medical Center, San Francisco CA USA
v: +1.415.221.4810 x2466 / f: +1.415.668.2864
e:
email@hidden
w: http://www.cind.research.va.gov/
-----Original Message-----
From: fed-talk-bounces+henry.mensch=
email@hidden
[mailto:fed-talk-bounces+henry.mensch=email@hidden] On Behalf Of
Allan Marcus
Sent: Wednesday, January 23, 2008 3:29 PM
To: email@hidden Talk
Subject: Re: [Fed-Talk] Fusion and Parallels - which is the better buy
if it matters, Parallels is a Russian company and VMWare is a USA
company. VMWare uses Indian programmer in India (I think), whereas
SWSoft uses Russian programmers in, you guessed it, Russia. If this
is a rick or factor in your decision, you will need to decide.
Personally, I find VMWare more stable and less prone to hose my
Windows install, especially bootcamp.
---
Thanks,
Allan Marcus
505-667-5666
On Dec 19, 2007, at 10:50 AM, Hare, Lawrence CTR USA USAMC wrote:
> I have been using Parallels all year, an old version
1.something
> binary that has worked fine for me, no problems at all. Now I have
> upgraded to Leopard I find that it still works fine on my MacBook
> Pro but blow up instantly on my MacMini I have at home. I am so
> behind the curve on versions I am not too surprised.
>
> However, a good friend is using Fusion - after using Parallels -
> and he is gung-ho on the superiority of it.
>
> Does anyone have any thoughts on the subject?
>
> And - I cannot find an answer to this one - does anyone know if the
> Fusion license allows me to have a copy on my desktop machine and
> on my laptop? I use one or the other at a time, never both, and no
> one else does - dare not - touch any of my Macs...
>
> Thanks - Lawrence
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5909 bytes
Desc: not available
Url :
http://lists.apple.com/mailman/private/fed-talk/attachments/20080123/1531d510/smime-0001.bin
------------------------------
Message: 6
Date: Wed, 23 Jan 2008 16:47:00 -0800
From: Todd Heberlein <
email@hidden>
Subject: Re: [Fed-Talk] Leopard security config timeline?
To: Allan Marcus <email@hidden>, Fed Talk <
email@hidden>
Message-ID: <email@hidden">email@hidden>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
> It appears that the Center for Internet Security will be working on
> their Leopard document soon. I've spoken with them and they will be
> basing their document on the Apple/Tiger Document with additional
> input from system admins/security professionals that have Leopard
> experience.
They should check with Apple to get an estimated timeline for when
the auditing subsystem for Leopard will be available. It might make
sense to wait until this piece is in place (if it isn't too far in
the future) before they publish anything.
Todd
------------------------------
Message: 7
Date: Wed, 23 Jan 2008 17:08:45 -0800
From: Todd Heberlein <email@hidden>
Subject: Re: [Fed-Talk] Bluetooth vs. Security
To: Fed Talk <email@hidden
>
Message-ID: <email@hidden">email@hidden>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
On Jan 22, 2008, at 8:42 AM, Michael wrote:
> Looking for experiences/references on when Bluetooth should be (in
> federal or DoD agencies that is):
Outside of any official policy or rules by a govt or corporation,
IMHO any unneeded service should be turned off. I remember the days
when UNIX systems would ship with dozen of servers turned on by
default (anyone remember the '+' in the hosts.equiv file for SunOS
and all the r* servers turned on?!), and this led to so many security
penetrations.
Todd
------------------------------
Message: 8
Date: Wed, 23 Jan 2008 23:39:45 -0500
From: David Hale <email@hidden>
Subject: [Fed-Talk] Edward Tufte on iPhone interface
To: email@hidden
Message-ID: <email@hidden">email@hidden
>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
High praise from the master. If you get the chance to attend his one
day courses do it. Easily the best one day training session I have
ever attended. You will never look at a chart or information graphic
the same way.
http://www.edwardtufte.com/bboard/q-and-a-fetch-msg?msg_id=00036T&topic_id=1
------------------------------
Message: 9
Date: Thu, 24 Jan 2008 11:24:03 -0500
From: "Fairbanks, Lee (contr-ird)" <email@hidden
>
Subject: RE: [Fed-Talk] Fusion and Parallels - which is the better buy
To: "Mensch, Henry" <email@hidden>, Allan Marcus
<
email@hidden>, "email@hidden"
<email@hidden>
Message-ID:
<email@hidden">email@hidden>
Content-Type: text/plain; charset="us-ascii"
I assume most people know that software design is a global industry, but it still is a relevant topic for those of us in the DoD space. Right or wrong, many DoD agencies have ownership restrictions for software purchases. I realize that does not apply to everyone on the Fed Talk list, but it does apply to some of us.
-lee
-----Original Message-----
From: fed-talk-bounces+lee.fairbanks.ctr=email@hidden [mailto:
fed-talk-bounces+lee.fairbanks.ctr=email@hidden] On Behalf Of Mensch, Henry
Sent: Wednesday, January 23, 2008 7:12 PM
To: Allan Marcus; email@hidden
Subject: RE: [Fed-Talk] Fusion and Parallels - which is the better buy
I thought this was beaten to death late last month, but I guess not. You will be hard-pressed to find commercially-produced software product that is created entirely in the US (even when there's a US company involved). EMC (which is based in Massachusetts, owners of VMWare) do it, Microsoft does it, Oracle does it, ...
Better to spend time determining if one product or the other is going to do the job for you, IMHO.
--
Henry Mensch / Storage Manager
Center for Imaging of Neurodegenerative Diseases VA Medical Center, San Francisco CA USA
v: +1.415.221.4810 x2466 / f: +1.415.668.2864
e: email@hidden
w: http://www.cind.research.va.gov/
-----Original Message-----
From: fed-talk-bounces+henry.mensch=email@hidden
[mailto:
fed-talk-bounces+henry.mensch=email@hidden] On Behalf Of Allan Marcus
Sent: Wednesday, January 23, 2008 3:29 PM
To: email@hidden Talk
Subject: Re: [Fed-Talk] Fusion and Parallels - which is the better buy
if it matters, Parallels is a Russian company and VMWare is a USA company. VMWare uses Indian programmer in India (I think), whereas SWSoft uses Russian programmers in, you guessed it, Russia. If this is a rick or factor in your decision, you will need to decide.
Personally, I find VMWare more stable and less prone to hose my Windows install, especially bootcamp.
---
Thanks,
Allan Marcus
505-667-5666
On Dec 19, 2007, at 10:50 AM, Hare, Lawrence CTR USA USAMC wrote:
> I have been using Parallels all year, an old version 1.something
> binary that has worked fine for me, no problems at all. Now I have
> upgraded to Leopard I find that it still works fine on my MacBook Pro
> but blow up instantly on my MacMini I have at home. I am so behind the
> curve on versions I am not too surprised.
>
> However, a good friend is using Fusion - after using Parallels - and
> he is gung-ho on the superiority of it.
>
> Does anyone have any thoughts on the subject?
>
> And - I cannot find an answer to this one - does anyone know if the
> Fusion license allows me to have a copy on my desktop machine and on
> my laptop? I use one or the other at a time, never both, and no one
> else does - dare not - touch any of my Macs...
>
> Thanks - Lawrence
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden
This email sent to email@hidden
------------------------------
Message: 10
Date: Thu, 24 Jan 2008 13:09:28 -0500
From: gnat <
email@hidden>
Subject: [Fed-Talk] Oberthur CAC + 10.5.1 (and 10.5.2 9C16) works!
To: email@hidden
Message-ID: <email@hidden">
email@hidden>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Hello,
Thursby has a new beta driver (
http://www.thursby.com/beta/afc-beta.html
) that allows the new Oberthur cards to work with the SCR 331 readers.
We have confirmed this works on both 10.5.1 and up to 9C16 of 10.5.2.
The one caveat was that after installing it did not ask to reboot the
system, and the card still did not work until after the system was
rebooted.
I can now sign, encrypt, and decrypt messages in Mail and use it for
CAC protected sites via Safari.
-dave whittle
------------------------------
Message: 11
Date: Thu, 24 Jan 2008 13:55:16 -0500
From: Michael Bender <email@hidden>
Subject: Re: [Fed-Talk] Oberthur CAC +
10.5.1 (and 10.5.2 9C16) works!
To: gnat <email@hidden>
Cc: email@hidden
Message-ID: <email@hidden">
email@hidden>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Hi Dave,
Thanks for that information! I'm hoping though that 10.5.2 fixes the
built-in
support since I'm really not too keen on purchasing software just to
be able
to read my CAC card
- Mike Bender, NAWCTSD Orlando
On Jan 24, 2008, at 1:09 PM, gnat wrote:
> Hello,
> Thursby has a new beta driver (http://www.thursby.com/beta/afc-beta.html
> ) that allows the new Oberthur cards to work with the SCR 331
> readers. We have confirmed this works on both 10.5.1 and up to 9C16
> of 10.5.2.
>
> The one caveat was that after installing it did not ask to reboot
> the system, and the card still did not work until after the system
> was rebooted.
>
> I can now sign, encrypt, and decrypt messages in Mail and use it
> for CAC protected sites via Safari.
>
> -dave whittle
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
email@hidden
------------------------------
_______________________________________________
Fed-talk mailing list
email@hidden
http://lists.apple.com/mailman/listinfo/fed-talk
End of Fed-talk Digest, Vol 5, Issue 21
***************************************
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden