Apple Mac Exclusion
 

Just ran across another instance of Apple exclusion. Halifax has three large hospitals, the newest of which is only a few years old. A surgeon there told me this morning (follow-up on a finger broken a month ago, now healed) that he was not permitted to use his Mac laptop on the hospital system because the ITs would only clear machines running Norton AntiVirus. The subject came up because he was extolling the potential value of the iPad in a hospital environment. No amount of argument with IT vis-à-vis OS X's relative safety was convincing: it's Norton or you're not allowed on. Yet another constipated IT section.

IT PC Morons !

Brilliant! You have to waste time & money on crappy software, but they'll tell you they "standardized" on Windows because it's cost effective.
:rolleyes:

They can only get away with this crap because upper management has no idea how much money they're wasting.

The ICT Risk Assessment probably done by a "consultant" on the Norton payroll and with no idea about anything but Windows. I am open ie. support Linux, Windows, Mac , EXCH , Zimbra and MobileMe and fit the product to the job not limit options to one platform and one solution...

This kind of ignorant attitude is increasingly rare, and it only stems from a poor hiring process. Clearly the director of IT is clueless beyond Windows, else he/she would override any half-baked "consultant" report. Sadly, beyond writing a letter to said director, and perhaps the CEO, you aren't likely to see any action whatsoever unless the director's action/inaction directly and obviously ends up costing unforeseen amounts of money. Which could actually happen.

If you do write a letter (and that's a letter, not an email), make sure to include some hard facts, case studies, cost analysis, etc..

Could be a legal paranoia issue. Their lawyer might have said "If a virus gets into the medical network every patient in the building will sue you out of business so you better have some kind of consistent virus policy like making sure no PC gets in without Norton." Just speculating...

I know some freelance contracts I sign require that my computers have antivirus. So I have ClamAV but don't run it that often.

sun box + XP/Vista/W7 + NAV
its no big deal
oh yeah, put a Dell sticker over the apple logo <G>

Our IT technically does not want Macs on the network for the same reason (even though one cannot be infected with a Windows virus, it can still host an infected file to be passed on), but the video people in my department use them anyway.

So then they haven't got any protection on the PCs that the Macs might pass on a file to?
:rolleyes:

This also begs the question: Why do they allow systems that are so vulnerable that they can easily be compromised by other systems in the company?

Hey, I'm not defending it. I think they're morons. Just relaying the excuses they used on me.

There is so many complications with this, and coming from a person who manages 8,000 Macs and 33 Xserves, I can tell you, they don't play nice with our SuSe Linux eDirectory, which manage all of our 10s of thousands of PCs in the district.

So, since Apple decided to skip out on the whole enterprise market until the last few years, because lets be honest, anything before 10.4 Server was pretty much crap compared to every other enterprise product out there. Even 10.4 had huge flaws, and lacked features. 10.5 was a huge step in the right direction and 10.6 finally is starting to make it easy to integrate Macs into your enterprise. They still lack any sort of print server technology, and there is a joke going around Apple offices about it, which I can't recall what it was exactly. Either way, how do you mass deploy, or allow users to select network printers and enable queues in an orderly fashion with a Mac on the network, short answer is - you can't.

Now, hospitals and other medical offices run a lot of security apps and technologies due to HIPPA. They also run network deployable apps from a server for their patient database. Citrix comes to mind for this, but I have never worked at a hospital so it is hard to say. I am not sure if it is the developer of said product or the Apple side which makes it so difficult to make products for Apple.

Now toss in the fact that Airport have had some of the worst connection issues with large roaming wireless networks that I have ever seen. This is pretty much fixed though, but only with in the last year. We weren't the only ones that had that issue either. Apple actually released several major Airport updates to fix this in 10.5.5 and later releases.

These issues are worrisome for an IT staff to tackle. Luckily I have been working with both PC and Mac products for over 10 years now, so I got a handle on both sides of the coin. I see how Apple lacks or fails to perform in certain aspects too. I can usually make it work, but the time and training it may take to teach someone how to do this could be costly, and if IT is on budget cuts, or if a director doesn't see it as a viable cost.

Then look at the cost of migrating products. I mean there are plenty of Novell shops out there still and Netware is pretty much a dead technology, but the cost, plus time to upgrade the whole infrastructure to say Windows2k7 Server is just a lot. Plus converting all your data, and policies and other server side technologies from one platform to the next is expensive.

Don't get me wrong, I would love to Apple in enterprise networks, but they are still just lacking a few features and some minor integration to make them totally worth it in some people's views. I mean file sharing between Macs and other platforms can be problematic and that is the most basic need of networking.

I mean the more Macs that get integrated the more I am worth to a company since I can do both and have been for 10 years. So I am all for it.

Thanks for that explanation, Tom. Only an "insider" would know those issues. Having said that, I'll bet that the hospital IT folks are not nearly that knowledgeable; they just don't want and/or don't have time to deal with what is to them an unknown set of problems within their very limited budgets.

That is the other problem, lots of people are afraid to learn new things, and this doesn't only apply to technology. We once tried to upgrade the legal department of my old job form Office 2000 to Office 2003 and they were not having it one bit. So, we didn't upgrade them.

In my experience, "insider" reasons have been bs, usually generated out fear and using issues created by "insiders." The old "Macs don't have the management tools we need" argument is particularly weak, since those very same insiders settled on Windows long before it had any management tools, when it was just a shell sitting on top of a lousy 16-bit operating system.

Not always, CWT; but all too often, I agree.

Forget the past, looking at it right now: how easy is it to integrate OS X into an Active Directory domain, allowing the same level of access and control that is allowed on Windows domain members?
I can tell you now, it's not there. Blame it on MS for making the AD system proprietary, or blame it on Apple for not doing enough to work around it... it works out to the same end result: most all of our servers and management software are going to be MS-centric, and working OS X into that structure is problematic.
To some company's it's not worth the cost and effort to train or hire people to do it. And that's not a value judgment, it's simply reality.

Yeah yeah you and I have gone round and round with this topic and you are obvious an IT hater, mac elitist. That is obvious. I have actually very little bias on any platform, there is some but I try to keep it to a minimum.

Enterprise and end user and two completely different worlds as the end user in an enterprise has no clue to what goes on in the background to do what they use it for every day. I think that Apple makes an excellent end user product, but their enterprise is lacking. I think that Microsoft makes an excellent enterprise product but their end user is bloated and slow.

Those who forget the past are doomed to repeat it, and your statement proves it! Yes, Active Directory is not based on standards. It is a proprietary tool used to lock IT (willingly) in to using MS products. To then turn around and blame Apple is absurd.

Trying to get iCal to work with Exchange is still a pain in the butt. Exchange is very powerful too, and I think MS makes great back end products. Hell, if I did not have Casper at work, I would be in a rough situation. Apple servers can't do package deployment, app deployment, or any other frameworks that the casper client can do.

The fact remains that in a large environment or in enterprise you will have one guy for every 100 machines maybe more. If you break it down at my work, we got 7 people in my department that directly deal with all that is Mac, and there are 8,000+ Macs we support. We can't be every where at once and need such tools that Apple does not supply. ARD task server is a joke.

There were no standards when it was created. Novell created NDS, but it lacked some features people wanted. It was the only game in town and also porprietary. So, Microsoft came up wtih Active Directory and SMS and basically blew Novell out of the water with their product and gained the market share. This was back in the 90s.

Apple's open directory is far from any standard other than their own. Plus, proprietary? Apple is far from following any open standards and is a closed system, by definition they are proprietary.

Sun? Oh yup, proprietary. No one uses Unix zones but Sun.

Hmm, who else, BSD? Linux? Hmm, they use LDAP, which everyone supports but try to get BSD LDAP to talk to Debian LDAP. Then you have GNU, GPL, BSD, oh yeah those are all proprietary.

There is no such thing as standards, everyone has their own, and most of them don't really talk to each other. The only company that took the approach to integrate their product rather than sell it was Novell, and look at where it got them.

Are you saying that Macs require 1/10 of the support effort, or that you feel you are not able to provide as much support as you feel typical enterprise users get?

This is either a testament to the quality of OS X, or to your (and your colleagues') abilities! :D

Just a silly question. Not that you really need it, but there is Norton for the Mac, would that not pass muster?

That is the real reason for IT resistance. They come up with all sorts of rationalizations, but that's the reason.

IT guy: We can't use Macs in our company because they're proprietary and don't integrate into our system.

User: Isn't Windows proprietary? Isn't Active Directory?

IT guy: But it's what I know.

User: Aren't you supposed to be a professional?

IT guy: You just don't understand computers.
:rolleyes:

.
Seems a more cost-effective policy would be to "make sure no PC gets in".
.

.
The problem, of course, is that management and IT will all-too-often treat Microsoft/Windows as the de facto standard. Which unfortunately is arguable due to their market share. But it’s dropping and dropping...
.

Not really. IT began treating Microsoft/Windows as the de facto standard right from the beginning, before there was a market share to measure. Even (especially?) now, market share is really just an excuse. The internet is generally based on standards, and using Microsoft products tends to violate those standards (ie: IE) so that anyone legitimately concerned about standards shouldn't be using their products.

Actually, OS X Server lacks so many "enterprise features" that I am blessed that I get to use the Casper Suite from Jamf software (see http://www.jamfsoftware.com) to manage those 8,000 machines. Apple does do a few cool things like MCX, and straight up POSIX plus ACLs make permissions and access a breeze, but if someone slaps a CD of some software on my desk, how do I get it out to those 8,000 machines? I certainly am not going to use the CD on each one. OS X Server has no application/package deployment technology in it. ARD task server is a joke and inefficient since the machines have to be powered on during the time the task is set or they fail and never retry. I use Casper for that.

Also, the built in netboot and imaging features are not that great. Again, Casper to the rescue. This is my third year running the 1:1 and if I did not have Casper, my life would be so much harder. Apple makes a great end user product, everything else needs vast improvements. There are certain people at Apple that don't care for the enterprise market either, so they don't push that side of Apple all that much. Which is another reason you do not see companies and hospitals using them.

Yes there is a Mac client for Norton, and it does come in useful for certain things. Macro viruses, trojans, and other exploits that still do exist for the Mac. You can't defend against any type of "social engineering" exploit that fools the user to input their admin credentials to install something that is going to damage or root your system. I, even with my limited programming skills, could slip in an installer script in a package that could enable the root account, change the password to what I want, turn on ssh and then email me the results.

Also, let us not forget the month of Apple bugs, and the well known security holes in OS X that took Apple a super long time to fix. To be fair I must say we need to acknowledge two things. 1) Apple has a solid OS based on Unix which for the most part is very secure, and 2) Apple takes a long time to fix known security holes and bugs which can be used as exploits, but they are not all that widely known and most hackers/exploiters don't care.

I am not trying to say if Apple had the same market share as say Microsoft they would have all the same exploits and viruses, because they are too different of OSes to have the same issues when it comes to that. What I am saying is, there will always be potential for such things. Unilaterally thinking that I am using a Mac and therefore I am safe regardless is not a good idea in my mind.

Fingers-

One thing I was going to mention but forgot. When I was talking about how small my department was versus our machines I was trying to parallel the fact that in those types of work environments in IT you don't have the work force to even try to adapt, train, or migrate anything. Most of my job is reactive instead of proactive because I am so far stretched between responsibilities (OD admin, server admin, casper admin, package creation, package deployment, group policy, end user support, training, and so forth) that I hardly have time to work and plan ahead. If my department were bigger, I could focus on such things and specialize perhaps. If your IT department is large enough to do this, then it would be easier to migrate to a new product, slowly train your staff, and help the process along.

Did you take a look into LANRev? I'm looking into that right now, but will have to take a gander at Casper now too. They both seem pretty powerful.

We looked at both, but went with Casper. Have zero complaints, feel free to drop me a line if you got any questions. I am doing some crazy stuff, and Jamfsoftware just did a case study on me which should be published very soon.

@tlarkin -- And just to clarify, what kind of network are you working on? Mixed, PC, Mac, (linux?). I assume Mac, but I just want to be sure. Oh, and what are you using for your servers, there's another good question. I'm assuming Mac, because you mention OSX Server, but I wanted to check.

Network - mixture of Cicso catalyst switches and routers and network controllers with cisco APs running 802.11A radios. By mixture I mean its pure cisco but the models differ depending on replacement cycle. Some are old, some are brand new.

Servers - 33 Xserves - all dual xeons, some Dell blades, some HP Proliants, and the OSes we run are Netware 6.5, SuSe Linux (uh 10.1 Enterprise me thinks), Windows 2003 Server and OS X Server 10.5.8.

clients - 6,000 macbooks, 2,000 iMacs, 6,000 or more PCs (dells, gateways, some custom built), several thousand Acer Netbooks (used for assessment testing in laptop carts), then we got our randoms that directors and executives have: Macbook Airs, Macbook Pros, high end PC laptops, and we also have the small specialty labs of Mac Pros, but those are very few and far between.

Another dumb question, can you administer PCs from OSX Server? Or is that why you have Casper?

No you cannot manage Windows machines from anything but a Windows server, and vice versa for every other platform, which the exception of SuSe Linux (bought out by Novell) which acts as a container over everything.

Casper is a third party, Mac only product (except inventory systems do work on Windows) that is a framework that allows me to install packages, create policies, deploy scripts/pkgs/whatever, mass image computers, and full inventory reporting, plus many other things that I can do with it.

OS X Server offers none of these features.

Just discovered another Mac exclusion: The Olympics. CTV has the rights in Canada (Canadians can't view NBC) and the web site (CTVOlympics.ca) requires Silverlight. Ah well, to hell with the Olympics.

Second that. If they want to load that crap on my computer they're going to have to pay me.

Most likely that stuff was built by the lowest bid contractor though, just as many things are these days. It probably costs a lot less to have a contractor build a product that already exists on top of the majority of their users platform versus something from the ground up that is a better product. That is just business and has nothing to do with technology and/or IT people. Stuff like this happens all the time. Trust me, I sit in meetings and tell the powers that be to not buy a certain product because of the problems we will have with it, and I get completely disregarded and then get stuck supporting that shoddy product. I can't go up to the directors and executives and be like, "I told you so." either when the product they bought only works part of the time.

The only way to fix that is for Apple to be more aggressive and competitive on their business end, because businesses aren't going to change their habits.

But why use Silverlight? Is it cheaper than building a flash player? I thought flash players were the de facto standard these days? (I also thought Silverlight worked on Mac?)

When I looked, the only version of Silverlight for a Mac was version 1 but on the PC it has advanced beyond that. Given the site's choice to use Silverlight in the first place, I wasn't willing to see if the video I wanted to see would work. Just dropped the site a nastygram and quit.

Both Flash and Silverlight are speed bumps on the way to HTML5. We need to get Adobe to stop blocking HTML5 and get on with developing it and other web standards.

I am not a web developer but I hear developing anything in flash sucks. Who knows, maybe sliverlight has a better API? Better framework? Easier to click, drag and drool something together?

All I know is that things like this get put together from the lowest bidder, and perhaps that lowest bidder had a deal or some guy running that company thought that silverlight was the next big thing?

It is all business, and has very little to do with actual technology sometimes.

If the back end is running Microsoft's IIS7 server, then Silverlight can stream the video to iPhones via the HTML5 <video> tag. Maybe that was a reason?

Presumably, spoofing the UserAgent would allow desktop browsers to get the HTML5 version too.

Creating a Flash applet requires hiring someone who knows Flash.
Building a Silverlight applet requires hiring someone who can code in VB.net, C#.net, or C++.net. Guess which category has the most people?
Also, Flash is somewhat limited. Silverlight is virtually running a true executable program inside the browser based on the .NET framework, which allows a huge array of functionality. Access to databases, threading, etc. There are tighter permissions in access to the host computer, but running a Silverlight app really is just like running a normal application inside a browser.
Flash is more oriented towards being an integral piece of a webpage, not a standalone app.
The Flash development environment is a lot more complicated, and in many ways acts more like a video editor. Silverlight apps can be created right inside Visual Studio where coders write all their other applications, so the learning curve is smaller.

Silverlight runs just fine in Safari on my Mac.

Runs in Safari on my MBP (10.6.2) machine as well, I discovered. I guess I was really just ready to carp about the incredibly tight commercial control of what are supposed to be amateur sports.CTV paid a gazillion bucks for rights (as did NBC), and both are much more interested in ad revenue than in viewer convenience. I must confess too that the newspapers are no better.

I say this, however, as a person with very little interest in the Olympics any more. They have become insufferably commercial, there are never-ending doping scandals, the IOC are a bunch of world-hopping fat cats, I don't trust the judging, ... I could go on.

I was thinking about the streaming video problem a few days ago (when I couldn't see the hockey game online from CTV because I was in the US).

Are there any examples of a streaming service that works without Flash OR Silverlight across Mac/Windows/Safari/IE/Firefox that does NOT use a proprietary service/plugin?

Apple's streaming, when they did it, require QuickTime, so that is not that much different than Silverlight.

HTML5 does not require proprietary plugins, which is why those that have them (Adobe) are fighting against it while claiming that they aren't. Sort of like health insurance companies and health reform.

Yes, but if you had to build an Olympic streaming site that was completed LAST YEAR, is HTML5 realistic. Heck, is HTML5 realistic right now?

I do realize that HTML5 is the way to do in the future, but how do you do it right now?

Wrong question. What you do is start using HTML5 and then give polite but persistent notices pushing users that can't make use of it to browsers that can. If you don't, then you'll be stuck with old technology (remember the floppy disc?) for many years.

So how would you have done the Olympic streaming site?

HTML5. I thought I made that clear.

Well for sure that would never have been accepted as the winning design. I'm nearly positive the requirements were that it had to work on 90% of browsers, which HTML5 fails, right?

From what I can tell here: http://a.deveria.com/caniuse/#agents...,pr,cr,wd,ietf and here: http://en.wikipedia.org/wiki/Compari...engines_(HTML5) then HTML is not a good choice for a highly visible and trafficked site.

Am I missing something?

This is a horrible thing to even contemplate requiring, especially at a time when installing another browser is just a click away. Whoever proposed such a requirement should be punished for even suggesting it.
Edit: To deliberately choose mediocrity by sticking with outdated, proprietary capabilities is contrary to the Olympic ideal of striving to be stronger, faster, greater.

You're missing the fact that at least 4 cross platform browsers can play HTML5 video, and at least one of the ones that don't are responsible for causing problems for developers where they have to develop two versions of many things.

You are right, but let me add another layer of what goes on behind the scenes. Director, executive, manager, whomever is in charge of making something works and is in a management position goes here we bought this IT staff, now make it work. A department head will say, hey we got money to spend and we need this, so go get this and make it work. They hardly ever consult IT, and often when they do they disregard what IT says to make it happen.

Then IT says, hey management, we could really use this to work with all the technology you bought and are making us support for you. Management replies, we don't have the budget for that.

So, it can go both ways, and is usually 9 times out of 10 a business decision over a technical decision. My buddy works IT for a large bank. Their management wants minimal software and all computers locked down as tight as possible. Their tiny little windows image is like 500 megs total, and their machines can do nothing but run the programs that are installed, nothing else. They wanted to migrate some back end technology to make this process more efficient, and management said nope, no budget for it, just make it work.

I know about this at my school. No personal computers that don't have an antivirus because of network distribution. How is a Windows program supposed to run on a Mac? (Not Parallels or Fusion; you'd know) So it can't go around the network. Deuueh…

CrossOver API can run windows Apps. It is essentially a lot like the WINE project.

But a program can't autorun without your knowing. It can't redistribute itself on the network for that; you would know as Parallels/CrosssOver/Fusion/Q… would launch.

Well to be honest self replicating viruses are pretty darn rare these days even on Windows machines. Most of them have moved into phishing or social engineering where the user gives permission for it to install itself. Then there are some that will try to attach themselves to email attachments, but to be honest most spam and firewalls catch those. Anytime an email comes to me that has been altered my firewall spam guard usually catches it and deletes it. Now, if you zipped the virus up and emailed it as an attachment it would go through but it would require the end user to extract it and run it. Those types of attacks you can't really defend against because of the human element. You have to train your users to use smart practices.

I haven't seen a mass self replicating virus in a long time, and the ones I did get to experience were email based. I haven't really seen any just attach itself to a file share and then go to town on a bunch of client machines on a network.

Great article about video on the web: http://x264dev.multimedia.cx/?p=292

Thanks for that; really interesting -- particularly with respect to the role software patents are playing in this development.