The Difficult Life of Mac in the Mixed Environment

Just before the sad event of Steve Jobs death, obtained a MacBook. While everyone is still immersed in reading the biography, we embarked on the journey of using a new OS for the first time. Here are the positive experiences and gripes that we found when using it in a multi-purpose multi-platform environment.

Please note that we are just starting up using the Mac, and some of our issues may have solutions that we haven't found yet.


The environment
The MacBook arrived in the very mixed environment of Shortinfosec

  • Domain - an active AD Win2008 functional level domain, but used only for testing. The computers are only added to the domain to do research related to the domain.
  • Computers - Work is done on our laptops - HPs, Lenovo and Acer running Windows 7, Vista and Ubuntu.
  • Virtual environment - Virtual Box and VMWare player based virtual machines, mostly bridged network
  • Network - 802.11 n Wifi and wired 1 Gbps Ethernet network. Cisco and Huawei network elements
  • VPN - Cisco IPsec VPN for remote access
  • Storage - iSCSI based storage server, built around an Openfiler storage server, on the wired LAN segment
  • Printing - a very old HP LaseJet printer, so old that we have to use a Centronix to USB convertor, so we attach it to any laptop we need.
What we do on this environment:
  • Testing and honing skills of attack tools
  • Running test scenarios on corporate products
  • Active Directory fiddling and trying to break
  • Playing games
  • Blog management
  • A lot of article and paper writing
  • Java development
  • Odd accounting jobs
  • Lots of games ;)

The positives
We like to start on a positive note, so here are the things we like about our Mac
  • User experience - as Steve Jobs insisted, the user experience of working in Mac Applications on the Mac is seamless. Everything just runs. Even attaching external hardware a 20 year old printer was a breeze - much easier then doing the same on Vista.
  • Battery life - the battery life is simply outstanding. The commercials say that the Mac can do 7 hours on battery, and that is quite true, for working in word processor, at 65% screen brightness.
  • Portability - not really comparable, since all other laptops are 15'', but the Mac is very easy on the shoulders, and an excellent companion at meetings.
  • Speed of functions - all implemented functions within the OS are implemented VERY WELL. For example, the Cisco IPSec VPN connection using the native Lion client authenticates at least 10 seconds faster than the Cisco VPN Client for 64bit Windows 7 (we actually measured)

The gripes
Naturally, not everything is that great, and here are the frustrations that we faced with our Mac.
  • The keyboard shortcuts - putting an IT pro who worked on a PC and Unix for 20 years in front of a Mac running OSX is a special kind of hell: NONE of the keyboard shortcuts are the same, and it a significant effort to shift to OSX shortcuts. They are not illogical, only completely different, which hampers productivity for anyone used to do much of their work on a keyboard.
  • Interoperability with other platforms - There are interoperability gripes with a lot of stuff. The Mac can join an AD domain (sort of), but we had a lot of stress getting the Mac to use cached credentials. Mostly the same happened with a Linux based LDAP service.
  • Software is missing - A lot of productivity software that we are used to is missing for Mac - we stumbled on Visio, then on MS Project, then on Notepad++, then on 7zip... We didn't go into developing Java in Eclipse, because of the following point. Mind, there are replacements for most of the software we were missing, but productivity was hampered since we needed to find the appropriate software, buy it and learn how to use it. VMware player is nonexistent for Mac, we are limited to VirtualBox.
  • Lacking native support for obvious items - first disaster - no support for NTFS write. We had to revert to the dreaded FAT32, which was a deal breaker for development. As if that wasn't enough, iSCSI is not natively supported, which further killed any attempt at accessing the large Java codebase on our iSCSI fileserver.
  • Remote access - So far we haven't discovered an efficient native tool to access and work on our Mac remotely. The Apple Remote Desktop is a shameless highway robbery - why should any company or user need to pay any money to access and manage a single Mac remotely? We are at the moment trying out VNC, which is not a very preferred platform.
  • No Native or Free Disk Encryption - (Updated, thanks to comments on reddit.com). Up to OSX 10.6 only Sophos SafeGuard provided full disk encryption for a Mac. For OSX 10.7 there is FileVault full disk encryption, but we haven't tried it.


Conclusions and thoughts
We are not abandoning the Mac - it is a great tool and an asset in our little lab. But in the current state of things, it takes a lot of effort and compromise to fully migrate to a Mac platform, especially since a multi-environment knowledge is required.

If today someone asks us whether a Mac is a good idea for company use, we would not be very supportive
for the following reasons:
  • Business Software lack of compatibility
  • (Updated per the comment of Ryan Black) Incompatibility with writing to NTFS filsystem (which is everywhere) (previously stated NTFS fileservers - fileservers are accessed through SMB, which is supported)
  • Learning Curve for efficient use


Talkback and comments are most welcome


Related posts
Information Risks when Branching Software Versions
8 Golden Rules of Change Management

9 comments:

Ryan Black said...

"Incompatibility with NTFS fileservers (which are everywhere)"

What? You consider yourselves technical yet don't understand the difference between writing to a CIFS share that happens to be NTFS on the other end and a local filesystem?

"Interoperability with other platforms - There are interoperability gripes with a lot of stuff. The Mac can join an AD domain (sort of), but we had a lot of stress getting the Mac to use cached credentials. Mostly the same happened with a Linux based LDAP service."

I think you should have included a disclaimer both here and your note regarding keyboard shortcuts (which you somewhat did). On a properly configured AD domain (DNS etc.) SSO and whatnot work just fine. I would look deeper into your environment before you blame the issue on the out-of-box Mac.

"No Native or Free Disk Encryption - (Updated, thanks to comments on reddit.com). Up to OSX 10.6 only Sophos SafeGuard provided full disk encryption for a Mac. For OSX 10.7 there is FileVault full disk encryption, but we haven't tried it."

Yes in 10.6 FileVault only encrypted your home directory, however, the OS nearly insisted that all pertinent user data live there. Do I prefer FDE? Of course! Is this a deal breaker and out of line with previous offerings from Microsoft out of box? Nope.

"Remote access - So far we haven't discovered an efficient native tool to access and work on our Mac remotely. The Apple Remote Desktop is a shameless highway robbery - why should any company or user need to pay any money to access and manage a single Mac remotely? We are at the moment trying out VNC, which is not a very preferred platform."

Try ScreenSharing over SSH... it's free and built in.. you just missed it...among other things.

"Software is missing - A lot of productivity software that we are used to is missing for Mac - we stumbled on Visio, then on MS Project, then on Notepad++, then on 7zip... We didn't go into developing Java in Eclipse, because of the following point. Mind, there are replacements for most of the software we were missing, but productivity was hampered since we needed to find the appropriate software, buy it and learn how to use it. VMware player is nonexistent for Mac, we are limited to VirtualBox."

IIRC 7zip isn't Windows native. Visio is a dadgum Microsoft product (OmniGraphfle works well. Notepad++ can be easily replaced with TextMate.Project, a MS product with alternatives...

Your complaints are fair in that if you expect to drop an alternate OS in a vendor-heavy environment and magically keep the same software that is vendor-specific, you can't. (sarcasm).

Yes for enterprise customers this is a PITA but unfair criticism. Most of your points are unfair critiques or a result of your understandable ignorance of the platform.

Before you insist I am vehemently defending Apple as a "fan boy" please understand I have experience on all platforms, currently use Windows 7 / Linux Mint as my main OSes yet I worked for Apple and was the Apple SME at a Fortune 200 for quite a bit; now I am in Info Sec.

Please reconsider some of your first impressions with a bit of research, articles like this are all too common and create an atmosphere of undue FUD to overcome.

Bozidar Spirovski said...

Thanks for the technical inputs, which where relevant are already updated in the text. Simply said, I love the Mac, and this comment is written on it. But that there are issues, is a simple fact that no amount of comments will change. I think that it is much better for sysadmins to be aware of them before buying the first Mac for their environment then being surprised. Oh, and screen sharing uses the Remote FrameBuffer protocol - which is VNC, exactly what we are working with at the moment, but thanks for the heads up.

Centrale termice said...

Congrats for the article!!

Cauciucuri vara said...

i like the article,i like to read everything that is about computers

Coafor said...

Thanks for sharing it!!

Calculator credite said...

This is a great place for me to visit as I need to understand more of this.

Getit said...

Lovely blog it is. Download Zapya for PC to share files and folders easily from PC to Mobiledd

Sunmugam Chidambaram said...

Great one
Download xender for pc
Very good for share FILES ,PICTURES PC To any Android

zapya said...

Zapya for pc
Zapya download pc
Zapya app download
Zapya apk download
Zapya for Windows
mobdro for Windows
mobdro pc download
Shareit pc Download
Shareit download
Shareit download

Designed by Posicionamiento Web