Jon’s Network

Apple just launched K-12 on iTunes U(opens iTunes) that allows schools to use iTunes as a platform to distribute educational content. Not quite sure why a school would find this easier than just posting the stuff on the web, but I do know Apple would love to get all those students spending even more time in iTunes.

Some interesting new research out of ETH Zürich showed that Firefox’s Auto-Update mechanism works the best at keeping users updated with the latest and safest version compared to all other major browsers. The report, Understanding the web browser threat, used Google’s browser data from the last 18 months to figure out a lower bound on the amount of users that surf the internet using an outdated browser. It turns out that at least 45.2%, or 637 million users, were not using the most secure Web browser version on any working day from January 2007 to June 2008.

To improve this number, the paper suggests the following:

• browser vendors follow Mozilla’s lead and implement an auto-update mechanism that checks for updates each time the browser is used
• consumers implement URL filtering to reduce odds of visiting an infected website
• implement a “best by” dating system for software similar to what consumers are familiar with when they shop for groceries. This is supposed to increase awareness of the risk of outdated browsers and motivate users to update.
• someone implement an authentic, open repository of plugin version information that can be queried by vendors to make sure browser plugins are updated regularly

I don’t like the “best by” idea. A little red notice that states “145 days expired, 3 patches missed” isn’t much different from the existing software update schemes. Trying to raise awareness for the sake of awareness is futile. Outdated software alone doesn’t cause loss and discomfort like spoiled produce does so consumers won’t be motivated to pay attention to the “best by” date.

Check out this video and ask yourself why we let our governments kill everyone.

via Daniel Miessler

Funny IBM typo typo. Can’t remember what page I saw this on but it was last week.

Someone told me once that they didn’t like using a Mac because it doesn’t have enough keyboard shortcuts built in. For example, how do you access the menu bar without using your mouse? On Windows, you use the alt key to access any menu item. In OS X, you just need to turn on full keyboard access in system preferences (see image) and use ctrl-F2 to do the same thing.

Daniel challenges you to spend a month using OS X exclusively and see if it’s not much better than Windows. Too bad there isn’t a try-and-buy program to let people actually do this without risking any money. Absent of that, we are left to testimonials by current owners (fanboys) and marketing.

In 2006, I read Lifehacker quite a bit trying to squeeze more productivity out of my PC. Someone in the comments always mentioned how Macs “didn’t have that problem” or that some feature was already built in to the OS (Apache web server or something). I switched because I could see that a Mac was going to give me much more value than a PC. I’m glad there were “fanboys” passionate enough to comment all over the internet to teach me this.

Jack Jones of RMI will be doing a preso for the Cisco InfoSec Leadership Forum. I would love to see this but I’ll be on vacation. Maybe I’ll catch the replay if they have one. You can sign up here: http://tinyurl.com/5wgh2s

iShared, the nifty little WAFS product that Packeteer got when they bought Tacit Networks a couple years back, will likely be dropped by Blue Coat from what I have heard. Blue Coat mentioned that they planned on rejuvenating Packetshaper as a standalone product as well as integrating some Packetshaper technologies into the ProxySG appliances. Nothing was mentioned of iShared, and I doubt anyone asked, unless you count all of the current customers that invested in iShared not because it does byte-level caching better than Riverbed, Blue Coat or Cisco, but because it integrates uniquely into a Microsoft shop, giving them a branch office services in a single box that syncs with headquarters. Riverbed and Cisco have recently announced integration with Microsoft services so this might be a good option for iShared users if Blue Coat forgets about them, but that wouldn’t be good for Blue Coat. Maybe that is why Wedbush Morgan thinks Riverbed may benefit from this Blue Coat acquisition of Packeteer.

Fortune Small Business published this drivel in response to a serious question: Is it time to consider moving your small business to Macs?

Their answer: it makes sense for maybe 20 companies out of 100, up from just 5 a few years back.

Here are the reasons Macs won’t work for your small business:

• The slogan “Designed by Apple in California” posivitively shouts at you from the box.
• “On” switch is not on the front of the monitor
• Not enough USB ports (didn’t mention how much would be enough)
• GoToMyPC doesn’t work
• Same driver issues as with a Vista upgrade (this one I just don’t believe without the details)
• Small business users too stupid to use Spaces
• Different keyboard commands (this takes like 3 days to get used to)
• The Mighty Mouse only has one button
• Time Machine retrieves backups with too much fanfare
• Syncing Blackberries and smartphones can be a pain
• Terrible problems getting company programs to work properly (again, no details)
• After months of comparisons, no efficiency was gained doing critical business functions

This is probably the worst article I have read on the topic. You gotta love the last line:

Windows Vista, properly installed and used in tandem with Web-based productivity tools, is a powerful, powerful alternative.

That conclusion doesn’t follow from the explanation. One valid point that it hints at though is that if you are using web-based tools, it doesn’t matter what OS you are using.

The author didn’t offer enough detail about the valid concerns (GoToMyPC work-arounds, syncing problems, programs not working on Macs) to help any small business owner make the decision. He also didn’t mention the well-known desktop virtualization phenomenon that is fueling the trend of small biz Mac switchers. Being able to run Windows on your Macs using Fusion or Parallels reduces the risk of switching and eases the transition.

As for using a Mac for months without efficiency gains, I believe that most small businesses would increase their productivity by using Macs. I haven’t done enough research on it to state it as a conditional fact yet, but I have a fuzzy idea of why it would be.

1. Macs get you out of the filing paradigm. You don’t need to stuff all your emails and files into folders. Use keywords. Use something like Quicksilver to make any file on your machine a few keystrokes away.
2. The services menu and the Cocoa framework
3. Applescript
4. Less expensive, faster (the article did mention these two), more reliable

This all needs to be clarified and quantified, but that is a project for another day.

Stan Trevena, IT director for Modesto City Schools, penned The Internet Filtering Battlefield and describes the constant struggle to keep student and faculty behavior inline with the acceptable use policy. This is important to keep students safe and to keep the district out of legal trouble.

It is a great article that explains exactly how users have been bypassing filters over the years. I wanted to disagree on the part about encrypted proxies however:

Encryption brings us to the frontline of today’s war on circumvention. Encrypted proxies have been a hard target to hit. Because encryption involves keys and algorithms, there’s nowhere near enough processing power in an Internet filtering server to decrypt secure communications between client and server on the fly. It’s also unreasonable to block all HTTPS traffic on a district’s network because many transactions that are part of the daily business of running a school are conducted through such secure sites.

There is enough processing power to proxy SSL sessions. Blue Coat, Secure Computing and Palo Alto all do it. (Palo Alto does it fastest.) It can be a pain though. Some of the vendors make it easier to manage than others by maintaining your list of certificates for you and letting you control which types of sites you proxy for, e.g. you can ignore banking and shopping traffic but proxy other SSL traffic. If you deem the risk large enough to warrant the hassle of pushing your own cert to the browsers and pointing them to the proxy, then there is ample processing power to do this.

What I think is more effective than URL filtering is just straight monitoring of all internet use (not just the blocked sites) and reporting on activity by username to hold users accountable. Stan mentions this at the end of the article. Most filters offer the type of reporting that HR departments require. I also recommend Vericept to schools that want to augment their filter and increase their visibility into user behavior.