Tag Archives: Apple

Mac OS X Server Mac Security Mass Deployment

Mail Chapter of Take Control of OS X Server Now Available

The Mail Server chapter of the Take Control book is now available up on http://tidbits.com/article/14950. I’m always torn when it comes to writing chapters on setting up mail servers. Is it socially irresponsible to help people potentially (but accidentally) create spam bots…

TCo OS X Server 1.0 Cover for PDF

Mac OS X Mac OS X Server Mac Security Mass Deployment public speaking

MacAdmins 2015

I was super-bummed that I missed the MacAdmins conference at Penn State University. But, all is not lost as MacAdmins will be held July 8-10 in 2015 at the Penn Stater Conference Center and I’ll be able to see all those awesome people there next year!

In the meantime, something fun and new is the 2014 MacAdmins Playlist to maybe get exposed to some new stuff: http://spoti.fi/VTdxLX.

As an aside, here’s a fun pic of @derflounder and I (and others) doing a round table from a few years ago on the Penn State site:

Screen Shot 2014-07-15 at 1.25.10 PM

 

Mac OS X Mac OS X Server Mac Security Mass Deployment

Interviewing Duncan for AFP548.com

Totally fun doing these interviews. If you’ve got a good story to tell, let’s do an episode!

Mac OS X Mac OS X Server Mac Security Mass Deployment

Redirect Logs To A Syslog Server In OS X

I could have sworn that I’ve written this up before, but I just tried to link it into the article for tomorrow and it’s not on my site, so here goes. To redirect logs in OS X to a syslog server, open /etc/syslog.conf and add the following line (assuming an IP of 10.10.10.92 – replace that with the IP of your syslog box):

*.*                                       @10.10.10.92

To customize the port number (e.g. 9200) use @10.10.10.92:9200 instead. This should be instant but you can always use launchctl to unload and reload syslog if for some reason it isn’t. If you’re scripting this you can then programmatically send some information to the server. For example, if you enter the following, you should see an entry for testtesttest in your syslog server for the host you just configured:

logger testtesttest

iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Microsoft Exchange Server Network Infrastructure Ubuntu Unix VMware

Quick nmap Hacks

The nmap application is a pretty easy-to-use tool that can be used to port scan objects in a network environment. To obtain mmap in an easy-to-use package installer, for OS X check out the download page at http://nmap.org/download.html#macosx (use the same page to grab it for Windows or *nix as well). Once downloaded run the package/rpm/whatever.

Before I scan a system, I like to pull the routing table and eth info to determine how scans are being run, which can be run by using the mmap command anong with the —iflist option:

nmap —iflist

Basic Scanning
To then scan a computer, just use the mmap command followed by the host name or even throw a -v option in there to see more information (you can use a hostname or an IP):

nmap -v www.apple.com

Use the -6 option if scanning via IPv6:

nmap -v -6 8a33:1a2c::83::1a

Can drop the -v for less info on these, but I usually like more than less. Shows ports, states, services (for the ports) and a MAC address for each IP being scanned.

You can also scan a range of IPs. I usually take the lazy way for this, by using a wildcard. I can replace an octet to scan all objects in that octet. For example, to scan all systems running on the 192.168.210 class B:

nmap 192.168.210.*

You can scan a subnet, which can cover more or less than one octet worth of IPs, by including the net mask:

nmap 192.168.210.0/24

You can also just list a range, which is much easier in some cases, using the —exclude option to remove an address that will be angry if port scanned:

nmap 192.168.210.1-100 —exclude 192.168.210.25

Or to do a few hosts within that range:

nmap 192.168.210.1,10,254

Of you can even use the following to read in a list of addresses and subnets where each is on its own line:

nmap -iL ~/nmaplist.txt

By default, mmap is scanning all ports. However, if you know what you’re looking for, scans can be processed much faster if you constrain it to a port or range of ports. Use the -p option to identify a port and then T: for only TCP or U: for only UDP, or neither to do both. Additionally, you can scan a range of ports or separate ports using the same syntax used for identifying multiple hosts. For example, here we’ll scan 53, 80, 110, 443 and 143:

nmap -p 53,80,110,143,443

DO OS detection using the -A option:

nmap -A www.apple.com

For true remote OS detection, use -O with —osscan-guess:

mmap -v -O —osscan-guess mail.krypted.com

We can also output to a text file, using the -o option (or of course > filename but -o is more elegant here unless you’re parsing elsewhere in the line):

mmap -v -o ~/Desktop/nmapresults.txt -O —osscan-guess mail.krypted.com

Firewalls
Next, we’ll look at trying to bypass pesky annoyances like stageful packet inspection on firewalls. First, check whether there is actually a firewall using -s:

nmap -sA www.apple.com

Scan even if the host is protected by a firewall:

nmap -PN www.apple.com

Just check to see if some devices are up even if behind a firewall:

nmap -sP 192.168.210.10-20

Run a scan using Syn and ACK scans, run mmap along with the either -PS or -PA options (shown respectively):

nmap -PS 443 www.apple.com
nmap -PA 443 www.apple.com

Try to determine why ports are in a specific state:

nmap —reason www.apple.com

Show all sent/recvd packets:

nmap —packet-trace www.apple.com

Try to read the header of remote ports to determine a version number of the software:

nmap -sV www.apple.com

Security Scanning
Next, we can look at actually using nmap to test the attacking waters a little bit. First, we’ll try and spoof another MAC address, using the —spoof-mac options. We’ll use the 0 position after that option to indicate that we’re randomly generating a Mac, although we could use a real MAC in place of the 0:

nmap -v -sT —spoof-mac 0 www.apple.com

Next, let’s try to add a decoy, which allows us to spoof some IPs and use that as decoys so our target doesn’t suspect our IP as one that’s actually scanning them (note that our IP we’re testing from is 192.168.210.210):

nmap -n -192.168.210.1,192.168.210.10,192.168.210.210,192.168.210.254

Then, send some crazy packets (not an official term like magic packets, just my own term for throwing a curve ball at things and testing for the viability of syn-flood or Xmas packet attacking):

nmap -sX www.apple.com

Configure a custom mtu:

nmap —mtu 64 www.apple.com

Fragment your packets:

nmap -f www.apple.com

Note: None of Apple’s servers were damaged in the writing of this article. I did a find/replace at the end, when I realized I didn’t want all of you hitting www.krypted.com.

Mac OS X Mac OS X Server

Configure the Software Update Service on Mavericks Server

The software patching configuration built into most operating systems is configured so all that a user has to do is open a box at home, join the network and start using the computer right away. As environments grow from homes to small offices and then small offices grow into enterprises, at some point software updates and patches need to be managed centrally. Mavericks Server (OS X Server 3), as with its OS X Server predecessors has a Software Update service. The service in the Server app is known as Software Update and from the command line is known as swupdate.

The Software Update service, by default, stores each update in the /var/db/swupd directory. The Software Update servie is actually comprised of three components. The first is an Apache server, invoked by the /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.swupdate.host.plist LaunchDaemon. This LaunchDaemon invokes a httpd process and clients access updates from the server based on a manifest of updates available in the sucatalog. These are synchronized with Apple Software Updates via /Applications/Server.app/Contents/ServerRoot/usr/sbin/swupd_syncd, the LaunchDaemon for swupdate at /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.swupdate.sync.plist. The Apache version is now Apache/2.2.22.

Clients can be pointed at the server then via a Profile or using the defaults command to edit the /Library/Preferences/com.apple.SoftwareUpdate.plist file. The contents of this file can be read using the following command:

defaults read /Library/Preferences/com.apple.SoftwareUpdate.plist

To point a client to a server via the command line, use a command such as the following:

sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate CatalogURL http://mavserver.pretendco.lan:8088/index.sucatalog

But first, you’ll need to configure and start the Software Update service. Lucky you, it’s quick (although quick in a hurry up and wait kind of way). To get started, open the Server app and then click on the Software Update service.

Screen Shot 2013-10-06 at 8.24.19 PMBy default, updates are set to simply mirror the Apple servers, by default, enabling each update that Apple publishes, effectively proxying updates. You can use the Manual button if you would like to configure updates to either manually be approved and manually synchronized or just manually approved but automatically copied from Apple. Otherwise click on the ON button and wait for the updates to cache to simply mirror the Apple servers.

If you would like to manually configure updates, click on the Manual option and then click on the Updates tab.

Screen Shot 2013-10-06 at 8.58.16 PMThe first item in the Updates tab is the “Automatically download new updates” checkbox. This option downloads all of the updates but does not enable them. The Updates tab also displays all available updates. click on one and then click on the cog-wheel icon towards the bottom of the screen to configure its behavior (Download, Enable, Disable, Remove and View Update).

Note: The only option for updates in an Automatic configuration environment is disable.

The service can be managed using serveradmin. To start Software Update, use the start option, followed by the swupdate service identifier:

sudo serveradmin start swupdate

To stop the service, replace start with stop:

sudo serveradmin stop swupdate

To see the status of the service, including the location of updates, the paths to log files, when the service was started and the number of updates running, use the fullstatus option:

sudo serveradmin fullstatus swupdate

The output of which appears as follows:

swupdate:state = "RUNNING"
swupdate:lastChecktime = 2013-10-07 01:25:05 +0000
swupdate:syncStatus = "INPROGRESS"
swupdate:syncServiceState = "RUNNING"
swupdate:setStateVersion = 1
swupdate:lastProductsUpdate = 2013-10-06 04:02:16 +0000
swupdate:logPaths:swupdateAccessLog = "/var/log/swupd/swupd_access_log"
swupdate:logPaths:swupdateErrorLog = "/var/log/swupd/swupd_error_log"
swupdate:logPaths:swupdateServiceLog = "/var/log/swupd/swupd_syncd_log"
swupdate:readWriteSettingsVersion = 1
swupdate:checkError = no
swupdate:pluginVers = "10.8.93 (93)"
swupdate:updatesDocRoot = "/Library/Server/Software Update/Data/"
swupdate:hostServiceState = "RUNNING"
swupdate:autoMirror = no
swupdate:numOfEnabledPkg = 0
swupdate:servicePortsAreRestricted = "NO"
swupdate:numOfMirroredPkg = 0
swupdate:autoMirrorOnlyNew = no
swupdate:startTime = 2013-10-07 01:25:05 +0000
swupdate:autoEnable = no

There are also a number of options available using the serveradmin settings that aren’t exposed to the Server app. These include a feature I used to use a lot in the beginning of deployments with poor bandwidth, only mirroring new updates, which is available to swupdate via the autoMirrorOnlyNew option. To configure:

sudo serveradmin settings swupdate:autoMirrorOnlyNew = yes

Also, the service can throttle bandwidth for clients. To use this option, run the following command:

sudo serveradmin settings swupdate:limitBandwidth = yes

And configure bandwidth using the syncBandwidth option, as follows:

sudo serveradmin settings swupdate:syncBandwidth = 10

To automatically sync updates but not enable them (as the checkboxes allow for in the Server app, use the following command:

sudo serveradmin settings swupdate:autoEnable = no

The port (by default 8088) can be managed using the portToUse option, here being used to set it to 80 (clients need this in their catalog URL from here on out):

sudo serveradmin settings swupdate:portToUse = 80

Finally, administrators can purge old packages that are no longer needed using the PurgeUnused option:

sudo serveradmin swupdate:PurgeUnused = yes

One of the biggest drawbacks of the Software Update service in OS X Mavericks Server in my opinion is the fact that it does not allow for serving 3rd party packages, from vendors such as Microsoft or Adobe. To provide those vendors with a manifest file and a quick little path option to add those manifest files, a nice middle ground could be found between the Mac App Store and the built in software update options in OS X. But then, we wouldn’t want to make it too easy.

Another issue many have had is that users need administrative passwords to run updates and don’t have them (technically this isn’t a problem with the OS X Server part of the stack, but it’s related). While many options have come up for this, one is to just run the softwareupdate command for clients via ARD or a similar tool.

Many environments have used these issues to look at tools such as Reposado or third party patch management tools such as JAMF Software’s the Casper Suite (JAMF also makes a reposado-based VM that mimics the swupdate options), FileWave, Absolute Manage and others. Overall, the update service in Mavericks Server is easily configured, easily managed and easily deployed to clients. It is what it needs to be for a large percentage of OS X Mavericks (10.9) Server administrators. This makes it a very viable option and if you’ve already got a Mountain Lion computer sitting around with clients not yet using a centralized update server, well worth enabling.

public speaking

Getting Ready For MacTech

As I prepare my talk for MacTech it occurs to me I should probably post something about it. MacTech Conference is a 3-day, immersive, technical conference specifically designed for Apple IT Pros, Enterprise, developers, and programmers. With presentations from some of the best and well-known experts in the community, MacTech Conference has two separate tracks: one focuses on programming / development, and the other on IT/Enterprise and consulting. Sessions will focus on both desktop and mobile, as well as OS X and iOS.  See http://www.mactech.com/conference/

Krypted.com is a media sponsor of MacTech Conference 2013, November 6-8 at the Manhattan Beach Marriott in Los Angeles. As a sponsor, we have a deal for you. Just use the special registration link:

Apple has set the course with iOS 7, Mavericks, a whole new look, new features, and more. With the new technologies come new challenges for developers and IT professionals. MacTech Conference is the first major event after Apple ships both its new operating systems in the Fall. If you are a developer or IT professional, be a part of this event.
See the list of speakers at http://www.mactech.com/conference/speakers.  Or check out the sessions at  http://www.mactech.com/conference/sessions.  Need more reasons for why you should attend? Check out the “Why Attend?” page at http://www.mactech.com/conference/whyattend or the previous event tweets at http://www.mactech.com/conference/tweets

 

You won’t just be in sessions hearing about great technologies and products. MacTech Conference has a packed evening schedule designed not only to be fun, but also to give you the opportunities to get to know your fellow attendees. And, in 2013, the Conference is a half day longer for the main schedule plus there’s newly added new pre-conference activities.
New to 2013 is the addition of SIX optional, certifications and pre-conference workshops — half-day for a study group and Apple Certification Exams in the morning (additional charge), half-day Microsoft Office for Mac Accreditation (afternoon, no additional charge), and four full-day Pre-Conference Workshops (additional charge). The Office accreditation is limited in size, but MacTech confirms your spot at registration time. The exams must be reserved well in advance. And, the workshops are small group, interactive and hands-on. Student to teacher ratios are approximately 25:1 or better.  See http://www.mactech.com/conference/workshops
The Pre-Conference day is November 5th, 2013.  The Conference is November 6-8, 2013.  Many guests are planning on coming early for the weekend, or even staying the weekend after. MacTech has even brought together some awesome hotel rates so anyone interested can do so inexpensively and conveniently.
 
iPhone Travel Wearable Technology

10 Advances In Wearable Technology Available Today

First came food, shelter and clothing. Then came technology, innovating all three for thousands of years. But innovation in clothing stalled at some point. Once upon a time man make thicker clothing out of animals with thicker hides, better shoes and then armor. These helped to expand where we could go, when we could go there and how safe we were once we got there. But mankind has long sought using technology that is worn to make life better, from false teeth to eyeglasses. Moving into the somewhat more modern era, let’s look at 10 advances that, while more recent than throwing the hide of an animal that might have otherwise eaten us, are still pretty darn cool!

  • As a species, we are probably one of the most ordered on the planet. We go places at certain times and are able to minimize the amount of time that is wasted waiting for others because we know what time it is. We don’t have to find the city square and locate a clock tower or find a sunny spot because we have watches. I’ve always been happy with my watch, which I’ve had for a long, long time (see below).

IMG_5635But these days I’ve been experimenting with watches that do way more, such as  track heart rate, have integrated Nike+ and GPS (for example. the Polar watches and the Garmin watches).polar

  • The cellular phone goes in our pockets. So we don’t totally wear it. Yet… Many of the other innovations are coming and coming faster due to the fact that it seems practically everyone today has a smartphone and the APIs for cloud services that those devices connect to. Since the breakup of Ma’Bell we’ve seen the massive phone, the brick phone, the flip phone, the Treo/Windows Mobile phone and ultimately the battle between iOS/iPhone and Android. At first these started to change our lives by making us connected all the time. Then they gave us cameras and then came the app. Given the custom applications and wireless interfaces that allow each to communicate with external devices, we’re now seeing an unprecedented level of innovation due to a large part the advent of the smart phone. The GPS in my phone tells Foursquare where I am, the camera let’s me share pictures of my kid with the grandparents, the Bluetooth let’s me talk hands and cable free and the accelerometer keeps track of bike rides. The many aspects of technology required to make all this happen then comprise the basis for many of the other recent innovations in this field.

evolution-phones1

  • Wearable technology for the eyes, which we can just call eyewear for short started with the contribution of optics to wearable technology. Glasses were pretty good for a long, long time. Isaac Newton would likely burn the creators of Vuzix and Google Glass at the steak for witchcraft though (only after he’d used the devices to search for how to transmute lead to gold). Today, we are entering a new era, where contacts change the color of someones eyes and your glasses are able to show you information from your computing devices.

Vuzix-Wrap-310XL_1

  • From the Nike+ sensor in my shoes to the Iron Man shirt that glows as though it has an arc reactor in there (thanks ThinkGeek), there are plenty of examples of technology being embedded in clothing today. There are also devices out there that test your golf swing, how you throw a ball and the speed of balls. I’ve come across prototypes of products and products with extremely limited supply chains that go a step further and allow you to wear clothing with embedded sensors for such things. I think that those will become more common, more open (so you’ll be able to use one item for multiple sports or tests) and of course as they become more common, less expensive. In the meantime we’ll have to settle for things like the Scottevest and quick drying shorts…Screen Shot 2013-07-04 at 7.14.35 PM
  • Speaking of Nike+, health is an area where we’re starting to see plenty of advancements. Walk into any Apple Store and you can buy a Jawbone Up, Fitbit, Fuelband or a Nike+ sensor for a shoe. My Fitbit Flex is one of my favorite examples of wearable technology that I don’t even notice any more. I had experimented with the Nike FuelBand and others, but a tiny computer that talks to my phone and updates far more details of my life than I even knew previously is just awesome. And, it tracks my sleep patterns and has even become my alarm clock. But having a tiny sensor means these things could do so much more. I look forward to seeing where things go with these types of devices! IMG_5638
  • But health doesn’t stop with us leading healthier lives. Wearable patches to control pain, chips in pacemakers to alert manufacturers and doctors when devices are going to die and monitors that can be placed in the body and keep track of pretty much every detail of our medical state all bring us more and more towards the bionic man and woman. There are enough companies at this point that there’s room for an organization like Continua to push for the open and interoperability of these solutions. But to me, blood pressure monitors (such as this one from Wiithings) and glucose monitors available in the Apple retail stores are the best sign of the times, bringing these technologies from the prescribed or surgical to the every day practically mundane.

Screen Shot 2013-07-03 at 8.11.48 PM

  • I first saw techie headgear, such as the Emoki project (now cancelled) at Burning Man, long ago. Actually, I guess I first donned a head mounted flashlight while exploring caves in Georgia far before that. But science fiction has long promised us brain wave translating or altering technology that we can wear on our heads and that just hasn’t really become common place. What is becoming normal are head mounted cameras for biking and other sports (such as live action Dungeons & Dragons). You can buy this stuff at the Apple retail stores, Amazon, etc. I’m not sure what the future holds for head mounted gear. Certainly we’ve come a long way from helmets to protect our heads from the sword of our enemy. But I tend to think that wigs that change color with our mood aren’t even scratching the surface of what we can really do. Not that anything will ever top the hat with beer straws that everyone should try at least once (yes, that is putting old school technology to a very important use)!Screen Shot 2013-07-05 at 9.52.22 AM
  • So we’ve covered the whole body, except our hands. The most obvious modern example of a wearable technology is the glove. I picked up a pair of Etips from North Face a long time ago. I have another pair of their gloves that’s thicker as well (it gets cold where I live) and while I like the way they do things, there are other companies that specialize is a more contoured threading around the tip of glove fingers. I don’t like the gloves with little metal discs on the tips (e.g. Isotoner), but I’m sure many must. As I mentioned, gloves with sensors, that analyze the way that we hold or catch a football, grasp a golf club or swing a bat are likely to become somewhat common place at some point. I expect the future may hold gloves that send gestures to your phone without you taking the phone out of your pocket. Burton has already taken the technology they put into jackets 10 years ago and put them into their Mix Master Gloves. But the Nintendo PowerGlove made a promise to humanity. One that we could some day control Bad Street Brawlers with gloves. And while sensors in gloves to control machinery are now common in factories, I’m not certain such technology will really make it to the every day home until we all have robotic minions doing more than vacuuming our carpets.Screen Shot 2013-07-05 at 9.37.27 AM
  • RFID is used to track parts in warehouses and Wal-Mart had supposedly made a requirement that all items sold in their stores would be tagged with RFID. Plenty of schools use RFID to track students as they move around campuses. While there are privacy concerns with students rolling around with chips embedded into their backpacks or ID cards, those arguments could be countered with the fact that when emergencies happen, it helps to be able to locate all your kids in a hurry. RFID isn’t as flashy nor as user friendly today as, let’s say, Google Glass. However, it does have some seriously awesome connotations for the future of logistics, passports and even safety in schools.Screen Shot 2013-07-03 at 8.32.32 PM
  • Sure, I don’t really carry cash or much more than a couple cards and a license in my wallet. But I don’t want even that. NFC (Near-Field Communications) is getting more and more traction, although far slower than I would have thought. While there have been some Android devices with NFC built-in, it hasn’t become the killer protocol for wireless financial transactions we’d  hoped. I’m assuming that’s because Apple has tried many of their own things, like Passbook and apps that can be used to exchange money. I like using Groupons more because I don’t need to exchange money than because I get to save money. But the promise of NFC is there and whether it’s NFC or some other, more secure technology, I very much look forward to the day I can stop carrying a wallet!nfc_payment

And now, with fortunes to be made out there, there are wearable technology conferences springing up all over the world, from the Wearable Technologies Europe Conference to the Wearable Technologies Conference in San Francisco, there are vendors who are already doing this kind of stuff. And with Apple hiring former Yves Saint Laurent CEO Paul Deneve as a new VP we can only assume that Tim Cook’s statement “I think wearables is incredibly interesting, it could be a profound area” was more than just a politically correct response. Dell has announced they’re looking into wearables as have others. With all the added resources now available to the market expect innovation to increase so that it’s not just health and fitness, medical and other smaller markets that are getting a lot of this innovation. Apple isn’t going to do much if they don’t see every human on the planet as a potential customer for their new products. What’s the most fascinating to me is what we haven’t even though of. And with the ability to control much of our homes from our mobile devices (Apple Stores now have NEST and controllable light bulbs), technology is becoming far more a part of everyday life than just the laptop, phone or tablet. It’s now being interwoven into the fabric of our everyday existence, helping us to live better, reduce our impact on the environment and be better. Or just have Angry Birds on a much larger “screen” with our Vuzix if that’s what we’re interested in!

iPhone Mac OS X Mac OS X Server

My New Book on Apple Configurator

My next book, coauthored with Mr. TJ Houston, is now available. The rough draft was mostly complete the week of MacSysAdmin in Sweden. I announced the book at the conference and was busy at work after to get as much as possible complete. And after many an hour and month spent editing this book (props to TJ for doing a lot of the editing), it’s finally  available on Packt Publishing. To quote the site, this is what the book is on:

The Apple Configurator is an incredible piece of software which grants full control in mobile device management, but on a larger scale. The popularity of people taking their own devices to work has grown tremendously. However, valued professional and personal information is at risk, through loss, theft, or hacking. Instant Apple iOS Configuration Utility How-to is a hands-on guide that eliminates any worries that are associated with the deployment and security of iOS devices. This book provides practical, quick win solutions to combat these issues, with clear, concise, and informative examples providing solutions to secure, remote wipe, and encrypt devices. The book will further explore how to personalize iOS devices for configuration and deployment.

newcover

With the Instant Apple iOS Configurator Utility Book How-to, learn to build profiles with customised control settings, with examples on how to capture device information and use console logs for added protection. You will become skilled at tracking and installing provisional profiles for greater security. We will also explore developing workflows for successful deployment, installing software and applications whilst managing files on iOS devices, and how to deploy enrolment profiles for mobile device management solutions en masse. If you are looking for a complete guide that provides simple solutions to complex problems, look no further.

To buy, visit this link: http://www.packtpub.com/apple-ios-configuration-utility/book

Note: I think the title is a little off, that’s in progress for being fixed.

certifications iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment public speaking

Penn State MacAdmins Back for 2013

Last year, I had a great time at the Penn State MacAdmins conference. There were tons of smart people to mingle with and everyone had plenty to discuss when it came to managing the Mac. There were a lot of people from education but also plenty from companies. The talks were well run and the conference location, the Penn Stater, was awesome. I love how it’s like a big winding maze.

Having gone to school in a town like State College (Athens, GA), I’ve always had a warm spot for cute college towns. And State College is clearly a special place. I’d recommend a trip there to anyone that loves places like Ann Arbor, Norman, Stillwater, Opelika, Corvallis, Blacksburg, Madison, Manhattan (Kansas), Ithaca, Iowa City, Ames, Morgantown, Lafayette (Indiana), Lawrence, Champaign, Logan, College Station and of course, Oxford Mississippi (Ole Miss is a truly special place).

So you’re lucky then, ’cause the Penn State MacAdmins Conference is back for 2013, being held in beautiful State College, PA at Penn State University. The Conference is May 22nd through 24th with a new introductory Boot Camp being held the day before (May 21st) to prep admins for the rest of the conference. And May is one of the best times to visit a place like this. Spring is in the air, kids are getting ready to graduate, the flowers are in bloom and of course, there’s no more snow to be shoveled. A month later and the school would practically be shut down, the town a ghost town.

But in late May, college towns are electric. So don’t just stay at the Penn Stater the whole time, go explore downtown and that Nittany Lion thing – and the spot where Joe Pa’s statue used to be. Take a carriage ride, swing by the Governor’s Pub, have some red meat at Otto’s and of course, perform the underclassmen ritual of throwing up on College Ave! And yes, there’s a College Ave, as there should be. Anyway, the social element of a conference like this is great. Meet those people you tell to RTFM on the ‘ole Enterprise List, the people whose feeds you read and the people whose feeds you deleted  ’cause they talk about college football too much…

The Call for Proposals is now open, so to submit a talk, use http://macadmins.psu.edu/conference/submit-proposals.

This year, there will also be sponsors. To sponsor, see http://macadmins.psu.edu/conference/sponsorships.

Or to attend, see http://macadmins.psu.edu/conference/registration.

To sign up for the conference newsletter, see http://psu.us4.list-manage.com/subscribe?u=acd8b6acc541596a7bdf8e517&id=d37a7e26fd.

And for an example of what you are in store for:

PS – There are 12 teams in the Big 10. While at State College, make sure to remind everyone wearing blue of this fact.