Daily Dunce Mac OS

Daily Dunce Mac OS

May 31 2021

Daily Dunce Mac OS

  1. Daily Dunce Mac Os Catalina
  2. Mac Os Catalina
  3. Mac Os Mojave

Macos - Scheduling a terminal command or script file to run daily at a specific time Mac OS X - Stack Overflow Scheduling a terminal command or script file to run daily at a specific time Mac OS X. A dunce cap, also variously known as a dunce hat, dunce's cap or dunce's hat, is a pointed hat, formerly used as an article of discipline in schools in Europe and the United States. 4 5 In popular culture, it is typically made of paper and often marked with a D or the word 'dunce', and given to unruly schoolchildren to wear. Dec 11, 2018 Gary at Salt Forensics looks at the daily.out log on MacOS. I’ve had success in the past with this log showing that volumes were mounted around specific times. It can also show other information such as network connections and uptime Mac OS Daily Logs Like Liked by 1 person.

Paul Venezia bamboozled me into buying a MacBook Pro back in January, and I’ve been on it semi-daily ever since. And yeah, overall, I’ve been pretty happy. Of course, the only reason I was willing to buy one at all was because Parallels made it so easy to run Windows. But while my initial usage ratio was 85 per cent Parallels, 15 percent OS X, over the last six months, that’s changed dramatically to 45 per cent Parallels, 55 percent OS X. Yup, the Orchard does slowly assimilate you.

But not everyone that uses a Mac is suddenly streaming sunshine from their palest nether parts. Scour the Web looking for unhappy Mac users and you’ll find that they’re just as vocal as those who hate Windows (like this guy off Google Video).

Just as I asked, “Does Vista suck?” last week, the question this week is “Does Mac OS X suck?” After six months playing with the platform, I figure I have a viable opinion. Plus, it’s my second-to-last column, so I couldn’t resist. Hope a sniper bullet doesn’t take me on my way to my morning bagel, but I think I’ve been as objective as I can, given the nature of this column.

As with last week’s column, I’m looking at the Mac from perspective of the Windows-centric network manager and grading basic categories on a pass/fail basis.

Windows networking

Nobody complains about this because it works. OS X has an excellent networking client, both wired and wireless — due in large part to FreeBSD rather than anything coming out of Cupertino. Seriously, I think it’s noticeably better than Vista for pure IP networking. Plugging Macs into enterprise-class server-based applications is often the trick, but I’m leaving that for the software section below.

Grade: Pass (with a smile)

Security

Short one because Apple’s made good use of its Unix roots. It’s a pretty secure system. Yes, ever since OS X has become more popular, attacks and breaches on the platform have become more numerous. And, yes, those numbers are high enough that if I were managing a portfolio of MacBooks I’d be installing anti-virus on them; you won’t get away with saving yourself the AV expense — at least, not without violating best-practice auditing.

Daily Dunce Mac Os Catalina

That said, once the personal firewall is up and the AV installed, I’d fully expect to see far, far fewer security-related problems from my Mac clients than my Windows clients. Simple fact, there it is.

Grade: Pass (with a smile)

I didn’t have this category for Vista because — well, really. But Apple users, including Sasquatch Venezia, make a big point out of how OS X and its applications “simply work” and “never crash.” Sorry, but that’s crap. Not only have I crashed both Mac apps and OS X, I’ve watched when Venezia did it. On the crash issue, the question isn’t whether it can crash; the question is whether it crashes more often than Windows.

Pre-XP, no question Apple wins. XP Pro, post-SP1, I’d have to think a little, but I’d give it to Apple. Vista post-shrink-wrap … that’s tricky. Personal experience says they’re about tied — I’m talking about the OSes now, not the apps.

I’ve crashed more Vista apps than Apple apps, no doubt. But post-shrink Vista has locked up on me a grand total of once in six months, while OS X has died on me twice. To me, that makes them both fairly reliable and solid OS platforms.

Given the number of Vista crash reports on the Web, however, I’d say that my experience probably isn’t the norm. Until SP1 or SP2 for Vista smoothes things out, Apple’s probably less crash-prone overall. But by then, we’ll be comparing Vista to Leopard (where the hell is that cat, anyway?), so who knows?

Grade: Pass

Software compatibility

This is easily OS X’s — and, to a larger extent, Apple’s — most glaring yet completely ignored problem. To this day, the Orchard treats third-party developers like the proverbial redheaded stepchild, which results in significantly fewer third-party software options for Apple users than Windows users.

How much less? If someone really knows, I can’t find them. Apple did a study — can’t take that at face value. Microsoft did a study — same deal. I can’t find a third-party objective study, so we’ve got to go with day-to-day experience on this one. When it comes to mission-critical, vertical-type business software, Windows clients far outnumber Apple clients. If they didn’t, Macs would be populating a much larger number of corporate desktops.

And before all the Apple jihaders start listing Apple-compatible equivalents that will do anything I might be able to name, that’s not what I’m talking about. I’m talking about walking into potential client businesses and finding an OS layer that’s appropriate for their needs. They’re going to name a series of software apps that they must have. They don’t want to switch those to something else and retrain and convert and take time away from business. They simply want to keep running what they know on the latest OS platform. This is where Apple drops the ball time and time again.

What really steams my clams about this is that I ding Vista for app compatibility and Microsoft has been working to correct it for the last five years. But Apple has been making this mistake for the last two decades and refuses to do anything about it. Apps are lacking, Java compatibility is chronically behind, and most of Apple’s dev efforts are aimed at a glorified MP3 player, for God’s sakes. From a business-oriented network manager perspective, that’s just not attractive.

Still, Vista passed this on the basis of testing. If your apps work, go ahead; if they don’t, look elsewhere. Same applies to the Mac.

Grade: Pass (grudgingly)

Similar to software, this is another business lesson that Apple simply isn’t willing to learn. Business users like standardized and open hardware platforms. It leaves them free to hunt for bargains and to install third-party components without worrying about long-term hardware compatibility. Apple doesn’t care. Want OS X? You’re buying your hardware from Apple or you’re pulling some VMware hacking stunt.

This used to be even more problematic when Apple was much more expensive than comparable PC platforms. Today, however, Macs are only somewhat more expensive. And they look cool. But even so, Apple doesn’t do anything to attract business users. The company doesn’t advertise business buying programs, warranties, or leasing offers. Apple might do them, but if you’re the average harried business buyer, the company makes you hunt for them. That’s a mistake.

From a purely technical standpoint, however, the hardware is OK, and if that sounds mediocre, it is. Apple machines look great, but from pure feature comparisons I would have rated my MacBook Pro as middle of the road. I’ve seen notebooks from Gateway, for instance, that had more USB ports, a card reader, spare batteries, fingerprint encryption and better battery life all in the same form factor and for less bucks.

Using Orchard hardware isn’t sublime joy, either. Personal experience has the screen on my MacBook warping slightly (which wasn’t a big deal) and the hard disk heaving a death rattle after four months (which was a big deal). Apple replaced the hard disk with no worries since it was still under warranty, but that’s a pretty short time frame for serious hardware failure. (What really annoyed me was Venezia’s Apple-loving weasel response: “But that’s Fujitsu’s fault, not Apple’s.” If Apple support had said that, I’d have gone to Cupertino and shot somebody.)

But similar to PC hardware users, for every story like mine there’s one of a supremely happy Apple user. So as long as you’re willing to pay slightly more for what amounts to a cool case and an Apple logo, Apple hardware will work, on average, just as well as anything else.

Grade: Pass

Business orientation

This is the one that’s going to raise the most furor. I didn’t do this category for the “Does Vista Suck?” column because that’s really all Vista is about: business. To them, the home market is an also-ran–an important one, but certainly in second place when it comes to primary development focus. But when you look at both the Software and Hardware sections above and combine that with Apple’s marketing, Apple seems to have the exact opposite orientation–consumer first, business second. A distant second. And for business buyers, that’s an issue important enough to warrant a grade.

Sure, on a bits And bytes level, the computer will work fine in most business settings, especially SMBs who aren’t pushing the tech envelope on the server app side (though I’m still waiting for a tablet or even a docking station). But Apple does absolutely nothing to attract these customers; it just isn’t the audience Apple’s chasing. Just look at the company’s advertising: Guys who wear suits are stuffy and stupid. Apple users have beard stubble and wear yesterday’s underwear, and fathers don’t want them dating their daughters. It’s a SOHO, I’m-cooler-than-you, coffee house image, and Apple seems to like it that way.

Yeah, I’m aware they have a server, but it seems that they’re as willing to talk about it as Michael Vick is to talk to the ASPCA. I’ve been covering SMBs for six years now and I’ve gotten an Apple Server press release a grand total of … never. Only two of my field clients have ever been aware that Apple even had a server and neither had any idea what it did. Which is weird because by all accounts, it’s an excellent platform; fast, manageable and smart about hardware resources. (Just read Tom Yager’s reviews of the thing.) But just like the Novell of a few years ago, Apple doesn’t mention the box to anyone who isn’t already a rabid Apple fan. And the company mentions its enterprise marketing to practically no one.

Is that a big fudging deal? For the academic and techie crowd, no. They know what they want, and they know Apple’s bringing it. For the SMB or enterprise CEO/CFO putting in a six- or seven-figure purchase order, you’d better believe it’s a big deal. For one thing, who wants to buy a product from someone who looks down on you? For another, they’re not getting the warm and fuzzy we’ll-support-you-no-matter-what vibes from Cupertino. It doesn’t matter how solid the OS might be; if business buyers don’t feel comfortable with the deal, they’re not going drop the bucks.

Grade: Fail

Overall, does OS X suck? Hell, no. In some ways it’s superior to Vista and that’s probably only going to increase when the elusive Leopard finally rears its furry head. Yeah, Apple failed a category where Vista didn’t, but that’s a fuzzy business/marketing category, not something tangibly technical. But for all its fuzziness, business marketing is still important to the buyers in that market and the intended readers of this column. And something has to explain why Apple simply isn’t doing as well in the business market as Windows — and this three to five years since it began its serious popularity push.

On purely technical level, OS X rocks. Apple did a fantastic job of taking a solid Unix kernel and putting a slick and pretty face on it. I wish they’d open it up to more third-party development so I’d have more apps and more buying choices, but that’s like wishing Microsoft would make an OS platform that really ran in Version 1 without a service pack. It’s just not their way.

From the aspect of this column, I can’t give Apple a single letter grade. I’ve got to give it one from a technical, Apple-only perspective, and another from a business-buying standpoint. From the purely technical, I’d give it a B+, which may rise to an A- the longer I keep using it.

From a business buyer’s perspective, however, I’ve got to give it a C-. It passes, but with limited third-party software support and a company that seems to care so little for me as a customer, I simply wouldn’t feel comfortable making those kinds of purchases.

I recently attended the awesome SANS DFIR, Mac and iOS Forensics and Incident Response course with Sarah Edwards. This has obviously given me lots of great inspiration on how to negotiate Mac analysis in general and to take a closer look at some of those system files that we covered in training.

Mac Os Catalina

I’ve spent a little bit of time digging through the log files on my MacBook (Mojave 10.14.2). I’m sure this isn’t new to most practised Unix beards but for those who aren’t aware, there’s a really great little log file called daily.out in /var/log. I had previously given little credence to this log but realised it can be used to determine a whole wealth of useful information. I also reviewed the weekly.out and monthly.out files but these were, in my case, far less granular.

At a high level daily.out contains information relating to disk usage and networking, this file is written at least daily and the configurations for all three of the periodic logs are stored in plist files in the following location:

/System/Library/LaunchDaemons/com.apple.periodic-*****.plist

After reviewing the content of this file, it made me consider how this might assist in some of my casework?

Disk Usage

Firstly, I borrowed some grep skills from a very knowledgeable and tall colleague on my team to see if we could parse out just some specific information from the daily.out file. We extracted the lines only containing the dates, followed by the lines which related specifically to disk usage.

From this, we were able to find entries dating back as early as 3 months, and that the log contains:

  • Logical volumes mounted at the time entries are written

Mac Os Mojave

  • Size of volumes
  • Space used on volumes

As you can imagine, disk volume information will be highly valuable in showing drives or images which were attached when the log was written and especially if you know the volume name used by a device you’re looking to prove access to.

We can also ascertain some other information from this log which is quite valuable.

Bootcamp!

You may have an instance where a suspect, subject or general bad person is saying they have never used their Bootcamp install, however, you can see from the Bootcamp disk usage that the volume is being written to and from regularly. Perhaps a big chunk of data has been deleted before a date of interest?

Uptime

Another interesting piece from the daily.out file is that it will show uptime of the system when the log entries are written. This could help prove whether or not the system was switched on and in use over a specific period.

This may also show some interesting information about account usage on the computer. As Mac computers generally tend to be used by individuals, this means there’s usually only ever one account logged on at any time. If you have an experienced user who is elevating to root every day, then seeing multiple accounts logged on may not be uncommon. Although, if an inexperienced user who has no knowledge of the root account, is logged on many times when another account is logged on, it may be suspicious or warrant further analysis.

Again, we extracted the lines from the daily.out file we are interested in using a simple grep command:

As you can see we can pull some interesting information about computer and account usage:

  • Shows uptime of the system at the point in which the daily.out entry is written
  • Also shows the number of users logged on, remember this is usually going to be one
Mac

There are also some very useful network interface statistics listed in this file which are probably more relevant to IR investigations but we may look at these another time.

Reference:

Daily Dunce Mac OS

Leave a Reply

Cancel reply