- Update on 64-bit MacBook Pro, octo-core Mac Pro, quad-core Xeon Xserve
- Intel endorses Apple
- Hands-on details on Mac Pro (long)
- Mac Pro testing notes
- Apple to Wintel: It's time to get your affairs in order.
- How to stress-test your MacBook Pro
- The last of MS06-040: Windows is out. Without OS X Server, what to use instead?
September 26, 2006 | Comments: (0)
Update on 64-bit MacBook Pro, octo-core Mac Pro, quad-core Xeon Xserve
I'm at Intel Developer Forum this week, and the first day of IDF always brings an avalanche of new product news. Intel's new processors have set up a thrilling Q4 product blitz for Apple.
Today's announcement of the availability of embedded-grade Intel Core 2 Duo CPUs makes new 64-bit MacBook Pros a slam dunk before the end of the year. They could make Apple's "Octoberfest" (my term) along with Xserve and Xserve RAID. The 32-bit Core Duo MacBook Pro struck me as an early adopter machine when it launched, and there are a lot of PowerBook owners who will wait for 64-bit before taking the x86 plunge. PowerBooks are very popular with developers, and they'll want to code to Leopard and the full 64-bit frameworks rather than code to 32-bit and have their apps run degraded on the 64-bit hardware that will make up the substantial majority of Apple's x86 installed base. I look at iMac as Apple's AC-powered developer desktop (among their other roles), and it's certainly positioned to crush modular PC desktops. For these reasons, I expect iMac to track Intel's roadmap more closely than other models. That raises the question: Will Apple put embedded Core 2 Duo in iMac before MacBook Pro?
I strongly doubt it. Apple's 64-bit refit of iMac is still fresh. The embedded Core 2 Duo would make iMac a winner in power consumption, but after they give iMac's perfect form factor its due, performance will be the competitive criteria on which mainstream press and on-line reviewers will focus to rank iMac among Apple's competitors. No one expects iMac to perform like Power Mac, which raises the next subject.
Intel also announced the delivery of a "content creator and power user" cut of its quad-core Core Microarchitecture CPUs. On September 22, Apple sent out some mid-life marketing on Mac Pro, positioning to it as "your scientific powerhouse." The timing could be coincidental, but coincidences don't come around often. I don't think Mac Pro will go 8-core with Intel's early adopter quad-core CPU. Intel's mainstream quad-core is still on track for Q1 '07, positioning an eight-core Mac Pro as a headliner at MacWorld.
It would make sense to me to hold back MacBook Pro for January as well, except for the fact that kicking MacBook Pro up to Core 2 Duo now would shake loose the pent-up demand and give Apple a nice calendar Q4 unit and revenue boost, which is the whole point of Octoberfest. Pairing eight core Mac Pro with Leopard for a Q1 ship--January availability would be a terrific bomb for Steve to drop at the keynote--would make a good anchor for the show.
What about octo-core Xserve? That will be the real test of Apple's faithfulness to the Intel roadmap. I should get a look at Xserve on Thursday, and there'll be hints in the design pointing to the platform's flexibility with regard to rapid uptake of new Intel technology. I think Apple might feel out the market for a while after x86 Xserve ships to see if really has to play "us, too" with the rest of the Intel OEM crowd on Intel roadmap lockstep. Intel has Apple all to itself, but all other Intel OEMs have set up design (those few OEMs that do their own design) and manufacturing to stick to Intel announcements like a noonday shadow. Did Apple do that, too?
We'll see foreshadowing of Apple's long-term strategy in January. In the meantime, we'll do very nicely with Core 2 Duo MacBook Pro, Woodcrest Xeon Xserve and SATA/SAS Xserve RAID.
Posted by Tom Yager on September 26, 2006 01:29 PM
September 21, 2006 | Comments: (0)
(edited for typos) Intel has put two Apple sessions at the top of its Featured Sessions list for the upcoming Intel Developer Forum. That isn't Apple doing Intel a favor by filling a couple of empty slots in the schedule. Intel is touching a toe to that third rail for component manufacturers: Endorsement. And while people at Intel and Apple are scrambling right now to get their denials in a row, I want to drain this issue of its intrigue while at the same time highlighting its importance and pointing out that at least a little endorsement is overdue. After all, among first tier OEMs in the U.S., Apple is the only one remaining that buys CPUs exclusively from Intel. That deserves more than a cupcake. Intel should greet Steve Jobs' visits to the Intel campus by scattering rose petals before him.
Steve Jobs has been lionizing Intel for over a year. He and Apple's PR and Marketing have been making public mockery of Apple's PowerPC systems as they're replaced by x86, even though some of those PowerPC boxes were fewer than six months old at the time of their replacement. Apple redesigned Macs' packaging and on-line collateral to play up Intel's logo and technology. Although the story has never been told, Jobs (certainly not single-handedly) brought Apple to the brink of meltdown to ship Intel Macs way ahead of schedule, seizing the opportunity presented by Core Duo, a CPU that Intel had relegated to the low-volume embedded market. Apple created a broad market among Intel notebook OEMs for Core Duo.
How did Intel say "thanks?" In a press release dated more than a month after the 2006 Macworld where delivery dates for the first Intel Macs--iMac and MacBook Pro--were set, the Intel press release announcing Core Duo (linked above) had nothing to say about Apple. Then three weeks after that, at the 2006 Spring IDF, Intel not only had absolutely nothing to say, once again, about Apple, it punted Core Duo in a speech by Intel's Justin Rattner that, to my recollection, celebrated two Apple competitors (Sony and IBM). Intel was absent for Apple's Worldwide Developer Conference, where Mac Pro and Xserve systems based on Intel's flagship X86s, Woodcrest Xeon, were rolled out. Intel should have been all over that. Apple has handed Intel a strategy for putting itself back on the map, hitting a younger audience, pushing upscale media-rich systems, and so much more.
Returning to the simple matter that brought all of this to mind, take a look at this session list for Intel Developer Forum. To me, it shows that Intel is, albeit quietly and cautiously, letting the world know that it has a thing for Apple. Note that Apple's sessions are placed #1 and #2 in a non-alphabetical, non-temporal list. Note as well that no other OEMs get a shot at a session podium, and that Apple alone scored a non-rotating plug on the IDF event's front page.
This despite Apple being neither a sponsor nor an exhibitor.
But wait a minute: Isn't Apple only at IDF to talk about software? Ummm...no. Oracle doesn't get invited to speak at IDF for having an x86 cut of its DBMS. OS X is not Intel's design win, Mac and Xserve are, and it's Mac hardware that got Apple the IDF invite. One of the session's summaries, that for Mac OS X Overview: Performance OS for a Performance Processor, reads like an ad slick. That's not what developers want from a conference, but the Mac platform generates a lot of curiosity and will this session will probably draw decent attendance despite its sales swing.
With this trial balloon with sessions at IDF, Intel is playing favorites, just a little, with its poster OEM. For me, that passes the sniff test and looks like good business. Intel is giving Apple some fraction of its due and is creditably being completely open about it. What's next? Whatever it takes to encourage Apple to keep forwarding Hector Ruiz's calls to voice mail.
I'll write from IDF to let you know how well-attended these sessions are, and to talk about the rest of the conference.
Posted by Tom Yager on September 21, 2006 12:52 PM
September 15, 2006 | Comments: (0)
Hands-on details on Mac Pro (long)
Here's some of the deep-dive copy from the Mac Pro review that I reserved for my on-line readers. I'm sure I made some formatting errors in copying it from [product W] to Ecto. I've deleted some text that points to the conclusion of the review. I'm not messing with you there. I can't share a review's conclusions prior to its publication, and I ask that you don't presume a conclusion from what you'll read here.
The best sub-$5,000 workstation ever made, Apple’s Power Mac G5 Quad, has been supplanted in Apple’s lineup by Mac Pro, a quad-core workstation based on Intel’s newest 64-bit Core Microarchitecture Xeon processor. Intel’s marketing promotes the new dual-core Xeon, nicknamed Woodcrest, as being faster and yet more power-efficient than the Netburst (Pentium 4) Xeon CPUs that preceded it. Woodcrest certainly is fast by Intel standards, thanks to its huge cache and cranked-up front-side bus. Intel and all of its OEMs are delighted about Woodcrest, but it nets Apple no advantage. It looks like Apple is setting Mac Pro up to be just another mid-tower Woodcrest box in a landscape choked with mid-tower Woodcrest boxes.
[...]
Mac Pro shares most of the external characteristics of Power Mac G5 models. I got my first tip-off that Mac Pro follows in the Power Mac tradition when I lifted it: It weighs a ton. Well, 60 pounds to be exact. Remember, the overall chassis design was cooked up (no pun) for 64-bit PowerPC, renowned for being fast as hell and twice as hot. Just before this chassis made the jump to Intel, it contained a pair of dual core, 64-bit IBM PowerPC CPUs, replete with massive heat sinks, routed airflows and a fluid cooling boost for those times when China Syndrome threatened. Workstation users are accustomed to trading heat and noise for performance, but to Apple's considerable credit, Apple’s engineers made Power Mac G5 Quad run markedly quieter than top-end Netburst Xeon, Opteron and RISC workstations. Design victories scored in Mac Pro make Power Mac G5 Quad no less stunning a machine.
So it’s almost sad to remove Mac Pro’s side panel, which still requires only the lifting of a lever on the back, and see all that heat and noise control ingenuity gone. The Mac Pro’s case, which is more holes than surface at the front and back, seems to have started life as empty box full of moving air. Apple wasn’t going to ditch the indestructible, interference-immune and familiar Power Mac case, so it set its engineers loose on useful ways to fill it.
[...]
Tricking it out
Apple’s Woodcrest motherboard is not a wee twist on Intel’s reference design, as is the prevailing standard among Intel’s OEMs. You needn’t take up my appreciation of circuitry as art to learn this yourself: Apple knows that workstation users are defined, first and foremost, by their insatiable desire for places to plug things in. Mac Pro’s back panel features an insane variety of connectivity ports: Three USB 2.0, two FireWire (one 800 Mbps and one 400), optical digital audio in and out, line-level analog audio in and out, and dual gigabit Ethernet. And just to cover the risk that users would run out of sockets for things, Mac Pro’s front panel has two FireWire (again, one 800 Mbps), two USB and one headphone/line level analog audio output ports.
Inside, Apple took advantage of the cavernous chassis to keep riffing on the “you want it, we got it” theme. The system has four full-length PCI Express slots, one of which is double wide to accommodate large graphics cards without wasting a usable slot. One of the primary criticisms I expressed related to Power Mac G5 was the poor design of the card cage, specifically, that the tiny, non-standard screws holding the cards in place stripped too easily—an unrecoverable condition, I learned—and were too weak to hold cards with heavy cables that would be frequently plugged and unplugged. Now Apple holds Mac Pro’s cards in place with a single metal panel secured by two thumbscrews. Little things mean a lot to people like me who demand unbreakable hardware.
Mac Pro adds room for a second parallel ATA optical drive, including a second garage door that opens and closes when discs are inserted and removed. Mac Pro uses full-sized, tray loading drives, so you can add your own as long as you can pop the drive’s face plates off. Of course, you can also snap the tray when you don't know it's out (the tray is black and easy to overlook), a fact that makes slot-loading drives look rather smart. On the other, other hand, slot-loading drives can only accept 5.25-inch discs.
Will you be having the 250 gigabytes, or the three terabyte special?
Hearing the cry of workstation users that they never have enough storage, Apple made room for four Serial ATA drives inside Mac Pro’s chassis. That’s not unheard of; a full-sized tower Opteron workstation in my shop has five drive bays. But Apple put six bays in a mid-tower box by lining up a row of four easily removable, zero cabling drive trays just above the expansion card area. The trays are precisely the size of 3.5-inch hard drives and—get this—Apple does not require that you purchase Apple-branded drives. All Mac Pros come with four trays, and you can fill the empty ones with off-the-shelf SATA drives at will. SATA drive densities are rising at a dizzying pace, and with the present ceiling at 750 GB, you can stuff a Mac Pro with a remarkable 3 terabytes of storage. You know you’re a true workstation user if you greet that figure with, “is that all?” Yes, you’ll have to make do with 3 TB for now. (at this writing, Apple maximum drive size is 500 GB)
Mac Pro uses 667 MHz fully-buffered DIMM (FBDIMM) memory, as is standard with Woodcrest systems. Using a very fast serial bus, FBDIMM has a lot of potential, but its advantages over more widely-used DDR2 are sometimes exaggerated. However, FBDIMM serves Woodcrest's shared-bus design well, because there wasn't much more parallel bandwidth Intel could pull out of its design. As is generally true, FBDIMM trades performance for heat and power draw, but in a two-socket design like Mac Pro the difference is insubstantial.
Apple adds an implementation twist to its memory that might slip by most observers, but which represents a radical change for the better in workstation and power desktop system design. Instead of fixing FBDIMM sockets to the motherboard, as is the norm, Apple placed the memory sockets and supporting circuitry on removable riser cards, minicomputer-style. Like the hard drive trays, the memory risers are held in place with friction and extremely easy to install and remove. There’s no more laying your computer on the floor to mash skinny DIMMs into stiff sockets on a fragile motherboard.
The only disadvantage to easily removable disks, memory and expansion cards is that even though they are not hot-pluggable, meaning they cannot be removed from a powered-up system without the likelihood of damage, they will pull out while the machine is running. The drives have an interlock with the side panel lift lever; you have to raise it to a higher position to pull any of the drives, reducing the likelihood of accidental removal, but you can raise the lever that while the machine is on. There is one of those situations where Apple should relax its policy against LEDs. There's no tip-off from inside the Mac that it’s powered up. There isn’t a single LED on the motherboard, the fans are not readily visible and the machine runs virtually silent. Further, in sleep, the machine seems to be powered down, but pulling memory while it's in this state is just as dangerous as if Mac Pro were in active use. Just get in the habit of pulling the power cord before you open the case.
If you're feeling frisky, get in there with a scope and a soldering iron and poke around for a place from which to tap 5V or 3.3V. It'll be good practice for you if you're the type who plans to follow instructions on the 'net for overclocking this puppy. Apple scowled at me when I asked if Mac Pro's CPUs are field-upgradable. The official word: "I don't think it's possible, but if it is, we won't support that." Given that the CPUs and heat sinks are on risers, too, field performance upgrades and botched attempts at same will be real issues after Mac Pro gets traction in the gaming market, in which area I believe Mac Pro is a strong contender. Apple gets a much bigger installed base, but also a subculture of people who figure out ways to avoid buying Apple's next model. You have to take the bitter with the better, and for my money, it's better to stay wide open. At least sites with the hardware hacks will sell Mac Pros to people who want to try the hacks out themselves.
Apple’s memory and CPU risers make Mac Pro’s cooling much, much simpler and quieter. The memory risers are several inches apart for maximum airflow, and they share the straight line push-pull fan pair that cools the Xeon CPUs. The CPU modules, which are concealed under a plastic panel, are also mounted perpendicular to the motherboard and topped with generous aluminum heat sinks. The heat sinks do not have small, buzzy top-mounted fans.
Air flow is generated by three massive fans, two up front and one in the back. The front and back panels are, top to bottom, a honeycomb in which roughly half of the space is open to air flow. The full-height grilles wrap around a little at the the top allow iMac-style convection cooling when the system is not under load. As a point of interest, the front, top and back of Mac Pro are fashioned from a single piece of aluminum. It doesn't just look slick. It cuts vibration and airflow leakage.
Feeding Mac Pro
Power consumption is on everyone’s minds. Apple’s 32-bit iMac set records in my tests by operating at about 85 watts, including the display. Mac Pro's power efficiency is entirely in line with other Woodcrest systems I've seen. Apple adds relatively little magic here, and I don't know how much opportunity Apple had that it didn't use. Intel's power sparing can be automatic and OS-directed, so I'm hopeful that Apple will use firmware and OS updates to push the idle power utilization down from the 220 watts I measured in my tests. That figure does not include the display.
[...]
In sleep, power draw falls to about 7 watts with Ethernet ports actively listening for administrative commands. It took the Mac Pro eval box with 4 GB of RAM only four seconds to wake from sleep, so sleep mode ought to be used liberally. Unfortunately, the idle timer used to trigger sleep is reset only by the keyboard or mouse, so background renders, compiles and the other non-interactive operations common to workstation use might cease when the user walks away. However, sleep mode can be triggered from a script, and Mac Pro will sleep and wake on a user-settable schedule. Instead of disabling sleep out of frustration, find a way to make it work for you. It matters.
Floating some points and flinging some pixels
Performance ranks rather high among things that workstation users desire in excess. Given the same CPU and core logic, Woodcrest systems from PC vendors A, B and C, running at the same clock speed, will turn in identical computing performance. The hilly playing field that Apple set up with PowerPC is now flat; on everyday benchmarks, anything can run as fast as a Mac workstation. [...]
Mac Pro can hold two or three more hard drives than users expect to find in a workstation or power desktop, and I’ve found that one of the best uses for that gravy is a RAID 0 (simple interleave) stripe. OS X Tiger, which ships with Mac Pro, makes child’s play of creating easily restorable drive images on external storage. So I created a three-drive RAID 0 set on Mac Pro and set the machine to back itself up to a parity-protected Xserve RAID volume during the wee hours. When OS X Leopard ships, that protection will be continuous and genuinely automatic. People understandably get nervous about striping without parity, but if you’re a workstation user whose disks are constantly active, the performance boost of RAID 0 for work in progress files shouldn't be disregarded as long as you balance the risk.
Apple takes a more liberal approach to thermal thresholds than its competitors do. By that, I mean that Apple does not throttle the CPUs down when they get a little warm, hot or downright incandescent. Like all Macs, when Mac Pro is running full-out with a maximum compute load, it will hold top CPU clock speed and voltage past what other vendors consider to be the thermal danger zone. Apple does this without cranking the fans up to intolerable noise levels. I made Mac Pro go loud by letting the room heat up to over 90 degrees. But in ambient temperature that’s more favorable to human existence, Mac Pro keeps itself quiet.
I ran, and am still running, a number of performance and endurance tests, but the simplest one that hits both the CPU cores and the graphics processing unit (GPU) is SPECviewperf. The savvy will point out that SPECviewperf is strictly a test of the speed at which pre-computed 3-D scenes can be displayed. However, SPECviewperf 8.1 turns in usefully varying CPU usage patterns that tend to favor the 60 to 90 percent utilization window. SPECviewperf is a single process, single threaded benchmark, so the thing to do is run multiple simultaneous instances, one per core. All I cared about was noise and power consumption, and with four SPECviewperf 8.1 processes running side-by-side, Mac Pro ate around 300 watts. The fan never got loud, and the frequency and timbre of its noise is actually pleasant and easy to block with a unidrectional ("noise reducing") microphone.
Posted by Tom Yager on September 15, 2006 05:28 PM
September 12, 2006 | Comments: (0)
The print layout of the Mac Pro review left me with only about 400 words. I'll use this space to put meat on those bones.
Power: With four 500 GB drives, 4 GB of RAM and an NVIDIA Quadro FX 4500 w/512 MB of GDDR3 RAM, the Mac Pro review unit in my lab idles at just below 200 watts. Maxing out all four cores to 100 percent utilization raised the load to 277-290 watts. I heated up the GPU with eight simultaneous SPECviewperf 8.1 runs and pushed the box close to 300 watts. As many testers note, SPECviewperf is not a measure of CPU or total system performance, but with multiple instances piled high, it does a fine job of keeping four cores pumping with a realistically heavy workload pattern.
In sleep, Mac Pro draws a paltry 7 watts, and the machine wakes fully from sleep in about four seconds. The moral here is to make liberal use of sleep mode.
I had hoped to see a lower quiescent load; Intel's marketing certainly set some exciting expectations, but its claims are always expressed in terms relative to a fuse-blowing quad core Netburst Xeon workstation. I can't speak to the operating power draw of this class of machine--it's gone and good riddance--but the quad Netburst and the original Itanium workstations have been the only systems to trip my shop's breakers. With that as a comparative baseline, yes, Mac Pro is a model of efficiency. But it does not thrill next to Opteron with PowerNow! and Cool and Quiet enabled.
Noise: What noise? Mac Pro's three huge fans spin at low RPMs at maximum load in inhabitable ambient temperature (< 80 degrees Fahrenheit), the heavy gage aluminum chassis is sealed to leakage and vibration, and there are no constrained portals through which air is drawn or exhausted. The sound of Mac Pro's fans is low in frequency and really quite pleasant. In my tests, unidrectional (cardioid) microphones blocked it completely. There was no need to resort to filters in Logic Pro to pull Mac Pro's noise out of vocals and voice-overs.
The entire front and back panels (except where peripheral ports and optical drive covers sit) of Mac Pro are stamped with a honeycomb pattern of holes that creates about 50 percent air permeability. The honeycomb wraps a bit around the top and bottom of the chassis so there is vertical airflow as well. The fan noise is scattered by the chassis rather than focused, so I find that what noise there is doesn't reflect off the walls of a tight working space.
Cooling: Apple figured out how to keep two dual-core PowerPC G5 CPUs ("fast as hell, twice as hot") cool in Power Mac G5 Quad. Mac Pro was a walk in the park after that. Mac Pro has no remnants of PowerPC water cooling and heat piping, but Intel Woodcrest reference motherboards aren't inherently designed for quiet systems. Woodcrest is built to be cooled the good old fashioned way, with buzzy fans strapped to CPU heat sinks, lots of commodity motherboard-controlled fans and one dedicated fan in the power supply. Apple doesn't use ducted cooling as it did with the PowerPC systems in this chassis, but Mac Pro does have two zones through which air is pushed. The upper zone takes care of the expansion card cage, hard and optical drives, power supply and miscellaneous motherboard circuitry.
The lower zone earns my admiration, bordering on awe. Heatsink-mounted fans always struck me as a horrible design. Yes, they sit right on top of the thing that wants cooling, but the airflow is haphazard. In most of the designs with which I'm familiar, the airflow is poorest at the center where the CPU needs it most. Apple's approach is atypical. Mac Pro's heat sinks rise high above the motherboard; I believe they're on risers, but again, without permission from Steve, I won't break open this loaner to find out. Memory sits several inches from the CPUs, and memory (and support components) sits on a pair of removable riser cards that, like the PCI Express expansion cards, stand perpendicular to the motherboard. One strong fan pushes air straight through this alley while the single fan at the rear sucks it out. And of course, you've got the whole chassis acting as a heat sink.
Cooling is a big deal in Macs because Apple will not throttle its CPUs down until they reach critical temperature levels. I have tried many times to push Mac notebooks and desktops into thermal shutdown, but I've never been able to do it. A MacBook Pro in "better performance" mode will (do not try this at home!) ran for several hours wrapped in a comforter. It was practically glowing hot when I unwrapped it, but the benchmarks I had left running showed that the CPU never throttled down. I got confirmation from Apple that this is consistent in Apple designs. To put a twist on Phoenix weather reports, "Macs get hot, but it's a quiet heat." I haven't yet taken Mac Pro down to my 108 degree garage to run sixteen simultaneous SPECcpu processes. That sounds like a weekend thing.
Oddities: I found a number of empty pads for small to moderate pin count surface-mount ICs on the motherboard real estate visible in the expansion card area. I'd rather imagine that these are reserved for some nifty future features than believe that they're just leftovers from scotched portions of earlier designs.
Posted by Tom Yager on September 12, 2006 03:14 PM
September 07, 2006 | Comments: (0)
Apple to Wintel: It's time to get your affairs in order.
A helpful tip: In most communities, it is a violation of law to put your PC out to the curb. It contains lead, Windows XP, mercury and other toxic substances. After you read this blog entry, find the location of the electronics recycling facility nearest to you.
Another helpful tip: Coming turmoil among tech manufacturer and retailer stocks will not signal broader economic trouble. PC manufacturers and resellers will be going through a period of strategic adjustment as their inventories of mainstream professional-grade Windows/Intel desktop setups--box, LCD panel, OS, keyboard, mouse--along with aftermarket accessories for these systems, rise to excessive levels.
A while back, I wrote an InfoWorld column with the title, "Die, die, accursed PC!" It was a glowing tribute to the most enduring example of engineering inertia the world has witnessed. I shall have my wish.
The Wintel PC has been enormously successful, both in generating revenue and in keeping the world's technological expectations tethered to the 20th century. I thought our kids would be laughing at us about how our computers used to have all of these cables and dust-sucking fans, how they got so huge that we had to stand them on their sides and stuff them under our desks, how people had to write their own software to make playing a movie or a song easier than balancing their checkbooks, and how these boxes buckled and reverberated when you tapped on their tin can cases. "Won't you tell us, O ancient one, about how Windows used to force you to prove you had permission to use it, even though you just received it pre-installed on a shrink-wrapped computer? Is it true that people moved furniture and crawled around on the floor for a day or two after they got their new computers? And did you really spend weeks accumulating the basic software you needed and setting up a livable working environment?"
Hah! We're spared from having to pass the embarrassing story of willingly wasting away in the technological trailer park along to the whippersnappers. You can say you were there back in ought-six when 64-bit Macs knocked the bottom out of the Wintel PC client market. A lot of people were scared, kid, but Dell gave us that $100 PC we wanted and Microsoft open-sourced big hunks of Windows.
PC vendors will not be able to move any ready-to-run Wintel desktop costing more than $1,000. In other words, Dell, Lenovo, HP and whomever else (I don't track the consumer PC market) that isn't catering directly to the high-end gaming and workstation markets is going to have a horrendously lousy Christmas, and dust silhouettes in the shape of boxy PCs will pop up like desktop crop circles.
It often happens that what I write about with sarcasm and playful hyperbole comes to pass. I'll have more to say about iMac and the walk from Core Duo to Core 2 Duo; I'm past deadline on the Mac cover package (which now needs some updating). But Mac Pro and 64-bit iMacs, and soon, 64-bit MacBook Pro and Xserve, will create mayhem in the PC market because Microsoft and Intel PC makers never staffed or strategized for user-focused innovation. Microsoft will follow along as best it can now that it realizes that Apple reflects and drives computer users' desires. It understands that Apple is a far bigger threat than Linux, which it is prepared to battle.
Mark my words: All savvy users want bulletproof, manufacturer-supported commercial hardware in their server rooms, at work, at home and in their carry-on bags. By year's end, Apple will have mind share leadership in all markets but servers. Its market share climb in '07 will dumbfound almost everyone but you and me.
Posted by Tom Yager on September 7, 2006 02:04 PM
September 04, 2006 | Comments: (0)
How to stress-test your MacBook Pro
Have you been wondering just how hot your MacBook Pro can get? Well, friend, you don't need any fancy synthetic benchmarks. The software you need may be downloaded directly to you.
Here, we see which part of the Office 2004 Update has the MacBook Pro all hot and bothered:
With Energy Saver set to Normal, within a few minutes of this friendly farewell's appearance (which does not bounce in the Dock so you'll know the update's done), the horizontal strip between the function keys and the display hinge will become too hot to touch. The machine's overall temperature will continue to rise until you click Quit in this dialog.
This has been consistent with Office updates since I started using Rosetta. I had days when I was getting less than an hour from my batteries with no clue to the reason. Talk about the last place you'd think to look.
Why, you may ask, does this procedure spare some cycles on one of MacBook Pro's CPU cores? Blame it on Rosetta. Perhaps when the Intel Mac-native release of Office comes out, Microsoft's updater will be optimized to spread the workload of "while (true)" across multiple logical CPUs.
I know that Microsoft didn't write the installer. Many Windows installers advise that you "close all running applications," so I almost understand the assumption that exempted this test from QA. But I feel I speak for most Mac users when I say that we're just not likely to hang up our work to stare gape-mouthed at an installer's progress bar. Mind you, this doesn't make Mac users better or smarter than anyone. I'm just putting it out there as a potential design consideration.
Posted by Tom Yager on September 4, 2006 07:20 PM
September 01, 2006 | Comments: (0)
The last of MS06-040: Windows is out. Without OS X Server, what to use instead?
I hope to post the innumerable comments to my series on MS06-040, but I have to clear comments individually via a tedious HTML interface. The task keeps falling to 3rd priority (meaning my job's not riding on it) as content joins my calendar. Don't think I'm trying to spin this my way by stifling dissenting opinions.
Things are now quiet on the MS06-040 front, and I truly don't enjoy saying that it's no thanks to Microsoft. If I had stayed in the character I set out to portray--the non-IT person responsible for running a very small number of Windows servers--I would have been forced to erase and reinstall, as was the advice from Microsoft and security sites. When I failed to heed that advice, sure enough, I got hit with follow-up infections as if to prove the point that an average administrator couldn't finesse his or her way out of this exploit and the ones that tailgated behind it. Windows simply offers too many vectors through which infection can enter, and too many places for malware executables and configuration holes to hide once they get in. I was left with no choice but to hang up the Average Joe hat and let my inner Windows admin loose. It derailed the original drama, but I'll be damned if I'm going to wipe out all of my apps and reconfigure my box from scratch because of some waste of oily skin.
Having to hang up the hat of the typical small business user was a major disappointment. There are more Average Joes out there running one, two or a small number of Windows servers than most people realize. Small Business Server and lower-end Windows Server SKUs like Web and Standard Edition do very well because they target organizations whose computing needs are not likely to grow beyond five to ten machines. For all of Microsoft's enterprise-focused advertising and enterprise-targeted editorial in InfoWorld and elsewhere, I'll always consider Windows most at home in small groups of servers. In that setting, many admins of average skill but lacking the unreasonable amount of time I devoted to tracking and curing the exploit would have wiped their machines clean and, potentially, years of manual patching, tuning and work-arounds along with it. It really is demoralizing.
Commenters asked, "why didn't you have backups?" I did. I do full backups weekly and incremental backups nightly. Not knowing where the infection lived, I'd have had to do a full restore from a week-old backup, and the process would not overwrite Windows system files, including the Registry. Yes, the attack clobbered the backup copy of my Registry.
The system image that I originally restored to build this stopgap Windows server--you may recall that it only has to last until October when the new Xserve comes out--was a Primary Domain Controller. That was back when I had a Windows LAN, and leaving the machine as a PDC was expedient. The infection destroyed Active Directory to the point where I can't execute use the GUI management console to change users' passwords or set security policies. When I tried to use Microsoft Management Console to alter user passwords on a local level, I was told that this operation was not permitted on a PDC. I'm sure there's a good reason for this, but even PDCs have local accounts. I was able to change account passwords with a little LAN Manager command line hoodoo, specifically:
net user username *
The syntax of this command makes its function self-explanatory, no? I find that easy to forgive. If I hadn't known about this command, I wouldn't have been able to perform the essential task of changing likely-cracked passwords. Windows admins, if you don't know the net command, go learn it.
In a bizarre twist, some snot destroyed the DLLs required to use the Windows 2000 Server Resource Kit. The kit's tools help experienced admins dig around in Windows' internals. But the crackers disabled it, and I discovered the same day that Windows 2000 and the Resource Kit are no longer downloadable from Microsoft Developer Network (MSDN). Win2K has had its five-year sunset warning; it won't get any more service packs. But it is still supported and hotfixed, and developers still need to validate code against this very widely-deployed Windows server OS. Win2K's main appeal to me is that it is the last Windows OS that doesn't require on-line activation.
I fired up the freeware ClamWin, the Windows port of the godsend ClamAV open source anti-virus solution. Apple distributes it with OS X. I'm told that ClamAV had a signature for MS06-040 before commercial AV vendors did. I can't speak to that, but ClamWin found the original malware and the follow-on infections I had located and quarantined by hand. ClamWin found one remnant of the SDBot trojan that I had missed that could have been used to resurrect the full exploit. For paranoia's sake, I set ClamWin to run hourly in case another weasel stuck his rosy-palmed hand into my server through another hole in the fence.
ClamWin doesn't do repairs to the Registry or identify potential security risks. That should be Microsoft's job, but the freeware Spybot Search and Destroy is a little-known gem in this regard. It is most often used to clear away the Web tracking cookies and "helper" apps that marketers and ne'er-do-wells sneak onto a desktop system to watch your every move on the Web. However, switched into advanced mode, Spybot S and D incorporates most of the functionality of the discrete Sysinternals and Resource Kit tools, and then some. It scanned my running services to look for red flags. If I had run that right after the infection, it would have spotted MS06-040 without the need for a specific signature. It also found a lingering Registry entry that left my administrative file shares open to public access. I cleaned up my machine for the price of $10 contributions to two freeware projects. I refuse to put any money in commercial security vendors' pockets since they are part of the chain of publicity and paranoia that gives malware attackers a reason to live. As always with security, I've read nothing that indicates costly commercial tools produced better results than freeware and open source alternatives.
I'll take a brief tangent to address commenters who said that I wouldn't have been vulnerable if I had been running Windows 2003 or XP. These come with firewalls. Windows 2000 has a packet filter, a firewall with a really ugly interface. But neither of these would not have blocked this exploit. I keep my servers' services open to the Internet so that I'm not limited in the research I can do while I'm on the road. I rely on OS and services' security, not the blocking of TCP and UDP ports, to protect my machine. I ran Xserves with all services exposed for about two years with no trouble. The security configurations were OS X Server defaults, except that I didn't allow cleartext passwords. I had that Windows 2000 image locked down tight--nothing got in or out without authentication and encryption.
To pick up the story, I went to Sysinternals and Spybot Search and Destroy after taking one last swing at Microsoft's security tools. Microsoft has one detection and repair utility, dubbed "malware removal tool," but its last update was August 8. The strain of MS06-040 attacks that hit me started spreading on 8/13. I was extremely hopeful that Microsoft Baseline Security Analyzer would tear into my system and set it right. It spat out a number of vague warnings, with question-mark links to a Microsoft Web site that repeated the text of the warning but offered no useful guidance about the severity of the problem or a potential fix. Tip to Microsoft: A tool for analyzing system and network security should not require an active link to the Internet.
Now I'm just barely back in business, bloodied and really pissed off, but unbowed. I can hardly put this in my "win" column. The only service I've left open to the Internet is e-mail, and that's unacceptable. A machine listening on ports 25 and 110 is not a server. I need a lot more than that on the road. Yet Windows continues to bind TCP listeners to weird WAN ports even though I have explicitly disabled all Windows services on that network adapter. What owns these ports? Services.exe. What do they do? Ask Microsoft. I've had it.
I tried, people, I really did, but I won't make it on Windows until October. I have a ton of travel coming up soon. I need my network services back on the air in a shop with no Mac servers, a choice I made because I am flushing out all PowerPC equipment. I'm waffling over what to do in the interim. I'm too disgusted right now to even think about setting up a fresh Windows install, even though that would serve my original "what's it like to switch from Mac to Windows?" research. My answer to that question is neither fit for print nor scientifically derived. I know that it was mostly bad timing; if I had set up this machine two weeks later, or Windows Update had gotten to me just a little bit sooner, this series of blog posts would never have appeared.
I want OS X Server back, but I need to approach Apple's server technology in October from the standpoint of a new user. I am certain that resetting my perspective is the right thing to do, absolutely necessary, but damn it, I'd sure like to get back to work. Sometimes experiencing your pain, or making you glad you're not in my shoes, is job one. I set it up that way. This whole reality show craze? My idea.
Do you want to know the worst part about where things stand now? I've got a Mac Pro sitting not a foot from me. It's calling out, "I can be a server! I'd be really good at it! Send me in, coach!" Held up against Xserve's specs, Mac Pro is clearly and strictly a client box. I have to wait until October. Providence grant me the patience to accept the things I can change, but shouldn't.
Posted by Tom Yager on September 1, 2006 10:36 AM
TOP STORIES
WiMax OK for commercial useAgile mgmnt for small teams
Why developers avoid Vista
CBS to buy CNET Networks
Icahn's letter to Roy Bostock
Yahoo opens up Search Monkey
AT&T limits iPhone purchases
Silverlight gets put on Linux
Intel to develop PC with Alibaba
Cybercriminals can rent a botnet
ADDITIONAL RESOURCES
- Virtualization: A Step by Step Approach to Success
- Dialing up Agility with Business Transformation
- 5 Things You Need to Know About Storage Virtualization
- Need to Secure Your Virtualized Environments?
- When you need backup will it be there?
- Is your storage capacity holding you back?
