Agregátor RSS

Don't negotiate unless you must, and if so, drag it out as long as you can

Feature  So, the worst has happened. Computer screens all over your org are flashing up a warning that you've been infected by ransomware, or you've got a message that someone's been stealing information from your server.…

Atlassian this week said it is starting to focus more on pushing out bundles of its collaboration tools, including Confluence, JIRA, and Loom, in an apparent move away from selling those apps as standalone products.

The company’s bundling strategy will revolve around the recently announced Teamwork Collection, which was unveiled in April at its Team ’25 conference.

“When we look at Teamwork Collection, that is our strategy moving forward,” Brian Duffy, the newly appointed chief revenue officer at Atlassian, said during an interview  at the William Blair 45th Annual Growth Stock Conference. “We will lead with Teamwork Collection and collections in general — that will be our de facto approach for our high-touch customers or our enterprise customers.”

The Teamwork Collection includes JIRA, which helps teams plan and track work; the Confluence platform for information exchange; and Loom for video communications.

In April, Atlassian bundled the products into Teamwork Collection as AI breaks down barriers to enable better collaboration across the platform. The company offers customers its Rovo generative AI tool for free.

“That means if customers currently have JIRA, they’re also moving forward going to have Confluence, and then there will be the opportunity for them to have Loom,” Duffy said.

Atlassian is making a larger push across the board in how it ships products. The company is also introducing other software collections that target different business and management processes. For example, the “Strategy” collection helps leadership teams analyze and execute strategies and manage talent and assignments.

The company has a strong footprint among IT buyers, especially in the software development productivity space, with 330,000 customers; it’s used by some 85% of Fortune 500 companies.

Atlassian sees bundling as a way to broaden its reach among existing customers. The current IT customer base can provide a springboard to reach new buyers that might include business leaders,such as human resources officers, chief strategy officers, and CFOs directly, Duffy said.

“It’s not going to be particularly easy. It will require hiring some new sellers to be able to have those conversations,” Duffy said.

Microsoft has made a series of changes to how Microsoft 365 (M365) support updates are done, and is encouraging enterprises to move to more frequent, or even monthly, software updates.

The company currently offers options for frequent, monthly, and semi-annual feature updates. With new and updated AI and Copilot tools being added to M365 at a brisk pace, more frequent updates could provide a more predictable rollout cycle.

For one, the company is scrapping a whole channel in which customers can preview features before mainstream enterprise deployment. Microsoft is discouraging customers who upgrade M365 twice a year from testing features before mainstream rollout.

Instead, the company is extending the ability to roll back features from one to two months in its monthly support plan. Essentially, it is telling companies to just roll out features into mainstream environments and giving them more time to rollback if updates don’t work.

“To remain secure and supported, organizations should immediately migrate devices to either Current Channel or Monthly Enterprise Channel to continue receiving early access to new features,” Microsoft said on its support page.

Specifically, the company is scrapping the preview version of the “Semi-Annual Enterprise Channel,” which includes twice-a-year feature updates for devices running automated workloads without the need for human operators. 

The “preview” channel is typically for customers who want to test features before proper deployment in critical environments where IT downtime isn’t an option, such as in financial or retail environments.

Beginning in July, M365 enterprise customers updating features once a month — or on the “Monthly Enterprise Channel” — will be able to roll back features within two months, giving them twice as long as the earlier timeline allowed.

Microsoft is making no changes to its mainstream “Current” channel, which provides updates as soon as new features are released. The company is also making no changes to a separate preview version of the Current channel in which customers can test features.

Regardless of channel, Microsoft provides bug fixes and security updates on a monthly basis to all customers. Microsoft also said it is also cutting the support timeline for the monthly software bug and security fixes in its “Semi-Annual Enterprise Channel” to from 14 months to eight.

That shifts the channel’s focus on unattended devices without human operators. These machines typically run automated operations such as number crunching or content delivery that do not require human intervention.

It used to be simple: users had a local account on the PC that they used or they had a network account in Active Directory that could be used to login to their assigned computer or others  in the network. 

Adding Macs to the equation took a certain amount of work, especially if you wanted to manage those Macs. But Apple’s adoption of Active Directory support in Mac OS X Panther in 2003 made the process both doable and reasonably straightforward. 

Things are different today — the migration of virtually everything to the cloud has opened up new opportunities from authentication to single sign-on access to cloud applications to user and device management. Not surprisingly, one of the biggest challenges is integrating all these cloud services in a coherent way. 

That challenge isn’t specific to Apple devices by any means. Users and the services that support them (including MDM) do rely on multiple services that need to be integrated as part of an enterprise IT infrastructure.

Exactly what that means and how best to go about that integration can be confusing, especially when it comes to the Mac.

Directory service binding

Macs have long been able to be joined (bound) to Active Directory. There was a time when Apple maintained its own directory service (Open Directory) that was LDAP- and Kerberos-based like Active Directory. Apple’s directory service support allowed a Mac to be joined to a Mac server hosting Open Directory and/or an Active Directory domain. 

Apple deprecated its own directory service and then canceled it altogether when it discontinued macOS Server. But the underlying directory service support still exists in macOS, meaning you can still join a Mac to Active Directory (or another LDAP system). The process will work for authentication but no longer supports Mac management as it once did – that functionality has long been transferred to MDM. It is also considered a legacy technology so modern-day organizations should rely on more modern options. 

The differences between macOS and iOS (and iPadOS, tvOS and visionOS)

It’s important to understand why macOS is a different beast than other Apple platforms. Modern macOS has always been designed as a multiuser system that continues to support local accounts.

iOS (and its descendants) is not designed as a multiuser system; mobile devices are designed to be used by individuals – one person per device (the exception being shared iPad). iOS is designed to rely on a user’s Apple Account for the principle identity rather than local or network user accounts. It is also designed to rely solely on MDM for device management. (While there is support for accessing multiuser systems such as email and calendaring, even those configurations are designed to support a single user.)

So, while there are more options for working with Macs in an enterprise environment, the methodology that creates those options also creates headaches that are sidestepped on other Apple devices. 

Federating and Apple Business Manager

Apple Business Manager is designed to be the primary management tool for Apple device and identity management. It maintains Apple device inventory, manages device assignments (and/or ownership) for users, handles app licensing (for any App Store titles), controls managed Apple Accounts, connects to MDM and federates with identity providers for authentication and authorization tokens. It also syncs user account data with those identity providers to handle managed Apple Accounts.

At this point, Apple Business Manager can federate with the major identity providers, including Microsoft Entra, Google Workspace, Okta, and Ping.

Managed Apple Accounts

Apple Accounts handle a user’s identity across the Apple ecosystem, managing everything from device ownership to music and service subscriptions, health and fitness data, FaceTime, iCloud and family sharing. They’re the glue that makes Apple’s seamless experiences work across devices and enable Continuity features such as  universal control, handoff, continuity camera and sidecar. 

To square an Apple Account as the sole identity for most Apple devices with the need for enterprise identities, Apple created managed Apple Accounts in 2016 — and it’s worked to refine the tool in the years since. 

Managed Apple Accounts do almost all the things that regular, personal Apple Accounts do, but they’re created and paired with a user’s enterprise identity through Apple Business Manager. On an iOS device, they show up as a second Apple Account and can be used for account-based device enrollment in both BYOD and company-owned device scenarios. 

Federating Apple Business Manager with an identity provider enables managed Apple Accounts to be created based on a user’s enterprise identity/account (they’re typically named after their business email address). When properly connected, Apple Business Manager can create a managed Apple Account on a user’s first login or setup of an Apple device. Managed Apple Accounts can also be set up by hand – federation is optimal, but it isn’t strictly required.

One point of confusion is that while managed Apple Accounts aren’t exactly new, many of their functions – the ability to be created through federation and to support most Apple and iCloud services – are. As a result, many organizations that have long supported Apple devices are likely to have instances where devices were configured (and apps provided) using personal Apple accounts. 

This can mean two different things. Either a user set up their device using the same personal Apple Account they used in their non-work lives, or an organization created (or had the employee create) a personal Apple Account specific to work-related or company-owned Apple devices. 

Apple allows a personal Apple Account to be converted into a managed one —appropriate because the company account was always intended for work purposes. (This shouldn’t be considered an option when you’re talking about a truly personal Apple Account; in that case, creating a new managed account is a better move.)

It’s easy to see how managed Apple Accounts work with iOS devices since the only identities on the device are a user’s personal Apple Account (in a BYOD context) or a managed Apple Account for work. 

Shared iPad is a bit more involved. When an iPad is configured to be shared, individual users can sign in to use it if they have a managed Apple Account. iPadOS will partition the available storage so that each user’s preferences and data are separate. Functionally, however, the iPad will act as though if the managed Apple Account is the only identity once a user is signed in. That makes it a quasi-multiuser system rather than a full one seen with macOS, Windows or Linux. 

A Mac is a true multi-user system: each user has a local account and home directory as well as file system permissions that govern the drive/partition and any additional drives or partitions such as USB sticks. Those local accounts may or may not be tied directly to a managed Apple Account (or even a personal Apple Account). 

The result? There isn’t a single source of identity as there is on an iOS device. Even so, Apple still cites managed Apple Accounts as the best practice for Macs and other devices. 

Ideally in practice, the Mac will have a local user account that matches a user’s managed Apple Account. Some aspects of that managed Apple Account are defined by a federated identity provider; others are defined in Apple Business Manager. Identity for network authentication and the enforcement of policies such as passcode requirements and multifactor authentication are among the policies handled by the federated identity provider.

This works well sometimes — but it can create problems, too. 

Keep in mind that while Apple Business Manager uses an identity provider to create managed Apple Accounts when federated, the managed accounts aren’t stored by the provider. They reside in Apple Business Manager, which is capable of creating managed Apple Accounts and user/device assignments independent of federation. 

The big problem is when Macs are shared by multiple people. Each user ends up with a local account on every Mac that they log into — and since local accounts have local home directories and local preferences, users can end up with different files, settings, and other attributes on different Macs. (This can happen with shared iPads, but since the iPad OS file system isn’t truly exposed and focuses more on syncing with various services it’s less problematic.) Managed Apple Accounts do now support the major features of iCloud, including sync services, which helps somewhat, but isn’t a full-fledged solution.  

FileVault, Apple’s file and disk encryption, can also be problematic because a Mac typically requires a local user account to unlock FileVault on boot or restart — and that account needs the appropriate permissions to do so. Outside of work, this is less a problem; a user will typically login with an account that has sufficient privileges and isn’t tied to anything other than that particular Mac.  

Macs and single sign-on

Local accounts aren’t the only issue that can arise when using managed Apple Accounts instead of directory service binding. Single sign-on is another. When a Mac is joined to Active Directory, single sign-on is automatic and similar to a Windows PC with Kerberos powering the process. Users simply login with their enterprise credentials at the macOS login window. 

This is not an automatic feature for managed Apple Accounts – remember, these reside in Apple Business Manager and are synced with your identity provider when federated. Apple’s Platform SSO extension is intended to resolve this issue; it lets apps and websites support single sign-on via a federated identity provider and can be called at the login window or via an installed app. One advantage Platform SSO does offer is support for multifactor authentication.  

In practice, Platform SSO is not ideal. It’s designed for BYOD and one-to-one deployments where each user has his or her own Mac and doesn’t match as well as directory service binding for Macs that support multiple users. Although broadly employed, there may be situations where it isn’t supported. 

While Apple provides limited administrator tools for using Platform SSO, third-party vendors have created better implementations, including JAMF Connect, Kandji Passport, and SimpleMDM. These tools also simplify support for multifactor authentication and user access to a Mac, often replacing the standard macOS login window. But they also require another investment in cost, time and complexity.  

Identity and MDM 

Mobile Device Management (MDM) software interacts with enterprise identities through Apple Business Manager. Once the MDM setup is in place and connected to Apple Business Manager, it can access users, devices and groups available to Apple Business Manager and use them to provision devices and manage configuration profiles; handle user account assignments; and send MDM commands. (The data required for these functions is stored by the MDM service, not Apple Business Manager or any federated identity provider.)

In practice, this means several components need to interoperate to support Apple devices in enterprises. At a minimum, there’s the underlying identity provider, Apple Business Manager, and MDM solutions. Tools for managing Kerberos and single sign-on through Apple’s Platform SSO are best included, too, whether they are part of an MDM vendor’s offerings or something additional. 

Why so much confusion?

The main reason this can be so confusing is that Apple has been making things up as it goes. Managing identities was simpler when it was handled largely by Active Directory (AD). Then came MDM tools to complicate things, followed by managed Apple Accounts. Basically, Apple has had to follow the path created by cloud-based infrastructure, putting in place patchwork system rather than a consolidated vision based on today’s IT landscape. 

(Respondents to the recent Six Colors survey on Apple in the enterprise acknowledged that very issue; Apple has yet to resolve it.) 

So, where does this leave things?

Putting together a fresh setup to manage, secure and support Apple products in business environments begins with an identity provider populated with the requisite user information. This is then federated to Apple Business Manager, which uses that information to generate managed Apple IDs as users are onboarded and assigned devices (or who enroll their own devices). For Macs, a third-party tool, ideally one offered by a chosen MDM vendor, is installed to manage Apple’s Platform SSO. 

Starting with a clean slate, it’s a relatively straightforward process. But local accounts on Macs, FileVault, personal Apple IDs, users who work on multiple Macs and other legacy hangovers make everything much more complicated. The reality is that there will be patchwork of systems that must work together, regardless of whether you’re starting fresh or developing a modernization/transition project. 

Companies will be watching to see whether Apple can streamline things next week at WWDC; at the very least, let’s hope it doesn’t add even more components and complexity to the equation. 

Koncem ledna jsem psal o tom, jak Tesla šetří náklady, že nová auta z továrny ve Fremontu dojedou na nakládací parkoviště autonomně, bez lidského zásahu. [ArticleBox ORIGINÁL Takhle Musk šetří. Nové tesly jezdí z továrny na expediční parkoviště bez řidiče : 232754] Je červen a stejný koncept se ...

Meta founder and CEO Mark Zuckerberg said recently on Theo Von’s “This Past Weekend” podcast that everything is shifting to holograms.

A hologram is a three-dimensional image that represents an object in a way that allows it to be viewed from different angles, creating the illusion of depth.

Zuckerberg predicts that most of our physical objects will become obsolete and replaced by holographic versions seen through augmented reality (AR) glasses. The conversation floated the idea that books, board games, ping-pong tables, and even smartphones could all be virtualized, replacing the physical, real-world versions. 

Zuckerberg also expects that somewhere between one and two billion people could replace their smartphones with AR glasses within four years. 

One potential problem with that prediction: the public has to want to replace physical objects with holographic versions. So far, Apple’s experience with Apple Vision Pro does not imply that the public is clamoring for holographic replacements. 

Apple Vision Pro, released in 2024, is Apple’s first spatial computer, and it’s already changing how people interact with digital objects and experiences. The device lets you pull 3D objects out of apps and view them from every angle, as if they’re floating right in front of you. That  means you can replace physical items like chess boards with holographic versions that appear on your real table and respond to your gestures and gaze. You don’t just see a virtual chess board; you can play on it, move pieces, and even have a virtual opponent seated across from you — all anchored in your actual space. 

Apple Vision Pro also enables the replacement of a big-screen 4K TV, a very large computer monitor, a ping-pong table, a whiteboard, board games, and other objects. The $3499 price of an Apple Vision Pro is far less than the price of buying all these physical objects, yet most consumers have not felt the high-tech headset is worth the money.

Of course, this comparison isn’t quite fair for three reasons. First, you can’t replace a TV with an Apple Vision Pro because only one person can watch at a time. Second, there’s a network effect at play. Unlike with a real chess game or board game, you can’t play another person using Apple Vision Pro unless they have one, too, and that’s statistically unlikely. Third, Zuckerberg talks about a future where our holograms will be delivered by lightweight, everyday glasses rather than giant, heavy, bulky contraptions like the Vision Pro. 

Still, we live in a world where 100% of the most popular consumer electronics products are not holographic, and 100% of the holographic products are not popular. 

The hologram state of the art

A number of companies have rolled out a variety of hologram related products, including:

• Looking Glass Factory, which sells the Looking Glass Go, a pocket-sized holographic display that folds up like a cell phone. The company’s software even lets you convert ordinary digital photographs into 3D holograms to be displayed on the Go. 

• Holloconnects, which makes two holographic product lines: the Holobox and the Hologrid. These are interactive hologram displays designed for stores, letting shoppers see 3D projections of products or even try on clothes virtually. Some implementations use them for AI assistants. 

• Proto, which sells a holoportation product called the Proto Epic, a full-size hologram booth that can display life-sized, real-time 3D images of people. The booth is used for remote meetings, performances, and events, allowing a person to appear as a hologram anywhere in the world. Proto booths are installed in airports, conference centers, and retail locations in the US and Europe.

• Leia, which sells the Leia Lume Pad 2; it’s a tablet-like device that creates 3D content without glasses. According to the company, it is aimed at creators, educators, and professionals who need portable 3D visualization. 

• zSpace, which offers holographic services and products. The company’s technology offers realistic 3D visualization using a proprietary stereoscopic display, trackable eyewear, and a direct-interaction stylus. Users can manipulate digital objects as if they were physical, enabling natural navigation, grabbing, slicing, and exploring of 3D models. zSpace targets the manufacturing, architecture, engineering, medical, and research industries. 

• Hypervsn, which develops 3D holographic display technology, creating high-resolution, floating images without glasses. Its product range includes the SmartV Wall — a modular, scalable 3D holographic wall for large-scale displays — SmartV Solo for interactive 3D visuals, and specialized solutions like the Holographic Human and SmartV Slots. Hypervsn displays are used for advertising, events, and retail spaces.

• Light Field Lab, which sells the SolidLight; it’s built from modular, directly emissive panels capable of producing dense, converging wavefronts of light. This allows the creation of “real images” — holographic objects that appear to float in mid-air and can be viewed from multiple angles, with correct motion parallax, reflections, and refractions, according to the company. SolidLight is targeted at entertainment and themed experiences; immersive advertising and digital signage in public spaces; virtual concierge services and product showcases for corporate and retail installations; and large-scale performance events and cinemas, according to the company. 

• Voxon Photonics, which produces the VX2 and VX2-XL, advanced volumetric displays that generate interactive 3D holograms using millions of points of light in real-time. These displays offer a true 360-degree viewing experience without the need for glasses or headsets, making them ideal for shared environments like museums, education, entertainment, and corporate settings, according to the company’s website.

• And Realfiction, which specializes in mixed-reality and 3D holographic displays, with products like Dreamoc and DeepFrame. Their Directional Pixel Technology (DPT) enables glasses-free 2D and 3D views, including look-around capability, for multiple viewers simultaneously. Realfiction’s ECHO technology delivers immersive, glasses-free 3D experiences for several users in retail, expos, automotive, and collaborative environments. 

What all of these products have in common is that they’re all shipping — and that you probably have never heard of any of them. 

Holographic products and services have existed for years, but have failed to transcend the realm of novelties, parlor tricks, or marketing gimmicks. 

Still, Zuckerberg is describing not an enterprise product for retail marketing but an ecosystem of holographic content delivered on everyday, all-day glasses worn by just about everybody. And that’s very different. 

The big question: Is fake better than real? 

I have no doubt that holograms will increasingly become ubiquitous in our lives. But I doubt that a majority will ever prefer a holographic virtual book over a physical book or even a physical e-book reader. The same goes for other objects in our lives. 

I also suspect both Zuckerberg’s motives and his predictive powers. 

For starters, Zuckerberg appears to believe that the future of social networking is people socializing with AI. In an April interview with Dwarkesh Patel, he said, “The average person wants more connectivity, connection, than they have” — and suggested that the gap could be filled by “virtual friends” such as AI chatbots.

He’s also criticized the “stigma” associated with people forming friendships with AI, saying that it will become socially acceptable in the future. 

(Meta offers AI-powered video avatars for creators, customizable AI chat avatars that converse via DMs across Instagram, Facebook, Messenger, and WhatsApp; the AI Studio platform for building custom AI personas; the “Imagine Me” tool for generating digital avatars from user photos; and generative AI profiles that mimic human accounts with bios, profile pictures, and content sharing capabilities.)

Adding all this up, Zuckerberg’s vision for the future is the somewhat discredited idea of the “Metaverse,” where people have fake friends, live in fake environments, use fake objects, read fake books, play fake chess games, and generally just take the blue pill and plug themselves into the Matrix.

One way to look at this world is that people stop paying Disney and movie theaters for experiences, stop paying Amazon to buy consumer goods, and stop paying bars and cruise ship companies for social spaces, and instead pay Meta for holographic versions of all of it. 

I can see how this could be appealing for Zuckerberg. 

But a holographic revolution is more likely to create a backlash against the fake, causing the public to appreciate and prefer the real. 

I do believe that AR glasses plugging everyone into AI will improve everyone’s lives. But not because virtual objects will replace real ones. 

Augmented reality should augment reality, not replace it. 

Nejpozději loni se na ukrajinském bojišti začaly prosazovat improvizované drony, které pro přenos obrazu a řízení používají namísto rádiového spojení tenký optický kabel. První takto vybavené koptéry měly reálný dosah spíše jednotky kilometrů, ale díky odolnosti proti rušení je Rusko i Ukrajina ...

Vydá vám peníze a v nouzi i novou platební kartu. Banka Revolut spustila nový typ hybridního bankomatu, který není jen pro výběr peněz. Tady jsou podrobnosti.

Law enforcement authorities from over a dozen countries have arrested 20 suspects in an international operation targeting the production and distribution of child sexual abuse material. [...]

Cena waferu čipů od TSMC s procesem A14 dosáhne pohádkové úrovně, vyjde zhruba na $45 000. Navzdory tomu zákazníci nejspíš nebudou využívat alternativy, protože žádné nebudou…

V Evropské unii už loni v létě začalo platit nařízení akt o umělé inteligenci (AI Act), první komplexní regulace rychle se rozvíjejícího a strategického oboru na světě. Značná část trhu to nepřijala s nadšením a argumentuje tím, že zatímco v USA nebo v Číně se inovuje a vyvíjejí se tam AI produkty ...

Netatmo po třinácti letech konečně aktualizovalo svůj klíčový produkt - Netatmo Weather Station. O novince se šuškalo, ale netušili jsme, co vlastně bude nového. Reálně se po stránce hardwaru nezměnilo nic. Ostatně se jmenuje Netatmo Weather Station Original , takže samo Netatmo přiznává, že je to ...

** Stále s nostalgií vzpomínáte na telefony značky BlackBerry? ** Čínská firma chystá jejich znovuzrození. Design zůstane, změní se „vnitřnosti“ ** Telefony s Androidem dostanou nový procesor, paměti i fotoaparáty

** Senioři stále častěji sahají po konopí kvůli chronickým obtížím ** Lékaři ale varují, že je dnes silnější než dříve ** Senioři zároveň baští hromadu léků a mohou nastat problémy

Mezi recenzemi Radeonu RX 9060 XT se objevilo i několik těch, které se věnovaly 8GB variantě. Karta, která je cenově nastavená jako konkurent pro GeForce RTX 5060, je rychlejší…

Na všech herních platformách je každou chvíli nějaká slevová akce. Každý týden proto vybíráme ty nejatraktivnější, které by vám neměly uniknout. Pokud chcete získat hry zdarma nebo s výhodnou slevou, podívejte se na aktuální přehled akcí!

Google's AI advancement is not slowing down, and we might be getting yet another powerful model codenamed "Gemini Kingfall." [...]

Any info on Maxim Rudometov and his associates? There's $$$ in it for you

The US government is offering up to $10 million for information on foreign government-backed threat actors linked to the RedLine malware, including its suspected developer, Maxim Alexandrovich Rudometov.…