Archive
WWDC 2011 notes
Despite the fact that there wasn’t an IT track this year, I went to WWDC 2011 to learn as much as I could about 10.7. I’m really glad I did, as I picked up an enormous of amount of information (and met great people!) that I just would not have otherwise.
My takeaways from this year:
1. iOS and Mac OS X are converging. I don’t know where this train will end up, but Apple is betting on our computing becoming ever more mobile.
2. To go along with us becoming more mobile, Apple wants devs (especially its own) to focus on getting out of the user’s face. This is especially applying to the security model. Apple is simultaneously tightening “least privilege”, while also building the security to focus more on intelligent processing and less on asking the user about things the user may or may not understand in the first place.
An analogy used in the security session was that, right before a car crash, a little window does not open in the dashboard to ask if the driver wants to deploy the airbag. Instead, the airbag goes off because the pre-determined conditions for it tell the system that it must do so and save the driver.
3. Apple’s message about networking was “Assume that all the networks your app is connecting with are crappy, expensive (fee-based) and will disappear without warning. Build your app accordingly to handle those conditions gracefully and all your surprises will be pleasant ones.”
4. In a related message, Apple was also pushing “Power isn’t free. Enable only the computing equipment and/or radios you need to do the job.” That may not matter as much to a desktop- and/or server-focused developer, but it’s definitely relevant to a mobile device.
To meld those together: “Be out of the user’s face. Don’t display errors or ask the users to do things they don’t understand unless absolutely necessary. Build your apps to work invisibly and fail gracefully.”
As a person who gets called when “Hey, this popped up and I don’t know what means?” happens, I can only applaud the philosophy behind this.
I also posted some notes over in the Lion Dev Forums (ADC membership required for access.)
FileVault 2 – notes from Thursday’s Security lab: https://devforums.apple.com/thread/103697
Next Gen Crypto session and FIPS validation: https://devforums.apple.com/thread/104020
Updated FileVault 2 notes: https://devforums.apple.com/message/452262#452262
Oh yeah, I have a GitHub repository.
In my just-previous entry, I mentioned that I was linking to scripts in my GitHub repository. For those and other scripts, my GitHub repository is publicly available at the following address:
Reinstalling X11 on a 10.5.8 Mac
I had a problem come up in my workplace for a MATLAB user, where MATLAB wasn’t launching. On investigation, it appeared X11 wasn’t launching. To fix this, I had to reinstall X11 on the user’s 10.5.8 Mac.
Here’s what I did to reinstall X11:
1. Before you change anything, make sure you have a Mac OS X 10.5.6 installation DVD available.
2. Log into the Mac using an account with administrative rights and open Terminal.
3. Back up your existing X11 directory and remove /usr/X11R6 (/usr/X11R6 is a symbolic link that points to /usr/X11.)
sudo mv /usr/X11 /usr/X11.back
sudo rm /usr/X11R6
4. Have your 10.5.x Mac forget its X11-related receipts:
sudo pkgutil –forget com.apple.pkg.X11DocumentationLeo
sudo pkgutil –forget com.apple.pkg.X11User
sudo pkgutil –forget com.apple.pkg.X11SDKLeo
sudo pkgutil –forget org.x.X11.pkg
5. Once that’s done, reinstall the following two packages:
Install X11User.pkg from the Optional Installs metapackage, which is on the 10.5.6 DVD in the Optional Installs folder
Install X11SDK.pkg, which is on the 10.5.6 DVD in the Optional Installs/Xcode Tools/Packages folder
6. Restart.
Once that’s done, double-clicking /Applications/Utilities/X11.app should launch X11 and give you an xterm window.
Creating individual zip files from folders inside a directory
I recently ran into a situation where I needed to make individual zip files from folders inside a directory. I was able to find a lot of guidance for one big zip file, but I needed each folder to have its own zip file for archiving purposes. I also wanted good compression, resource fork preservation, and be able to run a command that would search the directory and make zips for each folder it found. (The last requirement was because I didn’t want to run the command individually on the 137 folders that I needed to make archives of.)
Fortunately, I was finally able to find a way to use ditto to do what I wanted. This command will search a particular directory, check for folders and use ditto to make compressed zip archive files:
for f in /path/to/directory/*; do ditto -c -k -X “$f” “$f.zip”; done
This command uses the folder’s name when saving the zip archive, so a “folderA” inside the directory will be compressed as “folderA.zip”
Thanks, but no thanks.
In an odd follow-up to my previous post, Yahoo has now offered me the ability to sync my contacts between various other services.
Considering three-quarters of my previous problem was because I was syncing my Address Book contacts to my Yahoo contacts, I’m going to pass on this option.
Yahoo account hacked
My Yahoo email account (which had what I considered a fairly strong password, with having both letters and numbers and being longer than eight characters) got hacked today by a spammer, who then scanned my contacts and started furiously sending links to NSFW merchandise and dodgy pharmaceutical sites. The account now has a new password and the contacts list has been completely cleared out. Fortunately, I avoided spamming our ALL-WORK email lists by the grace of God and LISTSERV-required confirmation before sending (said confirmation was not granted.) The embarassment factor was high, our security officer was calling, and I’ve now gotten the chance to re-connect with some old aquaintences whom I haven’t talked with in a while.
Power Outlet With Built-in USB Ports
I saw this linked from Engadget today and I think it’s a great idea. More and more small electronics charge via USB, and freeing up a power plug (which would otherwise have a electric AC – USB power brick plugged into it) sounds like a winner to me.
Using the 10.5-style contextual dock menu in 10.6.x
One change in 10.6.x was that Apple added new behavior to the Dock’s contextual menu. In 10.5.x and earlier, when you clicked on a program’s icon, you’d get a contextual menu with that program’s Dock commands, along with the OS X system commands (Hide/Show, Quit, and Options).
In 10.6.x, clicking and holding on an application icon in the 10.6 Dock invokes Exposé for that application. This is the same effect you see when pressing the F10 key in 10.4.x and later.
I personally found the new behavior aggravating, especially since my long-established habit is to use the Mail dock contextual menu to select “Get New Mail”. In 10.6, I found that I was launching Exposé instead. I could get the old contextual menus back by doing a Control-click on the dock icon, but I kept looking for a way to get the old behavior back.
Fortunately, somebody has found it. Here’s how you tell the Dock to use the 10.5.x-style dock contextual menu:
1. Open Terminal
2. Enter defaults write com.apple.Dock show-expose-menus -bool no and hit Return.
This change will take effect the next time that the Dock starts up, so if you want to automatically restart the Dock after applying the command, here’s the command you enter into Terminal:
defaults write com.apple.Dock show-expose-menus -bool no; killall Dock
The night Loginwindow put out a hit on my user accounts.
I had an odd problem crop up while doing a server upgrade today, where some AD accounts that I’d set up on a server were disappearing after a reboot. I’d set them up, reboot and *poof* no more user accounts. After a few tries, I hit Google and found the following blog entry which pointed the finger at the loginwindow process clearing the accounts because it believes them to be inactive External Accounts. Sure enough, I checked /var/log/system.log and saw the following entries for each account that had mysteriously disappeared:
Oct 11 00:14:43 server-name com.apple.loginwindow[55]: -xaRemoveInactiveExternalAccounts: removing “username” with home “/Volumes/Data/Users/username” from DSLocal because account is not active.
However, not all accounts were disappearing; only the ones where the account’s home folder was stored on another hard drive in the same server.
In the end, I re-read the createmobileaccount man page and noticed the -x and -X switches:
usage: createmobileaccount -n username [-h homepath] [-P | [-p password]] [-e] [-q] [[-x] | [-X]] [[-s] | [-S]] [-u syncURL] [-v]
-n username : user record name
-h homepath : user home path; Default is “/Users/<username>”
-p password : user password
-P : prompt for password. A password is required for FileVault home
-e encrypt : encrypt new home with FileVault
-q quota : max size in bytes of FileVault home
-x : create as external account on non-boot volumes. Default
-X : create as mobile account account non-boot volumes.
-s : set home sync on if home created.
-S : set home sync off if home created. Default.
-u syncURL : server target of home synchronization
-v : verbose output
I’d been setting up the user accounts using the following command:
sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username -h /Volumes/Data/Users/username
Since I wasn’t specifying “-x” or “-X” in the command, by default, createmobileaccount was setting them up as external accounts because I’d specified a home folder on a non-boot volume.
Once I switched my command to be the following, my mobile accounts began surviving a reboot:
sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -X -n username -h /Volumes/Data/Users/username
I sing the praises of VMWare!
Over the past few years, I’ve been introduced to virtualization and have started to use it in my everyday work environment, especially with regards to using it heavily in my test environments. Here’s some of the uses I’ve found for it in the past couple of months:
Live backup testing – I’ve test my work backups on a regular basis, and it used to be much more of a chore. Before I started using VMs, my workflow went something like this:
1. Get a couple of test boxes (one Intel, one Power PC) to simulate my servers.
2. Partition the internal hard drive into however many boot drives I needed.
3. Clone the hard drives with a standard server build from another hard drive.
4. Boot the test box.
5. Restore the needed files from backup.
6. Test my backup.
7. Did it work? If yes, move on to next boot drive. If no, re-clone hard drive and try again.
8. Run all tests until successful.
9. Write it up, send it on to the Powers That Be.
Now, I still need to do this workflow for my Power PC servers. For my Intel servers, the workflow now goes something like this.
1. Fire up VMWare Fusion on a box with *LOTS* of RAM.
2. Clone as many virtual servers as I’m planning to test.
3. Snapshot the servers before boot.
4. Boot the test VM.
5. Restore the needed files from backup.
6. Test my backup.
7. Did it work? If yes, rollback to pre-boot snapshot (which both shuts down the VM and preps it for use the next time I need to test backups), and move on to the next VM. If not, rollback to the pre-boot snapshot and try again.
8. Run all tests until successful.
9. Write it up, send it on to the Powers That Be.
So what? Seems like the same number of steps. True, but step 7 is now much faster and (if the test is successful) allows me to prep for the next round of backup testing down the road. Cloning a hard drive can take about an hour. Cloning a VM (because you’re essentially copying a file) is more in the neighborhood of minutes. Rolling back a VMWare snapshot is a matter of seconds.
Test environments – I can’t overemphasize how useful VMs and the ability to make snapshots have been to me in my Mac OS X 10.6.x testing. Using a VM and remembering to snapshot allows me to completely destroy a box when a script goes wrong, but ten seconds later have a working test box again when I’ve rolled back to my previous snapshot.
Flat-out hosanna-singing rear-saving – I recently had a project where after the start of the project, disaster struck in areas I had minimal control over. This project involved importing data from a non-Microsoft calendar/contacts system to an Exchange 2007 server. Broken down into its component parts, it needed a Windows XP or Vista box, an Exchange 2007 SP1 server and an Active Directory domain controller. Without going into too much detail, we had some trouble getting good data out of this process. We discovered this only after we started the transition (i.e. told everybody involved “The old system is retiring and you’re moving!”, done the training, announced the migration dates, got the database we needed from the vendor and actually started the migration process.) Coordination between the organizationally-separate elements of the project broke down, the vendor was less than helpful, and we needed a Plan B fast!
VMWare to the rescue.
VMWare allowed us to build all three boxes that we needed fairly quickly (both servers were created from existing Windows Server 2003 R2 templates.) It also allowed us, at each critical step, to snapshot and save our changes. So when the database conversion testing screwed up at one point and we had 147 Exchange mailboxes filled with garbage? Rollback; mailboxes are pristine once more and we were ready for the next test. It was still a lot of work, it still ate the whole weekend (I was at the office with my coworker/savior a full 24 hours over the course of Saturday and Sunday), but it would have been impossible to have finished by the start of business on Monday (our deadline) without using VMWare. Flat impossible.
Is it always the answer? No. When you have resource-intensive services that demand every erg of power and whit of drive speed that a server can deliver, you’re better off with an actual box (an Exchange mail server is actually a good example here of something that *should* be on an actual box; fortunately, our power and speed needs were low during this project.) However, for other tasks that may be less “need for speed”, going the VM route can often be a great choice.
Der Flounder 
Recent Comments