Why I closed my facebook account

I’m writing this so I have something to link to, so I don’t have to keep answering the question over and over.

Starting yesterday, I began to receive emails from various facebook friends, wherein they warned me that perhaps my fb account had been hacked. It seems my fb friends were getting invites for a ‘free ipad’ from me. I don’t have any way to tell whether my account has actually been hacked, but I was able to log in with my current password, change the password, and then disable the account.

I’ve seen this kind of thing before from other users… legit-looking invites that are probably faked somehow. I don’t really know, don’t really care, except that facebook has just become more trouble than it’s worth. I now retreat to platforms where messages are not sent on my behalf, ever. Feel free to follow me via Twitter @GuacamoleQueen. You can find my generic, life-oriented musings here: https://dreness.com/blog/

Posted in bit bucket | Leave a comment

Somniac and a UI scripting quickie

Just about every time I want an AppleScript to wait a second or two during script execution, I instinctively insert a “sleep x” statement, where x is some small number of seconds. Every time, I’m surprised when I test the script and my computer promptly… goes to sleep. The command to use is delay, not sleep :)

Here’s a short bit of UI scripting I use to wrangle the MouseZoom prefpane, which I require prior to playing Quake4 to get just the right mouse acceleration curve. Even though it’s just an extra click-and-wait, the whole 32 / 64 bit prefpane shuffle has me kinda annoyed, hence this script.

tell application "System Events"
	tell application "System Preferences"
		activate
		set current pane to pane id "com.benhines.mousezoompp"
	end tell
	delay 1
	tell process "System Preferences"
		click button "OK" of sheet 1 of window "Loading MouseZoom…"
                             --that's an elipsis! accessibility inspector ftw
		delay 2
		keystroke tab
		keystroke tab
		keystroke ".02"
		keystroke tab
	end tell
end tel

Posted in bit bucket, scripts, The More You Know | Leave a comment

GNU screen and white space, holy crap

GNU screen has been a key player in my workflow for a long time, and I’ve been putting up with a strange and very much undesired screen behavior for just about that long. I don’t fully understand the problem, but at least now I have a fix.

The problem is that when in screen, some ‘full-screen’ curses based apps like vim or mutt will cause screen to render empty space as white space… like for example all the space between the end of a line and the right side of the window. Normally this is not a problem. Who cares if it’s white space at the output rendering layer, right? Well, as it turns out, the guy on the other end of the clipboard really cares, even if you are that guy. Trust me. He’s actually kinda angry that it’s taken this long for his lobbying efforts to bear fruit.

Anyway, the fix is to employ the services of background color erase, known on the street as bce.

bce [on|off]
Change background-color-erase setting. If “bce” is set to on,  all  charac-
ters cleared by an erase/insert/scroll/clear operation will be displayed in
the current background color. Otherwise the  default  background  color  is
used.

The correct setting for me is: on, although I can’t really deduce that from the above description. Basically I just showed up in #screen on freenode, started mumbling, and somebody was like “… bce on?”, which was enough for me to arrive at the following .screenrc additions:

defbce on
term screen-bce

Here’s a short demo of expected behavior outside of screen, broken behavior in screen, and then fixed behavior.

Posted in bit bucket | Leave a comment

SSL Passphrase in Mac OS X Server

Here’s a one-liner (spread across two lines for the 80 column internet) for mining Mac OS  X Server’s SSL passphrase out of Keychain:

security dump-keychain -d /Library/Keychains/System.keychain | \
grep '"svce"<blob>="Mac OS X Server certificate management"' -A 3 | tail -n 1

Typically this is most useful right before you say something like the following, which writes out a decrypted version of the private key (after you supply the passphrase, of course :)

openssl rsa -in key.pem -out decrypted-key.pem

							
Posted in bit bucket | Leave a comment

CalendarServer on Ubuntu 10.0.4 Desktop

“Why should I read this silly article when I can just install the CalendarServer .deb?!”, you might be thinking. That’s easy. That deb is release 1.2, which is like a million years old or something. Lots of great stuff has been added since then, such as shared calendars and the integration of the formerly separate AddressBook server.

The concept here is to use apt to satisfy as many of the CalendarServer dependencies as possible, then let the ‘run’ script do the rest. I’ve tested this numerous times, and it works pretty flawlessly. I’ll have more detailed content later, but I just wanted to get the quick steps out there for any bleeding edgers out there…

1) edit /etc/fstab to enable xattrs by adding the “user_xattr” option.

e.g. (all on one line):

UUID=8f2bb850-0e8f-4d81-bba5-fb93ef9b9990 /               ext4    errors=remount-ro,user_xattr 0       1

after doing the above you need to reboot, or “sudo mount / -o remount”

2) sudo apt-get build-dep postgresql

3) sudo apt-get install python-setuptools python-xattr python-twisted subversion curl

4) svn co http://svn.macosforge.org/repository/calendarserver/CalendarServer/trunk CalendarServer

5) cd CalendarServer ; ./run -s

… at this point, if all goes well, you should be prompted with a message indicating that there is no config file. Run the suggested command to use the sample config file. You can then start the server with run -d, and run the protocol tests using the ‘testserver’ script.

Posted in bit bucket | 2 Comments

VMWare Fusion 3.1 is way faster

Check this out. I ran the ‘openssl speed’ benchmark in Ubunto Desktop 10.0.4 in Fusion 3.0.2 and again in 3.1. The difference is pretty impressive.

Posted in OS X, OS X Server | Leave a comment

tumbling around…

I’m due for another semi-annual update or some such.

Work is good; progress continues on the "Calendar and Contacts Server", which is unfortunately the official name of the open source version of our CalDAV / CardDAV service. I’ve been enjoying my rather multi-functional role on the team – fair amount of sysadmin work, some light coding / bug fixing, involvement in some architecture / planning decisions, occasional doc writing, and ‘playing well with others’. Big focus lately on scalability and performance, so I’ve got a few more tools under my belt for diagnosing and quantifying performance bottlenecks. A fair amount of the job involves engineering-level support of our internal iCal Server deployment, which is probably also the biggest iCal Server deployment – after all, it’s not really expected to run this software at enterprise scale, although it is possible with a good amount of tweaking (and lots of memory and storage).
Even though there are no Mac or IT tracks for this year’s WWDC, our team will still have a presence in the labs – though I’m not yet sure when. Cause I guess iP[ad][hone] people might wanna talk about CalDAV / CardDAV or something. For my particular gang of associates, this year’s conference theme is not the most exciting possible one. For that reason, in addition to the relatively short notice this year, I think my clique will have a smaller than usual turnout. I’m sure there will be some interesting stuff to see and do at the conference, but with no mac or IT focused stuff, I definitely feel a lot more like an outsider. To this day I haven’t done any iPad or iPhone development – not because I can’t, because I just don’t want to. The sort of stuff that a non-developer learns from mac developers and IT pros can often be fun / enlightening, because the mac platform is full of nooks and crannies to explore, and there are lots of ways to apply that knowledge. On the other hand, the stuff that a non-developer learns from iPad / iPhone developers is mostly only useful as a means of learning how to write apps for iPhone OS – which is great if that’s your goal.

Let’s see, what else… in about a month, headed out to PA for the yearly family get-together / BBQ affair; those are always enjoyable, and are usually the only time I see much of the extended fam (though I don’t go every year). In August, headed down to Vegas for another BBQ with the world of warcraft guild, like we did last year.

Ex-guild, I should say. After 10 years together (of which I participated in about 1.5 years), the guild leader decided to call it quits after extended and extremely painful attendance problems. But, we’re all adults, so no drama. Most of the members bailed for other realms and joined other raiding teams; a few stayed and went back to their former guilds… I stayed, and am currently retired. Actually the timing was just right, because we still made it through almost all of the content in the current expansion, and I was really ready to take a break – if not retire from raiding permanently. Having the 8 – 16 hours / week back is pretty awesome. Plus, I really got what I wanted out of the experience. At our peak, we were in the top 1% or so of guilds worldwide, and pulled off a realm first in the tier 9 content (ToC), beating out another guild that’s ranked around 50 worldwide. Anyway, I continue to play casually, and may pick it back up for the next expansion… but in the mean time:

Starcraft II beta finally made it to the mac, and it’s great fun. Also got on the Steam mac beta, and although it’s now live, Team Fortress 2 has yet to be released to non-beta customers. I’ve been playing that like CRAZY because I’m a sucker for a great first person shooter, especially after all the time spent in WoW. I was pleasantly surprised that even on day 1 I was pretty damn competitive, which is probably due to all the quake3 / quake4 / urban terror experience.

As far as the real world goes, I have been paying attention more and more, although sometimes I’m not sure why. A lot of it is probably due to the fact that I have to listen to *something* on the drive to / from work, so it might as well be public radio. Also, as a huge fan of stu-BEEF, it’s hard not to follow the breadcrumbs around. I’m becoming increasingly frustrated at the way people sometimes behave when in large groups, doing things that are clearly bad for the well-being of themselves or others, and which have far-reaching effects and implications. Whether this is due to natural tendencies of ‘people’ in general, or whether they are successfully manipulated by power holders, or for other reasons… I can’t really say, but it sure does seem obvious that it’s happening. The facade of democracy is more transparent with each passing day. Don’t get me wrong, I’m sure our government is less corrupt than many, but we’re by no means the shining light of civilization that a lot of Americans seem to think we are. I can’t shake the feeling that if we were truly interested in our long-term survival as a species, we’d be trying a lot harder with respect to problems like energy and pollution. I’m afraid we’ll have to wait for ‘the market’ to get us where we need to go… which is not an inspiring thought, for me, because I happen to think the market is fucking crazy. I expect it to fail, to keep failing, as long as there are greedy assholes taking bribes.

None of that keeps me from enjoying my time, though… Sinking feeling, yes… but one of those long-term ones. No immediate danger.

After years of thinking about it, yesterday I bought a super fancy chair. For somebody who sits as much as I, this makes good sense. It was expensive, but considering the 12 year warranty, it comes out to less than $100 / year… which is more than it costs to buy a regular chair every few years, but this is a *much* better chair! In general, I live so far below my means that I don’t really feel bad blowing some coin on the few luxuries I go for… pretty much just computers. And now the chair.

Regarding music… haven’t really dug into much new stuff lately. I need to go on another hunt. Also haven’t really composed anything myself of note, though I do sometimes enjoy playing my alto or tenor recorder, or my bongos, or my roommate’s electric bass. I’m not sure when it happened, but at some point I really just got super tired of music software. There’s no physical connection at all with a mouse and keyboard like there is with a musical instrument.

See you in 6 – 12 months, LJ…

Posted in bit bucket | 1 Comment

Of logs and non-boot volumes

It’s a beautiful Sunday morning, and as you wait for the coffee to start working, you figure it’s probably about time that you started on those benchmark results that have to be done by Monday. You’re sitting there thinking “MAN I wish I’d provisioned a larger boot volume for these Mac Minis, I keep filling it up with logs! Oh wait, I have a smart idea that I acquired from thinking! Maybe I can use the non-boot volume to hold the computer software logs, since it has SO much more space! Ok then, all I need to do is find the buttons for making a symbolic link from /var/log to /Volumes/foo/log, and then… it’ll work! Yeah!”

And lo, it did work, for a time. Imagine my surprise when 2 out of 20 of my mac mini-ons became unusable for my nefarious purposes of generating ical server load because the data volume used by the load simulator was somehow mounted read-only! The two failing minions also happened to be the two that were recently rebooted, after moving their power cables to different power circuits (to prevent blowing breakers, but that’s a whole other story). I didn’t ask for this crazy read-only nonsense!

Volumes get mounted read-only early at boot time, every time you boot, and that is normal. Usually, they are very quickly re-mounted in read-write mode, which is… ya know, more useful and stuff. My best guess at the fail here is that some part of the logging subsystem tried to open /Volumes/foo while it was still read-only, and SUCCEEDED when it probably should have failed. After all, what is the point of a logging system that mounts its log targets read-only, other than to prevent re-mounting of that filesystem read-write!

It appears that this happens. So, don’t do it, unless you wanted both no logging and a read-only data volume.

Recovering from this was not as easy as it should have been. On the first minion, I actually got beyond nuking /Volumes/foo until I remembered the /var/log symlink, so then I removed the symlink, re-created /var/log, and rebooted – this fixed minion number one. The SECOND minion was weirder. I removed the /var/log symlink, made a local /var/log, then rebooted – but /Volumes/foo still came back read-only! What?! Well I’m on a schedule so I just blew that one away too (diskutil eraseVolume), and then it came back ok – *after another reboot*. Funky.

Posted in OS X, OS X Server, Pro Tip, The More You Know | 2 Comments

Automator: Variable stacking

Shortly after discovering the existence of variables as real drag-n-droppable objects in Applescript Studio, I ran smack into a big limitation: the linear flow of an Automator workflow does not seem to allow for storing and recalling multiple values at once. Fortunately I was mistaken, as I discovered by accident while examining the ‘results’ view of each workflow object as it received data from upstream objects. We begin with a touch of background.

At first blush, the “Get Value of Variable” action seems like it can only really be used in conjunction with “Set Value of Variable”. You’d use “Set” to catch the output of some upstream object, and then store the value for later use.

set-value-of-variable

For those actions which do not support direct use of variable objects (e.g. “Name Single Item in Finder Item Names), one might instead try to pass the variable data as input, by connecting the input of a “Run Applescript” object to the output of “Get Value of Variable”, as long as you’re prepared to hand-write the stuff you need in Applescript.

That’s all well and good, until you realize that you need to use more than one variable in your “Run Applescript” object. For example, let’s say you’re writing a file re-namer – you might need to pass in the file extension of the ‘old’ file name, as well as the ‘new’ file name. “Get Value of Variable” can only recall a single variable’s value.

Here’s the trick: “Get Value of Variable” ALSO acts as a pass-through for whatever it receives on input, which allows you to stack multiple “Get Value”s, and then connect them to “Run Applescript”. In the “Run” object, the value of ‘input’ will be a list of the values received. In the below example, I’ve got a pair of “Get”s under another object which outputs a file / folder reference, then all of that output is dumped into a “Run” object. Those values are then accessed in the standard fashion: “the first text item of input”, “the second item of input”, etc.

get-double-stack

Finally, the “Get Value” behavior of accepting input can be disabled by control-clicking on the “Get Value of Variable” title text on the object.

get-value-contextual-menu

Posted in bit bucket | Leave a comment

LDAP client: local static and variable mappings

I was recently discussing Mac OS X / Active Directory integration with a friend, and one of the things I mentioned was the local static / variable mappings feature of the Mac OS X LDAPv3 plugin. After some fairly extensive internet searching, it appears that the only reason I know about that feature is because I learned about it in Apple’s official training courses about Mac OS X Server and Directory Services several years ago; in other words, there appears to be no public documentation of this, except for the Peachpit 10.5 Directory Services book (and probably the 10.6 version that is unpublished as of this writing). Until now.

This is all in the context of configuring LDAP mappings using Directory Utility, one of the many topics covered in this PDF from Apple. The following content would fit in around page 149.

In addition to configuring custom mappings by referring to existing attributes by name (e.g. repurposing an unused attribute), you can also create local mappings that are either static or dynamic. A static mapping for an attribute means that a specified text string will be returned when the attribute is queried, instead of checking the actual record on the directory server. A local variable mapping allows you to compose the value from a mixture of supplied text strings and also references to other attribute values.

Background: LDAP Mappings
First, let us visualize what a mapping is. To really see this work on your own machine, you’ll need to be connected to some real LDAP service. Check out these steps if you’re unsure how to get at the LDAP mapping configuration in Directory Utility. In general, the process of ‘mapping’ is used to express relationships between the schema of different directory systems. There is a ‘standard’ name space that is used by Mac OS X to describe things that it needs to talk about (e.g. the name of the attribute that holds the user id). This standard name space is so-called because it is agnostic of any specific directory data storage backend. There are also ‘native’ name spaces for each backend that are used to refer to the things in that directory store.

Let’s say I have a user account in an LDAP directory, and I want to look up the unix ID and the value in the ‘comment’ field. The ‘standard’ names for these attributes are UniqueID and Comment. You can find the full definition of Apple’s ‘standard’ name space on page 273 of the aforementioned PDF.

{28} andre@donk [~] % dscl /Search read /Users/dre UniqueID Comment
Comment:
 just this guy, you know...
UniqueID: 42

If we add the -raw option, we see the name space that is associated with the attributes:

{29} andre@donk [~] % dscl -raw /Search read /Users/dre UniqueID Comment
dsAttrTypeStandard:Comment:
 just this guy, you know...
dsAttrTypeStandard:UniqueID: 42

dsAttrTypeStandard is the prefix for ‘standard’ attributes. Now let’s look in the LDAP mapping configuration to observe how these standard attributes are mapped to native attributes on the LDAP server:

user-comment

For this LDAP configuration, whenever we get a query for the Comment attribute of a user record, we will look up the ‘native’ attribute named ‘description’. Using dscl, we can ask for things using either the native or standard name.

{30} andre@donk [~] % dscl -raw /Search read /Users/dre \
UniqueID Comment description UidNumber
dsAttrTypeNative:description:
 just this guy, you know...
dsAttrTypeNative:UidNumber: 42
dsAttrTypeStandard:Comment:
 just this guy, you know...
dsAttrTypeStandard:UniqueID: 42

To change the mapping, simply add or remove items from the right-side list. One common use case for a customized mapping is when the Mac OS X client is connecting to a directory service that doesn’t have a defined attribute for storing a piece of data that is required by Mac OS X. You might choose to  instead re-purpose an existing but unused attribute to store this data. To pull that off, you simply add the mapping for the appropriate ‘standard’ attribute, using the native name of the re-purposed attribute.

Local Static Mappings
Suppose that you want all clients to use the same specific value for a given attribute. In this case, a local static mapping will do the trick. Let’s say for this example that I want to create a local static mapping for the “Street” attribute. I currently have no value for that attribute in my user record:

{32} andre@donk [~] % dscl -raw /Search read /Users/dre Street
No such key: Street

Let’s add one. Click “Add…” under the right-side list. Normally this is where you’d type the name of some attribute. To treat the supplied text as a literal value instead of an attribute name to look up, prefix with a hash sign (#).

user-street

Now when we do the same query as before:

{37} andre@donk [~] % dscl -raw /Search read /Users/dre Street
dsAttrTypeStandard:Street:
 Shakedown Street

This also demonstrates that you’re allowed to have multiple mapped values, although the results aren’t that interesting yet… read on.

Local Variable Mappings
Local variable mappings are just a twist on the above. A good example is using a variable that represents the user’s short name to compose a home directory path. Click “Add…” and enter the text #/road/to/$uid$. Next, drag the entry you just created above the existing homeDirectory entry. The order in this list determines the order that results are returned. For attributes that are supposed to be single-value (like this one), that means that the requestor will only get the first result.

user-nfshomedirectory

{40} andre@donk [~] % dscl -raw /Search read /Users/dre NFSHomeDirectory
dsAttrTypeStandard:NFSHomeDirectory: /road/to/dre
/Network/Servers/host.orange.com/Volumes/yowza/dre

At the Open Directory layer, we see that there are actually two values returned – our local variable mapping, and also another (obfuscated) result that came from the LDAP server. What happens if we actually request this data using a ‘real’ directory services client?

{2} andre@donk [~] % cd ~dre
cd: no such file or directory: /road/to/dre

We see that ‘cd’ only gets one result – the first one in the list. Of course it’s a dead end, because this is just an example!

Don’t forget…
Everything you’ve seen here is 100% client-side, and only applies to the computer you used to configure the custom mappings. If you find yourself running around configuring custom mappings on a bunch of computers, you are probably doing it wrong – in this case, please check out the handy “Write to Server…” button. This publishes the custom mappings to the LDAP server where they will be automatically downloaded by other Mac OS X Clients – provided that the LDAP server has the required support for hosting this data; it wants to put this data in a record under Config called macosxodconfig, in an attribute called ‘description’. Here’s a nice techworld article that provides an example of all this from start to finish.

Posted in OS X, OS X Server, tutorials | Leave a comment