Monthly Archives: March 2009

Mac OS X

Daylite 3.9

Daylite 3.9 is actually a fairly substantial update from 3.8. This mainly stems from the fact that 3.9 uses PostgreSQL rather than OpenBase, and it runs Postgres on a dedicated server (not that this increases complexity too much as it’s going to discover those databases using Bonjour). This gives the application speed and the developers a number of new options they hadn’t had before. The MarketCircle developers will likely be able to come to market with new changes faster, thus being able to make you more productive with your productivity app. Also expect more 3rd party developers. Why? Because PostgreSQL is way more popular than OpenBase, is flexible for exchanging data and allows for a number of existing developers to integrate with Daylite. But more importantly, the short term gain is raw, unfettered speed.

Before you look to install Daylite 3.9, make sure all your boxen have at minimum 10.4.11 or 10.5.6. Also make sure they have a Gig of RAM and that they’re a 1GHz G4 or better. Finally, like with Workgroup Manager, 640×480 just isn’t enough (I don’t think it’s enough to even load my web site without scrolling, but that’s aside from the point). So make sure you have 1024×768 or better.

Because of the migration from OpenBase to PostgreSQL there’s a little work in migrating the database to be done. To get started, perform a final sync on your 3.8 users. Then disconnected them and disable synchronization, backing up your database when you are done. Those 3.8 users should not sync again. You can go ahead and upgrade them to 3.9 while the server is offline. Now install the 3.9 package and install your licenses, just as you would in Daylite 3.8 and below). Then go to the File menu (from within Daylite) and select Database and then Migrate Database. Then enter some admin credentials and click on Migrate. The database will then be migrated and the admin password reset.

The application is snappier, both on a LAN and over the WAN. If you’re using Daylite 3.9 over a WAN (and you don’t have a VPN) then one of the first things you’ll look for is the TCP ports to open up. 6113 through 6116 for the server-side app. The new Daylite Touch will also need 6117.

Daylight 3.9 also brings Daylite Touch into focus. Daylite Touch is the answer to the fact that people don’t just want CRM or what have you on their desktops. They want it on the handheld as well. Daylite Touch allows you to access that. More on Daylite Touch in later posts.

There are a few other features to note as well (other than speed and handheld synchronization). Most of the new features revolve around being able to associate data, be it contacts, calendars or notes, with other data – thus providing a more robust object oriented model for data management within the app. There are also some GUI enhancements to make it easier to find objects on the screen (mostly trying to unify the Daylite Touch interface with that of the fat client). For users sync’ing data, this update should improve the experience, although I haven’t managed to verify that just yet. There are a number of minor bug fixes as well.

All in all, 3.9 is a substantial upgrade. I would think that an upgrade where the backend database is migrated to another solution, the server is split into its own component and handheld over-the-air sync is introduced would alone be worthy of a full version number. This really makes me take more and more notice of Daylite; they are just on the ball these days at MarketCircle and I can say I am truly looking forward to seeing what 4.0 has in store for us. Hold-out users of Now who need a server based solution finally have a good upgrade path, albeit one with a slightly different (and more robust) workflow.

Windows Server Windows XP

Night Before Conficker: A Poem

Twas the night before April Fools day, when all through the IT department
Not an admin was stirring, asleep with hands on their mouse
The scans had been sent to the desktops with care, To ensure across the enterprise no conficker was there
The users were nestled all snug in their beds
And dreams of switching to Mac OS X danced in everyones heads.

Don’t forget to run those scans before you go home today!

Mac OS X Mac Security

Command Line ALF on Mac OS X

Mac OS X 10.5 and Mac OS X 10.6 have a multitude of ways to keep data from coming or going from a system. The traditional way is to use ipfw, although this isn’t the default way in 10.5 and above. Instead, you are meant to use the Application Layer Firewall (we’ll call it ALF for short), which is what you configure from the Security System Preference pane.

You can enable the firewall simply enough by using the defaults command to augment the /Library/Preferences/com.apple.alf.plist file, setting the globalstate key to an integer of 1:

defaults write /Library/Preferences/com.apple.alf globalstate -int 1

You can also configure the firewall from the command line. Stopping and starting ALF is easy enough, whether the global state has been set to 0 or 1, done using launchd. To stop:

launchctl unload /System/Library/LaunchAgents/com.apple.alf.useragent.plist
launchctl unload /System/Library/LaunchDaemons/com.apple.alf.agent.plist

To start:

launchctl load /System/Library/LaunchDaemons/com.apple.alf.agent.plist
launchctl load /System/Library/LaunchAgents/com.apple.alf.useragent.plist

These will start and stop the firewall daemon (aptly named firewall) located in the /usr/libexec/ApplicationFirewall directory. As you can imagine, the settings for ALF can be configured from the command line as well. The socketfilterfw command, in this same directory, is the command that actually allows you to manage ALF. ALF works not by the simple boolean means of allowing or not allowing access to a port but instead by limiting access by specific applications, more along the lines of Mandatory Access Controls (although not yet using the MAC framework).

When an application is allowed to open or accept a network socket, it’s known as a trusted application – and ALF keeps a list of all of the trusted applications. You can view trusted applications using socketfilterfw with the -l option; although the output can be difficult to read and so you can constrain it using grep for TRUSTEDAPPS as follows:

./socketfilterfw -l | grep TRUSTEDAPPS

You can also use the command line to add a trusted application using the -t option followed by the path to and then the actual application to be trusted. For example, to add FileMaker to the list of trusted apps you use something similar to the following, pointing to the binary, not the app bundle:

./socketfilterfw -t
“/Applications/FileMaker Pro 9/FileMaker Pro.app/Contents/MacOS/FileMaker Pro”

Note: You can also use the socketfilterfw command to sign applications, verify signatures and enable debugging, using the -s, -v options and -d options respectively.

Finally, there are a number of global preferences for the firewall that can be configured using the /usr/libexec/ApplicationFirewall/com.apple.alf.plist preferences file. You might be looking at the path to this file and thinking that it looks odd and it should really be in /Library/Preferences. And you might be right. But the com.apple.alf.plist file there appears to be a bit of silly misdirection. Changes there simply don’t seem to have the desired response. Therefore, stick with the one in the /usr/libexec/ApplicationFirewall directory. Some keys in this file that might be of interest include globalstate (0 disables the firewall, 1 configs for specific services and 2 is for essential services – as in the GUI), stealthenabled and loggingenabled. All are integers and fairly self explanatory vs. GUI settings from the System Preference pane.

Business

The Tragedy of the Commons

I don’t like to talk about politics outside of my immediate family. But this isn’t political; it’s basic free market theory IMHO. Tragedy of the Commons: It is human nature to allow an individually rational decision to become abusive to that which is common between those making said decisions. For example, Hardin liked to use herding as an example. When you have a bunch of sheep herders sharing land, each wants to increase the size of their herd even though it will eventually destroy the land to have too many sheep. Now, Wealth of Nations: Adam Smith railed against governments for interfering at all in corporations or the affairs of companies. This goes from tariffs to excessive taxes to limiting what a corporation can do. BTW, this was back in the 18th century at the dawn of the Industrial Revolution.

The market is not free if it is not free to fail. To me that is a basic tenet of capitalism; one Smith would definitely agree with. In a very Darwinian manner, survival of the fittest produces more and more solvent companies. But when an outside influence steps in to give a specific organization help then it throws off the entire corporate ecosystem. Companies are linked to economies. This might be a chicken plant in a rural area or a large, multinational conglomerate on a national scale. If a company has maneuvered itself in such a manner that the economic solvency of the world is dependent on that company, then the world is better off without the company if that company collapses.

However, an argument can be made that the common, credit, needs to be preserved. But the problem with that argument is that credit is not a common. Lakes, streams, rivers; those are no longer commons because they aren’t shared to some degree, they are owned. I would go a step further and state that the national budget of a country is a common to those living inside that country. I’ll even go another step to say that when that budget is leveraged to provide Billions and then Trillions of dollars in bailouts to actors in the free market economy that we are doing something akin to introducing new species to an ecosystem (which if you’ve ever been to Georgia and seen the kudzu you’ll note can cause the effects of kudzu on trees and houses). And when you introduce imbalance to an ecosystem then the new actor will often become overly dominant (eg – overly abundant) and end up killing itself off.

So I’m left with two thoughts from a purely theoretical standpoint on the global economy as of late. Either modern politicians didn’t learn basic economics (whether in class or in books) or they’re a bunch of big pansies and can’t think of better ways to spend all that capital they’re using it to bail out the markets, which in turn creates a weaker global economy. Instead, use that capital to build new infrastructure: conduit for fiber optic cabling, schools, universities, solar and wind farms, etc. Build infrastructure, so that when the economy rebounds the skills and the infrastructure will be there waiting for it and the taxes from the following boom will pay the debts incurred to lay the infrastructure. Just like when we came out of the Great Depression there will be another boom – and it will have an epicenter in the places willing to put the old commons behind them, which while it is a tragedy to do, will provide the wealth to people and nations alike.

personal

Pirates in Parliament

Looks like some pirates in Sweden are running for office in the European parliamentary scene – actually it’s the second time it has happened, but the first time they got less than a percent of votes.  With some anti-piracy laws making an uproar over there, they might have a chance of at least upsetting things…  I hope a bunch of ninjas will decide to run, so it can be a right and proper election…

Mac OS X

Spotlight Keystrokes

Spotlight has a nifty integration of keystrokes (or the Command keystroke at least).  Simply perform a search and then use the Command key in combination with an arrow to move and up and down in search results based on section rather than line item.  Additionally, that Command key can be used in conjunction with the Enter key so that when you open an item in the Spotlight results, it actually just displays the directory so you can then open the file in the Finder (and subsequently access other files in those directories as needed).

Mac OS X Mac OS X Server Mac Security

Quick and Dirty md5

A hashing function is used to calculate a hash value.  If you insert a file into a hashing function then it should produce a value that is almost certain to be unique (there’s always the remote likelihood that no matter how good your function, you may end up with a duplicate).  

The openssl command is used to access a number of functions/ciphers including sha1, base64, md5, rc4/rc5 and of course des/des3.  It is a very simple command to use, simply provide the cipher, followed by the path to the file you would like to get a hash value (aka digest) for.  So if I have a file called myfile.txt and I would like to get a digest for it I could just use the following command:

openssl md5 myfile.txt

At its most basic level, we’re just leveraging openssl to grab digests quickly and easily.

Mac OS X

Mac OS X Startup Modifier Keys

Mac OS X can boot differently than to your default startup disk with the use of modifier keys. When you power a system on, using these keystrokes will send commands to the system to perform the following:

  • C – Boot to optical media.
  • D (with restore disk in optical slot) – Boot to hardware test mode.
  • Command-Option-O-F – Boot to OpenFirmware (if you have open firmware).
  • Command-Option-P-R – Reset Parameter RAM.
  • Command-Option-P-R (until you hear two tones) – Reset non-volatile RAM.
  • Command-Option-N-V – Reset non-volatile RAM (similar to above according to hardware).
  • Command-Option-Shift Delete – Bypass the default startup volume and look for another blessed volume.
  • Command-Option-T-V – Boot that Quadra you hax0r’d OS X onto to use a TV for a monitor.
  • Command-S – Boot to Single User Mode, a command-line only environment, where you will need to mount disks manually, etc.
  • Command-V – Boot in Verbose mode, which shows what’s loading in a command-line style environment as it loads.  I personally boot my machines in this manner 100% of the time, using the nvram boot-args=”-v” command.
  • Eject  – Ejects media from the optical slot/tray.
  • F12 – Ejects media from the optical slot/tray.
  • Mouse button – Ejects media from the optical slot/tray.
  • N – Boot to a NetBoot volume.
  • Option – Boot to a list of available startup volumes, allowing for startup volume selection.
  • Option-N – Boot to a default boot image on a NetBoot volume.
  • Shift – Disables nonessential kernel extensions (drivers).
  • Shift (if held after the Apple screen is displayed) – Disables user startup items, launch daemons and launch agents.
  • Shift (left shift key at the OS progress menu) – Bypass automatic login.
  • T – Boot to Target Disk Mode, turning a system into a glorified firewire drive.
  • Trackpad button – Ejects media from the optical slot/tray.
  • X – Only used with systems that can run OS 9.  Forces the system to boot into Mac OS X.

You can also boot the Xserve using startup modifier keys without a keyboard.  To do so, boot the system holding down the system identifier button until the top row of lights blinks (blinks like they’re doing the wave).  Then let go of the system identifier button and press it noticing the bottom light will change positions.  The position number, from right to left performs the following:

  • 1 – Boot to an optical drive (similar to using the C modifier)
  • 2 – Boot to a NetBoot server (similar to using the N modifier)
  • 3 – Startup from the first blessed system found on an internal drive (useful if going from NetBoot or optical)
  • 4 – Look for another blessed system on another internal drive (similar to Command-Option-Shift-Delete modifier)
  • 5 – Boot to Target Disk Mode (similar to using the T modifier)
  • 6 – Rest NVRAM (similar to using Command-Option-N-V modifier)
  • 8 – Diagnostic mode

I’m sure there are more modifiers, but these are pretty much the ones I can use.  One note about using modifiers is that third party keyboards and KVM switches will often cause modifier keys not to be sent to the Mac computer at the right time and therefore can cause false positives in troubleshooting processes…

personal

Where the Wild Things Are

Still out of the office, so still posting not-so-technical stuff.  The latest on my radar is the new live action trailers for Where the Wild Things Are at Apple. As a book I read long ago and far away, it’s nice to think that I’ll get to see the blend of pictures and imagination on the big screen! Check it out, good wholesome fun!

Mac OS X personal

Richard Stallman is Kinda' Weird

In the /usr/share/emacs/22.1/etc directory (you can sub your version for the one listed here) you have a collection of very interesting files, musings written by Richard Stallman. Because emacs is open source, these files are in all default implementations of the emacs source code. Now I’m one to occasionally pontificate and write completely random musings, but mine aren’t in pretty much every default installation of all operating systems with Unix underpinnings (including Mac OS X) like Stallman’s are. For example, Stallman has a very nice recipe for cookies (that I’ve actually used) in a file called COOKIES in this folder. There’s also a man page for sex.6 here, which provides the options for use with the sex command, including (but I’m sure not limited to) -1 for masturbation, -l for leather, -W for whips and of course -w for whipped cream. There’s also a man page for condom.1, with such wit as:

The original version of _condom_ was released in Roman times and was only marginally effective. With the advent of modern technology, _condom_ now supports many more options and is much more effective.

In no way shape or form is this a complaint.  It’s actually quite the opposite.  I’m also just pointing out that RMS is a bit of an odd guy, but his humor, to those of us who spend about as much time reading man pages as we spend sleeping, does stand the test of time.  And more power to him.  If I could have my random musings so prolific then perhaps I would make sure they had such lasting power as well.