Monthly Archives: July 2011

Mac OS X Mac OS X Server Mac Security

Man Pages Made Easy

Ever since upgrading to Lion I’ve been making a few slight changes in workflow. One such change, which I’m still on the fence about, is to switch from reading man pages in a tiled Terminal screen, to reading them in a browser window.

It seems like a small thing, but I spend a lot of time switching between terminal screens or using screen to switch between sessions. Bwana allows you to read a man page from within a browser.

Simply load download the Bwana app into your /Applications directory and wait a few seconds. Then open a browser window and look for a man page. For example:

man:dsconfigad

Now, you may notice that you can’t actually click on the link above and have the link open as it would if you typed the information into the browser manually. You could also use man://dsconfigad to access a man page, but you still cannot refer to those from other sites. You can open those urls using terminal:

open man://dsconfigad

To see an index of all pages, enter the following in Safari:

man:index

To reindex:

man:index_refresh

personal

Minneapolis Isn't Weird Enough This Summer

Double Danger Comics is gone. Booksmart, which I thought was the best book store in town (was in Uptown) is gone. Uncle Hugo’s moved awhile back, but they just don’t seem weird enough, with over half the store dedicated to mysteries. I find the folks at Big Brain Comics too cool for my liking. My daughter and I do like going to the Source, but we’re having a hard time finding more variety (and 3 year olds need plenty of variety!)…

If anyone has any techno-weird-nerdy-geekspaz stuff then throw me a link or 20. You know, something like a retail Jinx.com (well, Jinx from 5 years ago, notsomuch this year) or thinkgeek. Maybe where I can replace the 1st Edition Millennium Falcon (for her of course), pick up that one Havok & Wolverine Meltdown (for me of course, as Walter Simonson is a bit too much for the 3 year old) I’m still missing and pick up an Arduino Duemilanove… Tall order?

Mac OS X

Lion's Versions Feature

In Mac OS X Lion, applications can make use of a feature to auto-save and version files. This feature locks files that are inactive for editing and when the file is unlocked then starts automatically saving versions. If you have a problem with the file you can then always step back to a previous version of the file. The feature is manifested in the title bar and the file menu of applications that make use of it. When you open a file, it can be locked. Viewing the file in the Finder also shows that it is locked. Clicking on locked provides the option to unlock. Once unlocked you can make changes as you normally would. The next time you save the file, a version is created. Hovering the mouse over the title of a file results in a disclosure triangle. clicking that results in some options otherwise located in the file menu.

Clicking on the Lock option again locks the file. Files inactive can automatically be locked as well. The Duplication option is similar to that of Save As. You are asked where you want to duplicate the file to. No versioning information is sent with the file. These same options are in the File menu as well.

The command-S will still save a file, and in fact now it does more and it saves a new version of the file (also done as part of the auto-save routine). The Revert to Saved options in the File menu and title bar menu will bring up an interface similar to that of Time Machine. You can navigate through here to find a version that you want to restore and restore your data.

Versioning information is persistent across a restore. In fact, once restored, you can revert back to a more recent save than that which was restored. In my testing so far, versioning information is not always persistent across restores of files (works with Time Machine, doesn’t work with 3 other applications I’ve tested). But YMMV there as patches are introduced in (hopefully) the next few weeks. Versions data is stored in /.DocumentRevisions-V100. In the /.DocumentRevisions-V100/db-V1 directory is a sqlite database with information and pages files are stored in containers by UID of local users in the /.DocumentRevisions-V100/PerUID directory. Permissions here are owner of root, group of wheel and d–x–x–x.

bash-3.2# cd /.DocumentRevisions-V100/
bash-3.2# ls -al
total 0
d--x--x--x   7 root  wheel   238 Jul 18 22:39 .
drwxr-xr-x  36 root  wheel  1292 Jul 28 23:24 ..
drwx------   5 root  wheel   170 Jul 28 23:27 .cs
drw-------   2 root  wheel    68 Jul 18 22:39 ChunkTemp
d--x--x--x   3 root  wheel   102 Jul 18 22:39 PerUID
drwx------   4 root  wheel   136 Jul 28 23:27 db-V1
drwx--x--x   2 root  wheel    68 Jul 18 22:39 staging

Changing the permissions to 000 causes the feature to report no versions for the files but then you also cannot save changes to files. If you remove the .DocumentRevisions-V100 directory altogether it does not automatically recreate itself at the creation of a new document; however, it does not create itself initially until the first time you’re saving a document. Putting the directory structure back in place resolves any saving problems (is all this sounding a bit like how Spotlight indexes work to anyone???). Versioning is saved locally for files that are stored on network volumes. If you move a file that was versioned locally to a network volume and back then it will loose versioning information. If you open a file from a network share there is no versioning information in the file unless the local computer you are using had been used to make those versions. When you save a file stored on a network volume you are informed that the volume does not support permanent version storage. If you open the file and start editing it on another host and changes occur on both hosts (which the system will allow to happen) then at the next save you will get an alert that states that the file has been changed by another application. Clicking Save Anyway will overwrite changes from the other computer and Revert will revert to the last saved document or more likely error out with a complaint about permissions (even if those permissions are 777). Continuing to make changes on both hosts will eventually cause a “GSLibraryErrorDomain error 1″ error code; however, the file will remain open so you can copy your changes off into another file. A few other points of information:

  • Initially I had read that Time Machine was required to make use of this feature. That is incorrect. It works perfectly well with Time Machine disabled. Having said this, the app does report a message about Time Machine but this can safely be disregarded.
  • Initially I had read that it saves data into the ~/Library/Saved Application State directory. That too is incorrect. The state of versions-enabled applications is saved there but not the data
  • Large (> 500 page files) will auto-save very slowly if you have made a lot of changes in them. This is due to the fact that versioning results in copy operations.
  • Root can traverse into other users version files.
  • I have found no way thus far to change the auto-save interval (will hopefully update this when I do).
  • Pasting graphics into large files is much slower than previous versions (but likely offset by the new ability to flip through versions of files).
  • Not all applications have built-in Versions options yet (e.g. Office) but I think most will at some point in the future.

You can still mv a file to a .zip, unzip it and extract images and raw index data; however the versioning information is not actually saved there. Scanning the file system for changes during a version change only nets the file itself and the temp file (nested within /tmp) as having been altered. The Apple Developer Library explains Versioning as follows:

In the applications that ship as part of Mac OS X v10.7, users no longer need to save documents explicitly or be concerned about losing unsaved changes. Document-based Cocoa applications can opt into this autosaving behavior with a simple override. With automatic saving enabled, the system automatically writes document data to disk as necessary so that data displayed in a document window is, in effect, always the same as the document data on disk. A file coordination mechanism maintains sequential access to files. (See “Mac OS X File Coordination.”) Applications that support automatic saving also support document version history browsing. To browse previous versions of a document, choose Browse All Versions from the pull-down menu at the right end of the menu bar.

For more on NSDocumentController here’s Apple’s page for that.

Overall, Versions has taken me a little while to get used to. Especially in TextEdit. But I’ll take the latency in exchange for the ability to roll back changes. If you are rolling out Lion in a larger environment, you’re going to want to check out whether or not users expect this to persist across network shares, copying files to additional computers or even backups in many cases.

Mac OS X

Paths in Title Bars

When I install a new system that I am personally going to be using, one of the few tweaks I make is to configure the Finder to show me paths in the title bar. This just keeps me from the occasional Command-click on the folder name and keeps me abreast of where I am. Mostly it’s helpful in list or icon view as. To enable full paths
use defaults to write an _FXShowPosixPathInTitle key into com.apple.finder.plist. The key should be boolean and we’re setting it to true. After about 30 seconds new windows should show with the path in the title bar:

defaults write com.apple.finder _FXShowPosixPathInTitle -bool YES

I actually add this to my user template at imaging time for my personal system workflow, so that I don’t even have to think about it… So I almost forgot how to do it. Luckily, a quick peak at my user template reminded me when I was building a new imaging environment for Lion… If you decide it isn’t for you, feel free to set it back by setting the key to NO:

defaults write com.apple.finder _FXShowPosixPathInTitle -bool NO

iPhone Mac OS X Server Mac Security Mass Deployment

Lion Server: Using Profile Manager's Debug Mode

I’ve seen a lot of traffic about people troubleshooting problems with Mac OS X Server’s new Profile Manager service. One of the more useful things in troubleshooting anything (including Profile Manager in Lion) is the debug mode. It’s easy to turn on, just run the following command from any Lion Server with Profile Manager installed:

sudo defaults write /Library/Preferences/com.apple.ProfileManager debugMode 3

You will then get more information in the logs and be well armed to troubleshoot issues that arise in Mac OS X Server 10.7′s Profile Manager.

Final Cut Server Mac OS X Server Xsan

Scripting Video Changes in Lion: avconvert, pcastaction & podcast

The avconvert command is a new addition in OS X Lion that allows administrators to quickly and easily convert video from one format to another using presets for video conversion. The presets are mostly common Apple formats tuned to specific devices.

In its simplest form, avconvert uses a preset, a source and then an output to convert the source to the output using the preset to define the format to use for conversion. A useful preset is the 640×480 one. To convert this using this idea:

/usr/bin/avconvert --preset Preset640x480 --source /Convert/test.mov --output Converted/test.mov

While some of the presets are pretty self explanatory, I haven’t gone through them all to see their specific outputs. Simply regressioning through each and then doing a get-info on the resultant QuickTime should net such a result.

You can also use avconvert to extract audio or video only, to change data rates, track height and width, convert codecs, change frame rates and event o frame reordering. You can also specify a closed caption track, thumbnail tracks and all kinds of other cool stuff. While avconvert is the latest addition to video augmentation commands, the pcastaction command has also received some new features. I had previously written up a list of verbs for pcastaction at http://krypted.com/mac-os-x-server/pcastaction-verbs. This list is further enhanced in Lion. New verbs include:

  • addchapter – adds a chapter at a specified time
  • addtracks – add tracks using an optional offset and layers
  • deletetracks – deletes audio, video or audio_and_video tracks
  • extracttracks – outputs audio, video or audio_and_video tracks
  • flatten – flattens .mov, .m4v, .m4a and .m4b movies
  • join – joins two input files into an output file with an optional gap
  • qtimport – prepares QuickTime files with optional chapterizing
  • qtinfo – obtains keys from QuickTime files
  • sharewithpodcastlibrary – option for submitting a file to another Podcast Producer library
  • split – splits a QuickTime movie and outputs two files that are split at the time specified in the –time option
  • trim – specify start and end and remove the rest of the file

The podcast command, used to run Podcast Producer workflows is also still around and can be very useful. While there isn’t new stuff, it is worth mentioning that –addacl becomes –addaccess, –make explicit becomes –makefeedexplicit and –makenonexplicit becomes –makefeednonexplicit. There’s also the long, long awaited option for –removeepisode. This last option allows administrators to remove episodes from the Podcast Producer library based on the UUID of the episode. In my testing, you still need to remove the entry from the blog if you are also exporting episodes to the a blog, but this is basically what we were doing in the Deleting a Podcast post I did some time ago at http://krypted.com/mac-os-x-server/deleting-a-podcast-in-podcast-producer, just they wrap the three commands into one option of the podcast command. Still look to the asset removal article I did for actually scrubbing files (http://krypted.com/mac-os-x-server/scrubbing-assets-from-podcast-producer) . Feed removal is also still manual: http://krypted.com/mac-os-x-server/removing-feeds-from-podcast-producer.

ACL management remains about the same (http://krypted.com/mac-os-x-server/podcast-producer-workflow-acls). While I never got around to writing up how to programatically manage ACLs in Podcast Producer, it is worth mentioning that podcast’s –addacl option and –enableacl will allow you to do so. They, along with other options in podcast and pcastaction are much better documented in the man pages in lion, so the things I couldn’t get to work in 10.6 should be sorted out somewhere in 10.7.

Finally, while nothing new, the work I did on image file automation ( http://krypted.com/mac-os-x/automating-image-file-changes) with sips I now have hooking into podcast workflows. I hope to publish an article on this at some point in the future, but the idea is a workflow where you drop an image and a video into a folder (or use an upload dialog) and it watermarks the video with a compressed-down version of the image… Also, avconvert offers a perfect compliment to podcast workflows. I’ve had a number of instances where people were trying to feed pcastaction formats that were unsupported, video that was too large or other problematic inputs and so avconvert allows us to sanitize the inputs for pcastaction or podcast prior to managing our workflows. With launchdaemons watching directories this provides some of what Final Cut Server was able to provide, only without the database of assets, easy way to tag them, etc, etc, etc, etc. Overall, a very nice incremental update to Podcast Producer and en masse video management in Lion. Nothing jaw dropping or massive, but some nice new features, better documentation and in my testing so far, more overall stability.

Mac OS X

Automating Image File Changes

Ever need to automate changes to image files? Maybe a LaunchAgent that would watch a specific folder and resize png files that were dropped in there, or a little script that sanitized images as they came in to be a specific size (e.g. Poster Frames)? Well, sips is a little tool built into OS X that can help immensely with this. It will even convert that png to a jpeg or pict to png. Let’s look at using sips. First up, let’s just get the width and height of an image file:

sips --getProperty pixelHeight /Shared/tmpimages/1.png
sips --getProperty pixelWidth /Shared/tmpimages/1.png

Or for dpi:

sips --getProperty dpiHeight /Shared/tmpimages/1.png
sips --getProperty dpiWidth /Shared/tmpimages/1.png

Or to get the format:

sips --getProperty format Shared/tmpimages/1.png

Now let’s set the property, where the property is format, using the -o option to output a copy of the file to different location:

sips --setProperty format jpeg /Shared/tmpimages/1.png -o /Shared/imageoutput/1.jpeg

Pretty nifty so far. Now, let’s resize an image using the -z option:

sips /Shared/tmpimages/1.png -z 44 70 -o /Shared/imageoutput/converted.png

There’s lots more you can do with sips. It also happens to be built into OS X in the /usr/bin folder. Call on it for general still image manipulation. It’s quick and easily scriptable and best of all, a useful tool that can save lots of manual time converting images.

Mac OS X Mac OS X Server Ubuntu Unix

Web Site Redirection with html (Lion too)

One of the first things many Apache administrators end up with in their bag of tricks is a piece of code for redirecting a website to another place. 301 redirects are usually better, but a basic redirection page is also very helpful in a number of situations. The following example code can be saved as an index.html page and will redirect traffic from one site to another. A common use of this is to redirect an http site to an https site. In this example, we’ll place this index page in the web directory for http://www.krypted.com on an OS X Lion server. The server runs a site for https://www.krypted.com already and so this page is simply meant to redirect users to the https version of the site:

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<TITLE>krypted.com Secure Redirect</title>
<meta http-equiv="REFRESH" content="0;url=https://www.krypted.com">
</HEAD>
<BODY>
You will now be redirected to https://www.krypted.com
</BODY>
</HTML>

 

Above, we create an HTML tag, a heading tag, a title tag and finally the meta http-equiv refresh. The content used between the body tag is simply to inform a user who might happen to see this site what is happening. Simply copy this into an html file and you’re off to the races. If using OS X Server, you can drop into /Library/WebServer/Documents by default, to redirect users elsewhere.

Mac OS X Server Mac Security

Full Screen Terminal in Lion

Command-Option-F will send terminal into full screen in OS X Lion (or most any other app for that matter). You can also use the double-arrow button in the top right corner of an application’s title bar to make it full screen.

Command-Option-F (or switching to another app or Window that isn’t full screen) will end your full screen session. For any app, you can have one window that is full screen and others that aren’t full screen. Mission Control then shows all the full screen apps at the top of the screen and those that aren’t full screen towards the bottom. I thought I really needed multiple Terminal windows, but using the screen I haven’t found that I really notice not having two windows. And I have been trying hard to multi-task less in life. Seems like Apple supports such a change in workflow…

Mac OS X Mass Deployment

Making and Using an Installer Disk for Lion

When I got my MacBook Air, I thought that little USB disk was the coolest. I took it immediately to another computer, popped it in and booted. As many of you probably know, it didn’t work. I think the idea of diskless restores will take me a little while to get used to. I also think I like to have a DVD for every OS I use. Many of my customers also have policies that they have to.

Now I know you can boot holding down Command-R and go into recovery mode (boot to that awesome, hidden restore partition). And I know that you’re basically running a bless command on Apple’s cloud instance of a NetInstall instance. And I do think that should likely be the first step for most users when they need to reinstall their operating system. But picture your firewall when you go to reinstall 30 machines that way. I’m guessing you don’t like the smell of burnt plastic any more than I do.  So let’s look at creating an installer DVD.

When you download Lion, it makes a bundle in /Applications called Install Mac OS X Lion. There’s a cute progress bar as that folder gets populated and when it’s done, you can double-click on it to start your Lion install. Or, you can control-click on it, compress it and then let it install. Control-click (or right-click) on it and choose Show Package Contents to see Contents. Go to SharedSupport and you’ll see InstallESD.dmg.

Extract InstallESD.dmg and you will see the contents of a traditional OS X Installation disk. On a MacBook Air you can make a NetInstaller of that wicked fast… Or on any old computer, open Disk Utility.

To burn the disk image, click on InstallESD.dmg in the Disk Utility sidebar and then click on the Burn icon. The contents will then burn to the DVD.

Then try and boot to the DVD. Provided you boot, you have now created a bootable installer for Lion. The boot process I think is slower than in previous OS releases (especially compared to Recovery Mode). When the boot process completes, you’ll be greeted with 4 options: Restore from Time Machine Backup, Reinstall Mac OS X (which I’m guessing will eventually say Reinstall OS X), Get Help Online (which you need functional DNS to use) and Disk Utility (to create those RAIDs, repair disks and perform other tasks we all love so much). The Utilities menu has the other options we often need, including Firmware Password Utility, Network Utility and Terminal. If you’re using Encrypted Time Machine volumes, you’ll need a password to restore. If you’re using FileVault 2 (Full Disk Encryption), you’ll need to use the Unlock button in Disk Utility and then be prompted for a password for the volume. You’ll then be able to manage the disk as you otherwise would. This should answer the question a few people have asked about how to repair permissions and disks if you use FileVault in Lion.