krypted.com

Tiny Deathstars of Foulness

Maven can be as simple or as complicated as you’d like. The maven command line interface is mvn. You can quickly find the version using the –version option:

mvn –version

This is useful for a lot, but most notably to see where Maven is, which is in the home line. You can then create a project by using the archetype:generate option. Let’s say I wanted to create an artifactID of Precache with a standard environment (DarchetypeArtifactId) that doesn’t need to be interactive. That would look as follows using the mvn command:

mvn archetype:generate DgroupId=com.precache DartifactId=precache DarchetypeArtifactId=mavenarchetypequickstart DinteractiveMode=false

This creates a directory in Maven with a full hierarchy that matches what maven will need (a faux root) for each app created. The pom.xml file is created in the root of the faux root and outlines metadata for the project as well as dependencies. Next, copy any source code into ../src/main/java (where .. is the faux root of the maven project) and any source test code into ../src/test/java. 

Once the files are where they need to be it’s as easy as running mvn with the package verb to package it all up:

mvn package

That creates the jar file. Next, create a site:

mvn site

And between steps, do a little housekeeping:

mvn clean dependency
:copydependencies package

Run your unit tests with the test verb (super-hard to remember):

mvn test 

And check to see if your test sources compile use the test-compile verb:

mvn test-compile

October 7th, 2017

Posted In: Java

Tags: , , ,

Leave a Comment

My latest Inc column, “The Holiday Traffic Rush Is Right Around the Corner. Here Are 10 Useful Tips to Help You Prepare” is now available on Inc.com. It begins like:

It’s baaaack! The holiday peak season for retailers is almost here.

By the time jack-o’-lanterns start to appear on front stoops, businesses’ preparations for this busiest period of the year should be well underway.

In 2016, holiday sales represented nearly 20 percent of total retail industry sales nationwide for the year, according to the National Retail Federation.

To read more, see https://www.inc.com/charles-edge/holiday-traffic-rush-is-right-around-corner-here-are-ten-useful-tips-to-help-you-prepare.html.

October 6th, 2017

Posted In: Articles and Books

Tags: , , , ,

Leave a Comment

When you push a certificate out in a profile, the certificate is statically stored on a Mac. If you are delivering a certificate over the air and in a device profile that is seperate from the MDM payload then the Active Directory Certificate payload can enable automatic certificate renewals. You can enable automatic renewals with a defaults command (or manage the preference domain via MDM) using the following command:

defaults write /Library/Preferences/com.apple.mdm-client AutoRenewCertificatesEnabled -bool YES
Note: Because they’re already dymanic and all, SCEP payloads cannot be automatically renewed.

October 5th, 2017

Posted In: Mac OS X

Tags: , , , ,

One Comment

Below is my pesentation from MacSysAdmin, if you’re into such things.
MSA_2017

October 4th, 2017

Posted In: Mac OS X, public speaking

Leave a Comment

You can easily disable password hints in macOS by opening the System Preferences, clicking on the “Users & Groups” System Preference pane and then clicking on Login Options. From there, uncheck the box for “Show password hints”


You can also disable this feature using the com.apple.loginwindow defaults domain. Send the following through a script to do so:

defaults write com.apple.loginwindow RetriesUntilHint -int 0

October 4th, 2017

Posted In: Mac OS X

Tags: , ,

Leave a Comment

The following is a list of application bundles that come pre-installed with macOS that are protected by SIP:
/Applications/App Store.app
/Applications/Automator.app
/Applications/Calculator.app
/Applications/Calendar.app
/Applications/Chess.app
/Applications/Contacts.app
/Applications/DVD Player.app
/Applications/Dashboard.app
/Applications/Dictionary.app
/Applications/FaceTime.app
/Applications/Font Book.app
/Applications/Game Center.app
/Applications/Image Capture.app
/Applications/Launchpad.app
/Applications/Mail.app
/Applications/Maps.app
/Applications/Messages.app
/Applications/Mission Control.app
/Applications/Notes.app
/Applications/Photo Booth.app
/Applications/Photos.app
/Applications/Preview.app
/Applications/QuickTime Player.app
/Applications/Reminders.app
/Applications/Safari.app
/Applications/Siri.app
/Applications/Stickies.app
/Applications/System Preferences.app
/Applications/TextEdit.app
/Applications/Time Machine.app
/Applications/Utilities
/Applications/iBooks.app
/Applications/iTunes.app
/Applications/Utilities/Activity Monitor.app
/Applications/Utilities/AirPort Utility.app
/Applications/Utilities/Audio MIDI Setup.app
/Applications/Utilities/Bluetooth File Exchange.app
/Applications/Utilities/Boot Camp Assistant.app
/Applications/Utilities/ColorSync Utility.app
/Applications/Utilities/Console.app
/Applications/Utilities/Digital Color Meter.app
/Applications/Utilities/Disk Utility.app
/Applications/Utilities/Grab.app
/Applications/Utilities/Grapher.app
/Applications/Utilities/Keychain Access.app
/Applications/Utilities/Migration Assistant.app
/Applications/Utilities/Script Editor.app
/Applications/Utilities/System Information.app
/Applications/Utilities/Terminal.app
/Applications/Utilities/VoiceOver Utility.app
/Applications/Utilities/X11.app
Note: Files located in /System, /usr, /bin, and /sbin are recursively protected as well.

October 2nd, 2017

Posted In: Mac OS X, Mac Security

Tags: , , ,

One Comment

The macOS High Sierra update has netted a few weird upgrades where I had to start over, restore, or boot into safe mode (e.g. if you DEP a device that forces encryption in Sierra and then gets into a loop after a High Sierra update is started). So I’ve been using modifier keys more than usual. The following startup modifier keys are available in macOS High Sierra:
  • Alt or Option key: Access Mac Startup Manager, which allows you to select a wireless network and then choose which volume you want to boot to.
  • C: Mostly legacy, boots to volumes on a CD, DVD, or USB drive.
  • Command-Option-P-R: Resets the parameter RAM (or PRAM for short).
  • Command-Option-R: Same as Recovery Mode, but over the Internet.
  • Command-R: Boots into the macOS Recovery Mode, useful when doing an internet restore or using Disk Utility to repair a volume.
  • Command-S: Enables Single User Mode.
  • Command-V: Boots into Verbose Mode, so you see a log of everything during the startup process.
  • D: Diagnostics mode starts up using Apple Hardware Test or Apple Diagnostics utility, for checking the hardware of your system.
  • Option-D: Load Diagnostics tools over the Internet.
  • Eject key, F12, or mouse/trackpad button: Ejects any removable media inserted.
  • N: NetBoot attempts to boot to a NetBoot volume on a network.
  • Option-N: NetBoot automatically to the default boot image
  • Shift:  Safe Boot verifies the startup disk and repairs directory issues, disables user fonts and clears the cache for them, only loads required kernel extensions and clears the cache for them, clears system caches, and disables startup and login items.
  • T: Target Disk Mode, which sets the system as a disk that can then be mounted on another system (if FileVault encrypted, you may need to enter a password to mount the volumes on the disk).
  • X: Boot to a macOS startup disk when otherwise booting to a Windows partition or startup manager.

October 1st, 2017

Posted In: Mac OS X

2 Comments

The full guide for managing macOS Server 5.4 running on High Sierra is now available at http://krypted.com/guides/macos-server-5-3-high-sierra/



Imma take a nap now. See ya’ when 5.6 ships!

rumplestiltskin

September 29th, 2017

Posted In: Uncategorized

High Sierra sees the Caching service moved out of macOS Server and into the client macOS. This means administrators no longer need to run the Server app on caching servers. Given the fact that the Caching service only stores volatile data easily recreated by caching updates again, there’s no need to back the service up, and it doesn’t interact with users or groups, so it’s easily divested from the rest of the Server services.

And the setup of the Caching service has never been easier. To do so, first open System Preferences and click on the Sharing System Preferences pane.

From here, click on the checkbox for Content Caching to start the service.

At the Content Caching panel, the service will say “Content Caching: On” once it’s running. Here, you can disable the “Cache iCloud content” option, which will disable the caching of user data supplied for iCloud (everything in here is encrypted, by the way). You can also choose to share the Internet Connection, which will create a wireless network that iOS devices can join to pull content. 

Click Options. Here, you can see how much storage is being used and limit the amount used. 

defaults read /Library/Preferences/com.apple.AssetCache.plist

Which returns the following configurable options:

Activated = 1;
CacheLimit = 0; DataPath = “/Library/Application Support/Apple/AssetCache/Data”; LastConfigData = <BIGLONGCRAZYSTRING>; LastConfigURL = “http://suconfig.apple.com/resource/registration/v1/config.plist”; LastPort = 56452; LastRegOrFlush = “2017-09-11 16:32:56 +0000”; LocalSubnetsOnly = 1; PeerLocalSubnetsOnly = 1; Port = 0; Region = 263755EFEF1C5DA178E82754D20D47B6; ReservedVolumeSpace = 2000000000; SavedCacheDetails = {
SavedCacheSize = 0;
ServerGUID = “EB531594-B51E-4F6A-80B9-35081B924629”;
Version = 1;}

This means that all those settings that you used to see in the GUI are still there, you just access them via the command line, by sending defaults commands. For example, 

defaults write /Library/Preferences/com.apple.AssetCache.plist CacheLimit -int 20000000000

You can

AssetCacheManagerUtil status

Which returns something similar to the following:

2017-09-11 11:49:37.427 AssetCacheManagerUtil[23957:564981] Built-in caching server status: {
Activated = 1;
Active = 1;
CacheDetails = {
iCloud = 4958643;
“iOS Software” = 936182434;};
CacheFree = 472585174016;
CacheLimit = 0;
CacheStatus = OK;
CacheUsed = 941141077;
Parents = ();
Peers = ();
PersonalCacheFree = 472585174016;
PersonalCacheLimit = 0;
PersonalCacheUsed = 4958643;
Port = 56452;
PrivateAddresses = (“192.168.104.196”);
PublicAddress = “38.126.164.226”;
RegistrationStatus = 1;
RestrictedMedia = 0;
ServerGUID = “EB531594-B51E-4F6A-80B9-35081B924629”;
StartupStatus = OK;
TotalBytesDropped = 0;
TotalBytesImported = 4958643;
TotalBytesReturnedToChildren = 0;
TotalBytesReturnedToClients = 166627405;
TotalBytesReturnedToPeers = 0;
TotalBytesStoredFromOrigin = 166627405;
TotalBytesStoredFromParents = 0;
TotalBytesStoredFromPeers = 0;

You can also use AssetCacheManagerUtil to manage tasks previously built into the Server app. To see the available options, simply run the command:

bash-3.2# /usr/bin/AssetCacheManagerUtil

Which would show the following:

Options are:
-a|–all show all events
-j|–json print results in JSON
-l|–linger don’t exit
2017-09-11 11:57:30.066 AssetCacheManagerUtil[24213:569932] Commands are:
activate
deactivate
isActivated
canActivate
flushCache
flushPersonalCache
flushSharedCache
status
settings
reloadSettings
moveCacheTo path
absorbCacheFrom path read-only|and-destroy

As such, to enable the server:

bash-3.2# /usr/bin/AssetCacheManagerUtil activate 

To disable the server

bash-3.2# /usr/bin/AssetCacheManagerUtil deactivate

To check if the server can be activated

bash-3.2# /usr/bin/AssetCacheManagerUtil canActivate

To flush the cache of assets on the server:

bash-3.2# /usr/bin/AssetCacheManagerUtil flushCache 

To reload settings if you make any changes:

bash-3.2# /usr/bin/AssetCacheManagerUtil reloadSettings

To move the database

/usr/bin/AssetCacheManagerUtil moveCacheTo "/Volumes/SONY/Library/Application Support/Apple/AssetCache/Data"

Finally, if you’d like to see the caching server your client system is using, you can run the following command:

/usr/bin/AssetCacheLocatorUtil 2>&1 | grep guid | awk '{print$4}' | sed 's/^\(.*\):.*$/\1/' | uniq

And if you use Jamf Pro and would like to use this as an extension attribute, that’s posted here: https://github.com/krypted/cachecheck. I didn’t do any of the if/then there, as I’d usually just do that on the JSS.

Note: To see how AssetCache interacts with Tetherator, see Tethered Caching of iOS Assets from macOS 10.12.4.

September 28th, 2017

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , ,

A bootable installer is one of the fastest ways to install a Mac. Rather than copy the installer to a local drive you can run it right off a USB disk (or Thunderbolt if you dare). Such a little USB drive would be similar to the sticks that came with the older MacBook Air, when we were all still sitting around wondering how you would ever install the OS on a computer with no optical media or Ethernet otherwise. Luckily, Apple loves us. To make a bootable USB/flash drive of High Sierra like the one that used to come with the MacBook Air, first name the USB drive. I’ll use hsinstall for the purposes of this article. The format should be Mac OS Extended Journaled, although the new system drive will be apfs on the target volume. The installer is called Install macOS Sierra and is by default located in the /Applications directory. Inside the app bundle, there’s a new binary called createinstallmedia (nested in Contents/Resources). Using this binary you can create an installation drive (similar to what we used to do with InstallESD). To do so, specify the –volume to create the drive on (note that the target volume will be erased), the path of the “Install macOS High Sierra” app bundle and then we’re going to select –nointeraction so it just runs through the whole thing

/Applications/Install\ macOS\High\ Sierra.app/Contents/Resources/createinstallmedia --volume /Volumes/hsinstall --applicationpath /Applications/Install\ macOS\ High\ Sierra.app --nointeraction

Note: You’ll need to elevate your privileges for this to run.

Once run you’ll see that it erases the disk, copies the Installation materials (InstallESX, etc) and then makes the drive bootable, as follows:

Erasing Disk: 0%... 10%... 20%... 100%... Copying installer files to disk... Copy complete. Making disk bootable... Copying boot files... Copy complete.

Then you can either select the new volume in the Startup Disk System Preference pane or boot the computer holding down the option key to select the new volume.

Note: If you can do this on a system with a solid state drive it will be  faster. Although this took 17 minutes last I ran it even then so be patient for the files to copy.

September 28th, 2017

Posted In: Mac OS X

Tags: , , , ,

Next Page »