personal

Spotify Halloween Playlist

Mac OS X Mac OS X Server Mac Security Mass Deployment

Configure Messages Server In OS X Yosemite Server

Getting started with Messages Server couldn’t really be easier. Messages Server in the OS X Yosemite version of the Server app uses the open source jabber project as their back-end code base (and going back, OS X has used jabber since the inception of iChat Server all the way through Server 3). The sqlite setup file is located at /Applications/Server.app/Contents/ServerRoot/private/var/jabberd directory and the autobuddy binary is at /Applications/Server.app/Contents/ServerRoot/usr/bin/jabber_autobuddy. The actual jabberd binary is also stored at /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd, where there are a couple of perl scripts used to migrate the service between various versions as well.

Setting up the Messages service is simple. Open the Server app and click on Messages in the Server app sidebar.

Messages1

Click on the Edit… button for the Permissions. Here, define which users and interfaces are allowed to use the service.

Once open, click on the checkbox for “Enable server-to-server federation” if you have multiple iChat, er, I mean, Messages servers and then click on the checkbox for “Archive all chat messages” if you’d like transcripts of all Messages sessions that route through the server to be saved on the server. You should use an SSL certificate with the Messages service. If enabling federation so you can have multiple Messages servers, you have to. Before enabling the service, click on the name of the server in the sidebar of Server app and then click on the Settings tab. From here, click on Edit for the SSL Certificate (which should be plural btw) entry to bring up a screen to select SSL Certificates.

Messages2

At the SSL Certificates screen (here it’s plural!), select the certificate the Messages service should use from the available list supplied beside that entry and click on the OK button. If you need to setup federation, click back on the Messages service in the sidebar of Server app and then click on the Edit button. Then, click on the checkbox for Require server-to-server federation (making sure each server has the other’s SSL certificate installed) and then choose whether to allow any server to federate with yours or to restrict which servers are allowed. I have always restricted unless I was specifically setting up a server I wanted to be public (like public as in everyone in the world can federate to it, including the gorram reavers that want to wear your skin).

Messages3

To restrict the service, then provide a list of each server address capable of communicating with your server. Once all the servers are entered, click the OK button.
Obviously, if you only have one server, you can skip that. Once the settings are as you wish them to be, click on the ON/OFF switch to light up the service. To see the status of the service, once started, use the fullstatus option with serveradmin followed by the jabber indicator:

sudo serveradmin fullstatus jabber

The output includes whether the service is running, the location of jabber log files, the name of the server as well as the time the service was started, as can be seen here:

jabber:state = "RUNNING"
jabber:roomsState = "RUNNING"
jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
jabber:logPaths:JABBER_LOG = "/var/log/system.log"
jabber:proxyState = "RUNNING"
jabber:currentConnections = "0"
jabber:currentConnectionsPort1 = "0"
jabber:currentConnectionsPort2 = "0"
jabber:pluginVersion = "10.8.211"
jabber:servicePortsAreRestricted = "NO"
jabber:servicePortsRestrictionInfo = _empty_array
jabber:hostsCommaDelimitedString = "mavserver.pretendco.lan"
jabber:hosts:_array_index:0 = "mavserver.pretendco.lan"
jabber:setStateVersion = 1
jabber:startedTime = ""
jabber:readWriteSettingsVersion = 1

There are also a few settings not available in the Server app. One of these that can be important is the port used to communicate between the Messages client and the Messages service on the server. For example, to customize this to 8080, use serveradmin followed by settings and then jabber:jabberdClientPortSSL = 8080, as follows:

sudo serveradmin settings jabber:jabberdClientPortSSL = 8080

To change the location of the saved Messages transcripts (here, we’ll set it to /Volumes/Pegasus/Book:

sudo serveradmin settings jabber:savedChatsLocation = “/Volumes/Pegasus/Book”

To see a full listing of the options, just run settings with the jabber service:

sudo serveradmin settings jabber

The output lists each setting configurable:

jabber:dataLocation = "/Library/Server/Messages"
jabber:s2sRestrictDomains = no
jabber:jabberdDatabasePath = "/Library/Server/Messages/Data/sqlite/jabberd2.db"
jabber:sslCAFile = "/etc/certificates/mavserver.pretendco.lan.10E6CDF9F6E84992B97360B6EE7BA159684DCB75.chain.pem"
jabber:jabberdClientPortTLS = 5222
jabber:sslKeyFile = "/etc/certificates/mavserver.pretendco.lan.10E6CDF9F6E84992B97360B6EE7BA159684DCB75.concat.pem"
jabber:initialized = yes
jabber:enableXMPP = no
jabber:savedChatsArchiveInterval = 7
jabber:authLevel = "STANDARD"
jabber:hostsCommaDelimitedString = "mavserver.pretendco.lan"
jabber:jabberdClientPortSSL = 5223
jabber:requireSecureS2S = no
jabber:savedChatsLocation = "/Library/Server/Messages/Data/message_archives"
jabber:enableSavedChats = no
jabber:enableAutoBuddy = no
jabber:s2sAllowedDomains = _empty_array
jabber:logLevel = "ALL"
jabber:hosts:_array_index:0 = "mavserver.pretendco.lan"
jabber:eventLogArchiveInterval = 7
jabber:jabberdS2SPort = 0

To stop the service:

sudo serveradmin stop jabber

And to start it back up:

sudo serveradmin start jabber

It’s also worth noting something that’s completely missing in this whole thing: Apple Push Notifications… Why is that important? Well, you use the Messages application to communicate not only with Mac OS X and other jabber clients, but you can also use Messages to send text messages. Given that there’s nothing in the server that has anything to do with texts, push or anything of the sort, it’s worth noting that these messages don’t route through the server and therefore still require an iCloud account. Not a huge deal, but worth mentioning that Messages server doesn’t have the same updates built into the Messages app. Because messages don’t traverse the server, there’s no transcripts.

iPhone Mac OS X Mac OS X Server

Configure Apple Push Notifications In Yosemite Server

Push Notifications can be used in most every service in the Server app, especially in 3.5 for Yosemite (which I still like to call Yosemite Server as it makes me think of Yosemite Sam in a tux, pouring champagne). Any service that requires Push Notifications will provide the ability to setup APNS during the configuration of the service. But at this point, I usually just set up Push Notifications when I setup a new server.

Push1

To enable Push Notifications for services, you’ll first need to have a valid AppleID. Once you have an AppleID, open the Server app and then click on the name of the server. At the Overview screen, click on Settings.

Push2

At the Settings screen for your server, click on the check-box for “Enable Apple push notifications.” At the Apple Push Notification Services certificate screen, enter an AppleID if you have not yet configured APNS and click on OK. The Apple Push Notification Service certificate will then be configured.

Push3

The certificate is valid for one year, by default. Administrators receive an alert when the certificate is due to expire. To renew, open the same screen and click on the Renew button.

Mac OS X Mac OS X Server Mac Security Mass Deployment

Changing the Xcode Server Log Path in OS X 10.10 Yosemite Server

The logs in Xcode Server (Server 3) by default point to /Library/Server/XcodeLogs/credserver.log. This takes all of the output from xcscredd and xcscredhandler. If you’re doing a lot of debugging then logs can be pointed to another location, such as another drive. The path to the logs is defined in the /Applications/Server.app/Contents/ServerRoot/System/Library/LogConfiguration directory. The file to edit is a standard property list, XCSCredentialServer.plist:

<?xml version=”1.0″ encoding=”UTF-8″?>

<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>

<plist version=”1.0″>

<dict>

<key>claimedFacilities</key>

<array>

<string>servermgrd</string>

<string>servermgr-listener</string>

<string>servermgr-notify</string>

</array>

<key>claimedSenders</key>

<array>

<string>servermgrd</string>

<string>servermgr-listener</string>

<string>servermgr-notify</string>

</array>

<key>logMaximumLevel</key>

<string>debug</string>

<key>logPath</key>

<string>/Library/Server/Logs/servermgrd.log</string>

</dict>

</plist>

Once open, look for a key called logPath. Change that to the desired path, such as /Volumes/MyDrive/Logs/credserver.log and then restart the service:

serveradmin stop xcode; serveradmin start xcode

Uncategorized

The 250 Nerdiest Movies Of All Time

Note: I’m going to turn this into a page and keep working on it. This is the draft; since it’s been sitting in the WordPress drafts for over a year, I thought I should do something with it…

What makes a movie nerdy? Comic books, hacking, robotics, fantasy and straight-up-nerdiness. There are a lot of movies that really hit on some of these topics. Some do it well and others do a terrible job. Everyone is going to have their favorites, but I wanted to share mine well in advance of Memorial Day if only to help you prep to stay indoors and get just a little more pasty than you got this winter. Given the subjective nature of the nerdy factor, I’ve chosen not to rate these in any particular order. Instead I’m grouping them by sub-nerdy-genre. Hope you enjoy!

Nerds Make Good

  • Revenge of the Nerds: Really, this is one of those movies that started it all and belongs at the top of the list.
  • The 40-Year Old Virgin: Almost didn’t put this on the list ’cause I couldn’t figure out if they were making too much fun of… Whatever, it’s hilarious…
  • Jon Dies at the End: Meat monsters, boys who get girls, alternative universes and a surprise ending where Jon dies… Go figure. Or does he…
  • Napoleon Dynamite: Instant classic. No description needed.
  • American Splendor: Underground comic books, girls, the 70s.
  • Fanboys: Star Wars, Trekkies, a girl. Srsly.
  • Jay and Silent Bob Strike Back: This movie should have been called Kevin Smith gets back at Hollywood for making him rich as hell. Pobresito.
  • Chasing Amy: You’re probably gonna’ see most Kevin Smith movies somewhere on the list. This one is a boy gets girl flick with a twist. I’m a sucker for those. Don’t tell anyone…
  • 21: This made the list because… It’s true. Get good at maths, go to Vegas, get wealthy, get a big head, get a beat down.
  • Pi: OK, so he doesn’t make good really because he drills out part of his brain. But he does end up being all Zen, looking at the leaves blowing, finding peace and not dying like the other guy.
  • Can’t Buy Me Love: Nerdy kid pays girl to date him, things go south, kid ends up with girl. Apparently if you tight roll your khakis Amanda Peterson (you know, from Silver Spoons and Annie) will fall all over you. Noted.
  • Love Potion Number 9: Sandra Bullock goes from nerdy chemist to socialite. Seems like I’ve seen that plot since…

Nerdy Fantasy Movies

  • Harry Potter
  • Highlander
  • The Princess Bride
  • Willow
  • The Labrynth
  • Lord of the Rings
  • The Hobbit
  • Stardust
  • Clash of the Titans
  • Wrath of the Titans
  • In the Name of the King: A Dungeon Siege Tale

Nerd Comedy

  • Monty Python and the Holy Grail
  • Spaceballs
  • Galaxy Quest
  • Frequently Asked Questions About Time Travel
  • This is the End
  • The Green Hornet: Seth Rogen, Kato, a car that shoots missiles.
  • Superbad: There almost needs to be a new genre called Nerd Comedy with Seth Rogen in it.

Nerdy Documentaries

  • Nerdcore Rising
  • The Internet’s Own Boy: The Story of Aaron Swartz
  • To Be Takei
  • Web Junkie
  • The Manhattan Project

Comic Book Movies

  • X-men
  • Comic Con Episode IV: A Fan’s Hope
  • Paul
  • Batman
  • Superman
  • Captain America
  • Thor
  • Iron Man
  • Guardians of the Galaxy
  • The Hulk
  • Spiderman
  • Sin City
  • Constantine
  • Elektra
  • Ghost Rider
  • Ghost World
  • Green Lantern
  • Hellboy
  • I, Frankenstein
  • Jonah Hex
  • Judge Dredd
  • Blade
  • Catwoman
  • Daredevil
  • The League of Extraordinary Gentlemen
  • Mystery Men
  • Punisher
  • R.I.P.D.
  • The Rocketeer
  • The Spirit
  • V for Vendetta
  • Watchmen
  • Steel
  • 300
  • Alien vs. Predator
  • The Avengers
  • Wanted
  • Swamp Thing
  • Steel

Science Fiction

  • Star Wars
  • Star Trek
  • Metropolis
  • Avatar
  • Hunger Games
  • Brazil
  • Serenity
  • Dune
  • Beyond Thunderdome
  • Alien
  • Cowboys and Aliens
  • Soylent Green
  • Equilibrium
  • Divergent
  • 2001 A Space Odyssey
  • Planet of the Apes
  • Vanilla Sky
  • War of the Worlds
  • Oblivion
  • Gattaca
  • Stargate
  • Solaris
  • Donnie Darko
  • Tank Girl
  • Timecop
  • Idiocracy
  • Hitchhikers Guide to the Galaxy
  • Strange Days
  • Limitless
  • Forbidden Planet
  • The Fly
  • The Fifth Element
  • Starship Troopers
  • John Carter
  • Iron Sky: Nazis on the moon. No huge names. Not awful given that.
  • Cube: A movie based on a bunch of rooms making an infinite maze of sorts that keeps changing? Math and a last ginger standing kind of pace.

Nerdy Kids Movies

  • The Last Airbender: I watched all the cartoons with my daughter and so when the movie came out I wanted to take her. Let me be clear, this is not a movie made for 4 year olds. But it was really well done I thought. Obviously, directors have to take some liberties when adopting a dozen hours worth of cartoon story line into a feature film, but I thought it was totally worth it. Too bad they didn’t finish the trilogy.
  • Flight of the Navigator: So bad it’s good. David pilots alien ships and disappears for 8 years without growing a day older. Great little flick that reminds me how I dressed when I was that age. Some of the graphics didn’t hold up, but I’m not so overly judgmental.
  • Kick-Ass: Not many movies are original. This one was. It was fun, campy and I didn’t want to throw up when I saw Big Daddy like I usually do in movies he’s in!
  • Kick-Ass 2: Rarely is a sequel as good as the first movie. This is no exception. But it was original and campy, much like the first and well, well worth the watch.
  • Super 8: Normally I don’t like kids in creepy movies, but they pulled this one off pretty well. Not for younger kids for sure!
  • Goonies: Ah, the originals make ya’ swoon don’t they. What more could you want, than a big bad guy, Corey Feldman, Josh Brolin, Sean Astin, Martha Plimpton and the list goes on. Pirates, booby traps, gold and who could forget Data!
  • Back to the Future: I’m just going to include the whole franchise here. I’m still after a Delorean. Michael J Fox at his best. Well, Teenwolf wasn’t so bad, either. But the Doc, the plutonium and changing the future from the past. Awesome!
  • Hugo: A crossover between nerdy kids and fantasy, this period flick feels more like a steampunk movie than the traditional Disney kids movie (Disney didn’t make it). It’s a good movie. Cinematography, story line, acting, directing, etc. Didn’t get nearly enough attention and I think it will stand the test of time unlike many kids movies.
  • Teenage Mutant Ninja Turtles
  • Attack the Block
  • Cloak & Dagger

Animated

  • Pretty much every anime movie ever. But Akira really stands out as being the
  • Wreck-It Ralph
  • The Lego Movie
  • The original Lord of the Rings
  • The original Hobbit
  • Final Fantasy: The Spirits Within

Nerdy Robots

  • I, Robot
  • Robocop
  • Transformers
  • Bicentennial Man
  • Short Circuit
  • Wall-E
  • A.I. Artificial Intelligence
  • Terminator
  • Blade Runner because even nerds dream of electric sheep
  • Real Steel:

Zombies, Nerdy Monsters, Werewolves & Vampires

  • Zombieland
  • Army of Darkness
  • Shaun of the Dead
  • Men in Black
  • Mars Attacks!

Video Games

  • Scott Pilgrim vs. The World
  • Tron
  • Lara Croft: Tomb Raider: This movie made a lot of money. It’s made over a quarter of a billion dollars. It also set a new record upon release for movies with a female protagonist. But the only reason it didn’t win worst acres was that Mariah Carey released Glitter that year. It did well enough in the box office though to score a sequel.
  • Power Glove
  • Electric Dreams
  • The Prince of Persia
  • Grandma’s Boy
  • The Wizard
  • Need for Speed
  • Gamer
  • Existenz
  • Noobz
  • Max Payne
  • Far Cry
  • Hitman
  • Postal
  • BloodRayne: Wow, did Uwe Boll just miss it with this one. I mean, another game that could have been a great movie but needed so much more. It’s not easy to screw up a movie with Billy Zane Michael Madsen and Ben Kingsley when you have a plot as awesome as BloodRayne to work with in the first place…
  • DOA:Dead or Alive: Honestly, when I saw this I thought “Self, you should be playing this video game or watching someone play this video game, not watching actors trying to act like they’re in a video game. Happens a lot but I keep watching all of these…
  • Resident Evil: This has just become a great little franchise.
  • Silent Hill: I almost didn’t put this on because I just don’t like creepy movies.
  • Doom: This movie was doomed the second The Rock was cast in it.
  • House of the Dead: Gratuitously violent, just like the game. If you drink every time a zombie bites it you will die. In fact, if you’ve read everything up until now you might want to anyway. I like that this movie is authentic in that it doesn’t remotely try to be good. Stupid young people shoot stupid zombies.
  • Double Dragon: Billy Lee and Jimmy Lee. Somehow Alyssa Milano and Andy Dick end up in here too. As an early video game movie (apparently grunge was more popular than nerdy stuff at the time) I think the rest of that industry learned from this movie that special effects alone wouldn’t get you there and that you needed a plot.
  • Street Fighter: This is where we learned that Jean-Claude Van Damme should have stopped long before. But it was a video game, so everyone into such things at the time went to see it anyway. We knew it would be awful and we still went. Like Daredevil. It did have to compete with Dumb and Dumber for box office dollars, though… Now if Duncan McCracken had been cast as Guile it could have been saved…SSF2T_Guile
  • Mortal Kombat francise: I had no idea this franchise could go downhill after the first one but… It did.
  • Wing Commander

 

Close Encounters of the Third Kind

Sphere

Explorers

Surrogates

Primer

Nirvana

Young Frankenstein

The Time Machine

Scanners

Contact

Untraceable

Hackers Pwn Teh World

Jobs

Firewall

1. Office Space is the story of Peter Gibbons, a computer programmer who spends all day doing mindless tasks. Thanks to a hypnotic suggestion, Peter decides not to go to work at the same time his company starts laying people off. When layoffs affect his two best friends, they conspire to plant a virus that will embezzle money from the company into their account. The movie sports the scene where they take the fax out and smash it with baseball bats, the traffic scene on the way to work, the scene where he gets asked to work on Saturday, the scene where he pictures his boss and his new girlfriend (Jennifer Aniston) and of course the stapler. It is a classic and would be very easy to end up watching again tonight, as I write this…

2. Sneakers is probably one of the best hacking/phreaking movies of all time. Sure, it’s a little dated, but they all are. It was pretty good for the day though, and no completely off-the-wall ideas about what is and is not possible. The guy from 30something is awesome (aka “Dick”) and Martin Brice (Robert Redford) does a great job. River Phoenix is awesome and Dan Aykroyd is just like every conspiracy theorist ever. “It’s Not About Who’s Got the Most Bullets, It’s About Who’s Got the Information”. Great lines, great writing, great cast and still holds up as a pretty good movie after all these years (20, since it was released in 1992).

3. War Games is about Ferris Bueller (or a nerdy whizz kid of a Ferris Bueller) who connects into a top secret military mainframe and ends up with complete control over the United State’s nuclear arsenal. He then has to find the physical mainframe and disable it. What’s so awesome is that it’s InfoSec 101: use a password, put multiple layers of security in place and don’t hook ICBMs up to unsecured systems. Really makes the Wozniak quote “never trust a computer you can’t throw out of a window” make sense. I’ve been waiting for years to hear “shall we play a game?” Just like when I consider having an argument with my wife, “the only winning move is not to play.”

4. Tron is a movie about Kevin Flynn, a video game designer that gets converted into a digital person by an evil software pirate named Master Control. Disney somehow manages to take Jeff Bridges and turn him into a 3D version of himself. Complete with geometrical landscapes that comprise cyberspace, games and there’s even a girl (the one place where Tron isn’t very lifelike).

5. Hackers is the story of a young boy gets arrested by the Secret Service for writing a computer virus. He’s banned from using a computer until he turns 18. As a teenager, he moves to the big city to discover an awesome 2600-style underground of computer hackers. This one is complete with a teenage Angelina Jolie, skateboards, trench coats and modems. While it’s not completely realistic, it’s not utterly fantastical either (other than the hax0r kid getting the hot girl part). Imagine my disappointment when I got my first job with computers and Jolie wasn’t waiting for me…

6. Weird Science is a typical 80s flick about two unpopular teenage boys who “create” a woman via their computer. Their living and breathing creation is a gorgeous woman, Lisa (the name of the predecessor to the Macintosh, whose purpose is to boost their confidence level by putting them into situations which require Gary and Wyatt to act like men. On their road to becoming accepted, they encounter many hilarious obstacles, which gives the movie an overall sense of silliness.

7. Antitrust is a fictional account of computer programming extraordinaire Milo Hoffman. When Milo graduates from Stanford, he is recruited by Gary Winston, a character loosely based on Bill Gates. Winston is the CEO of a software company called NURV, on the brink of completing a global communications system called Synapse. Tragedy soon after strikes when Teddy Chin is murdered by a pair of Milo’s co-workers who made it look like a hate crime. Milo’s girlfriend Alice Poulson is turns out to be helping Winston and there are even bad guys working for the company inside the Justice Department. Basically, the message of the movie is that if you like computers, you should trusting no one and that nothing is as it seems. Luckily, in the real world, secrets can’t be kept for long (the more money you have the harder it seems to actually be to keep secrets). Which is why things like this don’t actually happen. But hey, at least we geeks get to feel important for a little while and this movie was actually well made. Having said that, Ryan Philippe is mediocre. Which was actually good enough in this one to be acceptable.

8. The Matrix trilogy is a fantastical look at futuristic hacker/programmer Thomas Anderson, living an ordinary life in 1999. Until Morpheus leads him into the real world, which is actually 200 years later and taken over by evil robots machines. The computers have created a fake 20th-century life called the Matrix to keep the human slaves asleep. The robots get power from the humans. Anderson is constantly chased by Agents (the opposite of that shirt that reads “I could replace you with a very tiny shell script”). At one point, the agents start replicating (I’ve accidentally filled a drive up by looping through cp before too). Anderson gets a cool name “Neo” and gets to be played by Keanu Reeves. All’s well (albeit varying degrees of well) until he becomes one with the matrix after about 7 or 8 hours of watching the movie. Actually, movies. It’s a trilogy. But Trinity (Reeves’ love interest) does use Nmap to run sshnuke against SSHv1 CRC32. Not a bad exploit for a lady wearing all leather…

9. The Net is the story of Angela Bennett, a computer expert whose interconnectedness comes back to haunt her. Back when Sandra Bullock was young and beautiful, she played an analyst who was never far from a computer. A friend like many of my own, whom she’s only spoken to over the net, Dale Hessman, sent her a program with a weird glitch needing debugging. She finds an easter egg on the disk which turns her life into a nightmare. Her records are erased from existence and she is given a new identity, complete with a police record. The best line is “computers are your life aren’t they?” Mostly because I find it easy to identify with such a line…

Oh, and she uses a Mac!

10. The Girl With The Dragon Tattoo is the most recent movie on this list. And there are more than one. I won’t say to see one over the others, but do check out the hacker girl. The latest installment has the most awesome song from Trent Reznor in the soundtrack, which I could totally listen to while writing scripties (and have).

11. Takedown is probably the movie that cost the least on the list to make. It’s not a great movie, but worthy of cult status to many. But here’s the thing: hacking stuff is pretty boring to watch. Unless of course, it’s the 2 days a year you leave your basement to go sit in Las Vegas and hack stuff with real humans around you…

12. The Pirates of Silicon Valley is a documentary about the tycoons that took control of the personal computer market. It starts with their time in college and then covers the actions that built up global empires now known as Apple and Microsoft Inc. My favorite part of this is the way that they made Steve Ballmer out to be a complete idiot. The parts about Bill Gates, Steve Jobs, Wozniak and Paul Allen were pretty well known to me, even before I saw the movie. With Noah Wyle I kept thinking that at some point he was going to throw on his scrubs and start giving someone an ER-style heart surgery. Anthony Michael Hall plays an uninspired Bill Gates. The best part of his part is when he does Saturday Night Fever on roller skates and then falls down. When he became the wealthiest man in the world I wonder if he got skate-dance lessons.

13. Swordfish was just a bad movie. But every computer nerd is going to watch it and hopefully turn it into a drinking game of some sort. Let me get this straight: a guy is supposed to hack into some of the most complex systems in the world and was supposed to do so while having relations with a lady and having a gun pointed at his head. Oh, did I mention, he’s dead if he isn’t done in 60 seconds? There are some really good uses of real computer stuff on some of the screens at time. But, Travolta should still give up his SAG card.

14. Johnny Mnemonic is the story of a data courier, again Keanu Reeves, who accepts a payload to big to keep in his head for long, that he then must deliver before it kills him. Classic Reeves, a cheesy flick. Has Dolph Lundgren, so must be at least funny-bad. Ice-T and Henry Rollins make appearances too (the 1990s, baby).

15. Live Free or Die Hard is the latest (4th) installment of the Die Hard saga. In this one though, the Mac Guy helps Bruce Willis hack into stuff and blow stuff up. This gets to be on the list because Bruce Willis says: “Command Center, it’s a basement.” I thought maybe he was talking about my place…

16. Minority Report is on the list because the tech that guy has was awesome. Not as good as the tech that Iron Man has, but a bit more realistic in some places. I actually think that a few products were developed after engineers watched this movie personally, and I’d love to see the rest made possible. Might have been higher except the cast.

17. D.A.R.Y.L. – After watching D.A.R.Y.L. I think I spent years thinking I was some sort of robot. Probably explains plenty. When I finally got around to reading Isaac Asimov’s Robot Series I guess I didn’t think I might be an android any longer. “It’s only human to make mistakes, but Daryl never does.” In this movie, a kid realizes he’s actually an artificial intelligence. He then gets chased down by the government, looking to reclaim their intellectual property. Classic ET-style the government are the bad guys kinda’ moments ensue.

18. Untraceable is a move from 2008 where Diane Lane plays a fed trying to track down a serial killer who posts live video of killing victims on the Internet. It’s borderline B-movie, but it’s not too badly done. Any plot gaps or technical mistakes I let slide due to the fact that the movie is set in Portland and the fact that I’ve always enjoyed Diane Lane.

19. Tron: Legacy is the second installment of Tron, which comes almost 30 years later, his son joins him in a movie that is more like the Big Lebowski turns digital samurai than the original… I’m kinda’ suck of the rich brat concept. But at least he breaks into a data center and blows stuff up before getting sucked into the Matrix…

20. Eagle Eye is the story of Jerry and Rachel, two strangers thrown together by a phone call from a lady they have never met. She makes them and others perform a series of increasingly dangerous situations, using everyday technology to track and control their moves. Turns out she’s a computer. Shia LaBeouf is the star of this. How he got to be the star of this, Transformers and the replacement for the Indiana Jones movies is beyond me. He’s not a terrible actor, but he’s not worthy of such reverence from the nerd/action movie elite… This is not as awesome a nerd movie as it is a symbol of the future of nerdy movies. I guess this one is more about that thing people call Mobility than computing, but close enough…

21. Lawnmower Man should have just been one movie. The only one with Stephen King, this was the first VR movie I remember seeing. Pierce Brosnan is the not-really-bad guy, but the creator of the bad guy. This is like a digital Frankenstein flick.

22. Disclosure is another movie from the 1990s (1994) that shows Michael Douglas getting seduced by a woman. But this time, he ends up stopping before he closes the deal. So instead of boiling the family pet, he just gets sued for sexual harrassment. Lots of computers and screen shots. And Demi Moore in a 90s power suit. Awesome stuff!

23. Virtuosity is about a virtual reality serial killer who’s actually more of a composite of serial killers. Weak plot, but Russell Crowe wasn’t a big star yet. It’s like of like Demolition Man, but with the VR spin on it. Russell Crowe is totally psycho. And he wears a couple of awesome suits in the movie (I’m pretty sure one of them was in Cool World as well). 50 terabytes was a lot back then!

24. eXistenZ is another artificial reality movie, but Jennifer Jason Leigh is a video game designer. I thought that the BioPort concept was too much, especially for the time. The theme was already a bit done by then, but it was at least a weird new twist…

25. The Computer Wore Tennis Shoes had Kurt Russell. It was from the 60s. But the time spent on explaining all the computing was awesome! The best part about this movie is that glimpse you get of what computers were like before the advent of the personal computer. Thank you to the Altair, Apple and other machines that helped to get us into a new world order!

Finally, while this clip isn’t a movie, if you were curious what hacking stuff really looks like most of the time:

Miscellaneous:

  • Catch Me If You Can because of the social engineering awesomeness it happens to be.
  • Independence Day because aliens apparently have Windows running on all their ships.
  • Jumpin’ Jack Flash because Whoopi Goldberg is actually a somewhat convincing engineer (or not).
  • Mission Impossible gets a nod for having an upside down Apple logo (for the time).
  • The Italian Job gets a nod for the real inventor of Napster (I guess he can duke it out with Metallica next).
  • Revolution OS for being a documentary about Linux. I’d love to see more of this kind of thing in the years to come (there’s certainly enough money floating around in the computer world to make more of them happen).
  • Jurassic Park had some computing in it, but doesn’t really count.
  • The Thirteenth Floor doesn’t make the list because it wasn’t original enough in its look at virtual reality.
  • Code Hunter was terrible.
  • Enemy of the State didn’t make the list because I’m sick of movies making people into conspiracy theorists.
  • Max Hedroom for being cool, new and unique at the time – and perfect for the era.
  • Netforce – Oh wait, no, that was a typo.
  • One Point O – Which might have made the actual list had the star not become a police officer in Law and Order.

Very much excluded from this list:

  • Gone in 60 Seconds had a hacker named Toby, but it also had Nicolas Cage
  • Ocean’s 13 had Roman but it also had Brad Pitt
  • Superman III had Gus, but then, it was total crap
  • XXX: State of the Union had another Toby (popular name for movie hackers) but then, it had Vin Diesel

 

Mac OS X Server Mass Deployment

Reset the Server App in Yosemite Server

The Server 3 app that comes with Yosemite (aka Yosemite Server if you’re a Yosemite Sam fan) is great. But when you go making changes to some things, you’re just going to cause problems, sometimes something as simple as just upgrading to the latest and greatest version of Server… I know, you’ve been told that host name changes and IP changes are all kinds of OK at this point; “look, Charles, there’s a button!” Well, go ahead, click it. Don’t mind me, you might just be alright. But then again, you might not… And upgrades that use a migration wizard… Um, when it works it’s a thing of beauty. But when it doesn’t, you might be restoring some stuff from backup. But just before you do that restore, let’s try one more thing. Let’s try and rebuild some certificates and configuration settings that shouldn’t impact actual service operation. Let’s try to reset the Server app and let a fresh install of the Server see if it can fix issues.

Now, I want to be clear, this is the last resort before restoration. I’ve had a lot of luck with services remaining functional and preserving settings when I do this, but don’t expect that. Basically, we’re going to do what we looked at doing back in ’09 with AppleSetupDone but one designed just for servers, so the file is in the same place (/var/db) and called .ServerSetupDone. To remove it, close Server app and run the following command:

sudo rm /var/db/.ServerSetupDone

Once removed, open the Server app again and then let the Server app run as though it’s new. Cruft, begone!

Mac OS X Mac OS X Server

Configure Alerts In OS X Yosemite Server

The Server app, when run on OS X Yosemite, comes with a few new alerting options previously unavailable in versions of OS X. The alerts are sent to administrators via servermgrd and configured in the Server app (Server 3.5). To configure alerts in Yosemite Server, open the Server app and then click on Alerts in the Server app sidebar. Next, click on the Delivery tab.

Alerts1

At the Delivery screen, click on the Edit button for Email Addresses and enter every email address that should receive alerts sent from the server. Then click on the Edit button for Push Notifications. Here, check the box for each administrator of the server. The email address on file for the user then receives push notifications of events from the server.

Alerts2
Click on OK when you’ve configured all of the appropriate administrators for alerting. Click on the Edit… button for Push and if Push notifications are not already enabled you will run through the Push Notification configuration wizard.
Alerts3
Then, check the boxes for Email and Push for each of the alerts you want to receive (you don’t have to check both for each entry). Alerts have changed in OS X Server, they are no longer based on the SMART status of drives or capacity; instead Delivery is now based on service settings.

Finally, as with previous versions of OS X Server, Mavericks Server has snmp built in. The configuration file for which is located in the /private/etc/snmp/snmpd.conf and the built-in LaunchDaemon is org.net-snmp.snmpd, where the actual binary being called is /usr/sbin/snmpd (and by default it’s called with a -f option). Once started, the default community name should be COMMUNITY (easily changed in the conf file) and to test, use the following command from a client (the client is 192.168.210.99 in the following example):

snmpwalk -On -v 1 -c COMMUNITY 192.168.210.99

Mac OS X Mac OS X Server Mac Security

Use The FTP Server In OS X Yosemite Server

Yosemite Sam Server (Server 3.5 running on OS X Yosemite) sees little change with the FTP Service. Instead of sharing out each directory the new incantation of the FTP service allows administrators to share a single directory out. This directory can be any share that has previously been configured in the File Sharing service or a website configured in the Websites service.

FTP1

To setup FTP, first open the Server app and then click on the FTP service.

FTP2

Once open, use the Share: drop-down list to select a share that already exists (output of sharing -l basically) and click on one of the shares or Custom to create a new share for FTP. Then, set the permissions as appropriate on the share and hit the ON button for the FTP service.

Now, let’s test from a client. I like to use the ftp command line interface built into OS X. To test, type ftp followed by the address of the site (and I like to put the username followed by @ before the hostname, as follows:

ftp robin@mavserver.krypted.lan

When prompted, provide a password. Then, assuming your get the following, you’re in:

230 User robin logged in.
Remote system type is UNIX
Using binary mode to transfer files.

Here, type ls to see a list of the directories contents. Or pwd to see what directory you are in (relative to the root of the ftp share). And of course, type get followed by the name of a file to transfer it locally:

get myfile.txt

Open a terminal window on the server and let’s look at the few options you have to configure FTP from the command line. We already discussed sharing -l to see a list of the available shares. Additionally, you can use the serveradmin command, where ftp is the name of the service. Let’s look at the status of the service, first:

sudo serveradmin fullstatus ftp

Now let’s look at status:

sudo serveradmin status ftp

Same thing, right? Let’s look at all the settings:

sudo serveradmin settings ftp

If you have spaces in the name of a share that you configure from the Server app the thing will fail. Good stuff, so use serveradmin to manually set shares with spaces or other special characters in the names:

sudo serveradmin settings ftp:DocumentRoot = “/Shared Items/Krypted”

Overall, this ftp implementation is meant for users who just need to access their web server where all the files live in a web root of some sort. Otherwise, I’d still recommend most people use a third party tool. But if you just need to log into one share and you don’t need a lot of fancy features on top of your protocols that haven’t changed much since 1985 then this implementation will still work for ya’ without any extra work.

Since we mentioned 1985, let’s look at some other things that are as old, although perhaps not as dated, as the FTP Protocol. Things from the year 1985:

  • Back To the Future is Released
  • Coke introduces one of the largest marketing fails of all time, New Coke. It is so bad it opens a hole in the Ozone, also discovered in this year by Al Gore
  • Rambo Part II and Rocky Part IV come out, Sly doesn’t come out
  • Mad Max Beyond Thunderdome teaches us that Tina Turner’s still got it – Bill Schroeder doesn’t have it, no relation to Ricky, he leaves the hospital part-cyborg with the first artificial heart.
  • A View To A Kill finally ends the Roger Moore era of James Bond. Computer nerds, keep in mind, he saved Silicon Valley. This movie had Christopher Walken and Duran Duran. What more could you ask for? Oh, right – Tanya Roberts! Oh, and Thomas Patrick Cavanaugh actually gets life for being a real spy.
  • Since Police Academy was a hit, the producers figured they’d screw it up by making a second movie: Police Academy 2 comes out
  • After watching Cocoon I now know I’ll never have to grow old, so I can treat my body however I want…
  • The unabomber is at the half way point of his career with 2 bombings this year, The Rainbow Warrior sinks (no known relation to the unabomber, unless he was a French antieco-terrorist), flight 847 is hijacked and Gorbachev becomes the leader of the largest pain in President Reagan’s bung hole: Russia (OMG Commies – Run!!!). In order to pay for the tail end of the cold war, Reagan lowers taxes and sends America into debt for the first time since 1914, a debt we are still in (evil Democrats, always incurring more American debt!). Meanwhile, Margaret Thatcher has shoulder pads surgically implanted because health care is free in Great Britain and all. Actually, National Health Service contributes little to England’s national debt, which was about as low in percentage of GDP as it had been since before WWI under her and due to her terms as PM. It was at its highest in the early 1800s, far before shoulder pads were in fashion… Having said that, the US, who went into debt for the first time had to sell Reagan’s autobiography rights in order to pay for his colon surgery since there’s not NHS here… He could have asked Gotti, who became the leader of the Gambinos in 1985 for a loan, but I hear he was too busy playing Tetris, which also came out in 1985…
  • British Telecom phases out red telephone boxes – almost as a result a single season of Dr. Who airs on TV.
  • In 1985, Paul Simon, Stevie Wonder, Ray Charles, Bob Dylan, Michael Jackson, Billy Joel, Cyndi Lauper, Willie Nelson, Lionel Richie, Smokey Robinson, Kenny Rogers, Diana Ross, Paul Simon, Bruce Springsteen, Tina Turner, Daryl Hall, Kenny Loggins, Huey Lewis and of course Al Jarreau sang We Are The World. Prince wouldn’t show and Waylon Jennings stormed out. Jane Fonda hosted a HBO special in between workout videos. Live Aid happens too, and is far cooler. But, at least Rich Ramirez (the Night Stalker) got nabbed in LA.Top singles on the charts include Madonna, Wham!, Simple Minds, Duran Duran, Phil Collins, Dire Straits, Starship, Lionel Richie, Foreigner and REO Speedwagon.
  • Top TV shows include the sweaters from the Cosby Show, Family Ties, Murder She Wrote, Dynasty, The Golden Girls, Miami Vice, Cheers, Knots Landing, Growing Pains and of course, DALLAS
  • The Ford Taurus and the Mercury Sable bring a new low point to American automobile engineering – luckily The Nintendo came out and no one cared for a decade or more…
  • The Commodore Amiga is launched.
  • The Free Software Foundation is founded by rms, author of great cookie recipes, tips on women and GNU Manifestos.
  • And most importantly, Steve Jobs starts NeXT
Mac OS X Mac OS X Server Mac Security Mass Deployment Network Infrastructure

Setup The VPN Server and Client On Yosemite Server

OS X Server has long had a VPN service that can be run. The server is capable of running the two most commonly used VPN protocols: PPTP and L2TP. The L2TP protocol is always in use, but the server can run both concurrently. You should use L2TP when at all possible.
Sure, “All the great themes have been used up and turned into theme parks.” But security is a theme that it never hurts to keep in the forefront of your mind. If you were thinking of exposing the other services in Yosemite Server to the Internet without having users connect to a VPN service then you should think again, because the VPN service is simple to setup and even simpler to manage.

Setting Up The VPN Service In Yosemite Server

To setup the VPN service, open the Server app and click on VPN in the Server app sidebar. The VPN Settings  screen has two options available in the “Configure VPN for” field, which has two options:

  • L2TP: Enables only the L2TP protocol
  • L2TP and PPTP: Enables both the L2TP protocol and the PPTP protocol

vpn1

The VPN Host Name field is used by administrators leveraging profiles. The setting used becomes the address for the VPN service in the Everyone profile. L2TP requires a shared secret or an SSL certificate. In this example, we’ll configure a shared secret by providing a password in the Shared Secret field. Additionally, there are three fields, each with an Edit button that allows for configuration:

  • Client Addresses: The dynamic pool of addresses provided when clients connect to the VPNvpn2
  • DNS Settings: The name servers used once a VPN client has connected to the server. As well as the Search Domains configuration.vpn3
  • Routes: Select which interface (VPN or default interface of the client system) that a client connects to each IP address and subnet mask over. vpn4
  • Save Configuration Profile: Use this button to export configuration profiles to a file, which can then be distributed to client systems (OS X using the profiles command, iOS using Apple Configurator or both using Profile Manager).

Once configured, open incoming ports on the router/firewall. PPTP runs over port 1723. L2TP is a bit more complicated (with keys bigger than a baby’s arm), running over 1701, but also the IP-ESP protocol (IP Protocol 50). Both are configured automatically when using Apple AirPorts as gateway devices. Officially, the ports to forward are listed at http://support.apple.com/kb/TS1629.

Using The Command Line

I know, I’ve described ways to manage these services from the command line before. But, “tonight we have number twelve of one hundred things to do with your body when you’re all alone.” The serveradmin command can be used to manage the service as well as the Server app. The serveradmin command can start the service, using the default settings, with no further configuration being required:

sudo serveradmin start vpn

And to stop the service:

sudo serveradmin stop vpn

And to list the available options:

sudo serveradmin settings vpn

The output of which shows all of the VPN settings available via serveradmin (which is many more than what you see in the Server app:

vpn:vpnHost = "mavserver.krypted.lan"
vpn:Servers:com.apple.ppp.pptp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedSearchDomains = _empty_array
vpn:Servers:com.apple.ppp.pptp:DNS:OfferedServerAddresses = _empty_array
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.pptp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.pptp:enabled = yes
vpn:Servers:com.apple.ppp.pptp:Interface:SubType = "PPTP"
vpn:Servers:com.apple.ppp.pptp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-RSA"
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.pptp:PPP:CCPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.pptp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.pptp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize128 = 1
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.pptp:PPP:MPPEKeySize40 = 0
vpn:Servers:com.apple.ppp.pptp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.pptp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.pptp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.pptp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.pptp:PPP:CCPProtocols:_array_index:0 = "MPPE"
vpn:Servers:com.apple.ppp.pptp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:0 = "192.168.210.240"
vpn:Servers:com.apple.ppp.pptp:IPv4:DestAddressRanges:_array_index:1 = "192.168.210.254"
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.pptp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingAddress = "1.2.3.4"
vpn:Servers:com.apple.ppp.l2tp:Server:MaximumSessions = 128
vpn:Servers:com.apple.ppp.l2tp:Server:LoadBalancingEnabled = 0
vpn:Servers:com.apple.ppp.l2tp:Server:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:Server:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedSearchDomains = _empty_array
vpn:Servers:com.apple.ppp.l2tp:DNS:OfferedServerAddresses = _empty_array
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:SharedSecret = "1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:0:Address = "1.1.1.1"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:SharedSecret = "2"
vpn:Servers:com.apple.ppp.l2tp:Radius:Servers:_array_index:1:Address = "2.2.2.2"
vpn:Servers:com.apple.ppp.l2tp:enabled = yes
vpn:Servers:com.apple.ppp.l2tp:Interface:SubType = "L2TP"
vpn:Servers:com.apple.ppp.l2tp:Interface:Type = "PPP"
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoFailure = 5
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorEAPPlugins:_array_index:0 = "EAP-KRB"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorACLPlugins:_array_index:0 = "DSACL"
vpn:Servers:com.apple.ppp.l2tp:PPP:VerboseLogging = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:IPCPCompressionVJ = 0
vpn:Servers:com.apple.ppp.l2tp:PPP:ACSPEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoInterval = 60
vpn:Servers:com.apple.ppp.l2tp:PPP:LCPEchoEnabled = 1
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorProtocol:_array_index:0 = "MSCHAP2"
vpn:Servers:com.apple.ppp.l2tp:PPP:AuthenticatorPlugins:_array_index:0 = "DSAuth"
vpn:Servers:com.apple.ppp.l2tp:PPP:Logfile = "/var/log/ppp/vpnd.log"
vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdleTimer = 7200
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecretEncryption = "Keychain"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:SharedSecret = "com.apple.ppp.l2tp"
vpn:Servers:com.apple.ppp.l2tp:IPSec:AuthenticationMethod = "SharedSecret"
vpn:Servers:com.apple.ppp.l2tp:IPSec:RemoteIdentifier = ""
vpn:Servers:com.apple.ppp.l2tp:IPSec:IdentifierVerification = "None"
vpn:Servers:com.apple.ppp.l2tp:IPSec:LocalCertificate = <>
vpn:Servers:com.apple.ppp.l2tp:IPv4:ConfigMethod = "Manual"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:0 = "192.168.210.224"
vpn:Servers:com.apple.ppp.l2tp:IPv4:DestAddressRanges:_array_index:1 = "192.168.210.239"
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteAddresses = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteTypes = _empty_array
vpn:Servers:com.apple.ppp.l2tp:IPv4:OfferedRouteMasks = _empty_array
vpn:Servers:com.apple.ppp.l2tp:L2TP:Transport = "IPSec"
vpn:Servers:com.apple.ppp.l2tp:L2TP:IPSecSharedSecretValue = "yaright"

To disable L2TP, set vpn:Servers:com.apple.ppp.l2tp:enabled to no:

sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:enabled = no

To configure how long a client can be idle prior to being disconnected:

sudo serveradmin settings vpn:Servers:com.apple.ppp.l2tp:PPP:DisconnectOnIdle = 10

By default, each protocol has a maximum of 128 sessions, configureable using vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions:

sudo serveradmin settings vpn:Servers:com.apple.ppp.pptp:Server:MaximumSessions = 200

To see the state of the service, the pid, the time the service was configured, the path to the log files, the number of clients and other information, use the fullstatus option:

sudo serveradmin fullstatus vpn

Which returns output similar to the following:

vpn:servicePortsAreRestricted = "NO"
vpn:readWriteSettingsVersion = 1
vpn:servers:com.apple.ppp.pptp:AuthenticationProtocol = "MSCHAP2"
vpn:servers:com.apple.ppp.pptp:CurrentConnections = 0
vpn:servers:com.apple.ppp.pptp:enabled = yes
vpn:servers:com.apple.ppp.pptp:MPPEKeySize = "MPPEKeySize128"
vpn:servers:com.apple.ppp.pptp:Type = "PPP"
vpn:servers:com.apple.ppp.pptp:SubType = "PPTP"
vpn:servers:com.apple.ppp.pptp:AuthenticatorPlugins = "DSAuth"
vpn:servers:com.apple.ppp.l2tp:AuthenticationProtocol = "MSCHAP2"
vpn:servers:com.apple.ppp.l2tp:Type = "PPP"
vpn:servers:com.apple.ppp.l2tp:enabled = yes
vpn:servers:com.apple.ppp.l2tp:CurrentConnections = 0
vpn:servers:com.apple.ppp.l2tp:SubType = "L2TP"
vpn:servers:com.apple.ppp.l2tp:AuthenticatorPlugins = "DSAuth"
vpn:servicePortsRestrictionInfo = _empty_array
vpn:health = _empty_dictionary
vpn:logPaths:vpnLog = "/var/log/ppp/vpnd.log"
vpn:configured = yes
vpn:state = "STOPPED"
vpn:setStateVersion = 1

Security folk will be stoked to see that the shared secret is shown in the clear using:

vpn:Servers:com.apple.ppp.l2tp:L2TP:IPSecSharedSecretValue = "a dirty thought in a nice clean mind"

Configuring Users For VPN Access

Each account that accesses the VPN server needs a valid account to do so. To configure existing users to use the service, click on Users in the Server app sidebar.

vpn5

At the list of users, click on a user and then click on the cog wheel icon, selecting Edit Access to Services.

vpn6

At the Service Access screen will be a list of services that could be hosted on the server; verify the checkbox for VPN is highlighted for the user. If not, click Manage Service Access, click Manage and then check the VPN box.

vpn7

Setting Up Client Computers

As you can see, configuring the VPN service in Yosemite Server (OS X Server 2.2) is a simple and straight-forward process – much easier than eating your cereal with a fork and doing your homework in the dark.. Configuring clients is as simple as importing the profile generated by the service. However, you can also configure clients manually. To do so in OS X, open the Network System Preference pane. From here, click on the plus sign (“+”) to add a new network service.vpn8

At the prompt, select VPN in the Interface field and then either PPTP or L2TP over IPSec in the VPN Type. Then provide a name for the connection in the Service Name field and click on Create.

vpn9

At the list of network interfaces in the Network System Preference pane, provide the hostname or address of the server in the Server Address field and the username that will be connecting to the VPN service in the Account Name field. If using L2TP, click on Authentication Settings.

vpn10

At the prompt, provide the password entered into the Shared Secret field earlier in this article in the Machine Authentication Shared Secret field and the user’s password in the User Authentication Password field. When you’re done, click OK and then provided you’re outside the network and routeable to the server, click on Connect to test the connection.

Conclusion

Setting Up the VPN service in OS X Yosemite Server is as simple as clicking the ON button. But much more information about using a VPN can be required. The natd binary is still built into Yosemite at /usr/sbin/natd and can be managed in a number of ways. But it’s likely that the days of using an OS X Server as a gateway device are over, if they ever started. Sure “feeling screwed up at a screwed up time in a screwed up place does not necessarily make you screwed up” but using an OS X Server for NAT when it isn’t even supported any more probably does. So rather than try to use the server as both, use a 3rd party firewall like most everyone else and then use the server as a VPN appliance. Hopefully it can do much more than just that to help justify the cost. And if you’re using an Apple AirPort as a router (hopefully in a very small environment) then the whole process of setting this thing up should be super-simple.

Articles and Books

Three New Take Control Books Titles On Yosemite

Kudos to Take Control (including Joe Kissell and Schools McFarland here) for being on the spot with getting Yosemite titles out in alignment with the release of the actual operating system. To put you in control of Apple’s new OS X 10.10 Yosemite they have three books for you today: the first two are straightforward and useful, and the third has more real-world, practical advice for the modern Mac user than anything we’ve published recently. To quote the release information today, they are:

*  “Take Control of Upgrading to Yosemite,” by Joe Kissell
*  “Yosemite: A Take Control Crash Course,” by Scholle McFarland
*  “Digital Sharing for Apple Users: A Take Control Crash Course,” also by Joe Kissell

Download them from your Take Control Library > http://www.takecontrolbooks.com/account

TC3-Yosemite-1.1-Cover-160x124

We’re really excited (and tired, after finishing publication after midnight last night) about these books because they can help lots of Mac users, and we’d really appreciate it if you could tell people about them. In particular, in the two Take Control Crash Courses, each chapter has tweet-worthy tips and built-in sharing buttons so you can spread useful information to your extended networks. It’s pretty innovative for a book — take a look! Anyway, about these titles…

Do you want to upgrade to Yosemite with confidence? You can’t go wrong with “Take Control of Upgrading to Yosemite,” now in its 8th major installment. The title has helped tens of thousands of Mac users since 2003, and gives you the benefit of Joe Kissell’s superlative background. You’ll ensure that your hardware and software are ready for Yosemite, protect against problems with a bootable duplicate, eliminate digital clutter, prepare your Mac, and decide on your best installation method, no matter what version of Mac OS X you’re upgrading from, all the way back to 10.4 Tiger. You’ll find full installation directions plus advice on over a dozen things to do immediately after installation and troubleshooting techniques. Joe also explains upgrading from the Yosemite public beta and “upgrades” that involve moving your data to a new Mac from an old Mac or Windows PC. It’s 152 pages and costs $15.

Get more information > http://tid.bl.it/tco-yosemite-upgrading-info

The next two books are in our new Take Control Crash Course series, which brings you the first-rate content you expect from us in shorter chunks so you can dip in and read quickly. Because so many Take Control readers provide tech support to others, each concise chapter has sharing buttons and practical tweet-tips, making it easy to freely share a few pages with Facebook friends, Twitter followers, and others who really need the information. Take Control Crash Courses feature a modern, magazine-like layout in PDF while retaining a reflowable design in the EPUB and Mobipocket.

Read “Yosemite: A Take Control Crash Course,” to get more out of your Mac as you go about your everyday activities. Written by former Macworld editor Scholle McFarland, this book introduces Yosemite’s new interface and discusses new features like iCloud Drive, Handoff, iPhone voice/SMS relay, and Notification Center’s Today view. You’ll learn about key changes in core Apple apps with chapters about Safari, Mail, Messages, and Calendar. You’ll also find answers to questions brought on by recent additions to OS X, such as how to control notifications, tips for using Finder tags, and working with tabbed Finder windows. The book closes with two under-the-hood topics, setting up a new user account (for a child, guest, or troubleshooting) and troubleshooting (with techniques including Safe Boot and OS X Recovery). It’s 77 pages and $10.

Get more information > http://tid.bl.it/yosemite-crash-course-info

Beyond what’s new in Yosemite is the larger problem facing most of us — how to work effectively in today’s modern ecosystem of devices, services, and collaborators. Frankly, sharing with other people and devices is messy, because everyone wants something different. That’s why “Digital Sharing for Apple Users: A Take Control Crash Course” may be our most important book of the year, and why we are so grateful to Joe Kissell for taking on the challenge of describing how to share nearly anything you can think of in nearly every imaginable situation. Here are just a few of the gems in this book:

*  How iCloud Photo Sharing and My Photo Stream are entirely different
*  How to share photos fleetingly, privately, permanently, or with your fridge
*  The best ways to sync a project’s worth of files with others
*  Services to provide ubiquitous access to your own files across devices
*  Quick ways to make a file available for download by anyone
*  How to share calendars with others, whether or not they use iCloud
*  A brief tutorial on enabling Family Sharing
*  Tweaky workarounds for contact sharing, which is surprisingly difficult
*  How to rip a DVD to your MacBook Air using an older Mac’s SuperDrive
*  How to turn your iPhone or Mac into a Wi-Fi hotspot
*  Ways of watching your uncle work remotely, as you help him with iTunes
*  Approaches to syncing Web browser bookmarks and tabs with multiple devices
*  How to securely share a collection of passwords with someone else

The list of essential but often frustrating modern tasks goes on and on, and the solutions go beyond what Apple offers, so the book does too. Non-Apple products mentioned include 1Password, AirFoil, BitTorrent Sync, Cargo Lifter, CloudyTabs, Dropbox, Exchange, Facebook, Flickr, Google+, Google Calendar, Google Chrome, Google Docs, Instagram, iPhoto Library Manager, Outlook, Pandora, PhotoCard, Printopia, Reflector, Rdio, Spotify, Syncmate, Syncphotos, Transporter, Twitter, Xmarks, and more.

And, thanks to the new Take Control Crash Course format, you can jump right to the chapter that answers your question, without having to read through lots of other information. It’s 87 pages and only $10.

Get more information > http://tid.bl.it/digital-sharing-crash-course-info

Thank you for your support of Take Control… we couldn’t do it without you!

cheers… -Adam & Tonya Engst, Take Control publishers