Tiny Deathstars of Foulness

Stoked that we got to interview Michael Lynn (@mikeymikey) for the MacAdmins podcast. It turned out to be a great episode on the future of Mac management and MDM. I’m glad we were able to have him join in! Pepijn and Marcus did a great job as well, so all round, a great episode. Hope you enjoy!

Or find it on the Podcast site at

October 24th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security, MacAdmins Podcast

Tags: , , , , , ,

You can grant access to certain columns to view in SQL without providing access to specific users to see the whole database. This is pretty useful when delegating reporting to users, without giving them access to all of the data in your database. For example, a user might be able to see a column with an address, but not a column with a credit card number, increasing database security while allowing you to delegate certain tasks when appropriate.

In this article, we’ll use the same “Customers” table from our first articles, signupdate:

ID Site Contact Address City Zip Country SignupDate
1 Krypted Charles Edge my house Minneapolis 55418 US 2005-01-01
2 Apple Tim Cook spaceship Cupertino 95014 US 2015-12-05
3 Microsoft Satya Nadella campus Redmond 98053 US 2014-11-01
4 Facebook Mark Zuckerberg foodhall Menlo Park 94025 US 2010-03-10
5 JAMF Dean Hager Grain Exchange Minneapolis 55418 US 2016-01-01

Next, we’ll create a view called SignupDate that only has customers that signed up on January 1st of 2005. This view returns the data set of contacts and signup dates:

CREATE VIEW signupdate AS SELECT * FROM Customers WHERE OrderDate='2005-01-01';

The syntax is similar to a SELECT, but with CREATE VIEW followed by the name of the view and then AS followed by the SELECT statement. The view is a virtual table containing the output of the query rather than data. Once created, use use the signupdate view in a query:

SELECT * FROM signupdate;

This SQL statement returns the following results:

1 Krypted Charles Edge my house Minneapolis 55418 US 2005-01-01

You can also use the view to contain a query with just the columns you want, according to how you structure your query, thus granting access to specific columns, without granting access to all of the columns in a table.

March 14th, 2016

Posted In: SQL

Tags: , , , , , ,

Push Notifications can be used in most every service in the Server app, especially in 3.5 for Yosemite (which I still like to call Yosemite Server as it makes me think of Yosemite Sam in a tux, pouring champagne). Any service that requires Push Notifications will provide the ability to setup APNS during the configuration of the service. But at this point, I usually just set up Push Notifications when I setup a new server.


To enable Push Notifications for services, you’ll first need to have a valid AppleID. Once you have an AppleID, open the Server app and then click on the name of the server. At the Overview screen, click on Settings.


At the Settings screen for your server, click on the check-box for “Enable Apple push notifications.” At the Apple Push Notification Services certificate screen, enter an AppleID if you have not yet configured APNS and click on OK. The Apple Push Notification Service certificate will then be configured.


The certificate is valid for one year, by default. Administrators receive an alert when the certificate is due to expire. To renew, open the same screen and click on the Renew button.

October 18th, 2014

Posted In: iPhone, Mac OS X, Mac OS X Server

Tags: , , , , , , , , , ,

LeftHand Storage uses the cliq command line for configuring their devices. cliq isn’t necessarily interactive and so we end up needing to specify the username, password and IP of the device with each command (although you can setup a key as well if you’re going to be doing automated tasks). One task that I’ve found to be pretty common is to use cliq to enable Chap authentication for volumes. To do so you’ll use the assignVolumeChap verb. Along with the assignVolumeChap verb you will need a number of options, each with an = for the payload of the option and delimited with a space between them.

When using the assignVolumeChap verb you will need to supply a volume that you will be enabling authentication on, which is done using the volumeName option. You will also need to assign a password that will be entered on devices in order to connect to the target/volume, done using the targetSecret option. With most commands you will also need to specify the address of the storage node, the administrative user for that storage node and the password for it as well, these done using login, userName and passWord options respectively. You can obtain information about volumes using the getLocalVolumes verb:

cliq getLocalVolumes

To put all of these together, let’s look at an example where the storage node has an IP address of, an administrative user name of admin and an administrative password of ADMINPASSWORD. For this storage node we have a volume that we have created called MYSHAREDVOLUME and want to use a password of PASSWORDFORLUN to access it.

cliq assignVolumeChap volumeName=MYSHAREDVOLUME targetSecret=PASSWORDFORLUN login= userName=admin passWord=ADMINPASSWORD

Some other important verbs we’ve had to use are createCluster, connectVolume, configureRaid, createRemoteSnapshot (which is good to do before making any changes btw) and of course, createVolume (which you would need to do before assigning authentication to the volume). Each item that has a create typically has an associated delete (eg – deleteVolume, deleteRaid, etc) and an associated modify (eg – modifyVolume, modifyRaid, etc), which can be used to remove the added item and edit it (respectively). Overall, there are a lot of verbs that can be used with cliq, making it a somewhat robust scripting interface if you need to automate events.

Another verb I find that I use a lot when I’m first setting up a device is the getPerformanceStats verb, which has a single option in interval, the number of milliseconds between sampling the performance statistics.

May 5th, 2010

Posted In: Unix, Windows Server, Xsan

Tags: , , , , , , , , , , , , ,

Forgot the admin password in Mac OS X? Well, Apple let’s you boot computers into what is known as Single User Mode. To boot a Mac into Single User Mode, boot the machine holding down Command-S. Once the system boots up, you should see a command prompt. Here, run fsck:

fsck -fy

Then mount the file system:

mount -uw /

Then reset the password using the passed command

passwd <username>

For example, if the user is root:

passwd root

When prompted, provide the desired administrative password.

February 22nd, 2005

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , , ,