krypted.com

Tiny Deathstars of Foulness

The past couple of years has forced me to rethink many of my recommendations for how you backup computers in small office and home environments. Previously, I would have said that you could use a disk attached to an Apple AirPort. But the AirPort Base Station is no longer being made. Previously, I would have said you could use Time Machine Server, a service built into macOS Server in 5.4 and below. But that service is no longer being made in macOS Server by Apple and is now found in the Sharing System Preference pane . Previously, I might have even said to use the home edition of CrashPlan, which could have backed up to their cloud and/or a home server. But that plan is no longer being offered by Code 42.

So what are we to do? Well, luckily now the offerings out there are just endless. One of those offerings is so easy, you can run out to Best Buy, return home with a WD (Western Digital) MyCloud.com drive, and be up and running in about 5 minutes. I’ll cover other options when I cover file services and Synology. But in the meantime, let’s look at setting up a WD MyCloud.com drive, account, and configuring both to work with Time Machine. 

Setup Your WD Hard Drive
First, we’ll setup the drive. This is pretty straight forward. Plug the ethernet cable into your network, wait for the drive to boot up, and then go to the MyHome setup page.

Here, you’ll be prompted to setup a My Cloud Home account. Enter a name, email address, and password. Then click on Create Account.

 
You’ll then be prompted for the device you plugged in, which is discovered on the network. Click Connect.


Choose whether you want to share product improvement data. Ever since my team as a product manager I’m a huge fan of doing so, so I clicked Share.

Once that’s done, you’ll be prompted to get the desktop app. While not absolutely necessary, it’s not a bad idea. If you want the app, click Download.

Once the app is done downloading, open the directory and open the installer.

Click Install Now.

Once complete, you’ll see the menu bar. Click it and then add your device if you don’t see it by clicking on “I don’t see my device” 

When prompted, enter your email address and password that you created earlier and then click on Sign In.

Click Skip.

Next, in the notifications area for updating the software make sure to run that. There was a pretty bad vulnerability awhile back and that will make sure you’re good. Then click on the name of your WD MyCloud Home.


Add IFTTT Alerts

I want to see when new updates, channels or options are added, so I’m going to enable that. To do so, click on Services in the sidebar. and then click on Enable for IFTTT.

Assuming the terms of service are acceptable, click “I Agree”

When prompted, choose to connect to IFTTT.

From the IFTTT site, click Connect.

Choose which options to give IFTTT for the MyCloud API.

Browse the channels and enable each that you’d like and then click “Turn on.”

Mount the MyCloud Drive
Next, open a “Connect to Server” dialog box (Command-K from the Finder) and click on Browse.

Click on the MyCloud-XXX where XXX is the identifier for your MyCloud account.

Click on the timemachinebackup folder.

The folder should initially be empty. Now let’s open the Time Machine System Preference pane.

Click on “Select Backup Disk…”

Choose Your MyDisk From Time Machine

Choose the TimeMachineBackup directory for the MyCloud Device and click on “Use Disk.”

You’ll then want to create a user for backing up. To do so, go back to the mycloud.com site and click on settings. Then click on “Add user…” and enter an email address.

The email address will get an email to setup an account. Do so and then once you’ve configured the user, enter the email address and password when prompted.

Now wait for the first backup to finish. If you ever see any errors, check them; otherwise, you should backup to the device as with a locally attached drive, but you won’t need to plug directly into the drive to run backups.

Conclusion
This doesn’t solve for a lot of use cases that Time Machine Server would have been better for. But it’s a simple task that should cost you a little over a hundred bucks and get you backing up. I’m still a fan of cloud services. Backblaze, Carbonite, and others will backup your data for an annual fee of a little less than what a MyDrive costs. I’ll cover those in later articles, but for now, you’ve got a backup on your network, which even if you use one of those services is a great option in the event of hardware failure, as you can quickly get back up and running with a full system restore!

March 12th, 2018

Posted In: Mac OS X, Network Infrastructure

Tags: , , , , , ,

The Server app that installs on High Sierra is great. But sometimes a change doesn’t get committed properly or has a mismatch with a certificate, and the server doesn’t respond properly… I know, you’ve been told that host name changes and IP changes are all kinds of OK at this point; “look, Charles, there’s a button!” Well, go ahead, click it. Don’t mind me, you might just be alright. But then again, you might not if you’re running Open Directory, Profile Manager, or a few other services… When it works it’s a thing of beauty. But when it doesn’t, you might be restoring some stuff from backup. But just before you do that restore, let’s try one more thing. Let’s try and rebuild some certificates and configuration settings that shouldn’t impact actual service operation. Let’s try to reset the Server app and let a fresh install of the Server see if it can fix issues. Now, I want to be clear, this is usually the last resort before restoring a backup. I’ve had a lot of luck with services remaining functional and preserving settings when I do this, but don’t expect that to be the case every time. Basically, we’re going to do what we looked at doing back in ’09 with AppleSetupDone but one designed just for servers, so the file is in the same place (/var/db) and called .ServerSetupDone. To remove it, close Server app and run the following command:

sudo rm /var/db/.ServerSetupDone


Once removed, open the Server app again and then let the Server app run as though it’s new. Cruft, begone! Make sure to check things like server logs in the event that the service goes unresponsive again, and be wary of performing this step multiple times as there’s likely another underlying issue that you shouldn’t be resetting the server to resolve.

September 26th, 2017

Posted In: Mac OS X Server

Tags: , , , ,

The codesign command is used to sign apps and check the signature of apps. Apps need to be signed more and more and more these days. So, you might need to loop through your apps and verify that they’re signed. You might also choose to stop trusting given signing authorities if one is compromised. To check signing authorities, you can use codesign -dv --verbose=4 /Applications/Firefox.app/ 2>&1 | sed -n '/Authority/p' The options in the above command:
  • -d is used to display information about the app (as opposed to a -s which would actually sign the app)
  • -v increases the verbosity level (without the v’s we won’t see the signing “Authority”)
  • –verbose=4 indicates the level of verbosity
  • 2>&1 redirects stderr to stdout
  • /Applications/Firefox.app/ – the path to the app we’re checking (or signing if you’re signing)
Then we pipe the output into a simple sed and get the signing chain. Or don’t. For example, if you’re scripting don’t forget a sanity check for whether an object isn’t signed. For example, if we just run the following for a non-signed app: codesign -dv --verbose=4 /Applications/Utilities/XQuartz.app/ The output would be as follows:
/Applications/Utilities/XQuartz.app/: code object is not signed at all

January 12th, 2017

Posted In: Apps, Mac OS X, Mac OS X Server

Tags: , , , , , , ,

I don’t like hunting through multiple apps to turn off a light in my house. Therefore, I’ve been trying to get everything centralized in the Wink app. When it comes to managing Philips Hue lights, the Wink can turn them on and off, as well as change the percentage that a bulb is lit, acting as a dimmer. Philips Hue lights run through a bridge, known as the Hue Bridge. This device bridges the Wi-fi network and allows the Philips Hue app to control your lights. Once your Hue lights are configured, open the Wink app and tap on Add a Product. IMG_9383 At the Add a Product screen, tap on Lights. IMG_9384 At the Lights screen, tap on Hue Lights. IMG_9385 At the Philips Lights screen, tap on Next. IMG_9386 At the next screen, tap on Sign In. IMG_9387 At the Link Account screen, enter the email address and password and then tap on Log in. IMG_9388 At the Welcome screen, tap on Yes. IMG_9389 At the next screen, tap on Connect Now IMG_9390 Tap on the only button on the Hue Bridge. IMG_9391 Once the Wink app can communicate with the Hue bridge, tap on the Done button. IMG_9392 The lights that are running through your Hue Bridge will then be displayed in the Lights screen. IMG_9393 You can organize your lights into Groups. For example, if you have multiple bulbs in a single room, you might choose to group them together. To do so, tap on New Group. IMG_9394 Provide a name for your new group and check the box for each light to add to the group. IMG_9395 The app has then been setup and you can control your lights.

July 8th, 2016

Posted In: Alexa, Home Automation

Tags: , , , , ,

The practical uses of Wearables and Home Automation never cease to amaze me. I recently added a Kinsa thermometer to my collection of useful toys. This little device uses the 1/8th inch jack like the original Jawbone did. It works like a regular thermometer, but displays temperature on an app that runs on the iPhone. It’s simple to setup and once setup, works the same as any other thermometer. IMG_8868 Due to the power of the Internets, you can then select symptoms and check for common ailments that match. IMG_8869 You can also look at your history, tracking the rise and fall of your temperature. IMG_8872 Overall, a cool little device and a cool little app.

July 4th, 2016

Posted In: Home Automation, iPhone, Wearable Technology

Tags: , , ,

One of those fun things that Alexa can do is set alarms for you. I usually sleep around 4 or 5 hours a night, so no amount of alarms is enough to roust me out of bed. Therefore, adding Alexa on my Amazon Echo to the extensive list of alarms I have around my house is welcome. Let’s look at some things you can tell Alexa to do for ya’, when it comes to alarms. First, let’s set an alarm for noon:
“Alexa, set an alarm for noon tomorrow.”
Alexa will then repeat back the alarm she just configured. Now, let’s setup a repeating alarm for every Tuesday morning at 6am:
“Alexa, set an alarm for every Tuesday at 6am.”
Now, let’s check a list of all the alarms running on your Amazon Echo account:
“Alexa, list my alarms.”
If an alarm for tomorrow is at 11am, we can then delete it using:
“Alexa, delete the 11am alarm for tomorrow”
To snooze an alarm, just say:
“Snooze”
You can also ask about what alarms you have for a given day. So that alarm we set for Tuesday…
“What alarms do I have for Tuesday?”
Or to ask about which ones that repeat:
“What repeating alarms do I have?”
Alexa then lists your repeating alarms. To delete an alarm, change the sound, or set the volume, use either the Alexa app or use http://alexa.amazon.com and click on Timers & Alarms. Then click on “Manage alarm volume and default sound”. Screen Shot 2016-05-28 at 10.42.39 PM Let’s say we wanted to explore alarms. click on Alarm and then (as seen) click on the alarm you’d like to hear a sample. Screen Shot 2016-05-28 at 10.43.39 PM You can also configure timers. So if you’re cooking some salmon, you might say:
“Alexa, set a timer for 20 minutes”
You can also use the web interface or app to pause, cancel, or stop timers.  

May 29th, 2016

Posted In: Alexa, Home Automation

Tags: , , , , , , , , ,

The LDIFDE utility exports and imports objects from and to Active Directory using the ldif format, which is kinda’ like csv when it gets really drunk and can’t stay on one line. Luckily, ldif can’t drive. Actually, each attribute/field is on a line (which allows for arrays) and an empty line starts the next record. Which can make for a pretty messy looking file the first time you look at one. The csvde command can be used to export data into the csv format instead. In it’s simplest form the ldifde command can be used to export AD objects just using a -f option to specify the location (the working directory that we’re running the ldifde command from if using powershell to do so or remove .\ if using a standard command prompt): ldifde -f .\ADExport.ldf This exports all attributes of all objects, which overlap with many in a target Active Directory and so can’t be imported. Therefore, you have to limit the scope of what you’re exporting, which you can do in a few ways. The first is to only export a given OU. To limit, you’ll define a dn with a -d flag followed by the actual dn of the OU you’re exporting and then you’d add a -p for subtree. In the following example we’ll export all of the objects from the sales OU to the SalesOUExport.ldf file: ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -f .\SalesOUExport.ldf Restoring objects still results in an error that the server is “Unwilling To Perform” the import because “The modification was not permitted for security reasons.” Basically, this just means “hey I’m not going to import into some of the fields that I know I have to reserve for objects managed by the system, such as creation date (whencreated), last changed date (whenchanged), etc. So we can take some of these and omit them from our export. You can use ADMT or just look at an ldif or csv file to determine which attributes from the schema that you think need to be omitted, but at a minimum it should include objectguid, uSNCreated, uSNChanged, whencreated and when changed (and a lot of the Exchange attributes if you’ve extended the schema for your forest). To omit use the -o and enclose the omitted attributes in parenthesis. In the following example, we’ll export to the SalesOUExportO.ldf file, and add the -o flag to the previous command: ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -f .\SalesOUExportO.ldf You can also omit using the -m flag, which includes only the essential attributes, so we’ll add that to the command as well: ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -m -f .\SalesOUExportO.ldf Use the -l option to limit the attributes being exported to only those specified. The -r option restricts the export to a given category or class. For example, if we only wanted to export users, we can restrict to objectClass-User ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -r "(objectClass=user)" -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -m -f .\SalesOUExportOM.ldf Now I’m feeling like we have a good restricted set of data that we’re moving. Let’s go ahead and give importing a shot on a target server. To do so, we’ll just use -i to specify this is an import, followed by -k to say “don’t stop if you have a problem with just one record”, -f to define a file and -j to write a log. We’ll use the working directory for the file path and the log path, assuming this is being done by calling the .exe from within powershell: ldifde -i -k -f .\SalesOUExportOM.ldf -j .\ Once complete, the exported objects should appear once you close and re-open Active Directory Users and Computers. You can also export one object, then programmatically create objects in an ldif file as needed by importing them into Active Directory using ldifde.

February 27th, 2016

Posted In: Active Directory

Tags: , , , , , , , ,

SQL constraints the data that can be in a table. A violation of a constraint causes an action to be aborted. Constraints can be defined upon creation or using the ALTER TABLE statement once created. The general syntax of a CREATE (or use ALTER instead of CREATE) when defining constraints is as follows: CREATE TABLE tablename ( columnname datatype(size) constraintname, columnname datatype(size) constraintname, columnname datatype(size) constraintname, columnname datatype(size) constraint name, columnname datatype(size) constraint name, ); Obviously, replace columnname with the name of each of your column, datatype with the types of data your column contains and constraint name with the constraint you wish to use. You have the following constraints available:
  • CHECK: Verify that values meet the defined condition
  • DEFAULT: Sets a default value for new rows in a column
  • FOREIGN KEY: Verify referential integrity of data in a table to match values in another
  • NOT NULL – Columns cannot store a NULL value (be empty)
  • PRIMARY KEY – Columns cannot store a NULL value AND values in rows must be unique
  • UNIQUE – Each row in a column must be unique
For example, the NOT NULL constraint would be defined as follows: CREATE TABLE testingnotnull ( telephonenumber int NOT NULL, ); If you have an app sitting in front of a database, then use these with caution, as if SQL just terminates an operation your app might have unexpected integrity issues.

February 21st, 2016

Posted In: SQL

Tags: , , , , , , , , ,

How secure is your data on Bushel? Your data on anything is only ever as secure as your password. At Bushel, we take a lot of precautions to protect your data, including from ourselves. We time out your session, we encrypt your session on a per-transaction basis, and we encrypt your data while at rest on our servers (although consider it like the secure enclave in iOS, where we encrypt the data that needs to be encrypted – such as FileVault keys and activation lock bypass information). These basic precautions keep your communication with Bushel secure and prevent people from doing things like hijacking your session. Read My Article On How Bushel Protects Customer Data On The Bushel Blog

August 19th, 2015

Posted In: Bushel, iPhone, JAMF

Tags: , , , , , ,

The Apple Watch is just another wearable with a limited feature set. In much the same way that the iPhone is just another phone. But they’re not. They have apps. And the apps are what make these devices so powerful. Installing apps on an Apple Watch is pretty straight forward. But before we do, it’s worth mentioning that there are two types. the first is a glance. This is just another view for an app that is on your iPhone that the Apple Watch talks to. The second is an actual app. These have more functionality and more options. There are also built-in apps that can be shown or hidden. Apps are managed from the phone. To install either type of app, simply open the Apple Watch app on your phone. From there, you will see any apps that have either an app or a glance available on a device. IMG_3508 Tap on an entry and you’ll see whatever is available for that app. New apps aren’t displayed on your Apple Watch. Use the slider to control whether it is displayed or not. IMG_3509 Some apps have more options. If so, tap on the app and enable those options if needed. When you enable these apps, you’ll see the icon start loading on the watch, in much the same way that an icon starts to load on a phone when you purchase the app from the App Store. IMG_3510 Also, some apps, when you download an update to the app, will even prompt you to install a glance for the app on your phone. IMG_3511   The apps show up on right side of the default apps on the watch. IMG_3647 Here’s the Nike app. This app only works properly when you open the app on the phone. It sits at a loading screen and only opens when the app on the phone opens. When it shows up, you can then do whatever the app is built to do. In this case, start and stop runs. IMG_3648 That’s it. Straight forward. Just be patient. Takes awhile for Apple Watches to communicate with phones and to move data back and forth between them.

May 14th, 2015

Posted In: Apple Watch

Tags: , , , , ,

Next Page »