The Server app that installs on High Sierra is great. But sometimes a change doesn’t get committed properly or has a mismatch with a certificate, and the server doesn’t respond properly… I know, you’ve been told that host name changes and IP changes are all kinds of OK at this point; “look, Charles, there’s a button!” Well, go ahead, click it. Don’t mind me, you might just be alright. But then again, you might not if you’re running Open Directory, Profile Manager, or a few other services… When it works it’s a thing of beauty. But when it doesn’t, you might be restoring some stuff from backup. But just before you do that restore, let’s try one more thing. Let’s try and rebuild some certificates and configuration settings that shouldn’t impact actual service operation. Let’s try to reset the Server app and let a fresh install of the Server see if it can fix issues.
Now, I want to be clear, this is usually the last resort before restoring a backup. I’ve had a lot of luck with services remaining functional and preserving settings when I do this, but don’t expect that to be the case every time. Basically, we’re going to do what we looked at doing back in ’09 with AppleSetupDone but one designed just for servers, so the file is in the same place (/var/db) and called .ServerSetupDone. To remove it, close Server app and run the following command:
sudo rm /var/db/.ServerSetupDone
Once removed, open the Server app again and then let the Server app run as though it’s new. Cruft, begone! Make sure to check things like server logs in the event that the service goes unresponsive again, and be wary of performing this step multiple times as there’s likely another underlying issue that you shouldn’t be resetting the server to resolve.
krypted September 26th, 2017
Posted In: Mac OS X Server
app, macos server, not responding, reset unresponsive server app, spinning pinwheel
The codesign command is used to sign apps and check the signature of apps. Apps need to be signed more and more and more these days. So, you might need to loop through your apps and verify that they’re signed. You might also choose to stop trusting given signing authorities if one is compromised. To check signing authorities, you can use
codesign -dv --verbose=4 /Applications/Firefox.app/ 2>&1 | sed -n '/Authority/p'
The options in the above command:
- -d is used to display information about the app (as opposed to a -s which would actually sign the app)
- -v increases the verbosity level (without the v’s we won’t see the signing “Authority”)
- –verbose=4 indicates the level of verbosity
- 2>&1 redirects stderr to stdout
- /Applications/Firefox.app/ – the path to the app we’re checking (or signing if you’re signing)
Then we pipe the output into a simple sed and get the signing chain. Or don’t. For example, if you’re scripting don’t forget a sanity check for whether an object isn’t signed. For example, if we just run the following for a non-signed app:
codesign -dv --verbose=4 /Applications/Utilities/XQuartz.app/
The output would be as follows:
/Applications/Utilities/XQuartz.app/: code object is not signed at all
krypted January 12th, 2017
Posted In: Apps, Mac OS X, Mac OS X Server
app, Apple, check app signatures, codesign, MAC, productsign, signing, who signed my app
I don’t like hunting through multiple apps to turn off a light in my house. Therefore, I’ve been trying to get everything centralized in the Wink app. When it comes to managing Philips Hue lights, the Wink can turn them on and off, as well as change the percentage that a bulb is lit, acting as a dimmer.
Philips Hue lights run through a bridge, known as the Hue Bridge. This device bridges the Wi-fi network and allows the Philips Hue app to control your lights. Once your Hue lights are configured, open the Wink app and tap on Add a Product.
At the Add a Product screen, tap on Lights.
At the Lights screen, tap on Hue Lights.
At the Philips Lights screen, tap on Next.
At the next screen, tap on Sign In.
At the Link Account screen, enter the email address and password and then tap on Log in.
At the Welcome screen, tap on Yes.
At the next screen, tap on Connect Now
Tap on the only button on the Hue Bridge.
Once the Wink app can communicate with the Hue bridge, tap on the Done button.
The lights that are running through your Hue Bridge will then be displayed in the Lights screen.
You can organize your lights into Groups. For example, if you have multiple bulbs in a single room, you might choose to group them together. To do so, tap on New Group.
Provide a name for your new group and check the box for each light to add to the group.
The app has then been setup and you can control your lights.
krypted July 8th, 2016
Posted In: Alexa, Home Automation
alexa, app, hue bridge, ios, lighting control, philips hue lights
The practical uses of Wearables and Home Automation never cease to amaze me. I recently added a Kinsa thermometer to my collection of useful toys. This little device uses the 1/8th inch jack like the original Jawbone did. It works like a regular thermometer, but displays temperature on an app that runs on the iPhone. It’s simple to setup and once setup, works the same as any other thermometer.
Due to the power of the Internets, you can then select symptoms and check for common ailments that match.
You can also look at your history, tracking the rise and fall of your temperature.
Overall, a cool little device and a cool little app.
krypted July 4th, 2016
Posted In: Home Automation, iPhone, Wearable Technology
app, history, iPhone, temperature
One of those fun things that Alexa can do is set alarms for you. I usually sleep around 4 or 5 hours a night, so no amount of alarms is enough to roust me out of bed. Therefore, adding Alexa on my Amazon Echo to the extensive list of alarms I have around my house is welcome. Let’s look at some things you can tell Alexa to do for ya’, when it comes to alarms. First, let’s set an alarm for noon:
“Alexa, set an alarm for noon tomorrow.”
Alexa will then repeat back the alarm she just configured. Now, let’s setup a repeating alarm for every Tuesday morning at 6am:
“Alexa, set an alarm for every Tuesday at 6am.”
Now, let’s check a list of all the alarms running on your Amazon Echo account:
“Alexa, list my alarms.”
If an alarm for tomorrow is at 11am, we can then delete it using:
“Alexa, delete the 11am alarm for tomorrow”
To snooze an alarm, just say:
You can also ask about what alarms you have for a given day. So that alarm we set for Tuesday…
“What alarms do I have for Tuesday?”
Or to ask about which ones that repeat:
“What repeating alarms do I have?”
Alexa then lists your repeating alarms.
To delete an alarm, change the sound, or set the volume, use either the Alexa app or use http://alexa.amazon.com and click on Timers & Alarms. Then click on “Manage alarm volume and default sound”.
Let’s say we wanted to explore alarms. click on Alarm and then (as seen) click on the alarm you’d like to hear a sample.
You can also configure timers. So if you’re cooking some salmon, you might say:
“Alexa, set a timer for 20 minutes”
You can also use the web interface or app to pause, cancel, or stop timers.
krypted May 29th, 2016
Posted In: Alexa, Home Automation
alarms, alexa, amazon echo, app, configure alarm, configure voices for alarms, repeating, set alarm, set timer, sounds
The LDIFDE utility exports and imports objects from and to Active Directory using the ldif format, which is kinda’ like csv when it gets really drunk and can’t stay on one line. Luckily, ldif can’t drive. Actually, each attribute/field is on a line (which allows for arrays) and an empty line starts the next record. Which can make for a pretty messy looking file the first time you look at one. The csvde command can be used to export data into the csv format instead. In it’s simplest form the ldifde command can be used to export AD objects just using a -f option to specify the location (the working directory that we’re running the ldifde command from if using powershell to do so or remove .\ if using a standard command prompt):
ldifde -f .\ADExport.ldf
This exports all attributes of all objects, which overlap with many in a target Active Directory and so can’t be imported. Therefore, you have to limit the scope of what you’re exporting, which you can do in a few ways. The first is to only export a given OU. To limit, you’ll define a dn with a -d flag followed by the actual dn of the OU you’re exporting and then you’d add a -p for subtree. In the following example we’ll export all of the objects from the sales OU to the SalesOUExport.ldf file:
ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -f .\SalesOUExport.ldf
Restoring objects still results in an error that the server is “Unwilling To Perform” the import because “The modification was not permitted for security reasons.” Basically, this just means “hey I’m not going to import into some of the fields that I know I have to reserve for objects managed by the system, such as creation date (whencreated), last changed date (whenchanged), etc. So we can take some of these and omit them from our export. You can use ADMT or just look at an ldif or csv file to determine which attributes from the schema that you think need to be omitted, but at a minimum it should include objectguid, uSNCreated, uSNChanged, whencreated and when changed (and a lot of the Exchange attributes if you’ve extended the schema for your forest). To omit use the -o and enclose the omitted attributes in parenthesis. In the following example, we’ll export to the SalesOUExportO.ldf file, and add the -o flag to the previous command:
ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -f .\SalesOUExportO.ldf
You can also omit using the -m flag, which includes only the essential attributes, so we’ll add that to the command as well:
ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -m -f .\SalesOUExportO.ldf
Use the -l option to limit the attributes being exported to only those specified.
The -r option restricts the export to a given category or class. For example, if we only wanted to export users, we can restrict to objectClass-User
ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -r "(objectClass=user)" -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -m -f .\SalesOUExportOM.ldf
Now I’m feeling like we have a good restricted set of data that we’re moving. Let’s go ahead and give importing a shot on a target server. To do so, we’ll just use -i to specify this is an import, followed by -k to say “don’t stop if you have a problem with just one record”, -f to define a file and -j to write a log. We’ll use the working directory for the file path and the log path, assuming this is being done by calling the .exe from within powershell:
ldifde -i -k -f .\SalesOUExportOM.ldf -j .\
Once complete, the exported objects should appear once you close and re-open Active Directory Users and Computers. You can also export one object, then programmatically create objects in an ldif file as needed by importing them into Active Directory using ldifde.
krypted February 27th, 2016
Posted In: Active Directory
app, Apple, Classroom management, csv, Import Records Into Apple School Manager, ios, ldif, MAC, os x
SQL constraints the data that can be in a table. A violation of a constraint causes an action to be aborted. Constraints can be defined upon creation or using the ALTER TABLE statement once created. The general syntax of a CREATE (or use ALTER instead of CREATE) when defining constraints is as follows:
CREATE TABLE tablename
columnname datatype(size) constraintname,
columnname datatype(size) constraintname,
columnname datatype(size) constraintname,
columnname datatype(size) constraint name,
columnname datatype(size) constraint name,
Obviously, replace columnname with the name of each of your column, datatype with the types of data your column contains and constraint name with the constraint you wish to use. You have the following constraints available:
- CHECK: Verify that values meet the defined condition
- DEFAULT: Sets a default value for new rows in a column
- FOREIGN KEY: Verify referential integrity of data in a table to match values in another
- NOT NULL – Columns cannot store a NULL value (be empty)
- PRIMARY KEY – Columns cannot store a NULL value AND values in rows must be unique
- UNIQUE – Each row in a column must be unique
For example, the NOT NULL constraint would be defined as follows:
CREATE TABLE testingnotnull
telephonenumber int NOT NULL,
If you have an app sitting in front of a database, then use these with caution, as if SQL just terminates an operation your app might have unexpected integrity issues.
krypted February 21st, 2016
Posted In: SQL
app, check, create table, default, MySQL, not null, SQL, statement, unique, webapp
How secure is your data on Bushel? Your data on anything is only ever as secure as your password. At Bushel, we take a lot of precautions to protect your data, including from ourselves. We time out your session, we encrypt your session on a per-transaction basis, and we encrypt your data while at rest on our servers (although consider it like the secure enclave in iOS, where we encrypt the data that needs to be encrypted – such as FileVault keys and activation lock bypass information). These basic precautions keep your communication with Bushel secure and prevent people from doing things like hijacking your session.
Read My Article On How Bushel Protects Customer Data On The Bushel Blog
krypted August 19th, 2015
Posted In: Bushel, iPhone, JAMF
app, Blog, bushel, iPad, iPhone, protecting customer data, SaaS
The Apple Watch is just another wearable with a limited feature set. In much the same way that the iPhone is just another phone. But they’re not. They have apps. And the apps are what make these devices so powerful. Installing apps on an Apple Watch is pretty straight forward. But before we do, it’s worth mentioning that there are two types. the first is a glance. This is just another view for an app that is on your iPhone that the Apple Watch talks to. The second is an actual app. These have more functionality and more options. There are also built-in apps that can be shown or hidden.
Apps are managed from the phone. To install either type of app, simply open the Apple Watch app on your phone. From there, you will see any apps that have either an app or a glance available on a device.
Tap on an entry and you’ll see whatever is available for that app. New apps aren’t displayed on your Apple Watch. Use the slider to control whether it is displayed or not.
Some apps have more options. If so, tap on the app and enable those options if needed. When you enable these apps, you’ll see the icon start loading on the watch, in much the same way that an icon starts to load on a phone when you purchase the app from the App Store.
Also, some apps, when you download an update to the app, will even prompt you to install a glance for the app on your phone.
The apps show up on right side of the default apps on the watch.
Here’s the Nike app. This app only works properly when you open the app on the phone. It sits at a loading screen and only opens when the app on the phone opens. When it shows up, you can then do whatever the app is built to do. In this case, start and stop runs.
That’s it. Straight forward. Just be patient. Takes awhile for Apple Watches to communicate with phones and to move data back and forth between them.
krypted May 14th, 2015
Posted In: Apple Watch
app, Apple, apple watch, Bluetooth, communicate, howto
Next Page »
When I started to write this, I had this idea that I’d write an article that looked at the features and the usability of the Pebble and those of the Apple Watch. Both have the ability to load custom apps, both have app stores, both do many of the same other tasks, etc.
The problem with that premise for this article is that they simply aren’t even remotely comparable. Let’s look at why:
- Apps: The Apple Watch can support apps and glances from apps. You can load as many as the thing can take, you can get different types of apps and there are already hundreds (if not thousands – I don’t have the patience to count) of apps that have support for the Apple Watch. The Pebble on the other hand is limited to 8 concurrent apps and I have never actually found more than 5 that I wanted to use that didn’t involve a watch face.
- Watch faces: I don’t change watch faces really. Most of the apps on a Pebble are all about custom watch faces. Pick your favorite school, your favorite Disney character, etc. The watch faces available for the Apple Watch are great and all, but the default face, with instant access to the calendar, your exercise stats, the weather, and of course the time, are is really what the device is about and the best usability option, something Apple has always excelled at. It would be great if the other time zone option on the Apple Watch had some really cool stuff you could swap it out with. If you force tap on the screen, you can certainly select other things, but all the cool stuff is placed in other areas of the default watch face.
- The screen: The screen on the Apple Watch is just a beautiful screen, with full color, lots of pixels, etc. The screen on the Pebble more closely resembles options from an Atari 2600. So, think Wii vs 2600 (aka e-paper)…
- The app that manages the wearable: The Apple Watch app has in app controls for what’s available on phones, can configure which apps/glances are shown, unpair/re-pair, configure notifications, manage Do Not Disturb, put the device into Do Not Disturb mode, configure passcodes, manage sounds and vibrations, configure brightness and size. It’s pretty robust. The app for the Pebble does much less, but is on par given the features available on the device in general.
- Light: The type of light emitted by the Pebble actually makes it a little easier to see in sunlight to me. But if you have sunglasses on then forget about it. Which I usually do when there’s a lot of sunlight. But this is a showstopper for some. Like those who (legitimately) still look for raised keyboards on phones…
- Battery life: The Pebble kicks the crap out the Apple Watch when it comes to battery life. I’ve not charged my Pebble once in a week and it was happily camping straight into the next week. My Apple Watch must be charged daily.
- Older iPhones: The Pebble can work on any iOS 6 compatible device (and up). The Apple Watch needs an iOS 8 device. So if you have an older phone, you’ll likely want a Pebble. Or take this as the opportunity to stop listening to 90s era Brittany Spears and upgrade your phone when you buy a watch.
- App security: There are apps that can muck up a Pebble. This ranges from screen distortion to apps crashing. I tend to think that if an app can cause a device to crash then it could be intentionally designed to do more worser (yes, that was on purpose) things to the device as well. I could be wrong and haven’t spent any real time doing security research on the device, but it seems like a bad thing. Meanwhile, apps that go to an Apple Watch go through the App Store and so have at least some semblance of review.
- Music Control: I like the Pebble more in this respect. It instantly sends commands to music on your phone. The Apple Watch always seems to be just a little bit delayed (not bad, but I can notice the delay). Having said that, the Apple Watch also has a Remote app, so you can also control music streaming out of computers onto Apple TVs.
- Instant Messaging: The Pebble can show you messages. The Apple Watch can as well, but goes a step or 10 further and actually allows you to send voice messages, text messages, animated Emoji and even your heartbeat (which people keep creepily sending me – except that one guy who has none – but we all knew he was a lich so whatever on that).
- Fitness: The fitness options on the Pebble are mostly from apps. The apps are a bit limited, but you can do a few pretty cool things. There are more built-in options on the Apple Watch; however, the 3rd party apps for Fitness tracking are pretty considerable and growing daily.
- Pay for all the stuffs: Apple Pay isn’t the most widely accepted form of payment around, but it is gaining in popularity and pretty cool. Not sure if NFC is really going to be changing the world, but it might, and a wearable that isn’t specifically a fitness tracker is likely going to need it over the coming year.
- Price: The Pebble can be $89. The Apple Watch starts at $350 and goes up to thousands (10 of ’em actually).
Overall, the Pebble is inexpensive. At 4 times the cost is the Apple Watch, which has less battery power but way more features. So it’s not Apples to Apples (no pun intended) to compare these. If you’re interested in a really inexpensive wearable and not worried about all the crazy features that come on them, check out the Pebble. But, the Apple Watch, as with many an Apple product, is very much worth the price tag. Unless you’re getting a gold one…
krypted May 11th, 2015
Posted In: Apple Watch
app, Apple, apple watch, comparison, e-paper, iPhone, MAC, pebble, screen