Tag Archives: MAC

Mac OS X Mac OS X Server Mac Security Mass Deployment

Remove the Delay For the Dock To Pop Up

April 7, 2013 – 6:00 am

I recently started hiding my Dock. I haven’t done that in over a decade, but I was ready for a change. But I’m not the most patient person in the world and waiting for the Dock to pop back up became a bit of a drag. So I looked around in com.apple.Dock and found an autohide-delay option. Setting that to -float 0 restored some sanity back into an already hectic enough world:

defaults write com.apple.Dock autohide-delay -float 0

Then restart the Dock:

killall Dock

When you kill the Dock, it’s gonna’ reopen all the stuff you might have minimized down there. Well, this was close, but then this turned out to make me much happier (turns out I’m not as impatient as I thought):

defaults write com.apple.dock autohide-time-modifier -float 0.1

Hope you find this useful! If not, to undo all of this:

defaults delete com.apple.dock autohide-delay
defaults delete com.apple.dock autohide-time-modifier
killall Dock

Tags , , , , | Permalink | Comments Off
Mac OS X Mass Deployment

Change Default Location of New Documents To Not Be iCloud

February 5, 2013 – 10:26 am

Recently I had to do a bunch of manual annoying tasks in Preview. And one thing I noticed was that the process was taking a lot longer because I had to change the location that the document was saving from iCloud to my documents. About 5 in, I went ahead and combed through my global defaults real quick and found NSDocuemntSaveNewDocumentsToCloud, in NSGlobalDomain, which controls the default setting for the target location of an object to go to iCloud. To disable, which makes the default location of new documents on your local file system, use the defaults command and set that key to false:

defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false

Now, viola, sanity:
Screen Shot 2013-02-05 at 11.21.57 AM
iCloud is great. So in case you decide to change the setting back, the command to do so would be:

defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool true

Tags , , , | Permalink | Comments (3)
Active Directory Mac OS X Mac OS X Server Windows Server

Configuring Windows 2008 As An NTP Server

January 3, 2013 – 6:16 pm

When you’re configuring a Mac to leverage an existing Windows infrastructure, having the clocks in sync is an important task. Luckily, Windows Server has been able to act as an NTP server for a long time. In this article, we’ll look at configuring Server 2008 R2 to be an NTP server for Mac and Linux clients.

Note: Before you get started, or any time you’re hacking around in the registry, make sure to do a backup of your registry/SystemState!

To enable NTP on Windows Server, open your favorite registry editor and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer. From here, enter a key called Enabled as a dword with a value of 00000001.

The NTP Server should look upstream at another NTP host. To configure this, go ahead and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient and create Enabled as a dword with a value of 0000001 and SpecialPollInterval with a value of 300:

“Enabled”=dword:00000001
“SpecialPollInterval”=”300″

NTP would then need a source, so let’s go ahead and create that in the registry as well. To set that up, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters and then setup the Type key to contain NTP, the Period key to contain freq and the NtpServer key to obtain the IP address of the server followed by ,0×1, as follows (assuming an IP of 10.0.0.8 for the upstream NTP server:

“NtpServer”=10.0.0.8,0×1″
“Type”=”NTP”
“Period”=”freq”

The w32tm service doesn’t start unless your system is on a domain (and should be restarted if the system is already running as a DC). To starts the service automatically (if needed), use the sc command:

sc triggerinfo w32time start/networkon stop/networkoff

Windows systems can also use an NTP server. To configure the NTP client, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient and create Enabled as a dword with a value of 0000001 and SpecialPollInterval with a value of 300:

“Enabled”=dword:00000001
“SpecialPollInterval”=”300″

NTP would then need a source, so let’s go ahead and create that in the registry as well. To set that up, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters and then setup the Type key to contain NTP, the Period key to contain freq and the NtpServer key to obtain the IP address of the server followed by ,0×1, as follows (assuming an IP of 10.0.0.8 for the upstream NTP server:

“NtpServer”=10.0.0.8,0×1″
“Type”=”NTP”
“Period”=”freq”

Finally, you can invoke the w32tm service directly to query peers and verify that no skew has occurred with the clocks:

w32tm /query /peers

Viola, you’ve now achieved what could be done using a checkbox on an OS X Server. Hope you’ve enjoyed noodling around in the registry!

Tags , , , , , , , , , , , | Permalink | Comments Off
Articles and Books iPhone Mass Deployment

Apperian’s New Goodness: Remote Control for iPad

December 19, 2012 – 11:19 am

Tags , , , , , , | Permalink | Comments Off
iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment Network Infrastructure

The New Caching Service In OS X Server

December 17, 2012 – 5:00 am

These days, new services get introduced in OS X Server during point releases. OS X now has a Software Caching server built to make updates faster. This doesn’t replace Apple’s Software Update Server mind you, it supplements. And, it’s very cool technology. “What makes it so cool” you might ask, given that Software Update Server has been around for awhile. Namely, the way that clients perform software update service location and distribution with absolutely no need (or ability) for centralized administration.

Let’s say that you have 200 users with Mac Minis and an update is released. That’s 200 of the same update those devices are going to download over your Internet connection, at up to 2 to 3 gigs per download. If you’re lucky enough to have eaten at the Varsity in Atlanta, just imagine trying to drink one of those dreamy orange goodnesses through a coffee stirrer. Probably gonna’ be a little frustrating. Suck and suck and suck and it’ll probably melt enough to make it through that straw before you can pull it through. For that matter, according to how fast your Internet pipe is, there’s a chance something smaller, like an update to Expensify will blow out that same network, leaving no room for important things, like updates to Angry Birds!

Now, let’s say you have an OS X Server running the new Caching service. In this case, the first device pulls the update down and each subsequent device uses the WAN address to determine where the nearest caching service is. If there’s one on the same subnet, provided the subnet isn’t a Class B or higher, then the client will attempt to establish a connection to the caching service. If it can and the update being requested is on that server then the client will pull the update from the server once the signature of the update is verified with Apple (after all, we wouldn’t want some funky cert getting in the way of our sucking). If the download is stopped it will resume after following the same process on a different server, or directly from Apple. The client-side configuration is automatic so provides a seamless experience to end users.

Pretty cool, eh? But you’re probably thinking this new awesomeness is hard as all heck to install. Well, notsomuch. There are a few options that can be configured, but the server is smart enough to do most of the work for you. Before you get started, you should:

  • Be running Mountain Lion with Server 2.2 or better.
  • Install an APNS certificate first, described in a previous article I wrote here.
  • Have an ethernet connection on the server.
  • Have a hard drive with at least 50GB free in the server.
  • The server must be in a Class C or smaller LAN IP scheme (no WAN IPs can be used with this service, although I was able to multihome with the WAN off while configuring the service)

Once all of the requirements have been met, you will need to install the actual Caching Service. To do so, open Server.app from the /Applications directory and connect to the server with which you would like to install the Caching service.

Click on Caching from the SERVICES section of the Server sidebar. Here, you have 3 options you can configure before starting the service. The first is which volume with which to place updates. This should typically be a Pegasus or other form of mass storage that is not your boot volume. Use the Edit… button to configure which volume will be used. By default, when you select that volume you’ll be storing the updates in the Library/Server/Caching/Data of that volume.

The next button is used to clear out the cache currently used on the server. Click Reset and the entire contents of the aforementioned Data directory will be cleared.

Next, configure the Cache Size. Here, you have a slider to configure about as much space as you’d like, up to “Unlimited”. You can also use the command line to do some otherwise unavailable numbers, such as 2TB.

Once you’ve configured the correct amount of space, click on the ON button to fire up the service. Once started, grab a client from the local environment and download an update. Then do another. Time both. Check the Data folder, see that there’s stuff in there and enjoy yourself for such a job well done.

Now, let’s look at the command line management available for this service. Using the serveradmin command you can summon the settings for the caching service, as follows:

sudo serveradmin settings caching

The settings available include the following results:

caching:ReservedVolumeSpace = 25000000000
caching:SingleMachineMode = no
caching:Port = 0
caching:SavedCacheSize = 0
caching:CacheLimit = 0
caching:DataPath = "/Volumes/Base_Image/Library/Server/Caching/Data"
caching:ServerGUID = "FB78960D-F708-43C4-A1F1-3E068368655D"
caching:ServerRoot = "/Library/Server"

Don’t change the caching:ServerRoot setting on the server. This is derived from the root of the global ServerRoot. Also, the ServerGUID setting is configured automatically when connecting to Apple and so should not be set manually. When you configured that Volume setting, you set the caching:DataPath option. You can make this some place completely off, like:

sudo serveradmin settings caching:DataPath = "/Library/Server/NewCaching/NewData"

Now let’s say you wanted to set the maximum size of the cache to 800 gigs:

sudo serveradmin settings caching:CacheLimit = 812851086070

To customize the port used:

sudo serveradmin settings caching:Port = 6900

The server reserves a certain amount of filesystem space for the caching service. This is the only service I’ve seen do this. By default, it’s about 25 gigs of space. To customize that to let’s say, ‘around’ 50 gigs:

sudo serveradmin settings caching:ReservedVolumeSpace = 50000000000

To stop the service once you’ve changed some settings:

sudo serveradmin stop caching

To start it back up:

sudo serveradmin start caching

Once you’ve started the Caching service in OS X Server and familiarized yourself with the serveradmin caching options, let’s look at the status options. I always use fullstatus:

sudo serveradmin fullstatus caching

Returns the following:

caching:Active = yes
caching:state = "RUNNING"
caching:Port = 57466
caching:CacheUsed = 24083596
caching:TotalBytesRequested = 24083596
caching:CacheLimit = 0
caching:RegistrationStatus = 1
caching:CacheFree = 360581072384
caching:StartupStatus = "OK"
caching:CacheStatus = "OK"
caching:TotalBytesReturned = 24083596
caching:CacheDetails:.pkg = 24083596

The important things here:

  • An Active setting of “yes” means the server’s started.
  • The state is “STARTED” or “STOPPED” (or STARTING if it’s in the middle).
  • The TCP/IP port used 57466 by default. If the caching:Port setting earlier is set to 0 this is the port used by default.
  • The CacheUsed is how much space of the total CacheLimit has been used.
  • The RegistrationStatus indicates whether the server is registered via APNS for the service with Apple.
  • The CacheFree setting indicates how much space on the drive can be used for updates.
  • The caching:TotalBytesRequested option should indicate how much data has been requested from clients while the caching:TotalBytesReturned indicates how much data has been returned to clients.

Look into the /Library/Server/Caching/Config/Config.plist file to see even more information, such as the following:

<key>LastConfigURL</key>
<string>http://suconfig.apple.com/resource/registration/v1/config.plist</string>
<key>LastPort</key>
<integer>57466</integer>
<key>LastRegOrFlush</key>
<date>2012-12-16T04:33:13Z</date>

There are also a number of other keys that can be added to the Config.plist file including CacheLimit, DataPath, Interface, ListenRanges, LogLevel, MaxConcurrentClients, Port and ReservedVolumeSpace. These are described further at http://support.apple.com/kb/HT5590.

As you can see, this provides the host name of the server and path on that server that the Caching server requires access to, the last port connected to and the last date that the contents were flushed.

In the Data directory that we mentioned earlier is a SQLite database, called AssetInfo.db. In this database, a number of files are mentioned. These are in a file hierarchy also in that Data directory. Client systems access data directly from that folder.

Finally, the Server app contains a log that is accessed using the Logs option in the Server app sidebar. If you have problems with the service, information can be accessed here (use the Caching Service Log to access Caching logs).

The Caching Service uses the AssetCache service, located at

/Applications/Server.app/Contents/ServerRoot/usr/libexec/AssetCache/AssetCache,

then starts as the new user _assetcache user. It’s LaunchDaemon is at

/Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.AssetCache.plist.

Note: In my initial testing it appeared that after rebooting devices, that iOS updates were being cached; however, several have reported that this is not yet possible. I’ll try and replicate and report my findings later.

Tags , , , , , , , , , , , , , , , | Permalink | Comments Off
Mac OS X Mac OS X Server Mac Security personal public speaking

MacTech Spotlight – Fall 2012

December 12, 2012 – 9:46 pm

Looks like I’m on the back page of the latest issue of MacTech Magazine (see Table of Contents at http://www.mactech.com/issue-TOCs-2012). And it turns out I’m not there for the reason I usually adorn the back page of magazines; I’m fully clothed and for the most part it’s technical: I’m the MacTech Spotlight. If I keep this up, I’ll be able to keep my clothes on full time in the future. Not sure what will happen to my spot at Sunset and LaBrea now, though…

Anyway, despite featuring me, MacTech is a great magazine. Where else can you find information on Adobe packaging, QuickLook development, building a Squid proxy, HTML5 and CSS3 design, OpenBSM, keeping nasty network attacks out of Mountain Lion and AppleScriptObjC. I mean seriously, great stuff!

Tags , , , , | Permalink | Comments Off
certifications iPhone Mac OS X Mac OS X Server Mac Security Mass Deployment public speaking

Penn State MacAdmins Back for 2013

November 12, 2012 – 8:08 am

Last year, I had a great time at the Penn State MacAdmins conference. There were tons of smart people to mingle with and everyone had plenty to discuss when it came to managing the Mac. There were a lot of people from education but also plenty from companies. The talks were well run and the conference location, the Penn Stater, was awesome. I love how it’s like a big winding maze.

Having gone to school in a town like State College (Athens, GA), I’ve always had a warm spot for cute college towns. And State College is clearly a special place. I’d recommend a trip there to anyone that loves places like Ann Arbor, Norman, Stillwater, Opelika, Corvallis, Blacksburg, Madison, Manhattan (Kansas), Ithaca, Iowa City, Ames, Morgantown, Lafayette (Indiana), Lawrence, Champaign, Logan, College Station and of course, Oxford Mississippi (Ole Miss is a truly special place).

So you’re lucky then, ’cause the Penn State MacAdmins Conference is back for 2013, being held in beautiful State College, PA at Penn State University. The Conference is May 22nd through 24th with a new introductory Boot Camp being held the day before (May 21st) to prep admins for the rest of the conference. And May is one of the best times to visit a place like this. Spring is in the air, kids are getting ready to graduate, the flowers are in bloom and of course, there’s no more snow to be shoveled. A month later and the school would practically be shut down, the town a ghost town.

But in late May, college towns are electric. So don’t just stay at the Penn Stater the whole time, go explore downtown and that Nittany Lion thing – and the spot where Joe Pa’s statue used to be. Take a carriage ride, swing by the Governor’s Pub, have some red meat at Otto’s and of course, perform the underclassmen ritual of throwing up on College Ave! And yes, there’s a College Ave, as there should be. Anyway, the social element of a conference like this is great. Meet those people you tell to RTFM on the ‘ole Enterprise List, the people whose feeds you read and the people whose feeds you deleted  ’cause they talk about college football too much…

The Call for Proposals is now open, so to submit a talk, use http://macadmins.psu.edu/conference/submit-proposals.

This year, there will also be sponsors. To sponsor, see http://macadmins.psu.edu/conference/sponsorships.

Or to attend, see http://macadmins.psu.edu/conference/registration.

To sign up for the conference newsletter, see http://psu.us4.list-manage.com/subscribe?u=acd8b6acc541596a7bdf8e517&id=d37a7e26fd.

And for an example of what you are in store for:

PS – There are 12 teams in the Big 10. While at State College, make sure to remind everyone wearing blue of this fact.

Tags , , , , , , , , , , | Permalink | Comments Off
Mac OS X Mac OS X Server

Regression Testing Video From MacTech

October 18, 2012 – 12:59 pm

I made this video for my presentation at MacTech this year. The video demonstrates how to do a mission critical IT role in an organization in an automated fashion. Hopefully it helps you to automate such things in your life as well.

Tags , , , , , , | Permalink | Comments Off
Mac OS X Mac OS X Server Mac Security Mass Deployment

Configuring Time In OS X Mountain Lion & OS X Mountain Lion Server

August 18, 2012 – 5:00 am

Time is a very important aspect of OS X Server, as it has been since the early days. Time is so important that if you see network time server, NTP or 5 minutes as the answer on an Apple exam, you should just pick that one, as it’s invariably correct. The traditional way to configure time zones and Network Time Servers is to use systemsetup command. Before you set a time zone, run the following to see a list of all available time zones, use the -listtimezones option in systemsetup:

sudo systemsetup -listtimezones

To set the time zone, pick one and use the -settimezone option in systemsetup:

sudo systemsetup -settimezone "America/Chicago"

To check the current time, then run -gettime:

sudo systemsetup -gettime

The -settime option can then be used to set the time, although it’s invariably better to set the time zone automatically with a network time protocol (NTP) server, using the -setnetworktimeserver option:

sudo systemsetup -setnetworktimeserver time.krypted.com

You would then need to turn using NTP servers on, using -setusingnetworktime option and setting the value there to on

sudo systemsetup -setusingnetworktime on

Now let’s look at a different way to do this. Run the following, in OS X Server:

sudo serveradmin settings info:timeZone = "America/New_York"

That shouldn’t work. Now ya’ know, OS X Server isn’t fully matured yet, so they’ll get around to it… But what does work is setting the NTP server and enabling NTP services. To enable NTP:

sudo serveradmin settings info:ntpTimeServe = yes

To set the NTP server:

info:ntpServerName = "time.krypted.com"

Note: The NTP server must be accessible when set.

Tags , , , , , , , , , , , , | Permalink | Comment (1)
Mac OS X Mac OS X Server Mac Security Mass Deployment

Installing and Managing NetBoot Services in OS X Mountain Lion Server

August 9, 2012 – 5:15 am

The NetBoot service has allowed administrators of Mac OS X computers to leverage images hosted on a server to boot computers to a central location since OS X was first introduced by Apple. Since the very first versions of OS X, the service has been called NetBoot. In the Server app, Apple has added a number of options surrounding the NetBoot service. It is now called NetInstall.

The first step to configuring the NetBoot service is to decide what you want the NetBoot service to do. There are three options:

  • Create a NetBoot Image: Allows Macs to boot over the network to a disk image hosted on a server.
  • Create a NetInstall Image: Leverage NetBoot as a boot disk so that an image hosted on a server can be used to run an OS X installer.
  • Create a NetRestore Image: Leverage NetBoot as a boot disk so that you can restore a computer that has been configured over a network. Use this option to restore an image that has been prepared.

For the purposes of this example, we’re going to use an OS X Mountain Lion installer to boot an OS X computer over the network. The first step in doing so is to create a Network Disk Image. Before setting it up, download the Install OS X Mountain Lion installer app into the /Applications directory from the App Store.

To then set up the NetBoot disk image, often referred to as the NetBoot set, open the Server app and then click on System Image Utility from the Tools menu of OS X.

When System Image Utility opens, click on the Install OS X Mountain Lion entry in the list of available sources. Then, in the list of options, click on NetBoot Image and then click on the Continue button.

At the Image Settings screen, enter the name the NetBoot set will have in the Network Disk field. Then, enter a description of what is on the NetBoot set in the Description field. If the image will be served from multiple servers, check the box for “Image will be served from more than one server.”

Then provide an account name, short name and password in the Image Settings screen. Once provided, click Create to generate the Network Disk Image.

When prompted, click on the Agree button to accept the licensing agreement.

Then, when prompted, select a location to store the Disk Image and click on Save.

The computer will then start creating the NetBoot set. Once finished, it’s time to set up the NetInstall service in OS X Mountain Lion Server. To get started, go back to the Server app.

First, define which disk will host NetBoot Images. To do so, click on the Edit Storage Settings button. At the Storage Settings overlay, select the volume that Images will be hosted as well as the volume that Client Data will be hosted. The Image is what you are creating and the Client Data is dynamic data stored in images.

If you only have one disk, as in this example, click on “Images & Client Data” for that disk. Then click on the OK button.

Once you’ve selected a disk to store your image, we need to copy the disk image into the Library/NetBoot/NetBootSP0 folder of the disk used for images. Once in the appropriate folder, click on the Edit button for the Enable NetInstall on: field

Check the box for the interface you want to serve images over (if you only have one then it’s pretty obvious which interface this will be. Click on the OK button to save your settings. Then, click on the Images tab.

Each server can host multiple images. The Images tab displays a list of NetBoot images stored in the Library/NetBoot/NetBootSP0 directory. By default, images have a red indicator light. This means they’re not being served over any specific protocol yet. Double-click on an image.

At the image settings screen, check the box for “Make available over” and for many environments, select NFS as the protocol. Note, you can also restrict access to the image to certain models of Apple computers and/or certain MAC addresses by using the “Image is visible to” and “Restrict access to this images” options respectively.

Additionally, use the Make this image available for diskless booting option to allow computers without hard drives to boot to the image.

Click on the Done button and the image will appear as green in the list of images. Click on the image and then click on the cog-wheel icon. Click on “Use as Default Boot Image” to set an image to be the default images computers boot to when booting to NetBoot.

Now, it’s as easy as clicking on the ON button. Do so to start the service.

Once started, open a Terminal window. Here, let’s get a status of the service using the serveradmin fullstatus option (along with the service name, which is still netboot from the command line):

sudo serveradmin fullstatus netboot

The output of which shows the various components, logs and states of components:

netboot:state = "RUNNING"
netboot:stateTFTP = "RUNNING"
netboot:readWriteSettingsVersion = 1
netboot:netBootConnectionsArray = _empty_array
netboot:logPaths:netBootLog = "/var/log/system.log"
netboot:dhcpLeasesArray = _empty_array
netboot:stateDHCP = "STOPPED"
netboot:stateHTTP = "STOPPED"
netboot:serviceCanStart = 1
netboot:timeOfSnapshot = "2012-08-09 03:59:45 +0000"
netboot:stateNFS = "RUNNING"
netboot:stateImageArray:_array_index:0:_array_index:0 = 0
netboot:stateImageArray:_array_index:0:_array_index:1 = 0
netboot:stateImageArray:_array_index:0:_array_index:2 = 0
netboot:stateImageArray:_array_index:0:_array_index:3 = 0
netboot:stateImageArray:_array_index:0:_array_index:4 = 2
netboot:stateImageArray:_array_index:1:_array_index:0 = 1
netboot:stateImageArray:_array_index:1:_array_index:1 = 1
netboot:stateImageArray:_array_index:1:_array_index:2 = 1
netboot:stateImageArray:_array_index:1:_array_index:3 = 0
netboot:stateImageArray:_array_index:1:_array_index:4 = 2
netboot:stateImageArray:_array_index:2:_array_index:0 = 0
netboot:stateImageArray:_array_index:2:_array_index:1 = 0
netboot:stateImageArray:_array_index:2:_array_index:2 = 0
netboot:stateImageArray:_array_index:2:_array_index:3 = 0
netboot:stateImageArray:_array_index:2:_array_index:4 = 2
netboot:stateImageArray:_array_index:3:_array_index:0 = 0
netboot:stateImageArray:_array_index:3:_array_index:1 = 0
netboot:stateImageArray:_array_index:3:_array_index:2 = 0
netboot:stateImageArray:_array_index:3:_array_index:3 = 0
netboot:stateImageArray:_array_index:3:_array_index:4 = 2
netboot:servicePortsRestrictionInfo = _empty_array
netboot:netBootClientsArray = _empty_array
netboot:servicePortsAreRestricted = "NO"
netboot:setStateVersion = 1
netboot:startedTime = "2012-08-09 03:58:01 +0000"
netboot:stateAFP = "RUNNING"

And to start the service when not running:

sudo serveradmin start netboot

There are also a number of settings available at the command line that are not in the graphical interface. For example, to allow writing to the NetBoot share:

sudo serveradmin settings netboot:netBootStorageRecordsArray:_array_index:0:readOnlyShare = no

Or to get more verbose logs:

sudo serveradmin settings netboot:logging_level = "HIGH"

And last but not least, to stop the service:

sudo serveradmin stop netboot

In the beginning of this article, I mentioned that ways to configure NetInstall images. I’ll cover NetInstall and NetRestore in later articles as they tend to be more involved workflow-wise than copying a volume into a Network Disk Image.

Tags , , , , , , , , , | Permalink | Comments (15)

Next Page »

Next Page »