Tag Archives: settings

iPhone Network Infrastructure personal

16 Child Proofing iPad and iPod Touch Tips For Parents

Recently I woke up and my daughter was sitting on me watching something on the iPad. As I woke ever so slightly I realized that she was watching Transformers the movie on Netflix. I’m not typically a helicopter dad, hovering over her every move, but I did realize amidst the explosions that ya’, I might want to take some of the things I learned writing the book on locking these things down and put a few very basic measures in place to keep her from seeing something she shouldn’t. After all, she’s gotten about as good at navigating around the thing as I am (and these days she’s getting pretty acclimated with iOS 7).

So let’s look at some basic precautions that parents can take to keep their kids sandboxed into just the material they feel confident with. For starters, the built-in security precautions. These are basically all in the Security app and each comes with repercussions that I’ll go into with each step, so you can decide for yourself if you actually give a crap about them.

Passcodes

The nuclear option is to enable a passcode so the child can only use the device when supervised. I did not do this myself for the home iPad for a variety of reasons: sometimes she locks the device while I’m driving, sometimes she wants to use the device when she wakes up at 6am after I was up hacking stuff ’till 4am and well, because I want the device to be as much hers as mine. So I don’t want to enable a passcode that the she does not know, but you might.

To set a passcode, open the Settings app from the home screen and tap on General in the Settings sidebar (or to not setup a passcode, skip to the next section).

IMG_0002

Or to lock the screen when the iOS device goes to sleep, tap Passcode Lock.

IMG_0003

If you’re going to enable a passcode, at the Passcode Lock screen, tap on Turn Passcode On and when prompted provide the passcode.

IMG_0007

Once you’ve enabled a passcode it’s worth noting that if the passcode is entered improperly too many times the device will be wiped. However, it’s now encrypted and meets certain policy restrictions (e.g. if you use it with an Exchange server at work as well).

Restrictions

Restrictions allow you to disable various features of iOS, including Safari, the Camera, FaceTime, iTunes, iBookstore, App Store, App deletion, Siri and even using explicit language with poor Siri. Additionally, you can control what kind of media can be purchased on the iTunes store. To get started, tap on Restrictions in the General app.

IMG_0004

Here, you will see that pretty much everything is allowed by default. You have the option to disable very specific items.

IMG_0008

When you enable Restrictions you will be prompted for a Passcode, which can be used to override or disable the restrictions at a later date. This, clearly, you wouldn’t want to share with the child.

IMG_0009

Tap Enable Restrictions and note that we’re going to go ahead and enable a few and then postpone a couple of others until the end of the article because they will keep us from completing steps we want to complete later. The restrictions many will want to enable (which disables the feature):

  • Safari: It’s not that we don’t want the kids using the web, we just want them to use a specific web browser we give them that doesn’t allow them to screw around.
  • Explicit Language: The kids shouldn’t be able to tell siri to use bad words, and trust me, they will if you don’t disable this.
  • Deleting Apps: This is more for us. Kids figure out how to do the wackiest things by accident. Including how to delete their favorite Angry Birds app and then crying for you to reinstall it (since later in this article we’re disabling the ability to install apps).
  • Music & Podcasts: Move to the Off position to block the device from playing content that is marked as Explicit.
  • Movies: I chose to uncheck all but G and PG. You may choose to allow PG-13 or disable PG. These options are different in other countries.
  • TV Shows: I chose to allow TV-PG and below. Some of the Saturday morning cartoons have a much higher rating than you might think.
  • Books: Move to the Off position to disable the ability for the device to open Explicit Sexual Content.
  • Apps: I chose to use 9+ although this is almost a non-issue as we’ll be disabling the App Store later in this article.
  • In-App Purchases: I turn this off more so I don’t get random emails from the iTunes Store about buying add-ons for Angry Birds than anything else.
  • Require Password: I don’t usually change this option.
  • Accounts: I don’t allow changes on my daughters iPad.

IMG_0010

Note: You can also lock the volume level here, although I usually don’t with ours as it just causes problems/arguments and a general desire not to use headphones, which I have a general desire to be used when watching many of her shows.

Another Note: You can browse content that you’ve blocked but not purchase/download that content, so know that if you’re not going to put a passcode on devices, or hide them when children aren’t supposed to use them.

Once you’ve enabled all the restrictions you’d like, leave the Restrictions portion of the General app and then go back in, just to verify that the passcode you used earlier still works. Also note that the Accessibility options can be great for those with disabilities, but I usually don’t enable any of them otherwise.

Remove Your Stuff

Still in the Settings app, tap on Mail, Contacts , Calendars. Now this is painful as it basically means that no, the iPad isn’t really yours like you thought it was, but remove your mail accounts. Otherwise, the kids will send mail to the entire Mac Enterprise list like mine did a few years ago. Yup, it will happen and thousands of people will laugh at you (or in my case they’ll just laugh at you more than usual). Once removed the  Mail, Contacts, Calendars screen in the Settings app will just show you an option to “Add Account…” as seen here.

IMG_0093

Also don’t forget that Facebook, Twitter, Instagram and all the other awesome reasons you bought the thing can end up getting photobombed with pictures she took while sitting in the back seat, tinkering around with Photo Booth. I actually don’t mind these with random characters or pictures my daughter posts of her tinkering with the camera app, so I don’t bother removing them, it’s more email specifically and only because you never know who she’s gonna’ hit up there.

Netflix

Netflix is one of those funny places where children can spend hours, and while enamored with poster frames of interesting shows, kids can see things you might not want them to see. You can install an App and people can log into each profile and see a queue of shows, but also shows that they might be interested in. Profiles are not password protected, so users can select whichever profile they choose. But, it’s a start. I like to associate a different image with each user. To setup profiles, log into Netflix, hover the mouse over your name and then click on Manage Profiles. Here, create each desired profile and for any children who you want to try and limit, click Edit and then check the “This is a profile for kids under 12″ checkbox.

Screen Shot 2013-08-26 at 8.44.40 PM

Note: Profiles have a side benefit which is that you don’t see My Little Pony on your queue and your child doesn’t see Sacha Baron Cohen movies in their queue.

I also like to assign an image for each (click the red image in the lower right corner of the avatar for each user to select their own image. Make sure the whippersnapper knows which image they’re to use, and it will be awhile before they realize they can just switch profiles if something’s blocked and they want to watch it. It will be punishment enough logging into a profile that doesn’t have a bunch of cartoons on it (okay mine does) so they won’t want to use anyone elses profile.

Screen Shot 2013-08-28 at 9.49.03 PM

Once you’re done you’ll get a cute login prompt on the device, when you log into Netflix.

IMG_0001

Anyway, next is the hard part, move all the stuff you want to watch to your profile and leave the kid stuff in their profile (after all, I’m sure that like me they have more crap in their queue than you do!). I did this by having the iPad in my hand and a laptop. I looked at the list on the iPad to see what I wanted to add to my own queue (whoops, they call them lists now) and deleted things from the other profile with the iPad.

Next, we’ll perform one small change in the Settings for the Netflix app. Open the Settings app and scroll down in the sidebar until you see Netflix. Tap it and then turn the Wi-Fi Only option on.

IMG_0011

This keeps you from getting an insanely high bill when the kids decide to watch Netflix using your data plan.

Install a Browser

Next, let’s install a browser so they can use the web with a little filter on it. Using a different browser means a slightly different look and feel, but it means we can limit what they’re able to use. To get started, open the App Store on the iOS device. Then, tap K9 in the search bar and install.

IMG_0094

Once installed, try to browse a site you know to be just wrong for the kido from within the browser. Once you see the blocked page, you know you’re good.

IMG_0095

K9 is a browser that is provided free of charge (well, there’s an ad bar that you can in app purchase to get rid of for $2.99 but close to free!) from Blue Coat, a company that makes proxy servers that filter and track internet traffic. I’m a big fan of their products and if you happen to do IT in a school district or company it might not be a bad idea to check their stuff out as well!

Restrict Safari

Now, many kids won’t need a web browser, but since you can’t access YouTube without it, you’ll end up needing one eventually. Once you’ve installed a browser it’s time to disable access to Safari. By disabling Safari you limit accessing the web to the K9 browser. To do so, open the Settings app again and tap on Restrictions.

IMG_0096

From the Restrictions option in the Settings app, tap Off for Safari.

IMG_0097

Then just close Safari and the app will disappear from the home screen.

Disable the App Store

Once you’ve purchased the K9 browser and all the fun games and educational whatnot that your children should have, it’s time to disable the App Store so that no further apps can be installed, such as another browser to bypass the K9 browser previously installed. To do so, open Settings app, tap General and then tap on Restrictions.

IMG_0096

From Restrictions simply move the slider for Installing Apps to the Off position.

IMG_0097

Close the Settings app and the App Store icon will disappear from the home screen.

Enable Guided Access (aka Kiosk Mode)

Guided Access locks a user inside a single app. Only use this if you want to hand a kid an iPad that’s in an app and not let them close the app. If you use Guided Access you likely don’t need any of the other restrictions we mentioned in this article; however, every time the kid wants to switch apps you’re going to need to provide a pin code and then open another app and then enable Guided Access mode again, which could get pretty darn annoying after awhile.

Using Guided Access is a two part process. First, enable Guided Access, which does little except set a passcode. It’s never a bad thing to enable Guided Access although I’ve seen a kid set a passcode accidentally and the device had to get wiped to undo it. Oh, did I mention, you don’t want to forget that passcode? Once enabled, we’ll restrict access to the app we no longer want users to be able to leave. Once enabled, the app is locked open until the passcode is tapped.

To enable Guided Access, open the Settings app and tap on General. Scroll down until you see Accessibility.

IMG_0098

From the Accessibility screen, tap Guided Access.

IMG_0099

From the Guided Access screen, tap ON.

IMG_0100

Once enabled, you will invariably want to set a passcode (otherwise, why bother?). To do so, tap Set Passcode.

IMG_0101

When prompted, provide a passcode.

IMG_0102

For children I usually tap Enable Screen Sleep, which allows the device to go to sleep; however I don’t usually do so when setting these things up to actually be in a kiosk. Once you’re happy with the settings, close the app and Guided Access is working. Next, open an app and then triple-click the home button. A screen will open that allows you to Enable Guided Access, tap that from within the app you’d like to enable Guided Access for and viola, the app is locked open. Now, you can also disable certain parts of the screen and whether or not the app allows shaking the device, etc. But I find that can be a bit difficult so I don’t typically use that feature.

IMG_0105

Once you’re done with the app, to disable Guided Access, simply triple-click on the home button again, provide the passcode and tap Disable for Guided Access to close. Managing Guided Access is difficult and I find it best for toddlers or bigger kids that might be finding themselves not-to-be-trusted for a short period of time. I mentioned this earlier, but don’t forget the passcode you use to enable Guided Access or you might find yourself wiping the device by the time all is said and done.

Use Safe DNS Servers

You can use a service like OpenDNS.com to control what Internet addresses that a device can access. To do so, first go to https://store.opendns.com/familyshield and sign up for the free account (unless you want the bells and whistles with their paid accounts).

Screen Shot 2013-09-03 at 12.03.56 AM

Open the Settings app and then tap on Wi-Fi in the sidebar. From the Wi-Fi screen, enter 206.67.222.123 and 208.67.220.123 in the DNS field.

IMG_0109

Once you enter the DNS servers, close the Settings app. Then close and re-open your browser to delete the cache and open it again to see if the new settings are blocking the naughty sites.

Get a Case

Okay, so none of this is going to matter one little bit the next time the little devil decides to throw a temper tantrum. You know that shirt that says “I’m why mommy and daddy can’t have nice things” is way cheaper than an iPad, but still we let the little tykes play with the things. If we’re gonna’ do that, might as well get a good case for the thing. Otterbox makes good water and shock absorbent cases, as well as others.

Biggrips.jpeg

Backup

Just so you don’t have to re-download all the movies you’ve bought to keep the little Cheerio-eaters busy, configure these settings again, etc. you should make a backup of the device. I wrote that up a long time ago at http://www.krypted.com/?p=8319 but it’s worth noting that you want to encrypt these backups so everything is captured.

Find My iPad/iPhone

Find My iPhone allows you to track the whereabouts of your iPhone, iPad and iPod Touch. To enable, first turn on iCloud if you haven’t already. To do so, open The Settings app and tap on iCloud in the sidebar. Enter the Apple ID you use to buy software along with the Password and then tap Sign In.

IMG_0107

Once added, if you don’t want to sync mail, contacts, calendars, etc then flip their sliders from the ON to the OFF position. Set Find My iPad to On (or Find My iPhone if it’s not an iPad). Close the app and within a few shakes you’ll be able to track the whereabouts of devices.

IMG_0108

Once installed, install the Find My iPhone app and log into your iCloud account or use your iCloud account to log into the MobileMe site.

IMG_0012

When you install Find My iPhone from the App Store, you’ll use an iCloud account to view where the devices are. Mine aren’t really available in the following screen because I suck and wrote this on an airplane. But whatever… Either way, you can now chase down the bully that stole your darlings iPad and beat them with the folded up stroller, running over them four or five times in your Prius. Or maybe that’s just me. But you can’t do it on an airplane. Sorry.

Screen Shot 2013-09-02 at 11.47.16 PM

Get Advanced with Profiles

You can actually lock down a lot of what iOS can do. A lot more than what’s available in the GUI. To do so, you would use something known as a profile. These can control the options we discussed in much of this article. But they can also lock down options that you didn’t even know were available, such as disabling apps not otherwise removable and locking users out of certain features of devices.

Profiles are created manually and installed via USB or email using Apple Configurator, which I co-authored a book on, available here, or they can be deployed via an MDM solution, such as Apple’s Profile Manager or some really enterprise class ones such as Casper MDM. This is much more advanced than what I intended to write here, but I’ve written a lot about MDM over the years as have others, so feel free to dive into that if you deem it necessary.

Check On the Device Routinely

No matter what you do, the device can be reset back to factory defaults and set back up. You don’t have to worry about younger kids searching the Internet and finding how to do it (like here on Apple’s site). But with older kids, check out the device every now and then and just make sure your parental controls are still in place.

Do Something

This article is really meant to be an a la cartè listing of things you can do. If the kid is young enough, they’re not going to try to do anything on purpose but the older the child the more likely they will try to break out of the sandboxed environment you’ve created, if only because they see it as a challenge or simply because they can (kindof like when my daughter writes on the wall). But that isn’t to say that you shouldn’t try to do something. And what you do should be age appropriate with an eye on not letting them spend too much of your money on apps or too much of their time on the devices.

Don’t Do Too Much

But don’t do too much. Especially if the kids are older. If you do too much, then the kidos have a tendency to try and break the sandbox you build. Oddly, the less the restrictions the less they’ll try and break them. This isn’t so much an issue with the really young ones (think kindergarten and below) but as they get older it’s a bit more of a problem.

Also, keep in mind that the devices are meant to allow for a maximum level of creativity. The more you allow to happen on the device, the more creativity you may allow for. Whatever’s appropriate for the age and knowledge level of your little one!

Mac OS X Server

Exclusively Use a Given Interface for the Caching Service in Mountain Lion Server

The caching service in Mountain Lion Server (OS X Server 10.8) by default can use any interface installed on the system. I’ve now seen a couple instances where we have a Small Tree card and when a big update comes up, we loose file services speed due to caching data. To combat this, we can tell the Caching service to use the built-in Ethernet interface exclusively instead. To do so, first use ifconfig to determine which interface is which. Then tell the caching service which to use, using the serveradmin command, followed by settings and then the name of the setting, caching:Interface, setting the value to the en of the interface you’d like to use:

serveradmin settings caching:Interface = en1

I’ve had to restart the caching service to have this change take effect:

serveradmin stop caching
serveradmin start caching

Clients will then automatically use the correct interface.

iPhone

SimpleMDM Now With Apps

SimpleMDM has updated their Mobile Device Management solution (my original writeup is here) to now include the ability to manage apps. The apps functionality really comes in two flavors. The first is the ability to load up an app. This is handled handed by clicking on Settings in the right hand navigation bar and then at the Settings pop-over, clicking on Apps. Here, you can load up an internal, enterprise app or an App Store app.

Once you’ve loaded an app you can deploy it to devices by clicking on a group and then using the contextual menu to “Assign Apps.” Simple, as the name implies.

The second aspect of SimpleMDM is to white and blacklist apps. Doing so is done by clicking on the contextual menu and then clicking on Rules. Here, you can Allow or Disallow any app that has been loaded into the app catalog.

 

Mac OS X Mac OS X Server Mac Security Mass Deployment

Setting Up File Services in OS X 10.8 Mountain Lion Server

File Services are perhaps the most important aspect of any server because file servers are often the first server an organization purchases. There are a number of protocols built into OS X Mountain Lion Server dedicated to serving files, including AFP, SMB and WebDAV. These services, combined comprise the File Sharing service in OS X Mountain Lion Server.

File servers have shares. In OS X Mountain Lion Server we refer to these as Share Points. By default:

  • File Sharing has some built-in Share Points that not all environments will require.
  • Each of these shares is also served by AFP and SMB, something else you might not want (many purely Mac environments might not even need SMB). Or if you have iOS devices, you may only require WebDAV sharing.
  • Each share has permissions that Apple provides which will work for some but not all.

In short, the default configuration probably isn’t going to work for everyone. Therefore, before we do anything else, let’s edit the shares to make them secure. The first step is to create all of your users and groups (or at least the ones that will get permissions to the shares). This is done in Server app using the Users and Groups entries in the List Pane. Once users and groups are created, open the Server app and then click on the File Sharing service in the SERVICES list in the List Pane. Here, you will see a list of the shares on the server.

In our example configuration we’re going to disable the Groups share. To do so, click on Groups one time and then click on the minus button on the screen.

As mentioned, shares can be shared out using different protocols. Next, we’re going to disable SMB for Public. To do so, double-click on Public and then uncheck the SMB protocol checkbox for the share.

When you’ve disabled SMB, click on the Done button to save the changes to the server. Next, we’re going to create a new share for iPads to be able to put their work, above and beyond the WebDAV instance automatically used by the Wiki service. To create the share, first we’re going to create a directory for the share to live in on the computer, in this case in the /Shared Items/iPads directory. Then from the File Sharing pane in Server app, click on the plus sign (“+”).

At the browse dialog, browse to the location of your iPad directory and then click on the Choose button.

At the File Sharing pane, double-click on the new iPads share.

At the screen for the iPads share, feel free to edit the name of the share (how it appears to users) as it by default uses the name of the directory for the name of the share. Then, it’s time to configure who has access to what on the share. Here, use the plus sign (“+”) in the Access section of the pane to add groups that should be able to have permission to access the share. Also, change the groups in the list that should have access by double-clicking on the name of the group and providing a new group name or clicking on the plus sign to add a user or group.

The permissions available in this screen for users that are added are Read & Write, Read Only/Read and Write. POSIX permissions (the bottom three entries) also have the option for No Access, but ACLs (the top entries comprise an Access Control List) don’t need such an option as if there is no ACE (Access Control Entry) for the object then No Access is assumed.

If more granular permissions are required then click on the name of the server in the Server app (the top item in the List Pane) and click on the Storage tab. Here, browse to the directory and click on Edit Permissions.

As can be seen, there are a number of other options that more granularly allow you to control permissions to files and directories in this view.

Once you have provided all of the appropriate users access to the share, go back to the settings for the share and scroll to the bottom of the screen.

Here, you have the option to set which protocols the share is accessible through (AFP, SMB & WebDAV) as well as make the share accessible to guests (only do this if the share should be publicly accessible) and make the share an option for home folders. Click Done once you’ve configured the share appropriately.

Once a share has been made an option for home folders it appears in both Workgroup Manager and the Server app as an available Home Folder location for users in that directory service.

Once you have created all the appropriate shares, deleted all the shares you no longer need and configured the appropriate permissions for the share, click on the ON button to start the File Sharing service.

The File Sharing service can also be controlled from the command line. Mac OS X Server provides the sharing command. You can create, delete and augment information for share points using sharing.

To create a share point for AFP you can use the following command:

sharing -a -A

So let’s say you have a directory at /Shares/Public and you want to create a share point called PUBLIC. You can use the following command:

sharing -a /Shares/Public -A PUBLIC

Now, the -a here will create the share for AFP but what if you want to create a share for other protocols? Well, -F does FTP and -S does SMB. Once created you can disable the share using the following command:

sharing -r PUBLIC

To then get a listing of shares you can use the following command:

sharing -l

You can use the sharing command to enable FTP for various share points. To do so, enable FTP using the Server app and then use the instructions at this site to manage FTP on shares: http://krypted.com/mac-os-x/ftp-on-lion-server.

You can also use the serveradmin command to manage file shares as well as the sharing service. To see settings for file shares, use the serveradmin command along with the settings option and then define the sharing service:

sudo serveradmin settings sharing

To see settings for the services use the serveradmin command with the settings option followed by the services: afp and smb:

sudo serveradmin settings afp

To see a run-down of some of the options for afp, see this article I did previously. Additionally, for a run-down of smb options, see this one.

Mac OS X Mac OS X Server Mac Security Mass Deployment

Setting Up The Messages Service In Mountain Lion Server

iChat Server was sooooo easy to configure. iChat Server is now Messages Server. Both use the open source jabber project as their back-end code base. Lucky us, all Apple did in the latest iteration is change the name of the service in the Server app, leaving the command line effectively untouched. The paths to things serverish have changed. The jabberd binary is now at /Applications/Server.app/Contents/ServerRoot/private/var/jabberd and the autobuddy binary is at /Applications/Server.app/Contents/ServerRoot/usr/bin/jabber_autobuddy. Given the importance of having multiple binaries that do the same thing, another jabberd binary is also stored at /Applications/Server.app/Contents/ServerRoot/usr/libexec/jabberd. Note that the man page says it’s in /etc. But I digress.

Setting up the Messages service is simple. Open the Server app and click on Messages in the Server app sidebar.

“I brought you some supper but if you’d prefer a lecture, I’ve a few very catchy ones prepped…sin and hellfire… one has man page lepers.”

Once open, click on the checkbox for “Enable server-to-server federation” if you have multiple iChat, er, I mean, Messages servers and then click on the checkbox for “Archive all chat messages” if you’d like transcripts of all Messages sessions that route through the server to be saved on the server. You should use an SSL certificate with the Messages service. If enabling federation so you can have multiple Messages servers, you have to. Before enabling the service, click on the name of the server in the sidebar of Server app and then click on the Settings tab. From here, click on Edit for the SSL Certificate (which should be plural btw) entry to bring up a screen to select SSL Certificates.

“Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious.”

At the SSL Certificates screen (here it’s plural!), select the certificate the Messages service should use from the available list supplied beside that entry and click on the OK button. If you need to setup federation, click back on the Messages service in the sidebar of Server app and then click on the Edit button. Then, click on the checkbox for Require server-to-server federation (making sure each server has the other’s SSL certificate installed) and then choose whether to allow any server to federate with yours or to restrict which servers are allowed. I have always restricted unless I was specifically setting up a server I wanted to be public (like public as in everyone in the world can federate to it, including the gorram reavers that want to wear your skin).

“And I think calling him that is an insult to the psychotic lowlife community.”

To restrict the service, then provide a list of each server address capable of communicating with your server. Once all the servers are entered, click the OK button.

Obviously, if you only have one server, you can skip that. Once the settings are as you wish them to be, click on the ON/OFF switch to light up the service. To see the status of the service, once started, use the fullstatus option with serveradmin followed by the jabber indicator:

sudo serveradmin fullstatus jabber

The output includes whether the service is running, the location of jabber log files, the name of the server as well as the time the service was started, as can be seen here:

jabber:state = "RUNNING"
jabber:roomsState = "RUNNING"
jabber:logPaths:PROXY_LOG = "/private/var/jabberd/log/proxy65.log"
jabber:logPaths:MUC_STD_LOG = "/var/log/system.log"
jabber:logPaths:JABBER_LOG = "/var/log/system.log"
jabber:proxyState = "RUNNING"
jabber:currentConnections = "32"
jabber:currentConnectionsPort1 = "32"
jabber:currentConnectionsPort2 = "0"
jabber:pluginVersion = "10.8.177"
jabber:servicePortsAreRestricted = "NO"
jabber:servicePortsRestrictionInfo = _empty_array
jabber:hostsCommaDelimitedString = "kaylee.pretendco.com"
jabber:hosts:_array_index:0 = "kaylee.pretendco.com"
jabber:setStateVersion = 1
jabber:startedTime = "2012-08-02 02:53:26 +0000"
jabber:readWriteSettingsVersion = 1

There are also a few settings not available in the Server app. One of these that can be important is the port used to communicate between the Messages client and the Messages service on the server. For example, to customize this to 8080, use serveradmin followed by settings and then jabber:jabberdClientPortSSL = 8080, as follows:

sudo serveradmin settings jabber:jabberdClientPortSSL = 8080

To change the location of the saved Messages transcripts (here, we’ll set it to /Volumes/Pegasus/Book:

sudo serveradmin settings jabber:savedChatsLocation = "/Volumes/Pegasus/Book"

To see a full listing of the options, just run settings with the jabber service:

sudo serveradmin settings jabber

The output lists each setting configurable

jabber:s2sRestrictDomains = no
jabber:authLevel = "STANDARD"
jabber:savedChatsLocation = "/Library/Server/Messages/Data/message_archives"
jabber:sslKeyFile = ""
jabber:enableXMPP = yes
jabber:initialized = yes
jabber:jabberdClientPortSSL = 5223
jabber:sslCAFile = ""
jabber:requireSecureS2S = no
jabber:savedChatsArchiveInterval = 7
jabber:hostsCommaDelimitedString = "zoe.pretendco.com"
jabber:jabberdDatabasePath = "/Library/Server/Messages/Data/sqlite/jabberd2.db"
jabber:jabberdS2SPort = 5269
jabber:hosts:_array_index:0 = "zoe.pretendco.com"
jabber:jabberdClientPortTLS = 5222
jabber:enableSavedChats = no

To stop the service:

sudo serveradmin stop jabber

And to start it back up:

sudo serveradmin start jabber

It’s also worth noting something that’s completely missing in this whole thing: Apple Push Notifications… Why is that important? Well, you use the Messages application to communicate not only with Mac OS X and other jabber clients, but you can also use Messages to send text messages. Given that there’s nothing in the server that has anything to do with texts, push or anything of the sort, it’s worth noting that these messages don’t route through the server and therefore still require an iCloud account. Not a huge deal, but worth mentioning that Messages server doesn’t have the same updates built into the Messages app. Because messages don’t traverse the server, there’s no transcripts.

“This is what I do, darlin’. This is what I do.”

iPhone

iPhone 4: Where is My FaceTime?

I am almost embarrassed how long this took me to figure out. FaceTime was missing on my iPhone 4. Apparently, if you upgrade from 3 to 4 it doesn’t automatically show up. Instead you need to go to Settings and then tap on the Phone settings. Right there, staring back at you is a screen that says FaceTime and it gives you the ability to turn it ON or OFF.

Tap ON and it should reappear in your apps (required me to reboot to show up).

Mac OS X Server

When Zones Just Won't Die

At times, you may find that information gets stuck in Server Admin and can’t be removed. For example, you see a Zone in Server Admin, and it doesn’t have a Name Server record attached to it. You can’t delete it but every time you add a Name Server it just disappears. This is often caused when you remove or change something and it gets dumped from the zone files in /var/named but not from the BIND view. Running serveradmin will show the data but as it’s serialized it can’t be removed:

serveradmin settings dns

Without a Name Server record, the zone is unresponsive to queries. Removing the zone can delete the zone file from /var/named/zones but doesn’t delete it from Server Admin. To go ahead and get rid of the bad records, open the /etc/dns/publicView.conf.apple file with your favorite text editor. Here, each zone in OS X Server has a corresponding block, such as:

*+zone "1.168.192.in-addr.arpa." {+*
*+type master;+*
*+file "db.1.168.192.in-addr.arpa.";+*
*+allow-transfer {none;};+*
*+allow-update {none;};+*
};

Locate the offending block for the jacked up and remove or comment it out. Don’t delet this block though:

+zone "." {+
+type hint;+
+file "named.ca";+
};

+zone "localhost" IN {+
+type master;+
+file "localhost.zone";+
+allow-update { none; };+
};

+zone "0.0.127.in-addr.arpa" IN {+
+type master;+
+file "named.local";+
+allow-update { none; };+
};

That block should stay in place. The Server Admin generated blocks should be towards the top and the above block that shouldn’t be removed should be at the bottom.

Mac OS X Windows XP

Firefox Settings

From Firefox, type about:config in the address bar and hit the enter key.  You should then be looking at some settings for Firefox.  You can double-click on any of these and provide more granular settings that what is possible from the stock settings preference panel.  Have fun assigning the network.proxy.gopher_port for Firefox, I hear it comes in really handy.  ;)