As of OS X 10.9 (and in many cases more importantly in OS X Server for 10.9 and higher), OS X now performs ARP cache validation when trying to pass traffic over a router. If you are double NAT’d/use redundant gateways then the traffic can be interpreted as network redirection and cause some pretty bad packet loss/latency. You can disable this feature by turning off net.link.ether.net.arp_unicast_lim using sysctl: sysctl -w net.link.ether.inet.arp_unicast_lim=0 That will only disable unicast arp validation until the next reboot. If it fixes a latency problem you’re having then you can go ahead and make it permanent by adding the following line into /etc/sysctl.conf: net.link.ether.inet.arp_unicast_lim=0 If you’re still…
-
-
Licensing The Xcode Command Line Tools
Tools that leverage the Xcode Command Line Tools might have a problem if you install the tools without agreeing to the license. Here, you can see IntelliJ complaining about just that: To agree to the license agreement, you can use xcrun along with the cc verb: sudo xcrun cc This is an interactive command line environment so in order to script it you’d need to use expect to feed in the correct parameters.
- Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Network Infrastructure, sites, Ubuntu, Unix
Manage Apex Domains In OS X
OS X Server supports running a traditional bind implementation of DNS. You can define a record for most any name, including google.com, www.google.com, www.www.google.com, etc. You can use this to redirect subdomains. In this example, we’ll create an A Record to point www.google.com to 127.0.0.1 without breaking other google.com subdomains. To get started, let’s use the DNS service in the Server app to create test.www.google.com. The reason for this is that OS X will then create a zone file for www.google.com. If we created www.google.com instead, then OS X would automatically create google.com, which would break the other subdomains. To do so, open Server app and click on the DNS Service. Then…
-
Manage Profiles From The Command Line In OS X 10.9
You can export profiles from Apple Configurator or Profile Manager (or some of the 3rd party MDM tools). You can then install profiles by just opening them and installing. Once profiles are installed on a Mac, mdmclient, a binary located in /usr/libexec will process changes such as wiping a system that has been FileVaulted (note you need to FileVault if you want to wipe an OS X Lion client computer). /System/Library/LaunchDaemons and /System/Library/LaunchAgents has a mdmclient daemon and agent respectively that start it up automatically. To script profile deployment, administrators can add and remove configuration profiles using the new /usr/bin/profiles command. To see all profiles, aggregated, use the profiles command…
-
Clear ASL Logs Following Upgrades
I’ve had a couple of servers that after upgrading to 10.9 I’ve noticed were pretty slow to open up Terminal. To fix, I just cleared the ASL logs. To do so, just rm the contents of /var/log/asl. Here, I back them up first: cp -r /var/log/asl/ /Users/krypted/Desktop/asl/ rm -f /var/log/asl/*.asl If you end up not needing them you can just delete the asl directory from your Desktop.
-
Debugging and Deploying iBooks
Just got to do my first troubleshooting for the iBooks app in OS X. Wasn’t a ton of info, so went digging for the debug menu that has become a staple of so many Apple apps. And it turns out that it was there. Looking at the plist for iBooksX prefs: defaults read com.apple.iBooksX This shows that we can go ahead and deploy a key to suppress the welcome screen (nice little deployment note made there) and a few other things. But what I was looking for is that BKShowDebugMenu key { BKAlreadyDisplayedWelcomeExperience = 1; "BKBookshelfCategoryManager~012384" = 1; BKBookshelfViewControllerFilterAction = 5; BKBookshelfViewControllerSortAction = 1; BKShowDebugMenu = 0; BKSimulateCrashDuringMigration = 0;…
-
View Power Consuming Apps In Mavericks
Mavericks allows you to look at power hungry apps, so you can keep track of what’s draining your batter. To do so, click no the battery icon in the menu bar and then look in the Apps Using Significant Energy section. If you’re concerned about an aggregate of apps using too much energy, hold down the option key when you click on the icon. When you do so, the Condition will be listed; hopefully as Normal.
-
Mavericks & Show Hidden Files
I noticed this because part of my postflight imaging task for my lab systems is to show all files, but in Mavericks, the com.apple.finder defaults domain is case sensitive. So if you have com.apple.Finder you’ll need to edit it in such a workflow. So, for example, if you need to see hidden files, use the following commands: defaults write com.apple.finder AppleShowAllFiles -boolean true killall Finder The problem with seeing hidden files is that you see a lot of stuff that you really probably don’t want to see. So to get back to a state where you don’t have to see all of the invisible files, use the following commands: defaults…
-
OS X 10.9 Mavericks Makes fdesetup A Bit More Useful
Previously I’ve written a little here and there about using FileVault and more specifically scripting things around Filevault. The fdesetup command that enables FileVault for OS X clients from the command line got a few new options in OS X 10.9 Mavericks. We’ve always been able to enable FileVault using scripts thanks to fdesetup but now Apple’s taken some of the difficulty out of configuring recovery keys. This comes in the form of the changerecovery, haspersonalrecoverykey, hasinstitutionalkey, usingrecoverykey and validate recovery options. These options all revolve around one idea: make it easier to deploy centrally managed keys that can be used to unlock encrypted volumes in the event that such an…
-
No More Blessing Folder9 In OS X 10.9 Mavericks
In OS X you’ve always had this weird shroud of the “Classic” environment. This type of environment was used to facilitate running things in the previous incarnation of Apple’s operating systems. Many of these have disappeared over the years. In Mavericks we see yet another go away in a very small an almost noticeable binary, bless. While this command conjures fears of getting excommunicated by a Borgia for many, for those of us in the Apple community, the bless command is used to define a folder to mount to boot to. In 10.8 and below, there was an option to bless –folder9, used to define a OS 9/Classic system folder.…