!"Always Up" Email for your domain\nNever loose an email message sent to your users again. \nstarting at $75/year\n\n!"Always Up" DNS for your zone\nstarting at $50/yr
!Overview\nMac OS X Server requires fully qualified domain names with both forward and reverse DNS entries. \n\nUnder Mac OS X Server 10.4.6 or later servermgr and changeip now have improved server hostname discovery and error reporting.\n\n!Errors Messages\nIf the system is not properly configured you will probably see one of the following errors logged to /var/log/system.log when the configured hostname and DNS do not match, warning you that things will not work correctly until fixed. Hostname checks occur periodically, so you'll be reminded until the problems are resolved.\n{{{\nApr 14 22:05:45 myhostname servermgrd: servermgr_dns: no name available via DNS for\nApr 14 22:05:45 myhostname servermgrd: servermgr_dns: no hostname set and unable to detect via DNS, services may not function properly\n}}}\nThe above indicates no hostname was configured //and// it can't be automatically set through DNS since there' isn't proper DNS for this host. \n\n{{{\nApr 14 23:05:45 myhostname servermgrd: servermgr_dns: no name available via DNS for\nApr 14 23:05:45 myhostname servermgrd: servermgr_dns: no reverse DNS entry for server, various services may not function properly\n}}}\nThe above indicates that there's no proper reverse DNS for the IP address of the host. This must be fixed by adding PTR records for the IP address on the DNS server authoratative for the address. IN some cases this may not be possible if you don't really "own" your IP address. In which case you should instead be NATed and then have the PTR configured for the NAT'ed IP address. \n\n{{{\nApr 14 22:05:45 myhostname servermgrd: servermgr_dns: no name available via DNS for\nApr 14 22:05:45 myhostname servermgrd: servermgr_dns: configured name and reverse DNS name do not match (myhostname.domain.top != otherhostname.domain.top), various services may not function properly - use changeip to repair and/or correct DNS\n}}}\nIn the above the hostname configured doesn't match the reverse DNS PTR record assigned to the IP address being used. As it suggest this is either a case of the hostname being configured wrong or the PTR being wrong. Fix whichever is the case. Unfortunately, here again you may find that you don't really "own" your IP address and can't fix the PTR. In which case you're not really the hostname you are claiming to be and should use the value returned by {{{dig -x <ip-address>}}} since that's who you really are. \n\n!Discussion\nThe hostname is automatically stored to the System Configuration (scutil) the first time it is detected via a DNS reverse lookup. Apple recommends that you should not modify the configuration file /etc/hostconfig, meaning you should leave hostname set as "-AUTOMATIC-". (Suggesting any specified value could be overridden.)\n\nAdditionally some "experts" have advised to use scutil to set the hostname. This is ill-advised since these changes will not survive a reboot since they are not save to the system configuration databases. Instead, fix this with changeip which will save the information properly. \n\n!Tools\nYou can verify configuration settings using some of the following tools. \n\n\nYou can check the current value of hostname using the {{{hostname}}} command and you can check the value currently (dynamically) stored in the System Configuration with {{{scutil --get HostName}}}.\n\nYou can check ServerMgr's mappings with changeip\n{{{\n# changeip -checkhostname\n\nPrimary address =\n\nCurrent HostName = myhostname.domain.top\n\nThe DNS hostname is not available, please repair DNS and re-run this tool.\n}}}\nIn the above we see that the DNS hostname is not available via DNS as a reverse lookup. This can result in one of the first two syslog messages shown above. \n\nIf the issue is simply a matter of the hostname not being configured properly this can be fixed by running changeip as follows:\n{{{\n# changeip /LDAPv3/ myhostname.domain.top myhostname.domain.top\n}}}\nIf changeip generates a warning such as\n{{{\nDNS does not have a valid name for IP address\nIf DNS is not repaired, errors will be logged and services may not function\nproperly.\n}}}\nThen DNS is not properly configured, as it indicates. \n\nExamining this further we can see that the reported situation is true, that there's no reverse DNS for this IP address:\n{{{\n# dig -x\n\n; <<>> DiG 9.2.2 <<>> -x\n;; global options: printcmd\n;; Got answer:\n;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61395\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0\n\n;; QUESTION SECTION:\n; IN PTR\n\n;; Query time: 20 msec\n;; SERVER:\n;; WHEN: Mon Aug 14 22:48:57 2006\n;; MSG SIZE rcvd: 43\n}}}\nIndicating that there's no proper PTR record in DNS for this IP address. Simialrly if it returns a value different from your hostname then that will result in the third of the syslog messages listed above. \n\n\nSee:\nhttp://docs.info.apple.com/article.html?artnum=303697\nhttp://docs.info.apple.com/article.html?artnum=303495\n
The iWiringWiki has been upgraded to TiddlyWiki 2.1.2
![>img[http://iwiring.net/DeathOnMyDoorstep.jpg]]Happy Halloween!
"AMD says 85 percent of PC users run six applications at once: antivirus, e-mail, firewall, spam protection, a pop-up blocker and spyware."\nhttp://www.macworld.com/news/2006/05/17/turion/index.php\n\nThis should come as no real suprise. Most PC users run few concurrent applications but do have a very strong need for add-on protection. Windows requires these add on "applications" to make up for lack of protection in the underlying OS. It's a mater of being continually re-active rather than being pro-active.
Software roots: \n\n| qmail |{{{/var/qmail/bin}}} |\n| mailman |{{{/usr/lib/mailman/bin}}} |\n| plesk | {{{/usr/local/psa}}} |\n\nLikewise hosting accounts are located a bit differently than standard Linux:\n\n| user accounts | {{{/home/httpd/vhosts}}} |\n| ftp | {{{/home/ftp}}} |
A description of implementing snapshots using shadow files and disk images:\n\nhttp://www.afp548.com/article.php?story=20060303070213402
|<<tag Services>> <<tag TechNotes>> <<tag Diagrams>> <<tag Papers>> <<tag Commentary>> <<tag Code>> <<tag HowTo>> <<tag MacOSXFAQ>> <<tag LinuxFAQ>> |\n
----\n\n''iWiring'' is a Systems and Networks Service and Support organization providing operations worldwide with over twenty-five years of experience. We support systems and networks based on [[Mac OS X| http://www.apple.com/server/macosx/]], Unix, Linux, and Solaris, [[OpenVMS| http://h71000.www7.hp.com/]] operating systems, and Open Source application technologies at affordable rates.\n\n|[img[http://iwiring.net/splash.jpg]]|''Photo:'' Seymour Cray uses a modern computer featuring Teletype, console for interaction with the system, and paper tape reader. Behind the console desk, four tape drives provide data storage for input and out, and the CPU to its right. When Seymour Cray was told that Apple Computer had just bought a Cray to help design the next Apple Macintosh, Cray commented that he had just bought a Macintosh to design the next Cray. "If you were plowing a field, which would you rather use: Two strong oxen or 1024 chickens?" Ironically Seymour Cray died in a car accident, in a vehicle designed using a Cray computer.|\n\nThe information technology within your organization faces many challenges today. Perhaps the biggest is finding and retaining the highly skilled, qualified and experienced staff necessary to manage your systems and networks. Running lean, junior staff, or staff "wearing a second hat" are common problems. Many organizations we visit are manned with only 75%-80% of the engineering resources they require to mange the systems and networks they're expected to support. And for those engineers on your staff, endless meetings, "crises of the day", and other duties can reduce their effectiveness or lead to the "revolving door" syndrome of high personnel turn over rates. Most sites just don't have the senior, experienced staff from which Junior staff can turn to to learn and improve the skills they require. Others sites are "running on empty" and don't have even have a dedicated IT staff at all within their organizations.There is a need for a cost effective, flexible, and dependable 24x7 systems and networks support matrix for Systems and Networking for your organization. iWiring can augment your staffing requirements in a "budget friendly" manner that can help control your costs while providing the experienced personnel necessary to successfully manage your systems and network technology and act as "force multiplier" for your existing staff. \n\nHigh Availability, Distributed Systems, RAID, Clusters, Farms and Grids, Production Systems and Networks -- we've pioneered them all and now you can benefit directly from our extensive experience in these and other areas.\n\n\n
This web page is a [[TiddlyWiki|http://www.tiddlywiki.com]], a more or less self-contained, client-side Wiki that makes use of JavaScript and CSS to do all the mojo. You can save the source of this page to your local system and have a complete copy of it all at your disposal and also be able to add to it and modify it locally.
Install this:\n{{{\nhttp://xiph.org/quicktime/download.html\n}}}\nand this:\n{{{\nhttp://people.xiph.org/~arek/flac_import/\n}}}\nThe first adds the codecs to QuickTime, and even some support for the Ogg container format. Raw FLAC files use a Xiph codec, but apparently do not use the Ogg container format.\n\nFrom the second, the "flac_import" bit is supposedly the piece needed to get the QuickTime framework to deal with the raw file format. Installing that made the "Quick Time Player 7" program open the .flac file and play it back correctly.\n\nThe "set-OggS" part modifies the filesystem metadata of a file to make iTunes aware that it can import it into its library. Once you've done this, you can drag the resulting .flac file into iTunes.\n\nCredit for the above to Doug DeJulio.
A preference property of Login Window. \n\nSee the article for [[Changing the displayed field in Login Window]]
Adobe does not support opening/saving/accessing files in it's applications (such as Photoshop) for files stored on a network file server. Adobe only supports files stored on a local disk. \n\nSee: http://www.adobe.com/support/techdocs/332534.html for further details.
<<option chkGenerateAnRssFeed>> GenerateAnRssFeed\n<<option chkOpenInNewWindow>> OpenLinksInNewWindow\n<<option chkSaveEmptyTemplate>> SaveEmptyTemplate\n<<option chkToggleLinks>> Clicking on links to tiddlers that are already open causes them to close\n^^(override with Control or other modifier key)^^\n<<option chkHttpReadOnly>> HideEditingFeatures when viewed over HTTP\n<<option chkForceMinorUpdate>> Treat edits as MinorChanges by preserving date and time\n^^(override with Shift key when clicking 'done' or by pressing Ctrl-Shift-Enter^^\n<<option chkConfirmDelete>> ConfirmBeforeDeleting\nMaximum number of lines in a tiddler edit box: <<option txtMaxEditRows>>\nFolder name for backup files: <<option txtBackupFolder>>\n
"Complexity increases the possibility of failure; a twin-engine airplane has twice as many engine problems as a single-engine airplane." \n\nBy analogy, in both software and electronics, the rule that simplicity increases robustness (the KISS Principle). It is correspondingly argued that the right way to build reliable systems is to put all your eggs in one basket, after making sure that you've built a really ''good'' basket.
Total, managed DNS for your zone. Period. We can handle all aspects of your organization's DNS requirements. \n\nStarting at just $99/year\n\n!Zone Hosting\nWe can provide total, managed support with DNS hosting at geographically diverse nameservers for "aways up" DNS services for your zone. This can include split horizons and views to provide separate DNS answers for internal network needs. We can even manage and configure your own local master DNS nameserver(s).\n- Full maintainence your Intranet DNS\n- Full maintainence your Internet DNS\n- Views for NAT support\n- "Always Up" DNS\n\n!Local DNS\nOn LAN managed servers\nVPN and LAN users can see private view of DNS data for internal servers\n"Always Up" DNS for your users, everywhere\n
''Apple Training Series: Mac OS X v10.4 System Administration Reference, Volume 2''\nBy David Pugh, Schoun Regan.\nPublished by Peachpit Press.\nList Price: $54.99\n\nhttp://www.peachpit.com/bookstore/product.asp?isbn=0321423151&rl=1\n\nFocusing specifically on Account Management and Deploying Mac OS X Server, this comprehensive reference provides in-depth information on Mac OS X Server's technical architecture. System administrators, IT professionals, and Mac enthusiasts will learn the details of how to deploy Mac OS X Server within a multiplatform, heterogeneous environment, and how to manage Mac OS X Server accounts. This is the second of two volumes certified by Apple Computer. Following the learning objectives of the Apple Certified System Administrator exam, this book is a perfect supplement to Apple's own training class and an in-depth technical reference for existing system administrators and engineers.
<html><iframe width="100%" src="http://docs.info.apple.com/article.html?artnum=304106"></html>
Don't take my word for it.\n\nhttp://www.oreillynet.com/pub/wlg/7606\nhttp://aroundcny.com/Technofile/texts/mac020304.html\nhttp://www.nytimes.com/2003/09/18/technology/circuits/18POGUE-EMAIL.html?ex=1146628800&en=aa7d82412a689307&ei=5070
<<tabs txtFavourite\nMain Main [[About iWiring]]\nServcies "About Our Services" [[Services]]\nTechNotes "Technical Notes and Articles" TechNotesMenuTab\nDiagrams "System and Network Diagrams and Discussions" DiagramsMenuTab\nPapers "Papers and Presentations" Papers\nCommentary "Commentary, Rants and Rambles" CommentaryMenuTab\nCode Code CodeMenuTab\nHowTo HowTo HowToMenuTab\n"Mac OSX FAQ" "Mac OSX FAQ" MacOSXFAQMenuTab\n"Linux FAQ" "Linux FAQ" LinuxFAQMenuTab\nCoolTech CoolTech CoolTechMenuTab\n>>\n
By default an OS X system only mounts "ejectable" hard disks, like CDs, Firewire and USB dirves when a user logs in interactively on the console. They aren't normally available to the system after boot or to users that connect using ssh. This behavior may be modified by changing the following setting:\n{{{\ndefaults write /Library/Preferences/SystemConfiguration/autodiskmount AutomountDisksWithoutUserLogin -bool true\n}}}\n
iWiring offers engineering expertise in defining, planning and implementing backup solutions that will meet your critical data and business preservation needs. We can implement Backup solutions for organizations of all sizes including complete Enterprise Backup Systems and turnkey systems. \n\nUnsure about Disk to Disk backups vs Disk to Tape soultions? Interested in Disk Staging? What about remote offsite solutions? iWiring can help you sort through the possibilities an find the right fit for any size organization. \n\nWe'll assist you in developing an comprehensive Backup Policy with your management staff that fits your organizations needs in terms of archiving requirements, regulatory compliance, retention and restoration times. Using that Backup Policy we'll work to develop an effective Backup Strategy that meets those goals and then develop a Backup Implementation and solutions that accomplishes those strategic objectives. \n\nFor Mac OS X we offer D2D and off-site backup solutions starting at $295.
<<tiddler [[What Should a Good Backup Policy Address?]]>>
//Note: some information from this entry comes from O'Reilly's "Backup & Recovery". It's a great book that is strongly recommended.//\n\nJunior IT folk often confuse the concepts of backups and archives as well as the functions of replication and RAID when discussing data protection. While all of these are closely related and cover concepts of storing data their goals and the way they handle the concepts occur it in quite different ways. \n\n!Backup vs Archives\n\nBackups are a process of making duplicate copies of data to another location or medium for potential recovery if case of loss or damage. \n\nArchives are historical records or files which are accumulated and kept for preservation. Archives are often unique, in that only a single copy of the reords or files exist. \n\nArchiving is the process of moving data to another location, often near-line or long term storage, for historical preservation. \n\nThat is to say I make a backup copy of my birth certificate, will, passport or auto proof of insurance policy and store them in a fire proof box or safety deposit box while keeping the originals for use. If they are lost or damaged I have a copy of them from which I can recover. When my auto insurance policy is renewed I no longer need to keep it in my files but want to keep it in case their are questions about my past policy coverage. So I remove it from my file cabinet and put it in a storage locker. This latter process is archiving. I might also archive my past bank statements, canceled checks, or other records. \n\nSpecifically Backups are secondary copies of primary data. \n\nArchives are primary copies of secondary data. \n\nYou might archive to clean up space on your primary storage drives. Archives might go to tapes, optical media or worms. \n\nBackups recover data that was damaged, deleted, or corrupted. Archives retrieve data from secondary storage. Archives retrieve data in a manner other than that in which it was stored.\n\nBackups are stored only long enough to cover the usage pattern of the data. Archives can be stored for many years or decades.\n\n!Replication\n\nReplication is a method of duplicating existing data. Replication has a huge inherint problem. If the data being replicated was damaged or lost the replica will also reflect this damage or loss. Hence replication is neither a backup nor is it an archive. \n\n!RAID\n\nRAID is a method of redundantly or rapidly storing data across multiple, often lower cost, disk devices. Like replication, it does not backup nor archive your data. It merely improves accessibility of the existing data. While RAID levels greater than 0 (which merely stores the data across mutliple devices for performance improvements) store the data redundantly files lost or damaged on RAID are lost or damaged. This improves the ability to access the data when devices fail but can't protect the underlying data itself
This [[Basic Internet Firewall and DMZ architetcure|http://iwiring.net/networkarchitectures/basic_firewall_network_architecture_v101.pdf]] demonstrates how a firewall can be deployed to implement a protected network along with a DMZ network and bastion host.
<<<\n//"Questions are a burden to others.\nAnswers a prison to oneself." //\n- Notice on the wall in //The Prisoner//\n<<<\n\nBefore asking questions you should first do a bit of research yourself. \n\nHave you read the documentation or man pages?\n\nSearch for your issue online. Google is indespensible. Try typing the error message or other relevant content into Google and search. Likely someone's asked your question before online somewhere and by simply feeding the right information into Google you're likely to find that question already answered. \n\nIf that fails to find an answer then check the [[Canonical Resources]] for specific information. \n\nIf you must ask questions then please learn how to ask them effectively by reading [[How To Ask Questions the Smart Way|http://www.catb.org/~esr/faqs/smart-questions.html]] as well as the guidelines in the document [[How to Report Bugs Effectively|http://www.chiark.greenend.org.uk/~sgtatham/bugs.html]] which, while geared towards bug reporting, is still applicable to asking questions in general. \n\nWhen presenting information in questions it's important to stay directly on the topic, provide as many details as possible, include what you've already tried. Accurately describe what doctors refer to as the "signs and symptoms" of the problem. \n
/***\n|Name|BetterTimelineMacro|\n|Created by|SaqImtiaz|\n|Location|http://lewcid.googlepages.com/lewcid.html#BetterTimelineMacro|\n|Version|0.5 beta|\n|Requires|~TW2.x|\n!!!Description:\nA replacement for the core timeline macro that offers more features:\n*list tiddlers with only specfic tag\n*exclude tiddlers with a particular tag\n*limit entries to any number of days, for example one week\n*specify a start date for the timeline, only tiddlers after that date will be listed.\n\n!!!Installation:\nCopy the contents of this tiddler to your TW, tag with systemConfig, save and reload your TW.\nEdit the ViewTemplate to add the fullscreen command to the toolbar.\n\n!!!Syntax:\n{{{<<timeline better:true>>}}}\n''the param better:true enables the advanced features, without it you will get the old timeline behaviour.''\n\nadditonal params:\n(use only the ones you want)\n{{{<<timeline better:true onlyTag:Tag1 excludeTag:Tag2 sortBy:modified/created firstDay:YYYYMMDD maxDays:7 maxEntries:30>>}}}\n\n''explanation of syntax:''\nonlyTag: only tiddlers with this tag will be listed. Default is to list all tiddlers.\nexcludeTag: tiddlers with this tag will not be listed.\nsortBy: sort tiddlers by date modified or date created. Possible values are modified or created.\nfirstDay: useful for starting timeline from a specific date. Example: 20060701 for 1st of July, 2006\nmaxDays: limits timeline to include only tiddlers from the specified number of days. If you use a value of 7 for example, only tiddlers from the last 7 days will be listed.\nmaxEntries: limit the total number of entries in the timeline.\n\n\n!!!History:\n*28-07-06: ver 0.5 beta, first release\n\n!!!Code\n***/\n//{{{\n// Return the tiddlers as a sorted array\nTiddlyWiki.prototype.getTiddlers = function(field,excludeTag,includeTag)\n{\n var results = [];\n this.forEachTiddler(function(title,tiddler)\n {\n if(excludeTag == undefined || tiddler.tags.find(excludeTag) == null)\n if(includeTag == undefined || tiddler.tags.find(includeTag)!=null)\n results.push(tiddler);\n });\n if(field)\n results.sort(function (a,b) {if(a[field] == b[field]) return(0); else return (a[field] < b[field]) ? -1 : +1; });\n return results;\n}\n\n\n\n//this function by Udo\nfunction getParam(params, name, defaultValue)\n{\n if (!params)\n return defaultValue;\n var p = params[0][name];\n return p ? p[0] : defaultValue;\n}\n\nwindow.old_timeline_handler= config.macros.timeline.handler;\nconfig.macros.timeline.handler = function(place,macroName,params,wikifier,paramString,tiddler)\n{\n var args = paramString.parseParams("list",null,true);\n var betterMode = getParam(args, "better", "false");\n if (betterMode == 'true')\n {\n var sortBy = getParam(args,"sortBy","modified");\n var excludeTag = getParam(args,"excludeTag",undefined);\n var includeTag = getParam(args,"onlyTag",undefined);\n var tiddlers = store.getTiddlers(sortBy,excludeTag,includeTag);\n var firstDayParam = getParam(args,"firstDay",undefined);\n var firstDay = (firstDayParam!=undefined)? firstDayParam: "00010101";\n var lastDay = "";\n var field= sortBy;\n var maxDaysParam = getParam(args,"maxDays",undefined);\n var maxDays = (maxDaysParam!=undefined)? maxDaysParam*24*60*60*1000: (new Date()).getTime() ;\n var maxEntries = getParam(args,"maxEntries",undefined);\n var last = (maxEntries!=undefined) ? tiddlers.length-Math.min(tiddlers.length,parseInt(maxEntries)) : 0;\n for(var t=tiddlers.length-1; t>=last; t--)\n {\n var tiddler = tiddlers[t];\n var theDay = tiddler[field].convertToLocalYYYYMMDDHHMM().substr(0,8);\n if ((theDay>=firstDay)&& (tiddler[field].getTime()> (new Date()).getTime() - maxDays))\n {\n if(theDay != lastDay)\n {\n var theDateList = document.createElement("ul");\n place.appendChild(theDateList);\n createTiddlyElement(theDateList,"li",null,"listTitle",tiddler[field].formatString(this.dateFormat));\n lastDay = theDay;\n }\n var theDateListItem = createTiddlyElement(theDateList,"li",null,"listLink",null);\n theDateListItem.appendChild(createTiddlyLink(place,tiddler.title,true));\n }\n }\n }\n\n else\n {\n window.old_timeline_handler.apply(this,arguments);\n }\n}\n//}}}
Need free, east to set up, pre-packaged web applications such as Drupal, Wordpress, MediaWiki, Joomla, Blosxom or many others that you can easily install as a bundle either natively on your host, in a cloud, or in a Virtual Machine? BitNami may be your answer. With BitNami packages and a few clicks you can have a whole application stack installed on a wide variety of platforms, including Mac OS X, in a very short time. \n\nSee http://bitnami.org/
From the dictionary:\n\n<<<\nTHE RIGHT WORD \n\nBrusque, which comes from an Italian word meaning rude, describes an abruptness of speech or manner that is not necessarily meant to be rude (: a brusque handshake; | a brusque reply). \n\nCurt is more deliberately unfriendly, suggesting brevity and coldness of manner (: a curt dismissal).\n\nThere's nothing wrong with being blunt, although it implies an honesty and directness that can border on tactlessness (e.g. a blunt reply to his question about where the money went).\n\nSomeone who is bluff is usually more likable, possessing a frank, hearty manner that may be a little too outspoken but is seldom offensive (: a bluff man who rarely minced words).\n\nExhibiting gruff or surly behavior will not win friends, since both words suggest bad temper if not rudeness. But gruff is used to describe a rough or grouchy disposition and, like bluff, is applied more often to a man.\n\nAnyone who has had to deal with an overworked store clerk while shopping during the holidays knows the meaning of surly, which is worse than gruff. It describes not only a sour disposition but an outright hostility toward people, and it can apply to someone of either sex (: that surly woman at the customer service desk).\n<<<
Best Practices for reporting bugs to Apple.\n\nThis document is also relevant to others who wich to understand how to effectively report problems. \n\nhttp://developer.apple.com/bugreporter/bugbestpractices.html
Yes.\n\nA machine can have a domain name, say horton.farsef.com, but not have an IP address or DNS entry. horton.farsef.com can be connected to farsef.com via uucp, which does not require an IP address. Email and files can be sent to and from horton.farsef.com using the domain name with farsef.com acting as a gateway.
Not really. \n\nWeb search engines haven't really used metatag keywords found in web pages for many years as they were a lose. One could merely attempt to overload a page or site with keywords to increase how it was indexed. Instead web search engines build reelvancy about a page or site based on content and also on how other sites with that same content relate to your site. Therefore the best way to increase relevance for any search term is to include more content about the search phrase on your site or page and have other sites that also have content about the term to link to your page and you theres. This is less easy to overload and leads to search sites providing more relevant return results. \n\nFor more on this topic see:\nhttp://searchenginewatch.com/sereport/article.php/2165061
!Web\n!!General FAQs and resources\n* [[The FAQ FAQ|http://www.faqs.org/faqs/]]\n* [[TCP/IP FAQ|http://www.faqs.org/faqs/internet/tcp-ip/tcp-ip-faq/part1/]]\n* RFC 1855 - [[Netiquette Guidelines|http://www.faqs.org/rfcs/rfc1855.html]]\n* [[Mailing List Etiquette FAQ|http://www.gweep.ca/~edmonds/usenet/ml-etiquette.html]]\n* [[A Primer on How to Work With the Usenet Community|http://www.faqs.org/faqs/usenet/primer/part1/]] (directed towards Usenet, but has many relevant points)\n\n!!Apple\n*Download the documentation for Mac OS X Server from http://www.apple.com/server/documentation/\n*Apple's Developer site features a wealth of documentation and examples and is located at http://developer.apple.com/\n\n!!Third Parties\n*http://www.afp548.com/ offers a wealth of articles on Mac OS X.\n*[[O'Reilly and Associates Mac Develeper Center|http://www.macdevcenter.com/]]\n*[[Mac OS X Server FAQ Wiki|http://www.macos-x-server.com/wiki/index.php?title=Main_Page]] is an unoffical FAQ list for Apple's OS X Server Admin mailing list. \n*http://www.macenterprise.org macenterprise.org offers how-tos, tutorials, webcasts, presentations and software for using Mac OS X in enterprises, education, and other organizations.\n*http://www.bombich.com/ bombich.com Mike Bombich's Site - great source for information on how to deploy OS X, as well as home to some very useful utilities.\n*http://www.entropy.ch entropy.ch has binariies of the latest version of [[http://www.php.net PHP]] and other pre-built software. \n\n\n!Mailing Lists\nApple's [[Mac OS X Server Admin|http://lists.apple.com/mailman/listinfo/macos-x-server]] list\nThe OmniGroup's [[Mac OS X Admin|http://www.omnigroup.com/mailman/listinfo/macosx-admin]] list\n\n
!!Problem\nYou want to capture either the entire or part of the screen (with cmd-shift-3 or cmd-shift-4) but don't like the format in which the files are being saved.\n\n!!Solution\nChange the default format:\n\n{{{\ndefaults write com.apple.screencapture type <image-format>\n}}}\nwhere <image-format> is pdf, jpg, gif, bmp, pict, tiff
A message can be displayed as part of the login screen. This message is stored in /Library/Preferences/com.apple.loginwindow.plist as the LoginwindowText property.\n\nThis can be edited by hand in the .plist or you can use `defaults`: \n{{{\n/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText -string "Your AUP Blah Blah Blah"\n}}}\n\nFont size can be set using: \n{{{\n/usr/bin/defaults write /Library/Preferences/com.apple.loginwindow LoginwindowText-FontSize "nn"\n}}}
!!Problem\nInstead of having the Host Name as the default field on the login screen, you want to display SystemVersion, SystemBuild, SerialNumber, IPAddress, DSStatus, or Time\n\n!!Solution\nUse defaults to write the AdminHostInfo property:\n{{{\ndefaults write /Library/Preferences/com.apple.loginwindow AdminHostInfo <desired field>\n}}}\nwhere <desired field> is one of the values HostName, SystemVersion, SystemBuild, SerialNumber, IPAddress, DSStatus, or Time.\n\n!!Kudos\nAFP548
!Code\n<<tagging Code>>
!Commentary, Rants and Rambles\n<<tagging Commentary>>
Under Tiger, Leopard and Snow Leopard Server the option for Internet Sharing is disabled in Server Preferences, not allowing you to configuring Internet Sharing for the Airport card. This functionality can be restored by temporarily removing a file and then enabling Internet Sharing in Server Preferences. Afterwords the file should be restored. \n\n{{{\n# mv /System/Library/CoreServices/ServerVersion.plist /\n}}}\n\nThen open Server Preferences and enable Internet Sharing as normal. Afterwords, move the file back:\n\n{{{\n# mv /ServerVersion.plist /System/Library/CoreServices/\n}}}
Starting with Mac OS X 10.4.3 Sieve now works out of the box, but needs to be properly configured for operations. This involves two simple steps.\n\n!!Sieve directory ownership\nThe /usr/sieve directory ships w/o the correct ownership. (This is intentional.) To configure sieve for operations it must be owned by the cyrus user, which on Tiger is cyrusimap. \n\n{{{\n# chmod cyrusimap /usr/sieve\n}}}\n\n!!/etc/services\nYou must add a named services entry for the sieve service. Open /etc/services in your favorite editor and add an entry for sieve at the appropriate location (or change the listing for the callbook entry.)\n\n{{{\nsieve 2000/tcp # timsieved\n}}}\n
<html><p><p><p><p></html>\n\n''iWiring''\nPO Box 1915\nNew York, NY 10101\n\n__Telephone:__\n1-646-402-5293\n1-714-363-1174\n\n__AIM:__ iWiring\n__email:__ iwiring@iwiring.net\n\nThe general mailbox for contacting iWiring is iWiring@iwiring.net. If you are an iWiring client then you should also have received direct contact information for your Primary Field Engineer as well as specific contact procedures for obtaining support. \n\nOur PGPKeys are also available for secure communications.
!Cool Technologies\n<<tagging CoolTech>>
Creating a DVD image from a unencrypted VIDEO_TS folder\n{{{\n$ mkdir DVDNAME\n$ mv /path/to/VIDEO_TS DVDNAME/\nhdiutil makehybrid -o DVDNAME DVDNAME -udf\n}}}\nThe resulting .iso can be burned with DIsk Utility.
"Disk to Disk"
"DTrace is a comprehensive dynamic tracing framework for the Solaris™ Operating Environment. DTrace provides a powerful infrastructure to permit administrators, developers, and service personnel to concisely answer arbitrary questions about the behavior of the operating system and user programs."\n\n''DTrace Project Page''\nhttp://www.opensolaris.org/os/community/dtrace/\n\n''The Solaris™ Dynamic Tracing (DTrace) Guide''\nhttp://docs.sun.com/app/docs/doc/817-6223 [PDF]\n\n''DTrace - An Introduction''\nhttp://www.snpnet.com/sun_DTrace/dtrace_flash.html [Flash WebCast]\n\n''DTrace Tools and Examples''\nhttp://www.brendangregg.com/dtrace.html\n\n''Online DTrace Scripts''\nhttp://blogs.sun.com/roller/page/bud?catname=%2Fone-line-dtrace\n\n''DTrace links''\nhttp://uadmin.blogspot.com/2005/03/dtrace-links.html
Dan Shoop
! Intro\nA very good article by Rob Siemborski at http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/WhatDatabaseBackend describes the various Cyrus backend database options and makes recommendations for which to use for which Cyrus databases. The material below is taken from that article. \n\n! Database choices\n<html>\n<p />\nA brief summary of the three major database types:\n<p /> <ul>\n<li> Berkeley DB: Slow enumeration, fast random access, fast write, binary support. However, it has proved to be somewhat unstable and prone to locking problems.\n</li> <li> Berkeley DB (no sync): Slow enumeration, fast random access, very fast write, binary support, but no guarantee of database durability; recent writes can be lost on crashes.\n</li> <li> Skiplist: Proprietary Cyrus Format, fast enumeration, moderately fast write, moderately fast random access, binary support\n</li> <li> Flat: Easy to maintain format, fast enumeration, very slow write, moderate random access, no binary support\n</li></ul> \n</html>\n\n! Current Recommendations\n<html>\nNote: if you are having the Berkeley DB locking problem, the following entries become\n 'skiplist'\n<p />\nNote: 'berkeley' in 2.2 is the same as 'db3' in 2.1. Note also that while the original message is quoted as using configure options, Cyrus 2.2.3 and later can support runtime configuration of the database choices (see imapd.conf(5)).\n<p />\n<pre>\n&#62; --with-duplicate-db&#61;DB use DB (db3, skiplist) as a backend\n&#62; for the duplicate delivery db\n</pre>\n<p />\n<strong>berkeley_nosync</strong>, since the worst part about losing this is that someone might\nget a vacation message twice. It also needs fast lookups.\n<p />\n<pre>\n&#62; --with-mboxlist-db&#61;DB use DB (flat, db3, skiplist) as a backend\n&#62; for the mailbox list\n</pre>\n<p />\n<strong>skiplist</strong>. You need fast list operations and good consistency in the\nevent of a crash. Also, since the mailboxes database is a frequent source of\nlock contention, the speed of skiplist writes reduces the amount of time\nany process is waiting to use the file.\n<p />\n<pre>\n&#62; --with-seen-db&#61;DB use DB (flat, db3, skiplist) as a backend\n&#62; for the seen state (Default: flat)\n</pre>\n<p />\n<strong>skiplist</strong>. Writes happen very frequently to this file so the logging\nnature of skiplist can give good performance (it also helps to have good\nconsistency here)\n<p />\n<pre>\n&#62; --with-subs-db&#61;DB use DB (flat, db3, skiplist) as a backend\n&#62; for the subscriptions list\n</pre>\n<p />\n<strong>flat</strong>. You need fast list performance, and write operations don't happen\noften to this database, and it might be useful to be able to modify it\nby hand. Also, flat files tend to be smaller than skiplist copies of the\nsame data.\n<p />\n<pre>\n&#62; --with-tls-db&#61;DB use DB (db3, skiplist) as a backend\n&#62; for the TLS cache (Default: db3&#95;nosync)\n</pre>\n<p />\n<strong>berkeley_nosync</strong>. for the similar reasons to the deliver database (you need\nfast lookups and if the db bites the dust, it's not a big deal).\n<p />\n<h3><a name="The_following_are_only_available"></a> The following are only available in 2.2 </h3>\n<p />\n<pre>\n&#62; --with-pts-db&#61;DB use DB (berkeley, skiplist) as a backend\n&#62; for the pts cache\n</pre>\n<p />\n<strong>berkeley</strong>. The need for fast random access is key for the PTS database.\nThis database may be able to be successfully used in a <code>nosync</code> mode, though\nwrites tend to be semi-infrequent compared to the TLS db and the deliver DB.\n<p />\n<pre>\n&#62; --with-annotation-db&#61;DB use DB (berkeley, skiplist) as a backend\n&#62; for the mailbox annotations\n</pre>\n<p />\n<strong>skiplist</strong>. annotations are frequently enumerated, so the random access benefits of berkeley\ncan be lost, which makes this almost a toss up, slightly in favor of skiplist (Because\nit avoids the locking issues).\n<p />\n</html>\n\n! Converting Databases\n[[An artcile at AFP548|http://www.afp548.com/forum/viewtopic.php?forum=26&showtopic=9288]] describes a script that was used for converting the Pather Cyrus databases to the formats used in Tiger based on the script used as part of the Pather to Tiger migration in OS X. It effectively removes Berkeley DB4 from the mix. \n\n{{{\n#!/bin/sh\n#\n# Converts cyrus databases to skiplist format\n# For Panther Server ONLY\n# Modified from Apple's "upgrade" script that \n# is used when an upgrade to Tiger is performed\n#\n\nBACKUP="1 2 3 4 5 6 7 8 9"\nUSER_DIR="a b c d e f g h i j k l m n o p q r s t u v w x y z"\nCY_PATH="/usr/bin/cyrus/bin"\nIMAPD_CONF="/etc/imapd.conf"\nIMAPD_CONF_TMP="/etc/imapd.conf.upgrade.tmp"\n\n\n###################\n# Is there an imap config file\n\nif [ ! -e "$IMAPD_CONF" ] ; then\necho "Unable to upgrade mail database due to missing config file: $IMAPD_CONF" \nexit 0\nfi\n\n\n###################\n# Get the path to the mail database and verify that it exists\n\nDB_PATH="`/usr/bin/grep "configdirectory" "$IMAPD_CONF" | sed 's/^.*://' | sed -e 's/^ *//'`"\n\nif [ ! -d "$DB_PATH" ] ; then\necho "Mail database path: $DB_PATH does not exist" \nexit 0\nfi\n\n\n###################\n# Upgrade mail databases\n\ncd "$DB_PATH"\n\n###################\n# Delete old mail db files\n\nif [ -d "$DB_PATH/db" ] ; then\ncd "$DB_PATH/db"\n/bin/rm -rf *\nfi\n\n\n###################\n# Delete backups\n\nfor X in $BACKUP\ndo\nif [ -d "$DB_PATH/db.backup$X" ] ; then\ncd "$DB_PATH/db.backup$X"\nfor backup_file in *\ndo\n/bin/rm "$backup_file"\ndone\nfi\ndone\n\n\n###################\n# Delete deliver and tls session database files\n\nif [ -e "$DB_PATH/deliver.db" ] ; then\n/bin/rm "$DB_PATH/deliver.db"\nfi\n\nif [ -e "$DB_PATH/tls_sessions.db" ] ; then\n/bin/rm "$DB_PATH/tls_sessions.db"\nfi\n\n\n###################\n# Upgrade mailboxes.db if it exists\n\n# First check for mailboxes.db\n# If it exists set mboxlist_db key to berkeley in imapd.conf\n# Then convert the mailboxes.db file form Berkeley DB to test\n# Remove the mboxlist_db key from imapd.conf\n# Import mailboxes into new mailboxes.db as skiplist\nif [ -e "$DB_PATH/mailboxes.db" ] ; then\n\n###################\n# Set mboxlist_db key to berkeley in imapd.conf\nif /usr/bin/grep "mboxlist_db" "$IMAPD_CONF" > /dev/null ; then\nsed -e '/mboxlist_db/d' "$IMAPD_CONF" > "$IMAPD_CONF_TMP"\nif [ -e "$IMAPD_CONF_TMP" ] ; then\n/bin/rm "$IMAPD_CONF"\n/bin/mv "$IMAPD_CONF_TMP" "$IMAPD_CONF"\nfi\nfi\n\nif ! /usr/bin/grep "mboxlist_db" "$IMAPD_CONF" > /dev/null ; then\necho "mboxlist_db: berkeley" >> "$IMAPD_CONF"\nfi\n\n###################\n# Create skipstamp so that cyrus doesn't complain\n/usr/bin/sudo -u cyrus touch "$DB_PATH/db/skipstamp"\n\n###################\n# Convert mailboxes.db to text file\n/usr/bin/sudo -u cyrus "$CY_PATH/ctl_mboxlist" -d > "$DB_PATH/mailboxes.txt"\n/usr/bin/sudo -u cyrus /bin/mv "$DB_PATH/mailboxes.db" "$DB_PATH/mailboxes.db.old"\n\n###################\n# Remove newly created db files\nif [ -d "$DB_PATH/db" ] ; then\ncd "$DB_PATH/db"\n/bin/rm -rf *\nfi\n\n###################\n# Create skipstamp so that cyrus doesn't complain\n/usr/bin/sudo -u cyrus touch "$DB_PATH/db/skipstamp"\n\n###################\n# Remove mboxlist_db key from config file\nsed -e '/mboxlist_db/d' "$IMAPD_CONF" > "$IMAPD_CONF_TMP"\nif [ -e "$IMAPD_CONF_TMP" ] ; then\n/bin/rm "$IMAPD_CONF"\n/bin/mv "$IMAPD_CONF_TMP" "$IMAPD_CONF"\nfi\n\n###################\n# Set default mboxlist_db key to skiplist\necho "mboxlist_db: skiplist" >> "$IMAPD_CONF"\n\n###################\n# Import user mailboxes to new skiplist format\nif [ -e "$DB_PATH/mailboxes.txt" ] ; then\n/usr/bin/sudo -u cyrus "$CY_PATH/ctl_mboxlist" -u /bin/rm "$DB_PATH/mailboxes.txt"\nfi\nfi\n\n###################\n# Convert individual user seen.db files to skiplist\n# Go to each user directory from a - z and look for .seen files and convert\n\nfor dir in $USER_DIR\ndo\nif [ -d "$DB_PATH/user/$dir" ] ; then\ncd "$DB_PATH/user/$dir"\nWORKING_DIR=`pwd`\nfor file in `find . -name \s*.seen`\ndo\n/bin/mv "$WORKING_DIR/$file" "$WORKING_DIR/$file.old"\n/usr/bin/sudo -u cyrus "$CY_PATH/cvt_cyrusdb" "$WORKING_DIR/$file.old" flat "$WORKING_DIR/$file" skiplist >/dev/null\ndone\nfi\ndone\n\n###################\n# Remove seenstate_db key from config file\nif [ -e "$IMAPD_CONF" ] ; then\nif /usr/bin/grep "seenstate_db" "$IMAPD_CONF" > /dev/null ; then\nsed -e '/seenstate_db/d' "$IMAPD_CONF" > "$IMAPD_CONF_TMP"\nif [ -e "$IMAPD_CONF_TMP" ] ; then\n/bin/rm "$IMAPD_CONF"\n/bin/mv "$IMAPD_CONF_TMP" "$IMAPD_CONF"\nfi\nfi\n\nif ! /usr/bin/grep "seenstate_db" "$IMAPD_CONF" > /dev/null ; then\necho "seenstate_db: skiplist" >> "$IMAPD_CONF"\nfi\nfi\n\n###################\n# Add duplicate_db and tlscache_db keys to config file, setting their \n# values for skiplist Added by Bryan Hill 10-4-2005\n# When cyrus is restarted after this script is run, new deliver.db and \n# tls_sessions.db will be created, using skiplist format\n\nif ! /usr/bin/grep "duplicate_db" "$IMAPD_CONF" > /dev/null ; then\necho "duplicate_db: skiplist" >> "$IMAPD_CONF"\nfi\n\nif ! /usr/bin/grep "tlscache_db" "$IMAPD_CONF" > /dev/null ; then\necho "tlscache_db: skiplist" >> "$IMAPD_CONF"\nfi\n\n#End script\n}}}\n
[[About iWiring]]\n[[Now Accepting Support Orders Online! -- Basic Annual Support Agreement]]\n[[Contact]]\n
Example systems and network diagrams.\n(Select from the list to the left.)
!System and Network Diagrams and DIscussions\n<<tagging Diagrams>>
You can place Directory Services into debugging mode by sending it the USR1 signal. For example: \n{{{\nsudo killall -USR1 DirectoryService\n}}}\n\nYou can then consult the logs at /Library/Logs/DirectoryService/DirectoryService.debug.log:\n{{{\ntail -f /Library/Logs/DirectoryService/DirectoryService.debug.log | grep ADPlug\n}}}\nYou should reboot after you are finished debugging to bring DirectoryService out of debug mode.
''Read iWiring's Dan Shoop comment on Disaster Recovery in a case study in the April 2006 issue of [[MacUser (UK) Magazine|http://www.pcpro.co.uk/macuser/features/84574/when-disaster-strikes.html]].'' Use the above link to the full article or read the excerpt below. \n\n''Case study''\nLearning the hard way...\n\nThankfully, disasters such as that at Buncefield are rare, but every business must consider the consequences of lesser fires, storms and the like. Dan Shoop (www.iwiring.net) has been supporting business computing systems for 25 years.\n\nIn the early nineties, he was working for a software house that developed and supported software used by US banks to perform book-entry transactions with the Federal Reserve Bank. Half their offices, on the 27th floor of a building in the Wall Street area of New York, had just been remodelled and staff were happily settling into their enhanced surroundings.\n\nWatching the evening news, Dan saw there had been a fire in the city, and as he watched the scenes of the drama unfold he suddenly thought: 'That's my building!' Expecting the company's disaster recovery plan to be brought into action, he was concerned when his phone didn't ring. He called the facilities manager to ask what was going on. Dan was reassured that the fire was on the 36th floor and therefore too far away to be a threat.\n\nThe following morning, however, they were shocked to walk into a disaster scene. As he reflects now: 'It's important to note that firemen tend to put fires out with water, and water runs downhill.' While the fire had not come near their offices, the water soaked the tiles in the lovely, new, suspended ceilings. These had expanded and collapsed over the workstations, covering them in up to a metre of soggy oatmeal-like debris. The floors were flooded to a depth of a few centimetres and all the paper files were ruined.\n\nBeing software developers for high-powered systems, those workstations were neither cheap nor easy to replace, and some legacy systems such as Lisas were gone forever. A mixture of VAXen, Alphas, Suns, NeXT cubes, Macs and a few PCs had to be written off. The servers, however, which carried complete backups, were dry and safe in their dedicated suite, so there had been no risk of data loss. Even if they had been damaged, thorough planning ensured that backups were kept off-site, as well.\n\nUnfortunately, interruptions to the company's services could be costly to its clients. Banks that were late in clearing with the Federal Reserve were fined, perhaps as much as $250,000 per hour. If there were problems that needed developer support, those banks would have to fall back on their business continuity plans to clear transactions manually until that support was restored. Thanks to close relationships with their hardware suppliers, Dan had replacement workstations being installed in an adjacent, undamaged part of the building the next day. By the end of the week, all the staff were up and running again. Despite the initial surprise at the disaster, their contingency plans had worked and the business continued. But, as Dan says: 'We didn't have the fire, but we had the damage.'\n\nTesting your recovery plan is essential for strengthening it, Dan emphasises. When he became responsible for the care of systems for Sesame Street's online operations, the policy was not to perform complete backups of their servers as it wasn't worth doing so, just as some claim with OS X and OS X Server. It had been argued that, as each of the servers was considered to be identical in its operating system, duplicating backups of the common software was a waste of media and time.\n\nBut when this recovery plan was tested, it became clear that the individual servers were not as similar as had been assumed. Although their recovered servers worked acceptably, there had been subtle but significant differences. As a result, the policy changed and complete backups were made of each. In the event that they had to recover 'from bare metal', they would then have emergency boot disks, complete with the necessary recovery tools, ready to restore the entire system. Dan considers testing to be an essential part of the development of any plan, saying: 'Any untested plan is pretty well useless.'\n\nLike many living on the east coast of America, Dan has also had to invoke his home office recovery plans. A few years ago, a hurricane caused almost no structural damage, but took out two Class 1 communication switching stations. Although prepared to the hilt for loss of communications with DSL, cable, dial-up and cellular phone connections to the Internet, he had to drive out of area to connect to his backup MX mail server over the following four days. Local businesses with significant online sales that ran their own servers were most affected; those with sites hosted elsewhere were able to continue trading.\n\nDan emphasises the importance of business continuity - 'what you are going to do to make sure that your business is continuing' - while you recover from disaster. This requires an explicit, written policy with clearly defined goals, a strategy to tackle each of the issues and detailed implementation instructions. If you don't have those, you will go out of business.
!Problem\nThe Finder hides all sorts of files from the user, such as dot-files (those files whose names begin with a "." or period), as well as certain locations in the filesystem (such as /private, /Volumes, ...). You want to have many of these files listed in Finder displays. \n\n!Solution\nThe behavior for the Finder to display some hidden files is controlled by a preference setting not exposed to the user through a graphical interface but which can be set by modifying the Finder's property list preferences. These are encoded in XML or binary (the latter starfting with OS X 10.4 Tiger) and can be manipulated using the `defaults` tool. \n\nTo set the Finder to display hidden files:\n{{{\ndefaults write com.apple.finder AppleShowAllFiles TRUE\n}}}\nSwitch TRUE to FALSE to return to the normal behavior. \n\nThen restart, log out, or restart (HUP) the Finder to affect the change.\n
!Broker Connection\nObtain an IPv4 tunnel through a broker such as [[Huricane Electric|http://tunnelbroker.net/]]\n\n!Configure Tunnel\n{{{\n$ipv4a = tunnel server's IPv4 IP\n$ipv4b = user's IPv4 IP\n$ipv6a = tunnel server's side of point-to-point /64 allocation\n$ipv6b = user's side of point-to-point /64 allocation\n\nifconfig gif0 tunnel $ipv4b $ipv4a\nifconfig gif0 inet6 $ipv6b $ipv6a prefixlen /128\nroute -n add -inet6 default $ipv6a\n}}}\nWhen behind a firewall appliance that passes protocol41, instead of using the IPv4 endpoint you provided to our broker, use the NAPT IPv4 static IP address or the dynamic one you get from your appliance's DHCP service.\n\n!Test\n{{{\n$ ping6 2001:470:1f06:b13::1\nPING6(56=40+8+8 bytes) 2001:470:1f06:b13::2 --> 2001:470:1f06:b13::1\n16 bytes from 2001:470:1f06:b13::1, icmp_seq=0 hlim=64 time=16.317 ms\n16 bytes from 2001:470:1f06:b13::1, icmp_seq=1 hlim=64 time=18.838 ms\n16 bytes from 2001:470:1f06:b13::1, icmp_seq=2 hlim=64 time=18.742 ms\n16 bytes from 2001:470:1f06:b13::1, icmp_seq=3 hlim=64 time=16.798 ms\n16 bytes from 2001:470:1f06:b13::1, icmp_seq=4 hlim=64 time=32.338 ms\n16 bytes from 2001:470:1f06:b13::1, icmp_seq=5 hlim=64 time=342.346 ms\n16 bytes from 2001:470:1f06:b13::1, icmp_seq=6 hlim=64 time=283.867 ms\n16 bytes from 2001:470:1f06:b13::1, icmp_seq=7 hlim=64 time=16.764 ms\n16 bytes from 2001:470:1f06:b13::1, icmp_seq=8 hlim=64 time=16.628 ms\n16 bytes from 2001:470:1f06:b13::1, icmp_seq=9 hlim=64 time=16.291 ms\n^C\n--- 2001:470:1f06:b13::1 ping6 statistics ---\n10 packets transmitted, 10 packets received, 0% packet loss\nround-trip min/avg/max = 16.291/77.893/342.346 ms\n}}}
Quoted from http://www.river.com/users/share/etiquette/\n\n<<<\nIncluding bogus legalistic terms in your messages, like those some brain-dead lawyers want everyone to put on their faxes, is a waste of everyone's time. It most certainly does not protect any proprietary information you might send. For protection, you need to encrypt.\n\nThe boilerplate false and insulting claims of confidentiality and privilege often take a form like this:\n{{{\n This e-mail and any attachments are confidential and privileged.\n If you are not the intended recipient, please notify the sender\n immediately and destroy this message. You may not store,\n forward, distribute, ... upon pain of legal action.\n}}}\nFirst, such boilerplate contains useless adhesions, meaning the explicit and implied threats they make are particularly annoying. If you send something via email, the recipients (are you sure you aren't sending to a mailing list?) and anyone else who sees your clear text postcard in transit can undetectably and with full deniability do whatever they want with the information written on it in plain view. Even casual users of email know email is not a secure communications medium. Thus the threats in typical bogus legalistic boilerplate are naught but an attempt at highly improper intimidation. Demands made in this manner will be regarded as evidence of a hostile attitude on your part by a significant portion of recipients. The threats will negatively affect how your recipients perceive the other ideas in your message.\n\nSecond, in the case of mailing lists (are you sure the address to which you sent isn't one?) or USENET posts, falsely claiming a message is "confidential and privileged" is simply too stupid for words. Trying to make your terms adhere to the entire world without a meeting of the minds is beyond wild. If confidentiality were an issue, you wouldn't be broadcasting the message, now would you? You almost certainly wish to avoid gratuitously insulting your recipients that way.\n\nThird, such legalistic boilerplate a waste of bandwidth and disk space. Since they serve no useful purpose, such adhesions are certainly more of a waste than a typical 4 line signature (which often contains useful contact information for the sender). Showing respect for your recipients resources, by not including a signature greater than 4 lines long, will usually cause your message to be viewed in a more favorable light.\n\nIn the end, domains that habitually/automatically include such threats, gratuitous insults, and wastes of space on their users' messages likely end up blacklisted. Individual senders who think it's cool to play dress-up and include such bogus disclaimers end up having their messages automatically discarded, unread, by many recipients. Ironically, this is only giving the sender what they explicitly ask for, as the bogus disclaimers always seem to demand the message be destroyed.\n\nAvoid those fates. Don't include bogus legalistic boilerplate on your messages. If you have a confidential and privileged message, encrypt it to the recipient's public key instead.\n<<<
<div class='toolbar' macro='toolbar +saveTiddler -cancelTiddler deleteTiddler'></div>\n<div class='title' macro='view title'></div>\n<div class='editor' macro='edit title'></div>\n<div class='editor' macro='edit text'></div>\n<div class='editor' macro='edit tags'></div><div class='editorFooter'><span macro='message views.editor.tagPrompt'></span><span macro='tagChooser'></span></div>
!!Enabling timsieved\ntimsieved is the mail filter deamon for Cyrus. You can enable it under Mac OS X Server with the following procedure:\n\nFirst, edit /etc/services to include the service port by adding the following lines:\n{{{\n# Modification for sieve implementation\nsieve 2000/tcp # timsieved\n}}}\n\nNext create a sieve directory in /etc to hold the users' sieve scripts\n{{{\n# mkdir -p /usr/sieve\n}}}\nThis is the default location in the distrbuted /etc/cyrus.conf file. Modify that if you wish to locate the users' scripts at another location.\n\nGrant rights to the cyrusimap user and mail group to match the following:\n{{{\ndrwxr-xr-x 4 cyrusima mail 136 Dec 5 16:01 sieve\n}}}\nYou can do this with a commands like:\n{{{\n# chmod u=rwx,g=rx,o=rx /etc/sieve\n# chown cyrusimap:mail /etc/sieve\n}}}\n\nThen restart the mail server.\n\nIf you have webmail enabled for your users there's a Squirrelmail plugin for timsieved available at http://www.squirrelmail.org/plugin_view.php?id=73 which will let users create sieve rules using a nice, easy to use web interface. \n\n!!Enabling notifyd from sieve\n\nEdit /etc/cyrus.conf and uncomment the following line (by removing the hash):\n{{{\n# notify cmd="notifyd" listen="/var/imap/socket/notify" proto="udp" prefork=1\n}}}\nAlso replace the following line: \n{{{\ncmd="notifyd"\n}}}\nwith\n{{{\ncmd="cyrus-notifyd"\n}}}
!Problem\nVersions of OS X greater than 10.1.x no longer display panic information, but instead display a "cute graphic" which provides no useful information. \n\n!Solution\nEnable the previous, text based, behavior\n\nYou can enable this behavior by including the bit value {{{0x100}}} in the {{{debug}}} boot-time argument. Doing so will result in text based panic data being displayed on th OS X system's console.
The following examples were posted by Stephen <sdw2@shineonline.co.nz> to the Apple OS X Server mailing list:\n\n!Scripting updates to OD\n\nNote: Attribute descriptions shown in the output of the "dscl -read" command often don't have the same name as the actual attribute name in the LDAP database underlying Open Directory. To find out ldap attribute names, add the value to Workgroup Manager, then use \nldapsearch -x -b <base dn> e.g. ldapsearch -x -b dc=ourdomain,dc=co,dc=nz uid=ldap1 (where ldap1 is the userid of the record we're interested in.) \n\nTerminology: LDAP "attributes" are analagous to "properties" in dscl\n\nThe commands below are run on the OD master server.\n\n!!Viewing the directory\nHow to read the list of users on the system in the directory\n{{{\ndscl localhost -list /LDAPv3/\n}}}\n\nShow sn value for all directory users (that have text in sn)\n{{{\ndscl localhost -list /LDAPv3/ sn\n}}}\n\nRead all attributes for record ldap1\n{{{\ndscl localhost -read /LDAPv3/\n}}}\n\nRead sn attribute for record ldap1\n{{{\ndscl localhost -read /LDAPv3/ sn\n}}}\n\nRead list of values available in the directory\n{{{\ndscl localhost -list /LDAPv3/\n}}}\n\n!!Updating the directory\nCommands available include append, create, merge, and change. "man dscl" provides the details. In particular, create will create new properties/values and if properties/values already exist they will be overridden with the properties supplied.\n\nAdd new user ldap2\n{{{\ndscl -p -u diradmin /LDAPv3/ -create /Users/ldap2\ndscl -p -u diradmin /LDAPv3/ -create /Users/ldap2 UniqueID 1234\n}}}\n(and continue lines for rest of attributes)\n\nUpdate description for user ldap1\n{{{\ndscl -p -u diradmin /LDAPv3/ -create /Users/ldap1 description line1\n}}}\n\nAdd two email addresses to the email attribute in the info tab (multivalued attribute)\n{{{\ndscl -p -u diradmin /LDAPv3/ -create /Users/ldap1 mail addr1 addr2\n}}}\n\nNote: The comment field in the Advanced tab of Workgroup Manager has the attribute name "description" in the directory. The comment field is single valued, but will allow multiple lines of data in this field (dscl docs don't say how to add multiple lines programmatically).\n\nNote2: I saw a comment that one can add the commands to be executed by dscl in a file, and then run the file into dscl but haven't tried it...\n{{{\ncreate /Users/username\ncd /Users/username\ncreate . RealName "my name"\ncreate . UniqueID 504\n}}}\netc.\n\nAnd then run this:\n{{{\ndscl /LDAPv3/ < inputfile.txt\n}}}\n\n\n!!Deleting values from the directory\nDelete a single value\n{{{\ndscl -u diradmin /LDAPv3/ -delete /Users/ldap1 mail addr2\n}}}\n\nDelete the property and any values associated\n{{{\ndscl -u diradmin /LDAPv3/ -delete /Users/ldap1 mail\n}}}\n
A file can have its ACL (or other EA metadata) modified but is it "updated"? The file isn't updated in the sense that any of its date metadata changes. \n\n!!!find\nfind doesn't note ACLs changes because it considers file date metadata\n\n!!!ditto\nditto copies ACLs\nditto has no way of specifiying "newer" files or changes to a file\n\n!!!psync\npsync doesn't copy ACLs, so its moot\n\n!!!rsync\nrsync -E qualifier always force copies ACLs and other EA regardless of changes, but has other issues\n\n!!!tar\nCan't deterimine changes in ACLs unless date also changes
In OS X 10.5 and 10.6 (Leopard and Snow Leopard) you can flush (and manage) Directory Service's cache using dscacheutil:\n\n{{{\n# dscacheutil -flushcache\n}}}\n\nLikewise you can use it to view cache statistics:\n{{{\n$ dscacheutil -statistics\nOverall Statistics:\n Average Call Time - 0.005461\n Cache Hits - 33380\n Cache Misses - 70783\n Total External Calls - 59683\n\nStatistics by procedure:\n\n Procedure Cache Hits Cache Misses External Calls\n ------------------ ---------- ------------ --------------\n getpwnam 1712 155 1867\n getpwuid 11308 574 11882\n getgrnam 175 187 362\n getgrgid 81 265 346\n getservbyname 19490 757 79\n getservbyport 0 122 122\n getprotobyname 265 54 319\n getfsent 0 0 475\n getnetbyaddr 15 23 38\n gethostbyname 334 24125 290\n gethostbyaddr 0 19728 19728\n gethostbyname_service 0 0 24169\n _flushcache 0 0 6\n\n}}}\n\nThe man page and usage provide more details.
On Mac OS X 10.4 and greater DNS resolution performed by sytsem routines are handled as part of Open Directory's Directory Services. To flush the DNS and Directory Services cache for each of the versions of Mac OS X:\n\n* 10.4: \n{{{\n# lookupd -flushcache\n}}}\n* 10.5: \n{{{\n# dscacheutil -flushchache\n}}}\n* 10.6: Restart mDNSResponder, which will also dump cache to /var/log/system.log\n{{{\n# killall -HUP mDNSResponder\n}}}\n
Formmail is a very popular script for sending a form via email. However it's also very popular with spammers who may hijack the script for nefarious purposes. \n\nOne alternative is http://web.mit.edu/wwwdev/cgiemail/
We've found that nothing handles inbound SMTP mail better than Exim, a Mail Transport Agent, that provides very robust ACLs and embeded Perl support for, among other things, anti-spam and ant-viral rejection. With exim we can stop spam, viruses, and inappropriate/unwanted content from ever even getting accepted into your systems, dropping spammers dead. While SpamAssassin and ClamAV can provide good anti-spam and virus filtering, the messages must first be accepted from the spammer or malicious user. Why not just refuse them up front? Exim can also make further inteligent decisons about what servers it will speak to, for whom it will relay, and how to route messages. As such it can act as a front end to departmental mail servers or for mail server clusters. Exim front ends can be run on the same server as your current SMTP mail server, or on a separate system. The front end acts as your mail gateway from the world. \n\nPricing starts at $295
[[Western Telematic Inc | http://www.wti.com/]] offers a RS-232 [[GSM Cellular Modem|http://www.wti.com/crm.htm]] prefectly designed for use in remote OOB [~Out-Of-Band] access to CoLocation facilities or telco closets. Now no landlines are required. Such a modem can be attached to the serial port on remote power switches, console servers, etc. The modem also features DTR dialout, so RS-232 equipment can call out in an emergency or any time DTR goes low/high. A standard antenna connector is provided so that an external or outdoor antenna can be connected (a "rubber ducky" antenna is included.)\n\n[[Western Telematic Inc | http://www.wti.com/]] additonaly offers remote power switches, serial console servers, and a rather full featured secure, rack mounted POTS modem that can handle up to 100 different passwords with callback assignments and audit trails.
#[[Let's Talk ACLs]]
Take a look at our AFP tuning articles and the Apple KB one.\n<http://www.afp548.com/article.php?story=20060329213629494>\n\nAlso 10.4.7 Server Universal has a significantly improved AFP server.\n<http://www.afp548.com/article.php?story=20060905144209269>\n\n
We were pioneers in HA computing both with applications and Internet servers. Our team can help you assess the technical and financial impacts of high availability computing. Whether you're looking for Failover Systems, Load Balancing, clusters, or farms, you can benefit from our expertise. We can assist you in defining and implementing the correct levels of availability to meet your critical business needs. \n\nBring your Internet server beyond problematic round-robin assignments to true high-availablity. \n\n
Traditionally an Internet based system has the concept of aa hostname. A Mac OS X system has several names; computer name, hostname, and local host name.On Mac OS X Server these are of particular concern. \n\nYou can view these in System Preferences or using scutil: \n{{{\nscutil --get HostName\nscutil --get LocalHostName\nscutil --get ComputerName\n}}}\n\nHostname is the traditional hostname that an Internet system uses to identify itself. It is normally set on OS X in /etc/hostconfig or in OS X Server it's determined from a PTR DNS lookup. \n\nLocal Host Name is the name the host will broadcast using Bonjour/zeroconfig.\n\nComputerName is the Apple name used for things like AppleShareIP.
A [[conceptual diagram|http://iwiring.net/networkarchitectures/layered_services.pdf]] showing how services get implemented as layers in a systems architecture.
!Background\nCore dumps are helpful in debugging problems with applications, especially those running in the BSD environment such as daemons and servers. With core dumps enable applications that crash will dump their 'core', their in memory state, so that further debugging can occur. Additionally running applications can sent the ABRT signal using `kill` to terminate and dump their core. Once the core has been dumped, it can be examined using tools like otool and gdb. \n\nCores are dumped to /etc/cores\n\nSince core dumps can be large (the memory state of the running process) care should be taken to assure that they do not overfill the system disk.They should be regularly purged. \n\n!Pre-Tiger\nPrior to Mac OS X Tiger (10.4) you enabled core dumps by adding the following line to /etc/hostconfig\n{{{\nCOREDUMPS=-YES-\n}}}\n\n!Enabling Core Dumps in Tiger\nTo enable core dumps system wide in Tiger or later add the following line to /etc/launchd.conf:\n{{{\nlimit core unlimited\n}}}\nIf the /etc/launchd.conf file does not exist you may create it. \n\n!Enabling Core Dumps in Teminal or through a shell\nIf you run your program from Terminal or a shell you can enable core dumps you can raise the core dump size limit before launching your program or application\n{{{\n$ ulimit -c unlimited\n$ /Applications/TextEdit.app/Contents/MacOS/TextEdit\n[…]\n}}}
You can combing multiple PDF documents into one using GhostScript (which is included as part of Mac OS X and NeXtStep).\n{{{\ngs -dBATCH -dNOPAUSE -q -sDEVICE=pdfwrite -sOutputFile=finished.pdf file1.pdf file2.pdf\n}}}
James Robertson, managing director of Step Two Designs (an intranet and content management consultancy based in Sydney, Australia) has put together a good overview of how to evaluate a CMS. \n\nhttp://www.steptwo.com.au/papers/kmc_evaluate/\n\n<html><iframe src="http://www.steptwo.com.au/papers/kmc_evaluate/" width=100% height=700"></iframe></html>
When you specify the -E qualifier to Tiger's rsync, it will create a synthetic file for those files without Extended Attributes. Since this "file" is newly created, it carries the current time. This results in the modification times being updated. This can be problematic. Likewise when --delete is used with -E the synthetic file on the target is unlinked, but doesn't exist, generating an error. \n\nThis is supposedly a patch to fix these issues . However it doesn't suppport Extended Attributes from the Attributes B-Tree such as ACLs so its use is rather limited, since that is a primary reason for using the qualifier. Those just looking to preserve Resource Forks (which are Extended Attributes but are not stored in the Atrributes B-Tree) may find the patch useful.\n\nUse of rsync is not recommened in general since it does not properly clone all file metadata. \n\nhttp://www.lartmaker.nl/rsync/
Load averages represent the number of active processes on your system. \n\nHow this is calculated is covered in an arcticle at http://www.teamquest.com/resources/gunther/display/5/index.htm\n\n<html><iframe src="http://www.teamquest.com/resources/gunther/display/5/index.htm" width=100% height=700"></iframe></html>
Mac OS X uses file metadata and an exclusion list to determine which files to exclude in Time Machine Backups. \n\nThe following will display files with this metadata set:\n{{{\nmdfind "com_apple_backup_excludeItem = 'com.apple.backupd'"\n}}}\n\nIn addition the plist at {{{/System/Library/CoreServices/backupd.bundle/Contents/Resources/StdExclusions.plist}}} lists files and paths which should be excluded explicitly. In some cases paths must be maintained but the content in those paths may be omitted and are so listed.
Execute the following:\n\n{{{\nlsof | grep VREG | cut -d / -f 2- | awk '{print "du -kd0 \s"/" $0 "\s""}' > /tmp/whatsopenhowbig ; bash /tmp/whatsopenhowbig | sort -r -n ; rm /tmp/whatsopenhowbig \n}}}\n\nThis is often useful for finding that troublesome file that seems to be eating up all the disk space, presuming it's open and constantly being written.
!Problem\nYou want to further restrict spam using techniques beyond blacklists. You also want to reduce or eliminate having to rely on other mechanisms like SpamAssassin. \n\n!Solution\nUse postfix's built in mechanisms to restrict mail. Sender Address Verification is particularly effective since it will check to see if the supposed sender is actualluy capable of accepting mail.\n\nFurther reading:\nhttp://www.postfix.org/uce.html\nhttp://www.postfix.org/ADDRESS_VERIFICATION_README.html
[>img[http://staff.cofa.unsw.edu.au/~nigelkersten/siradmin/SirAdminSmall.png]]\nWhile cyradm is the canonical tool, Nigel Kersten has written a rather nifty little utility for OS X Tiger that handles these tasks with a nice GUI. From Nigel's blog he states that it:\n\n<<<\n[It] allows you to create, rename, delete and reconstruct mailboxes, and also allows you to set Access Control Lists for IMAP mailboxes. This is perhaps the most useful function, in that as an admin you can create globally shared mailboxes, or as a user you can choose to share out parts of your IMAP mailbox hierarchy with other users. It also gives you an easy interface to be able to configure "plus addressing", where you can send emails to postuser+aSharedMailbox@your.mail.doman and have them be delivered directly to a particular mailbox, rather than to the inbox of a particular user.\n<<<\n\nSee: http://blogs.cofa.unsw.edu.au/blog/nigelkersten/osxserver/?permalink=SirAdmin-a-GUI-replacement-for-cyradm.html&smm=y
Delete {{{/var/db/.AppleSetupDone}}}
You can disable the Finder's writing of .DS_Store files to network volumes by toggling the DSDontWriteNetworkStores property of Desktop Services. \n{{{\ndefaults write com.apple.desktopservices DSDontWriteNetworkStores true\n}}}
!!Problem\nYou want Mail.app to always display messages as text.\n\n!!Solution\n{{{\ndefaults write com.apple.mail PreferPlainText -bool TRUE\n}}}\n
See http://www.schwie.com/brad/macosxsftpchroot/\n\n<html><iframe height="500px" width="100%" src="http://iwiring.net/snarfed/www.schwie.com/brad/macosxsftpchroot/index.html"></iframe></html>
Use SetFile from the command line:\n{{{\n/Developer/Tools/SetFile -t "TEXT" -c "R*ch" myfile\n}}}\n\nThis can also be done in Perl:\n{{{\n#!/usr/bin/perl\nuse strict;\nuse warnings;\nuse MacPerl;\nMacPerl::SetFileInfo("R*ch", "TEXT", @ARGV);\n}}}
Use a remote power switch to provide OOB power management. These typically come with either serial a (RS-232) connection or with built in modems. One such example of is [this|http://www.wti.com/rps-10.htm] single outlet switch that can also act as a master for additional daisy chained units. More common are multi-outlet units that provide control to each outlet. \n\nAnother, lower cost, alternative, is to use X10 power modules. These were designed for controlling appliances and lights in the home and operate by signalling from a master controller through the power grid in the building to the switch modules themselves. They're available at places like http://www.x10.com/home.html.
You can use pwpolicy to change or reset a users password:\n{{{\npwpolicy -a pws_admin -u username -setpassword newpassword\n}}}\n\nLikewise you can use pwpolicy for setting password policies, like its name implies:\n{{{\npwpolicy -a pws_admin -setglobalpolicy "minChars=6 usingHistory=4 requiresNumeric=1 maxMinutesUntilChangePassword=43200"\npwpolicy -a pws_admin -p pws_admin_password -u username -setpolicy"newPasswordRequired=1"\npwpolicy -n /NetInfo/DefaultLocalNode -a admin -setglobalpolicy "minChars=8 requiresNumeric=1 requiresAlpha=1 maxFailedLoginAttempts=5"\n}}}\n\nSee the man page for more.
Ben Low writes with the following hint to the OmniGroup's OSX Admin mailing list:\n\nI wished to configure ARD's VNC server from the command line (as have others: http://lists.apple.com/archives/remote-desktop/2005/Mar/msg00121.html)\n\nPartial information is provided at http://docs.info.apple.com/article.html?artnum=108030 - this concerns setting up ARD itself, and does not touch on VNC.\n\nFrom the kickstart script's verbose help, I found that:\n{{{\n$ sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -help\nkickstart -- Quickly uninstall, install, activate, configure, and/or restart\n components of Apple Remote Desktop without a reboot.\n...\n -clientopts\n -setmenuextra -menuextra yes\n -setdirlogins -dirlogins yes\n -setdirgroups -dirgroups ardadmin,ardinfo\n -setreqperm -reqperm no\n -setvnclegacy -vnclegacy yes\n -setvncpw -vncpw \nFB842344CE89E9E9AA99889233864DDA\n -setwbem -wbem no\n}}}\ni.e. this does the trick:\n{{{\nusers="myadmin"\nsudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \s\n-activate -configure -access -on -users "$users" -privs -all -restart -agent -menu -clientopts -setvnclegacy \s\n-vnclegacy yes -setvncpw -vncpw "$password"\n}}}\nThe only question then is, what is $password? Through experimentation I found that at least for 10.4, ARD's VNC 'vncpw' argument is simply the password truncated to 8 characters and XORd with a 16 character fixed key (1734516E8BA8C5E2FF1C39567390ADCA), in hex. i.e.\n{{{\n$ perl -nwe 'BEGIN { @k = unpack "C*", pack "H*", "1734516E8BA8C5E2FF1C39567390ADCA"}; chomp; s/^(.{8}).*/$1/; @p = unpack "C*", $_; foreach (@k) { printf "%02X", $_ ^ (shift @p || 0) }; print "\sn"'\nhello\n7F513D02E4A8C5E2FF1C39567390ADCA\n^D\n}}}\n\nA perhaps simpler alternative is to copy the file {{{/Library/Preferences/com.apple.VNCSettings.txt}}} from a system where the plaintext password is known. However that approach does not lend itself to 'bulk' deployments.\n\n----\nBen Low\nSecurity Architect\nUNSW IT Services\np:02 9385 1139 m:0414 385 192\n\n96.37% of all statistics are made up.\n
Spotlight is controlled using the {{{mdutil}}} command. \n\nSee it's man page for usage.
!Problem\nYou want to run ssh under OS X but don't want to accept ssh connections over Bonjour (e.g. `ssh user@myhost.local`.)\n\n!Solution\nRemove or comment out the following lines from /System/Library/LaunchDaemons/ssh.plist:\n{{{\n  <key>Bonjour</key>\n <array>\n <string>ssh</string>\n <string>sftp-ssh</string>\n </array>\n}}}
By enabling lookupd debugging you can trace down issues with poor namespace lookups. These often result in poor login performance, delays in accessing resources or hosts, and other delays or timeouts relating to DNS and Directory Services. \n\nSee lookupd's man page for complete information. \n\n!!Enabling\nAs root, in netinfo create Debug and Trace properties for /config/lookupd. While you can use NetInfo Manager, this is easier to explain using dscl:\n{{{\n# dscl . create /dsRecTypeStandard:Config/lookupd Debug YES\n# dscl . create /dsRecTypeStandard:Config/lookupd Trace YES\n}}}\nIncrease syslog verbosity for netinfo messages so that we log them:\n{{{\n# cp /etc/syslog.conf /etc/syslog.conf-bak\n# sed 's/netinfo.err/netinfo.debug/' /etc/syslog.conf-bak | cp /dev/stdin /etc/syslog.conf\n}}}\nAsk syslog and lookupd to re-read their config files:\n{{{\n# kill -HUP `cat /var/run/syslog.pid\n# kill -HUP `cat /var/lookupd/pid`\n}}}\n\n!!Disabling\nBasically undo the changes by restoring the original syslog config and removing the netinfo property for lookupd. Then HUP both. \n{{{\n# dscl . delete /de/RecTypeStandard:Config/lookupd\n# mv /etc/syslog.conf-bak /etc/syslog/conf\n# kill -HUP `cat /var/run/syslog.pid`\n# kill -HUP `cat /var/run/lookupd.pid`\n}}}
From Apple TechNote TN2124 (Mac OS X Debugging Magic):\n\nIf you append a "-d" to the Command property in {{{/etc/mach_init.d/diskarbitrationd.plist}}} and then restart, Disk Arbitration will log detailed information about its activities to /var/log/diskarbitrationd.log.
Use fsaclctl:\n{{{\nusage: fsaclctl -p path | -a [-e enable] [-d disable] [-v]\n -p path to filesystem mount point\n -a operate on all relevant volumes\n -e enable access control lists on this filesystem\n -d disable access control lists on this filesystem\n -v print version \n}}}
The ServerAdmin clinet application has a debugging mode. It can be enabled by setting the UseDebugMenu property.\n{{{\ndefaults write com.apple.serveradmin UseDebugMenu YES\n}}}
Determine the OD slot ID of the user in question using mkpassdb or WGM\n\n[img[http://a248.e.akamai.net/7/248/51/3031971148599529/www.info.apple.com/images/kbase/303197/303197_1.jpg]]\n\n{{{\n# mkpassdb -dump\nsignature: pwfi\nversion: 1\nentrySize: 0\nsequenceNumber: 14\nnumberOfSlotsCurrentlyInFile: 512\ndeepestSlotUsed: 14\ndeepestSlotUsedByThisServer: 14\n\nAccess Features:\nusingHistory=0 canModifyPasswordforSelf=1 usingExpirationDate=0 usingHardExpirationDate=0 requiresAlpha=1 requiresNumeric=0 expirationDateGMT=4294967295 hardExpireDateGMT=4294967295 maxMinutesUntilChangePassword=0 maxMinutesUntilDisabled=0 maxMinutesOfNonUse=0 maxFailedLoginAttempts=0 minChars=6 maxChars=0 passwordCannotBeName=1 requiresMixedCase=0 newPasswordRequired=0 minutesUntilFailedLoginReset=0 notGuessablePattern=0\nlast modified: 10/17/2005 23:52:34\n\nWeak Authentication Methods:\nSMB-NT\nSMB-LAN-MANAGER\nCRYPT\nAPOP\n\nPublic Key: 1024 35 135855286900038763283186920959873417632950072485591557955048154436154198102033898681587302999923559979564561634671707669271773833747173028441045292587344086939569936749371315075147112745558824473475076300075371159095526164010572774074466014381819513400575009549219098307064663542668239281816737035629736759887 root@yosemite.local\n\n\nReplica Name: (Parent)\n\nslot 0001: 0x00000000000000000000000000000001 diradmin 04/11/2006 06:23:44 PM\nslot 0002: 0x42d2df4413d540470000000200000002 root 05/16/2006 01:35:43 PM\nslot 0003: 0x42d2df5840eb1e320000000300000003 vpn_9bfa453413c0 07/11/2005 05:06:32 PM\nslot 0004: 0x42d31f58111d6bd80000000400000004 dshoop 05/30/2006 02:58:31 PM\nslot 0005: 0x434b420b292efbaf0000000500000005 support 05/29/2006 05:00:52 AM\nslot 0006: 0x434b42480e45f6370000000600000006 dshooptreo 05/28/2006 08:16:51 PM\nslot 0007: 0x434b42844a1f18220000000700000007 dhipster 05/30/2006 02:54:33 PM\nslot 0008: 0x435475ee4009d6420000000800000008 yertle 10/18/2005 12:11:26 AM\nslot 0009: 0x435478690cac53b10000000900000009 tourist 03/21/2006 03:06:48 PM\nslot 0010: 0x4367f0f87137b6d20000000a0000000a mailmgr 11/01/2005 05:49:29 PM\nslot 0011: 0x43b5cda912e2afdc0000000b0000000b healey 03/21/2006 03:06:48 PM\nslot 0012: 0x43c28e5641fab0260000000c0000000c bounce 05/30/2006 02:54:54 PM\nslot 0013: 0x43c5ba746f629c8c0000000d0000000d uptime 03/12/2006 08:34:26 AM\nslot 0014: 0x43e93b597dd143310000000e0000000e dianne 04/19/2006 06:41:19 PM\n}}}\n\nThen running as root use mkpassdb to change the password. \n\n{{{\nmkpassdb -setpassword <slot ID>\n}}}\n\nhttp://docs.info.apple.com/article.html?artnum=303197\n
The folks at Mythic Beasts are specializing in hosting using Linux on the Mac Mini. The have a [[resources page here|http://www.mythic-beasts.com/resources/macmini/]] and a walk through of the [[procedure for sysgen here|http://www.mythic-beasts.com/resources/macmini/walkthrough.html]].
Use nvram to set the boot-command string:\n\n{{{\n# nvram boot-command='" mac-boot" " boot-command" $setenv target-mode'\n}}}
See http://discussions.apple.com/message.jspa?messageID=1247657
Presumably in this case Open Directory means users in the LDAP datastore. Open Directory isn't ''a'' thing or place, but a whole set of possible datastores such as LDAP, NIS, flat files, NetInfo, et cetera.\n\nTo list those stored in LDAP:\n{{{\n# dscl /LDAPv3/ -list /Users RealName\n}}}
{{{\n# dscl . -list /Users\n}}}
!!Problem\nYou want to list the visible WiFi access points from the command line in Mac OS X. These are visible in the Airport icon pull down from the menu bar in the Mac OS X GUI. \n\n!!Solution\nUse the 'airport' private framework tool and {{{-s}}} or {{{--scan}}} qualifier:\n{{{\n/System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport --scan\n}}}\n\n{{{\n$ /System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport --help\nSupported arguments:\n -c[<arg>] --channel=[<arg>] Set arbitrary channel on the card\n -z --disassociate Disassociate from any network\n -I --getinfo Print current wireless status, e.g. signal info, BSSID, port type etc.\n -s[<arg>] --scan=[<arg>] Perform a wireless broadcast scan.\n Will perform a directed scan if the optional <arg> is provided\n -x --xml Print info as XML\n -P --psk Create PSK from specified pass phrase and SSID.\n The following additional arguments must be specified with this command:\n --password=<arg> Specify a WPA password\n --ssid=<arg> Specify SSID when creating a PSK\n -h --help Show this help\n}}}\n\n{{{\n$ /System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport -s\n SSID BSSID RSSI CHANNEL HT CC SECURITY (auth/unicast/group)\n Sandeep 00:23:97:d6:74:77 -94 1 N -- WPA(PSK/TKIP/TKIP) WPA2(PSK/TKIP/TKIP) \n 8085 00:16:ce:02:4c:24 -79 1 N -- WEP\n andrew c0:3f:0e:2a:e4:fe -89 1 Y -- WPA(PSK/AES,TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP) \n EEPCONNECTION 00:23:97:d6:36:49 -95 6 N -- WEP\n Poopaloop 00:14:bf:b4:4c:21 -92 6 N -- WPA(PSK/TKIP/TKIP) \n 09FX11064900 00:23:97:c1:0a:75 -90 6 N -- WEP\n Rob 00:11:50:43:38:ab -91 6 N -- WEP\n lazaro 00:23:97:0e:7c:be -94 6 N -- WEP\n OnyxEagle 68:7f:74:cd:0a:d0 -93 11 Y -- WPA(PSK/AES,TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP) \n dinh 00:22:b0:d1:ae:83 -94 11 N -- WPA(PSK/TKIP/TKIP) \n Mobile 00:1c:b3:af:6c:3c -92 5 Y US WPA(PSK/TKIP/WEP104) WPA2(PSK/AES,TKIP/WEP104) \n talisman.iwiring 00:14:bf:2e:c1:c3 -43 9 N -- WPA(PSK/TKIP/TKIP) WPA2(PSK/TKIP/TKIP) \n Pogi 90:84:0d:d6:1c:8d -86 10 Y US WPA2(PSK/AES/AES) \n Garrett Person's Network 78:ca:39:44:2e:d3 -94 10 Y US WPA2(PSK/AES/AES) \n langlang 00:24:36:ac:dd:4b -93 10 Y US WPA(PSK/TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP) \n Pogi 90:84:0d:d6:1c:8e -89 149,+1 Y US WPA2(PSK/AES/AES) \n\n1 IBSS network found:\n SSID BSSID RSSI CHANNEL HT CC SECURITY (auth/unicast/group)\n airportthru 66:2a:2f:53:7c:99 -84 10 N -- NONE\n\n}}}\n\nYou can also use this to get the BSSID for the SSID your connected to, noise level, and transmission rates. The latter can be useful in determining if poor network performance is due to WiFi signal strength and rates. \n{{{\n$ /System/Library/PrivateFrameworks/Apple80211.framework/Resources/airport --getinfo\n agrCtlRSSI: -43\n agrExtRSSI: 0\n agrCtlNoise: -96\n agrExtNoise: 0\n state: running\n op mode: station \n lastTxRate: 48\n maxRate: 54\nlastAssocStatus: 0\n 802.11 auth: open\n link auth: wpa2-psk\n BSSID: 0:01:02:03:04:05\n SSID: xyzzy\n MCS: -1\n channel: 9\n}}}
Set to TDM:\nnvram boot-command=target-mode\n\n...and back:\nnvram boot-command=mac-boot
Boot into single user mode and then:\n\n{{{\n% mount -uw /\n% nicl -raw /var/db/netinfo/local.nidb create /users/root passwd `openssl passwd newr00tpass`\n% reboot\n}}}\n\nThe above will replace the root password in NetInfo with a standard 'crypt' style password. For good measure after rebooting reset it using an appropriate tool to a shadow password.
!How To Articles\n<<tagging HowTo>>
<<tagging humor>>
A Mac OS X application windows will display a "spinning beachball" when it is in a blocking wait state. These most often not hangs, even though control-click of the appilcation in the Dock may say "Application Not Responding". While true that the application may not be responding to new events at this time, that doesn't mean it's hung, just that it's blocking new requests at this time. Durring these blocks it won't respond until either the application is sent a TERM or KILL signal, or the wait completes. These waits are often lengthy file or network I/O operations. In these cases you should just wait for the request(s) to complete, eventually.\n\nOne common application that often get's in such states is Mail.app.\n\nYou can tell that the application isn't actually hung by observing it in the following tools:\n* Spin Control – will not display any "Detected Hangs"\n* sc_usage will demonstrate the actual calls getting completed, show quantums scheduled, etc\n
Internet architectures are a core-competency. \n\niWiring excels at design and implementation of Internet systems and networks of all sizes and purposes. We've designed hosting company servers and networks, nation-wide ISPs, wireless network infrastructures, e-comerce environments, business Intra and Internets, and online publishing systems for clients such as National Broadband, Sesame Street, Parade Magazine, Campmor, brick and mortar commerce, music recording artists and many others. \n\nWe also provide auditing, review and recommendations for existing Internet endeavors, often saving our clients from potential pitfalls before they become problems and improving network stability and availability.\n\nContact us directly for how we can assist with your specific projects.
http://weblog.infoworld.com/enterprisemac/archives/2006/08/is_windows_inhe.html\n\nTom Yeager blogs about why he thinks Windows is insecure. My response to him is below. \n\n-----\n\n!Is Windows inherently more vulnerable to malware attacks than OS X?\nAugust 22, 2006\n\n^^Filed under: Design and engineering , Politics, strategy and culture , Software^^\n^^[the only trolling here is being perpetrated by those sending people here to be outraged]^^\n\nIt took an attack on a Windows production server, not devotion to Apple, to put that provocative title on this entry.\n\nOn August 13 at 3:04 AM, a Windows server that I've been running for all of two weeks--it just replaced an Xserve G5--was attacked by a new strain of malware. This worm/trojan/backdoor/proxy/IRCbot/DDOS agent shared some characteristics with a known exploit, but it went well beyond what was described. I believed at the time of the infection, and even more strongly now, that this exploit's latent damage potential has been underestimated. I view the terse and vague update [[on the CERT site|http://www.us-cert.gov/current/current_activity.html#pcmss]] regarding the less tenacious strain of this beast with a sense of foreboding.\n\nThe attack I encountered occasioned a re-examination of a common question: Is Windows more vulnerable to malware than OS X? I've encountered no clearer or more definitive proof point than this attack. To set the stage, I'll describe the malware's methods. The only victim requirement is that a Windows system--client or server from 2000 and XP on up, 32 and 64-bit--be on an Internet-accessible IP address and listening for socket requests to the Windows Server service. The attacker connects to the Windows Server service, overflows a fixed-length buffer and tricks the service into executing code contained in a portion of the buffer. The attack edits the Registry to turn off the Windows firewall and packet filter, disables notifications that you're running with reduced security, and opens your system to anonymous access. It then uses the Registry to insert plant a pair of Windows services that run with SYSTEM privileges. Processes owned by that pseudo-user can literally do anything, unchecked, to the local machine. The malware services launch and announce your exploited system's presence via IRC and IM. After that, an IRC bot or (sub)human driver can make your system do whatever it wants, including making it a nest for more malware. In my case, it was so eager to scan the Internet for other systems to infect that it locked my server's CPUs at 100 percent and gave itself away.\n\nTo nail itself in place, two services watch for and regenerate each other even if their files are deleted. The malware adds an entry to Administrator's login script, and it watches for a privileged invocation of Windows Explorer (like Finder) and attaches a malicious thread to that.\n\nI've been giving it great deal of thought, and I came up with a reasons pointing to the likelihood that Windows is at greater risk of catastrophic attacks. It's not easy reading, but it was either this dense packing or a book-length blog post.\n\n* All Windows background processes/daemons are spawned from a single hyper-privileged process and referred to as services. \n* By default, Windows launches all services with SYSTEM-level privileges. \n* SYSTEM is a pseudo-user (LocalSystem) that trumps Administrator (like UNIX's root) in privileges. SYSTEM cannot be used to log in, but it also has no password, no login script, no shell and no environment, therefore \n* The activity of SYSTEM is next to impossible to control or log. \n* Most of the code running on any Windows system at a given time is related to services, most or all of which run with SYSTEM privileges, therefore \n* Successful infection of running Windows software carries a good chance of access to SYSTEM privileges. \n* Windows buries most privileged software, service executables and configuration files in a single, unstructured massive directory (SYSTEM32) that is frequently used by third parties. Windows will notify you on an attempt to overwrite one of its own system files stored here, but does not try to protect privileged software. \n* Microsoft does not sign or document the name and purpose of the files it places in SYSTEM32. \n* Windows has no equivalent to OS X's bill of materials, so it cannot validate permissions, dates and checksums of system and third-party software. \n* Windows requires that users log in with administrative privileges to install software, which causes many to use privileged accounts for day-to-day usage. \n* Windows requires extraordinary effort to extract the path to, and the files and TCP/UDP ports opened by, running services, and to certify that they are valid. \n* Microsoft made it easy for commercial applications to refuse a debugger's attempt to attach to a process or thread. Attackers use this same mechanism to cloak malware. A privileged user must never be denied access to a debugger on any system. My right to track down malware on my computers trumps vendors' interests in preventing piracy or reverse-engineering. Maintaining that right is one of the reasons that open source commercial OS kernels are so vital. \n* Access to the massive, arcane, nearly unstructured, non-human-readable Windows Registry, which was to be obsolete by now, remains the only resource a Windows attacker needs to analyze and control a Windows system. \n* Another trick that attackers learned from Microsoft is that Registry entries can be made read-only even to the Administrator, so you can find an exploit and be blocked from disarming it. \n* Malicious code or data can be concealed in NTFS files' secondary streams. These are similar to HFS forks, but so few would think to look at these. \n* One of the strongest tools that Microsoft has to protect users from malware is Access Control Lists (ACLs), but standard tools make ACLs difficult to employ, so most opt for NTFS's inadequate standard access rights.\n\nWhy this can't happen under OS X:\n\n* OS X has no user account with privileges exceeding root. \n* Maximum privilege is extended only to descendants of process ID 1 (init or Darwin's launchd), a role that is rarely used and closely scrutinized. \n* Unlike services.exe, launchd executes daemons and scheduled commands in a shell that's subject to login scripts, environment variables, resource limits, auditing and all security features of Darwin/OS X. \n* Apple's daemons have man pages, and third parties are duty-bound to provide the same. Admins also expect to be able to run daemons, with verbose reporting, in a shell for testing. \n* OS X Man pages document daemons' file dependencies, so administrators can easily rework file permissions to match daemons' reduced privileges. \n* Launchd can tripwire directories so that if they're altered unexpectedly, launchd triggers a response. \n* If an attacker takes over a local or remote console, any effort to install software or alter significant system settings cannot proceed without entering the administrator's user name and password, even if the console is already logged in as a privileged user. In other words, even having privileges doesn't ensure that even an inside hacker can arrange to keep them. \n* OS X has a single console and a single system log, both in plain text. \n* OS X's nearest equivalent to the Registry is Netinfo, but this requires authentication for modification. In later releases of OS X, it is fairly sparse. \n* Applications have their own per-user and system-wide properties files, private Registries if you like, stored in human-readable files in standard locations. \n* Every installed file is traceable to a bill of materials that can verify that the file is meant to exist, and that it and all of its dependencies match their original checksums. Mac users, back up and protect your Receipts folder! \n* The directories used to hold OS X's privileged system executables are sacred. Anything new that pops up there is immediately suspect. \n* OS X does not require that a user be logged in as an administrator to install software. The user or someone aiding the install needs to know the name and password of a local administrative user to complete the install. On a network, most software is installed using Remote Desktop, an inexpensive Systems Management Server-like console. \n* The UNIX/POSIX API, standard command-line tools and open source tools leave malware unable to hide from a competent OS X administrator. It takes a new UNIX programmer longer to choose an editor than it does to write a console app that walks the process tree listing privileged processes. Finding the owners of open TCP/UDP ports or open files is similarly trivial. The "system" is not opaque. \n* Basic OS X features can be put to use to make life miserable for malware. For example, Windows' hackable restore points are done better by OS X's ability to create encrypted, read-only disk images. They're simpler than archives, and you can mount them as volumes anywhere in your file hierarchy. \n* Likewise, OS X Server will image any Mac client or server's local drives and maintain safe copies that can be used not only for restoration, but which can be booted from to guarantee that there's no trace of infection. \n* When erase-and-reinstall is the only way to be sure, OS X Server automates it. It can safely capture the affected Mac's active drives before having that Mac boot from the fresh install image.\n\nSo, after all this, do I have enough to judge Windows inherently more vulnerable to severe malware than OS X? I do.\n\nI've been writing about these shortcomings for years, and it always traces back to Microsoft's untenable policy of maintaining gaps in Windows security to avoid competing with 3rd party vendors and certified partners. Apple's taking a different approach: What users need is in the box: Anti-virus, anti-spam, encryption, image backup and restore, offsite safe storage through .Mac, and launchd. Pretty soon any debate with Microsoft over security can be ended in one round when Apple stands up, says "launchd," and sits back down.\n\nPosted by Tom Yager on August 22, 2006 10:27 PM \n\n!Response by Dan Shoop\n\nTo: tom_yager@infoworld.com\nFrom: Dan Shoop <shoop@iwiring.net>\nSubject: Re: "Is Windows inherently more vulnerable to malware attacks than OS X?"\n\nTom,\n\nNo this isn't a hyperbic response to your article. Nor will I try to correct a couple of slight technical inaccuracies on the Mac side of your piece.\n\nWhat I wanted to write to you about was the disservice that MSFT has caused to the industry. We now have IT professionals who believe that no system can ever be immune to a virus, despite the fact that most computer scientists will tell you that this as an engineering issue. After all it's the purpose of real OSen to protect the system from bad code, faults and traps, and damage that could be caused either accidentally, unintentionally, or maliciously by a user. \n\nWhile there's never going to be a solution to malware like trojans, that rely on the stupidity of those who unwittingly execute them in, even more stupidly, privileged environments, this myth that computers *must* always somehow be susceptible to attack is in itself a harmful meme and worthy of discussion in an article. FUD are strong influencers and Mac "antivirus" software currently snake-oil. While scanning for the null set of current Mac viruses is an exercise in futility, the sw itself can be more harmful than the disease chimaera. Need I mention theh vulnerabilities and exploits made possible by several popular AV software packages?\n\nYet users and IT professionals today seem intent on believing that there can be no such thing as immunity to viruses or strong OS protection to mitigate any potential maliciousness on their systems. This is despite the fact that many of these same people work in datacenters where mainframe and supermini OSen have been addressing this very issue for ages and they've never given much thought of running anti-viral software on such iron. \n\nThe notion that these platforms, like the Mac, are fewer and therefore remain untargeted is patently false. These systems are commonly targeted because of their high profile. Likewise if it was a matter of numbers then we'd see a proportionate level of virus infections rampant on Linux and other systems commensurate with their installed base. Yet we don't. \n\nSo the answer solidly comes back to what Redmond is doing, or actually failing to do, in their product. Why hasn't corporate America taken stance against this? Why haven't activist attorney's started suing MSFT for the costs borne by AV software and the damages done to their systems that Windows permits?\n\nI also wanted to bring to your attention the following rather good write up that address the heart of the very matter, an article entitled "But That's Just My Opinion. I Could Be Wrong." by Rick Moen http://linuxmafia.com/~rick/faq/index.php?page=virus\n\nI hope you take the time to read the above and hope you continue to point out the true "cost" of running any OSen that permit such malware to run rampant. \n\nRegards,\n\n-dhan\n
!Mac OS X Debugging Magic\nApple TechNote #2124, "Mac OS X Debugging Magic", describes various debug facilities available on Mac OS X and some tricks for obtaining all sorts of debug info. \n\nhttp://developer.apple.com/technotes/tn2004/tn2124.html\n\n!CrashReporter\nApple TechNote #2123 describes using CrashReporter and how to analyze a crash. \n\nhttp://developer.apple.com/technotes/tn2004/tn2123.html\n
!How\nThe folks at Mythic Beasts have managed to get the Linux kernel booting from a ext2 partition or via tftp. They explain the issues -- namely with the boot loader, patches for the kernel to support the hardware, a patch to use the CMOS clock instead of reading the EFI runtime services, a patch to allow setting of the screen resolution for te nvidia graphics, a patch for the remote, and a patch for audio -- [[here|http://www.mythic-beasts.com/resources/appletv/]].\n\nInstallation instructions for the bootloader are [[here|http://www.mythic-beasts.com/resources/appletv/mb_boot_tv/]] and a quickstart is [[here|http://www.mythic-beasts.com/resources/appletv/walk-through.html]].\n\n!Why\nThe AppleTV is about half the cost and draws about half the power of an Apple Mac Mini making it the most efficient machine Apple produces for runing Linux. \n
[>img[Insanity Hot Sauce|http://www.davesgourmet.peachhost.com/ct_idagshs.JPG]]Ben Levy write to elbows:\n\n//The makers of Dave's Insanity Hot Sauce have come out with "Garden\nSpray and Hot Sauce" in a pump bottle, you can spray it on your plants\nto keep away deer and rabbits or you can spray it on your food. They\ndon't say if you can use it as a floor wax.//\n\nhttp://www.davesgourmet.peachhost.com/ct_PRdagshs.htm\n\n
{{{\nKNOW YOUR UNIX SYSTEM ADMINISTRATOR-- A FIELD GUIDE\n\nThere are four major species of Unix sysad:\n\n1) The TECHNICAL THUG. Usually a systems programmer who has been\nforced into system administration; writes scripts in a polyglot of the\nBourne shell, sed, C, awk, perl, and APL.\n\n2) The ADMINISTRATIVE FASCIST. Usually a retentive drone (or rarely,\na harridan ex-secretary) who has been forced into system\nadministration.\n\n3) The MANIAC. Usually an aging cracker who discovered that neither\nthe Mossad nor Cuba are willing to pay a living wage for computer\nespionage. Fell into system administration; occasionally approaches\nmajor competitors with indesp schemes.\n\n4) The IDIOT. Usually a cretin, morpohodite, or old COBOL programmer\nselected to be the system administrator by a committee of cretins,\nmorphodites, and old COBOL programmers.\n\nHOW TO IDENTIFY YOUR SYSTEM ADMINISTRATOR:\n\n---------------- SITUATION: Low disk space. ----------------\n\n TECHNICAL THUG: Writes a suite of scripts to monitor disk\nusage, maintain a database of historic disk usage, predict future disk\nusage via least squares regression analysis, identify users who are\nmore than a standard deviation over the mean, and send mail to the\noffending parties. Places script in cron. Disk usage does not\nchange, since disk-hogs, by nature, either ignore script-generated\nmail, or file it away in triplicate.\n\n ADMINISTRATIVE FASCIST: Puts disk usage policy in motd. Uses\ndisk quotas. Allows no exceptions, thus crippling development work.\nLocks accounts that go over quota.\n\n MANIAC:\n# cd /home\n# rm -rf `du -s * | sort -rn | head -1 | awk '{print $2}'`;\n\n IDIOT:\n# cd /home\n# cat `du -s * | sort -rn | head -1 | awk '{ printf "%s/*\sn", $2}'` | compress\n\n---------------- SITUATION: Excessive CPU usage. ----------------\n\n TECHNICAL THUG: Writes a suite of scripts to monitor\nprocesses, maintain a database of CPU usage, identify processes more\nthan a standard deviation over the norm, and renice offending\nprocesses. Places script in cron. Ends up renicing the production\ndatabase into oblivion, bringing operations to a grinding halt, much\nto the delight of the xtrek freaks.\n\n ADMINISTRATIVE FASCIST: Puts CPU usage policy in motd. Uses\nCPU quotas. Locks accounts that go over quota. Allows no exceptions,\nthus crippling development work, much to the delight of the xtrek\nfreaks.\n\n MANIAC:\n# kill -9 `ps -augxww | sort -rn +8 -9 | head -1 | awk '{print $2}'`\n\n IDIOT:\n# compress -f `ps -augxww | sort -rn +8 -9 | head -1 | awk '{print $2}'`\n\n---------------- SITUATION: New account creation. ----------------\n\n TECHNICAL THUG: Writes perl script that creates home\ndirectory, copies in incomprehensible default environment, and places\nentries in /etc/passwd, /etc/shadow, and /etc/group. (By hand, NOT\nwith passmgmt.) Slaps on setuid bit; tells a nearby secretary to\nhandle new accounts. Usually, said secretary is still dithering over\nthe difference between 'enter' and 'return'; and so, no new accounts\nare ever created.\n\n ADMINISTRATIVE FASCIST: Puts new account policy in motd.\nSince people without accounts cannot read the motd, nobody ever\nfulfills the bureaucratic requirements; and so, no new accounts are\never created.\n\n MANIAC: "If you're too stupid to break in and create your own\naccount, I don't want you on the system. We've got too many goddamn\nsh*t-for-brains a**holes on this box anyway."\n\n IDIOT:\n# cd /home; mkdir "Bob's home directory"\n# echo "Bob Simon:gandalf:0:0::/dev/tty:compress -f" > /etc/passwd\n\n---------------- SITUATION: Root disk fails. ----------------\n\n TECHNICAL THUG: Repairs drive. Usually is able to repair\nfilesystem from boot monitor. Failing that, front-panel toggles\nmicrokernel in and starts script on neighboring machine to load binary\nboot code into broken machine, reformat and reinstall OS. Lets it run\nover the weekend while he goes mountain climbing.\n\n ADMINISTRATIVE FASCIST: Begins investigation to determine who\nbroke the drive. Refuses to fix system until culprit is identified\nand charged for the equipment.\n\n MANIAC, LARGE SYSTEM: Rips drive from system, uses\nsledgehammer to smash same to flinders. Calls manufacturer, threatens\npets. Abuses field engineer while they put in a new drive and\nreinstall the OS.\n MANIAC, SMALL SYSTEM: Rips drive from system, uses ball-peen\nhammer to smash same to flinders. Calls Requisitions, threatens pets.\nAbuses bystanders while putting in new drive and reinstalling OS.\n\n IDIOT: Doesn't notice anything wrong.\n\n---------------- SITUATION: Poor network response. ----------------\n\n TECHNICAL THUG: Writes scripts to monitor network, then\nrewires entire machine room, improving response time by 2%. Shrugs\nshoulders, says, "I've done all I can do," and goes mountain climbing.\n\n ADMINISTRATIVE FASCIST: Puts network usage policy in motd.\nCalls up Berkeley and AT&T, badgers whoever answers for network\nquotas. Tries to get xtrek freaks fired.\n\n MANIAC: Every two hours, pulls ethernet cable from wall and\nwaits for connections to time out.\n\n IDIOT:\n# compress -f /dev/en0\n\n---------------- SITUATION: User questions. ----------------\n\n TECHNICAL THUG: Hacks the code of emacs' doctor-mode to answer\nnew users questions. Doesn't bother to tell people how to start the\nnew "guru-mode", or for that matter, emacs.\n\n ADMINISTRATIVE FASCIST: Puts user support policy in motd.\nMaintains queue of questions. Answers them when he gets a chance,\noften within two weeks of receipt of the proper form.\n\n MANIAC: Screams at users until they go away. Sometimes\nbarters knowledge for powerful drink and/or sycophantic adulation.\n\n IDIOT: Answers all questions to best of his knowledge until\nthe user realizes few UNIX systems support punched cards or JCL.\n\n---------------- SITUATION: *Stupid* user questions. ----------------\n\n TECHNICAL THUG: Answers question in hex, binary, postfix,\nand/or French until user gives up and goes away.\n\n ADMINISTRATIVE FASCIST: Locks user's account until user can\npresent documentation demonstrating their qualification to use the\nmachine.\n\n MANIAC:\n# cat >> ~luser/.cshrc\nalias vi 'rm \s!*;unalias vi;grep -v BoZo ~/.cshrc > ~/.z; mv -f ~/.z ~/.cshrc'\n^D\n\n IDIOT: Answers all questions to best of his knowledge.\nRecruits user to system administration team.\n\n---------------- SITUATION: Process accounting management. ----------------\n\n TECHNICAL THUG: Ignores packaged accounting software; trusts\nscripts to sniff out any problems & compute charges.\n\n ADMINISTRATIVE FASCIST: Devotes 75% of disk space to\naccounting records owned by root and chmod'ed 000.\n\n MANIAC: Laughs fool head off at very mention of accounting.\n\n IDIOT:\n# lpr /etc/wtmp /usr/adm/paact\n\n---------------- SITUATION: Religious war, BSD vs. System V. ----------------\n\n TECHNICAL THUG: BSD. Crippled on System V boxes.\n\n ADMINISTRATIVE FASCIST: System V. Horrified by the people who\nuse BSD. Places frequent calls to DEA.\n\n MANIAC: Prefers BSD, but doesn't care as long as HIS processes\nrun quickly.\n\n IDIOT:\n# cd c:\n\n---------------- SITUATION: Religious war, System V vs. AIX ----------------\n\n TECHNICAL THUG: Weeps.\n\n ADMINISTRATIVE FASCIST: AIX-- doesn't much care for the OS,\nbut loves the jackboots.\n\n MANIAC: System V, but keeps AIX skills up, knowing full well\nhow much Big Financial Institutions love IBM...\n\n IDIOT: AIX.\n\n---------------- SITUATION: Balky printer daemons. ----------------\n\n TECHNICAL THUG: Rewrites lpd in FORTH.\n\n ADMINISTRATIVE FASCIST: Puts printer use policy in motd.\nCalls customer support every time the printer freezes. Tries to get\nuser who submitted the most recent job fired.\n\n MANIAC: Writes script that kills all the daemons, clears all\nthe print queues, and maybe restarts the daemons. Runs it once a hour\nfrom cron.\n\n IDIOT:\n# kill -9 /dev/lp ; /dev/lp &\n\n---------------- SITUATION: OS upgrade. ----------------\n\n TECHNICAL THUG: Reads source code of new release, takes only\nwhat he likes.\n\n ADMINISTRATIVE FASCIST: Instigates lawsuit against the vendor\nfor having shipped a product with bugs in it in the first place.\n\n MANIAC:\n# uptime\n1:33pm up 19 days, 22:49, 167 users, load average: 6.49, 6.45, 6.31\n# wall\nWell, it's upgrade time. Should take a few hours. And good luck on that\n5:00 deadline, guys! We're all pulling for you!\n^D\n\n IDIOT:\n# dd if=/dev/rmt8 of=/vmunix\n\n---------------- SITUATION: Balky mail. ----------------\n\n TECHNICAL THUG: Rewrites sendmail.cf from scratch. Rewrites\nsendmail in SNOBOL. Hacks kernel to implement file locking. Hacks\nkernel to implement "better" semaphores. Rewrites sendmail in\nassembly. Hacks kernel to . . .\n\n ADMINISTRATIVE FASCIST: Puts mail use policy in motd. Locks\naccounts that go over mail use quota. Keeps quota low enough that\npeople go back to interoffice mail, thus solving problem.\n\n MANIAC:\n# kill -9 `ps -augxww | grep sendmail | awk '{print $2}'`\n# rm -f /usr/spool/mail/*\n# wall\nMail is down. Please use interoffice mail until we have it back up.\n^D\n# write max\nI've got my boots and backpack. Ready to leave for Mount Tam?\n^D\n\n IDIOT:\n# echo "HELP!" | mail tech_support.AT.vendor.com%kremvax%bitnet!BIFF!!!\n\n---------------- SITUATION: Users want phone list application. ----------------\n\n TECHNICAL THUG: Writes RDBMS in perl and Smalltalk. Users\ngive up and go back to post-it notes.\n\n ADMINISTRATIVE FASCIST: Oracle. Users give up and go back to\npost-it notes.\n\n MANIAC: Tells the users to use flat files and grep, the way\nGod meant man to keep track of phone numbers. Users give up and go\nback to post-it notes.\n\n IDIOT:\n% dd ibs=80 if=/dev/rdisk001s7 | grep "Fred"\n\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n\nOTHER GUIDELINES:\n\n---------------- TYPICAL ROOT .cshrc FILE: ----------------\n\n TECHNICAL THUG: Longer than eight kilobytes. Sources the\noutput of a perl script, rewrites itself.\n\n ADMINISTRATIVE FASCIST: Typical lines include:\numask 777\nalias cd 'cd \s!*; rm -rf ching *hack mille omega rogue xtrek >& /dev/null &'\n\n MANIAC: Typical lines include:\nalias rm 'rm -rf \s!*'\nalias hose kill -9 '`ps -augxww | grep \s!* | awk \s'{print $2}\s'`'\nalias kill 'kill -9 \s!* ; kill -9 \s!* ; kill -9 \s!*'\nalias renice 'echo Renice\s? You must mean kill -9.; kill -9 \s!*'\n\n IDIOT: Typical lines include:\nalias dir ls\nalias era rm\nalias kitty cat\nalias process_table ps\nsetenv DISPLAY vt100\n\n---------------- HOBBIES, TECHNICAL: ----------------\n\n TECHNICAL THUG: Writes entries for Obsfuscated C contest.\nOptimizes INTERCAL scripts. Maintains ENIAC emulator. Virtual\nreality .\n\n ADMINISTRATIVE FASCIST: Bugs office. Audits card-key logs.\nModifies old TVs to listen in on cellular phone conversations.\nListens to police band.\n\n MANIAC: Volunteers at Survival Research Labs. Bugs office.\nEdits card-key logs. Modifies old TVs to listen in on cellular phone\nconversations. Jams police band.\n\n IDIOT: Ties shoes. Maintains COBOL decimal to roman numeral\nconverter. Rereads flowcharts from his salad days at Rand.\n\n---------------- HOBBIES, NONTECHNICAL: ----------------\n\n TECHNICAL THUG: Drinks "Smart Drinks." Attends raves. Hangs\nout at poetry readings and Whole Earth Review events and tries to pick\nup Birkenstock MOTAS.\n\n ADMINISTRATIVE FASCIST: Reads _Readers Digest_ and _Mein\nKampf_. Sometimes turns up car radio and sings along to John Denver.\nGolfs. Drinks gin martinis. Hangs out in yuppie bars and tries to\npick up dominatrixes.\n\n MANIAC: Reads _Utne Reader_ and _Mein Kampf_. Faithfully\nattends Dickies and Ramones concerts. Punches out people who say\n"virtual reality." Drinks damn near anything, but favors Wild Turkey,\nBlack Bush, and grain alcohol. Hangs out in neighborhood bars and\ntries to pick up MOTAS by drinking longshoremen under the table .\n\n IDIOT: Reads _Time_ and _Newsweek_-- and *believes* them.\nDrinks Jagermeister. Tries to pick up close blood relations-- often\nsucceeds, producting next generation of idiots.\n\n---------------- 1992 PRESIDENTIAL ELECTION: ----------------\n\n TECHNICAL THUG: Clinton, but only because he liked Gore's\nbook.\n\n ADMINISTRATIVE FASCIST: Bush. Possibly Clinton, but only\nbecause he liked Tipper.\n\n MANIAC: Frank Zappa.\n\n IDIOT: Perot.\n\n---------------- 1996 PRESIDENTIAL ELECTION: ----------------\n\n TECHNICAL THUG: Richard Stallman - Larry Wall.\n\n ADMINISTRATIVE FASCIST: Nixon - Buchanan.\n\n MANIAC: Frank Zappa.\n\n IDIOT: Quayle.\n\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n\nCOMPOUND SYSTEM ADMINISTRATORS:\n\n TECHNICAL FASCIST: Hacks kernel & writes a horde of scripts to\nprevent folk from ever using more than their fair share of system\nresources. Resulting overhead and load brings system to its knees.\n\n TECHNICAL MANIAC: Writes scripts that SEEM to be monitoring\nthe system, but are actually encrypting large lists of passwords.\nUses nearby nodes as beta test sites for worms.\n\n TECHNICAL IDIOT: Writes superuser-run scripts that sooner or\nlater do an "rm -rf /".\n\n FASCISTIC MANIAC: At first hint of cracker incursions, whether\nreal or imagined, shuts down system by triggering water-on-the-brain\ndetectors and Halon system.\n\n FASCISTIC IDIOT:\n# cp /dev/null /etc/passwd\n\n MANIACAL IDIOT: Napalms the CPU.\n -Stephan Zielinski\n\n\n}}}
Mac OS X Leopard makes use of LVMM, the Low Level Virtual Machine. LLVM is a compiler infrastrcture that's designed to permit more effective targeting of diverse platforms and tighter code optimizations. This benefits a OS like Mac OS X that targets PPC and Intel platforms and is used across iPods, iPhones, Apple TV's and general purpose computer systems. \n\nInterestingly enough, Mac OS X makes heaviest use of this in conjunction with OpenGL optimizations. \n\nClang is a C language front end for LLVM. \n\nFor more details:\nhttp://llvm.org/\nhttp://clang.llvm.org/\nhttp://video.google.com/videoplay?docid=6189170937161128523\n\n<html>\n\n<object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/VeRaLPupGks&rel=1"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/VeRaLPupGks&rel=1" type="application/x-shockwave-flash" wmode="transparent" width="425" height="355"></embed></object>\n\n<object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/i7Tkkd-CXQQ&rel=1"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/i7Tkkd-CXQQ&rel=1" type="application/x-shockwave-flash" wmode="transparent" width="425" height="355"></embed></object>\n\n<object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/zywl_VtBR1Q&rel=1"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/zywl_VtBR1Q&rel=1" type="application/x-shockwave-flash" wmode="transparent" width="425" height="355"></embed></object>\n\n</html>
!Problem\nThe wrong application is launching for file types or the icons associated are wrong.\n\n!Solution\nWhile this is normally fixed in the Finder's Get Info window by specifically setting the application, sometimes the Launch Services database is corrupt or there are other problems with Launch Services. \n\nThe preferences for Launch Services are stored in ~affecteduser/Library/Preferences/com.apple.LaunchServices.plist, which can be deleted for the affected user (best that they're logged out at the time) and it will be recreated when the user logs back in. \n\nSometimes this is still not enough as the problem exists beyond the user domain. In these cases use lsregister. \n\n{{{\n/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister -kill -r -domain local -domain system -domain user\n}}}\n{{{\nlsregister: [OPTIONS] [ <path>... ]\n [ -apps <domain>[,domain]... ]\n [ -libs <domain>[,domain]... ]\n [ -all <domain>[,domain]... ]\n\nPaths are searched for applications to register with the Launch Service database.\nValid domains are "system", "local", "network" and "user". Domains can also\nbe specified using only the first letter.\n\n -kill Reset the Launch Services database before doing anything else\n -seed If database isn't seeded, scan default locations for applications and libraries to register\n -lint Print information about plist errors while registering bundles\n -convert Register apps found in older LS database files\n -lazy n Sleep for n seconds before registering/scanning\n -r Recursive directory scan, do not recurse into packages or invisible directories\n -R Recursive directory scan, descending into packages and invisible directories\n -f force-update registration even if mod date is unchanged\n -u unregister instead of register\n -v Display progress information\n -dump Display full database contents after registration\n -h Display this help\n}}}
There appears to be a bug in the Leopard Installer in that if you upgrade from Tiger it leaves the old Tiger man pages in place that won't get used. This can be verified by performing {{{ls -l /usr/share/man/man1/man*}}} and checking to see if you have both {{{.gz}}} versions of man pages and the older non-gzip'ed versions something like:\n{{{\n-rw-r--r-- 1 root wheel 10981 Jan 13 2006 /usr/share/man/man1/man.1\n-r--r--r-- 1 root wheel 4821 Sep 23 21:54 /usr/share/man/man1/man. 1.gz\n}}}\n\nIf you find you have both copies, kudos to Dave Vasilevsky for the following Ruby script that will fix this problem:\n\n{{{\n#!/usr/bin/ruby \nrequire 'find' \n\npages = Hash.new { |h, k| h[k] = [] } \n\nFind.find('/usr/share/man') do |path| \nstat = File.lstat(path) \nnext unless stat.file? \n\nbase = File.basename(path) \nbase.sub!(/\s.gz$/,'') \nbase.sub!(/(\s.\sd)[^\s.]*$/, '\s1') \n\npages[base] << { :path => path, :mtime => stat.mtime } \nend \n\npages.each do |base, files| \nnext if files.size == 1 \n\nordered = files.sort_by { |f| f[:mtime] } \nordered.pop \nordered.each { |f| File.unlink(f[:path]) } \nend\n}}}\n\nRun the above as root and the old man pages will be deleted leaving the new Leopard pages.
Let's assume we have a directory, and that ~RedFish is a file in Thing1 which has an ACL and several ACEs. Thing2 is to be a backup of Thing1. \n\nDitto. hdiutil, etc don't copy ACLs when they copy the file. This is the expected behavior considering that the ACL on Thing1/RedFish, as seen by the OS, applies to that file and path. An ACL for Thing2/~RedFish is yet a different path and a different ACL. \n\nLet's look at a variety of these in action.\n\nLet's start by creating a directory and a few files, to one of which we'll add an ACL. \n{{{\nooblek:~ dshoop$ mkdir xyzzy\nooblek:~ dshoop$ touch xyzzy/file1\nooblek:~ dshoop$ touch xyzzy/file2\nooblek:~ dshoop$ chmod +a "admin allow write" file2\nchmod: file2: No such file or directory\nooblek:~ dshoop$ chmod +a "admin allow write" xyzzy/file2\nooblek:~ dshoop$ ls -als xyzzy\ntotal 0\n0 drwxr-xr-x 4 dshoop dshoop 136 Mar 31 18:09 .\n0 drwxrwx--- 156 dshoop dshoop 5304 Mar 31 18:09 ..\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- + 1 dshoop dshoop 0 Mar 31 18:09 file2\n}}}\nNote that the ACL is notated by ls with a "+" in the above output.\n\n!ACLs and [[Disk Images]]\n{{{\nooblek:~ dshoop$ hdiutil create -srcfolder xyzzy xyzzy1.dmg\n................................................................................\ncreated: /Volumes/OoblekData/dshoop/xyzzy1.dmg\nooblek:~ dshoop$ hdiutil attach xyzzy1.dmg \nChecksumming Driver Descriptor Map (DDM : 0)...\n Driver Descriptor Map (DDM : 0): verified CRC32 $4B79BBA6\nChecksumming Apple (Apple_partition_map : 1)...\n Apple (Apple_partition_map : 1): verified CRC32 $0E7187C8\nChecksumming disk image (Apple_HFS : 2)...\n..................................................................................................\n disk image (Apple_HFS : 2): verified CRC32 $24B5EE90\nChecksumming (Apple_Free : 3)...\n (Apple_Free : 3): verified CRC32 $00000000\nverified CRC32 $1F3EC619\n/dev/disk6 Apple_partition_scheme \n/dev/disk6s1 Apple_partition_map \n/dev/disk6s2 Apple_HFS /Volumes/xyzzy\nooblek:~ dshoop$ ls -als /Volumes/xyzzy/\ntotal 0\n0 drwxr-xr-x 5 dshoop dshoop 272 Mar 31 18:10 .\n0 drwxrwxrwt 15 root admin 510 Mar 31 18:10 ..\n0 d-wx-wx-wt 2 dshoop dshoop 68 Mar 31 18:10 .Trashes\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ # note no acl\n}}}\nAs we see, if we create a [Disk Image] of a source that has ACLs the ACLs aren't preserved. This is the expected behavior. \n\nWhy? \n\nFor one, the volume doesn't have ACLs enabled.\n\nThe larger reason, however is because the ACLs that applies to ./xyzzy/ don't apply to /Volumes/xyzzy/. Think of the ACLs stored in a directory or table, the indicies are clearly different as ./xyzzy/file2 and /Volumes/xyzzy/file2 are different lcoations in the fileysystem. \n\n\nCopying the ACL from file ./xyzzy/file2 to /Volume/xyzzy/file2 may have unintended security implications. ACLs are explict lists. \n\n!!Disk Images and ditto\nSo what about creating a volume and using ditto to perform a copy?\n\n{{{\nooblek:~ dshoop$ hdiutil create xyzzy2.dmg -volname xyzzy2 -megabytes 1 -type SPARSE -fs HFS+\ncreated: /Volumes/OoblekData/dshoop/xyzzy2.dmg.sparseimage\nooblek:~ dshoop$ hdid xyzzy2.dmg.sparseimage \n/dev/disk7 Apple_partition_scheme \n/dev/disk7s1 Apple_partition_map \n/dev/disk7s2 Apple_HFS /Volumes/xyzzy2\nooblek:~ dshoop$ ditto xyzzy /Volumes/xyzzy2/\nooblek:~ dshoop$ ls -als /Volumes/xyzzy2/\ntotal 0\n0 drwxr-xr-x 5 dshoop dshoop 204 Mar 31 18:14 .\n0 drwxrwxrwt 16 root admin 544 Mar 31 18:13 ..\n0 d-wx-wx-wt 3 dshoop dshoop 102 Mar 31 18:13 .Trashes\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ rm /Volumes/xyzzy2/*\nooblek:~ dshoop$ ls -als /Volumes/xyzzy2/\ntotal 0\n0 drwxr-xr-x 3 dshoop dshoop 136 Mar 31 18:15 .\n0 drwxrwxrwt 16 root admin 544 Mar 31 18:13 ..\n0 d-wx-wx-wt 3 dshoop dshoop 102 Mar 31 18:13 .Trashes\nooblek:~ dshoop$ fsaclctl -p /Volumes/xyzzy2 -e enable -v\nfsaclctl: you must be root to enable/disable acls\nooblek:~ dshoop$ sudo fsaclctl -p /Volumes/xyzzy2 -e enable -v\nPassword:\nooblek:~ dshoop$ ditto xyzzy /Volumes/xyzzy2/\nooblek:~ dshoop$ ls -als /Volumes/xyzzy2/\ntotal 0\n0 drwxr-xr-x 5 dshoop dshoop 204 Mar 31 18:16 .\n0 drwxrwxrwt 16 root admin 544 Mar 31 18:13 ..\n0 d-wx-wx-wt 3 dshoop dshoop 102 Mar 31 18:13 .Trashes\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ ditto xyzzy xyzzy2\nooblek:~ dshoop$ ls -als xyzzy2\ntotal 0\n0 drwxr-xr-x 4 dshoop dshoop 136 Mar 31 18:09 .\n0 drwxrwx--- 159 dshoop dshoop 5406 Mar 31 18:16 ..\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ ls -als xyzzy \ntotal 0\n0 drwxr-xr-x 4 dshoop dshoop 136 Mar 31 18:09 .\n0 drwxrwx--- 159 dshoop dshoop 5406 Mar 31 18:16 ..\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- + 1 dshoop dshoop 0 Mar 31 18:09 file2\n}}}\n\n!![[rsync]]\nrsync is an odd man out here. While normally following the above behavior, it has a flag -E that specifically copies ACL, and other, file metadata. \n{{{\nooblek:~ dshoop$ rsync -avv xyzzy/ xyzzy2/\nbuilding file list ... \n[sender] expand file_list to 131072 bytes, did move\ndone\ndelta-transmission disabled for local transfer or --whole-file\nfile1 is uptodate\nfile2 is uptodate\ntotal: matches=0 tag_hits=0 false_alarms=0 data=0\n\nsent 101 bytes received 20 bytes 242.00 bytes/sec\ntotal size is 0 speedup is 0.00\nooblek:~ dshoop$ ls -als xyzzy2\ntotal 0\n0 drwxr-xr-x 4 dshoop dshoop 136 Mar 31 18:09 .\n0 drwxrwx--- 159 dshoop dshoop 5406 Mar 31 18:16 ..\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ rm xyzzy2\nrm: xyzzy2: is a directory\nooblek:~ dshoop$ rsync -avv xyzzy/ xyzzy2/\nbuilding file list ... \n[sender] expand file_list to 131072 bytes, did move\ndone\ndelta-transmission disabled for local transfer or --whole-file\nfile1 is uptodate\nfile2 is uptodate\ntotal: matches=0 tag_hits=0 false_alarms=0 data=0\n\nsent 101 bytes received 20 bytes 242.00 bytes/sec\ntotal size is 0 speedup is 0.00\nooblek:~ dshoop$ ls -als xyzzy2\ntotal 0\n0 drwxr-xr-x 4 dshoop dshoop 136 Mar 31 18:09 .\n0 drwxrwx--- 159 dshoop dshoop 5406 Mar 31 18:16 ..\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ rsync -aEvv xyzzy/ xyzzy2/\nbuilding file list ... \n[sender] expand file_list to 131072 bytes, did move\ndone\ndelta-transmission disabled for local transfer or --whole-file\nfile2 is uptodate\n._file2\nfile1 is uptodate\ntotal: matches=0 tag_hits=0 false_alarms=0 data=224\n\nsent 390 bytes received 40 bytes 860.00 bytes/sec\ntotal size is 0 speedup is 0.00\nooblek:~ dshoop$ ls -als xyzzy2\ntotal 0\n0 drwxr-xr-x 4 dshoop dshoop 136 Mar 31 18:09 .\n0 drwxrwx--- 159 dshoop dshoop 5406 Mar 31 18:16 ..\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -r-------- + 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ ls -als xyzzy \ntotal 0\n0 drwxr-xr-x 4 dshoop dshoop 136 Mar 31 18:09 .\n0 drwxrwx--- 159 dshoop dshoop 5406 Mar 31 18:16 ..\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- + 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ ls -als /Volumes/xyzzy\ntotal 0\n0 drwxr-xr-x 5 dshoop dshoop 272 Mar 31 18:10 .\n0 drwxrwxrwt 16 root admin 544 Mar 31 18:13 ..\n0 d-wx-wx-wt 2 dshoop dshoop 68 Mar 31 18:10 .Trashes\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ chmod +a "admin allow write" /Volumes/xyzzy/file2\nchmod: Failed to set ACL on file /Volumes/xyzzy/file2: Read-only file system\nooblek:~ dshoop$ ls -als /Volumes/xyzzy2\ntotal 0\n0 drwxr-xr-x 5 dshoop dshoop 204 Mar 31 18:16 .\n0 drwxrwxrwt 16 root admin 544 Mar 31 18:13 ..\n0 d-wx-wx-wt 3 dshoop dshoop 102 Mar 31 18:13 .Trashes\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ chmod +a "admin allow write" /Volumes/xyzzy2/file2\nooblek:~ dshoop$ ls -als /Volumes/xyzzy2\ntotal 0\n0 drwxr-xr-x 5 dshoop dshoop 204 Mar 31 18:16 .\n0 drwxrwxrwt 16 root admin 544 Mar 31 18:13 ..\n0 d-wx-wx-wt 3 dshoop dshoop 102 Mar 31 18:13 .Trashes\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- + 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ hdiutil create xyzzy3.dmg -volname xyzzy3 -megabytes 1 -type SPARSE -fs HFS+\ncreated: /Volumes/OoblekData/dshoop/xyzzy3.dmg.sparseimage\nooblek:~ dshoop$ hdid xyzzy3.dmg.sparseimage \n/dev/disk8 Apple_partition_scheme \n/dev/disk8s1 Apple_partition_map \n/dev/disk8s2 Apple_HFS /Volumes/xyzzy3\nooblek:~ dshoop$ asr -source /Volumes/xyzzy2 -target /Volumes/xyzzy3\n Validating target...done\n Validating source...done\n Validating sizes...done\n Restoring...\n Copying "/Volumes/xyzzy2" (/dev/disk7s2) to "/Volumes/xyzzy3" (/dev/disk8s2)...\nasr: could not copy /Volumes/xyzzy2/./.Trashes; Permission denied\nasr: Bom copy exited with error 2\nasr: couldn't restore - No such file or directory\nooblek:~ dshoop$ sudo asr -source /Volumes/xyzzy2 -target /Volumes/xyzzy3\nPassword:\n Validating target...done\n Validating source...done\n Validating sizes...done\n Restoring...\n Copying "/Volumes/xyzzy2" (/dev/disk7s2) to "/Volumes/xyzzy3" (/dev/disk8s2)...\nasr: did not copy blessed information to target, which may have missing or out-of-date blessed folder information.\nooblek:~ dshoop$ ls -als /Volumes/xyzzy3\ntotal 0\n0 drwxr-xr-x 5 dshoop dshoop 204 Mar 31 18:36 .\n0 drwxrwxrwt 17 root admin 578 Mar 31 18:35 ..\n0 d-wx-wx-wt 3 dshoop dshoop 102 Mar 31 18:35 .Trashes\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ ls -als /Volumes/xyzzy2\ntotal 0\n0 drwxr-xr-x 5 dshoop dshoop 204 Mar 31 18:16 .\n0 drwxrwxrwt 17 root admin 578 Mar 31 18:35 ..\n0 d-wx-wx-wt 3 dshoop dshoop 102 Mar 31 18:13 .Trashes\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- + 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ mount\n/dev/disk0s3 on / (local, journaled)\ndevfs on /dev (local)\nfdesc on /dev (union)\n<volfs> on /.vol\n/dev/disk0s5 on /Volumes/OoblekData (local, journaled)\nautomount -nsl [248] on /Network (automounted)\nautomount -fstab [255] on /automount/Servers (automounted)\nautomount -static [255] on /automount/static (automounted)\n/dev/disk5s3 on /Volumes/iTunes 6.0.4 (local, nodev, nosuid, read-only, mounted by dshoop)\n/dev/disk1s3 on /Volumes/FW800-250 (local, nodev, nosuid, journaled)\n/dev/disk2s10 on /Volumes/Deskstar (local, nodev, nosuid, journaled)\n/dev/disk4s10 on /Volumes/TravelStar40 (local, nodev, nosuid, journaled)\n/dev/disk6s2 on /Volumes/xyzzy (local, nodev, nosuid, read-only, journaled, mounted by dshoop)\n/dev/disk7s2 on /Volumes/xyzzy2 (local, nodev, nosuid, mounted by dshoop)\n/dev/disk8s2 on /Volumes/xyzzy3 (local, nodev, nosuid, mounted by dshoop)\n/dev/disk9s2 on /Volumes/iCab 3.0 Beta 382 (local, nodev, nosuid, read-only, journaled, mounted by dshoop)\n/dev/disk10s2 on /Volumes/xyzzy2 1 (local, nodev, nosuid)\nooblek:~ dshoop$ # /Volumes/xyzzy2 1 is a directory created as toast image and mounted\nooblek:~ dshoop$ ls -als /Volumes/xyzzy2 1\nls: 1: No such file or directory\n/Volumes/xyzzy2:\ntotal 152\n 0 drwxr-xr-x 7 dshoop dshoop 272 Mar 31 18:46 .\n 0 drwxrwxrwt 19 root admin 646 Mar 31 19:06 ..\n 0 d-wx-wx-wt 3 dshoop dshoop 102 Mar 31 18:13 .Trashes\n128 -rw-r--r-- 1 root dshoop 1024 Mar 31 18:46 Desktop DB\n 24 -rw-r--r-- 1 root dshoop 2 Mar 31 18:46 Desktop DF\n 0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n 0 -rw-r--r-- + 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ ls -als /Volumes/xyzzy2\s 1\ntotal 16\n0 drwxr-xr-x 8 dshoop dshoop 306 Mar 31 19:06 .\n0 drwxrwxrwt 19 root admin 646 Mar 31 19:06 ..\n0 drw------- 4 dshoop dshoop 136 Mar 31 19:06 .Spotlight-V100\n0 d-wx-wx-wt 2 dshoop dshoop 68 Mar 31 19:06 .Trashes\n8 -rwxr-xr-x 1 dshoop dshoop 1024 Oct 26 15:26 Desktop DB\n8 -rwxr-xr-x 1 dshoop dshoop 2 Oct 26 15:26 Desktop DF\n0 -rwxr-xr-x 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rwxr-xr-x 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$ \n}}}
The tiddler 'New Tiddler' doesn't yet exist. Double-click to create itMac OS X Tiger 10.4.6 introduces a rsync updated from last March. Has it's behavior with ACLs and Classically forked files any different?\n\nLet's check...\n\n<html><pre><tt>\nyosemite:~ root# hdiutil create xyzzy1.dmg -volname xyzzy1 -megabytes 20 -type SPARSE -fs HFS+\ncreated: /private/var/root/xyzzy1.dmg.sparseimage\nyosemite:~ root# hdiutil create xyzzy2.dmg -volname xyzzy2 -megabytes 20 -type SPARSE -fs HFS+\ncreated: /private/var/root/xyzzy2.dmg.sparseimage\nyosemite:~ root# hdid xyzzy1.dmg.sparseimage \n/dev/disk5 Apple_partition_scheme \n/dev/disk5s1 Apple_partition_map \n/dev/disk5s2 Apple_HFS /Volumes/xyzzy1\nyosemite:~ root# hdid xyzzy2.dmg.sparseimage \n/dev/disk6 Apple_partition_scheme \n/dev/disk6s1 Apple_partition_map \n/dev/disk6s2 Apple_HFS /Volumes/xyzzy2\nyosemite:~ root# ditto --rsrc /Volumes/Mac\s OS\s 9.2.1/CD\s Extras/HyperCard\s Player/HyperCard\s Player /Volumes/xyzzy1/\nyosemite:~ root# fsaclctl -p /Volumes/xyzzy1 -e\nyosemite:~ root# fsaclctl -p /Volumes/xyzzy2 -e\nyosemite:~ root# touch /Volumes/xyzzy1/file2\nyosemite:~ root# chmod +a "admin allow read" /Volumes/xyzzy1/file2 \nyosemite:~ root# ls -alse /Volumes/xyzzy1/file2 \n0 -rw-r--r-- + 1 unknown unknown 0 Apr 5 18:24 /Volumes/xyzzy1/file2\n 0: group:admin allow read\nyosemite:~ root# rsync -avvvvE /Volumes/xyzzy1/ /Volumes/xyzzy2/\ncmd= machine= user= path=/Volumes/xyzzy2/\ncmd=. /Volumes/xyzzy2/ \n(Server) Protocol versions: remote=28, negotiated=28\n(Client) Protocol versions: remote=28, negotiated=28\nbuilding file list ... \n[sender] make_file(.,*,2)\n[sender] expand file_list to 131072 bytes, did move\n[sender] make_file(.Trashes,*,2)\n[sender] make_file(.Trashes/501,*,2)\n[sender] popping per-dir .cvsignore exclude list\n[sender] popping per-dir .cvsignore exclude list\n[sender] make_file(file2,*,2)\n[sender] make_file(HyperCard Player,*,2)\n[sender] popping per-dir .cvsignore exclude list\ndone\n[sender] i=0 /Volumes/xyzzy1 <NULL> . mode=040755 len=204 uid=99 gid=99\n[sender] i=1 /Volumes/xyzzy1 <NULL> .Trashes mode=041333 len=102 uid=99 gid=99\n[sender] i=2 /Volumes/xyzzy1 .Trashes ._501 mode=0100400 len=1 uid=99 gid=99\n[sender] i=3 /Volumes/xyzzy1 .Trashes 501 mode=040700 len=68 uid=99 gid=99\n[sender] i=4 /Volumes/xyzzy1 <NULL> ._.Trashes mode=0100400 len=1 uid=99 gid=99\n[sender] i=5 /Volumes/xyzzy1 <NULL> ._HyperCard Player mode=0100400 len=1 uid=99 gid=99\n[sender] i=6 /Volumes/xyzzy1 <NULL> ._file2 mode=0100400 len=1 uid=99 gid=99\n[sender] i=7 /Volumes/xyzzy1 <NULL> HyperCard Player mode=0100755 len=1047549 uid=99 gid=99\n[sender] i=8 /Volumes/xyzzy1 <NULL> file2 mode=0100644 len=0 uid=99 gid=99\nsend_file_list done\nfile list sent\nsend_files starting\nserver_recv(2) starting pid=4077\nrecv_file_name(.)\nrecv_file_name(.Trashes)\nrecv_file_name(._.Trashes)\nrecv_file_name(.Trashes/501)\nrecv_file_name(.Trashes/._501)\nrecv_file_name(file2)\nrecv_file_name(._file2)\nrecv_file_name(HyperCard Player)\nrecv_file_name(._HyperCard Player)\nreceived 9 names\nuid 99(unknown) maps to 99\ngid 99(unknown) maps to 99\n[receiver] i=0 <NULL> <NULL> . mode=040755 len=204 uid=99 gid=99\n[receiver] i=1 <NULL> <NULL> .Trashes mode=041333 len=102 uid=99 gid=99\n[receiver] i=2 <NULL> .Trashes ._501 mode=0100400 len=1 uid=99 gid=99\n[receiver] i=3 <NULL> .Trashes 501 mode=040700 len=68 uid=99 gid=99\n[receiver] i=4 <NULL> <NULL> ._.Trashes mode=0100400 len=1 uid=99 gid=99\n[receiver] i=5 <NULL> <NULL> ._HyperCard Player mode=0100400 len=1 uid=99 gid=99\n[receiver] i=6 <NULL> <NULL> ._file2 mode=0100400 len=1 uid=99 gid=99\n[receiver] i=7 <NULL> <NULL> HyperCard Player mode=0100755 len=1047549 uid=99 gid=99\n[receiver] i=8 <NULL> <NULL> file2 mode=0100644 len=0 uid=99 gid=99\nrecv_file_list done\nget_local_name count=9 /Volumes/xyzzy2/\ngenerator starting pid=4077 count=9\ndelta-transmission disabled for local transfer or --whole-file\ninitializing extended attribute map\nrecv_generator(.,0)\nrecv_files(9) starting\nset modtime of . to (1144275866) Wed Apr 5 18:24:26 2006\n./\nrecv_generator(.Trashes,1)\nset modtime of .Trashes to (1144275775) Wed Apr 5 18:22:55 2006\n.Trashes/\nrecv_generator(.Trashes/501,3)\nset modtime of .Trashes/501 to (1144275775) Wed Apr 5 18:22:55 2006\n.Trashes/501/\nrecv_generator(.Trashes/._501,2)\nsend_files(2, /Volumes/xyzzy1/.Trashes/._501)\ncount=0 n=0 rem=0\nfile has vanished: "/Volumes/xyzzy1/.Trashes/._501"\nrecv_generator(._.Trashes,4)\nsend_files(4, /Volumes/xyzzy1/._.Trashes)\ncount=0 n=0 rem=0\nfile has vanished: "/Volumes/xyzzy1/._.Trashes"\nrecv_generator(HyperCard Player,7)\nsend_files(7, /Volumes/xyzzy1/HyperCard Player)\ncount=0 n=0 rem=0\nsend_files mapped /Volumes/xyzzy1/HyperCard Player of size 1047549\ncalling match_sums /Volumes/xyzzy1/HyperCard Player\nHyperCard Player\nsending file_sum\nfalse_alarms=0 tag_hits=0 matches=0\nsender finished /Volumes/xyzzy1/HyperCard Player\nrecv_generator(._HyperCard Player,5)\nsend_files(5, /Volumes/xyzzy1/._HyperCard Player)\ncount=0 n=0 rem=0\nfile has vanished: "/Volumes/xyzzy1/._HyperCard Player"\nrecv_generator(file2,8)\nsend_files(8, /Volumes/xyzzy1/file2)\ncount=0 n=0 rem=0\nsend_files mapped /Volumes/xyzzy1/file2 of size 0\ncalling match_sums /Volumes/xyzzy1/file2\nfile2\nsending file_sum\nfalse_alarms=0 tag_hits=0 matches=0\nsender finished /Volumes/xyzzy1/file2\nrecv_generator(._file2,6)\nsend_files(6, /Volumes/xyzzy1/._file2)\ncount=0 n=0 rem=0\nsend_files mapped /Volumes/xyzzy1/._file2 of size 223\ncalling match_sums /Volumes/xyzzy1/._file2\n._file2\nsending file_sum\nfalse_alarms=0 tag_hits=0 matches=0\nsender finished /Volumes/xyzzy1/._file2\ngenerate_files phase=1\nsend_files phase=1\nrecv_files(HyperCard Player)\ndata recv 32768 at 0\ndata recv 32768 at 32768\ndata recv 32768 at 65536\ndata recv 32768 at 98304\ndata recv 32768 at 131072\ndata recv 32768 at 163840\ndata recv 32768 at 196608\ndata recv 32768 at 229376\ndata recv 32768 at 262144\ndata recv 32768 at 294912\ndata recv 32768 at 327680\ndata recv 32768 at 360448\ndata recv 32768 at 393216\ndata recv 32768 at 425984\ndata recv 32768 at 458752\ndata recv 32768 at 491520\ndata recv 32768 at 524288\ndata recv 32768 at 557056\ndata recv 32768 at 589824\ndata recv 32768 at 622592\ndata recv 32768 at 655360\ndata recv 32768 at 688128\ndata recv 32768 at 720896\ndata recv 32768 at 753664\ndata recv 32768 at 786432\ndata recv 32768 at 819200\ndata recv 32768 at 851968\ndata recv 32768 at 884736\ndata recv 32768 at 917504\ndata recv 32768 at 950272\ndata recv 31741 at 983040\ndata recv 32768 at 1014781\ngot file_sum\nset modtime of .HyperCard Player.AJTARJ to (897584400) Thu Jun 11 13:00:00 1998\nrenaming .HyperCard Player.AJTARJ to HyperCard Player\nrecv_files(file2)\ngot file_sum\nset modtime of .file2.7yed3h to (1144275866) Wed Apr 5 18:24:26 2006\nrenaming .file2.7yed3h to file2\nrecv_files(._file2)\ndata recv 223 at 0\ngot file_sum\nset modtime of .._file2.rtmHiR to (1144275866) Wed Apr 5 18:24:26 2006\nrenaming .._file2.rtmHiR to ._file2\nrecv_files phase=1\ngenerate_files phase=2\nsend files finished\ntotal: matches=0 tag_hits=0 false_alarms=0 data=1047772\nrecv_generator(.,0)\nset modtime of . to (1144275866) Wed Apr 5 18:24:26 2006\nrecv_generator(.Trashes,1)\nrecv_generator(.Trashes/501,3)\ngenerate_files finished\nrecv_files finished\nclient_run waiting on 4077\n\nsent 1048279 bytes received 140 bytes 2096838.00 bytes/sec\ntotal size is 1047549 speedup is 1.00\n_exit_cleanup(code=0, file=/SourceCache/rsync/rsync-24/rsync/main.c, line=717): entered\nrsync warning: some files vanished before they could be transferred (code 24) at /SourceCache/rsync/rsync-24/rsync/main.c(717)\n_exit_cleanup(code=0, file=/SourceCache/rsync/rsync-24/rsync/main.c, line=717): about to call exit(24)\nyosemite:~ root# \nyosemite:~ root# /Developer/Tools/SplitForks -v /Volumes/xyzzy2/HyperCard\s Player \nSplitting /Volumes/xyzzy2/HyperCard Player...\nyosemite:~ root# ls -als /Volumes/xyzzy2/\ntotal 2048\n 0 drwxr-xr-x 5 unknown unknown 204 Apr 5 18:24 .\n 0 drwxrwxrwt 11 root admin 374 Apr 5 18:28 ..\n 0 d-wx-wx-wt 3 unknown unknown 102 Apr 5 18:22 .Trashes\n2048 -rwxr-xr-x 1 unknown unknown 1047549 Jun 11 1998 HyperCard Player\n 0 -r-------- 1 unknown unknown 0 Apr 5 18:24 file2\nyosemite:~ root# ditto --rsrc /Volumes/xyzzy1/HyperCard\s Player /Volumes/xyzzy1/HyperCard\s Player2\nyosemite:~ root# /Developer/Tools/SplitForks -v /Volumes/xyzzy1/HyperCard\s Player2 \nSplitting /Volumes/xyzzy1/HyperCard Player2...\n splitting HyperCard Player2...\nyosemite:~ root# ls -als /Volumes/xyzzy1/\ntotal 10112\n 0 drwxr-xr-x 9 unknown unknown 340 Apr 5 18:57 .\n 0 drwxrwxrwt 11 root admin 374 Apr 5 18:28 ..\n 0 d-wx-wx-wt 3 unknown unknown 102 Apr 5 18:22 .Trashes\n2000 -rw-r--r-- 1 unknown unknown 1020487 Apr 5 18:57 ._HyperCard Player2\n 8 -rw-r--r-- 1 unknown unknown 1024 Apr 5 18:28 Desktop DB\n 8 -rw-r--r-- 1 unknown unknown 2 Apr 5 18:28 Desktop DF\n4048 -rwxr-xr-x 1 unknown unknown 1047549 Jun 11 1998 HyperCard Player\n4048 -rwxr-xr-x 1 unknown unknown 1047549 Jun 11 1998 HyperCard Player2\n 0 -rw-r--r-- 1 unknown unknown 0 Apr 5 18:24 file2\nyosemite:~ root# ls -alse /Volumes/xyzzy2/file2 \n0 -r-------- + 1 unknown unknown 0 Apr 5 18:24 /Volumes/xyzzy2/file2\n 0: group:admin allow read\nyosemite:~ root# \nyosemite:~ root# ls -alse /Volumes/xyzzy2/file2 \n0 -r-------- + 1 unknown unknown 0 Apr 5 18:24 /Volumes/xyzzy2/file2\n 0: group:admin allow read\nyosemite:~ root# rsync -avvvvE /Volumes/xyzzy2/ /Volumes/xyzzy1/\ncmd= machine= user= path=/Volumes/xyzzy1/\ncmd=. /Volumes/xyzzy1/ \n(Server) Protocol versions: remote=28, negotiated=28\n(Client) Protocol versions: remote=28, negotiated=28\nbuilding file list ... \n[sender] make_file(.,*,2)\n[sender] expand file_list to 131072 bytes, did move\n[sender] make_file(.Trashes,*,2)\n[sender] make_file(.Trashes/501,*,2)\n[sender] popping per-dir .cvsignore exclude list\n[sender] popping per-dir .cvsignore exclude list\n[sender] make_file(file2,*,2)\n[sender] make_file(HyperCard Player,*,2)\n[sender] popping per-dir .cvsignore exclude list\ndone\n[sender] i=0 /Volumes/xyzzy2 <NULL> . mode=040755 len=204 uid=99 gid=99\n[sender] i=1 /Volumes/xyzzy2 <NULL> .Trashes mode=041333 len=102 uid=99 gid=99\n[sender] i=2 /Volumes/xyzzy2 .Trashes ._501 mode=0100400 len=1 uid=99 gid=99\n[sender] i=3 /Volumes/xyzzy2 .Trashes 501 mode=040700 len=68 uid=99 gid=99\n[sender] i=4 /Volumes/xyzzy2 <NULL> ._.Trashes mode=0100400 len=1 uid=99 gid=99\n[sender] i=5 /Volumes/xyzzy2 <NULL> ._file2 mode=0100400 len=1 uid=99 gid=99\n[sender] i=6 /Volumes/xyzzy2 <NULL> HyperCard Player mode=0100755 len=1047549 uid=99 gid=99\n[sender] i=7 /Volumes/xyzzy2 <NULL> file2 mode=0100400 len=0 uid=99 gid=99\nsend_file_list done\nfile list sent\nsend_files starting\nserver_recv(2) starting pid=4196\nrecv_file_name(.)\nrecv_file_name(.Trashes)\nrecv_file_name(._.Trashes)\nrecv_file_name(.Trashes/501)\nrecv_file_name(.Trashes/._501)\nrecv_file_name(file2)\nrecv_file_name(._file2)\nrecv_file_name(HyperCard Player)\nreceived 8 names\nuid 99(unknown) maps to 99\ngid 99(unknown) maps to 99\n[receiver] i=0 <NULL> <NULL> . mode=040755 len=204 uid=99 gid=99\n[receiver] i=1 <NULL> <NULL> .Trashes mode=041333 len=102 uid=99 gid=99\n[receiver] i=2 <NULL> .Trashes ._501 mode=0100400 len=1 uid=99 gid=99\n[receiver] i=3 <NULL> .Trashes 501 mode=040700 len=68 uid=99 gid=99\n[receiver] i=4 <NULL> <NULL> ._.Trashes mode=0100400 len=1 uid=99 gid=99\n[receiver] i=5 <NULL> <NULL> ._file2 mode=0100400 len=1 uid=99 gid=99\n[receiver] i=6 <NULL> <NULL> HyperCard Player mode=0100755 len=1047549 uid=99 gid=99\n[receiver] i=7 <NULL> <NULL> file2 mode=0100400 len=0 uid=99 gid=99\nrecv_file_list done\nget_local_name count=8 /Volumes/xyzzy1/\ngenerator starting pid=4196 count=8\ndelta-transmission disabled for local transfer or --whole-file\ninitializing extended attribute map\nrecv_generator(.,0)\nrecv_files(8) starting\nset modtime of . to (1144275866) Wed Apr 5 18:24:26 2006\n./\nrecv_generator(.Trashes,1)\nrecv_generator(.Trashes/501,3)\nrecv_generator(.Trashes/._501,2)\nsend_files(2, /Volumes/xyzzy2/.Trashes/._501)\ncount=0 n=0 rem=0\nfile has vanished: "/Volumes/xyzzy2/.Trashes/._501"\nrecv_generator(._.Trashes,4)\nsend_files(4, /Volumes/xyzzy2/._.Trashes)\ncount=0 n=0 rem=0\nfile has vanished: "/Volumes/xyzzy2/._.Trashes"\nrecv_generator(file2,7)\nfile2\nrecv_generator(._file2,5)\nsend_files(5, /Volumes/xyzzy2/._file2)\ncount=0 n=0 rem=0\nsend_files mapped /Volumes/xyzzy2/._file2 of size 326\ncalling match_sums /Volumes/xyzzy2/._file2\n._file2\nsending file_sum\nfalse_alarms=0 tag_hits=0 matches=0\nsender finished /Volumes/xyzzy2/._file2\nrecv_generator(HyperCard Player,6)\nHyperCard Player is uptodate\ngenerate_files phase=1\nsend_files phase=1\nrecv_files(._file2)\ndata recv 326 at 0\ngot file_sum\nset modtime of .._file2.YTVxUu to (1144275866) Wed Apr 5 18:24:26 2006\nrenaming .._file2.YTVxUu to ._file2\nrsync: connection unexpectedly closed (210 bytes received so far) [generator]\n_exit_cleanup(code=12, file=/SourceCache/rsync/rsync-24/rsync/io.c, line=359): entered\nrsync error: error in rsync protocol data stream (code 12) at /SourceCache/rsync/rsync-24/rsync/io.c(359)\n_exit_cleanup(code=12, file=/SourceCache/rsync/rsync-24/rsync/io.c, line=359): about to call exit(12)\nrsync: connection unexpectedly closed (72 bytes received so far) [sender]\n_exit_cleanup(code=12, file=/SourceCache/rsync/rsync-24/rsync/io.c, line=359): entered\nrsync error: error in rsync protocol data stream (code 12) at /SourceCache/rsync/rsync-24/rsync/io.c(359)\n_exit_cleanup(code=12, file=/SourceCache/rsync/rsync-24/rsync/io.c, line=359): about to call exit(12)\nyosemite:~ root# ls -als /Volumes/xyzzy1/\ntotal 10120\n 0 drwxr-xr-x 10 unknown unknown 374 Apr 5 19:00 .\n 0 drwxrwxrwt 11 root admin 374 Apr 5 18:28 ..\n 8 -r-------- 1 unknown unknown 326 Apr 5 18:24 .._file2.YTVxUu\n 0 d-wx-wx-wt 3 unknown unknown 102 Apr 5 18:22 .Trashes\n2000 -rw-r--r-- 1 unknown unknown 1020487 Apr 5 18:57 ._HyperCard Player2\n 8 -rw-r--r-- 1 unknown unknown 1024 Apr 5 18:28 Desktop DB\n 8 -rw-r--r-- 1 unknown unknown 2 Apr 5 18:28 Desktop DF\n4048 -rwxr-xr-x 1 unknown unknown 1047549 Jun 11 1998 HyperCard Player\n4048 -rwxr-xr-x 1 unknown unknown 1047549 Jun 11 1998 HyperCard Player2\n 0 -r-------- 1 unknown unknown 0 Apr 5 18:24 file2\nyosemite:~ root# ls -als /Volumes/xyzzy1/\n\n</tt></pre></html>
Need a good, simple, unobtrusive javascript to overlay images on the current web page that works in all modern browsers? A method that given thumbnails allows larger versions of the image to appear floating atop the current window?\n\nLightbox2 by Lokesh Dhakar may be your answer. \n\nSee http://www.lokeshdhakar.com/projects/lightbox2/
Select a tag from the left for a specific topic.\n\nPlease read: [[Before asking questions]]\n\n\n''This is a list of Frequently Asked Questions regardingLinux used in a server environment along with their answers. The list is derived from questions iWiring commonly has had to answer for clients and other questions we've seen asked on various mailing lists.''\n\n
!Linux Frequently Asked Questions\n<<tagging LinuxFAQ>>
!!Problem\nYou wish to delay the startup of the Login Window. You may wish to do this so other services are present that experience a race condition or for other reasons. Often this is needed to allow the system time to finish obtaining an IP Address via DHCP and for Directory Service to have time to bind to the servers.\n\n!!Solution\nUse defaults to set this value as root. \n\n{{{\n# defaults write /Library/Preferences/com.apple.loginwindow StartupDelay -int <number of seconds to delay>\n}}}\n\nIf the Login Window UI detects that the network servers are available when it starts, it will skip the delay, also if network servers become available before the delay expires, the Login Window UI cancels the delay and displays. \n\n!!Kudos\nThanks to Scott Barber for posting information on the macenterprise.org mailing list.\n
Well it seems as if ZDnet picked up on some advice I gave recently on Apple's MacOS-X-Server mailing list as the basis for an article Jason O'Grady and David Morgenstern wrote for their "The Apple Core" blog piece titled [["Planning for a Leopard migration."|http://blogs.zdnet.com/Apple/?p=970]] They quoted me as saying\n<<<\nThe reasons OS X admins have so much trouble with updates and upgrades is that as a group they have such little understanding of how they have their systems configured. Other OSes force better practices and systems hygiene. Larger shops document their systems and configurations better.\n<<<\nWhile this is a good warning, the better advice, even better than the few points they listed in their article, is still in the thread from which they pulled the quote and advice. And this advice doesn't just hold true for Leopard, but for any upgrades or updates you might perform to your systems, of any OS flavor. \n\n<<<\nAs they say, "prior proper planning prevents piss poor performance."\n\nOverall I find that few Mac OS would-be sysadmins properly plan updates yet alone upgrades.\n\nAt a minimum one needs to do a full standalone backup prior to any upgrade or update. You need a roll back plan.\n\nYou also need an acceptance test plan. Who has one of those? Do I see any hands???\n\nAnd many sites don't have good and stable systems from which they upgrade. How many are sure they have no permissions issues before an update? That the filesystem's integrity is solid? Or that DNS is true and proper? I could imagine that those who are silently ignoring those log messages from telling you to run changeip are going to choke come an update.\n\nAnd everyone's mileage is different. There are no two systems that are the same. There is no "I have a basic OS X installation." So while one might think they're not doing anything funky, unless you've just installed the system you have a unique configuration and I'll further bet that the hands raised would be slim to non-existant\n\nThe reasons OS X admins have so much trouble with updates and upgrades is that as a group they have such little understanding of how they have their systems configured. Other OSen force better practices and systems hygiene. Larger shops document their systems and configurations better.\n\nHeck, do you know how few Mac shops I walk into that don't even have a basic network diagram??\n\nI have a client currently bifurcating a server and they were haphazardly approaching it. I made them create a roadmap, before and after diagrams, service assessment and configuration reports, and a full checklist for pre-flight, launch and acceptance testing -- and have a roll back plan. Was it a waste of time? Not if it leads to success. Of course if it all goes smoothly will it be viewed that way?\n\nSo yes, upgrades and updates can be painful. As painful as you make them. Plan well and prepare for potential pitfalls and the transition can be smoother.\n<<<\n\nThe full post, and commentary it was replying to and follow ups, can be found at http://lists.apple.com/archives/macos-x-server/2007/Oct/msg00525.html
Wilfredo Sanchez's seminal paper on Unix and Mac filesystems:\n\n//The Challenges of Integrating the Unix and Mac OS Environments//\nhttp://www.usenix.org/publications/library/proceedings/usenix2000/invitedtalks/sanchez_html/
Many Linux SysAdmins get easily baffled, confused and them frustrated when they try to manage OS X systems. This is partly due to differences between Linux and BSD Unices. But Mac OS X is still quite different from typical BSD unices too. OS X makes extensive use of Apple technologies such as NetInfo, lookupd. System startup is quite different as well, with OS X weening itself from rc based startup processes and init and uses SystemStartupItems and launchd instead. Further differences come from Mac OS X's use of Mach as it's kernel where Linux and BSD have quite different kernels. \n\nThese sorts of differences aren't unique to Mac OS X however. For instance most Linux SysAdmins would be equally frustrated when presented with Solaris, AIX or True64 based unix operating systems.\n\n
!Introduction\n''[[Before asking questions]]\n[[MacOSX is not Linux]]\n[[Canonical Resources]]\n[[Recommended Books]]\n''\n\nThis is a list of Frequently Asked Questions regarding Mac OS X Server and Mac OS X used in a server environment along with their answers. The list is derived from questions iWiring commonly has had to answer for clients and other questions we've seen asked on various mailing lists. \n\n^^Select a tag from the left for a specific topic.^^
!Mac OS X Frequently Asked Questions\n<<tagging MacOSXFAQ>>
[[Welcome]]\n[[About iWiring]]\n[[Contact]]\n[[Services]]\n[[Support]]\n<<tag TechNotes>>\n<<tag Diagrams>>\n<<tag Commentary>>\n[[Papers]]\n[[Code]] \n<<tag HowTo>>\nMacOSXFAQ\nLinuxFAQ\n<<tag Humor>>\n[[News and Announcements]]\n[[Recent Entries]]\n[[Make Payments|Make a PayPal Payment]]\n
<<gradient horiz #ffffff #ddddff #8888ff>>[img[http://iwiring.net/compirony-sm.jpg]]\n!![[About iWiring]]\n!![[Contact]]\n!![[Services]]\n!![[Support]]\n!![[TechNotes]]\n!![[Diagrams]]\n!![[Commentary]]\n!![[Papers]]\n!![[Publications]]\n!![[Code]]\n!!HowTo\n!![[MacOSXFAQ]]\n!![[LinuxFAQ]]\n!![[CoolTech]]\n!![[Make Payments|Make a PayPal Payment]]\n>>\n<html><a href="http://gizmoproject.com/" title="Gizmo Project A Free phone for Your Computer"><img src="http://www.gizmoproject.com/images/sharing-tools/gizmobanner-88x31.gif" alt="Gizmo Project A Free phone for Your Computer"></a> </html>
We are now accepting orders online for our popular Basic Annual Support Agreement. [[Click here to order or renew|Now Accepting Support Orders Online! -- Basic Annual Support Agreement]]\n\nYou can [[make a payment|https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=shoop%40iwiring%2enet&item_name=Pay%20Invoice&item_number=10101&no_shipping=1&cn=Notes&tax=0&currency_code=USD&lc=US&bn=PP%2dDonationsBF&charset=UTF%2d8]] to iWiring using any major credit card through PayPal.\n\nWe can also set up reoccuring payments directly to your major credit card for any monthly services. \n
And excellent article from Ars Technica:\n\nhttp://arstechnica.com/articles/paedia/malware.ars/1
iWiring introduces Managed Backup as a Service for Mac OS X, Linux and Unix environments. Leverage our expertise to define, implement and then provide continued management for your backup operations. Data, backup sets and/or tapes are maintained locally and remotely under your control or seemlessly sent to Amazon for storage on their servers for pennys a GB. We take care of all the details and worries so you can sleep at night. Managed Backup can cover one server, your whole datacenter, or all your desktops.\n\niWiring can also provide secure, off-site network backup to protect your data against disaster.\n\nHow much is your data worth?\n//How much is your sanity worth?//\n\n__Starting from just $295/mo__, call use for details!\n\n''Managed Backup Service Coverage''\n* development and audit of your backup policy\n** defines your organization's specific needs and backup requirements\n** analysis of current policies\n** identifies weak points in existing practices for strengthening\n* development of backup strategy\n** addresses your specific organizations customized backup policy\n** your data stays under your control locally\n** automated backup operations\n** implentation of snapshots, backup sets and archives\n** d2d, d2t, d2d2t and worm\n* implementation of backup solutions\n** installation of backup software\n*** backup software runs of server\n*** small agent runs of backup clients\n*** backup server can optionally pull data from agentless clients\n** installation of dedicated hardware\n** dedicated backup server\n* managed backup operations\n** daily review of backup operations by iWiring engineers at our TOC\n** you're notified of any problems and fixes required\n** weekly/monthly reports on backup health, preformance and metrics\n** periodic recovery tests\n** emergency support available\n* data recovery\n** recover files yourself locally\n** or request recovery service from iWiring\n* based on proven, tested, mature backup technologies\n\n
An must read article on microcontent by Jakob Nielsen\n\nhttp://www.useit.com/alertbox/980906.html\n\n<html><iframe height="500px" width="100%" src="http://www.useit.com/alertbox/980906.html"></iframe></html>
While Mac OS X, by default, mounts volumes into /Volumes, you can mount them directly inline to the filesystem in a more sensible manners as demonstrated in this [[diagram|http://iwiring.net/networkarchitectures/mounting_disk_partitions_within_the_filesystem.pdf]]
A [[network diagram|http://iwiring.net/networkarchitectures/MultiTier_Internet_Architecture.pdf]] designed for instructional purposes that permits discussion of a complex Internet site. Included are bastion and proxy hosts, a cache server, level 7 (application layer) service pools and farms, NAS and SAN storage and database servers. OOB administration is also included. The diagram is designed to be used for markup in instruction to express numerous scenarios.
!Issue or symptom\nMySQL client libraries and headers are not included with Mac OS X Server 10.5. If you are developing a MySQL client application for Mac OS X, you'll need to download the MySQL client libraries and headers.\n\n!Solution\nThe MySQL client libraries and headers are available for download and installation from www.opensource.apple.com/darwinsource\n\n!!Mac OS X Server version 10.5 -10.5.5\n* The MySQL sources are available from (http://www.opensource.apple.com/darwinsource/tarballs/other/MySQL-43.tar.gz), and also include instructions on using the supplied Makefile.\n* A binary download that can be installed on Leopard Server is available from (http://www.opensource.apple.com/darwinsource/other/MySQL-43.binaries.tar.gz).\n\nTo install:\n\n# Download the file.\n# If the download doesn't automatically produce a folder on your desktop, double-click it to unzip it to a folder named "MySQL-43.binaries" which has a file named "MySQL-43.root.tar.gz" in it (as well as the readme file). Note: Do not double-click/unzip the "MySQL-43.root.tar.gz" file that is within the folder. \n# Open Terminal.\n# Type cd (but do not press Return).\n# Drag the "MySQL-43.binaries" folder from your desktop to the Terminal window to populate the cd path, then press Return.\n# Execute this command:\n{{{\nsudo tar -xzvf MySQL-43.root.tar.gz -C /\n}}}\n\nFrom: http://support.apple.com/kb/TA25017?viewlocale=en_US\n\n!Mac OS X Server 10.5.6 or later\n\nThe MySQL client libraries and headers are available for download and installation from (http://www.opensource.apple.com/darwinsource/10.5.6/).\n\n* The MySQL sources are available from (http://www.opensource.apple.com/darwinsource/10.5.6/MySQL-45/), and also include instructions on using the supplied Makefile.\n* A binary download that can be installed on Mac OS X Server 10.5 is available from (http://www.opensource.apple.com/darwinsource/other/MySQL-45.binaries.tar.gz).\n\nTo install:\n\n# Download the file.\n# If the download doesn't automatically produce a folder on your desktop, double-click it to decompress a folder named "MySQL-45.binaries" which has a file named "MySQL-45.root.tar.gz" in it (as well as the read me file). Note: Do not double-click/unzip the "MySQL-45.root.tar.gz" file that is within the folder.\n# Open Terminal.\n# Type cd followed by a space (but do not press Return).\n# Drag the "MySQL-45.binaries" folder from your desktop to the Terminal window to populate the cd command's path, then press Return.\n# Execute the following command:\n{{{\nsudo tar -xzvf MySQL-45.root.tar.gz -C /\n}}}\n\nFrom: http://support.apple.com/kb/HT3370
Mac OSX implements F_FULLFSYNC under MySQL. Linux can not. F_FULLFSYNC is a very good idea when committing transactions to databases since it can assure you that any data written actually get's flushed out of the system's write cache and to the disk. Using F_FULLFSYNC takes longer on writes, however. Since Linux can't do F_FULLFSYNC it will appear faster, though it's no where near as safe. Then again it doesn't appear that there's any way Linux can implement F_FULLFSYNC so it's not from choice or for performance reasons. \n\nOf additional concern is all drives have their own caches as well, and ATA, IDE or SATA (include therefore Firewire and USB) drives in particular don't always write out their caches, even when instructed. This is why these drives shouldn't be used for transactional databases. (And the concern is more than that the data got written, but that it got written in the right order.)\n\nFor more about this, and the apparent speed differences between OS X and Linux MySQL performance read the following:\nhttp://ridiculousfish.com/blog/?p=17\n
''__Managed Backup__''\niWiring announces new [[Managed Backup]] Services starting from $295/mo\n\n''__Do You Copy?__''\nCheck out the WWDC issue of MacTech for an article by iWiring's Dan Shoop on copying filesystem metadata, philosophies and he status of common tools under Mac OS X Tiger. \n\n''__Disaster Recovery Article__''\nRead iWiring's Dan Shoop comments on Disaster Recovery in a case study in the April 2006 issue of [[MacUser (UK) Magazine|http://www.pcpro.co.uk/macuser/features/84574/when-disaster-strikes.html]].\n\nRead the [[full article|http://www.pcpro.co.uk/macuser/features/84574/when-disaster-strikes.html]] online or Dan's comments in the [[case study.|Disaster Recovery Article]]\n\n
|[img[http://iwiring.net/giraffe.png]]|For a while now I've been running some production systems using Nexenta, an OpenSolaris distrubution that usings zfs extensively, including for boot, and has a complete debian linux environment installed overtop. It runs great and features apt-clone, which let's you completely checkpointed installs using zfs clone goodness, allowing roll-forward/roll-back.|
!Basic Annual Support\n* available for Mac OS X, Linux, BSD Unix, Solaris and OpenVMS systems\n* $499.95 / year for a single system\n* "unlimited" support requests by email\n* best available respsonse (generally same day) durring normal business hours\n* continuing response until resolution\n* dedicated Primary Field Engineer\n* dedicated response channels\n* discounts for two or three year agreements\n\nBasic Support can be expaneded:\n* optional telephone support\n* optional four hour response times\n* optional 24x7 coverage\n\nIncludes a basic systems and network assessment. (A $295 value!)\nDoes not cover remote services. (See [[What is the difference between Service and Support?]])\n\nYou can now order this popular support plan online, either as a one time order or a subscription (that automatically renews at year end.) Choose one of the options below to get your coverage started immediately, or to renew your Support Plan.\n\n<html>\n<table border="0" cellpadding="20"><tr><td>\n<form action="https://www.paypal.com/cgi-bin/webscr" method="post">\n<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-butcc-subscribe.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">\n<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">\n<input type="hidden" name="cmd" value="_xclick-subscriptions">\n<input type="hidden" name="business" value="shoop@iwiring.net">\n<input type="hidden" name="item_name" value="Basic Annual Support Agreement Subscription">\n<input type="hidden" name="item_number" value="ABSS2006">\n<input type="hidden" name="no_shipping" value="1">\n<input type="hidden" name="no_note" value="1">\n<input type="hidden" name="currency_code" value="USD">\n<input type="hidden" name="bn" value="PP-SubscriptionsBF">\n<input type="hidden" name="a3" value="499.95">\n<input type="hidden" name="p3" value="1">\n<input type="hidden" name="t3" value="Y">\n<input type="hidden" name="src" value="1">\n<input type="hidden" name="sra" value="1">\n</form>\n</td>\n<td>\n<form action="https://www.paypal.com/cgi-bin/webscr" method="post">\n<input type="hidden" name="cmd" value="_xclick">\n<input type="hidden" name="business" value="shoop@iwiring.net">\n<input type="hidden" name="item_name" value="Basic Annual Support Agreement">\n<input type="hidden" name="item_number" value="ABS2006">\n<input type="hidden" name="amount" value="499.95">\n<input type="hidden" name="no_shipping" value="2">\n<input type="hidden" name="no_note" value="1">\n<input type="hidden" name="currency_code" value="USD">\n<input type="hidden" name="bn" value="PP-BuyNowBF">\n<input type="image" src="https://www.paypal.com/en_US/i/btn/x-click-butcc.gif" border="0" name="submit" alt="Make payments with PayPal - it's fast, free and secure!">\n<img alt="" border="0" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1">\n</form>\n</td></tr></table></html>
"Out of Band"
Diagram of the [[OSI Network Stack Model|http://iwiring.net/networkarchitectures/OSI_stack.pdf]] complete with service examples.
We've provided services and support for organizations such as CitiBank, stock exchanges, Trader Joes, [[Sesame Workshop|http://www.sesameworkshop.org/]], [[BobsYourUncle|http://www.bobsyouruncle.tv]], [[Victory Productions|http://www.victoryprd.com]], [[Parade Magazine|http://www.parade.com/]], Noesis Median (Germany), nationwide ISPs, Wireless Service Providers, [[Campmor|http://www.campmor.com]], schools and universities, major banks and bourses, the health care industry, music and entertainment, and others industries and organizations. \n\nIn conjunction with our brother company, [[US Technical Services|http://www.ustsvs.com]], we can provide 24x7x365.25 Operational Support to your organization, and additional resources and expertise including support for a broad and historic range of Operating Systems. \n\nSee our [[Contact]] information for how you can reach us.\n\nSee [[About this Site]] for details about how this web page operates.
[[Example network diagram|http://iwiring.net/networkarchitectures/one2one-NAT-v1.0.pdf]] demosntrating how a public CIDR block can be distributed using one-to-one NAT for public servers and one-to-many NAT for user workstations in a SOHO environent. A SonicWall TZ-170 is deployed.
These InterfaceOptions for customising TiddlyWiki are saved in your browser\n\nYour username for signing your edits. Write it as a WikiWord (eg JoeBloggs)\n\n<<option txtUserName>>\n<<option chkSaveBackups>> SaveBackups\n<<option chkAutoSave>> AutoSave\n<<option chkRegExpSearch>> RegExpSearch\n<<option chkCaseSensitiveSearch>> CaseSensitiveSearch\n<<option chkAnimate>> EnableAnimations\n\nSee AdvancedOptions
From Wikipedia:\n\nIn computer science, an instruction set is said to be orthogonal if any instruction can use any register in any addressing mode. This terminology results from considering an instruction as a vector whose components are the instruction fields. One field identifies the registers to be operated upon, and another specifies the addressing mode. An orthogonal instruction set uniquely encodes all combinations of registers and addressing modes.\n\nOrthogonality is a system design property which enables the making of complex designs feasible and compact. The aim of an orthogonal design is to guarantee that operations within one of its components neither create nor propagate side-effects to other components. For example a car has orthogonal components and controls, e.g. accelerating the vehicle does not influence anything else but the components involved in the acceleration. On the other hand, a car with non-orthogonal design might have, for example, the acceleration influencing the radio tuning or the display of time. Consequently, this usage is seen to be derived from the use of orthogonal in mathematics; one may project a vector onto a subspace by projecting it onto each member of a set of basis vectors separately and adding the projections if and only if the basis vectors are mutually orthogonal.\n\nOrthogonality guarantees that modifying the technical effect produced by a component of a system neither creates nor propagates side effects to other components of the system. The emergent behaviour of a system consisting of components should be controlled strictly by formal definitions of its logic and not by side effects resulting from poor integration, i.e. non-orthogonal design of modules and interfaces. Orthogonality reduces the test and development time, because it's easier to verify designs that neither cause side effects nor depend on them.
While our public keys are published to canonical key servers, they are also listed here below. \n\n!Dan Shoop\n{{{\n-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.3 (Darwin)\n\nmQGiBDgN/uERBAD7uMvQu0zRNf55k1SsG+f+mWm/BYLZjKscBII3TgnQ9OMrGY+u\nB3lqcZ8mnQCWMV3SDeRb03S2UL9FE1zxUfwbbEYhVxAvRDZ3fx4ulVa0/0qN9UqC\nq7+m5DUL0zaQP/vHy/EfkuvwuSa/zzf+V92ySAcP0Qc7olqXQ6fMre9dnQCg/9bi\nqWLcDnk9o+47tmtNtOQ1VpsD+gJWpXBGQ5zy6XJo08DDvbu9ZGilAtTTgoPr47fG\nA/QWHSwfHagTySLo5FCYK4oe2WqYiPoCRqgOurKJZScw8RQ96xUsK9Edt+jmPQvX\nzs/bABlNklySv6p//F0Kj9LAm3bhppeqn4ZdO2x73qw+cR5qPNmMXLQSKsODIdVT\ncCbCA/9i99uaterKh5/U7aOEfMJLKh65of5xME1nVgKzJ1x2p1eYSaCusmZM2oHx\nA9pvg6hNZrVL5/GvRc3z2w7vJCal0dVLGurV7LPgZcU0bc9faBdc5ho7wB1gI5LJ\nFR3ZRXTvDIVkpgRxyYZsZyGV5suwZ98P8ZfKOTjU+iRJ3Nu7M7QdRGFuIFNob29w\nIDxzaG9vcEBpd2lyaW5nLm5ldD6IVgQQEQIADgUCOA3+4QQLAwIBAhkBABIJEHhA\nO+c3Nt4LB2VHUEcAAQGpOACeOmr0eRR1OYsTgcSshugVXtm3yRQAoNK40dtTZ/qv\nWUDj5hmpPJwnGAQEiEYEEBECAAYFAjgN/y8ACgkQNpNfUo0AUBr5vACfdgIFTMAL\nKfgdzZbqABZrCKNQ8qgAn2xV381bwVS8HBbPBfOHZSoHXHNciJwEEAEBAAYFAjgN\n/1AACgkQSmU8LT/CHGkc1gP/QStcGobLxXQFs/NZl9TdO9kzVP88iXzK2kgGs5vw\n7Fn7pcHSCiWXx5n7IHiQd+LtrM5TuiSDPW/3HrmfGaVkRJpWiPXjATdpS8eONStD\nlvD5LEtSWcgJmLAQYtxj3y9uF4X8Ope66smAkGcJrb78QiGB6dfFkdaYyD0tI3pj\nXbCInAQQAQEABgUCOA6tzQAKCRAX2N4WVTMLRTYQA/wOgsfWwgSCxUBf3SjUzZnp\nvMMFZp5vSBYv1MYW0KR75mbN5iBHkGRHbH3aDYUEqY73yG97b9BWtoPnUPrmFwZy\nIZH61tXti/M4D5ZAuxVd54brnpYbeVnYktQLAOWLGvwrqA2pLMoXAiyfTMFNckyc\npUZpqx9YZXxEBVH0BxjwfIicBBABAQAGBQI4DrOpAAoJEJlZJizP/X+NNMsD/2En\n4+saWwVPZRiRlAA4JgD/1zlS3335fwZ1+TVmMqt96BXPYYrjABMufgg7JH1AVqKu\n01UmucoNIqmue6GuLsK8+/UPQ/UC8rE6vM8oJLPDXStdoE1JzXme4ufFPsZwlzcR\nrVg1LSXNnci7M5pc0vUwBfFFjWTCInUBdWAtwXtniEYEEBECAAYFAjifrAUACgkQ\nv0Z5UKsMs6w2eQCeN4xl4fUu/OBSlZg1E2TypU0K53UAnA2AnO1U3M55rfWprmhF\nkH1AU0RtiEYEEBECAAYFAji4T8QACgkQDiYB+IvwrkmuIgCeNNsg+jfS9SpIJX7/\ncGTGXCVzNXwAnAhhYbrWKlp3Ub0P7CcabLFdUuxWiEYEEBECAAYFAjoJengACgkQ\nHZggge4GM+ArhgCglaxEHApVzJAnYe2psCTnWHU80MYAoJ/62WUVAOJGJJUOIOTc\ntyeHxhexiJwEEAECAAYFAjp1AeIACgkQpZcBsjdXJ/3gcwP/RTzVnvRTHtodqhqu\nTB5dElKlzjCgk3Ofb6LtkfQrSWwZZO7n0pGiAB4bJ89H2cZEuvqLqkMo9Qv+8Qd6\nVXzzHtf5L0PASFO3qBCbV/SZf69mFNeXdBMxGcm+aMAwJ41cj2lcv+Qz2BJ80lvt\nP+VOSHOJu8sj0GIzcGvh5Ui+08e0JERhbiBTaG9vcCA8c2hvb3BAZGFuaWVscy1o\nZWFsdGguY29tPohTBBARAgALBQI4DrM+BAsDAgEAEgkQeEA75zc23gsHZUdQRwAB\nASgnAKDgM+BTKvCXH+y8qskPtR48YadwOQCfQE0D7YPcIMQf5aC7QC0Teuo9t8u0\nG0RhbiBTaG9vcCA8c2hvb3BAZGlnZXgubmV0PohTBBARAgALBQI4DrNtBAsDAgEA\nEgkQeEA75zc23gsHZUdQRwABAcpoAJ9pvFoZoC9oi6ZVHmvZQUQzgifj9ACg3nI6\nSxJphHdx3Qk4YpjX+zUB2Ma0GURhbiBTaG9vcCA8c2hvb3BAbW9lLm9yZz6IUwQQ\nEQIACwUCOIn8LwQLAwIBABIJEHhAO+c3Nt4LB2VHUEcAAQF6IgCg5MuEhHSvpiLc\n/Wo34pcVv2m7C1cAoOjzzCxFghP5jF3AhQ4G96J+PUQ9tCdEYW4gU2hvb3AgPHNo\nb29wQHdldGxhbmRzLXByZXNlcnZlLm9yZz6IUwQQEQIACwUCOIn8pAQLAwIBABIJ\nEHhAO+c3Nt4LB2VHUEcAAQHPEACfU79/WZFhwG/Py/OmUc10IGL2la8An0te4/Ee\nbCHhKppLn0e/AGy/iL00tChEYW4gU2hvb3AgPGRhbi5zaG9vcEBzZXNhbWV3b3Jr\nc2hvcC5vcmc+iFMEEBECAAsFAjoIh5cECwMCAQASCRB4QDvnNzbeCwdlR1BHAAEB\nPuoAn3o9Y4DWBZf7TXSjYouKx0+AREQHAKDHPpJuhXKCDt/vc9kfKY7Cro/B69HK\nvP8AAAt3ARAAAQEAAAAAAAAAAAAAAAD/2P/gABBKRklGAAEBAAABAAEAAP/bAEMA\nCgcHCAcGCggICAsKCgsOGBAODQ0OHRUWERgjHyUkIh8iISYrNy8mKTQpISIwQTE0\nOTs+Pj4lLkRJQzxINz0+O//bAEMBCgsLDg0OHBAQHDsoIig7Ozs7Ozs7Ozs7Ozs7\nOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O//AABEIAJAAdAMB\nIgACEQEDEQH/xAAfAAABBQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAAC\nAQMDAgQDBQUEBAAAAX0BAgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQz\nYnKCCQoWFxgZGiUmJygpKjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpz\ndHV2d3h5eoOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbH\nyMnK0tPU1dbX2Nna4eLj5OXm5+jp6vHy8/T19vf4+fr/xAAfAQADAQEBAQEBAQEB\nAAAAAAAAAQIDBAUGBwgJCgv/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEG\nEkFRB2FxEyIygQgUQpGhscEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6\nQ0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeY\nmZqio6Slpqeoqaqys7S1tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery\n8/T19vf4+fr/2gAMAwEAAhEDEQA/AO8X7xqdPrUC/eNTr9KBki09cY5qNfcVKi8U\ngHKBmpABTQO9OpCAUtJS1IhD1pDTmpp60xgOlDdOtAobpQBGfrSYzSnrQenSmMbi\nijn1ooApoMk1Og5qKLOTU6imwHAY5qQcUi84pWIVSxOAByam4DiypGWYhQvJJrkN\nf+JGlaSWigP2uccbEPT6+lebeLvHWoapqMsdtdTQW24qEjchSvQDH+etYltoWo3M\ngdICCed0jYp26s1jTuztL34tasctCLaAE/dC7j+tQQfFbXvMDG5tmH9ySAYP4jFV\nLDwGrruu5SpP8Kf4mrU3gWw24XzAfc1PNA3VCXZHWaN8V9OvZUh1W3Nkx485G8yP\nPvxkfrXdRyxzRrLE6ujjKspyCPUGvn678G3MDsbafJHIVh1rW8DeLdQ0DURpd9IV\ntWP+rlbhf93PSmrPYxnSceh7aKDTElWRVZTwRkU4mkYCEU0j3p1NOaoYmPeijNFA\nFaJfmNWAuTTI1xU6JTAADXJfEjW20jw20cRxLeExL9O/6V2IFeafGlWXTdKcZwJp\nB+OFP9DUrUqO5534Ys1u7955F3KhABPrXollbqhBIrjvB6qlkXOAC5yTXVrrmn2z\njznf1G2MkGs6l2z0aNlE21jQnKAfjQ6JwSMcUthc2V9CHhdhn1GKdeyWtnEZJGds\nDoFzms7F31M+5iUjpXGeK7JGh87GJI2yGHpXUnVzelhb6fcFB0dhtB/OsLxEPtNh\ncAKVZRuAI5FVC6YqmsSz4D8ZyWWq2+kXcpa3nIRdx/1bnpj2NeuggjivmTSZWOtW\nc3JYToQO+c8V9MxtlAfUV0SVjzZa6jqMUtBqbkDMCiiimAkY61ZQDFV0OKsI3HpS\nYDiorifitpbX/hL7RHy9lOsuO5BypH/j36V2/Fcr47iMthbqWYLvY4U4ycDH6Zqb\n21NaUeeaR5P4TG7T3yN2yVuPWtK81PWxBC9pAJhI5UxBclQOmcevNXYLWOy1B40U\nRh2DMoGMHFbUcaIuABz1qZSV72PQjBpctymjzWc0ZWUOrvtOBwcjn8qkvZ5bm78k\nNhVTcPUmmXGBqEYA2hRxS3YMV/FI3yo2ACe1Ym1jLe21Z9UZUnb7AEyrjG4HHQjr\n1pLuGZ9OJuR+92kEjuK6ho9nzbcZFYuskbN2RnpV82qIcdGcX4d8P3kl9p96iiQG\n5jOwZyBu6/pmvoUDCjNeeaAqWM+mPGvyzOI9uPunBx+leiE9K35ro8+vBQaSDGKb\nmnHNMJxQc4tFNopgMRqnVqpo/FTo3TmmBZDVl+JofP0SVwoZoSJAD3wef0zV8PSy\nASIVYBlIwQe9Q0VGXLJM8pvPmuo7jG0Px1rStPmAzxW7rPh3TrTQ72eJZC8KGWMs\n2dmOSB+GRzmuY84C1Lbio2nJXqM1jJWPUp1FO7RX1S7C3TtFJkkYwoyeOlQ3GqzX\nTwrKx2Im1dp7+pyOmO3WqjWupW9ypghikQj7zMST+nFPkt9RZQsMdkhJxgsWP9PW\nkloa2bOoguo5bNVDfMg59xWPq4LcLyTwOOtQ2dnNaFJZ51LP8pCggD6ZNXtPibUt\nd063XjEgds/3U+Y/oKEtSJvli2bHhaxWXU2nUfurUdc5G85AH5En8q7XsPeoxyel\nPrZKx5VSo6krsQ8H2pDQTSVSICig9aKYzNRyPX8KspJxVFHNWENUMuB8+op24Hua\nrK1PDCpEVdfIPh+/U/xW7j9K8mn1I28flOTvjcKwA5Pp+danjLx7Nc+IY9B0uUJa\nRyiO6kHJlOeV9gOnuc1k6zpX26LzIz82MH3qGlfU6qF+VtGnpusQXduBKMuTg47V\nZtxHAWnWNXHU5/hFef2t5c6NOftEbgE8SY7/AOe1azeMIfK8qONnyOir3qXT7HQq\nytqaGs6yJZlSNsdAB+OK3/AN0tx4qdzIqR/Znii3f8tH3KTj14B/WuEtrK/1a5R5\n42hiHQNwT74qx4ozZ2FukJMZSUFCpwRgHkVVkrIyqNyg29j35SacTXDfDHxXdeIt\nJmt75vMurIhTIT80inOCffgiu3zVWszhFJ5pKQt6UmaAFzRTN1FMZjB6mSTFZxnU\nAszbVUZJJwBXP6t8RNE0tSsM5vZuyQHIH1bp+Waso7cSY9cVia1430PQNyXd2JJ1\nGfs8I3P/AID8cV5RrXxF1zVleGOQWVu38EHDEe7dfyxXJsxdizHJPUmkSy9Pf79a\nl1BAfmuGmCt15bODXpWmXEGo2aTwsCrj8vUV5NV/TdZvtJl32kxUH7yHlT+FTKNz\nWlV5HqekvbJHN88eQfWpjFbRqGWEA98jmuTTx8XA+12ALAfeifGfwIpz+NrModtp\nMH7ZK4rLlkdarU31Ojt03zs5UAAYArlfGd3CZFt1YNIDkgfw1Tv/ABhqFwpitcWs\nZ/ucsfx/wrAZy7FmJZjySTyauMGndmNWumuWJteG/FGoeFrx7nT/ACiZF2Osq5DD\nOfWvT9B+L+l3xSDVoGsJCOZVO+PP8x+v1rxTPFKGrSxyH1Faahaahbi4srmO4ibo\n8bhh+lTFsde1fMVjqN7ptwLiyupbeRTndG5U/wD167zRfi9f2+I9YtVvFA/1sOI3\n/EdD+lLlGewb6K5e1+IHhe6gWX+1UhJ/glBVh+GKKLDseI6prmpatMzXl3JICeEB\nwg+i9Kzs06TG844plMkQmkoooEFFFFABTqbS5oAOlHejNJTAUmgGkpaBi0oNNHJo\n70APzRTaKBD5PvGowcV6y3wE1Ykk65Z8/wDTJqT/AIUDqv8A0HLP/v01IDyfvSV6\nz/woHVf+g5Z/9+mo/wCFA6r/ANByz/79NQB5NRXrP/CgdV/6Dln/AN+mo/4UDqv/\nAEHLP/v01AHk9LXq/wDwoHVR/wAxyz/79NR/woLVf+g5Z/8AfpqAPJ8UAV6x/wAK\nC1X/AKDln/36al/4UFqv/Qcs/wDv01MDyakr1n/hQWqn/mOWf/fpqP8AhQOq/wDQ\ncs/+/TUAeTdKUE9q9Y/4UDqv/Qcs/wDv01H/AAoHVf8AoN2n/fpqQHk1Fes/8KB1\nX/oOWf8A36aimB//2YhTBBARAgALBQI4DrG8BAsDAgEAEgkQeEA75zc23gsHZUdQ\nRwABAcacAKDFaz0c7d46EQaB6mS3DFsXANAT9wCfVylXGuAOb1S3h9OLbNK3SeMk\n37OIRgQQEQIABgUCOA6x5AAKCRA2k19SjQBQGsHFAJ9DHOsYUNiKj2vNogxCRLH5\nJJeFKQCeItvXm44I4skPwFmPFEmuSiNeJ52InAQQAQEABgUCOA6x9gAKCRCZWSYs\nz/1/jU2BBACHdc5tBwmLADQwp738A1gKLpqWujb+p7tb8cCIWRzSOiNZ46n1jN8E\naUhFk+0gm/5YpeuMTrObLCcceSr/VKFq324m6et2VX1ygkQBX/Rc/A+t/3Rv6x+Y\n81865MYKlEP3Q8i8QhaqcddJFKo7u/l+I9GPt2GcHGwmXx3XO1kLbYicBBABAQAG\nBQI4DrIhAAoJEEplPC0/whxpK6IEAM8GW622W0IuZLETOToFFkobg9txoqHZgH9q\nT0fXkD5IplboUe3e+sgwLDKq6tqJskUzN5nZy/JJ2flX0gQZq/lowgFemhEq5FrH\nGE9n8wgc+WFtDTLxlormLMEamnNeXwMvqkuvvIsQLeT7avIopSogzLwQ5M5gyuFv\nMJTy0NPtuQINBDgN/uEQCAD2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoB\np1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnh\nV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr\n5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4\nXTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zaf\nq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpMgs7AAICCADvJ3dNCM6koBBC\nWn9kQyoC5J0xmRNbJeN/BQGWlDuuIhlJDYo1+qku4VHU2VYhpGOxQBMIVf/a84Ts\nXXlIsCwK7IKFPXl03aea6wj8TCwpHnBa4jbCKAPgHm3Gi7Ij1wWhdJtuH9tnxWvO\nLEo2ulbOX0iK3hmZT4yYM6d51e+DUTgIyUsci5JO3hEbs07V0rN9jQ2S0LtlOqPi\nXvijSI7U8dCMP9cpu/QniN9ERI3D1EFuq3+c1JbRCIQaSSY/M5PA+lsYKH97tzvq\nw3/JS+Z0VcHcz/n5LUwy0iK54Hqki3rucO+4vo6ESdnapsj7HOLAqTryWb5TyPpO\nEQGjEhI0iE4EGBECAAYFAjgN/uEAEgkQeEA75zc23gsHZUdQRwABAS9wAJ9qGYn/\nx5J4Ga/dHPH6BNAd5itEdQCgh4pvKWO/XQaV1wm+1MkK0Ex3E9c=\n=Q44f\n-----END PGP PUBLIC KEY BLOCK-----\n}}}\n\n
<div class='header' macro='gradient vert #18f #04b'>\n <div class='headerShadow''>\n <span class='siteTitle' refresh='content' tiddler='SiteTitle'>\n </span>\n &nbsp; \n <span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'>\n </span>\n </div>\n <div class='headerForeground'>\n <span class='siteTitle' refresh='content' tiddler='SiteTitle'>\n </span>\n &nbsp; \n <span class='siteSubtitle' refresh='content' tiddler='SiteSubtitle'>\n </span>\n </div>\n</div>\n<div id='topMenu' refresh='content' tiddler='MainMenu'></div>\n<div id='sidebar'>\n <div id='sidebarOptions' refresh='content' tiddler='SideBarOptions'>\n </div>\n <div id='sidebarTabs' refresh='content' force='true' tiddler='SideBarTabs'>\n </div>\n</div>\n<div id='displayArea'>\n <div id='messageArea'>\n </div>\n <div id='tiddlerDisplay'>\n </div>\n</div>\n\n<p>\n<html><div align="center">\n<img src="http://iwiring.net/images/ifooter.gif">\n</div></html>\n\n\n
!Published Articles\n\n!!Do You Copy?\n[>img[http://www.mactech.com/mt_covers/cover-2006/MT-Cover-0608.jpg]] Check out the August 2006 issue of MacTech for an article by iWiring's Dan Shoop on copying data and filesystem metadata, philosophies for metadata preservation, and the status of what common tools under Mac OS X Tiger actually copy. \n\nhttp://www.mactech.com/misc/about_mt.html#TOCExamples\n\n[[Download a copy of the article text| http://iwiring.net/papers/DoYouCopy.pdf]]\n<html><br clear="all"></html>\n\n!!Disaster Recovery Article\nRead iWiring's Dan Shoop comments on Disaster Recovery in a case study in the April 2006 issue of MacUser (UK) Magazine.\n\n[[Read more...|Disaster Recovery Article]]\n\n!Papers\n\n!!Bare Metal Backup & Recovery on Mac OS X\nPresented at the 2003 O'Reilly Mac OS X Conference.\n\n[[PDF Slides|http://iwiring.net/BareMetalBackup.pdf]]\n\n!!Building Internet Architectures Using Mac OS X\nA tutorial presented at the 2003 O'Reilly Mac OS X Conference.\n\n[[PDF Slides & Accompanying Notes|http://conferences.oreillynet.com/presentations/macosx03/shoop_tutorial.sit]] as a StuffIt file\n\n!Judged Papers \n\n!!An Investigation into the Set of Pseudo-Squared Numbers\nA mathematical thesis in field of number theory investigating the set of numbers composed by sums of square multiples, their properties, and the impact on expressions of positive integers.\n \nHonors Winner, 1981 Westinghouse STS\n\nAvailable by request.
After legal battles and pressure from congress, the IRS has decided to discontinue the 1898 (yes, that's two centuries ago) tax to finance the Spanish-American War that was added to all us rich people who can afford to have telephones with long distance services. Not only has the tax been discontinued, but you can claim a refund on your 2007 taxes for it retroactive to February 2003. \n\nWhile this sounds like good news we continue, however, to be taxed under the same scheme for local telephony services. \n\nhttp://news.zdnet.com/2100-1035_22-6101004.html?tag=nl.e589\n\n!Update:\nMore on this from the Washington Post -- claim you're refund!\nhttp://www.washingtonpost.com/wp-dyn/content/article/2006/08/31/AR2006083101749.html?referrer=emailarticle
We can assess your current computer systems or network environment and make recommendations to maximize the existing performance, while focusing on the elimination of bottlenecks.
[[Bill Wadman|bill@billwadman.com]] has written a very nice little Flash7/php4.3+ photo gallery that's remarkably simple. The gallery itself is just a Flash file that reads some XML information about what pictures exist in subdirectories and displays them. That XML, and the building of the thumbnails, is create by a set of PHP web pages that the gallery author 'hits' when he adds or modifies images in the gallery. The author basically just uploads gallery images to subdirectories, executes two PHP files as web pages and that it, the Flash code becomes the whole gallery. \n\nThis works all very nicely except that to generate the thumbnails uses GD in PHP, and GD isn't built into the PHP that ships with OS X. Bummer. \n\nBut OS X does include sips, a facility to do basically what GD does here, create the thumbnails (along with functions that would normally require netpbm or imagemagick, and BTW it can operate on any image format OS X understands natively, like PDF, Photoshop files, etc.) \n\nSo I present here PhotoFolioOSX. I've basically just did a quick and dirty re-write of the CGI that builds the thumbnails to call sips instead of GD, which made the code significantly smaller. \n\nBasically just grab the existing PhotoFolio version 4 code from http://www.billwadman.com/photofolio/ and the use the following to build the thumbnails (replacing the $pathtohere with the appropriate directory.) It doesn't do much error checking, but as I said, it's quick and dirty, you're welcome to improve on it. \n\nbuildthumbnailsOSX.php\n{{{\n<?\n\n// buildthumbnailsOSX.php\n// Modified to use Mac OS X's native sips facility\n// by Dan Shoop \n// <shoop@iwiring.net>\n// http://www.iwiring.net/\n//\n// 20060408 Version 0.1a -dhan Initial proof of concept\n// 20060429 Version 0.1b -dhan Recoded to use system() instead of exec()\n\n// system("sips") needs to know the full path to the file from root\n// Change the following line to point to our directory path\n$pathtohere = "/Volumes/www/somesite/photofolioOSX/";\n\nprint "<font face='arial, helvetica' size='medium'><B>Creating thumbnails from original images. . .<B></font><br>"; \nprint "<HR width='400' height='1' align='left'>"; \n\n//loop thru directories\n\n$dir=opendir("./");\n\nprint("<table border='1' cellspacing='0' cellpadding='2'>");\n\nwhile($file=readdir($dir)){\n if ($file!="." and $file!="..") {\n if (is_dir($file)) {\n print("<TR><TD align='left' colspan='2'><font face='arial, helvetica' size='small'><b>Working on directory $file...</b> </font><br>");\n if (is_dir("$file/thumbs") == 0) {\n mkdir("$file/thumbs", 0777);\n print("<hr><font face='arial, helvetica' size='small'><b>$file/thumbs created</b> </font><br>");\n }\n system("ls $file", $status);\n print("<hr>");\n system("sips --resampleHeightWidthMax 90 $pathtohere$file/* --out $pathtohere$file/thumbs/");\n }\n }\n}\nprint "<TR><TD align='right' colspan='2'><font face='arial, helvetica' size='medium'><strong>DONE!</strong></font></TD>";\nprint("</table>");\n\n?>\n}}}
[[Example network diagram|http://iwiring.net/networkarchitectures/protecting_a_database_server.pdf]] demonstrating how to protect a database server using network tiers.
Pseudo-Squared Numbers are subset of the set of positive integers (Z+) that may be expressed as the sums of positive squared integers.\n\nFor example, 13 is a psuedo-squared number because it can be expressed as the sums of 2^^2^^ + 3^^2^^. That is 4 + 9 = 13. Likewise so is 17 since it can be expressed as the sums of 2^^2^^ + 3^^2^^ + 2^^2^^.
Qmail/POP fails to deliver to Mailman under Plesk/Linux resulting in mailman being unable to deliver messages to subscribers of lists. An error message to this effect is logged to the mail log at {{{/usr/local/psa/var/log/maillog}}}:\n\n{{{\n"Failure_to_exec_mailman_wrapper._WANTED_gid_110,_GOT_gid_101.__(Reconfigure_to_take_101?)/did_0+0+1/"\n}}}\n\nThe issue is that the mailman binaries distributed with Plesk/Linux are hard coded for the GID 110 and Plesk/Linux runs the popuser under GID 101. The specific binary in question here is the qmail mailman wrapper, {{{/var/qmail/bin/mm_wrapper}}}\n\nThe issue can be fixed by either rebuilding the MailMan binaries to use the proper GID of 101 or the popuser's GID can be changed. \n\nBeware that there are several other notes on the web that suggest recompiling mm_wrapper to just return() successfully w/o performing the GID tests when the warpper is called. This is highly insecure and could result in attacks or inappropriate content through mailman. \n\nChanging the GID of the popuser is the easiest route and method recommended by Plesk. Simply shut down qmail (send a TERM signal to qmail-send), and disable SMTP xinetd delivery temporarily. Then edit /etc/group and /etc/passwd to adjust the GID for popuser. Then use {{{`find`}}} to change any files with GID ownership of 101 to 110. Enable xinetd SMTP again, and restart qmail. \n\nThis is covered under a Plesk technical article #942 at http://faq.sw-soft.com/article_61_942_en.html
{{{\nNetwork Working Group R. Merryman (UCSD-CC)\nRequest for Comments: 527 6/22/73\n\n\n ARPAWOCKY\n\n\n Twas brillig, and the Protocols\n Did USER-SERVER in the wabe.\n All mimsey was the FTP,\n And the RJE outgrabe,\n\n Beware the ARPANET, my son;\n The bits that byte, the heads that scratch;\n Beware the NCP, and shun\n the frumious system patch,\n\n He took his coding pad in hand;\n Long time the Echo-plex he sought.\n When his HOST-to-IMP began to limp\n he stood a while in thought,\n\n And while he stood, in uffish thought,\n The ARPANET, with IMPish bent,\n Sent packets through conditioned lines,\n And checked them as they went,\n\n One-two, one-two, and through and through\n The IMP-to-IMP went ACK and NACK,\n When the RFNM came, he said "I'm game",\n And sent the answer back,\n\n Then hast thou joined the ARPANET?\n Oh come to me, my bankrupt boy!\n Quick, call the NIC! Send RFCs!\n He chortled in his joy.\n\n Twas brillig, and the Protocols\n Did USER-SERVER in the wabe.\n All mimsey was the FTP,\n And the RJE outgrabe.\n\n D.L. COVILL\n May 1973\n}}}
!Problem\nYou are experiencing errors from Cyrus and Postfix such as the following in the system or mail logs:\n{{{\nlmtpunix[<some-pid>]: DBERROR db4: PANIC: fatal region error detected; run recovery\nlmtpunix[<some-pid>]: DBERROR: critical database situation\nmaster[<some-pid>]: service lmtpunix pid 11387 in READY state: terminated abnormally\nmaster[<some-pid>]: service pop3 pid 11388 in READY state: terminated abnormally\npop3[<some-pid>]: DBERROR db4: PANIC: fatal region error detected; run recovery\npop3[<some-pid>]: DBERROR: critical database situation\n}}}\nUsers are unable to retrieve their mail with POP or read their mail with IMAP. Mail is not being delivered on the system.\n\n!Issue\nPostfix is a MTA that transports mail to Cyrus, a MDA, for local delivery. Postfix can't deliver the mail and logs errors relating to abnormal termination from database errors. Cyrus uses Berkeley DB4 databases for storing it's index information for both the system and the users. In this case the system, not individual user, mail databases are corrupt. They need to be fixed in DB4 or recreated. The Cyrus system databases can become corrupted as the result of an improper system shutdown.\n\nThey will need to be recreated. \n\n!Soultion\n{{{\n# mv /var/imap /var/imap.old\n# mkdir /var/imap\n/usr/bin/cyrus/tools/mkimap\nreading configure file...\ni will configure directory /var/imap.\ni saw partition /var/spool/imap.\ndone\nconfiguring /var/imap...\ncreating /var/spool/imap...\ndone\n# chown -R cyrusimap:mail /var/imap\n# sudo -u cyrusimap /usr/bin/cyrus/bin/reconstruct -i\nuser/user1\nuser/user2\n...\n}}}
!Problem\nSome users can not retrieve mail from their inbox or other mailbox. Other users are not effected. Error messages relating to database problems are being returned to the user's Mail Agent. \n\n!Issue\nCyrus uses Berkeley DB4 databases for storing it's index information for both the system and the user's mailboxes. In this case the individual user mailboxes, not system, databases are corrupt. They need to be fixed in DB4 or recreated. The Cyrus system databases can become corrupted as the result of an improper system shutdown. \n\n!Solution\nThe database should be rebuilt or completely recreated.\n\n!!Rebuild Mailbox Databases\nFirst remove any zero length mailfiles in the user's maildirs. These obviously have no message content so can't have any body or headers. The user's mail is stored as an individual file for each mail message in maildirs at /var/spool/imap/user/<username>. These mail messages are each numbered and stored in a hierarchy of directories that correspond to mailboxes with the root being the "inbox". POP users will primarily operate just from the inbox while IMAP users typically have multiple maildirs. If a message file is empty then there's no actual message to preserve. Often they are "stillborn" message files from failed delivery of a mail message or perhaps "skeletons" of dead or deleted messages that didn't get completely removed. This can happen when the system is improperly shutdown. \n\nFirst make sure the cyrusimap user (for OS X 10.4) is enabled; normally it's shell is invalid so it can't log in. \n{{{\n# nicl / -read /users/cyrusimap shell\nshell: /bin/false\n# nicl / -create /users/cyrusimap shell /bin/bash\n# nicl / -read /users/cyrusimap shell\nshell: /bin/bash\n}}}\n\nNext cd to /var/spool/imap and su to cyrus\n{{{\n# cd /var/spool/imap\n# su cyrusimap\n}}}\nYou'll probably now have a user bash prompt ("$").\n\nNext repair the mailbox:\n{{{\n$ /usr/bin/cyrus/bin/reconstruct -r -f user/username \nuser/username\nuser/username/Deleted Messages\nuser/username/Drafts\nuser/username/Sent Messages\n}}}\n\nLastly exit from the su session and restore the false shell for the cyrusimap user:\n{{{\n$ exit\nexit\n# nicl / -create /users/cyrusimap shell /bin/false\n}}}\n\n!!Recreate Mailbox Databases\n[tbd]
<<timeline better:true \nsortBy:created \n\nexcludeTag:noRecent \n\nmaxEntries:30>>
*Mac OS X Tiger in a Nutshell\n*Mac OS X Tiger for Unix Geeks\n*Essential Systems Administration - while not covering OS X (at all) it covers material all SysAdmins are expected to know\n*[[Essential Mac OS X Panther Server Administraion|http://www.oreilly.com/catalog/macxserver/]] - while not specifically covering Tiger, most all the information is still relevant\n*Mac OS X Server Essentials\n*Mac OS X Hacks\n*Mac OS X Panther Hacks\n*Running Mac OS X Panther\n*Apache: The Definitive Guide\n*DNS & BIND\n*DNS & BIND Cookbook\n*Linux Server Hacks - Yes, it's designed for Linux, but most of the hacks are good for any Unix,including OS X.\n*Postfix: The Definitive Guide\n*Managing and Using MySQL\n*Managing and Using Mac OS X Server (coming soon!)\n*Cryptography: A Very Short Introduction by //Piper & Murphy//
The Cyrus MDA operates using maildirs for user mailboxes. These mailboxes are indexed through a Berkeley 'DB' database which can easily become corrupted. To restore from corruption, remove any problematic messages (such as zero length mail messages) from the maildir(s), stop mail services, and reconstruct the databases using the following from the /var/spool/imap directory:\n\n{{{\nsudo -u cyrusimap /usr/bin/cyrus/bin/reconstruct -r -f user/usershortname\n}}}\n\nThe cyrusimap user normally has its shell set to /bin/false. Make sure to set this to a valid shell before executing the above and reset it after you complete any operations as cyrusimap for security reasons. \n\nRestart mail services to test.\n\nIf problems persist, blow away the cyrus imap cache files in the maildirs and reconstruct them from scratch using the same procedure listed above.
!Problem\nYou want to be able to relay mail to a remote MTA host using authentication from your postfix MTA. You might need to do this is you're smarthosting to a rely server that requires this. \n\n!Solution\n\nIt's important to realize that the file in which these changes are made is also manipulated by Server Admin under OS X Server so be aware that making changes to your other SMTP settings later with Server Admin carries a chance of undoing these changes. You can prevent these changes being made by locking the file(s). \n\nTo /etc/postfix/main.cf, add these lines:\n{{{\nsmtp_sasl_auth_enable = yes\nsmtp_sasl_security_options =\nsmtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd\n}}}\n\nCreate a new file called /etc/postfix/sasl_passwd that contains entries for the hosts you need to authenticate with:\n{{{\nsmtp.something.com myusername:mypassword\n}}}\n\nUse postmap to format the file for use by postfix which will create a file called /etc/postfix/sasl_passwd.db.\n{{{\n# postmap /etc/postfix/sasl_passwd\n}}}\n\nReload Postfix to affect your changes:\n{{{\n# postfix reload\n}}}
Both the PRAM (battery backed persistient parameter RAM) and nvram (non-volitile, flash RAM) can be reset through Open Firmware:\n\n# Power up the computer holding down the cmd-opt-O-F keys, this will cause you to enter OpenFirmware\n# In Open Firmware type the following commands\n## reset-nvram\n## set-defaults\n## reset-all\n# Your machine will automatically reboot\n\nAfter this you may wish to reset your PMU or SMU. See the procedures specific for your model Macintosh.
http://news.yahoo.com/s/ap/20060430/ap_on_hi_te/apple_security\n\nFirst, the timing of this news (which is actually several weeks old) can't help but make you wonder since Apple was releasing a TV ad on May 1st touting the lower incidence of virus on the Mac compared to Windows. (See http://www.youtube.com/watch?v=M3Z386vXrt4 )\n\nTechnically the malware discussed by the article is //not// a virus. It's what's called a Trojan Horse. That is it's something that someone tricked you into running on your machine. There are no virues for Mac OS X and it's almost impossible that there will ever be any true viruses affecting Mac OS X. \n\nIt's relatively easy to write code that can do all sorts of malicious things to your system, like delete all your files. That is malicious code is easy. Getting it to execute is teh challenge as most people aren't stupid enough to run programs that they know will cause damage to their systems.\n\nVulnerabilities also aren't necessarily a problem. Most everything is vulnerable to something. My basement is vulnerable to flooding, but it requires a torrential rain storm //and// my gutters to be clogged all up for that vulnerability to actually get exploited.\n\nAs for "vulnerabilities" in Mac OS X, sure these exist, they exist in all sorts of code and operating systems. But vulnerabilities alone are not enough, they need to be actually made exploitable somehow, that is there needs to be some way in which the vulnerability can be used. Many vulnerabilities have no way to exploit them or require certain privileges, or situations or specific misconfigurations that are unlikely to occur. Since vulnerabilities get noticed and fixed rather often (hence security updates and system updates, and systems are designed to prevent vulnerabilities from getting triggered, they are almost never exploitable.\n\nFurther still, unlike Microsoft's Windows, Mac OS X users can't execute system level privileged code or affect processes by other users. So even if a user of a Mac OS X system was tricked into executing some sort of malicious code, the only person who's files and processes they could affect would be there own, they wouldn't be able to affect system files and processes or files and processes of other users. The system itself is protected.\n\nIf the user was an administrator for the machine (who have additional privileges), before they'd be able to affect the system or other user files and processes they'd first have to authenticate as an administrator. A dialog box would be presented asking them to enter the administrator username and password. If you see that when running untrusted code you got from untrusted web sites or other sources, and you went ahead and gave permission for that untrusted code to run with privileges then it wasn't the fault of the system that security got breached. It's user stupidity. They could have been just as stupid and while logged in as an administrator deleted all their files themselves, the only difference here is that someone helped you do it.\n\nIf some untrusted person called you on the phone and asked you to log into your machine and delete all your files would you do that? There's little difference between this and what the user in the yahoo! news article did. They went to an untrusted web site, got a dialog box asking for permission to install and execute code, and they granted it blindly. Why? Because they were conned into granting it trust out of the desire for something it promised. We call these people "dupes." ;)\n\nAs for comments like "With new Macs running the same processor that powers Windows-based machines, far more people will know how to exploit weaknesses in Apple machines than in the past, when they ran on the PowerPC chips made by IBM Corp. and Motorola Corp. spinoff Freescale Semiconductor Inc." this is just plain false. It's not the processor that makes a system vulnerable, but the code and operating system that runs on that processor. In fact there are numerous highly secure operating systems that run on the same hardware that runs Windows. The problem is that Windows isn't secure.\n
The ipconfig "getpacket" qualifier "prints to standard output the DHCP/BOOTP packet that the client accepted from the DHCP/BOOTP server. This command is useful to check what the server provided, and whether the values are sensible. This command outputs nothing if DHCP/BOOTP is not active on the interface, or the attempt to acquire an IP address was unsuccessful."\n{{{\n# ipconfig getpacket en0\nop = BOOTREPLY\nhtype = 1\ndp_flags = 0\nhlen = 6\nhops = 0\nxid = 1727861690\nsecs = 0\nciaddr =\nyiaddr =\nsiaddr =\ngiaddr =\nchaddr = 0:a:95:c3:f:bc\nsname = ?\nfile = ?\noptions:\nOptions count is 11\ndhcp_message_type (uint8): ACK 0x5\nserver_identifier (ip):\nsubnet_mask (ip):\nlease_time (uint32): 0x384\noption_overload (uint8): 0x3\nrouter (ip_mult): {}\ndomain_name_server (ip_mult): {}\ndomain_name (string): bobsyouruncle.tv\nend (none): \nend (none): \nend (none): \n}}}
There seems to be an misperception that while the version of rsync that ships with Mac OS X Tiger is somehow "broken", that RsyncX is not.\n\nDebate of whether the distributed copy of rsync does indeed work (albeit with a single limitation[1]) aside, it is however a fact that rsyncx doesn't properly handle files in Tiger. Specifcally it does not properly support Extended Attributes and as such can't support ACLs.\n\nTo wit:\n<html><pre><tt>\nooblek:~ dshoop$ ls -als xyzzy\ntotal 0\n0 drwxr-xr-x 4 dshoop dshoop 136 Mar 31 18:09 .\n0 drwxrwx--- 162 dshoop dshoop 5508 Mar 31 23:49 ..\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- + 1 dshoop dshoop 0 Mar 31 18:09 file2\n</tt></pre></html>\nNote the ACL on file2 above.\n\nNow let's fire up rsyncx:\n<html><pre><tt>\nooblek:~ dshoop$ /usr/local/bin/rsyncx -avv xyzzy/ xyzzy2/\nbuilding file list ...\nexpand file_list to 4000 bytes, did move\ndone\ncreated directory xyzzy2\ndelta-transmission disabled for local transfer or --whole-file\n./\nfile1\nfile2\ntotal: matches=0 tag_hits=0 false_alarms=0 data=0\n\nwrote 181 bytes read 60 bytes 482.00 bytes/sec\ntotal size is 0 speedup is 0.00\nooblek:~ dshoop$\n</tt></pre></html>\nNote that no errors are reported and that it reports transfering the file properly, however this is not the case:\n<html><pre><tt>\nooblek:~ dshoop$ ls -als xyzzy2\ntotal 0\n0 drwxr-xr-x 4 dshoop dshoop 136 Mar 31 18:09 .\n0 drwxrwx--- 162 dshoop dshoop 5508 Apr 3 15:51 ..\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file1\n0 -rw-r--r-- 1 dshoop dshoop 0 Mar 31 18:09 file2\nooblek:~ dshoop$\n</tt></pre></html>\n\nNote the *missing* ACL. (Additionally other Extended Attributes could be missing, but weren't present in this example.)\n\nSo while rsyncx may properly sync files on volumes that require both single file resource forks *and* ACLs, it is incapable of handling those ACLs making that situation moot.\n\n----\n[1] The Apple distributed version of rsync does sync Extended Attributes, ACLs and resource forks of all types (single file forks and split forks). It's sole limitation is that it can not sync *single file forks* on volumes that have ACLs enabled.\n
The digits in the error code have a significance. \n\nThe first (100's) digit indicates:\n#Mail server has accepted the command, but does not yet take any action. A confirmation message is required.\n#Mail server has completed the task successfully without errors.\n#Mail server has understood the request, but requires further information to complete it.\n#Mail server has encountered a temporary failure. If the command is repeated without any change, it might be completed.\n#Mail server has encountered a fatal error. Your request can't be processed\n\nThe second digit (10's):\n0 Syntax error\n1 Information reply (for example to HELP request)\n2 This digit refers to the status of connection\n3 This digit refers to the status of the mail server\n\nThe third (units) digit of the code tells you the details of mail transferring status.\n\nHere's a list of common codes:\n421 Service not available, closing transmission channel (This may be a reply to any command if the service knows it must shut down) \n450 Requested mail action not taken: mailbox unavailable (E.g., mailbox busy) \n451 Requested action aborted: local error in processing \n452 Requested action not taken: insufficient system storage \n500 Syntax error, command unrecognized (This may include errors such as command line too long) \n501 Syntax error in parameters or arguments \n502 Command not implemented \n503 Bad sequence of commands \n504 Command parameter not implemented \n550 Requested action not taken: mailbox unavailable (E.g., mailbox not found, no access) \n551 User not local; please try \n552 Requested mail action aborted: exceeded storage allocation \n553 Requested action not taken: mailbox name not allowed (E.g., mailbox syntax incorrect) \n554 Transaction failed\n211 System status, or system help reply \n214 Help message (Information on how to use the receiver or the meaning of a particular non-standard command; this reply is useful only to the human user) \n220 Service ready \n221 Service closing transmission channel \n250 Requested mail action okay, completed \n251 User not local; will forward to \n354 Start mail input; end with . (a dot)
!!Problem\nYou want to run Safari in "Single Window Mode" where everything opens up in just one window.\n\n!!Solution\n{{{\ndefaults write com.apple.Safari TargetedClicksCreateTabs -bool true\n}}}\nNote: requires Safari 3.1 or greater.
!!Problem\nOn Leopard Server Samba doesn't seem to want to properly honor ACLs. \n\n!! Solution\nAppend the following lines to /etc/smb.conf:\n\n [global]\n acl check permissions = no\n\n!!DIscussion\nSee smb.conf(8) for a detailed explanation of what Samba is trying to do. \n\nThe problem arises because Darwin ACLs are closer to Windows ACLs that to POSIX ACLs, so Samba doesn't quite get the access check correct on Darwin.\n\n!!Kudos\nJames Peach <jpeach@apple.com>
Apple TechNote TN2166\n\n<html><iframe width="100%" src="http://developer.apple.com/technotes/tn2006/tn2166.html"></html>
In any organization's production environments a service contract means having the resources of professionals with the expertise and abilities to assit you in your operations, designing and implementing your technology architectures, ongoing admininistration, configuration and installation, and support and emergency situations. Understaffed or over your head? Could you benefit from experts that can assist you in managing your systems and networks and help you better understand and utilize the resources you already have and increase the return on their investment?\n\niWiring specializes in design and management of high-availability systems and networks, clusters, production environments, distribututed systems, and Internet networks and services based on proven production -- as well as reliable emerging -- technologies. Macintosh OS X technologies receive a special focus, and iWiring offers unparalleled suport in this arena. \n\nOur associates are computer specialists, engineers, architects and administrators with decades of experience and familiar with the challenges and responsibilities of managing not only just a single Mac OS X workstation or server platform but more importantly large, multi-platform and mission critical environments and their increased complexities. While many are strugling from the small systems world up, with our background in large systems, we can provide the skills and experience many new and migrating IT shops lack. Augmenting your existing skills with our expertise provides you with the leverage you need to maximize your technology investment.\n\nUnbiased expert technical consulting services and unparalleled support structures form the cornerstone of our business partner relationships. We strive to help our clients implement the right business solutions for their environment.\n\n!!Continuing Support\nOur primary business model is one of providing continuing support to your organization, preferring to focus on developing an established and on-going relationship with you rather than the typical consultants that come in, do "the job", and then leave you responsible for the continued operations. Our support matrix permits you to choose the level of support you need, starting with a basic and simple annual support agreement that provides you with continuous support, all the way through complete virtually managed systems and networks and all ranges in between. Our plans are designed to allow you to fix and control your support and administrative costs in a predictable manner. \n\nProjects can also then be implemented as part of your ongoing support, which fixes your total costs compared with typical 'consulting projects' by including them in your already budgeted costs. Paying for specific projects no longer is seen by management as an extra cost. Instead it's as if they turned it over to "the IT staff" to implement. Larger projects can be spread across normal monthly costs using our "rollover hours" concept where unused hours from other periods can be applied towards spikes in services and projects. \n\nSee our [[Services]] section for more information on service plans or take a look at our [[example support plans|http://iwiring.net/typical_support_plans_v.2006c.pdf]] demonstrating typical support scenarios. \n\nOur Basic Annual Support plan covers "unlimited" support for a single system starting at just $495/year. Montly Remote Service plans start at $495/month. We also offer Incident Based Support, Installation Support, Emergency Support, Mentoring and Pre-Paid Support blocks which yield a completly flexible service and support matrix.\n\n!!Ad Hoc Services\nProviding project based systems and network design, engineering and management is normally performed on a time and materials basis. For clients looking for a complete end-to-end solution we also offer all inclusive flat rate pricing for qualified projects. iWiring will work with you to schedule your project, develop an implementation plan and provide a roadmap with mile markers to keep you informed throughout the project execution.\n\nRates start at $125/hour.\n\n!Services\n<<tagging>>
{{{\ndefaults write com.apple.screencapture type image_format\n}}}\nWhere {{{image_format}}} is a QuickTime compatible file type such as tiff, jpg, png (the default), pdf, ...\n\nAfter changing this default you must either logout and back in again or kill SystemUIServer (e.g. {{{`killall SystemUIServer`}}}\n\nAdditionally the captured file name can be specified in\n{{{\n/System/Library/CoreServices/SystemUIServer.app/Contents/Resources/English.lproj/Localizable.strings\n}}}\nin which you should find the following stanza which controls the format of the screen capture file name:\n{{{\n/* Format screencapture file names */\n"%@ %@ at %@" = "%1$@ %2$@ at %3$@";\n}}}\nSetting to \n{{{\n/* Format screencapture file names */\n"%@ %@ at %@" = "Screen Shot";\n}}}\nproduces files named Screen Shot, and then Screen Shot 1, Screen Shot 2, etc. \n
Like Unix, Mac OS X has the concept of user account Full Names and "ShortNames" that are akin to the tradional unix concept of the BSD user name. The primary ShortName is the BSD style username and any additional ShortNames are akin to aliases. While the WorkGroup Manage GUI that manages these does have a limit as to the number of these ShortNames it can handle, the OS itself is capable of handling practically an unlimited number of the them if they can be created using command line tools. \n\n!! NIDB ShortNames\nTo list the ShortNames for a user:\n{{{\nnicl / -read /users/< user_primary_short_name > name\n}}}\n\nTo add ShortNames:\n{{{\nnicl / -append/users/<user_primary_short_name> name 2nd_short_name\n}}}\n\n!! LDAP ShortNames\n\nTo list the ShortNames for a user:\n{{{\nscl -u diradmin -P your_pwd /LDAPv3/ -read /Users/< user_primary_short_name > uid\n}}}\n\nTo add ShortNames:\n{{{\ndscl -u diradmin -P your_pwd /LDAPv3/ -append /Users/< user_primary_short_name > uid 2nd_short_name\n}}}\n
<<gradient horiz #ffffff #ddddff #8888ff>>[img[http://iwiring.net/compirony-w145px.jpg]]\n<<search>><<closeAll>><<permaview>><<newTiddler>><<newJournal 'DD MMM YYYY'>><<saveChanges>><<slider chkSliderOptionsPanel OptionsPanel 'options »' 'Change TiddlyWiki advanced options'>>\n>>\n
<<tabs txtMain\n'New Entries' 'Recent Entries' [[Recent Entries]]\nTags 'All tags' TabTags \nMore 'More lists' TabMore\n>>
This [[diagram|http://iwiring.net/networkarchitectures/Simplest_Internet.pdf]] demostrates what is the simplest of all Internet networks.
!!Problem\nYou'd like to use ssh keys for a specific, single purpose task, but nothing else. For instance you have some task that needs to execute on a remote system as root but you don't want the risk of a passphraseless key getting used for some other purpose. \n\n!!Solution\nCreate a specific key for use with this purpose without a passphrase (just enter "return" for each prompt.)\n{{{\n$ cd ~/.ssh\n$ ssh-keygen -t dsa -f checkhostname\nGenerating public/private dsa key pair.\nEnter passphrase (empty for no passphrase): \nEnter same passphrase again: \nYour identification has been saved in checkhostname.\nYour public key has been saved in checkhostname.pub.\nThe key fingerprint is:\n08:31:98:80:b4:ef:aa:48:43:c5:bd:56:b8:f1:5e:c7 me@myhost\n}}}\n\nPrepend a command string and ssh options to the beginning of the public key in the checkhostname.pub fileso that it looks something like:\n{{{\ncommand="changeip -checkhostname",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss AAAAB3NzaC1kc3MA...\n}}}\nWhile you can use your favorite text editor, we'll do this the creative way.\n{{{\n$ perl -e "print 'command=\s"changeip -checkhostname\s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding '" > command\n$ cat command > checkhostname-command.pub\ncat checkhostname.pub >> checkhostname-command.pub\n$ cat checkhostname-command.pub\ncommand="changeip -checkhostname",no-port-forwarding,no-X11-forwarding,no-agent-forwarding ssh-dss AAAAB3NzaC1kc3MAA...\n}}}\nLooks good. \n\nAdd the key to the end of the existing authorized_keys2 file on the remote system. (This presumes there's already this file there, otherwise change the ">>" to just ">".)\n{{{\n$ cat checkhostname-command.pub | ssh root@remotehost 'sh -c "cat - >>~/.ssh/authorized_keys2"'\n}}}\n\nSSH to the remote host specfiying the key file to use and watch the magic:\n{{{\n$ ssh -i ~/.ssh/checkhostname -l root remotehost\n\nPrimary address =\n\nCurrent HostName = remotehost\nDNS HostName = remotehost\n\nThe names match. There is nothing to change.\nConnection to remotehost closed.\n}}}\n\nYou can implement this for any task that you wish to execute on a remote system, like a backup, or to rsync files on the remote host between locations. It's as secure as the command you're executing so it's relatively safe to include the ssh invocation on your local system as, say, a cron job. Only the command you added to the key will get executed by the posessor of the private key.
| <<tag Services>> | <<tag TechNotes>> | <<tag Papers>> | <<tag Publications>> | <<tag Code>> | <<tag HowTo>> | <<tag MacOSXFAQ>>| <<tag LinuxFAQ>> |
\nSystems and Networks Architecture and Management
!Problem\nYou are experiencing slow file transfers on your Mac to or from Windows or SMB hosts. These transfer throughputs are much slower than what you see to/from AFP or FTP hosts.\n\n!Background\nThe issue may likely be related to differences in how Macs and Windows hosts handle ACKs using Nagle's Algorithm and Delayed ACK. On Windows the TCP segment size is 1460 bytes while on Mac OS X and other OSen that add a time-stamp option, the TCP segment size is 1448 bytes. These differences cause expose a problem in how Nagle's Algorithm handles delayed ACKnoweldgement of TCP/IP packets in the network stack. \n\nA detailed description of the problem can be found at http://www.stuartcheshire.org/papers/NagleDelayedAck/\n\n!Solution\nThe problem can often be fixed by changing the delayed_ack value.\n\ndelayed_ack=0 responds after every packet (OFF)\ndelayed_ack=1 always employs delayed ack, 6 packets can get 1 ack \ndelayed_ack=2 immediate ack after 2nd packet, 2 packets per ack (Compatibility Mode)\ndelayed_ack=3 should auto detect when to employ delayed ack, 4 packets per ack. (DEFAULT)\n\nOn Mac OS X systems edit /etc/sysctl.conf to include one of the following lines:\n{{{\nnet.inet.tcp.delayed_ack=0\n}}}\nor\n{{{\nnet.inet.tcp.delayed_ack=2\n}}}\n\nThen reboot the system for these changes to take effect.
Shantonu is the man!\n\nWhen asked how to snag the contents of a deleted file that's still open by an existing process he answered with the following:\n\n{{{\nDate: Tue, 25 Apr 2006 13:57:27 -0700\nFrom: Shantonu Sen <ssen@opendarwin.org>\nTo: Scott Ribe <scott_ribe@killerbytes.com>\nCc: macosx-admin <macosx-admin@omnigroup.com>\nSubject: Re: Snagging an unlinked file before it's actually gone?\n\nOne approach would be:\n1) Run lsof on the process to find out what file descriptor it has open on the log file:\n# lsof -p 2207\nCOMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME\n...\ntail 2207 root 0u CHR 4,4 0t1285299 64240004 /dev/ttyp4\ntail 2207 root 1u CHR 4,4 0t1285299 64240004 /dev/ttyp4\ntail 2207 root 2u CHR 4,4 0t1285299 64240004 /dev/ttyp4\ntail 2207 root 3r PSXSHM 4096 \napple.shm.notification_center\ntail 2207 root 4r REG 14,2 181659 227698 /private/var/log/system.log\n\n2) attach to the process in gdb. Make sure you're not in a signal handler or something weird\n# gdb\n...\n(gdb) attach tail\nAttaching to process 2207.\nReading symbols for shared libraries . done\nReading symbols for shared libraries .... done\n0x9002714c in kevent ()\n(gdb) t a a bt\n\nThread 1 (process 2207 thread 0xd03):\n#0 0x9002714c in kevent ()\n#1 0x000027bc in ?? ()\n#2 0x00003a61 in ?? ()\n#3 0x00001f0a in ?? ()\n#4 0x00001e25 in ?? ()\n\n3) Allocate some memory in the process and read in the log file\n(gdb) call (void *)malloc((long)181659)\n$1 = (void *) 0x27000\n(gdb) call (long)pread((int)4, (void *)0x27000, (long)181659, (long long)0)\n$2 = 181659\n\n4) write out the results\n(gdb) dump mem /tmp/logfile 0x27000 0x27000+181659\n(gdb)\n\n/tmp/logfile should have the contents. \n\nIf that doesn't work, you'll have to get more creative. \nThis might crash your daemon, so it's worth experimenting on another system first.\n\nShantonu\n\n\nOn Apr 25, 2006, at 1:38 PM, Scott Ribe wrote:\n\nOops. I bzip'd a log file that's open by an active server. So bzip unlinked\nit and it's no longer visible in directory listings, but of course it's\nstill out there somewhere because a process has it open. Uhhhmmm? Any way to\nfind it and get/copy it back before that process exits? (I have hours before\nthat would normally happen.)\n\n-- \nScott Ribe\nscott_ribe@killerbytes.com\nhttp://www.killerbytes.com/\n(303) 722-0567 voice\n\n\n_______________________________________________\nMacOSX-admin mailing list\nMacOSX-admin@omnigroup.com\nhttp://www.omnigroup.com/mailman/listinfo/macosx-admin\n\n_______________________________________________\nMacOSX-admin mailing list\nMacOSX-admin@omnigroup.com\nhttp://www.omnigroup.com/mailman/listinfo/macosx-admin\n}}}
Many people have the misunderstanding that snapshots are backups just like many people have the misunderstanding that RAID mirroring is a backup. \n\nThe former is obviously not a backup. Any change against the RAID mirror affects the data real-time. Corruption or deletion of a file or volume renders the file or volume unrecoverable. But broken mirrors aren't realtime, they represent the RAID member at a specific instance -- a snapshot -- in time. Aren't these a "backup" of the data?\n\nNot unsuprisingly John Siracusa over at Ars Technica has provided a nice little write up to make this understandable in his article "[[Time Machine and the future of the file system|http://origin.arstechnica.com/staff/fatbits.ars/2006/08/15/4995]]."\n\n<<<\nA snapshot preserves the state of an entire file system at a given point in time. This may sound a lot like a backup, but there are some important differences.\n\nFirst, a snapshot is entirely self-consistent, exactly preserving the state of each file at a particular instant in time across an entire file system. A traditional backup running on an active file system makes no such guarantees without invasive locking schemes or even more onerous requirements.\n\nSecond, snapshots are considerably more space-efficient than backups. By recording only the individual disk blocks that have changed, a snapshot takes a fraction of the disk space required by a traditional backup.\n\nFinally, and perhaps most importantly, while a full backup takes an amount of time that's proportional to the size of the file system, a snapshot can happen in constant time, regardless of file system size. This is why you'll often see snapshots referred to as "instantaneous." The time required is usually so small that a snapshot appears to take no time at all. And remember, this time does not increase as disks get bigger.\n<<<
!!Problem\nYou've bricked your iPhone. No mater what you seem to do you can't get it to do anything other than hard restart and when you do it just hangs at the Apple startup screen with no spinning gears or anything else. \n\n!!Solution\n# Perform a hard rest (Sleep/Wake + Home buttons) and just before it turns back on, release the buttons.\n# Your iPhone should now be off. Launch iTunes and connect the dock. \n# Hold down the Home button and continue to hold it down while you insert it into the dock and continue to hold it down until the the "Connect to iTunes" display appears on the screen. \n# iTunes will now recognize it and ask if you would like to restore it. Click "Restore" and continue with the restore operation.
!Problem:\nYou want to encrypt a disk, set of directories, or other files and data.\n\n!Solution(s):\n\n!!Use encrypted disk images.\n\nDisks are encrypted with AES-128. You choose a passphrase to encrypt the disk image. You can create the image to any maximum size. They operate as if they were any other native volume in the Finder, Cocoa/Carbon/Java/BSD environments. \n\nThere are two major types, Sparse Images and plain Read/Write Images.The can be created in Disk Utility by selecting File -> New -> Blank Disk Image... and selecting the size, encryption (as AES-128) and then the format.\n\n!!!Sparse Images\nThese grow to in size, to their maximum size as needed. \n\n!!!Read Write Images\nThese are their fixed size from the start. \n\n!!FUSE\nAmit Singh, of the MacOS X Internals book, has ports FUSE, the Filesytem in USErspace project, to Mac OS X. This implements arbitrary filesystems of any conceivable type, as user based processes that don't require priveleges to run. See Amit's [[video presentation|http://video.google.com/videoplay?docid=3138515991250095768]]. \n\n__Project Pages:__\nhttp://code.google.com/p/macfuse/\nhttp://fuse.sourceforge.net/wiki/index.php/FileSystems\n\n__Articles:__\n[[TidBITs: MacFUSE Explodes Options for Mac File Systems|http://db.tidbits.com/article/8835]]\nhttp://www.downloadsquad.com/2007/01/16/getting-started-with-macfuse-dls-how-to/\n\n!!You can mount the disk image anywhere in the filesystem.\nCreate a mountpoint directory and mount it through the shell to the mountpoint.
A nice NAS appliance:\nhttp://www.infrant.com/products/products_details.php?name=ReadyNAS%20NV\n\nOpenFiler, a Storage Management OS, based on Linux\nhttp://www.openfiler.com/\n\nNASlite, a CD bootable NAS OS\nhttp://www.serverelements.com/\n
!Problem\nSquirrelMail is sending email from user@getenv.mydomain.com. This is especially problematic since recipients who reply will reply to the wrong address. \n\n!Solution\nRun `/etc/squirrelmail/config/conf.pl` and change it to the correct value. In conf.pl select option "2" (Server Settings) and then change the General setting for "Domain" (option 1). \n\n{{{\n# /etc/squirrelmail/config/conf.pl\n}}}\n{{{\n---------------------------------------------------------\nMain Menu --\n1. Organization Preferences\n2. Server Settings\n3. Folder Defaults\n4. General Options\n5. Themes\n6. Address Books\n7. Message of the Day (MOTD)\n8. Plugins\n9. Database\n10. Languages\n\nD. Set pre-defined settings for specific IMAP servers\n\nC Turn color on\nS Save data\nQ Quit\n\nCommand >> 2\n}}}\n{{{\n---------------------------------------------------------\nServer Settings\n\nGeneral\n-------\n1. Domain : getenv.mydomain.com\n2. Invert Time : false\n3. Sendmail or SMTP : SMTP\n\nA. Update IMAP Settings : localhost:143 (cyrus)\nB. Update SMTP Settings : localhost:25\n\nR Return to Main Menu\nC Turn color on\nS Save data\nQ Quit\n\nCommand >> 1\n\nThe domain name is the suffix at the end of all email addresses. If\nfor example, your email address is jdoe@example.com, then your domain\nwould be example.com.\n\n[getenv.mydomain.com]: mydomain.com\n}}}\n{{{\nSquirrelMail Configuration : Read: config.php (1.4.0)\n---------------------------------------------------------\nServer Settings\n\nGeneral\n-------\n1. Domain : mydomain.com\n2. Invert Time : false\n3. Sendmail or SMTP : SMTP\n\nA. Update IMAP Settings : localhost:143 (cyrus)\nB. Update SMTP Settings : localhost:25\n\nR Return to Main Menu\nC Turn color on\nS Save data\nQ Quit\n\nCommand >> Q\n\nYou have not saved your data.\nSave? [Y/n]: Y\nData saved in config.php\n\nExiting conf.pl.\nYou might want to test your configuration by browsing to\nhttp://your-squirrelmail-location/src/configtest.php\nHappy SquirrelMailing!\n}}}\n\n!Discussion\nDue to a what appears to be some sort of PHP problem in SquirrelMail the host name can get munged. Resetting it back fixes the issue. \n\n
/***\nThis is a sample style definition to demonstrate CustomCssClass formatting\n***/\n/*{{{*/\n.wrappingClass {color: #666; background: #bbb;}\n/*}}}*/\n\n/***\niWiring changes\n***/\n/*{{{*/\n.headerShadow {left: 2px; top: 2px;}\n\n.viewer {font-size: 10pt;}\n.viewer pre {font-size: 8pt;}\n\nh1,h2,h3,h4,h5 {\n background:#eee;\n color: #000;\n}\nh1 {font-size: 1.2em; background:#ddd;}\nh2 {font-size: 1.1em;}\nh3 {font-size: 1.0em;}\nh4 {font-size: 0.9em;}\nh5 {font-size: 0.8em;}\n\n\n#topMenu { background: #03f}\n#topMenu { padding:10px; padding-top:4px;padding-bottom:4px}\n#topMenu br {display:none; }\n#topMenu .button, \n#topMenu .tiddlyLink,\n#topMenu .tiddlyLinkExisting, \n#topMenu .tiddlyLinkNonExisting {\n margin-left:2px; margin-right:4px;\n padding:0px;\n color:white; \n font-size:11px;\n font-weight: normal;\n border-color:transparent;\n}\n#topMenu .button:hover, #topMenu .tiddlyLink:hover { background:#f90;border-color:transparent;}\n\n\n#displayArea { margin: 1em 15.7em 0em 1em; } /* so we use the freed up space */\n\n/* just in case want some QuickOpenTags in your topMenu */\n#topMenu .quickopentag { padding:0px; margin:0px; border:0px; }\n#topMenu .quickopentag .tiddlyLink { padding-right:1px; margin-right:0px; }\n#topMenu .quickopentag .button { padding-left:1px; margin-left:0px; border:0px; }\n\n@media print { #topMenu {display: none ! important;} }\n/*}}}*/\n\n
/***\n!Colors Used\n*@@bgcolor(#8cf): #8cf - Background blue@@\n*@@bgcolor(#18f): #18f - Top blue@@\n*@@bgcolor(#04b): #04b - Mid blue@@\n*@@bgcolor(#014):color(#fff): #014 - Bottom blue@@\n*@@bgcolor(#ffc): #ffc - Bright yellow@@\n*@@bgcolor(#fe8): #fe8 - Highlight yellow@@\n*@@bgcolor(#db4): #db4 - Background yellow@@\n*@@bgcolor(#841): #841 - Border yellow@@\n*@@bgcolor(#703):color(#fff): #703 - Title red@@\n*@@bgcolor(#866): #866 - Subtitle grey@@\n!Generic Rules /%==============================================%/\n***/\n/*{{{*/\nbody {\n background: #fff;\n color: #000;\n}\n\na{\n color: #04b;\n}\n\na:hover{\n background: #04b;\n color: #fff;\n}\n\na img{\n border: 0;\n}\n\nh1 {\n font-size: 175%;\n color: #703;\n background: #8cf;\n}\n\nh2 {\n font-size: 150%;\n color: #703;\n background: #8cf;\n}\n\nh3 {\n font-size: 125%;\n color: #703;\n background: #8cf;\n}\n\nh4 {\n color: #703;\n background: #8cf;\n text-decoration: underline;\n}\n\nh5 {\n color: #703;\n background: #8cf;\n}\n\n.button {\n color: #014;\n border: 1px solid #fff;\n}\n\n.button:hover {\n color: #014;\n background: #fe8;\n border: 1px solid #db4;\n}\n\n.button:active {\n color: #fff;\n background: #db4;\n border: 1px solid #841;\n}\n\n/*}}}*/\n/***\n!Header /%==================================================%/\n***/\n/*{{{*/\n.header {\n background: #04b;\n position: fixed;\n}\n\n.headerShadow {\n color: #000;\n}\n\n.headerShadow a {\n font-weight: normal;\n color: #000;\n}\n\n.headerForeground {\n color: #fff;\n}\n\n.headerForeground a {\n font-weight: normal;\n color: #8cf;\n}\n\n/*}}}*/\n/***\n!General tabs /%=================================================%/\n***/\n/*{{{*/\n\n.tabSelected{\n color: #014;\n background: #eee;\n border-left: 1px solid #ccc;\n border-top: 1px solid #ccc;\n border-right: 1px solid #ccc;\n}\n\n.tabUnselected {\n color: #fff;\n background: #999;\n}\n\n.tabContents {\n color: #014;\n background: #eee;\n border: 1px solid #ccc;\n}\n\n.tabContents .button {\n border: 0;}\n\n/*}}}*/\n/***\n!Sidebar options /%=================================================%/\n~TiddlyLinks and buttons are treated identically in the sidebar and slider panel\n***/\n/*{{{*/\n#sidebar {\n}\n\n#sidebarOptions input {\n border: 1px solid #04b;\n}\n\n#sidebarOptions .sliderPanel {\n background: #8cf;\n}\n\n#sidebarOptions .sliderPanel a {\n border: none;\n color: #04b;\n}\n\n#sidebarOptions .sliderPanel a:hover {\n color: #fff;\n background: #04b;\n}\n\n#sidebarOptions .sliderPanel a:active {\n color: #04b;\n background: #fff;\n}\n/*}}}*/\n/***\n!Message Area /%=================================================%/\n***/\n/*{{{*/\n#messageArea {\n border: 1px solid #841;\n background: #db4;\n color: #014;\n}\n\n#messageArea .button {\n padding: 0.2em 0.2em 0.2em 0.2em;\n color: #014;\n background: #fff;\n}\n\n/*}}}*/\n/***\n!Popup /%=================================================%/\n***/\n/*{{{*/\n.popup {\n background: #18f;\n border: 1px solid #04b;\n}\n\n.popup hr {\n color: #014;\n background: #014;\n border-bottom: 1px;\n}\n\n.popup li.disabled {\n color: #04b;\n}\n\n.popup li a, .popup li a:visited {\n color: #eee;\n border: none;\n}\n\n.popup li a:hover {\n background: #014;\n color: #fff;\n border: none;\n}\n/*}}}*/\n/***\n!Tiddler Display /%=================================================%/\n***/\n/*{{{*/\n.tiddler .defaultCommand {\n font-weight: bold;\n}\n\n.shadow .title {\n color: #866;\n}\n\n.title {\n color: #fff;\n background: #04b;\n}\n\n.subtitle {\n color: #866;\n}\n\n.toolbar {\n color: #04b;\n}\n\n.tagging, .tagged {\n border: 1px solid #eee;\n background-color: #eee;\n}\n\n.selected .tagging, .selected .tagged {\n background-color: #ddd;\n border: 1px solid #bbb;\n}\n\n.tagging .listTitle, .tagged .listTitle {\n color: #014;\n}\n\n.tagging .button, .tagged .button {\n border: none;\n}\n\n.footer {\n color: #ddd;\n}\n\n.selected .footer {\n color: #888;\n}\n\n.sparkline {\n background: #8cf;\n border: 0;\n}\n\n.sparktick {\n background: #014;\n}\n\n.errorButton {\n color: #ff0;\n background: #f00;\n}\n\n.cascade {\n background: #eef;\n color: #aac;\n border: 1px solid #aac;\n}\n\n.imageLink, #displayArea .imageLink {\n background: transparent;\n}\n\n/*}}}*/\n/***\n''The viewer is where the tiddler content is displayed'' /%------------------------------------------------%/\n***/\n/*{{{*/\n\n.viewer .listTitle {list-style-type: none; margin-left: -2em;}\n\n.viewer .button {\n border: 1px solid #db4;\n}\n\n.viewer blockquote {\n border-left: 3px solid #666;\n}\n\n.viewer table {\n border: 2px solid #333;\n}\n\n.viewer th, thead td {\n background: #996;\n border: 1px solid #666;\n color: #fff;\n}\n\n.viewer td, .viewer tr {\n border: 1px solid #666;\n}\n\n.viewer pre {\n border: 1px solid #fe8;\n background: #ffc;\n}\n\n.viewer code {\n color: #703;\n}\n\n.viewer hr {\n border: 0;\n border-top: dashed 1px #666;\n color: #666;\n}\n\n.highlight, .marked {\n background: #fe8;\n}\n/*}}}*/\n/***\n''The editor replaces the viewer in the tiddler'' /%------------------------------------------------%/\n***/\n/*{{{*/\n.editor input {\n border: 1px solid #04b;\n}\n\n.editor textarea {\n border: 1px solid #04b;\n width: 100%;\n}\n\n.editorFooter {\n color: #aaa;\n}\n\n/*}}}*/
/***\n!Sections in this Tiddler:\n*Generic rules\n**Links styles\n**Link Exceptions\n*Header\n*Main menu\n*Sidebar\n**Sidebar options\n**Sidebar tabs\n*Message area\n*Popup\n*Tabs\n*Tiddler display\n**Viewer\n**Editor\n*Misc. rules\n!Generic Rules /%==============================================%/\n***/\n/*{{{*/\nbody {\n font-size: .75em;\n font-family: arial,helvetica;\n position: relative;\n margin: 0;\n padding: 0;\n}\n\nh1,h2,h3,h4,h5 {\n font-weight: bold;\n text-decoration: none;\n padding-left: 0.4em;\n}\n\nh1 {font-size: 1.35em;}\nh2 {font-size: 1.25em;}\nh3 {font-size: 1.1em;}\nh4 {font-size: 1em;}\nh5 {font-size: .9em;}\n\nhr {\n height: 1px;\n}\n\na{\n text-decoration: none;\n}\n\nol { list-style-type: decimal }\nol ol { list-style-type: lower-alpha }\nol ol ol { list-style-type: lower-roman }\nol ol ol ol { list-style-type: decimal }\nol ol ol ol ol { list-style-type: lower-alpha }\nol ol ol ol ol ol { list-style-type: lower-roman }\nol ol ol ol ol ol ol { list-style-type: decimal }\n/*}}}*/\n/***\n''General Link Styles'' /%-----------------------------------------------------------------------------%/\n***/\n/*{{{*/\n.externalLink {\n text-decoration: underline;\n}\n\n.tiddlyLinkExisting {\n font-weight: bold;\n}\n\n.tiddlyLinkNonExisting {\n font-style: italic;\n}\n\n/* the 'a' is required for IE, otherwise it renders the whole tiddler a bold */\na.tiddlyLinkNonExisting.shadow {\n font-weight: bold;\n}\n/*}}}*/\n/***\n''Exceptions to common link styles'' /%------------------------------------------------------------------%/\n***/\n/*{{{*/\n\n#mainMenu .tiddlyLinkExisting, \n#mainMenu .tiddlyLinkNonExisting,\n#sidebarTabs .tiddlyLinkExisting,\n#sidebarTabs .tiddlyLinkNonExisting{\n font-weight: normal;\n font-style: normal;\n}\n\n/*}}}*/\n/***\n!Header /%==================================================%/\n***/\n/*{{{*/\n\n.header {\n position: relative;\n}\n\n.header a:hover {\n background: transparent;\n}\n\n.headerShadow {\n position: relative;\n padding: 4.5em 0em 1em 1em;\n left: -2px;\n top: -2px;\n}\n\n.headerForeground {\n position: absolute;\n padding: 4.5em 0em 1em 1em;\n left: 0px;\n top: 0px;\n}\n\n.siteTitle {\n font-size: 3em;\n}\n\n.siteSubtitle {\n font-size: 1.2em;\n}\n\n/*}}}*/\n/***\n!Main menu /%==================================================%/\n***/\n/*{{{*/\n#mainMenu {\n position: absolute;\n left: 0;\n width: 10em;\n text-align: right;\n line-height: 1.6em;\n padding: 1.5em 0.5em 0.5em 0.5em;\n font-size: 1.1em;\n}\n\n/*}}}*/\n/***\n!Sidebar rules /%==================================================%/\n***/\n/*{{{*/\n#sidebar {\n position: absolute;\n right: 3px;\n width: 16em;\n font-size: .9em;\n}\n/*}}}*/\n/***\n''Sidebar options'' /%----------------------------------------------------------------------------------%/\n***/\n/*{{{*/\n#sidebarOptions {\n padding-top: 0.3em;\n}\n\n#sidebarOptions a {\n margin: 0em 0.2em;\n padding: 0.2em 0.3em;\n display: block;\n}\n\n#sidebarOptions input {\n margin: 0.4em 0.5em;\n}\n\n#sidebarOptions .sliderPanel {\n margin-left: 1em;\n padding: 0.5em;\n font-size: .85em;\n}\n\n#sidebarOptions .sliderPanel a {\n font-weight: bold;\n display: inline;\n padding: 0;\n}\n\n#sidebarOptions .sliderPanel input {\n margin: 0 0 .3em 0;\n}\n/*}}}*/\n/***\n''Sidebar tabs'' /%-------------------------------------------------------------------------------------%/\n***/\n/*{{{*/\n\n#sidebarTabs .tabContents {\n width: 15em;\n overflow: hidden;\n}\n\n/*}}}*/\n/***\n!Message area /%==================================================%/\n***/\n/*{{{*/\n#messageArea {\nposition:absolute; top:0; right:0; margin: 0.5em; padding: 0.5em;\n}\n\n*[id='messageArea'] {\nposition:fixed !important; z-index:99;}\n\n.messageToolbar {\ndisplay: block;\ntext-align: right;\n}\n\n#messageArea a{\n text-decoration: underline;\n}\n/*}}}*/\n/***\n!Popup /%==================================================%/\n***/\n/*{{{*/\n.popup {\n font-size: .9em;\n padding: 0.2em;\n list-style: none;\n margin: 0;\n}\n\n.popup hr {\n display: block;\n height: 1px;\n width: auto;\n padding: 0;\n margin: 0.2em 0em;\n}\n\n.popup li.disabled {\n padding: 0.2em;\n}\n\n.popup li a{\n display: block;\n padding: 0.2em;\n}\n/*}}}*/\n/***\n!Tabs /%==================================================%/\n***/\n/*{{{*/\n.tabset {\n padding: 1em 0em 0em 0.5em;\n}\n\n.tab {\n margin: 0em 0em 0em 0.25em;\n padding: 2px;\n}\n\n.tabContents {\n padding: 0.5em;\n}\n\n.tabContents ul, .tabContents ol {\n margin: 0;\n padding: 0;\n}\n\n.txtMainTab .tabContents li {\n list-style: none;\n}\n\n.tabContents li.listLink {\n margin-left: .75em;\n}\n/*}}}*/\n/***\n!Tiddler display rules /%==================================================%/\n***/\n/*{{{*/\n#displayArea {\n margin: 1em 17em 0em 14em;\n}\n\n\n.toolbar {\n text-align: right;\n font-size: .9em;\n visibility: hidden;\n}\n\n.selected .toolbar {\n visibility: visible;\n}\n\n.tiddler {\n padding: 1em 1em 0em 1em;\n}\n\n.missing .viewer,.missing .title {\n font-style: italic;\n}\n\n.title {\n font-size: 1.6em;\n font-weight: bold;\n}\n\n.missing .subtitle {\n display: none;\n}\n\n.subtitle {\n font-size: 1.1em;\n}\n\n/* I'm not a fan of how button looks in tiddlers... */\n.tiddler .button {\n padding: 0.2em 0.4em;\n}\n\n.tagging {\nmargin: 0.5em 0.5em 0.5em 0;\nfloat: left;\ndisplay: none;\n}\n\n.isTag .tagging {\ndisplay: block;\n}\n\n.tagged {\nmargin: 0.5em;\nfloat: right;\n}\n\n.tagging, .tagged {\nfont-size: 0.9em;\npadding: 0.25em;\n}\n\n.tagging ul, .tagged ul {\nlist-style: none;margin: 0.25em;\npadding: 0;\n}\n\n.tagClear {\nclear: both;\n}\n\n.footer {\n font-size: .9em;\n}\n\n.footer li {\ndisplay: inline;\n}\n/***\n''The viewer is where the tiddler content is displayed'' /%------------------------------------------------%/\n***/\n/*{{{*/\n* html .viewer pre {\n width: 99%;\n padding: 0 0 1em 0;\n}\n\n.viewer {\n line-height: 1.4em;\n padding-top: 0.5em;\n}\n\n.viewer .button {\n margin: 0em 0.25em;\n padding: 0em 0.25em;\n}\n\n.viewer blockquote {\n line-height: 1.5em;\n padding-left: 0.8em;\n margin-left: 2.5em;\n}\n\n.viewer ul, .viewer ol{\n margin-left: 0.5em;\n padding-left: 1.5em;\n}\n\n.viewer table {\n border-collapse: collapse;\n margin: 0.8em 1.0em;\n}\n\n.viewer th, .viewer td, .viewer tr,.viewer caption{\n padding: 3px;\n}\n\n.viewer pre {\n padding: 0.5em;\n margin-left: 0.5em;\n font-size: 1.2em;\n line-height: 1.4em;\n overflow: auto;\n}\n\n.viewer code {\n font-size: 1.2em;\n line-height: 1.4em;\n}\n/*}}}*/\n/***\n''The editor replaces the viewer in the tiddler'' /%------------------------------------------------%/\n***/\n/*{{{*/\n.editor {\nfont-size: 1.1em;\n}\n\n.editor input, .editor textarea {\n display: block;\n width: 100%;\n font: inherit;\n}\n\n.editorFooter {\n padding: 0.25em 0em;\n font-size: .9em;\n}\n\n.editorFooter .button {\npadding-top: 0px; padding-bottom: 0px;}\n\n.fieldsetFix {border: 0;\npadding: 0;\nmargin: 1px 0px 1px 0px;\n}\n/*}}}*/\n/***\n!Misc rules /%==================================================%/\n***/\n/*{{{*/\n.sparkline {\n line-height: 1em;\n}\n\n.sparktick {\n outline: 0;\n}\n\n.zoomer {\n font-size: 1.1em;\n position: absolute;\n padding: 1em;\n}\n\n.cascade {\n font-size: 1.1em;\n position: absolute;\n overflow: hidden;\n}\n/*}}}*/
iWiring offers support agreements to provide ongoing, scheduled systems and network support including guaranteed response time available 24 hours a day. Support contracts may include operating systems (e.g. Mac OS X), Open Source Software products (e.g. Apache, postfix, exim, proftpd), and network components. These agreements offer you specific levels of support to meet your requirements. iWiring also offers pre-packaged Virtual Admin services as well as complete manged support of your systems. You choose the level of support you require from mentoring to manged datacenters and every where in between.\n\n|bgcolor(#d0d0ff): [[View our typical support plans in an overview.|http://iwiring.net/typical_support_plans_v.2006a.pdf]]|\n\n!Basic Annual Support\n* available for Mac OS X, Linux, BSD Unix, Solaris and OpenVMS systems\n* $499.95 / year for a single system\n* unlimited support requests by email\n* best available respsonse (normally same day) durring normal business hours\n* continuing response until resolution\n* dedicated Primary Field Engineer\n* dedicated response channels\n\n* discounts for two or three year agreements \n* optional four hour response times\n* optional 24x7 optional coverage\n\nIncludes a basic systems and network assessment.\nDoes not cover remote services. \n\n[[Order now online!|Now Accepting Support Orders Online! -- Basic Annual Support Agreement]]\n\n!Monthly Service and Support Contracts:\n* starting at $495 / month\n* provides fixed amount of ongoing hourly service and support \n* providing remote systems and network service and support for all your systems and networks\n* best available response (normally same day) during normal business hours\n* email based ticketing of incidents\n* scheduled resolution for incidents with continous response until resolution\n* includes monthly reporting\n* offers "Rollover" hours between months\n* designed to help fix and control service costs\n* can be used to provide for adjunct service and support for your staff\n* can be used to replace or eliminate need for staff\n\n* optional four hour response\n* optional systems monitoring\n* optional 24x7 coverage through our Tactical Operations Center\n\n\n!Incident Based Service and Support\nNo one plans for disasters or unexpected problems. Our incident based support can help you when you need specific additional assistance. Our incident based support options are designed to help you fix and control your costs. We also offer emergency and scheduled incident based support through our 24x7 Tactical Operations Center.\n\n^^Basic Annual or Monthly Support plans required^^\n\n\n!!Standard Support Incidents\n\n* $495 / single incident\n* provides support for most common incidents\n* best available response during normal business hours\n* continous response until resolution\n* also available in discounted 5, 10, and 20 incident packs\n\nOptional 120 minute and 24x7 coverage available for incident packs\n\n^^Basic Annual or Monthly Service and Support plans required^^\n\n\n!~Pre-Paid Service and Support Blocks\nPay for service in advance to fix your costs. Scheduled work orders or "best available" response. Provides for telephone or remote service and support. \n\n| 5 hours | $625 |\n| 10 hours | $1200 |\n| 25 hours | $2750 |\n| 50 hours | $4950 |\n\n^^Basic Annual or Monthly Service and Support plans required^^\n\n\n!Scheduled Remote Service and Support \nAd Hoc and "Time and Materials" based, __starting__ at $125/hr, by arrangement, on a best availability basis. Our systems and network engineers will draft a work order covering the operations to be performed and provide you with an estimate. \n\n^^Basic Annual or Monthly Service and Support plans required^^\n\n\n!Mentoring Service\nStarting at $150/hr, by arrangement, our engineers will provide a complete walk through with one member of your staff durring problem resoultion to assist you in understanding the problem, how to reduce the risk of re-occurance, and how your staff can affect future resolutions.\n\n\n!Emergecy Support Incidents\nNot all support requests are the same. Some incidents need handled immediately. iWiring offers emergency support incidents with terms of service for our existing clients guaranteeing response times specific to your organization's needs. \n\n^^Basic Annual or Monthly Service Support plans required^^\n\n\n!Installation Services\n"Open Source."\n"Free Software."\n[["TANSTAAFL"|http://www.hyperdictionary.com/dictionary/TANSTAAFL]]\n[["Free as in Freedom, not as in Free Beer."|http://www.gnu.org/philosophy/free-sw.html]]\n\nWhile great in concept, the Open Source and Free Software movements aren't a promise of no-cost. They come with a hidden "tax", namely your staff must figure it out and how to make it work for you. This is often a non-trivial process, complete with pitfalls. And that's before you realize that to customize it for your organization requires more work than your schedule permits. Suddenly commercial software with real support looks better. If only you could just buy a "box off the shelf" with the software you need and it "just worked". IBM used to practically give away their complex and impossible to install mainframe software, but then charge you for their "installation services". What about that paradigim today?\n\niWiring can help. We offer Installation Services for most major Open and Free Software projects. Suddenly it's as easy as buying a package off the shelf. We'll install the package for you, configure it for your organization, and can do it for a fixed price. This let's you get back to doing the work that's piled up on your desk, and pleases your boss and bean counter since it looks like you just "bought another software package". Your job is done without any hassle. You become the winner who managed yet another important software installation project at the next staff meeting.\n\nInstallation service and support is provided for software such as operating systems, network hardware, and Open Source technologies such as Apache, Postfix, Exim, ProFTP, VPNs, MySQL, Courier, Cyrus, UW-POP/IMAP/Pine and many other software packages scheduled during normal business hours. Off-hours and priority installation support is also available for organizations where it's required.
SveaSoft's router software turns your $60 Linksys WRT54G or WRT54GS router into a multi-hundred dollar equivalent. Based on Linux it provides ssh and telnet command line access and a Web GUi for configuration. It features VLANs, iptable based firewall rules, powerboosting the WiFi by 900%, QoS and bandwith management, SNMP, remote stats, spliting functions of antenna ports, and much more. Can your Linksys router run top? \n\nOther similar firmware versions, by companies such as EarthLink support IPv6. \n\nhttp://www.sveasoft.com
Short for "Systems Administrators"\n\nSysAdmins are those resposible for the daily care and feeding of an given computer system. They're often system operators who perform routine tasks and all too frequently today may have other primary responsibilities such as manging the office, running their business, or strong secretarial skills. They may perform tasks such as adding new users, deleting old logs, and monitoring file space and other resouces. \n\nThis often differs from [[Systems Managers]] and [[Operations Managers]] who generally have more specific resonsibilities for actually managing the OS. A good anecdote comes from an associate of mine Rob Seastrom (aka RS) who once commented "VMS Systems Managers actually understand computer and operating systems management. Unix SysAdmins basically take out the trash."\n\n''Q'': How many UNIX operators does it take to screw in a light bulb ? \n''A'': 1 to setup the script, \n1 to setup the environment, \n1 to start the deamon, \n1 to start the job, \n1 to kill the job, \n1 to examine the output, \n1 to print the output, \n1 to distribute the output.
We can provide technical assistance and project management of operating system and application upgrades. Our team can assist with integrating new hardware and software to help make any transition as painless and flawless as possible.
We can provide technical assistance and project management of operating system and application upgrades. Our team can assist with integrating new hardware and software to help make any transition as painless and flawless as possible. \n\nWe test new OS releases in our labs, breaking our servers so you don't have to break yours.
iWiring can design and implement highly available solutions for any size environment from single systems to complete datacenters and networking facilities. Our team can also provide experienced operational and administration support locally or remotely depending on your needs. Augment your staff with senior professionals for adjuct support or mentoring. Or our [[Virtual System Admin]] and [[Virtual Network Admin]] products can provide complete remote management of your systems and networks.
If you offer a service or run a server keeping it "up" can be a challenge. Knowing when it's down can be critical. iWiring can monitor your critical systems and networks and take appropriate action to either alert you (by email, telephone, pager, or text message) or work to return the critical componet to service. We can extend monitoring beyond basic "ping tests" to check specific services (such as SMTP, POP, IMAP, web servers, databases, etc) to assure that they're returning the appropriate content (e.g. making sure a web server is responding with the appropriate web page), or that critical system resources (such as disk space) are withing pre-defined operational ranges. \n\nWe also offer extended monitoring for Apple XServe servers for critical factors such as temperature, power, and other metrics. \n\nOur monitoring systems can perform monitoring either remotely (ideal for tests for Internet Services) or locally to your LAN and datacenter (for private services.)
[[Example network diagram|http://iwiring.net/networkarchitectures/T1-muxing.pdf]] demonstrating how a T1 line can be multiplexed.
Background information at:\nhttp://www.onlamp.com/lpt/a/6324\nhttp://dsd.lbl.gov/TCP-tuning/background.html\n\nThe default TCP Windows Sizes on OS X are:\n<<<\nnet.inet.tcp.sendspace: 32768\nnet.inet.tcp.recvspace: 32768\nkern.ipc.maxsockbuf: 262144\n<<<\n\nAdjusting TCP Window Size for EVDO:\n<<<\nnet.inet.tcp.sendspace: 65536\nnet.inet.tcp.recvspace: 65536\nkern.ipc.maxsockbuf: 262144\n<<<\n\nFor FiOS connections:\n<<<\nnet.inet.tcp.sendspace: 131072\nnet.inet.tcp.recvspace: 358400\nkern.ipc.maxsockbuf: 512000\n<<<\n\nAdjusting TCP Window Size for OC3 connections:\n<<<\nnet.inet.tcp.sendspace=1048576\nnet.inet.tcp.recvspace=1048576\nkern.ipc.maxsockbuf=16777216\n<<<\n
<<tabs txtMoreTab \nTimeline Timeline TabTimeline \nAll 'All tiddlers' TabAll \nMissing 'Missing tiddlers' TabMoreMissing \nOrphans 'Orphaned tiddlers' TabMoreOrphans \nShadowed 'Shadowed tiddlers' TabMoreShadowed\n>>
Choose sensible colors for labels to your backup tapes so that they have meaning that can easily be determined when recycling tapes or changing tape sets. \n\n| clear (no label) | new |\n| white | scratch / usable |\n| grey | scratch / temporary use |\n| green | incremental / differential |\n| yellow | full |\n| red | monthly, annual, or periodic retension |\n| black | dead |\n\nNote: Form experience I can say that you also need to make sure you use a shape or symbol as well, I have had colorbind operators ;)
!Technical Notes and Articles\n<<tagging TechNotes>>
!Problem\nYou need to test logging into a SMTP server that supports AUTH\n\n!HOWTO Example\n{{{\n% perl -MMIME::Base64 -e 'print encode_base64("\s000jms1\s@jms1.net\s000not.my.real.password")' \nAGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ=\n\n% telnet 25\n220 a.mx.jms1.net NO UCE ESMTP\nehlo testing\n\n250-a.mx.jms1.net NO UCE\n250-AUTH LOGIN PLAIN\n250-AUTH=LOGIN PLAIN\n250-PIPELINING\n250 8BITMIME\n\nAUTH PLAIN AGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ= \n\n235 go ahead\n}}}\n
{{{\nXX ITS.1168. PWORD.1733.\nTTY 116\n3. Lusers, Fair Share = 23%\nDue to popular demand, TWENEX has been flushed in favor of\nITS. Please update your programs.\n\n*kmp\n*login\nYou must type a ":" before commands\n*:login kmp\nPassword:\nApril Fool!\n\n Job 24 on TTY116 1-Apr-80 13:12\n Previous login: 1-Apr-80 12:19 from host MIT-MC\n End of LOGIN.CMD.4\n@\n}}}
[[TiddlyWiki|http://www.tiddlywiki.com/]] is a JavaScript based Wiki that is self-contained as a single file. \n\nThere is a support group at http://groups.google.com/group/TiddlyWiki for using TiddlyWiki and one for development at http://groups.google.com/group/TiddlyWiki too.
Mac OS X Server 10.4.6 improves server hostname discovery and error reporting. This article summarizes the changes.\n\nhttp://docs.info.apple.com/article.html?artnum=303697\n\n<html><iframe height="500px" width="100%" src="http://docs.info.apple.com/article.html?artnum=303697"></iframe></html>
* "Wallet" tuning (buy performance, has negative scalability)\n* out of box tuning (make adjustments to strip "weight")\n* best practice tuning (use common practices for operations)\n* application tunning (analyze application environment, engineer around)\n* system tuning (analyze system level metrics and call stacks and adjust system to provide more efficient resources)\n
!!Problem\nTime Machine asks you everytime you insert a new disk if you want to use it for Time Machine. \n\n!!Solution\n{{{\ndefaults write com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool YES\n}}}\n\n!!Kudos\nTo AFP548: http://www.afp548.com/article.php?story=20080109213724586
A typical [[VMScluster network diagram|http://iwiring.net/networkarchitectures/VMScluster.pdf]] with both CI and NI nodes, remote users, an HSC style storage.
Please do not top post when replying to support messages, instead bottom post or reply in-line. This helps preserve the proper flow of the discussion and assists in keeping the messages clear as well as preserving the chronology of the discussion which is essential to maintain the history of events for effective support.\n\nIf you don't understand the concepts of top vs bottom vs inline posting please see the Wikipedia: http://en.wikipedia.org/wiki/Top-posting\n\nThe following is quoted from http://www.river.com/users/share/etiquette/ and provides good coverage of this topic:\n\n<<<\nWhen you quote, you're doing it to provide context. Requiring your readers to scroll down and then back, repeatedly (as they attempt to figure out what the heck you're talking about), is a rather difficult way for you to make the context available. Providing the context up-front will get you better results.\n\nThere's no way to build a threaded discussion with top-posting. Top-posting severely inhibits others from understanding the conversation, because the context of the conversation is out of order, as in broken.\n\nIt is far easier for your recipients to follow the ongoing conversation in a message that uses quotes in-line like this:\n{{{\n > Quote of one point\n\n Your response\n\n > Quote of another point\n\n Your response to the second point\n}}}\nthan it is for your readers to follow along if you use top-posting like this (thanks to Adam Brower by way of Patricia Shaffer):\n{{{\n Oh! Now it makes sense to me. Okay! No more\n top-posting for me!\n\n > It's annoying because it reverses the normal\n > order of conversation. In fact, many people\n > ignore top-posted messages.\n \n > > What's so wrong with that?\n \n > > > That's posting your response before\n > > > the message you're quoting.\n \n > > > > People keep bugging me about\n > > > > "top-posting." What does that mean?\n}}}\nor as in this very touching example (from Clifton Sharp):\n{{{\n "I'll see you at Linda's wedding."\n "Well, see ya soon."\n "Congratulations!"\n "Ten thousand a year."\n "How much?"\n "Got a really big raise this time."\n "Sorry to hear it. How's the job?"\n "She's not feeling well. Flu, I think."\n "Same as ever. How's yours?"\n "How's your wife?"\n "They painted her purple. They should call her the Prune Fart now."\n "Good. Did you hear what Martin and Sheila did to the Sea Breeze?"\n "Good, and you?"\n "Bill! How the heck are you?"\n}}}\nTop-posting makes your message incomprehensible to many of your readers. In normal conversation, after all, you don't answer to something that has not yet been said. Replying at the top confuses your readers, making any point you're trying to get across very unclear without them scrolling down and back repeatedly, searching to re-integrate context. That extra, wholly unnecessary work leads to reader irritation, or worse, to readers just not bothering with your words at all.\n\nSince your object is to get your message across, help your readers follow by placing your words in context, not prior to the context. Doing otherwise, forcing your readers to go to extra work unnecessarily, is often irritating, sometimes interpreted as insulting, or in severe cases taken as attempt by you to show your "power". Any way you cut that, delivering your words in an hard to read manner doesn't help your case. Instead, post in-line to preserve context and respect your readers.\n<<<\n\nThe web page at http://www.cs.tut.fi/~jkorpela/usenet/brox.html adds the additional useful point about effective quoting: \n<<<\nThere is also another very important aspect with quoting that shouldn't be underestimated; the quotes should tell what parts of an article you're replying to. Often you have some viewpoints about some parts of an article, and other viewpoints about other parts of it. The best way to solve that is to quote a little bit, come with some comments, quote some more, and then write some comments to that as well. This can't at all be done in a top-posting.\n<<<\n\nLastly the following link provides some humorous examples: http://www.greenend.org.uk/rjk/2000/06/14/quoting.html
!Use ~In-Line Posting to Keep Email Discussions and Contexts Clear\n\n<<tiddler [[Use In-Line Posting to Keep Email Discussions and Contexts Clear]]>>
!Problem\nYou want to perform certain actions in result to changes in the configuration of the system, such as a change in the IP address. \n\n!Solution\nUse Kicker or configd to implement changes\n\nFurther reading:\nhttp://www.afp548.com/article.php?story=20041015131913324\nhttp://www.culater.net/software/SambaX/SambaX.php
In general, when copying files with ACLs the ACLs are not normally reproduced at the target. This could be considered the proper or expected behavior since you are creating whole //new// files that are not the old file. Tools like ditto follow this behavior. \n\nBut what if you want to duplicate a file hierarchy to a target and preserve ACLs?\n\nOne method that works well is to use tar. Under Mac OS X 10.4 "Tiger" tar handles Extended Attributes such are Resource Forks and ACLs. \n\n<<<\nAs of 10.4.6 and 10.4.7 tar crashes trying to copy files with both ACLs and other arbitrarily named Extended Attributes. That is it won't copy both ACLs and any xattr's. It will copy ACLs and Resource Forks which should be good enough for most installations. \n<<<\n\nHere's an example of this in operation:\n\n{{{\n$ mkdir xyzzy\n$ touch xyzzy/file1\n$ touch xyzzy/file2\n$ chmod +a "admin allow read" xyzzy/file2\n$ ls -als xyzzy \ntotal 0\n0 drwxr-xr-x 4 dshoop dshoop 136 May 22 17:48 .\n0 drwxrwx--- 159 dshoop dshoop 5406 May 22 17:47 ..\n0 -rw-r--r-- 1 dshoop dshoop 0 May 22 17:48 file1\n0 -rw-r--r-- + 1 dshoop dshoop 0 May 22 17:48 file2\n$ mkdir target\n \n$ /usr/bin/tar -cvf - xyzzy | /usr/bin/tar -C target -xvf - \nxyzzy/\nxyzzy/file1\nxyzzy/._file2\nxyzzy/file2\nxyzzy/\nxyzzy/file1\nxyzzy/._file2\nxyzzy/file2\n\n$ ls -Rals target\ntotal 0\n0 drwxr-xr-x 3 dshoop dshoop 102 May 22 17:57 .\n0 drwxrwx--- 160 dshoop dshoop 5440 May 22 17:53 ..\n0 drwxr-xr-x 4 dshoop dshoop 136 May 22 17:58 xyzzy\n\ntarget/xyzzy:\ntotal 0\n0 drwxr-xr-x 4 dshoop dshoop 136 May 22 17:58 .\n0 drwxr-xr-x 3 dshoop dshoop 102 May 22 17:57 ..\n0 -rw-r--r-- 1 dshoop dshoop 0 May 22 17:48 file1\n0 -rw-r--r-- + 1 dshoop dshoop 0 May 22 17:48 file2\n}}}\n\nNote that we use "-" to represent stdout and stdin so as to send the data through a pipe without an intermediate file. We also use the -C qualifier to select our target directory (otherwise tar copies relative to our current working directory.) If necessary you may also use -P to include absolute paths relative to the root of the filesystem. \n\nThe above method can also be used to handle remote files by using {{{user@host:/path/to/file}}} syntax. ssh can also be deployed to copy files securely over a network using pipes.
|[img[http://iwiring.net/300px-Vax780_small]]|This is a Digital Equipment Corporation VAX-11/780 SuperMini Computer, much like I used from 1981. With the exception of the older, VT-52 CRT it's pretty typical. You have DECwriterIII LA-120 matrix dot printer with tractor feed as a console, the CPU unit in a dual wide cabinet, a cabinet for the I/O Bus, at least one TE-16 tape drive, and a pair of RP06 removable disk drives. Normally a VT-100 would be found instead of the VT-52.|
[[This diagram|http://iwiring.net/networkarchitectures/VISP.pdf]] demostrates the systems, network and architecture support for virtualized ISP. It provides fault tolerance, high-availability, [[OOB]] management, clustered servers, and a redundant, failover set of master systems to implement a wired and wireless ISP backend.
<<tabs txtFavourite\n"About iWiring" "About iWiring" [[About iWiring]]\nContact "Contact Information" [[Contact]]\nCoolTech CoolTech CoolTechMenuTab\nhumor humor HumorMenuTab\n"News and Announcements" "News and Announcements" [[News and Announcements]]\n"Recent Entries" "Recent" [[Recent Entries]]\n>>\n\n<html><div align="center">\n<img src="http://iwiring.net/images/XServe.jpg">\n</div></html>\n
Before you can begin discussions of backup strategies or backup implementations, your organization first needs to address a Backup Policy. This policy will then drive your backup strategy and answer important questions needed to develop your backup implementations. While not designed to be a Policy template, your policy should address some of the following points:\n{{{\n- Business Continuity Concerns\n Address concerns for continuing business operations and\n protection needs. \n- High Availablity Data\n Requirements and and implementations for keeping data available\n to users through technologies like RAID, redundancy, replication\n and failover. \n- Archival Requirements\n What archival states does source data follow? What compliance\n requriements exist? Is some data maintainable as "volumes". What\n data can be made less available (pushed further offline)?\n- What Needs Backed Up\n Identify the important data in each of the following categories. \n - system files\n - applications\n - data\n - logs\n - user files\n - assets\n- Source File Locations\n - hosts\n - filesystems\n - accessibility\n - sizes\n - atomicy of data\n sometimes large files have small changes, for instance\n databases\n- Backup Operators\n Identify roles of users, maangement, and operations\n - who will back up what files?\n - files from what locations get backed up by whom?\n - what parties are involved in backup operations\n - on-site\n - off-site\n - near-line\n - online\n - role of users\n- Backup Conditions\n - where\n - hosts\n - devices\n - locations\n - when\n - backup window\n - standalone times\n - system state changes\n - why\n - files modified\n - checkpoint snapshots\n - versioning\n - system state images\n - before/after system state changes\n - base os\n - compliance\n- Source Volatility\n - fhow ephemeral is your data\n - frequency of changes\n - importance of changes\n - need for rollback\n - identifying and targeting ephemeral files\n- Recovery Requirements\n - recovery expectations\n - recovery time periods\n - media retrieval\n- Retention\n - archival requirements\n - compliance requirements\n - rotation periods\n- Media Storage\n - media formats\n - capacities required\n - end-of-life\n - compression\n - locations\n - online\n - near-line\n - off-line\n - off-site\n - retrieval times\n - security\n - physical media security\n - data security\n - environmental security\n - cataloging\n}}}
Extended Attributes are file metadata (Finder flags, date stamps, and file type and creator codes, as set by SetFile and obtained by GetFileInfo) and are additional data outside the data stram of the file itself. (See http://developer.apple.com/macosx/backuponmacosx.html)
!!Problem\nYou see one or more wifi or Airport "access points" under "Devices" in the list of available SSIDs. \n\n!!Discussion\nThese aren't wifi access points or base stations which have actual SSIDs but these are IBSS identifiers for peer-to-peer mode networking. This is why the appear under the "Devices" section of the Airport menubar pull down. This type of wifi mode is known as IBSS model or IEEE ad-hoc or peer-to-peer mode (not to be unfused with "ad-hoc mode which is more accurately known as ad-hoc demo mode.)\n\nUnder 802.11 networking "stations" associate with a "service set" and there are five common modes of operation:\n* BSS mode - also known as infrastructure mode, it's how a wifi 'client' associates with an access point. All traffic associates and passes through the access point. This is the normal "client" mode of operations. \n* IBSS mode - IEEE ad-hoc or peer-to-peer mode with operation without an access point where connections between stations are accomplished directly peer-to-peer\n* IBSS master - Also know as Host IBSS mode. In this mode the station takes on part of the role of an access point, though traffic does not pass through it to reach the other stations. When a group of stations are operating in IBSS mode, one of them must be the master, specifying the network name of the service set.\n* host AP - a mode in which the station acts as an access point (base station) for other stations. \n* ad-hoc mode - More accurately known as ad-hoc demo mode. This mode does not require an access point; the adapter communicates with other ad-hoc stations within range on a peer-to-peer basis. Not part of the IEEE 802.11 standard. \n\n!!Answer\nThis is the broadcast IBSS service set used by all Samsung wifi capable printers.
TiddlyWiki doesn't require a database. It doesn't require a server either or any server side processing. So it's totally self-contained.\n\nDokuWiki, http://wiki.splitbrain.org/wiki:dokuwiki, is written in PHP and uses plain text files alone.
Some [[Content Management Systems|http://en.wikipedia.org/wiki/Content_management_system]]:\n* Zope/[[Plone|http://plone.org/]]\n* Vignette StoryServer\n* [[Bricolage|http://en.wikipedia.org/wiki/Bricolage]] (mod_perl (MASON) / Postgres)\n* CoreMedia CMS\n* FatWire\n* IBM DB2 Content Manager\n* Mambo (PHP)\n* [[Etomite|http://www.etomite.org/]]\n\nFurther Links:\n* [[So, What is a Content Management System?|http://www.atlanticwebfitters.ca/VendorNeutralWhitePapers/WhatisaCMS/tabid/146/Default.aspx]]\n* [[Comparison of content management systems|http://en.wikipedia.org/wiki/Comparison_of_content_management_systems]]
Support provides you with assistance through your designated support channels to identify and resolve problems. Service is work that we perform on your behalf, normally remotely or sometimes on-site. While this is dificult to define it's easier to describe through an example:\n<<<\n''Client:'' Our web server is down. We're using the distributed Apache part of OS X Server. \n\n''iWiring:'' Are you receiving an error? What happens if you perform `apachectl configtest`?\n\n''Client:'' After performing the config test we get the following error:\n"Syntax error on line 52 of /etc/httpd/httpd.conf:\nServerType must be either 'inetd' or 'standalone'"\n\n''iWiring:'' It looks as if you're ServerType directive in your httpd.conf file is invalid. \n\n''Client:'' Can you log in remotely and fix this for us? \n\n''iWiring:'' Yes, but that is considered service and requires a service ticket. \n<<<\n\nAt this point the client would be responsible for the cost of the service. This would normally be covered as part of a Monthly Remote Service and Support Agreement (if in effect) or could also be covered through purchase of a Single Service and Support Incident or through pre-paid hourly blocks of time. After the client agrees to open the service ticket a work order is generated and the work scheduled and performed according to the terms of service for the account.
ARD1 uses UDP port 3283\n\nARD2 and later uses both TCP 5900 (VNC) and TCP/UDP 3283 as well as TCP 5988(WBEM), the latter ports for non-screen management and control.\n\nAdditionally you should make sure fragmented packets are permitted through your firewall and/or routers. \n\n5900 TCP\n3283 UDP/TCP\n5988 TCP
Ports 14441-14450
There's a rich history about bugs not being bugs but "the way things are." The Berkeley TCP team, for example, would\nsometimes justify "bugs" in their TCP by pointing out that the original BBN code had the same bug and was therefore the expected behavior.
\nhttp://automator.us/\n\nAnd specific to Automator workflows for ARD:\nhttp://automator.us/ard/
Ars Technica offers a terrific article on what metadata is and how it is used and implemented. While it focuses heavily on the Macintosh platform its concepts and handling of the material are applicable to other platforms as well. \n\nhttp://arstechnica.com/reviews/os/metadata.ars/1\n\n<html><iframe src="http://arstechnica.com/reviews/os/metadata.ars/1" width=100% height=700"></iframe></html>
The following user files should always be stored on local disk volumes:\n* ~/Library\n* ~/.Trash\nThis is re-enforced by noting that Managed Sync Control never syncs these files (by default.)
IP based networks use the Internet Protocol and IP Addresses, i.e. addresses that have IP numbers expressible in either IPv4 or IPv6 notation depending on the version of IP we're discussion. But must all Internet hosts use IP and have IP addresses? Are all Internet networks IP based?\n\nThe answer is "No." The "Internet" is an interconnected set of network of various types that form a common fabric. This was recognized as early as 1972 in INWG Note No. 6, distributed by Donald Davies of NPL which stated “It was agreed [in October] that … networks will probably be different and thus gateways [routers] between networks will be required.” The only real overall consideration is that datagrams move between networks. How that occurs is a responsibility of the gateway or router. In fact the concept is core to the concept of the Internet and IP in general, with routers moving datagrams along appropriate circuits (routes) to a host on the same type of network and a gateway doing the same for disparate networks. The first IP "router" (it was actually a gateway) was developed by BBN to connect satellite and radio based networks to IP based networks and was implemented on a PDP-11 by Virginia Strazasar in 1975. It connected the U.K.'s Atlantic Satellite Network to the ARPAnet (which by then was transitioning to TCP/IP as it's core protocols.)\n\nConsider the following file address {{{farsef!uunet!ucbvax!user@mit.edu:~/path/to/file}}} or the email user {{{shoop@horton.farsef.com}}} which doesn't receive mail via an Internet Protocol connection but instead uses a uucp connection.\n\nIP is just the Internet Protocol, a specific packet format used for IP specific communications across whatever type of lower layers may exist (such as Ethernet, serial lines, or even Carrier Pidgeon (see [[RFC1149|http://www.ietf.org/rfc/rfc1149.txt]] or [[http://en.wikipedia.org/wiki/IP_over_Avian_Carriers|http://en.wikipedia.org/wiki/IP_over_Avian_Carriers]].) Remember that technically Internetworking is traditionally handled by some sort of NCP or IMPs. So long as you can route to other hosts, you're "on" the Internet. \n\nExamine [[this|http://iwiring.net/networkarchitectures/basic_firewall_network_architecture_v101.pdf]] typical network diagram consisting of a gateway/router and DMZ and LAN networks. Since the gatweay attaches to the Internet (fittingly a cloud) it's the gateway's responsibility to provide any network translations necessary to support the network and hosts. While this these days typically always are IP based systems and networks, tradditionally these have included other types of networks, best exemplified in John S. Quarterman's book //The Matrix//, such as SatNet, X.25, BITNET, UUCP, DECnet, and various other networks that have formed the Internet.
Do you really need to reply to everyone while on vacation? Chances are you don’t and the risks outweigh the benefits. \n\nElectronic mail is very much like real mail. Do you have the post office send post cards to everyone that sends you real mail while your away? No. \n\nEmail never assures delivery anyway, and you never know how long any mail, electronic or physical, will sit in someones box or desk before they open it. So why do they need to know there's going to be a delay in your reading the message anyway? If timeliness was the issue pick up the phone don't send an email. If you were the one everyone depended on to protect the nuclear arsenal today, I could understand, but c’mon, you'd also not rely on email for critical communications either. \n\nSome autoresponders can be set up in a smart way - such as sending the reply “only once.” But based on my experience, this is the exception. Most just flip them on and bolt, leaving everyone else to clean up the mess. \n\nLikewise some vacation autoresponders can be set to not send to mailing lists, presumably because they check for list headers, but not all lists use them or are implemented the same and now you're spewing out stupid looking messages to people who could probably care less or are just jealous that you're someplace tropical while they're not. \n\nThey are also just plain annoying. Few people care that your out of the office or on vacation. Why should my mailbox fill up with this auto spam?\n\nLet's look at some other issues...\n* Security\n**Let's announce to the world your away\n**Confirm your existence to spammers and reveal details of your mail services that they can use to their advantage. You've now just contributed to the spam ecconomy. \n* mail loops - yes they happen far too often\n* If it’s broken, or sends tons of replies, it makes you look like a dweeb: Any autoresponder screwup makes you look like a dweeb. Wouldn’t it be better not to send them at all?\n*It makes work for everyone else: Many of us get hundreds of emails per day that we either read or somehow process. You've now added another one.\n\n"But I'm a Very Important Person at work, and if someone needed me for some Very Important Function I tool at then they might need to contact whomever is handling this in my absence so I need to auto-respond to them about that." Possibly true. But if they didn't get a response from you, like say because you got hit by a bus, they'd figure out that in such an "urgent" situation that they'd probably try calling or emailing your co-workers and assistants or other people they have for the tooling you do there. \n\nVoice mail is very different than email and vacation messages are fine there. Though once again there may be security concerns if you've just announced to thieves that youre not going to be home for the week. But if I call you, and I need you, and I wait to HEAR your message, then I asked for it. Details about your absence might help those who REALLY want to reach you, so that’s the place for the info about your fancy trip.
FTP, being a shell, has traditionally permitted, as all shells have, a user to view the entire filesystem. What a logged in user gets as their initial current working directory is another matter, but shells see the entire filesystem.\n\nThis is not a problem, despite the paranoia of many naive sysadmin, because the filesystem should not permit access to files the user should not have access to through the traditional POSIX ownership and permissions model and, on OSen that implement it, ACLs. That is there is no security issues in seeing files they "shouldn't" as a FTP user compared to their user login. \n\nSecurity conscious^H^H^H^H^H^H^H^H^Hparanoid systems managers may sometimes "jail" or "chroot" a shell, so that the user in question sees as the filesystem just a subset of the real filesystem. This generally requires a complete duplication of requisite parts of the filesystem so the user has a complete working environment. (e.g. /bin, /usr/bin, ...) But is all cases the user in a shell, be it csh, bash, ssh or ftp, all see the "whole filesystem" as it exists to the user.\n
OS X Server is supoosed to disconnect idle AFP users. But users that have been idle are still listed in the "Connections" list.\nServerAdmin displays user connection from users you may know are no longer connected. \n\nWhat gives?\n\nThis is covered to some degree in [[Mac OS X Server: Understanding the "disconnect when idle" feature for AFP connections|http://docs.info.apple.com/article.html?artnum=301591]] [http://docs.info.apple.com/article.html?artnum=301591].\n\nBasically the users aren't actually connected. This can be confirmed by looking at the open connections using lsof or netstat. \n\nAFP caches user connections to allow them to rapidly reconnect and maintains a session cache for disconnected users. This permits users on client machines that are asleep, for example, to reconnect very rapidly without having to renegotiate a new login. \n\nYou can disable the cache by following the steps in the Apple TechNote.
Previous to SNow Leopard (OS X 10.6) the Macintosh used a display gamma of 1.8 while Windows used a higher value of 2.0 or 2.2. Why did the Mac use this value?\n\nFrom http://blogs.adobe.com/jnack/2009/09/why_your_web_content_will_look_darker.html\n\nAdobe Principal Scientist Lars Borg provided some perspective. Lars has spent the past 20 years at Adobe defining & driving color management solutions, and lately he's been focused on digital cinema standards. Here's what he said:\n\nIn the distant past, the computer world was colorless, bleak, stark black and white. No one cared about their display gamma, as gamma is irrelevant for displaying only black and white.\nMacintosh, in 1984, introduced us to desktop publishing and to displays with shades of grays. Publishing at that time meant printing presses, and the dot gain of a typical press (then and now) corresponds to a gamma of 1.8. As color management was non-existent at the time (the first color management solutions did not appear until early 1990s, when color displays became more available), Apple's pick of a 1.8 display gamma enabled the Macintosh displays to match the press.\n\nIn early 1990s, the TV industry developed the High-Definition TV capture standard known as ITU Recommendation 709, using a net gamma of around 2. Later, in 1996, IEC put forth a CRT-based display standard (sRGB) for the Web that would match the HDTV capture standard, having a net gamma of around 2.2. sRGB was slowly adopted first in the PC display market, next in the burgeoning digital camera market, and 2.2 became the dominant display gamma.\n\nIs 2.2 the ultimate gamma? No. In 2005, leveraging color science research, the movie studios' Digital Cinema Initiative selected a gamma of 2.6 as providing the best perceptual quality for 12-bit cinema projection. Today, few can afford a true Digital Cinema display at home, but as always prices are falling. Yes, that's what I'll have in my next home theater.\n\nBut, recall VHS versus BetaMax. The VHS format finally died with the last video tape. Gamma 2.2 will not be unseated easily. However, calibrated displays and functional color management will make gamma a moot point. Gamma will be for the Luddites
Periodically some woolly-thinking newbie will posit that a mailing list or other email construct should munge Reply-To email message headers so that when they "reply" to the message that it goes to the list rather than to the sender of the original message. \n\n"The list is broken", says's the noob.\n\nHow is it broken? \n\n"It doesn't add or change the 'Reply-To' header to the list?" they say.\n\nOverwriting Reply-To is wrong and violates numerous RFCs and mailing lists that set Reply-To are considered evil by postmasters and other netizens that have been around for a while long enough to understand how mail was designed to work. If a mailing list sets 'Reply-To', then the sender cannot reply to somebody in private easily, if at all. Often, especially on mailing list, you want to take conversation off the list (perhaps to flame some twit who thinks that mail headers need munged to fit their personal and misguided world-view) and in such cases the sender would then have to do extra work to replace the list address with your email address -- and in some cases it might not even be available. That's dim-witted and lame because that breaks the normally expected functionality of everyone's Mail User Agent.\n\nAlso, the sender may want to send an email message to the list from one address, but want replies to them redirected to a separate address. This is what setting the Reply-To header was designed to do, but overwriting the Reply-To destroys this functionality completely. Who is a mailing list to say where a poster wants their return mail sent? \n\nThink about the above in the analogy of a post office, the exact analogy that the email RFCs were designed to mimic. I might send out a letter from my vacation house but want the reply to go back to my primary residence. So on my letter when I address the envelope I put my vacation house address. Inside, on the message itself, at the top of my letterhead I list the address to which the correspondence is supposed to be sent back to so that when you look at my message you know where I want my mail to go. \n\n"But all the replies I sent went to users personal mailboxes instead of to the list like I wanted", cries the twit. \n\n"Ah, but you hit 'Reply', right? How is this broken? It seems to be exactly what you asked to happen."\n\nMost every MUA has a 'Reply-To-All' button or keystroke. Could it really be that the twit's MUA is missing this critical (and ancient) functionality? Doubtful. More likely they just don't know how to use the mail. \n\n----\n\nFor a more complete and detailed list of reasons please read http://www.unicom.com/pw/reply-to-harmful.html\n\nThe summary of that article is:\n*It violates the principle of minimal munging.\n*It provides no benefit to the user of a reasonable mailer.\n*It limits a subscriber's freedom to choose how he or she will direct a response.\n*It actually reduces functionality for the user of a reasonable mailer.\n*It removes important information, which can make it impossible to get back to the message sender.\n*It penalizes the person with a reasonable mailer in order to coddle those running brain-dead software.\n*It violates the principle of least work because complicates the procedure for replying to messages.\n*It violates the principle of least surprise because it changes the way a mailer works.\n*It violates the principle of least damage, and it encourages a failure mode that can be extremely embarrassing -- or worse.\n*Your subscribers don't want you to do it. Or, at least the ones who have bothered to read the docs for their mailer don't want you to do it.\n\n----\n\nBottom line is Reply-To is a useful and RFC defined header designed for a specific purpose. Those wanting to "reply to all" should use the function in their MUAs designed for just that rather than demand that others or other programs "break" perfectly good functionality just to fulfill their personal beliefs on how they think Internet should work.
!Problem\nYou're trying to work on files that live on a network sharepoint using an application on your local machine to edit these files. The application is something like Adobe Photoshop or Quark XPress.\n\n!Issue\nMost applications are used to working off of files on a local disk. Latency, read/write rates, and other access issues caused by network shares interfere with the application making this problematic.\n\nSpecifically vendors like Adobe do not support such operations. (See references like http://www.adobe.com/support/techdocs/322391.html)\n\n!Solution\nCopy all working files to a local disk and edit them from there.
"ZFS is a new kind of file system that provides simple administration, transactional semantics, end-to-end data integrity, and immense scalability. ZFS is not an incremental improvement to existing technology; it is a fundamentally new approach to data management. We've blown away 20 years of obsolete assumptions, eliminated complexity at the source, and created a storage system that's actually a pleasure to use."\n\n''ZFS Project''\nhttp://www.opensolaris.org/os/community/zfs/
!Problem\nYou want to discard a message awaiting moderator approval from a command line. Mailman has a discard script to discard unwanted messages awaiting approval but no corresponding approve script.\n\n!Solution\nThe following script can be added to /usr/share/mailman/bin or whereever your mailman binaries are located. It's basically a modifed version of `discard`.\n\n{{{\n#! /usr/bin/python\n#\n# Copyright (C) 2003 by the Free Software Foundation, Inc.\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.\n\n"""Approve held messages.\n\nUsage:\n approve [options] file ...\n\nOptions:\n --help / -h\n Print this help message and exit.\n\n --quiet / -q\n Don't print status messages.\n"""\n\n# TODO: add command line arguments for specifying other actions than DISCARD,\n# and also for specifying other __handlepost() arguments, i.e. comment,\n# preserve, forward, addr\n\nimport os\nimport re\nimport sys\nimport getopt\n\nimport paths\nfrom Mailman import mm_cfg\nfrom Mailman.MailList import MailList\nfrom Mailman.i18n import _\n\ntry:\n True, False\nexcept NameError:\n True = 1\n False = 0\n\ncre = re.compile(r'heldmsg-(?P<listname>.*)-(?P<id>[0-9]+)\s.(pck|txt)$')\n\n\n\n\ndef usage(code, msg=''):\n if code:\n fd = sys.stderr\n else:\n fd = sys.stdout\n print >> fd, _(__doc__)\n if msg:\n print >> fd, msg\n sys.exit(code)\n\n\n\n\ndef main():\n try:\n opts, args = getopt.getopt(sys.argv[1:], 'hq', ['help', 'quiet'])\n except getopt.error, msg:\n usage(1, msg)\n\n quiet = False\n for opt, arg in opts:\n if opt in ('-h', '--help'):\n usage(0)\n elif opt in ('-q', '--quiet'):\n quiet = True\n\n files = args\n if not files:\n print _('Nothing to do.')\n\n # Mapping from listnames to sequence of request ids\n approvals = {}\n\n # Cruise through all the named files, collating by mailing list. We'll\n # lock the list once, process all holds for that list and move on.\n for f in files:\n basename = os.path.basename(f)\n mo = cre.match(basename)\n if not mo:\n print >> sys.stderr, _('Ignoring non-held message: %(f)s')\n continue\n listname, id = mo.group('listname', 'id')\n try:\n id = int(id)\n except (ValueError, TypeError):\n print >> sys.stderr, _('Ignoring held msg w/bad id: %(f)s')\n continue\n approvals.setdefault(listname, []).append(id)\n\n # Now do the approvals\n for listname, ids in approvals.items():\n mlist = MailList(listname)\n try:\n for id in ids:\n # No comment, no preserve, no forward, no forwarding address\n mlist.HandleRequest(id, mm_cfg.APPROVE, '', False, False, '')\n if not quiet:\n print _('Approved held msg #%(id)s for list %(listname)s')\n mlist.Save()\n finally:\n mlist.Unlock()\n\n\n\n\nif __name__ == '__main__':\n main()\n}}}\n\nMake sure to `chmod a+x` the script.\n\nYou can now invoke it pointing to a message to approve something like:\n{{{\n# /usr/share/mailman/bin/approve /private/var/mailman/data/heldmsg-somelistname-messagenumber.pck\n# /usr/share/mailman/bin/approve /private/var/mailman/data/heldmsg-byu-support-21.pck\n}}}
{{{\ndsenableroot(8) BSD System Manager's Manual dsenableroot(8)\n\nNAME\n dsenableroot -- enables or disables the root account.\n\nSYNOPSIS\n dsenableroot [-d] [-u username] [-p password] [-r rootPassword]\n\nDESCRIPTION\n dsenableroot sets the password for the root account if enabling the root\n user account. Otherwise, if disable [-d] is chosen, the root account\n passwords are removed and the root user is disabled.\n\n A list of flags and their descriptions:\n\n -u username\n Username of a user that has administrative privileges on this\n computer.\n\n -p password\n Password to use in conjunction with the specified username. If\n this is not specified, you will be prompted for entry.\n\n -r rootPassword\n Password to be used for the root account. If this is not speci-\n fied for enabling, you will be prompted for entry.\n\nEXAMPLES\n -dsenableroot\n Your username will be used and you will be queried for both your\n password and the new root password to be set to enable the root\n account.\n\n -dsenableroot -d\n Your username will be used and you will be queried for only your\n password to disable the root account.\n\n -dsenableroot -u username -p userpassword -r rootpassword\n The supplied arguments will be used to enable the root account.\n\n -dsenableroot -d -u username -p userpassword\n The supplied arguments will be used to disable the root account.\n\nMac OS August 08 2003 Mac OS\n}}}
/***\nThe iFrame plugin works surprisingly well, given how extremely simple it is. Usage: {{{<<iFrame "http://www.ajax.com" height>>}}} where the optional height parameter defaults to 600 pixels, as you can clearly see.\n***/\n//{{{\nconfig.macros.iFrame = {\n handler: function (place,macroName,params,wikifier,paramString,tiddler) \n {\n var theFrame = document.createElement("IFRAME");\n theFrame.src = params[0];\n theFrame.height = params[1] ? params[1] : 600;\n theFrame.width = "100%";\n theFrame.frameBorder = 0;\n place.appendChild(theFrame);\n }\n}\n//}}}
The following perl code prints files in a given iTunes Library and determines duplicates by md5 hash. \n\n{{{\nusage: \n ./iTuneLister < "/path/to/iTunes Music Library.xml" 2> missingfiles_and_errors\n}}}\n\n{{{\n#!/usr/bin/perl\n\n%hash = ();\n%count = ();\n\n$cnt = 0;\n\nprint "Files\sn-----\sn\sn";\n\nwhile (<>) {\n if ($_ =~ /localhost(.*)<\s//) {\n my $f = $1;\n $f =~ tr/+/ /;\n $f =~ s/%([a-fA-F0-9]{2,2})/chr(hex($1))/eg;\n $f =~ s/&#38;/&/g;\n #$f =~ s/<!--(.|\sn)*-->//g;\n \n $md5 = `md5 \s"$f\s"`;\n $md5 =~ /= (.*)/;\n $md5 = $1;\n if ($md5 ne "20") {\n print "$md5 $f\sn";\n push (@{$hash{$md5}}, $f);\n $count{$md5}++;\n }\n }\n}\n\nprint "Duplicates\sn----------\sn\sn";\n\nforeach $m (sort keys %hash) {\n if ($count{$m} > 1) {\n print "$m\sn";\n @files = @{$hash{$m}};\n foreach $i (@files) {\n print " $i\sn";\n }\n print "\sn\sn";\n } \n}\n\n}}}
The ktrace and kdump utilities provide kernel traceback and debugging information from Mac OS X's Mach kernel. These are documented in their man pages and additonal useful information can be found in the source code. \n\nThe FreeBSD man pages is located at:\nhttp://www.freebsd.org/cgi/man.cgi?query=kdump&sektion=1&apropos=0&manpath=FreeBSD+6.0-RELEASE+and+Ports\nhttp://www.freebsd.org/cgi/man.cgi?query=ktrace&sektion=1&apropos=0&manpath=FreeBSD+6.0-RELEASE+and+Ports\n\nA ktrace parser is available at:\nhttp://girtby.net/offerings/ktrace-parser/
You can use launchd to invoke rsync daemon using the following LaunchDaemon plist file from http://www.designsolution.co.uk/resources/rsync/\n\nFile rsync.plist:\n{{{\n<?xml version="1.0" encoding="UTF-8"?>\n<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">\n<plist version="1.0">\n<dict>\n <key>Disabled</key>\n <false/>\n <key>Label</key>\n <string>rsync</string>\n <key>Program</key>\n <string>/usr/bin/rsync</string>\n <key>ProgramArguments</key>\n <array>\n <string>/usr/bin/rsync</string>\n <string>--daemon</string>\n </array>\n <key>inetdCompatibility</key>\n <dict>\n <key>Wait</key>\n <false/>\n </dict>\n <key>Sockets</key>\n <dict>\n <key>Listeners</key>\n <dict>\n <key>SockServiceName</key>\n <string>rsync</string>\n <key>SockType</key>\n <string>stream</string>\n </dict>\n </dict>\n</dict>\n</plist>\n}}}
[[pfsense]] is an open source firewall project derived from OpenBSD and FreeBSD OSen and featuring ALTQ traffci shapping and IF_BRIDGEing, load balancing pools, multiple WAN interface support, the pf packet filter, CARP for failover and clustersyncing, IPSEC, FTP proxying, VLANs and more. It can run on communications processor boards like those from [[Soekris Engineering|http://www.soekris.com/]].\n\nhttp://www.pfsense.org/
The following piece of code demonstrates how to use SIPS, a built in feature of Mac OS X, to resize images on the fly. \n\nPlease note that the following is a proof of concept and if put into production should have some form of checking to prevent command injection. \n\n{{{\n#!/usr/bin/perl\n\n#\n# sizeimage.cgi\n#\n# Written by Dan Shoop <shoop@iwiring.net>\n# Subject to the Creative Commons License\n# Some Rights Reserved\n#\n# Version a1.0a\n#\n# Usage example as URL:\n# http://[user[:passwd]@]host[:port][/dir/]sizeimage.cgi?img={file}$size={pixels}\n# Usage is also available at the command line, but is superfluous.\n# \n# _Description_\n# Output an image (inline) of most any known type (jpeg, pict, tiff, ... psd !!) \n# as a jpeg resized at the size requested using Mac OS X's SIPS facility to \n# mogrify the image. This is then requested using Mac OS X's SIPS facility to \n# mogrify the image. Useful when using an image tag in html such as \n# <img src="/cgi-bin/sizeimage.cgi?img=imagefile.pct&size=150">\n# in a web page or other URL, which would produce a thumbnail on the fly. \n# Likewise one could keep full resolution files on a server and dynamically \n# generate both thumbnails and images for a gallery. \n#\n# _History_\n# a1.0a 20041008-dhan Initial proof of concept\n#\n\nuse CGI qw/:standard/;\nuse CGI::Carp 'fatalsToBrowser';\n\n$query = new CGI;\n\n$imageFile = $query->param('img');\n$size = $query->param('size');\n\n$r = rand 100; $t = time;\n$tmpFile = "/tmp/sizeimage_cgi_$t$r.jpg";\n\nprint header( -type=>'image/gif',\n -whoami=>'macosx-sizeimage.CGI',\n -author=>'shoop(at)iwiring(dot)net' );\n`sips -Z $size --out $tmpFile -s format jpeg $imageFile`;\nprint(`cat $tmpFile`);\n`rm $tmpFile`;\n\n# One could improve this with caching by changing of $tmpfile to a more\n# predictable name (e.g. "$cachedir/$size/imagefile) and then checking for\n# it's existance first and if so just cat'ing it. \n\n# One could also improve on the use of execs by replacing the cat and rm with\n# more perl-esque methods. \n}}}\n
!Problem:\n\nYou're on a machine, Alice, which is behind a firewall and need access to a port on Bob that is blocked by the firewall but you do have ssh access to Charlie which can access the port on Bob. \n\nThat is the following does not work, there's no access to Bob on the required port:\n{{{\nAlice-----> | Firewall | Bob\n}}}\nThe following does work:\n{{{\nAlice-----> | Firewall | Bob\n | ^\n | |\n | |\n +-------> Charlie\n}}}\n\n\nAdditionally you'd welcome if this could be done securely. \n\n!Solution\n\nCreate a ssh tunnel through server Charlie which forwards a local port on your host Alice through Charlie with Charlie the forwarding to Bob. Charlie must have access to the port on Bob and you must have ssh access to Charlie, the middle-man. \n\n{{{\n$ ssh -f remoteuser@charlie -L 1234:bob:25 -N\n}}}\n\nThe above command logins into Charlie (using a username you have there) and which has access to port 25. You can then connect to port 1234 on Alice and it will effectively be connecting to port 25 on Bob. \n\n!Discussion:\n\nthe -f qualifier tells ssh to drop from the foreground to th background, and the -N qualifier tells ssh not to execute a remote command, or shell, on the machine Charlie. This will drop you back to to your local shell so you can continue in your local shell. To connect to Bob on port 25 connect to port 1234 on localhost ( \n\nNote that Charlie's sshd could run on some non-standard ssh port, like port 80, which is normally open through firewalls. If you have this set up ahead of time you'll always have a way to punch out behind those pesky, restrictive firewalls. \n\nAlso note that if Bob and Charlie are on some NAT'ed or private network where Bob's ports are blocked you effectively have access to the remote internal network. \n\n\n!Further Reference\n\nThe following article provides a nice graphical picture of this process in action, but note that we've improve it above by adding the -f and -N flags. \n\nhttp://www.debuntu.org/2006/04/08/22-ssh-and-port-forwarding-or-how-to-get-through-a-firewall
Under Mac OS X Tiger tar now, supposedly, properly handles HFS+ filesystems. Is this the case?\n\n!!Findings:\n\n* ACLs stored and restored but modified in structure\n* Extended Attributes generate error on creation of tarball, aren't restored\n* symlink ownership changes\n* creation dates maintained\n* bsd flags are lost\n\n\n!!Evidence:\n\nGenerate some files with various properties\n{{{\nooblek:~/xyzzy dshoop$ touch file\nooblek:~/xyzzy dshoop$ touch fileacl\nooblek:~/xyzzy dshoop$ chmod +a "admin allow read" fileacl\nooblek:~/xyzzy dshoop$ touch filebsdflags\nooblek:~/xyzzy dshoop$ sudo chflags arch filebsdflags \nPassword:\nooblek:~/xyzzy dshoop$ touch filexattr\nooblek:~/xyzzy dshoop$ xattr --set color blue filexattr \nooblek:~/xyzzy dshoop$ sudo ln -s file filesymlink\nooblek:~/xyzzy dshoop$ ls -alseo\ntotal 8\n0 drwxr-xr-x 7 dshoop dshoop - 238 Jun 27 14:59 .\n0 drwxrwx--- 170 dshoop dshoop - 5780 Jun 27 14:56 ..\n0 -rw-r--r-- 1 dshoop dshoop - 0 Jun 27 14:57 file\n0 -rw-r--r-- + 1 dshoop dshoop - 0 Jun 27 14:57 fileacl\n 0: group:admin allow read\n0 -rw-r--r-- 1 dshoop dshoop arch 0 Jun 27 14:57 filebsdflags\n8 lrwxr-xr-x 1 root dshoop - 4 Jun 27 14:59 filesymlink -> file\n0 -rw-r--r-- 1 dshoop dshoop - 0 Jun 27 14:58 filexattr\nooblek:~/xyzzy dshoop$ xattr --list *\nfile\nfileacl\nfilebsdflags\nfilesymlink\nfilexattr\n color blue\n}}}\n\nCreate tarball of files\nNote error generated on file with xattr!\n{{{\nooblek:~/xyzzy dshoop$ /usr/bin/tar -cvf ../xyzzy.tar ./\n./\n./file\n./._fileacl\n./fileacl\n./filebsdflags\n./filesymlink\n/usr/bin/tar: /tmp/tar.md.foSgCs: Cannot stat: No such file or directory\n./filexattr\n/usr/bin/tar: Error exit delayed from previous errors\n}}}\n\nList tarball\nNote Apple Double created only for file with ACL!\n{{{\nooblek:~/xyzzy2 dshoop$ cd ../ \nooblek:~ dshoop$ /usr/bin/tar -tvf xyzzy.tar \ndrwxr-xr-x dshoop/dshoop 0 2006-06-27 14:59:01 ./\n-rw-r--r-- dshoop/dshoop 0 2006-06-27 14:57:15 ./file\n-r-------- dshoop/wheel 223 2006-06-27 14:57:18 ./._fileacl\n-rw-r--r-- dshoop/dshoop 0 2006-06-27 14:57:18 ./fileacl\n-rw-r--r-- dshoop/dshoop 0 2006-06-27 14:57:44 ./filebsdflags\nlrwxr-xr-x root/dshoop 0 2006-06-27 14:59:01 ./filesymlink -> file\n-rw-r--r-- dshoop/dshoop 0 2006-06-27 14:58:24 ./filexattr\n}}}\n\nExtract tarball\n{{{\nooblek:~ dshoop$ mkdir xyzzy2\nooblek:~ dshoop$ /usr/bin/tar -xv --preserve --atime-preserve -f xyzzy.tar -C xyzzy2/\n./\n./file\n./._fileacl\n./fileacl\n./filebsdflags\n./filesymlink\n./filexattr\n}}}\n\nNote changed symlink ownership, missing BSD flags. \n{{{\nooblek:~ dshoop$ ls -alseo xyzzy2\ntotal 8\n0 drwxr-xr-x 7 dshoop dshoop - 238 Jun 27 15:10 .\n0 drwxrwx--- 171 dshoop dshoop - 5814 Jun 27 15:08 ..\n0 -rw-r--r-- 1 dshoop dshoop - 0 Jun 27 14:57 file\n0 -rw-r--r-- + 1 dshoop dshoop - 0 Jun 27 14:57 fileacl\n 0: group:admin allow read\n0 -rw-r--r-- 1 dshoop dshoop - 0 Jun 27 14:57 filebsdflags\n8 lrwxrwxrwx 1 dshoop dshoop - 4 Jun 27 15:10 filesymlink -> file\n0 -rw-r--r-- 1 dshoop dshoop - 0 Jun 27 14:58 filexattr\n}}}\n\nNote changed xattr structure on ACL and missing xattr on filexattr\n{{{\nooblek:~ dshoop$ xattr --list xyzzy2/*\nxyzzy2/file\nxyzzy2/fileacl\n com.apple.acl.text !#acl 1\ngroup:ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050:admin:80:allow:read\n\nxyzzy2/filebsdflags\nxyzzy2/filesymlink\nxyzzy2/filexattr\nooblek:~ dshoop$ xattr --list xyzzy/*\nxyzzy/file\nxyzzy/fileacl\nxyzzy/filebsdflags\nxyzzy/filesymlink\nxyzzy/filexattr\n color blue\n}}}\n\nNote creation date was properly restored\n{{{\nooblek:~ dshoop$ /Developer/Tools/GetFileInfo xyzzy/file\nfile: "/Volumes/OoblekData/dshoop/xyzzy/file"\ntype: ""\ncreator: ""\nattributes: avbstclinmedz\ncreated: 06/27/2006 14:57:15\nmodified: 06/27/2006 14:57:15\nooblek:~ dshoop$ /Developer/Tools/GetFileInfo xyzzy2/file\nfile: "/Volumes/OoblekData/dshoop/xyzzy2/file"\ntype: ""\ncreator: ""\nattributes: avbstclinmedz\ncreated: 06/27/2006 14:57:15\nmodified: 06/27/2006 14:57:15\n}}}\n
!Problem\nYou wish to wait until a specific file path (say a volume or directory) becomes available or exists. You could loop/sleep/wait/loop but this is inefficient. \n!Solution\nUse wait4path which uses the diskarbitration in OS X to check for a path and will sleep until the mount tables change efficiently. \n\n!wait4path\n{{{\nNAME\n wait4path -- wait for given path to show up in the namespace\n\nSYNOPSIS\n wait4path <path>\n\nDESCRIPTION\n The wait4path program simply checks to see if the given path exists, and\n if so, it exits. Otherwise, it sleeps until the mount table is updated\n and checks again. The program will loop indefinitely until the path shows\n up in the file system namespace.\n}}}