2005-02-25

Automatically back up your LDAP database

Here's the script I use to automatically back up the LDAP database on 10.3 Server. If you stick it into /etc/periodic/daily, the system cron jobs will run it automatically for you when they do the other system maintenance jobs. Don't forget to chmod +x it once you're done editing the script.

You can download the script from here.


#! /bin/bash
#
# Usage: put this into /etc/periodic/daily as something like 800.backup_LDAP
# and the stock Apple cron jobs will run it automatically every day.
#
# Copyright 2004 J. P. Block
#
# This is released under the BSD license, but please send me any
# modifications so I can update the released version.

source /sw/bin/init.sh

# how many days we keep backups for
DAYLIMIT=30

STAMP=`date +%Y-%m-%d-%H%M%S`
DESTDIR=/usr/local/backups/OSXServerDirectoryService

# ensure the destination exists
mkdir -p $DESTDIR

tar cvf $DESTDIR/DirectoryService_$STAMP.tar /Library/Preferences/DirectoryService
gzip -9v $DESTDIR/DirectoryService_$STAMP.tar
chmod 400 $DESTDIR/DirectoryService_$STAMP.tar.gz

# backup LDAP
/usr/sbin/slapcat -l $DESTDIR/slapcat_$STAMP.ldif -f /etc/openldap/slapd.conf
gzip -9v $DESTDIR/slapcat_$STAMP.ldif

# Backup password server
mkdir -p $DESTDIR/mkpassdb
mkpassdb -backupdb $DESTDIR/mkpassdb
tar cvf $DESTDIR/passdb_$STAMP.tar $DESTDIR/mkpassdb
gzip -9v $DESTDIR/passdb_$STAMP.tar
rm -fr $DESTDIR/mkpassdb

find $DESTDIR -mtime +$DAYLIMIT -exec rm '{}' ';'

Andre Norton ill

>From Laura J. Underwood's post at the Knoxville Speculative Fiction Association's newsgroup today:

"Word from Sue Stewart is that Andre has been released from the hospital so she can go home and pass away peacefully in the company of her cats and the people who take care of her.

Ms. Norton contracted a serious case of flu and bronchitis, and was under a high fever for a while. She spent her 93rd birthday in the hospital. The fever broke, and for a time she seemed to be getting better and was even eating and talking about going home, and looking forward to the publication of her next book (due out in April, I think), but word is that she is still battling illness, and getting tired, and not doing well.

Still, Sue Stewart has asked that people please send cards and letters and flowers.

The address is below:

Andre Norton
1007 Herron Street
Murfreesboro, TN 37130

2005-02-24

Nesting of folders has exceeded the recommended limit of 100

If Disk Utility reports Nesting of folders has exceeded the recommended limit of 100, you can find the offending folders by opening a Terminal window and typing

sudo find / -maxdepth 100 -mindepth 100

The last few times I had people report this error to me, they turned out to have an old version of Vapor on their machine.

2005-02-21

Former White House cybersecurity advisor Richard Clarke rips Microsoft over security


"Given their record in the security area, I don't know why anybody would buy from them"

Read more in the Seattle Post-Intelligencer article here.

TwoFingerScrolling Update

I've gotten some feedback from Joe Stroller with some modifications to the TwoFingerScrolling startup script. I'm also posting a tarball of the updated StartupItem at http://apesseekingknowledge.net/packages/TwoFingerScrolling.tar.gz to make it simpler to use.

These instructions assume that you're comfortable enough using Terminal to edit files with a command line editor like vi or emacs, and that you know how to boot into single user mode and remove the StartupItem if you have a problem.

All you need to do now is

  1. Download the tarball from here.
  2. Extract it
  3. Download the latest version of the kext from Daniel Becker's site here
  4. Put the extracted kext file into the StartupItem folder you got from step 2 above
  5. If it doesn't already exist, create a folder in /Library named StartupItems.
  6. Move the TwoFingerScrolling directory to /Library/StartupItems. If it is not named TwoFingerScrolling exactly, it will not load.
  7. In a Terminal window, edit /System/Library/StartupItems/LoginWindow/StartupParameters.plist and change the line that reads Requires = ("Disks", "SecurityServer"); to Requires = ("Disks", "SecurityServer", "TwoFingerScrolling");. This forces LoginWindow to not start until the new kext is loaded.

You're all set.

For those of you who want to see the new script, here it is:


#!/bin/sh
#
# Load Daniel Becker's modified Trackpad Driver on recent PowerBooks and iBooks
# This is released under a BSD license.
# By J. P. Block
# and Joe Stroller

. /etc/rc.common

# http://www.macdevcenter.com/pub/a/mac/2003/10/21/startup.html says:
# The StartupItems specification requires that the executable file
# has the same name as the subdirectory that contains it and that the
# executable is in the root level of subdirectory.
#
# But since Joe User might choose to run this script manually
# (for testing or otherwise), we can't rely on $PWD and have
# to define the /path/to/the.kext programatically

MYDIR="${0%/*}"

if [ "$UID" != "0" ]
then
echo "Only root can load or unload kernel modules."
exit 1
fi

# Check to make sure we have a patched driver to load, or bad things will
# happen when we unload the original driver and can't find the patched driver
# to replace it.

if [ ! -d "$MYDIR/AppleADBMouse.kext" ]; then
ConsoleMessage "No patched AppleADBMouse.kext found."
exit 0
fi

# We have to source Apple's /etc/rc.common in order to get the ConsoleMessage
# function, but it breaks the below:
#
#if [ -z "$1" ]
#then
# echo "ERROR! This script requires a commandline argument, silly!"
#fi

# You don't have to be drunk to write Bash scripts on a Macintosh, but it helps!
#
ConsoleMessage ""
ConsoleMessage ' * If you see a message below saying "$1: unbound variable"'
ConsoleMessage " * It probably means $0 "
ConsoleMessage ' * has been called without a parameter (like "start" or "stop")'
ConsoleMessage " * "
ConsoleMessage " * If this message annoys you then please bitch to (IE file a"
ConsoleMessage " * bug report with) Apple, compaining that their /etc/rc.common"
ConsoleMessage " * functions break standard Bash syntax like: "
ConsoleMessage ' * if [ -z "$1" ] ; then echo "missing parameter" ; fi '
ConsoleMessage ""

case "$1" in
start)

ConsoleMessage "Loading Two Finger Scrolling"
# make sure the permissions are correct on it before we load it
chown -R root:wheel $MYDIR/AppleADBMouse.kext
kextunload -b com.apple.driver.AppleADBMouse && kextload $MYDIR//AppleADBMouse.kext
;;
stop)

ConsoleMessage "Stopping Two Finger Scrolling"
kextunload $MYDIR/AppleADBMouse.kext && kextload /System/Library/Extensions/AppleADBMouse.kext
;;
*)
echo "Neither \"Start\" nor \"Stop\" are spelled \"$1\""
;;
esac

exit 0

2005-02-19

Smart Water

Basically, invisible paint with unique microdots in it. The idea is you paint your stuff with it, and when the police find stolen stuff, they can figure out who owns it. Of course it only took about ten seconds for Bruce Schneier to point out the obvious problem in his blog - just paint someone else's stuff and call the cops.

2005-02-15

Activating Two Finger Scrolling on each boot with a StartupItem

Daniel Becker has modified Apple's trackpad driver kext to enable Two-Finger Scrolling on older PowerBooks and iBooks. Download the kext from http://www-users.kawo2.rwth-aachen.de/~razzfazz/.

I want to keep the original kext where it is so future system updates don't have issues if Apple decides to update the system kext, but I also want to automatically load Daniel's improved driver every boot, so I wrote a StartupItem to take care of it for me.

These instructions require a working knowledge of using Terminal and CLI editors like vi or emacs.


  1. open Terminal and make a new directory called TwoFingerScrolling.
  2. Use your favorite editor to create a new shell script in the new directory, also called TwoFingerScrolling. Paste the following content into the script:

    #!/bin/sh
    #
    # Load Daniel Becker's modified Trackpad Driver on recent PowerBooks and iBooks
    # This is released under a BSD license.
    # By J. P. Block <jpb@apesseekingknowledge.net>

    . /etc/rc.common

    export PATH=$PATH:/sw/bin:/sw/sbin
    export TFSKEXT=/path/to/your/work/dir/TwoFingerScrolling/AppleADBMouse.kext
    # When you are done testing, comment out the line above this, and uncomment the next line
    #export TFSKEXT=/Library/StartupItems/TwoFingerScrolling/AppleADBMouse.kext

    # Check to make sure we have a patched driver to load, or bad things will happen when we unload
    # the original driver and can't find the patched driver to replace it.
    #
    f [ ! -d $TFSKEXT ]; then
    ConsoleMessage "No patched AppleADBMouse.kext found."
    exit 0
    fi

    case "$1" in
    start)

    ConsoleMessage "Loading Two Finger Scrolling"
    # make sure the permissions are correct on it before we load it
    chown -R root:wheel $TFSKEXT
    kextunload -b com.apple.driver.AppleADBMouse && kextload $TFSKEXT
    ;;
    stop)

    ConsoleMessage "Stopping Two Finger Scrolling"
    /usr/bin/logger "Stopping Two Finger Scrolling"
    kextunload $TFSKEXT && kextload /System/Library/Extensions/AppleADBMouse.kext
    ;;
    esac

    exit 0

  3. StartupItems also need a plist file to work. Create a file in the directory you created called StartupParameters.plist and paste the following contents into it:

    {
    Description = "Two Finger Scrolling";
    Provides = ("TwoFingerScrolling");
    Requires = ("Network");
    OrderPreference = "Last";
    Messages =
    {
    start = "Starting Two Finger Scrolling";
    stop = "Stopping Two Finger Scrolling";
    restart = "Restarting Two Finger Scrolling";
    };
    }

  4. chown +rx TwoFingerScrolling/TwoFingerScrolling We have to mark the script as executable, or it won't work.
  5. Copy the AppleADBMouse.kext you downloaded from Daniel's site into the TwoFingerScrolling directory.
  6. sudo chown -R root:wheel ./AppleADBMouse.kext

    Do NOT move this into /Library/StartupItems yet! We want to make sure it is working and you have all your permissions correct before trying to boot with the new StartupItem, or it will kernel panic your system every time you boot.

    To test it, close all your applications except Terminal, then, in Terminal, cd into the TwoFingerScrolling directory you've been working in and do sudo ./TwoFingerScrolling start

    If you have done everything right, you should now be able to do two finger scrolling. If you haven't, your computer just crashed, and you should be glad you didn't set it up to load the broken StartupItem every boot.


Presuming it worked, you can now install it as a boot item.

  1. In Terminal, type ls /Library/StartupItems. If it tells you there is no such file or directory, do sudo mkdir /Library/StartupItems
  2. cd to the directory containing the TwoFingerScrolling directory you made and filled in the previous set of instructions.
  3. type sudo mv TwoFingerScrolling /Library/StartupItems/TwoFingerScrolling
  4. UPDATE: edit the script per comments so TFSKEXT is set to the correct directory, /Library/StartupItems/TwoFingerScrolling to find the modified kext. If you do not edit the script, it will not load your new driver.
  5. Finally, we have to get LoginWindow to wait for the new kext to load, or you're going to have a kernel panic if you touch the trackpad as the switchout takes place. To do this, edit /System/Library/StartupItems/LoginWindow/StartupParameters.plist and change the line Requires = ("Disks", "SecurityServer"); to Requires = ("Disks", "SecurityServer", "TwoFingerScrolling");


Your system is now set up to automatically load the new driver every boot.

How to set up a local fink repository

I have one of our G5s set up to be the apt repository for the machines at my day job. It's running 10.3 client, so I added a file, /etc/httpd/users/fink with the following contents:


Alias /fink /sw/fink

<Directory /sw/fink>
Options Indexes FollowSymLinks
</Directory>


I did this as a separate user file rather than edit /etc/httpd/httpd.conf to prevent future OS updates from breaking my apt repository. If you're running the repository on OS X Server, I believe you need to put the file in /etc/httpd/sites, and the file name may need to be tweaked to avoid confusing the GUI tools.

To get client machines to use the repository, I added the following lines at the beginning of /sw/etc/apt/sources.list (change finkmachine to the machine name of your repository):


deb http://finkmachine.local./fink stable main crypto
deb http://finkmachine.local./fink unstable main crypto


It was cool to discover that apt would deal with rendezvous names painlessly.

Now all you have to do is remember to do fink scanpackages after you build anything new on the repository, and your clients can just apt-get update;apt-get upgrade periodically to stay up to date.

2005-02-11

Two-Finger Scrolling with older PowerBooks and iBooks

Daniel Becker's modified Apple's trackpad driver kext to enable Two-Finger Scrolling on older PowerBooks and iBooks. Download the kext from http://www-users.kawo2.rwth-aachen.de/~razzfazz/.

Setting up Rendezvous Bookmarks on Mac OS X

This actually turns out to be fairly simple, if you're using the Apache Apple shipped. Conveniently enough, the default configurations for both Client and Server (as of 10.3) include all conf files found in /etc/httpd/users (on Client machines) or /etc/httpd/sites (on Server).

All you have to do is create a new file (I called mine rendezvous.conf) in the appropriate directory, with the following content.


<IfModule mod_rendezvous_apple.c>
# Only the pages of users who have edited their
# default home pages will be advertised on Rendezvous.
# RegisterUserSite customized-users
#RegisterUserSite all-users

# Rendezvous advertising for the primary site is off by default.
#RegisterDefaultSite

RegisterResource "Foo Bookmark text as shown in menus" /foo
Redirect /foo http://www.foo.com

RegisterResource "Bar Bookmark text" /bar
Redirect /bar http://www.bar.com

</IfModule>


Now all you need to do is sudo apachectl graceful and the bookmarks you added to this file should show up in the Rendezvous submenu of the Bookmarks menu for people on your LAN.

2005-02-10

Quark 4 and OS X Issues

We run 4.11 under Classic at my work every day, unfortunately. There are a few issues to work around.

First, it won't work if the user running it doesn't own the folder and have write permission on all of the files in it. On the plus side, you don't need to run Quark's POS installer for each copy you need on a given machine, you can copy the original QX4 folder to each user. On each machine at my work, in addition to the staff member's user, we have an IT user with administrator privileges, and keep the master Quark copy for the machine in IT's Public folder. Then when Quark inevitably screws up a user's copy, they know to delete their copy and go into ~it/Public and copy the QX411 folder from there into their own user's Applications directory.

Secondly, the fonts all look like crap, but it turns out you can still run ATM in your Classic System, and that half-fixes the problem. You'll still occasionally need to zoom out and zoom back in to force it to regenerate the font glyphs, but that usually fixes the problem. We do have a problem where Classic will occasionally appear to lock up every few days, but I can't tell if it's just Quark being crashy or because we're using ATM which isn't technically supposed to work at all.

Palettes sometimes vanish. if a palette is not completely on top of a Quark window, it will occasionally disappear. You have to close & reopen them by the menu to get them back. I think it's easier to just stretch the Quark window to completely cover the screen, but my Production guys can't stand that.

Also, Quark windows sometimes don't realize they've been clicked on if you try to click them to bring Quark to the foreground when you're working in a native OS X application. Command-tabbing out of Quark and then back will usually make Quark realize it's in the foreground.

Update: Someone on one of my mailing lists pointed me at ClassicDraw XT which is a donationware Quark XTension that is supposed to fix the redraw issue. More later after I've had a chance to test it.

Creative Commons License

This work is licensed under a Creative Commons License.
Copyright 2007-2010, Joseph P. Block, Some Rights Reserved.

Creative Commons Logo