If This Then That

Posted on 08/09/2011 by ifttt

This new-to-me website — officially known as “ifttt” (how do you pronounce that?) — is brilliant. I signed up yesterday (it looks like it’s currently in public beta), and it only took about a minute to realize ifttt’s potential handiness.

The whole basis of ifttt is that it puts the internet to work for you. You can create tasks based on the structure “if this then that”, and the site has dozens of triggers and actions to populate that equation with.

An example action (ifttt calls them recipes) would be: “If it’s going to rain tomorrow then text message me.”

I set up a recipe so that I get an email with the link to any item I star in Google Reader. It used to be that when I was reading feeds on my iPad and I came across an item I wanted to link to here on the site, I would email myself that article. Now I simply star it and it’ll still show up in my email inbox.

? Permalink

from Shawn Blanc http://ifttt.com/

Quick Review – Audioengine A2 self-powered speakers

Posted on 08/09/2011 by kai

Two thumbs up. These tiny desktop speakers punch well above their weight. They are amazingly well built for the price, have a more than powerful enough stereo amp built into the left speaker and feature a kevlar coned driver and a silk tweeter. Available in a gloss black or gloss white finish, I’ve got a pair in white on my desk now and they sound fantastic.

Quick Tip – telnet with ssl

Posted on 05/09/2011 by kai

I’ve often used telnet to connect to random ports to make sure a service is working (eg: telnet somehost.example.com smtp to see if it’s accepting connections on port 25) but have been stuck with a suitable alternative to test connections that are secured with ssl.

Of course openssl is capable of doing this. Simply type:

openssl s_client -connect somehost.example.com:465

This will test an ssl secured connection to the secure smtp (smtps) port on a mail server. Change port number as required.

It’s a girl!

Posted on 13/08/2011 by kai

A new addition to the family arrived this morning at 00:17 weighing in at a respectable 4.33kg. Mum and bubby both doing very well.

Putting my money where my mouth is…

Posted on 09/07/2011 by kai

I’ve always thought that there is a place and a time to use the cloud, and to be honest, Automatica has been using Google Apps for the past two years to host email and calendars. Overall the experience hasn’t been too bad, but it’s not been as smooth as it could have been. More on this later.

This weekend, Kai has migrated all the email and calendars to Kerio Connect hosted on a Mac mini Server. Using the services from DynDNS as a secondary MX and to get around my ISP’s block on incoming port 25 traffic, everything has gone very smoothly in the transition.

Some things that Google Apps does that can be annoying are:

No control over your anti-virus and anti-spam filtering. I’ve been working on an Android app with Louis from Steelbytes and we are unable to email each other an Android APK file, either alone or zipped. I don’t get an error message saying the email has been blocked, Louis doesn’t get a bounce or an error message either, it just vanishes into the aether. The workaround is that it has to be sent in a compressed format that Google doesn’t understand, such as 7zip. Annoying. I’ve also seen this issue with trying to email people quotes and invoices as PDF.

Very little in the way of support from Google. Even with a paid subscription, the technical support from Google is a bit lacking. When I was on the free Google Apps, I had an email outage that lasted for two days. There was nothing I could do about it – I couldn’t call, email or contact anyone who could do anything about it. Emails sent to me just bounced. Thanks Google.

Contacts sync. Another thing I had quite a few problems with early on was contacts sync. Syncing contacts to Google and then back again messed up all sorts of things. At this stage, your contacts in Google Apps had a name. Not a first name and a last name, but a name. The round-trip from Address Book to Google and back again wasn’t pretty. I gather that the contacts now do have a first name and a last name field, but I was too scared to try and use it again after the first disaster.

Google’s own implementation of IMAP. Let’s face it, if you’re using Google Apps, you really need to be doing everything in your browser – this is the way Google want you to use it and is obviously the way they’ve designed the service to work properly. I want to use a proper mail client – call me old fashioned, but it works better for me this way. What’s with this All Mail folder that is a second copy of every email I’ve sent or received – it sure takes up a lot of space on my disk. What’s this starred folder? What’s with the root folder of the IMAP hierarchy being [Gmail]? What’s up with not having proper folders for email? Labels work really well if you’re managing them in the browser, but not very well in a regular mail client.

How do you, for instance, find mail that exists in the All Mail folder, but you’re removed from every other folder (in other words, you’ve deleted it from your desktop mail client)? I had a client who ran out of space in their mailbox and everything was in the All Mail folder. They had a few GB of mail in their regular folders, but had pretty well tidied it all up, yet they couldn’t just go into All Mail and indiscriminately delete everything to free up space.

Mobile Device support. Configure your email in Google Apps as an Exchange ActiveSync account on your phone. OK, now how do you configure which folders and calendars sync? You need to go to an obscure web page on your phone, log in and select them. Easy if you know what this particular page is, rather difficult if you’re looking at options in your mail client or in your gmail webmail interface. Once you’ve got it configured, how do you do a server-side search for items that aren’t on your phone? Oh, you can’t.

Cost. The cloud should be cheap enough to not have to worry about it. It’s not. $50 per user per year may sound nice and cheap, but it adds up over time and if you stop paying, you can’t access your email any more. Nice.

This isn’t an exhaustive list of everything that’s wrong with Google Apps. None of these issues are real show-stoppers on their own, but over time they grew to be annoying enough that here at Automatica we are now following our own advice and running our own collaboration server to get around them.

Apple Consultants Network

Posted on 22/06/2011 by kai

Automatica is now a member of the Apple Consultants Network. This means that Kai has undertaken certification by Apple and has passed all of Apple’s background checks and will be featured alongside other consultants on Apple’s web site.

List all users in /Users folder

Posted on 15/06/2011 by kai

Quick one-liner for bash:
for user in `ls /Users/`; do if [ $user == "Shared" ]; then continue; fi; echo $user; done

Set up a transparent Apple Software Update Server

Posted on 07/06/2011 by kai

[this is now working - see the update below]

This post is a condensed version of the information gleaned from a Mac OS X Hints article and my own research. It’s not quite working yet so still needs some more tweaking, but is almost there.

When the procedure below is followed, your Mac OS X Server will transparently deliver Apple Software Updates to networked clients with no additional configuration required on the individual client machines – this is great if you’re, for example, building client machines and want to get updates from your own server, not down over the Internet each time.

Where it all falls down is that in a single-server environment (more technically, if you only have one internal DNS server) then the Software Update server will refer to itself when it should be checking Apple for new software updates to cache. I’m pretty close to having a workaround for this but it’s not quite there.

The Procedure

Set up Mac OS X Server

I’m going to have to assume you have a working Mac OS X Server – setting one up from scratch is outside the scope of this article.

Turn on Software Update in Mac OS X Server

In Server Admin, enable Software Update. Leave most of the settings on their default. Tell Software Update to copy all updates from Apple. If you want a maintenance-free solution, also tick the Automatically enable copied updates checkbox. You may also tell it to not Delete outdated software updates if you want to keep copies of old software updates. This can be handy in situations where, for example, Apple push out a new update that breaks things and you then have the ability to (kind-of) roll back.

Ensure that Software Update has performed a full sync

This is going to take some time and download quite a decent amount of data – 30GB or more. You can watch the log in Server Admin > Software Update to check it’s progress. When it’s completed it’s initial sync, you can proceed.

Create a new zone in DNS

As Mac OS X Server doesn’t include a DNS Masquerade service that allows you to just override individual hostnames in a DNS zone, we need to make a new zone. We don’t want to make an authoritative zone for the whole of apple.com so we make a zone for just the machine record that we want to impersonate.

Create a new zone in Server Admin > DNS called swscan.apple.com. and don’t forget the full stop at the end of the name to fully qualify it. In this zone, create one machine record, also called swscan.apple.com. (remember the full stop at the end here too) and set it’s IP address to be that of your Mac OS X Server.

Set up a virtual host in Apache

If you’ve got multiple web sites on your OS X Server, you can create a virtual host for the Software Update service. Set it’s host name to swscan.apple.com and ensure it’s listening on the standard port 80. Untick all the checkboxes in the Options tab.

On the Aliases tab, delete the redirects that are pre-configured. Add the redirects listed below.

If you’re not running any web sites yet on your OS X machine, you can leave the configuration for the default site as it is and just add the following redirects. Make sure they are configured as redirects, not aliases.

In the following examples, replace swupd.automatica.internal with the hostname of your OS X Server.

Pattern: /content/catalogs/index-1.sucatalog
Path: http://swupd.automatica.internal:8088/index.sucatalog

Pattern: /content/catalogs/others/index-leopard.merged-1.sucatalog
Path: http://swupd.automatica.internal:8088/index-leopard.merged-1.sucatalog

Pattern: /content/catalogs/others/index-leopard-snowleopard.merged-1.sucatalog
Path: http://swupd.automatica.internal:8088/index-leopard-snowleopard.merged-1.sucatalog

Pattern: /content/meta/mirror-config-1.plist
Path: http://17.250.248.95/content/meta/mirror-config-1.plist

Pattern: /content/catalogs/index.sucatalog
Path: http://17.250.248.95/content/catalogs/index.sucatalog

Pattern: /content/catalogs/others/index-windows-1.sucatalog
Path: http://17.250.248.95/content/catalogs/others/index-windows-1.sucatalog

The first three entries are to perform the redirection for the Software Update client software. The last three redirects are supposed to do the redirections so that swupd_syncd can still get it’s updates from Apple, but it’s not working.

*** UPDATE ***

Tweak the hosts file on the OS X Server

The final piece of the puzzle, thanks to my good mate Charlie at eWhizz, is to tweak the hosts file on the server. What we do is put an entry for swscan.apple.com in /etc/hosts on the OS X Server machine so that it can see the real IP address of Apple’s software update server. Bind will not look in the hosts file for it’s name resolution, so all machines on the network that are using the server for DNS will see the internal IP address in DNS whereas the server will query the hosts file before it does a DNS lookup and it will still get the real IP for Apple’s server.

Add the following lines to the end of /etc/hosts

# this is so that the transparent Software Update server works

# but swupd_syncd can get updates from Apple.

17.250.248.95	swscan.apple.com

Run Software Update on a client machine

In theory, the above procedure should all work. In practice, the client machines seem to get their updates from the internal Software Update server just fine but the internal Software Update server has issues getting the real updates from Apple.

If you want to put this in place, then what you’ll need to do is whenever you want to sync with Apple for new updates, disable the DNS entry for swscan.apple.com and let the server do it’s update. Then, re-enable the DNS entry and you’re good to go.

How to get a real IP address on Telstra Next G

Posted on 30/05/2011 by kai

The Telstra Next G 3G internet service is fast, works well in a lot of areas around Australia and can be sorted out fairly cheaply these days.

One big downside to the service however is that by default you receive an IP address that is behind a firewall that performs NAT. Generally this isn’t an issue however for some more specific tasks it either makes life more difficult than necessary and makes some other things downright impossible.

One manifestation of this issue is the inability to connect to some corporate VPNs. The reason for this is that the Next G service gives you an IP address on the 10.0.0.0/8 subnet and a lot of corporate networks also use this range.

Fortunately a solution is at hand – telstra.extranet or GPTEXB3.

Unfortunately, you need to call Telstra to get this activated and a lot of the people you speak to won’t know about it and will transfer you to the wrong department.

If you call Telstra on 125111 (this is their Mobile Billing department) they are the people who can activate this, but they will transfer you to a number of other people first before you get a resolution.

What you need to do is explain to them that you’re using the telstra.internet APN and can’t connect to your VPN at work. You need a public IP address and this can be provided via the telstra.extranet APN. In order for you to be able to use the telstra.extranet APN, you need to have the option GPTEXB3 applied to your account.

Sounds easy? It only took me 35 minutes and being transferred around in circles, but was eventually able to speak to someone in billing. This person was going to transfer me somewhere else and I requested that they don’t perform a blind transfer and instead ask the other person about this option. The other person was able to add the option to the account without needing to speak to me. 5 minutes later I could connect using the new APN and was getting 123.209.12.nnn IP address (however interestingly enough, I was still seeing a /8 subnet on it and 10.64.64.64 as the default gateway)

Console not updating or asl manager taking 100% CPU

Posted on 26/05/2011 by kai

Here’s how to restart the Mac OS X 10.6 log managers after removing asl data. Corrupt asl data will either cause the logs in Console.app to not update or the aslmanager process to consume 100% CPU.

Open the Terminal application and enter the following two commands to stop the log managers:

sudo launchctl stop com.apple.syslogd
sudo launchctl stop com.apple.aslmanager

Then create a folder on your desktop called “temp” (to store the moved “data store” files), and enter the following command in the Terminal to move the “ASL” data to the new temporary folder:

sudo mv /var/log/asl/* ~/Desktop/temp/

Finally, restart the syslog process with the following command (the aslmanager will be started when needed by syslogd, so it doesnt need to be manually restarted):

sudo launchctl start com.apple.syslogd