Results matching “time machine” from Bill's Words

I’m not impressed with Mavericks Server or Yosemite server, either, for that matter. First, Apple has moved all of the standard binaries and settings from their usual homes into the Server.app bundle and into /Library. While this certainly lines up better with the Apple “way,” it makes it a royal pain in the butt for those of us who have half a clue and know their way around a LAMP (or MAMP) system.

I decided to update our server from an Xserve to a mini about three months ago. The new mini arrived, and I thought, “This should be ‘Apple simple,’” and tried to migrate. It was a disaster, mitigated only by the fact that I had a backup of the original system—somewhere in the migration process, files on the original server get mangled. This shouldn’t be, of course, but…

I tried various methods of upgrading and none were successful. Open Directory gave me fits, and I spent hours trying all sorts of things, none of which were successful. So today, I decided to go nuclear: start from scratch on the new server. That way, nothing could go wrong.

Right?

Sigh…

Since Open Directory gave me many fits, and since I knew OD is somewhat finicky about DNS entries, I decided I’d start with the basics.

Setting the Hostname

What is the name of my host? Well, Apple, in their infinite wisdom, asked my DNS to tell what the host name is, instead of asking me. So the host name was wrong because it was based on an outdated entry in the upstream DNS. So the self-signed certificate had the wrong data, too. To fix this, I changed the upstream DNS name, deleted Server, deleted /Library/Server/, and rebooted. I then reinstalled Server.app and this time the server name and self-signed certificate data were correct.

As it turns out, I could have used Server.app to change the name and the self-signed certificate would have been regenerated. But I found that out too late.

Server.app Pro Tip: When changing hostnames, Server.app will generate a new self-signed certificate.

Setting Up DNS

Next step: DNS. This should be simple. I should just be able to import a zone file, but, alas, unless I migrated the server, nope. I thought about just typing in all the hosts and whatnot, but what a pain in the rear that would be. Also, you can’t use wildcards in hostnames. So instead, I turned on DNS, set the forwarders to 127.0.0.1 and the upstream servers, and looked at the files in /Library/Server/named.

Complaint: There’s no way to reorder the forwarding servers in Server.app, without retyping the whole list.

Complaint: You can’t type in an asterisk (wildcard) when editing a host name. So aliases like “*.eccles.net” can’t be used without manually editing the hosts file. Still true in Yosemite.

Complaint: Manually-entered wildcards get deleted from the hosts file if you edit the zone with Server.app.

Server.app Pro Tip: Editing zone files is possible, but any changes made in Server.app will overwrite most (if not all) edits.

Now for Open Directory

OK, now that my server knows who it is, it’s time to turn on Open Directory. A few clicks and that was done. I now had a fresh Open Directory master running. Now let’s import some users. (Since I never really monkeyed around with OD in any other version of Server, a plain vanilla OD Master is fine for me here.)

Server.app Pro Tip: Set the Directory Administrator user to diradmin and set the password to be the same as the server administrator password. If you’re like me, you’ll stand a much better chance of remembering these credentials that way.

Importing Users

I exported the users from my 10.6 server (select the users in Workgroup Manager, then use some other command which I can’t remember) and tried to import them using 10.9.

Server.app Pro Tip: Importing users is not found in the “Users” pane in the “gear.” (Why not?) Instead, it’s here:

Screen Shot 2014-06-01 at 5.07.46 PM.png

in the Manage menu. Server.app kept griping about my username and password. My question is, What username and password? The dialog says “Admin Name” and “Password” but doesn’t give a clue which thing it is I’m trying to authenticate into. I assumed it was the server, and several times, I was wrong. I then decided it might be the OD server that I’m trying to authenticate into, and that turned out to be right.

Complaint: Server.app could use a better prompt than “Admin Name”. How about “Open Directory Server Administrator Name”? It’s long, yes, but it’s better to try to fit that into the window than frustrate the user, don’t you think?

Complaint: If that’s too long to fit, how about improving the error message? “Credentials could not be verified. Username or password is invalid” could just as easily say, “Open Directory server credentials…” to save me a few tries and Googling.

Server.app Pro Tip: This dialog:

Screen Shot 2014-06-01 at 5.08.06 PM.png

is asking for the Open Directory administrator username and password (which you just created—see above).

While the import was a success, it left me with questions. First, I have several users with more than one shortname (most, in fact). What happened to these additional shortnames? And what do I do with the blank “E-mail address” box in each user’s information? Does something go there? Does something have to go there? What’s up with that? Let’s tackle each one of these separately.

About those multiple shortnames: It turns out that they are, indeed, imported into the new Open Directory server, but only the first (primary) shortname is displayed. I verified this by making test SMTP sessions and watching the SMTP logs. Messages to all of a user’s shortnames were successfully delivered. Yosemite note: not true anymore. See below.

Managing these shortnames is tricky, though, and can probably be accomplished with a command line tool of some sort, though I was unable to figure out how to do it. (I gave up after ten minutes of Googling.) I stumbled upon an Apple support page which describes how to edit Open Directory records with Directory Editor.

“Directory Edi… wha…? you’re saying, I’m sure. Yes, one of the older apps hidden away from most users is Directory Utility, which I never use other than to enable root user. So what’s changed to make it useful? It has a new pane called “Directory Editor” which allows Open Directory directories to be edited. (Clever name.)

You can find Directory Utility using the Apple-given instructions at the link above, or you can…

Server.app Pro Tip: Make an alias to /System/Library/CoreServices/Directory Utility and stick it in your dock.

In DU, you can edit everything about an OD entry (hence the reason it’s probably hidden from most users’ attention). Since the server is local (it’s on the same machine), authenticate into the node at “/LDAPv3/127.0.0.1”, as shown below:

Screen Shot 2014-06-01 at 5.28.19 PM.png

Each user will have a RecordName which will correspond to the primary shortname. If you have any users with multiple shortnames, you’ll see that they have more than one RecordName. If you want to add another shortname, you can do so with the “+” button out to the right of RecordName, as shown below:

Screen Shot 2014-06-01 at 5.32.53 PM.png

Server.app Pro Tip: Multiple user shortnames can be added, edited and deleted in Directory Utility. But this isn’t really useful in Yosemite.

How about that “Email Address” field in Server.app? What does it do?

I have no idea. [Though it turns out to be useful in Yosemite.]

When a user is created, it suggests the E-mail address based on the user’s shortname. If you change it to be different from the suggested address, it does end up being reflected in the OD entry, but PostFix (the mail server) has no idea what to do with it. E-mails addressed to the different address will bounce. E-mails addressed to shortname@domain.tld will be delivered.

Server.app Pro Tip: Leaving the E-mail address field in a user record blank is OK. Except in Yosemite, that is.

Yosemite update: I upgraded from Mavericks to Yosemite. It now ignores the multiple shortnames specified in Directory Utility (see above). For example, my primary E-mail address might be administrator@somedomain.net and I might have an alternate shortname, bill.eccles@somedomain.net specified in DU. In Mavericks, I had to add the bill.eccles shortname manually using DU, per the above. I could successfully receive E-mail to either address. The E-mail address field meant nothing.

However, when I updated to Yosemite, PostFix doesn’t have any idea about these other shortnames/addresses anymore, even though they do show in Directory Editor. Panic ensues when incoming mail to these alternate shortnames bounces. This problem is reasonably-easily fixed by adding them to the users in the User editor in Server.app. But if you’re confused because the “+” button is grayed out for the user you’re trying to edit, it’s because you’re not authenticated into the appropriate directory node.

At the top of the list of users, you’ll need to filter to show only the “Local Network Users.” Then you’ll be able to double-click and edit a user. The “+” sign will be enabled for adding more E-mail addresses to the user. This has the same effect as editing the “EmailAddress” for the user in Directory Utility and does not effect the “RecordName” list. It might be a good idea to go back and remove the extra shortnames in the “RecordName” list, but I don’t know. And I haven’t done that yet, either.

About Users’ Passwords

Passwords are lost in the export/import process. It seems that it should be possible to find the various hashes in the older version of the server using mkpassdb, but I can’t find enough corresponding entries to know that I’d make the new server totally happy. The next question is how to handle passwords, since my users use the server only for mail (via IMAP or POP) and won’t have OS X’s native password changing dialogs.

It turns out that there’s a reasonably easy way to handle that, too. If I turn on the default SSL website (in the Website pane, naturally), I have the option to let users change their passwords. I tested this path, and it works well. But because my users come from outside the local network and have to traverse my firewall (which means all port 80 or port 443 access can be directed to one machine only), I have to either (a) migrate all the web services from the old server to the new or (b) set up a special port for accessing this server for password changes. I’ve chosen this latter method in order to make accessing the password change page more difficult. There is no way to change the default server port number, so this change will be done entirely at the firewall, redirecting port N to port 443.

Moving Mail Services

Mail services are somewhat tricky, but now that you have your users moved over, you can pretty easily move the mail to follow them.

First, turn off mail services on both the new and old servers using the Server.app. Then, we have to move the data from machine to machine.

Mail data exists in two places. There’s the Postfix SMTP spool files (mail which is in the process of being delivered) and the Dovecot IMAP spool files (mail which has been delivered to the users’ mailboxes).

First, get the SMTP files from the old server:

sudo tar cf smtp.tar /var/spool/postfix

(ignore the warnings about tar format cannot archive this (type=0140000): Inappropriate file type or format These are sockets and won’t archive, nor would you want them to.)

Get the mailboxes:

sudo tar cf mail.tar /var/spool/imap/dovecot/mail/

Copy them to the new machine somehow, e.g.:

scp smtp.tar admin@192.168.1.2:~/smtp.tar
scp mail.tar admin@192.168.1.2:~/mail.tar

Now put them where they belong.

Most likely, you already have mail directories where they belong, but they need to be cleaned out to prepare for new data. So here we’ll delete the mail data directory (i.e., clean it out… permanently!) and repopulate it with the mail from the original server:

sudo rm -R /Library/Server/Mail/Data/mail
mkdir -p /Library/Server/Mail/Data/mail
cd /Library/Server/Mail/Data/mail
sudo tar xf ~/mail.tar --strip-components=5
cd ..
sudo chown -R _dovecot:mail mail

Then we’ll make the spool directory (if it isn’t there already) and populate it with the spool data from the original server:

sudo mkdir -p -m 755 /Library/Server/Mail/Data/spool
cd /Library/Server/Mail/Data/spool/
sudo tar xf ~/smtp.tar --strip-components=3

I think this all I did, but you may have to jigger your permissions and ownership so it looks like this:

home:spool admin$ ls -la
total 0
drwxr-xr-x  16 root      wheel      544 May 26  2014 .
drwxr-xr-x  13 root      wheel      442 Aug 10 12:17 ..
drwx------   2 _postfix  wheel       68 Jan  2 19:15 active
drwx------   2 _postfix  wheel       68 Dec  8 08:00 bounce
drwx------   2 _postfix  wheel       68 Feb 19  2010 corrupt
drwx------  18 _postfix  wheel      612 Aug 10 12:33 defer
drwx------  18 _postfix  wheel      612 Aug 10 12:33 deferred
drwx------   3 _postfix  wheel      102 Dec  2 13:55 flush
drwx------   2 _postfix  wheel       68 Feb 19  2010 hold
drwx------   2 _postfix  wheel       68 Jan  2 19:15 incoming
drwx-wx---   2 _postfix  _postdrop   68 Aug  8 02:01 maildrop
drwxr-xr-x  24 root      wheel      816 Aug 10 13:19 pid
drwx------  27 _postfix  wheel      918 Jan  1 14:01 private
drwx--x---   7 _postfix  _postdrop  238 Jan  1 14:01 public
drwx------   2 _postfix  wheel       68 Feb 19  2010 saved
drwx------   2 _postfix  wheel       68 Dec 31 21:59 trace
home:spool admin$

So what’s next? PHP, web services, and other things… but that will have to wait until a future article. This one’s already long enough.

[This is the last political entry I intend to post on this site. I don’t have a lot of readers, I don’t have a lot of time, and I don’t get paid for my effort. I’ve only ever heard from one of my recent readers—and that’s OK!—and I don’t think that my voice does much but add to the noise. Might I recommend The American Spectator for superb conservative political commentary? I’ll continue to publish computing and thought pieces, but this election cycle has made me tired of national politics. WNE]

Dear Mr. Obama,

Your victory speech was elegant as always; you have the gift of the gab, truly. You used some words that I expect you to live up to lest they fall onto the heap of broken promises of your first term. These words were, “…whether you held an Obama sign or a Romney sign, you made your voice heard…”

Though you may have heard, my question to you, Mr. Obama, is Were you listening?

If you were listening, then what you heard is your country’s saying:

Stop letting the mainstream media do your work for you. If you are a man, if you are a leader, then you should be able to convey the message you intend the country to hear without having the likes of Rachel Maddow and Chris Matthews covering for you. Let them do their job. Let them be critical of you. Stop trading access for control of the narrative. Let the people hear the truth through Jefferson’s independent fourth estate. Man up.

You’ll make mistakes. Own up to them. The rest of us have to live with the consequences of your errors, so why don’t you? Stop letting the media cover for your mistakes. Man up.

Your way isn’t necessarily the best way. Your long-held socialist beliefs are not what the country wants. You, the liberal elite, Hollywood, and their ilk certainly want this nation to become a nation of redistribution. But it’s time you listen to other sides of the story. Mr. Romney and Mr. Ryan do have a plan which could work, but you’ll have to listen to them, to avoid letting your own biases block the path “forward.” It takes guts to listen to, respect and incorporate the other side’s points of view. Man up.

Vilification of the rich is great for short term political gain, but divides the country. I have yet to understand why the “poor” hate the job-creating “rich” but worship the do-nothing Hollywood elite, why George Clooney is revered, but Linda McMahon is reviled. If you want the “rich” on your side—and by your own admission, you must have the rich to fund your spending machine—stop pissing them off. Stop dividing the country with artificial class warfare. Unify.

Speaking of warfare, listen to this:

Stop creating artificial wars. Your “war on women” is a prime example of rhetoric for the sake of inflaming your supporters. It does nothing but push your supporters and your detractors further apart. It does not build consensus. Build consensus.

Get to work. 10 weeks of golf. Celebrity basketball games. Bragging about your beer recipe. All of these are great past-times and would be great features on Lifestyles of the Rich and Famous. But for a sitting President, they are inappropriate. You used your first term to prove that you’re just a regular Joe who is somehow privileged enough to hang out with stars and celebrities. Now get to work and do the job you were elected to do. Attend those briefings. Learn a work ethic befitting a president.

Strengthen this country’s defense. I do not believe it to be any coincidence that you and Bill Clinton ushered in horrific terrorist attacks. You must ensure that the world of terrorists does not see your peacemaking overtures (or whatever it is you’re doing) to the world of Arabs as indication that the US is soft on terrorism. Declaring that Al Qeada is dead does not make it so. Put ears on the ground in-country and build intel that we can use to hunt down and kill terrorists. Prevent attacks, and when warned of imminent attacks, pay attention, dammit.

Stop governing with czars and edicts. You are not a dictator, and you have no right to dictate. Only a complacent Congress has allowed this abhorrent mangling of checks and balances to continue. Do your job right.

Clean house. Your Vice-President is not a “happy warrior”—he’s the punch line to many jokes. He’s making a mockery of his office and acts the fool. Likewise, you have a staff containing tax evaders and cheats; I imagine that there are others with less-than-stellar records, too. Remove these people from office and put well-respected, well-vetted and centrist (mostly because neither the left nor the right will approve a radical of either extreme) people in front of Congress and into those jobs.

“It’s the economy, stupid.” Worry about social programs after the economy is fixed. Until we have a working economy, you can’t afford social programs. Your credit card is maxed out, and our house is so far underwater that our great-grandchildren will have no place to live in if you continue at the torrid pace you set during your first term. China is not our friend. Manufacturers must be encouraged to bring business back on shore. Likewise, stop picking winners. You clearly demonstrated that the government has no business in investing in technological fantasies, that “more money” doesn’t equate to “success.” You want to make good on that balanced budget thing? First, stop spending so you know how much you need to take in. Then tax. If you do it the other way around, you’ll never get what you need, the economy will continue to stagnate, and more generations will drown.

Innovate. If the private sector can figure out ways to manufacture items more efficiently, to break the laws of nature, to avoid paying taxes, to find new ways of doing old things better, then why can’t government? It’s because we’re asking politicians, not problem-solving experts, to fix the problems. Bring in experts from industry. Bring in the brilliant minds. Ignore their party affiliation. Leave the Hollywood elites at home. Let the brilliant people of this country solve the problems we face, because solve it they will… if you’ll let them.

Now hear this: Your victory wasn’t quite “decisive” as the mainstream media are so quick to report. No, you won through the grace of the Electoral College. The fact that you won by a thinner margin of the vote this time means that more people are listening, learning, and understanding the deficiencies of hiring a community organizer to do the job of a world leader. Unfortunately, not enough understood this problem and the net result is you get four more years to make good on the promises of your “one term proposition.”

For the rest of us who did understand, we are left praying first for our families, then for our country, and then for you and the rest of our elected leaders. Because in spite of the “us” and “them” rhetoric you bludgeon us with each day, we are all in this together.

Sincerely yours,

/Bill/

William N. Eccles

The developer preview of Mac OS X Lion (version 10.7’s big-cat name), to which I do not have access, includes the amazing installation option to install Mac OS X Server. What once was a $1000 (since dropped to $500) standalone product will most likely be included in the standard-issue Mac OS X package. You know, the one that costs about $99 to buy. Amazing.

While others (via DaringFireball.net) have doubted that this is really the case, I’m going to go on record as saying it’s not only true, but will also guess as to why.

Let’s gather some dots and then connect them, shall we?

First, Apple has all but eliminated its line of server products. Other than the dedicated Mac mini Server, there are no more server-specific hardware products to be had. The Mac Pro Server is essentially the same box as the regular Mac Pro, after all. XServe is dead. XServe RAID is dead, too. With no serious computing iron to offer, a server room is going to be devoid of Apple products. There’s food for thought…

Second, Apple is building a huge data center with lots of serious serving power for the iTunes store. They also know a lot about how to serve data between computers using MobileMe. To me, that adds up to a lot of learned-by-experience knowledge about something called cloud computing, where the data are not necessarily in one particular place but are all over the place. As long as you don’t see any difference between having the data locally vs. in “the cloud,” it shouldn’t make any difference.

Third, Apple has some intellectual property brewing around cloud computing. Googling “Apple patent cloud computing” yields a pretty satisfying list of things to look at. Apple has its head in the cloud, quite literally.

Fourth, rumor has it that Apple is going to introduce a plan targeted at small businesses which will supply faster turnarounds and loaner machines for a very-reasonable $500 per year. Neat.

Fifth, Apple will be supplying Mac OS X Server technologies with every one of its desktop machines. Every one of them. Not just a few high-end machines. All of ‘em.

Finally, the cursor blinks at the same rate that it used to and I still type slowly, even though the processor power available to me, the user, has grown immensely. We may have gigaflops and terabytes on our desktops, but we still vastly underutilize them in a typical business setting.

Now let’s connect the dots.

(Oooo! That sorta’ looks like a unicorn!)

I think Apple is aiming to eliminate the server room entirely. Furthermore, I believe that with Server on every desk (and eventually I think at least some of it will be a default part of installation, mostly hidden), Apple will move the server room out to the front office. What once was one or more pieces of dedicated server hardware and software will be distributed across the machines in the workgroup or business. This approach makes use of Apple’s cloud technologies and will utilize all of that unused—but already bought!—computing power that we have on each user’s desk.

When? It won’t happen instantly, or even soon. No, I’ll peg the release date for this massive shift in computing to the release of version 11 of Mac OS X—what’s that, two, three years? It’ll take a big shift in mindset of Apple’s customers to accept this kind of radical change in how we think of “servers.” Also, the technology has to catch up with the plan, such as the need to implement some sort of new underlying file system which is certainly a prerequisite for this kind of thing (ZFS, anyone?). All of this will require some positive track record, presumably which Apple’s starting right now with OS X Lion.

I don’t think I’m going out on a limb here. Think about the advantages to both the users and how I think Apple sees things, and it makes good business sense for Apple as well as a good user experience.

For one, there’s no need to buy super-powerful hardware to do server stuff, especially if you have spare gigabytes and gigaflops sitting around idle. Why buy redundant capacity? Not buying more computers saves the business some money, and narrows Apple’s product line significantly. That’s good for both us and for Apple.

By getting rid of the server room, we users save money and space and possibly the time or expense of a dedicated system administrator. Why not administer the whole thing yourself? Or perhaps just hire an Apple-certified Consultant on an as-needed basis and pay the minimal fee per year to get your business-essential hardware replaced/repaired quickly? That sounds remarkably inexpensive to me. That’s another good deal for Apple, its consultant network, and us users, too.

If you are going to buy into this cloud server thing, presumably you’re somewhat locked into the Apple ecosystem. That benefits Apple, certainly, but it could also be perceived as a benefit to the consumer like the tight integration of iPod/iPhone/iPad and iTunes has proven beneficial to the user experience.

And what if that big data center in North Carolina were to sprout a twin? Could that become a backup for your business data cloud? Short answer: yeah. Can you say subscription model?

As a final thought, I don’t believe that Apple has any interest in big business with this initiative. As we’re often told these days, the heartbeat of America is the country’s small businesses (sorry, Chevy) and that’s a huge market. Maybe this will be trickle-up technology, but I doubt it: the Microsoft juggernaut has that one wrapped up for the foreseeable future, and I think the sysadmin community (which certainly “knows this can’t possibly work”) will be extremely resistant to the decentralized server model, at least one that is this decentralized. Who knows? It may not work on the big business scale. But I think… well, never mind. You can guess what I think.

I’m sure that I’m missing a few benefits and a few points which suggest that Apple really is headed this direction.

And I might be completely and totally wrong.

But, Oh! How I don’t want to be wrong… It’s just too cool an idea for it not to be real.

(Sorry I’ve turned comments off for the time being. Stupid spammers thought I needed to see their crap on my blog, so until I get hooked up with Disqus, things will be quiet. Let me know via E-mail—contact info over there on the left under “Pages”—and I’ll post your comments as part of my original posts.)

This article (via Daringfireball.net) does a good job of introducing people to the basics of Thunderbolt, the Apple-adopted, Intel-developed 10Gbps daisy-chain-architecture super-fast bus. But I have one big, hairy question that I’d like to see addressed before I jump whole-hog onto the bandwagon here.

What about hubs? Because without them, the daisy-chain architecture is just as hobbled as FireWire’s is.

The subject of hubs was mentioned in the comments on the article, but nobody has provided an answer to this question as I write this. If I get one port on my machine and I have to plug into it all of my peripherals and they are daisy-chained, what happens if I want to take a device out of the middle? As it stands now, I lose my video, which has to be downstream of that device—for the time being, anyway—and any downstream hard drives just got dismounted in a not-so-nice way.

And if Nikon is really introducing a Thunderbolt-based DSLR, where do I plug it in? If my monitor doesn’t have a pass-through Thunderbolt port, then the camera has to have two ports on it (unlikely—they are small, but not that small), and I have to disconnect my chain and add a cable to insert the camera. Ick.

Finally, what if one of the devices in my chain goes tango uniform? Does it take down everybody downstream or, worse yet, upstream, too? I have somewhat-old FireWire drives that have the ability to cause my XServe to go kerplooey! (requiring a cold restart) when they decide to go out for lunch without permission. Though USB is slower, it never, ever did that, so those drives sit on USB these days. (They are for backups, not serving, so I don’t notice the performance hit, but am glad for the reliability.)

Don’t get me wrong: I like the underlying technology which, essentially, externalizes the PCIe bus, which is a really cool thing. But I gotta’ see how this works in real life before I say it’s not “very, very frightening.”

(OK, a little hyperbole there just for the sake of the lyrical reference.)

If you use an app that is critical to your ability to conduct business, should you use the Mac App Store to buy that app?

Though the support article here says:

Apps you purchase and install from Mac App Store can also be copied to an external hard drive, USB Flash Drive, CD/DVD, or backed up via Time Machine. 

…it also says this:

…you can use Mac App Store to reinstall the app (if it’s still available) without incurring additional charges to your account.

It also says this:

If you save a copy of an app to removable media (such as an external hard drive) or file share, simply drag the app back from its storage location to your Applications folder. When you open the restored app for the first time, you may be required to sign in with the Apple ID account that was used to purchase the app.

(All emphasis is mine.)

Two very important questions arise:

What if your business-critical data requires an app which suddenly becomes not available and your favorite computer illiterate user accidentally deletes the app? Apps have been known to disappear overnight for terms and conditions violations, so this is not an unrealistic possibility.

The second is, What if you are unable to “sign in with the Apple ID account…” for some reason? Here are some scenarios that would lead to that problem:

  1. Your business got struck by lightning. Sure, your data are all backed up on an external drive in your trunk at your house, but, alas, your Keychain or 1Password file on your Mac which faithfully stores all your passwords—including the one you can’t remember to the Apple ID account—is fried.
  2. Your cable modem got struck by lightning and took out the computer. You remember the Apple ID and password, but can’t connect to the Internet until some future time that the technician can bring you a new cable modem.
  3. You have access to the Internet via iPhone tethering, so you have access to the Mac App store, but since you have to restore from the original 10.6.0 DVD, you have hundreds of megabytes to download and install. That’s slow, but certainly not insurmountable unless, of course, you are stuck in marginal 3G territory and connections are iffy at best—good enough to sign in, but not good enough for hundreds of megabytes of updates.

Possibility 2 assumes that reauthorizing the app requires an online transaction. It may not—I do not know. Does anybody know definitively?

There are certainly some production apps which require online authorization to work, most notably the Adobe Creative Suite, so this is not a problem unique to the Mac App Store. However, Adobe most likely can help you out if you are in a jam. I doubt that most Mac App Store publishers are set up to handle something like that (such as shipping you an unlocked copy of the app via FedEx or 56K dialup modem or who knows what).

Granted, it doesn’t look like there are a lot of mission-critical apps in the Mac App Store—at least in the charts, anyway. But I’d be very hesitant to buy mission-critical apps from the Mac App Store until two things occur:

  1. The activation/reactivation process is well-understood and the limitations and workarounds are known.
  2. The backup process is clearly defined in such a way so as to not be reliant on any activation process at all.

Other than that? I already love the Mac App Store. I can see that I will be much more likely to make a spur-of-the-moment purchase impulse buys than ever before—and, in fact, already have. Instant gratification is instant and seamless—no unstuffing disk images and mounting them and agreeing to licenses and… Prices are much more dynamic because sales will happen more frequently. And the interface is just as slick and easy to use as the iOS App Store.

Oh yeah, Apple has a good thing going on with the Mac App Store. No doubt about it.

But I’d think long and hard about buying CS5 from it.

Matt Kernan manages to make it around security to get into the US—sort of.

OK, quick summary: Upon returning from an international flight, the TSA wanted to screen him using the backscatter machine or a patdown because they do this for all international passengers before they’re allowed to enter the secure zone of the terminal. He declined for the usual reasons. However, he wasn’t trying to make a connecting flight—he was merely trying to get out of the airport and had no need to go into the secure zone of the terminal.

It’s unclear to me whether or not he stated this fact at the time of his encounter with the TSA, so I’m not sure that he’s totally in the clear on this one. “I’m not trying to make a connecting flight” may mean to the agent, “I’ve got time to kill.” On the other hand, “I’m just trying to leave the airport to get home” is pretty unequivocal. And withholding that important bit of information is intentionally muddying the waters.

When I flew international into Dulles about four years ago (see, “Right on Queue”), the international flight arrived outside the secure zone and I was in the US once I went through customs (thus no pretense of unreasonable search and seizure). To make it onto our domestic flight, I had an awful encounter with a line to get into the domestic secure zone.

Line or not, it sounds to me like CVG needs some rearranging to be more in line with the Dulles model.

[Via DaringFireball.net.]

Short story: a Brazilian billionaire is building a 90-square-mile area specifically for the purpose of attracting companies, Apple included, to use it for building their products—instead of China.

My question: Why isn’t anybody doing this in the US?

Are the products that Apple and others are building so labor-intensive that it would break their banks to build them in the US? It used to be that high-tech items were built in Japan. Now, even the Japanese outsource to China. What’s so special about China?

I’ll admit that what I’m saying here is based a lot on conjecture. I assume that labor rates are ridiculously low in China, based on what I read daily on the intarwebs. And I’m assuming that robots are not used for these assemblies because reconfiguration of tooling is a lot more difficult for an automated production line than when the line consists of humans. That would give Foxconn a great deal of flexibility in its product mix.

With those thoughts in mind, then what would be the difference between a Foxconn factory and an Apple factory?

First, automation: Based on Steve Jobs’ previous experience with assembly plants, they would be worlds apart. The original Mac factory in Freemont, CA, was nearly totally automated which, for 1984, was pretty darned good. Yes, hands were involved in some of the circuit board assembly process, but the process was very automated for its time. In this day and age, I doubt any hands would be involved in the whole process, especially with Apple’s low-mix, slow-to-change product line. Steve would totally see to that.

But could it be totally automated? I think it could. But another question: could it be totally automated for a reasonable price? In 1984, the Mac plant cost $20M. That’s a lot of money to invest in a plant that produced a Mac every 27 seconds. Let’s assume that a new plant would cost 10 times that now—$200M. According to 2010 sales figures from last quarter, Apple sold about 27 million iDevices (i.e., “not Macs”). The capital cost of the factory would add $7.50-ish to the cost of each device. Or it would suck $7.50-ish per device out of Apple’s profit. Anyway, it could pay for itself in one year.

Question: would you pay $7.50 more for a product that said quite clearly on the front, “Now made in the USA for only $8 more!”? In the US, I’m certain you would. In the EU? Maybe.

Ooops! It turns out that the sales figures I quoted above were for one quarter of the year alone! Would $2 be too much to pay for “Made in the USA”? I don’t think so.

Second, labor: I’m sure the plant would have a fair number of people who tend to the machines, and that fits right in with the US’s need to maintain a high-tech service job base. Gradually, we’re shipping overseas all of the jobs that we can. Brainpower can telecommute from India, Poland, etc. But hands-on maintenance cannot. Construction cannot. Plant management cannot. Trucking could not. So it would be beneficial for the US if Apple built a plant that requires some hands-on help for its care and feeding every now and then.

Third, location: Easy. Tennessee, close to Memphis, as a matter of fact. First, Tennessee got Steve his new liver quickly; it would be a nice payback to the state to which he owes his life. Second, it’s where FedEx has its massive hub. Clearly, that would be a bonus. Third, the affordability of building and working in Tennessee is pretty darned good. (Google it on your own. I’m feeling lazy today.) I do figure the chemical and natural resource cost if sourced from within the US might be higher than in China (and, in fact, might still be sourced from China). But, again, I’d have to guess that the higher price might be worth it.

Would it require any sort of “industrial park?” Nope. Just land and electricity. I mean, this billionaire guy is building an “industrial park” with the hopes of attracting Apple and others. In other words, he’s driving up the price of being there to attract companies to be there. If Brazil were such a great place to be, it should sell itself, sans business park concept.

It seems to me that Tennessee (though I’d prefer it to be Connecticut, of course, just so I could be involved) would be an ideal spot for Apple to plunk down a factory. And I’d love to see that happen.

Steve, would you comment, please?

Update, January 2, 2010

One company, MacNeil Automotive Products—you know them as “WeatherTech”—has done three things right, in my opinion. First, they have brought their manufacturing capacity back into the US. Second, they are expanding that capacity, also in the US. And, third, they are publicizing the heck out of it. David MacNeil writes about this transition on the company’s website. He has been very public and very vocal about this transition and buildout, taking an additional two page spread in every issue of Car and Driver I’ve received since they started the buildout to publicize it. That’s two pages in addition to the usual four to six pages they normally use. He must be doing something right.

Do his products have the same cachet as Apple products? I’d say so, based on my experience with them. They fit and feel better than any floormats I’ve run across in the automotive store. They command a price premium. And they work very well.

Are Apple and MacNeil in the same game? No, not at all, so saying “It works for MacNeil, so it would work for Apple” is certainly a specious conclusion.

But it does give some food for thought, no?

The guy who wrote this article is the same Ruben Navarrette Jr. who prompted my reaction to another one of his illogical diatribes. This piece of so-called “reporting” is merely the liberal mainstream media at work, celebrating itself for standing up for something which makes little to no sense to those who don’t have their liberal blinders on.

Let’s take his article apart, shall we? This should be fun.

Phoenix, Arizona (CNN) — It was an ethnic twist on an American classic, the kind of thing that some people consider appealing and others frightening. Pinto beans, diced tomatoes, salsa and jalapenos top a hot dog that’s grilled to perfection.

It’s 10 o’clock on a Saturday night at ground zero in the immigration debate. The hot dog vendor, a woman from the Mexican state of Sinaloa, would normally be doing a brisk business. Her cart is across the street from a popular Latino dance club that used to be frequented by Mexican-Americans but is now normally crammed with Mexican immigrants.

No mas.

Was that Spanish you were trying to use? I’m sure it was, but stick to English, which you haven’t gotten right. You see, I can’t make head or tails out that last paragraph. Is the place normally crammed with Mexican immigrants? Or was it frequented by Mexican-Americans? I can’t tell what the heck is happening across the street from the vendor’s cart. I get the idea, though: she has no customers at 10pm across the street from a dance club. What kind of town is this?!

“The city feels abandoned,” the woman tells me in Spanish. “Everyone has left.”

It sure looks that way during a drive though the city’s predominantly Latino west side, with its abandoned buildings, deserted homes and empty parks.

OK, let’s see, Ruben: How many doors did you knock on to assess how many of those homes were abandoned? How many buildings did you survey? How many were abandoned before April? And at 10pm, I’d expect most lights to be out, and the parks darned-well better be abandoned. Oh, you drove through during the day? Hmm. I’d expect the homeowners to be out working and the parks to be filled with… nobody! They should be working.

Since April, when Gov. Jan Brewer signed SB 1070 to punish illegal immigrants for the sins of the employers who hire them, estimates are that tens of thousands of illegal immigrants have left Arizona for a warmer climate in Utah, Colorado, Texas or New Mexico.

Score 1 for Arizona, then, in spite of the gutted law. I’m going to guess that this trend won’t stop until the wave reaches Canada.

Last week, U.S. District Judge Susan Bolton struck down four of the most grotesque and illogical parts of the law, including the requirement that local police attempt to determine the immigration status of individuals they suspect of being in the country illegally and language making it a crime to solicit work.

I’m glad you’re not trying to pass this off as objective reporting. “Grotesque” and “illogical” are hardly objective terms.

I have been watching this drama play out from California. But as someone who lived in Arizona about 10 years ago, I needed a closer look to see what life is like in this desert metropolis now that the law has taken effect — or rather, what’s left of it.

So you visit a Latino section of town and decide that there’s not much left of Phoenix. I’m guessing that the rest of Phoenix is disappointed to hear that pronouncement.

I’m a U.S. citizen; my parents and three of my four grandparents were born in the United States.

Relevance, Ruben, relevance.

When I lived here a decade ago, I was struck by how comfortable Latinos and whites seemed with one another. There was the occasional conflict, but more often there was compromise and cooperation, even on the issue of immigration.

A decade ago, the Obama administration was not in office. Much has changed since then. Obama and his acolyte Nancy Pelosi are hell-bent on spending as much of your tax money—and mine—on feeding, housing, clothing, educating, and treating illegal immigrants as they possibly can. Their solution to avoiding class warfare is to make the illegal immigrants into legal immigrants—merge the classes—at tremendous cost. Arizona’s solution to avoiding class warfare is to enforce the laws as they stand at significantly less cost.

Your world of ten years ago doesn’t exist anymore. It evaporated last November.

Today a heated debate has produced hard feelings. The everyday interactions between Latinos and whites are much more frayed than when I was covering Phoenix as a reporter for The Arizona Republic.

No observations? No data? Oh… wait, here comes some data:

Seventy percent of whites, according to polls, support SB 1070 but 70 percent of Latinos oppose it. Until the judge’s decision, there were many whites who were happy the state was taking action against illegal immigration; now they’re unhappy with the judge’s ruling, meaning almost every group in the state is up in arms for one reason or another.

Weak, at best.

Point one: cite the polls—I hate reporters who don’t cite statistics, but since this is an op-ed piece masquerading as reporting, I’ll give you a pass. Anyway, do these polls include illegal immigrants? I’d be surprised if they didn’t.

Point two: who cares if the people who support the bill are up in arms? Who cares if the people who don’t support the bill are up in arms? Is there anything wrong with that? That’s what a democracy is all about, Ruben: expressing your opinion and voting in support of that opinion. Get used to it. Or, rather, don’t, because the Obama/Pelosi machine will ensure that the only branch of government that counts is the judiciary, and your opinion, and vote, will not be heard.

Point three: you make some very sweeping generalizations. Are they based on observations? Or just your gut feeling?

I ask the hot dog vendor how “los Americanos”—her landlord, the people at the supermarket, etc.—are treating her. “Everyone is different,” she says. “Some are friendly. Others look at you funny, like you’re not welcomed.” I think about my question. Unwittingly, I had invited her to engage in the same kind of racial profiling that most opponents of SB 1070 deplore. She prefers instead to judge people as individuals and not generalize based on stereotypes.

Whew. At least there’s one sensible person involved in this article.

Good for her. I wonder if this woman is available to give seminars to Arizona law enforcement officers who might soon find themselves in need of that skill set.

Woah… wait a minute. You have automatically placed all Arizona law enforcement officers into the role of bigot. Where do you get off doing that? Did you interview any law enforcement officers and report on equally open-minded officers? No, you sure didn’t. It wouldn’t support your story well, would it?

Later, I interviewed a married couple who came to the United States legally but lapsed into illegal status when their visa expired. They should have gone back to Mexico, but they’d already put down roots in Phoenix, where the husband could earn at least 10 times what he could make in Mexico. We talked about how some conservatives insist that illegal immigrants take jobs from U.S. workers.

There’s so much wrong here, it’s not even funny: First, the couple “should have gone back to Mexico.” They are illegally here, and yet somehow, “putting down roots” and “earn[ing] at least 10 times what he could make in Mexico” buys them a pass. Next time I’m pulled over for a traffic violation, I’ll be sure to use that defense. “I’m sorry, officer, but it’s OK because I’ve sped before and my car is fine at these high speeds.”

Second, “some conservatives” should be “some people,” because otherwise you are typecasting and stereotyping just as much as the next guy. I guarantee you can find a liberal who thinks the same thing, but it wouldn’t help your story, would it?

“That’s not true,” says the husband, who’s worked his way up from manual labor to an office job for a jeweler. “Americans are lazy. They don’t want to work.”

But then, he catches himself — and corrects himself.

“I shouldn’t say that,” he says. “They’re not all like that, but some are. They’re spoiled. They think it’s easy to come to the United States legally, and they speak from ignorance.” It’s interesting that even in a state that recently made it legal for police officers to make assumptions and jump to conclusions about who is or isn’t an illegal immigrant, there are illegal immigrants who are fair-minded enough not to make assumptions and jump to conclusions about the rest of us.

Wow. Yet another open-minded person who supports your cause! Wow! Two for two! You’re batting 1.000, Ruben! Next time, interview the guy on the corner with the sign that says, “Will work for food.” See if he doesn’t say, “Los estadounidenses son perezosos.”

The rest of that paragraph is just crap: you characterize the entire state of Arizona as bigots, except some illegal immigrants. Good job.

No matter what Bolton decided, the hot dog vendor is still worried. She thinks a lot of Phoenix police officers and county sheriff deputies, under the command of cartoonish Maricopa County Sheriff Joe Arpaio, have been champing at the bit for a law like this to give them an excuse to hassle people with brown skin. People like that, she says, won’t let the judge’s ruling get in the way of enforcing a law which they support.

Ah, so she’s not quite as open-minded as you portray her to be. Apparently, your assertion that officers of the law are bigots is shared by her. Well, fair enough, she’s entitled to that opinion. But until the law can actually be tried, and until we can see how it works, there’s really not much point in worrying about it, is there? If you’re not an illegal immigrant, that is.

Since the law took effect, Arpaio’s deputies have raided residences thought to be “drop houses,” where illegal immigrant smugglers harbor their human cargo.

And good for them! After all, immigrant smugglers are often enslaving unwitting illegals. Should they not prosecute this crime because you’re paying attention to their actions? Put another way, do you raise hell because they raid crack houses? And should people ever be in a position to be referred to as “human cargo?” Isn’t that worthy of prosecution?

And stop using the error of omission to distort the truth: deputies also raided residences thought to be “drop houses” before the law took effect, too.

No wonder immigrants are afraid. Those who haven’t left the state are living as shut-ins. They go outside when they have to go to work. Otherwise, they stay behind closed doors.

Since that’s by their choice, tough. Do they really think that if they look/act/do as normal legal citizens do (such as drive to work, do yard work, perhaps take a walk with the kids, fix their cars in their driveways, go to the store) that they will be accosted by police for acting suspiciously? Don’t they think that it’s the people who stand around on street corners for hours a day, doing nothing, who are most likely to be challenged by police? Apparently not, I guess.

Anyway, eventually, when the illegal immigrants are few and far between, the suspicion that someone is here in the US illegally will naturally die down, won’t it? In the meantime, the legal immigrants should be out and about and should enjoy showing up Officer Bob and his ilk when they are hassled for their documentation. Oh, and of course, they should avoid activities which would get Officer Bob’s interest in the first place, just like you and I should.

By the way, I think Officer Bob should ask every suspect of some offense, including me, lilly-white Bill Eccles, for my proof of citizenship (whatever that is), and should not be asked to make a determination which might be misconstrued as “racial profiling.”

There is another kind of racism at play here. You’ve heard how Arizona tried to empower local police to arrest gardeners and housekeepers to crack down on Mexican drug dealers. Baloney. That’s just how the state’s anti-immigrant efforts are packaged for public consumption. The Mexican drug dealer is the Willie Horton of the immigration debate. I get it.

Huh? The state somehow has an anti-immigrant effort? No, there’s no anti-immigrant effort. There’s an anti-illegal-immigrant effort, however, which is what SB1070 is all about. You are confusing your issues, Ruben.

What are nativists supposed to do? Convince Arizonans that the nannies they give their babies to every day are dangerous, that the gardeners to whom they volunteer their security code are a threat. You need drug dealers in this dialogue. Who else are people going to be afraid of?

I’ll just leave this paragraph with a, “Huh?” because I can’t make any sense out of it whatsoever. I’m not sure how nannies and gardeners and drug dealers are relevant to illegal vs. legal status.

Not a hot dog vendor. Think about where that woman was from — Sinaloa. That state is the capital of the Mexican drug trafficking industry. It’s quite simple.

This ought to be good…

If you’re from Sinaloa and you sell drugs, you can live a luxurious life in Mexico. If you sell hot dogs, you work long, hot nights in the desert. Arizonans are ginning up fear of one to rid their state of the other.

So, let me translate Rubenese to English: Sinaloans who come to America are drug dealers. Since that fact hasn’t been brought into the debate by either side—until now—I have to assume that Ruben is ginning up fear of one to get rid of the other.

Or maybe I’m missing something here, so I’ll try again: Illegal immigrants who are from Sinaloa should get a pass just like illegal immigrants who are hot dog vendors or drug dealers. There. I think I got it.

I finish my second hot dog—the best I’ve tasted this side of Coney Island—and pay the bill. Oh, by the way, I ask the woman: “What’s your name?”

Who pays after they eat their hot dogs? This story smells fishy to me. You get your dogs, you pay the vendor. Then you eat them. Strange…

She smiles, looks away and shakes her head. She won’t tell me. She must figure, why take chances? For immigrants, there’s enough of that going on already in this city, where just getting in a car or walking down the street can be a high-stakes gamble.

“She must figure…?” Ruben reads minds. Enough said.

The opinions expressed in this commentary are solely those of Ruben Navarrette Jr.

Thank goodness for that. More like him and… well, too late. They’ve already been elected.

Others have many thoughts regarding the installation of Adobe Flash Player on Mac OS X. Others have opinions on why Flash is an anathema to the web. I have an opinion on the webpage for it, which brings to mind the image of a barge. Maybe the SS Adobarge.

Hmm. There’s an interesting image for you, a company as a barge. But why a barge? Well, first of all, it’s slow and plodding to make progress. If it weren’t for a tug, it would drift aimlessly with the current. Granted, it can carry a lot along with it. I got this feeling this morning when I downloaded the Flash Installer for Mac OS X from the Adobe website and it told me it would take 7 minutes “@ 56K modem.” Huh?

Sorry, did you say, 56k modem? First, why a 56K modem? Why not, say, “donkey cart” or “FedEx” or “carrier pigeon” or “smoke signals?” Oh, I get it… it’s the “lowest common denominator” for download time estimates. Because everybody thinks about their download speed in terms of “times faster than a 56K modem,” don’t they?

Second, unless you’re actually using a 56K modem, you probably don’t give a rat’s ass about the download time at 56K, so why bother telling us in the first place? All modern browsers will tell you pretty well how long it will take to download the file if you simply start the process. If you see “29 minutes remaining” and you only have a few moments before your parents send you off to bed, you’re probably going to stop the download process and cover your tracks before going to bed and your parents see you’re downloading a porn video.

Really, you don’t care how long somebody else’s download is going to take; you only care how long your download is going to take.

“We do it for the non-broadband users.” Even if you are still dialing up, if you want Flash, you’re going to download it, no matter if Adobe tells you it will take 45 minutes or 45 seconds “@56K modem”. Besides, you’re going to be able to look at your browser and tell that it’s going to take “about 5 minutes” when you start it.

Sigh. As I said, slow to move forward.

And talk about momentum! There’s no change coming anytime soon, nosiree! Not when yesterday’s webpages would do: when you click the download button, you’re redirected to the “Thank you” page where you are told “If a dialog box appears with the option to run or save, click run.”

That never happens on a Mac OS X machine in Safari. Never has, never will. I’m not so sure about Chrome or Firefox or Opera, but I’d guess they don’t do it either since this is distinctly a Windows Internet Explorer behavior. Now, there’s nothing really wrong with this, exactly, but it’s just untidy. It’s like seeing bra straps showing on the red carpet. Untidy, and easily solved with a little bit of change.

Get with the times, Adobe. As much as you may think Flash is the greatest thing ever, its time has passed. Redirect your energies to making a great HTML5 content creation tool and sell it just as you have the Flash toolset. Well, not exactly. You could do a better job of that, too, but I’m just covering old territory on that.

There’s precious little on the Interwebs about sharing a fax modem using Mac OS X Server 10.6 (or 10.5 or 10.4…). Trust me, I’ve looked.

If you’re looking for the clues, here they are. I started out by monkeying around with /etc/cupsd.conf, got it to work, but ended up just doing this:

  1. I created the fax printer using the usual MacOS X Server System Preferences. I also set it up to answer and receive, and that works OK. I then tested the fax printer to make sure it works. (The modem is a MultiModem USB modem, FYI, so I have no Apple Stick-of-Gum Modem problems to deal with. It is rumored that the Apple Stick-of-Gum modem won’t work with a 64-bit server.)

  2. Use Safari to visit localhost:631/printers/. Selected “MultiModemUSB”.

  3. Selected “Maintenance” and “Modify Printer” from the drop downs. Entered my administrator username and password.

  4. After some Carousel spinning, clicked “Current Connection” and “Continue”.

  5. Checked “Share this printer” and “Continue”.

  6. Left all settings as-is and clicked “Modify Printer”.

  7. Clicked the “Administration” tab.

  8. Checked “Share printers connected to this system”.

  9. Clicked “Change Settings”.

After cupsd restarted, I was able to browse on 10.6 client machines to see the fax machine using the Default browser!

Could it really be that easy? Is this going to work? Will Superman be able to save Lois Lane in time?

Tune in next time…

A literal video is a music video (You remember those? MTV used to show them.) where the vocals have been replaced with a description of the action in the video. YouTube is chock full of them, and some of them are really, really good.

I’m a big fan of Barenaked Ladies. (No, Mom, it’s not what you think. They’re a band.) One Week is a great song with the kind of machine-gun lyrics that you have to listen to about ten times before you finally get most of them.

This is one of those really, really good literal videos, and it’s a parody of One Week. If you don’t know the real song, it won’t be quite as good, but it’s still pretty impressive.

OK, folks, as you may recall, I got a new server capable of running Mac OS X Server 10.6. Problem is, it doesn’t know jack about my custom PHP or Perl installations on my 10.5 server, so I have to figure out what to do to setup these things again. Let’s go!

What did I do before?

First, what did I have installed last time? Well, let’s start with the applications I use. First, there’s Gallery. Then there’s Moveable Type, which is what you’re using right now to read this ‘blog. And I have a weather collection app that runs in PHP. Each of these has its own requirements:

Gallery requires a bit of stuff:

  • a database—check! That’s MySQL.
  • an image processing library—check? Previously, I used ImageMagick, but I note that Gallery 2 now supports GD, and, as we’ll see later, I’m using GD for other things. So perhaps there’s some (ahem) synergy to be had here. Keep GD at the top of the list, ImageMagick if required.
  • mod_rewrite—should be a checkbox in Server Admin, so let’s hope it is.
  • ffmpeg
  • dcraw
  • jhead
  • infozip—I’ll skip this one.
  • zip—probably check?

MT requires no extra PHP goodies, but has a pretty good list of Perl modules that are optional in addition to a few that are required. From the requirements page, we get this list:

Required Perl modules

  • CGI
  • Image::Size
  • File::Spec (Version 0.8 or higher)
  • CGI::Cookie One of the following Database Perl Modules is required:

  • DBD::mysql (version 2.9005 or higher) - When using MySQL database

(This is what I’ll use, so I ignore the others.)

WARNING: DBD::mysql 2.9004 is not recommended nor supported by Six Apart due to the error: “Statement has no result columns to bind”. Later versions of DBD::mysql are recommended.

Optional Perl Modules

The following Perl modules support option functions. Use these modules for even greater functionality with Movable Type.

Archive::Tar Archive::Zip Crypt::DSA Crypt::SSLeay Digest::MD5 Digest::SHA1 File::Temp GD HTML::Entities HTML::Parser Image::Magick IO::Compress::Gzip IO::Socket::SSL - New in MT5 IO::Uncompress::Gunzip IPC::Run List::Util LWP::UserAgent Mail::Sendmail MIME::Base64 Net::LDAP - New in MT5 Safe Scalar::Util SOAP::Lite (Version 5.0 or higher) Storable Text::Balanced (Necessary for searches within a blog) XML::Atom XML::Parser XML::SAX

And my own weather application requires only JpGraph, but it needs

  • GD
  • FreeType 2.x and
  • the fonts for FreeType to use.

The big, burning question in my mind is, What has Apple enabled in the default PHP installation? Used to be that GD was off by default, as was FreeType. Let’s issue a php -i to find out:

$ php -i

Holy crap. In the output on this 10.6.2 box, we find

gd

GD Support => enabled
GD Version => bundled (2.0.34 compatible)
GIF Read Support => enabled
GIF Create Support => enabled
JPEG Support => enabled
libJPEG Version => 6b 
PNG Support => enabled
libPNG Version => 1.2.37

Amazing! This was a long-standing gripe I had, and the result is that I don’t need to do anything fancy… just yet. But is everything else there?

In any case, first step: grab Xcode and install it. Then don’t forget to turn on CGI execution and the php5_module in Server Admin.

Check!

Now let’s do something simple and make JpGraph work. (A few hours of frustration pass… and I’m not kidding. It’s so simple, and yet sometimes, so hard.) It’s really rather simple.

JpGraph

First, grab the tarball for JpGraph. Extract it. In my other installation, I had decided (for some odd reason) to put the scripts in the root directory of the weather site, but upon reading the installation notes, I decided to locate them a little more sensibly. So I moved/renamed src to /Library/WebServer/CGI-Executables/jpgraph like this:

$ cd jpgraph-3.0.7
$ mv src /Library/WebServer/CGI-Executables/jpgraph

and changed the ownership and permissions so that it can be used by the webserver user (which is in the group _www):

$ cd /Library/WebServer/CGI-Executables/
$ sudo chown -R admin:_www jpgraph
$ sudo chmod -R 755 jpgraph
$ xattr -dr com.apple.quarantine jpgraph

Then I moved the Examples folder to the root Documents folder (because I have no sites up at this point):

$ cd jpgraph
$ mv Examples ../Documents/

And then had to make a symbolic link in the Examples folder so that the examples can find the jpgraph directory.

$ cd ../Documents/Examples
$ ln -s  ../../CGI-Executables/jpgraph/ jpgraph

I then pointed my webbrowser to http://localhost/Examples/testsuit.php and, Yes! I have graphs! There are some gripes about PHP with no support for TTF. And this is where things get interesting because what we have to do now is rebuild PHP from scratch, ensuring that we get TTF—as well as all of the other things that Apple includes, plus the stuff we need for other applications—built into it.

That’s a bit tricky, and we have to break down the configure line that Apple used in order to see what libraries we have to make.

PHP, Just Like Apple

Let’s try to build PHP just the way Apple builds it, with their configurations ‘n’ all. If you look at the output of php -i, you can see what Apple used to build the PHP installation distributed with Mac OS X Server 10.6.

Configure Command =>  '/var/tmp/apache_mod_php/apache_mod_php-53~1/php/configure'  '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-dependency-tracking' '--sysconfdir=/private/etc' '--with-apxs2=/usr/sbin/apxs' '--enable-cli' '--with-config-file-path=/etc' '--with-libxml-dir=/usr' '--with-openssl=/usr' '--with-kerberos=/usr' '--with-zlib=/usr' '--enable-bcmath' '--with-bz2=/usr' '--enable-calendar' '--with-curl=/usr' '--enable-exif' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/BinaryCache/apache_mod_php/apache_mod_php-53~1/Root/usr/local' '--with-png-dir=/BinaryCache/apache_mod_php/apache_mod_php-53~1/Root/usr/local' '--enable-gd-native-ttf' '--with-ldap=/usr' '--with-ldap-sasl=/usr' '--enable-mbstring' '--enable-mbregex' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--with-mysql-sock=/var/mysql/mysql.sock' '--with-iodbc=/usr' '--enable-shmop' '--with-snmp=/usr' '--enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-xmlrpc' '--with-iconv-dir=/usr' '--with-xsl=/usr' '--with-pcre-regex=/usr'

Before I forget—we won’t be doing the standard make/make install without first backing up the php binaries. I had problems making sure that the architectures of my Apache server and the PHP binaries matched, and if they don’t, Apache won’t load them. And then Apache won’t load and your webserver is borked pretty good until you get PHP working perfectly. With that in mind, onward!

The first thing to do is, of course, grab the PHP tarball from its source and unsmoosh it. I tend to keep all of this stuff in a new folder, Installed, in my home directory, by the way.

Ideally, we’d just do the configure command just like Apple. Given that it’s easy to download Xcode and PHP and try it all out on the laptop as I’m writing this, I decided to just dive right in and try the configure command as Apple did it and see what it gripes about. (Copy and paste the original Apple configure command to your command line, then edit out the /var/tmp/Apache… bit so that it’s just ./configure.)

The first thing it gripes about is not being able to find the PCRE headers file.

checking for PCRE headers location... configure: error: Could not find pcre.h in /usr

That’s because this option

'--with-pcre-regex=/usr'

is telling Configure to look for pcre.h where it just won’t find it. I Googled it and discovered that there are all kinds of fixes out there that involve copying a file that doesn’t seem to exist into somewhere else so that it can be found. Hmm. That doesn’t sound like the right approach. And Apple has a patch that doesn’t seem to work, either because it’s targeted at an older version of PHP (5.3.0) or because they place a libpcre somewhere that we don’t have it in a clean installation.

After a while of digging, I realized that some of the advice out there on the web is merely to copy the header file from php-5.3.1/ext/pcre to /usr/somewhere. Wha…? Why copy this file if it seems like the normal PHP installation has PCRE built in as an extension, i.e., no library needed, it’s self-contained in the installation? Then all we have to do is something like we do with GD, namely just say “Yes! I want PCRE!” and don’t worry about where it comes from.

(By the way, downloading and installing libpcre also works. But that’s overkill at this point, and it may introduce problems with PHP because the current PCRE is 8.0 and the one installed with PHP is 7.8, I think.)

So if you change the flag above to this:

'--with-pcre-regex'

the problem goes away and configure reports

checking which regex library to use... php

Whew. Now, on to other problems, because there are some, specifically:

configure: error: libjpeg.(a|so) not found.

These flags cause that particular problem:

'--with-jpeg-dir=/BinaryCache/apache_mod_php/apache_mod_php-53~1/Root/usr/local'
'--with-png-dir=/BinaryCache/apache_mod_php/apache_mod_php-53~1/Root/usr/local'

There’s a big problem: we don’t have the mythical /BinaryCache/apache_mod_php... directory, so we have to make our own jpeg lib and png lib. Ready for that? Thought so! Let’s go!

libjpeg

First, grab the libjpeg tarball from its source. Then extract it and throw it into your Installed directory or wherever you’re keeping all this stuff, and it’s important to keep it because as often as Apple wrecks custom PHP installations, you are going to have to do it all again someday.

Things have gotten a bit easier since I did this last time, about five years ago, and all you have to do is the standard configure/make/make install with one option, like this:

$ ./configure --enable-shared

8< snip!

$ make

8< snip!

$ sudo make install

All we have to do now is keep in mind that libjpeg is now located in /usr/local/lib according to make and can edit the flag appropriately.

'--with-jpeg-dir=/usr/local'

libpng

Again, grab the source for libpng from its source and unpack it. Let’s see if anything’s changed since I last did this with v1.2.8.

$ ./configure
-bash: ./configure: /bin/sh^M: bad interpreter: No such file or directory

Harumph. Well, according to the INSTALL file, we might want to copy the makefile that lives in scripts and use that. Problem is, after I tried it, I noticed that libpng wants to find libz at ../zlib, where it certainly isn’t. And according to my notes, that’s a problem I ran into before. Here’s how to fix all that:

$ cp scripts/makefile.darwin makefile
$ emacs makefile

(or pico or nano or vi or whatever…)

Change this

# Where the zlib library and include files are located                                                                                                            
#ZLIBLIB=/usr/local/lib                                                                                                                                           
#ZLIBINC=/usr/local/include                                                                                                                                       
ZLIBLIB=../zlib
ZLIBINC=../zlib

to this

# Where the zlib library and include files are located                                                                                                            
ZLIBLIB=/usr/lib
ZLIBINC=/usr/include
# ZLIBLIB=../zlib                                                                                                                                            
# ZLIBINC=../zlib

and save it. You have to do this because Apple has started to include (or has always included?) the zlib library, and it’s not in the /usr/local directory but is with the rest of the Apple-provided stuff in /usr. Then

$ make
$ sudo make install
$ ./pngtest pngtest.png

which should produce a bunch of lines with r’s and w’s. If it does, then, Yay! Continue onward.

The libraries end up in /usr/local/lib, just like libjpeg, so its options look similar:

'--with-png-dir=/usr/local'

And now let’s hope for the best.

Back to PHP

If you try again, things should work just fine with the exception of this error:

Notice: Following unknown configure options were used:

--disable-dependency-tracking

Check './configure --help' for available options

We can ignore that one, unless you’re particularly retentive and decide to eliminate it. Otherwise, the complete configure command looks like this:

./configure  '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-dependency-tracking' '--sysconfdir=/private/etc' '--with-apxs2=/usr/sbin/apxs' '--enable-cli' '--with-config-file-path=/etc' '--with-libxml-dir=/usr' '--with-openssl=/usr' '--with-kerberos=/usr' '--with-zlib=/usr' '--enable-bcmath' '--with-bz2=/usr' '--enable-calendar' '--with-curl=/usr' '--enable-exif' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--enable-gd-native-ttf' '--with-ldap=/usr' '--with-ldap-sasl=/usr' '--enable-mbstring' '--enable-mbregex' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--with-mysql-sock=/var/mysql/mysql.sock' '--with-iodbc=/usr' '--enable-shmop' '--with-snmp=/usr' '--enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-xmlrpc' '--with-iconv-dir=/usr' '--with-xsl=/usr' '--with-pcre-regex'

If configure runs OK, then try make. (If you’ve been trying make at various points along the way, don’t forget to make clean.)

It’ll fail. Don’t ask me how I know, I just know. My sources tell me you’ll see:

Undefined symbols:
  "_libiconv", referenced from:
      __php_iconv_strlen in iconv.o
      _php_iconv_string in iconv.o
      _php_iconv_string in iconv.o
      __php_iconv_strpos in iconv.o
      __php_iconv_appendl in iconv.o
      __php_iconv_appendl in iconv.o
      _zif_iconv_substr in iconv.o
      _zif_iconv_mime_encode in iconv.o
      _zif_iconv_mime_encode in iconv.o
      _zif_iconv_mime_encode in iconv.o
      _zif_iconv_mime_encode in iconv.o
      _zif_iconv_mime_encode in iconv.o
      _zif_iconv_mime_encode in iconv.o
      _php_iconv_stream_filter_append_bucket in iconv.o
      _php_iconv_stream_filter_append_bucket in iconv.o
ld: symbol(s) not found

Apparently, the only way to fix the problem that exists in PHP5.3.1 is to edit the file ext/iconv/iconv.c from this (which is down on line 185 or so—don’t mix it up with the first one in the file!)

#ifdef HAVE_LIBICONV
#define iconv libiconv
#endif

to this:

#ifdef HAVE_LIBICONV
#define iconv iconv
#endif

Now try make and see what happens. I think you’ll be pleasantly surprised.

The real litmus test will be to install it. Let’s first backup the Apple PHP and then install ours.

$ php -i > ~/php-config-2010.01.17
$ sudo cp /usr/libexec/apache2/libphp5.so /usr/libexec/apache2/libphp5.so.apple
$ sudo cp /usr/bin/php /usr/bin/php.apple

(When I did the php -i above, it griped with

PHP Warning:  Unknown: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EST/-5.0/no DST' instead in Unknown on line 0

so I edited /etc/php.ini to read

[Date]
; Defines the default timezone used by the date functions                                                                                                         
; http://php.net/date.timezone                                                                                                                                    
date.timezone = America/New_York

All of the choices for date.timezone are at the URL shown in the .ini file.)

Now to Add FreeType…

…tomorrow. That’s enough for one day.

Updated! Here’s how to add FreeType (and fonts)

It turns out that adding FreeType support is very easy. First, make sure you install X11 support when you install Mac OS X Server. Then all we have to do is change our configure command with one additional switch. It ends up looking like this:

./configure  '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--disable-dependency-tracking' '--sysconfdir=/private/etc' '--with-apxs2=/usr/sbin/apxs' '--enable-cli' '--with-config-file-path=/etc' '--with-libxml-dir=/usr' '--with-openssl=/usr' '--with-kerberos=/usr' '--with-zlib=/usr' '--enable-bcmath' '--with-bz2=/usr' '--enable-calendar' '--with-curl=/usr' '--enable-exif' '--enable-ftp' '--with-gd' '--with-jpeg-dir=/usr/local' '--with-png-dir=/usr/local' '--enable-gd-native-ttf' '--with-ldap=/usr' '--with-ldap-sasl=/usr' '--enable-mbstring' '--enable-mbregex' '--with-mysql=mysqlnd' '--with-mysqli=mysqlnd' '--with-pdo-mysql=mysqlnd' '--with-mysql-sock=/var/mysql/mysql.sock' '--with-iodbc=/usr' '--enable-shmop' '--with-snmp=/usr' '--enable-soap' '--enable-sockets' '--enable-sysvmsg' '--enable-sysvsem' '--enable-sysvshm' '--with-xmlrpc' '--with-iconv-dir=/usr' '--with-xsl=/usr' '--with-pcre-regex' '--with-freetype-dir=/usr/X11R6'

Sure enough, after a make clean/make/make install (and restarting Apache), you get TTF support enough for the JpGraph to acknowledge that it is installed, but it will gripe that Arial and Verdana aren’t installed. Which they aren’t. So it’s right.

So how do we go about installing these fonts? Simple! Since we’re using a Windows machine, all we have to do is copy them from Microsoft… oh… wait… that’s a problem, now, isn’t it?

Well, now… all we have to do (for real) is get the core web fonts, which include Arial and Verdana, from Microsoft or somewhere else and put them where Jp Graph can find them. There are two ways that I know of to do this.

  1. Go to the Internet Archive and download each individual file as Microsoft used to distribute them, circa 2002. The page you’re looking for is here. Apparently, that’s how I found them about eight years ago, because I don’t have any knowledge of how to do:

  2. Download the fonts from the Corefonts project. This technique involves downloading a “cab” file (which Microsoft seems OK with) and extracting the contents using some utilities. You might want to just copy the .ttf fonts from some conveniently-available PC.

JpGraph would like to see the fonts in /usr/share/fonts, so all we need to do is create that directory and stick the font files there. I have mine in a folder in my Installed directory, so here’s what I did.

$ sudo mkdir /usr/share/fonts         
$ sudo mkdir /usr/share/fonts/truetype
$ sudo cp * /usr/share/fonts/truetype/
$ ls /usr/share/fonts/truetype/

After that, if all goes well, you’ll be able to load the JpGraph examples and see all the fonts working just fine.

Really, that’s all there is to it…

Updated! Compiling PHP with libpng 1.4.x

Art Fisher of In Color commented below that he had problems with this error during the make when he tried my instructions:

Undefined symbols:
  "_png_check_sig", referenced from:
      _php_gd_gdImageCreateFromPngCtx in gd_png.o
ld: symbol(s) not found
collect2: ld returned 1 exit status
make: *** [libs/libphp5.bundle] Error 1

I had run into that problem, too, and filed a bug against PHP 5.3.1. I guess the guys at PHP.net consider a bug that they found and fixed in a not-so-public version of PHP (a nightly build of about a month ago) “bogus,” so they marked my bug as “bogus.” I’d have preferred “closed,” but semantics aside, the problem above is caused by the removal of the long-deprecated _png_check_sig from libpng as described in the release notes, here.

Art and I worked together to figure out what was going on and discovered that if you edit line 148 of ext/gd/libgd/gd_png.c from

       if (!png_check_sig (sig, 8)) { /* bad signature */
                return NULL;
        }

to

       if (!png_sig_cmp (sig, 0, 8) == 0) { /* bad signature */
                return NULL;
        }

PHP will compile fine.

He then found some other problems, one of which you’re most likely encountering and for which I’ll share the solution below.

Updated! PHP not installing a CLI binary

After you’ve done all of that stuff above, you’ve probably fired up your web browser and run a simple phpinfo() script and discovered that you did indeed succeed.

To show off your command-line prowess to you spouse (who will be suitably impressed when you say, “Look, Dear! I successfully compiled and installed PHP version 5.3.1!”), you do a php -i which shows that you didn’t succeed at all! Instead, php -i reports that the old version, compiled by Apple, remains! I looked, and sure enough, the old version of php remained untouched, but there was a strange, and very functional, php.dSYM file sitting right next to it in /usr/bin.

Huh?

After Googling a bit, I discovered this web page which describes an esoteric problem that the libtool has in Leopard, and now in Snow Leopard, where gcc can’t seem to fully optimize PHP without mis-generating a .dSYM file. Or something like that. That guy on that page describes a way to not-quite-fully-optimize PHP and avoid the problem. Others have described a simpler way to solve the problem which yields a fully-optimized PHP. All you have to do is symlink php to the php.dSYM file.

In case you haven’t moved the old php out of the way yet (in which case that php -i above wouldn’t have worked in the first place), do this

$ sudo mv /usr/bin/php /usr/bin/php.apple

then this to make the symlink:

$ sudo ln -s /usr/bin/php.dSYM /usr/bin/php

That way, if you reinstall PHP again (as Apple has a tendency to step on our custom PHP installs, you’re certain to do so…) the newly-created php.dSYM will still link to php commands. Furthermore, if Apple does decide to fix the libtool/gcc problem, then php will be replaced and the problem goes away anyway.

Another Error: Warning! dlname not found in /usr/libexec/apache2/libphp5.so.

If you see this

Warning!  dlname not found in /usr/libexec/apache2/libphp5.so.

in the middle of the make install step, and yet PHP seems to work fine on both the command line and via Apache, as best Art and I can figure out, it’s OK. Don’t worry.

Updated! Libpng Header Version Problems

If you did what I did and installed libpng 1.4.x, then you have had this problem and probably don’t realize it. When you compile PHP and point it at /usr/X11R6/inclde to pick up the FreeType headers, it also picks up an old, 1.2.x, version of the libpng headers, but still builds PHP with the new version of the library itself, which is in /usr/include. And that’s a problem.

I’ve not been able to figure out how configure decides where to find what, nor how it could even be directed to do otherwise, but my workaround was to do

$ sudo mv /usr/X11R6/include/png.h /usr/X11R6/include/png.h_old

on a temporary—or maybe permanent—basis. I’m not sure I’ll ever need to do anything “real” with X11, so I think it’s OK to leave it that way. But, if you’re, er, retentive about things, you’ll want to put it back when you’re done making a new PHP.

By the way, I will be creating a new entry real soon now that summarizes all of these steps because as I’m doing it fore real, I realized it’s a real pain to read through the narrative to get to the heart of the process.

launchd Vagaries

|

A few evenings ago, I was the most frustrated person on the face of the planet. I can tell you this with some assurance because I have a meter on my Dashboard that tells me so. It measures my typing pace and the frequency of command line errors and... I digress.

The root cause of my frustrations was a file named #org.clamav.freshclam.plist# (whose origins I'm still unclear on, though I assume it's a leftover emacs temporary file or something). Every time the system booted, launchd tried to load that plist file, located in the directory /System/Library/LaunchDaemons/, and the net result was that postfix wouldn't start because amavisd wouldn't start. Why amavisd wouldn't start, I still don't know, because it seems to me it shouldn't depend on freshclam to run. But I couldn't tell what was going on by looking at any of the logs because there is not enough information shown.

And therein lies the heart of the matter: launchd, though it doesn't operate quite silently, doesn't have a debug mode. Furthermore, even in normal operation, it doesn't quite give enough information to make for productive bug hunting. I thought of these problems after the frustration level quieted down the following morning when I figured out what was going on.

First, What was going on?

What I knew was that postfix wasn't launching and neither was amavisd. I also knew from these entries in the system log

Oct 8 19:26:03 shr-g5 org.clamav.freshclam[3087]: ERROR: Incorrect argument format for option <strike>-checks (</strike>c) Oct 8 19:26:03 shr-g5 org.clamav.freshclam[3087]: ERROR: Can't parse command line options Oct 8 19:26:03 shr-g5 com.apple.launchd[1] (org.clamav.freshclam[3087]): Exited with exit code: 1 Otc 8 19:26:03 shr-g5 com.apple.launchd[1] (org.clamav.freshclam): Throttling respawn: Will start in 10 seconds that there was a problem with the file /System/Library/LaunchDaemons/org.clamav.freshclam.plist (or so I thought). I have mentioned this problem before, as well as the fix.

Great! I know how to fix that! So, armed with the confidence similar to that elicited by carrying a howitzer into a rock/paper/scissors match, I edited the file at fault because I had indeed messed around in Server Admin and knew that SA rewrites that file and screws it up again.

So I was perplexed when I kept seeing these errors over and over and over again. Stranger still, I could do a

sudo launchctl unload org.clamav.freshclam.plist followed by a sudo launchctl load org.clamav.freshclam.plist and freshclam was happy! I could then manually launch amavisd and postfix and life was good, until I rebooted and the same frickin' problem reappeared.

And that left me extremely frustrated, even more so than usual because I had a rented Bobcat-style digger sitting out in the driveway consuming my money without being productive for me at all. Eventually, I threw in the towel and started digging, which turns out to be very therapeutic.

[The paragraph that belongs here was removed because you really don't want to hear me gripe about restoring a MacOS X Server box from a Time Machine backup and all of the problems that that process entails. I've mentioned that before. Suffice it to say, I did so, it worked, but the problem remained.]

The following morning, again, with the digger outside consuming money at an alarming rate, I gave myself until 9am to figure out the problem. After that, my users, a.k.a. family, would have to live without E-mail until the digger was returned around 5pm. Fortunately, I did a ls without my usual -la and saw the aforementioned #'d file. I guessed that it was the cause of all my troubles, moved it out of the way, and the machine booted happily with no launchd errors.

So that leads me to the second part of my treatise, namely, What would have made this experience much less frustrating?

I have three suggestions. The first is that launchd should report the path to and name of the file it's parsing so that I would have seen immediately where the suspect file is. This information is especially important as there are several locations that launchd looks for plist files.

The second is that lauchd should tell me what command it tried that caused the problem. That's just good debugging practice.

Resulting logs would look like this in Bill's World:

Oct 8 19:26:03 shr-g5 org.clamav.freshclam[3087]: ERROR: While processing '/System/Library/LaunchDaemons/#org.clamav.freshclam.plist#' Oct 8 19:26:03 shr-g5 org.clamav.freshclam[3087]: ERROR: Issued command '/usr/bin/freshclam (rest of options from plist file here)' Oct 8 19:26:03 shr-g5 org.clamav.freshclam[3087]: ERROR: Incorrect argument format for option <strike>-checks (</strike>c) Oct 8 19:26:03 shr-g5 org.clamav.freshclam[3087]: ERROR: Can't parse command line options Oct 8 19:26:03 shr-g5 com.apple.launchd[1] (org.clamav.freshclam[3087]): Exited with exit code: 1

The third thing I'd like to see is more info output by launchctl list. As it is, it doesn't show any info about what's loaded except what the base name of the plist file is. No information about the issued command, no information about the path to the plist file, names of plist files which were tried and found wanting, nothing else is available that would have made this debugging process any easier. And that would be helpful, too.

launchd is a really cool new thing, but it lacks some of the polish and usability features that the more mature things have in place already. These are my suggestions which, I think, will help improve launchd and make it a cool, mature thing.

In my original posting, I gripe that Time Capsule makes a royal mess of things for a MacOS X Server box. And it does, still, unless you do some system file editing.

But I’ve had a few thoughts since then, especially since I just went through this whole scenario again last night. This time, I was better prepared, though, as the system file editing I describe in that article saved my bacon.

Or my users’ IMAP data. Bacon, IMAP data… if only IMAP data tasted as good… mmm… bacon…

Sorry. Back to reality.

Apple has chosen to keep several /var directories out of the Time Machine backups because they change rapidly, there’s a lot of data, and it would fill up the backup disk PDQ. Wisely, they also include some preferences in the exclusions file to take care of this little problem, namely the keys “PathsExcluded”, “ContentsExcluded”, and “FileContentsExcluded”.

Entire directories can be excluded with the first, the contents of directories can be excluded with the second (i.e., it preserves the top directory structure, but doesn’t backup any files or subdirectories), and the third backs up all of the subdirectory structures, but still no files. Googing these three terms yields nothing, so I assume I have a correct understanding of what they do.

If I do understand these correctly, then there’s a fourth kind that needs to be created, namely something which means “backup only the file permissions, names, ACLs, etc., but don’t backup the data in the files.” This key would allow the /var/log directory backup to maintain zero-length backup files (hence, they never change) but allow not-so-smart software which doesn’t/can’t create its own logfiles when missing (Apache, I’m lookin’ at you) to use them when restored from backup.

Maybe one of these keys means exactly that, but I’ll be darned if I know which one, and, like I said, there doesn’t seem to be any documentation on it.

It’s not a surprise since it was announced many moons ago, but MacOS X Server 10.6, a.k.a., “Snow Leopard,” is Intel-only.

What this means to you, friends, is that I will not be able to provide you with updates on whether or not your PHP installation will be broken by system updates and on whether or not your Time Machine backups are really all there or not.

Sure, that lovely aluminum box in the basement simply radiates strength and beauty simultaneously, but its dual PowerPC G5s are, sadly, Motorola and not Intel processors. (I rather like Motorola’s processors. But they screwed the pooch a few years back and there are just too many other good processors out there, including Intel’s, to be dogmatic in my loyalty.) And I can’t quite justify buying an Intel Mac for the family E-mail and web server… even though all it’d take is one of them new Mac minis… hmm…

(Snap out of it, Bill! Quit daydreaming!)

Or even a refurbished Mac Pro…

(I said stop!)

Hey! Refurbished 20” iMacs are only $850… shipped!

(Will someone please hit him?!)

The 10.5.8 update doesn’t appear to touch your custom StdExclusions.plist file if you updated it according to a previous post on this subject. But it also doesn’t fix the inherent problem.

The file I refer to is

/System/Library/CoreServices/backupd.bundle/Contents/Resources/StdExclusions.plist

and under “ContentsExcluded” is

/private/var/spool

the default location for the mail store. You’ll want to make sure that’s still commented out.

It sounds vaguely disgusting, doesn’t it, having one’s GAL broken?

I don’t know what’s going on. I use MSO2008 with Entourage in a corporate environment, and up until yesterday, I had no trouble whatsoever accessing my company’s global address list (GAL), which is something done via LDAP. After the update to 12.2.0, I could no longer access that GAL.

After much frustration in changing LDAP server settings, rebooting, etc., just because I thought it was my company’s fault, I decided that it might be the update that was responsible.

Fortunately, I have Time Machine running. So I first tried to revert to yesterday’s version of Entourage, but that crashed each time I launched it. Figuring that Microsoft can’t build a monolithic application to save its life and that there might be other things in the MSO 2008 folder that Entourage depends on, too, I reverted the whole folder and, guess what?

Entourage GAL access now works.

My conclusion is that the Entourage 12.2.0 update breaks GAL access somehow. I kept the updated MSO folder by renaming it “Microsoft Office 2008 12.2.0” and then restoring the older version, so I am able to keep using the new version of Word (speedier!) and Excel (tastier!).

Your milage may vary. Please comment if you have similar experiences.

Just like in my previous post, the latest MacOS X Server update, 10.5.7, doesn’t fix the problem with exclusion of the contents of /var/spool from Time Machine backups, either.

I keep forgetting about this topic, hot though it may be, because I’m usually more aware of the PHP problem.

Thanks, DS!

Unlike the 10.5.5 updater, the 10.5.6 update doesn’t appear to touch your custom StdExclusions.plist file if you updated it according to my previous post on this subject. But it also doesn’t fix the inherent problem.

The file I refer to is

/System/Library/CoreServices/backupd.bundle/Contents/Resources/StdExclusions.plist

and under “ContentsExcluded” is

/private/var/spool

the default location for the mail store. You’ll want to make sure that’s still commented out.