Managing cron.d with chef

I have recently been playing with the chef configuration management system. I was looking for a way to manage files in a directory such that any that were created by chef would be cleaned up again when they were no longer needed. A classic use case is the /etc/cron.d directory which may be populated by files from multiple sources. There appeared to be no established pattern for this but since chef allows the use of ruby in its recipes, I was able to construct the following. It assumes the use of the cron cookbook.

cron_d 'usercron.chef' do
  minute 0
  hour 23
  command '/bin/true'
  user 'myuser'

Dir.glob("/etc/cron.d/*.chef") do |f|
  name = f.split('/')[-1]
    t = resources("cron_d[#{name}]")
  rescue Chef::Exceptions::ResourceNotFound
    cron_d name do
      action :delete

OS X, bash and UK Keyboards

On an Apple UK keyboard, the # symbol is accessed by pressing ⌥-3 (pronounced option 3). Unfortunately the terminal application is only useable when option has been mapped to the UNIX meta-key, which takes precedence over “special” characters such as #. Thanks to this tumblr post, it is possible to work around this problem:

$ cat .inputrc
"\e3": "#"

Unfortunately .inputrc is a bash-specific configuration file and this does not solve the problem for terminal-based applications.

Google Maps and iOS Background App Refresh

I am posting this to the web in case it helps anyone else trying to troubleshoot a similar problem.

Recently I noticed my iPhone’s battery was ending each day significantly lower than usual, causing me to have to charge it every night instead of every couple of days. At first I suspected the extra consumption was caused by communicating to my Pebble smart watch but quickly eliminated that possibility when turning the Pebble off for a day had no effect.

After some experimentation, the change that restored my battery usage to its previous norm was disabling background apps refresh for Google Maps. This was an application I had recently installed because it works very, very, nicely with the Pebble, sending turn-by-turn navigation directions to your wrist as you walk. This completely removes the need to take the phone out of its pocket every few minutes to double check that the road you just passed was not the one you were supposed to turn down! However I do not use it frequently enough to justify doubling my daily power consumption…

Wearable Tech: Pebble

I have a new gadget, a pebble smartwatch. The “smart” moniker seems appropriate because it does something in addition to its primary function (telling the time), and as a platform it has a lot of potential, but like the first few generations of smartphones were merely OK phones, this is only a good digital watch rather than a great one.

Why would I want a mini-computer on my wrist when I already have one in my pocket/bag?

It seems to me that large screen phones are popular for a reason: they make better computers. Conversely as the screen size increases they lose all the properties that made smartphones attractive in the first place—easily carried always with-you devices. All the major mobile phone makers have launched voice-based interfaces but not only are they slow and error prone, in many cases the desired responses are fundamentally visual. Hence, the idea is a second screen for the phone that can then safely remain zipped away in a secure location.

What is it for?

For the moment, notifications. There is some rudimentary fitness tracking if you are into that sort of thing, but even being able to read notifications without getting my phone out of my pocket has turned out to be quite useful. For a start, I often fail to notice calls and texts when walking but the pebble makes them much more prominent. I can also see, with one glance and without taking off a glove, whether it is something urgent, or whether it can be dealt with later. People in the habit of leaving their phone in another part of the house will also find it useful since the bluetooth range easily stretches across a couple of floors.

While the pebble can run apps, currently these are mostly of novelty value rather than actually useful. The forthcoming 2.0 API looks a lot more capable and has proof of concept apps for things like displaying the last train departures from the nearest tube station. Notably the pebble does not have any built in speaker, microphone or camera which places it a long way from the significantly more expensive Galaxy Gear.

How good a watch is it?

Functional. Its e-paper screen means the time is always displayed (if you want it to be) and there is a cool motion sensor activated backlight. I did struggle to find a nice watch face that matched the functionality of my Timex Ironman digital watch, but since many watch faces are open sourced it would have been possible to modify one to my purposes had I not found one. Since the platform is very immature, sifting the good watch faces from the gimmicky was also part of the problem: it is currently not possible to search for something as specific as “digital 24 hours with seconds date and day of week”.1 The lack of built-in applications for what I would consider standard watch functionality is probably the biggest weakness right now. For example my Timex digital watch comes with chronograph, countdown timer and multi-timezone functions by default; for the pebble I had to search for an app and then try different ones out until I found one that worked well.

I find many normal watches too bulky for my slim wrists but as you can see from the photo, the pebble fits just about OK—I certainly would not want it any larger. The strap is a standard fitting so can easily be replaced and the battery is claimed to last 5-7 days between charges, which seems accurate based on my usage so far.


The pebble is fun and I already find it a useful addition to my every day life. It is by no means essential—yet, that will require several more iterations of both hardware and software—but the pebble proves the concept has utility in the world outside of Silicon Valley’s reality distortion field.

  1. Currently very few faces display seconds at all, it is not clear whether this is an unfilled gap in the market or because it drains the battery 59 times faster. [back]

Buddy online notification in Messages (OS X Mavericks)

In the days when OS X’s instant messenger program was called iChat, I think it was possible to setup a notification when a particular buddy came online. Mostly not very useful to non-stalker-types, especially as some services logged people in and out fairly continuously, but I would occasionally turn it on when trying to get in touch with an elusive friend or family member in a timezone that offers very little overlap with my own. It appears that is no longer an option in the main interface in Mavericks, but Apple do provide the ability to run an AppleScript whenever an event is triggered.

Continue reading


The HTC One V Android phone was recently added to the list of devices I am called upon to provide technical support for, and this weekend I had the chance to have a good play with it (i.e. its owner found it to be acting up and I had to help).

This is not meant to be a full review but rather a couple of observations, and a record of some “features” that lacked adequate documentation. Overall I found it to be a nicely put together piece of hardware with good ergonomics. On the software side the “pattern swipe unlock” requires less brain power to use than PIN, and gestures to switch between tabs in the web browser made multitasking on the web as easy as multitasking between apps.

On the negative side, the keyboard was awful. I have written entire blog posts on my iPhone keyboard of similar dimensions, yet could not enter a simple web search correctly first time on this one. A few Android users have recommend installing Swype, but that’s not available from the official App Store. It also turns out to be completely unnecessary as the HTC One comes with a built-in “trace keyboard” hidden away behind Settings -> Language and Keyboard -> HTC Sense Input -> Trace Keyboard which, in just a few minutes of testing, seemed much more useable.

General impressions aside, the reason I was called upon was because events added to the calendar application were not being synchronised to Google calendar on the web. This seemed odd, since synchronisation to Google’s services is supposed to be Android’s forte. The problem was that all new events were defaulting to a calendar called PC Sync, that was not synchronised anywhere, and no where did it seem possible to either change that default, or remove that calendar from the phone. Searching the web revealed only other people complaining of the same problem, and no solution—the cause though appears to be that HTC have replaced the default calendar application with one of their own that has this inexplicable and inexcusable “feature”. Fortunately there is now a workaround available—download the official Google calendar app from the App Store!

Making money from photographs on the Internet

This week Internet photo sharing site Instagram made headlines for an apparent change in its terms and conditions that would, it was claimed, allow the site to sell users’ uploaded photographs without further compensation. A few days later it made an apparent u-turn.

In the midst of the storm of dis-proportionate rage and indignation, Never Mrgan makes the point that even if Instagram did claim the right to resell a photograph without compensating the owner1, properly licensed high quality professional photographs are better and of more certain provenance. I think broadly this is true, but online photography fora are also full of stories of traditional media outlets ripping off photographs from websites such as flickr (where copyright licence terms are clearly asserted) and then claiming ignorance of copyright law and/or offering only negligible compensation when challenged by the owner.

Since many people just click through terms and conditions without reading or understanding them, any publicity that increases public understanding as to how online services work and make money has to be a good thing. For many people finding themselves to have taken a highly sought after photograph, perhaps of some rare or newsworthy event, the fame brought by being properly credited as the owner will be sufficient. But the clear message here is that if you ever think you might be in possession of a photograph or video more valuable than five minutes of fame, be very careful where you post it.

Perhaps this week’s outrage is also a symptom of the division in Internet photograph sharing between those photographers who prefer niche sites such as flickr and 500px, and everyone else who uses Facebook. The first group know that Facebook’s ability to disseminate content through its social graph is far greater than the dissemination available on their preferred platforms and they had hoped Instagram would bridge that gap, providing the features they wanted with the distribution potential of a social network.

This was also a potential missed opportunity for Instagram. The aforementioned copyright thefts by large media companies happen because a copyright holder has pursue each infraction individually, usually against corporate legal departments. If Instagram were to start selling sub-licences to photographs but promised to return a portion of the money over some large threshold to the photographer2 then Instagram would be the platform of choice.

  1. and it is possible it always has [back]
  2. similar to YouTube’s partner programme [back]

Encrypting filesystems with OS X Lion

Sadly some manufacturers1 of portable USB hard drives have yet to realise that there are operating systems other than Windows™ and include non-OS specific hardware encryption. OS X Lion supports software encrypted filesystems but the graphical Disk Utility application can only create new encrypted partitions. Fortunately the command line version of the same program can encrypt an existing partition without loss of data.

The drive must have a GUID partition scheme and the partition must have a HFS Journaled filesystem. You can view the partition information by typing diskutil list in a Terminal. The final column of output shows the IDENTIFIER you must use in the next command (disk1s2 in my case).

Encrypt the partition using the command:
diskutil cs convert disk1s2 -passphrase

You will them be prompted for a passphrase (do not lose or forget this, there is no way to recover the data if you do!). The drive will then be converted to a special corestorage volume and encrypted. Converting and encrypting a 1TB drive (with 500GB of data) took nearly 24 hours for me. You can monitor the process using the command diskutil cs list (the cs stands for core storage).

  1. Western Digital being one for which this is not true, their My Passport drive has been an excellent Mac citizen. [back]

HP DeskJet 3050A — The Missing Manual

Printers used to be a simple peripheral: connect it to your computer and hope that it will automatically configure the correct driver. If your printer was newer than your OS you accepted that you had no choice but to insert the supplied CD and install the driver along with whatever useless software the manufacturer decided would “enrich your experience”.

In an ideal world a networked printer would be similarly simple: connect it to your network and proceed as before but without the USB cable. Entering a non-trivial wireless password into device with just 6 buttons would be a tedious but infrequent task. Sadly not that simple.
Continue reading

Au Revoir, Internet Café

On previous trips, publishing a blog post or keeping in touch with home meant allocating some time to locate a reasonably priced Internet café and writing while watching a ticking timer. For this trip however I have been able to write at leisure in spare moments on my phone thanks to the availability of pre-pay GSM sim cards with data allowances.

In Australia, amaysim have been particularly good value although I only discovered their existence after considerable Internet research. A $10 purchase in-store sim card purchase gave us 1GB of data valid for 30 days plus $10 of pre-pay phone credit (90 day expiry). The network is provided by Optus, in common with most of the cheap prepaid sim offerings. There were a couple of issues though which I document here for future travellers.

  • We bought the sim card in a Seven-Eleven. The website claims you can buy them in post offices but the one we tried did not stock it so the availability might not be great. The same pack contains a sim that may be used with either the normal or micro sim formats.
  • Online activation claimed to work but actually failed because of my non-Australian address and credit card. You must call them to get your $10 purchase converted to a data plan. I have not tried to top up the credit yet but it makes me think that credit card top ups might be difficult. Buying vouchers works around this, but see the note above on availability.
  • The sim we bought has been used in multiple devices. I can report that despite rumours to the contrary, a sync with iTunes is not required to change the provider on an iPhone (at least on iOS5). However some devices could not access the Internet until the APN had been set manually to “Internet”, others just worked, for reasons I have yet to figure out.

Using the Terminal to restore from a Time Machine backup

I recently had to restore some Application Data from a Time Machine backup and since Finder in OS X 10.7 (Lion) now hides the Library folder in your home directory I thought it easiest to just cp the files from the mounted volume to the right place. It turned out that this it was not as straightforward as that because the restored files retained the read only permissions that prevent you from modifying a backup.

The ACL does not appear in the Finder, but can be seen using ls -le:

0: group:everyone deny write,delete,append,writeattr,writeextattr,chown

and also metadata: 50

The ACL can be removed using chmod -a #n filename where n is replaced by the number at the front of the ACL description (0 in this case). Applying it recursively is possible but potentially dangerous1 unless you know this is the only ACL applied to the files in the directory. The metadata can be removed using xattr, like this:
xattr -d filename

  1. and consequently left as an exercise to the reader [back]

Postfix and SMTP AUTH on OS X Lion

The standard instructions for configuring postfix to use authenticated SMTP to use authentication when forwarding to a relay host did not work for me on OS X Lion. For future searchers here is how I made it work.

  1. Create the file /etc/postfix/sasl_passwd as described in the standard docs, i.e. at least one line containing:
    server username:password
    and set the permissions using sudo chmod 600 /etc/postfix/sasl_passwd.
  2. Make the db version used by postfix: sudo postmap /etc/postfix/sasl_passwd (the new file will inherit the permissions of the original file).
  3. If you have upgraded from a previous version of OS X, particularly if you modified your postfix configs, follow the advice in the section below before continuing.
  4. To tell postfix to use authenticated SMTP, add the following lines to /etc/postfix/

    mydomain = <<your.mail.domain>>
    mydomain_fallback = localhost
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

    If your domain’s MX records do not specify your relayhost then you must also set the relayhost line.
  5. postfix on OS X runs “on demand” so there is no need to instruct it to reload its configuration. The log file is in the standard UNIX location, /var/log/mail.log.

Upgrading from Snow Leopard

I had previously had this postfix setup working under Snow Leopard, and the upgrade process appeared to have preserved my configuration settings so I was surprised to see that after upgrading to Lion, my smarthost was not accepting mail.

Examining the files in /etc/postfix I noticed that in addition to my customised there was also a file called which was modified the date I had upgraded to Lion. Comparing the two files showed a number of subtle differences but after being unable to determine why postfix was not authenticating to my upstream server, I decided to copy it over my customised and re-apply my changes.

Having done this, the mailq command gave me the following error:
postfix[17922]: fatal: bad string length 0 < 1: setgid_group =
Setting setgid_group = _postdrop in fixed that but then I hit another error:
fatal: file /etc/postfix/ parameter mail_owner: user postfix has same user ID as _postfix
Resolving this required me to change the value of mail_owner from postfix to _postfix but I don’t know if this is a bug in Apple’s supplied or an artefact of my user and group information evolving from a 10.6 install to 10.7.

iPhone Buying Advice

A number of people have recently asked my advice on buying an iPhone so I thought it worth writing up my current thoughts.

iPhone or Android (Samsung/HTC)

At the moment any phone marketed as an “iPhone competitor” is running Google’s Android software. I have not personally used an Android phone beyond a quick demo of friends’ devices but a survey of articles suggest that latest software has a comparable set of features to the iPhone, and every Apple-hater will quickly tell you that Android is better because it can do X, Y and/or Z, which Apple are too arrogant or controlling to allow. If you are someone who understands what feature X, Y or Z is and feel you need it, then you should get an Android phone. Everyone else should read this quote from a review of the newly released iPad-clone from people that make Blackberries:

“Browsing on the PlayBook ends up feeling very much like an Android device – perfectly usable, but not up to iOS [i.e. iPhone] standards.”

Whether this is something you find annoying enough to justify a more expensive iPhone over an Android device can to some extend be determined by spending some time with a friend’s phone or an in-store demo, so I highly recommend doing this. Another frequent complaint about Android phones is that the battery life is worse than that of an iPhone1, especially those models with the larger screens.

One of the major features of Android is the ability to install apps which have not been vetted by Apple. However it is highly unlikely that an average user would want to install an application that was banned by Apple so that advantage is moot. There is also an argument that since the iPhone+iPod+iPad2 platform is currently making developers a lot of money, and Android upgrades must be blessed by the phone manufacturer3 after being released by Google, iPhone owners are likely to get the latest and greatest apps before Android owners, and certainly no later.

It is natural that older Android phones which do not have all the latest iPhone features are practically being given away by the phone companies (so too the two-year old iPhone 3GS) but recently released Android phones are also considerably cheaper than iPhone 4s. For example today on a £35 per month contract for 24 months will get you the recently released HTC Desire S for £0, while an iPhone4 costs £119 on the same monthly tariff. I don’t think I can tell you whether it is worth you paying that extra £119, only hands-on demonstration and experimentation with a phone will tell you whether you think the phone will be good enough, the right apps available for what you want, and the battery life long enough.

Should I buy an iPhone 4 now or wait for iPhone 5?

While Apple are highly secretive about their product plans, it is widely believed that Apple have unofficially set media expectations that unlike previous years they will not be announcing a new device at their annual developer conference in June. There is no reliable information as to when a new iPhone might be released but the smart money is on a September announcement alongside this year’s iPod line-up.

Historically, supplies of new models has been extremely limited for the first few months so waiting until September realistically means waiting another month or two after the release date, and expect to pay at least the current cost of an iPhone 4. At the moment (May 2011), there is the possibility you may find a carrier able to offer some sort of discount on an iPhone 4 which will easily give you 18 months of good service before an Autumn 2012 release of the next generation.

Do I need a screen protector for my iPhone?

No. The iPhone 4 screen is designed to be touched directly and manufactured to a high quality. Placing an additional layer of low quality plastic between you and the screen will impair its function. I can really recommend the InCase Snap case (~£10 on, or half that for a clear plastic knock off) which protects the back and has a raised ridge around the front preventing contact should the phone be placed face down on a surface. If you need to protect the screen while the phone is not in use (e.g. inside a hand bag or similar) then buy a case that has a cover you put over the screen when not in use, or store the phone in a sock when inside the handbag.

  1. 7 hours of talk time and 300 hours standby is claimed by Apple [back]
  2. a.k.a. “iOS” [back]
  3. This is significant since if an app requires the latest version of Android and your manufacturer has not blessed it yet then that app will not be available to you, even if it it is available on other Android phones. [back]

FreeviewHD PVR Review

FreeviewHD has been broadcasting in our area for several months but since we almost never watch live television it seemed pointless to to buy a FreeviewHD (or DVB-T2 to use the technical name) receiver without some sort of recording capability. These have taken a surprisingly long time to reach the market but I noticed last weekend that the venerable John Lewis were selling a 500GB Digital Stream DHR8205U FreeviewHD hard-disk recorder and since the reviews on the web forums were broadly positive, made something of an impulse buy.

I quickly discovered that if the TV is not plugged in during boot then the box will flash “loading” at you forever but after that initial false start installation was smooth and the HD reception is an appreciable upgrade. The feature set appears comprehensive and although there is no option to repeat a recording daily or weekly, it can be instructed to record an entire series of programmes which is usually sufficient.

My biggest complaint is that the user interface is definitely quirky, which reminds you that this is definitely early-adopter territory. Most annoying is the remote control which has some of the most commonly used features (such as ‘pause’ and ‘library’) on tiny buttons which are laid out with no semblance of logical grouping. The listings guide is quite useable, although the ordering of the channel list is not customisable which means the three HD channels are 6 screens away from their non-HD equivalents. Pressing the large “OK” button during viewing brings up the list of channels with no programme information which seems redundant: on my previous PVR this button showed the current and next programmes. The screen showing the recorded programmes appears to have had so little attention that it might actually be an afterthought: recordings are laughably labelled simply as ProgrammeName_DDMMHHMM.trp. Fortunately there is at least a chance that the software issues might be fixed with the next software update scheduled for the end of June.

The user guide suffers from similar problems of poor readability including at least one circular reference (the effect of enabling “standby power-saving mode” is never explained). The packaging describes the product as “Manufactured in the UK” but DigitalStream itself seems to be a Korean company and the terminology used by the software is from a bizarre parallel universe: channels are called “services”, future recording “reservations” and the stored programmes library is “media”. Despite these foibles, so far I am a happy customer.

A Personal History of UNIX Tool Management on OS X

When I first switched to Mac from Linux I used fink to provide the simple software installation (and removal!) to which I had become addicted while using Debian. In addition to being command line compatible, fink also shipped the software as binaries which on the relatively slow CPUs of the day meant the software was able to be used much more immediately than if it had to be compiled.

About three years ago, I noticed that the fink binary distribution no longer had all the packages I wanted to use. The website would indicate the package was available but actually it would be only available in source code form and my aging laptop did not have the CPU or disk space available to compile not just the package but all its dependencies. When I upgraded that old laptop, and compiling everything from source seemed feasible, I decided that the MacPorts project had more community activity and jumped ship.

MacPorts worked very well. The initial install took time, and worked the fan of my MacBook quite hard, but once the base packages were compiled, subsequent software installs and updates were mostly painless. MacPorts also made it vary easy to tweak installs using its variants mechanism. However MacPorts’ downfall, in my opinion, is that it is not content to be just a way of augmenting the existing UNIX tools on my Mac but that it wants to be a self-contained operating system itself. For example, in order to install the git-svn tool MacPorts was going to download, compile and install not only an older version of Perl than is shipped with 10.6 but also a second version of the subversion tool that Apple have already provided. I am sure this is a good way to deliver a powerful and stable system, but it felt like MacPorts was taking over.

I am not the first to think this since someone has developed homebrew. It has the explicit goals of playing nicely with the OS defaults and programming language specific distribution systems such as RubyGems, CPAN and PyPi. I am pleased to be report that homebrew was very quick to setup and install the few remaining UNIX packages to which I remain addicted. The installer makes the assertion that every user on your system should be in the staff group,1 but the script was very simple to modify and I have submitted my version back to the maintainer.

The one package where I do not find homebrew satisfactory is LaTeX. homebrew uses the TeX Live distribution rather than the tetex package I have used in the past. However TeX Live is a humungous 1GB download and some quick research showed that it was very much a kitchen sink package with many sub-packages that were completely unnecessary for me. Instead I highly recommend the 85MB download (234MB installed) BasicTeX package which has proved to be entirely adequate for my needs, even if it does have softie GUI installer!

  1. I noticed that on a fresh install of 10.6 no one is a member of the staff group. It appears that all Administrator users are members of the admin group though, and since it seems to only allow admins to change the machine’s homebrew install, I forked this gist and replaced all the instances of staff with admin. [back]