Buddy online notification in Messages (OS X Mavericks)

In the days when OS X’s instant messenger program was called iChat, I think it was possible to setup a notification when a particular buddy came online. Mostly not very useful to non-stalker-types, especially as some services logged people in and out fairly continuously, but I would occasionally turn it on when trying to get in touch with an elusive friend or family member in a timezone that offers very little overlap with my own. It appears that is no longer an option in the main interface in Mavericks, but Apple do provide the ability to run an AppleScript whenever an event is triggered.

Continue reading “Buddy online notification in Messages (OS X Mavericks)”

Encrypting filesystems with OS X Lion

Sadly some manufacturers 1 of portable USB hard drives have yet to realise that there are operating systems other than Windows™ and include non-OS specific hardware encryption. OS X Lion supports software encrypted filesystems but the graphical Disk Utility application can only create new encrypted partitions. Fortunately the command line version of the same program can encrypt an existing partition without loss of data.

The drive must have a GUID partition scheme and the partition must have a HFS Journaled filesystem. You can view the partition information by typing diskutil list in a Terminal. The final column of output shows the IDENTIFIER you must use in the next command (disk1s2 in my case).

Encrypt the partition using the command:
diskutil cs convert disk1s2 -passphrase

You will them be prompted for a passphrase (do not lose or forget this, there is no way to recover the data if you do!). The drive will then be converted to a special corestorage volume and encrypted. Converting and encrypting a 1TB drive (with 500GB of data) took nearly 24 hours for me. You can monitor the process using the command diskutil cs list (the cs stands for core storage).

  1. Western Digital being one for which this is not true, their My Passport drive has been an excellent Mac citizen.[]

Au Revoir, Internet Café

On previous trips, publishing a blog post or keeping in touch with home meant allocating some time to locate a reasonably priced Internet café and writing while watching a ticking timer. For this trip however I have been able to write at leisure in spare moments on my phone thanks to the availability of pre-pay GSM sim cards with data allowances.

In Australia, amaysim have been particularly good value although I only discovered their existence after considerable Internet research. A $10 purchase in-store sim card purchase gave us 1GB of data valid for 30 days plus $10 of pre-pay phone credit (90 day expiry). The network is provided by Optus, in common with most of the cheap prepaid sim offerings. There were a couple of issues though which I document here for future travellers.

  • We bought the sim card in a Seven-Eleven. The website claims you can buy them in post offices but the one we tried did not stock it so the availability might not be great. The same pack contains a sim that may be used with either the normal or micro sim formats.
  • Online activation claimed to work but actually failed because of my non-Australian address and credit card. You must call them to get your $10 purchase converted to a data plan. I have not tried to top up the credit yet but it makes me think that credit card top ups might be difficult. Buying vouchers works around this, but see the note above on availability.
  • The sim we bought has been used in multiple devices. I can report that despite rumours to the contrary, a sync with iTunes is not required to change the provider on an iPhone (at least on iOS5). However some devices could not access the Internet until the APN had been set manually to “Internet”, others just worked, for reasons I have yet to figure out.

Using the Terminal to restore from a Time Machine backup

I recently had to restore some Application Data from a Time Machine backup and since Finder in OS X 10.7 (Lion) now hides the Library folder in your home directory I thought it easiest to just cp the files from the mounted volume to the right place. It turned out that this it was not as straightforward as that because the restored files retained the read only permissions that prevent you from modifying a backup.

The ACL does not appear in the Finder, but can be seen using ls -le:

0: group:everyone deny write,delete,append,writeattr,writeextattr,chown

and also metadata:

com.apple.metadata:_kTimeMachineNewestSnapshot 50

The ACL can be removed using chmod -a #n filename where n is replaced by the number at the front of the ACL description (0 in this case). Applying it recursively is possible but potentially dangerous 1 unless you know this is the only ACL applied to the files in the directory. The metadata can be removed using xattr, like this:
xattr -d com.apple.metadata filename

  1. and consequently left as an exercise to the reader[]

Postfix and SMTP AUTH on OS X Lion

The standard instructions for configuring postfix to use authenticated SMTP to use authentication when forwarding to a relay host did not work for me on OS X Lion. For future searchers here is how I made it work.

  1. Create the file /etc/postfix/sasl_passwd as described in the standard docs, i.e. at least one line containing:
    server username:password
    and set the permissions using sudo chmod 600 /etc/postfix/sasl_passwd.
  2. Make the db version used by postfix: sudo postmap /etc/postfix/sasl_passwd (the new file will inherit the permissions of the original file).
  3. If you have upgraded from a previous version of OS X, particularly if you modified your postfix configs, follow the advice in the section below before continuing.
  4. To tell postfix to use authenticated SMTP, add the following lines to /etc/postfix/main.cf:

    mydomain = <<your.mail.domain>>
    mydomain_fallback = localhost
    smtp_sasl_auth_enable = yes
    smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

    If your domain’s MX records do not specify your relayhost then you must also set the relayhost line.
  5. postfix on OS X runs “on demand” so there is no need to instruct it to reload its configuration. The log file is in the standard UNIX location, /var/log/mail.log.

Upgrading from Snow Leopard

I had previously had this postfix setup working under Snow Leopard, and the upgrade process appeared to have preserved my configuration settings so I was surprised to see that after upgrading to Lion, my smarthost was not accepting mail.

Examining the files in /etc/postfix I noticed that in addition to my customised main.cf there was also a file called main.cf.default which was modified the date I had upgraded to Lion. Comparing the two files showed a number of subtle differences but after being unable to determine why postfix was not authenticating to my upstream server, I decided to copy it over my customised main.cf and re-apply my changes.

Having done this, the mailq command gave me the following error:
postfix[17922]: fatal: bad string length 0 < 1: setgid_group =
Setting setgid_group = _postdrop in main.cf fixed that but then I hit another error:
fatal: file /etc/postfix/main.cf: parameter mail_owner: user postfix has same user ID as _postfix
Resolving this required me to change the value of mail_owner from postfix to _postfix but I don’t know if this is a bug in Apple’s supplied main.cf or an artefact of my user and group information evolving from a 10.6 install to 10.7.

iPhone Buying Advice

A number of people have recently asked my advice on buying an iPhone so I thought it worth writing up my current thoughts.

iPhone or Android (Samsung/HTC)

At the moment any phone marketed as an “iPhone competitor” is running Google’s Android software. I have not personally used an Android phone beyond a quick demo of friends’ devices but a survey of articles suggest that latest software has a comparable set of features to the iPhone, and every Apple-hater will quickly tell you that Android is better because it can do X, Y and/or Z, which Apple are too arrogant or controlling to allow. If you are someone who understands what feature X, Y or Z is and feel you need it, then you should get an Android phone. Everyone else should read this quote from a review of the newly released iPad-clone from people that make Blackberries:

“Browsing on the PlayBook ends up feeling very much like an Android device – perfectly usable, but not up to iOS [i.e. iPhone] standards.”

Whether this is something you find annoying enough to justify a more expensive iPhone over an Android device can to some extend be determined by spending some time with a friend’s phone or an in-store demo, so I highly recommend doing this. Another frequent complaint about Android phones is that the battery life is worse than that of an iPhone 1, especially those models with the larger screens.

One of the major features of Android is the ability to install apps which have not been vetted by Apple. However it is highly unlikely that an average user would want to install an application that was banned by Apple so that advantage is moot. There is also an argument that since the iPhone+iPod+iPad 2 platform is currently making developers a lot of money, and Android upgrades must be blessed by the phone manufacturer 3 after being released by Google, iPhone owners are likely to get the latest and greatest apps before Android owners, and certainly no later.

It is natural that older Android phones which do not have all the latest iPhone features are practically being given away by the phone companies (so too the two-year old iPhone 3GS) but recently released Android phones are also considerably cheaper than iPhone 4s. For example today on orange.co.uk a £35 per month contract for 24 months will get you the recently released HTC Desire S for £0, while an iPhone4 costs £119 on the same monthly tariff. I don’t think I can tell you whether it is worth you paying that extra £119, only hands-on demonstration and experimentation with a phone will tell you whether you think the phone will be good enough, the right apps available for what you want, and the battery life long enough.

Should I buy an iPhone 4 now or wait for iPhone 5?

While Apple are highly secretive about their product plans, it is widely believed that Apple have unofficially set media expectations that unlike previous years they will not be announcing a new device at their annual developer conference in June. There is no reliable information as to when a new iPhone might be released but the smart money is on a September announcement alongside this year’s iPod line-up.

Historically, supplies of new models has been extremely limited for the first few months so waiting until September realistically means waiting another month or two after the release date, and expect to pay at least the current cost of an iPhone 4. At the moment (May 2011), there is the possibility you may find a carrier able to offer some sort of discount on an iPhone 4 which will easily give you 18 months of good service before an Autumn 2012 release of the next generation.

Do I need a screen protector for my iPhone?

No. The iPhone 4 screen is designed to be touched directly and manufactured to a high quality. Placing an additional layer of low quality plastic between you and the screen will impair its function. I can really recommend the InCase Snap case (~£10 on ebay.co.uk, or half that for a clear plastic knock off) which protects the back and has a raised ridge around the front preventing contact should the phone be placed face down on a surface. If you need to protect the screen while the phone is not in use (e.g. inside a hand bag or similar) then buy a case that has a cover you put over the screen when not in use, or store the phone in a sock when inside the handbag.

  1. 7 hours of talk time and 300 hours standby is claimed by Apple[]
  2. a.k.a. “iOS”[]
  3. This is significant since if an app requires the latest version of Android and your manufacturer has not blessed it yet then that app will not be available to you, even if it it is available on other Android phones.[]

A Personal History of UNIX Tool Management on OS X

When I first switched to Mac from Linux I used fink to provide the simple software installation (and removal!) to which I had become addicted while using Debian. In addition to being command line compatible, fink also shipped the software as binaries which on the relatively slow CPUs of the day meant the software was able to be used much more immediately than if it had to be compiled.

About three years ago, I noticed that the fink binary distribution no longer had all the packages I wanted to use. The website would indicate the package was available but actually it would be only available in source code form and my aging laptop did not have the CPU or disk space available to compile not just the package but all its dependencies. When I upgraded that old laptop, and compiling everything from source seemed feasible, I decided that the MacPorts project had more community activity and jumped ship.

MacPorts worked very well. The initial install took time, and worked the fan of my MacBook quite hard, but once the base packages were compiled, subsequent software installs and updates were mostly painless. MacPorts also made it vary easy to tweak installs using its variants mechanism. However MacPorts’ downfall, in my opinion, is that it is not content to be just a way of augmenting the existing UNIX tools on my Mac but that it wants to be a self-contained operating system itself. For example, in order to install the git-svn tool MacPorts was going to download, compile and install not only an older version of Perl than is shipped with 10.6 but also a second version of the subversion tool that Apple have already provided. I am sure this is a good way to deliver a powerful and stable system, but it felt like MacPorts was taking over.

I am not the first to think this since someone has developed homebrew. It has the explicit goals of playing nicely with the OS defaults and programming language specific distribution systems such as RubyGems, CPAN and PyPi. I am pleased to be report that homebrew was very quick to setup and install the few remaining UNIX packages to which I remain addicted. The installer makes the assertion that every user on your system should be in the staff group, 1 but the script was very simple to modify and I have submitted my version back to the maintainer.

The one package where I do not find homebrew satisfactory is LaTeX. homebrew uses the TeX Live distribution rather than the tetex package I have used in the past. However TeX Live is a humungous 1GB download and some quick research showed that it was very much a kitchen sink package with many sub-packages that were completely unnecessary for me. Instead I highly recommend the 85MB download (234MB installed) BasicTeX package which has proved to be entirely adequate for my needs, even if it does have softie GUI installer!

  1. I noticed that on a fresh install of 10.6 no one is a member of the staff group. It appears that all Administrator users are members of the admin group though, and since it seems to only allow admins to change the machine’s homebrew install, I forked this gist and replaced all the instances of staff with admin.[]

iPhone Voicemail Setup Problems (& Solution)

The first time you select the voicemail button your an iPhone, in typical Apple fashion, it offers to help you configure your voicemail. This was much nicer than the traditional voice prompts one normally has to navigate, but the final step (talking to the network) repeatedly failed for me. Google indicated that it might be necessary to manually activate the voicemail by calling 1750, but that did not work for me. O2 customer service suggested that turning the voicemail off then on again would help (1760 [send] then 1750 [send]) but the setup failed again.

The solution that eventually worked for me was to configure voicemail in the “old-fashioned” (“non-visual”?) manner by dialling 901 and then following the tedious voice prompts. Once this had completed, I retried the iPhone visual voicemail setup using the same PIN as I configured at the voice prompts, and it worked first time.

So is the iPhone any good?

As revealed in my previous post, I recently purchased an iPhone. The reason for this is that the Internet stopped working on my old phone, and since I needed a new portable Internet device anyway and the web being the iPhone’s forté, it seemed like the best choice for my requirements.

But is it any good as a phone? The answer is undoubtedly yes, but it’s not “great”… yet, a few more software updates ought to fix that. Missing features that, upon reflection, I never used on my old phone include voice dialling (I’m sure voice recognition systems are not tested on west country accents!) and video calling. The one feature that is sorely missing is a character counter in the SMS application, a horrendous omission now there are call plans without unlimited text messaging. The other feature that people talk about is the keyboard which is a joy to use—last week’s Heathrow Express post was written and edited entirely on the iPhone.

Debugging an iPhone

While a Mac usually “Just Works”, when it does encounter an error situation, OS X often emits a a very vague message that can make debugging a long-winded process. For example, suppose you have recently brought home a shiny new iPhone and upon connecting it to iTunes you receive: “Could not connect to iPhone because an unknown error occurred (0xE8000001)”.

According to the web, it seems the most common cause of this is connecting the iPhone via a USB hub instead of directly to the computer, but I had no USB hub. Also, most people were experiencing this as a transient fault after regularly and successfully synchronising their iPhone for some months, while mine was a new connection—all very perplexing.

Fortunately, OS X is really UNIX in disguise, and so while the user interface tries to only display friendly messages, the technical details are being logged in the same way as any other UNIX system, hence I checked /var/log/system.log:

Jul 16 12:45:05 yvaine [0x0-0x10010].com.apple.iTunesHelper[136]: MobileDevice: 
AMDevicePair: Could not mkdir /Users/ned21/Library/Lockdown: Permission denied
Jul 16 12:45:05 yvaine [0x0-0x10010].com.apple.iTunesHelper[136]: MobileDevice: 
store_dict_osx: Could not create /Users/ned21/Library/Lockdown/
6b90d8c839e8ec9e74d2dffce9a2e111daf84f7b.plist: No such file or directory
Jul 16 12:45:05 yvaine [0x0-0x10010].com.apple.iTunesHelper[136]: MobileDevice: 
AMDevicePair: Could not store pairing record at 
/Users/ned21/Library/Lockdown/6b90d8c839e8ec9e74d2dffce9a2e111daf84f7b.plist

Aha!—a simple case of “permission denied”. (Which, lets be honest, to a non-techie person would be no less cryptic than the message that the GUI actually displays.) This did present another mystery though since permissions on ~/Library look normal:

yvaine:~ ned21$ ls -ld Library/
drwx------+ 42 ned21  ned21  1428 22 Jun 10:34 Library/

except for that little + sign at the end of the permissions string. A quick check on another mac indicates that this is in fact not normal, and means that the directory has an extended ACL (this is the same convention as in Linux) but unlike Linux, OS X does not have getfacl(1) and setfacl(1) commands for viewing and manipulating ACLs—use “ls -le” instead.

yvaine:~ ned21$ ls -lde Library/
drwx------+ 42 ned21  ned21  1428 22 Jun 10:34 Library/
 0: group:everyone deny add_file,delete,add_subdirectory,delete_child,writeattr,writeextattr,chown
 1: group:everyone deny delete

I have no idea how these ACLs were added to my directory, but let’s wipe them out:

yvaine:~ ned21$ chmod -a# 1 Library/
yvaine:~ ned21$ chmod -a# 0 Library/
yvaine:~ ned21$ ls -lde Library/
drwx------  42 ned21  ned21  1428 22 Jun 10:34 Library/

And my iPhone worked like a charm.

Netgear DG834Gv3, iChat and Linux

I recently picked up a Netgear DG834Gv3 wireless router and modem on ebay for a very reasonable price. In order to make iChat video conferences work seamlessly (i.e. without having to configure port forwarding) I had to:

  1. Upgrade it to the latest firmware (V4.01.30).
  2. Toggle UPnP off and on (twice according to some forums).
  3. Disable port scan and DOS protection (Advanced WAN Setup).
  4. Disable SIP ALG (Advanced WAN Setup).

Although my Macbook was now very happy, the Ubuntu box would not connect to the wireless network using WPA encryption: SoftMAC authentication would complete, but the wireless NIC could not see any packets. The web suggests that PS3 owners have also experienced problems after upgrading to 4.01.30 and the only answer is to downgrade, 4.01.20 being the last known “good” version. Sadly Netgear have removed all but the new broken and a very old versions of the firmware from their support page, but the source code is still available and the tar.bz2 contains a pre-built image so you don’t even need to compile it.

At this point I am back to square one since iChat will no longer receive incoming video requests from people behind NAT devices unless I use manual port forwarding.

Firmware 4.01.37 has been released. I have not tested this but it claims to fix the incompatibility with the Playstation3 so hopefully it should also work with Linux machines.

No spots on this Leopard

Leopard is the product name for the fifth release of Apple’s OS X operating system. I was pretty happy with the previous release, so apart from the automatic backup feature known as “Time Machine”, I was unsure as to how much benefit I would derive from the upgrade but it turns out that the little things really do make a difference:

  • The visual appearance has been subtly modernised, keeping OS X at the forefront of sexy computing.
  • The Front Row app, combined with the remote control supplied with new Macs, provides a simple and easy interface to view movies or show off photos. You can do the same with iPhoto and iTunes separately, but Front Row just seems less fiddly… (especially if you install the awesome Perian package so that FR can play additional codecs such as Windows .avi files).
  • Mail now has this awesome feature called data detectors which makes turning emails into calendar events or phone numbers to address book cards a one-click process: click on the phrase “let’s meet Thursday 12th at 1pm” and the little drop down menu can either create a new iCal event pre-filled with the contents of the email, or just show you your calendar for that time.
  • In a similar vein, QuickLook (the ability to rapidly preview files just by hitting the space bar) is the sort of time saving feature that you really miss when using lesser operating systems.
  • There is an ssh-agent included—no more third-party apps required to manage my ssh keys!
  • From reading Mac websites there is this perception that “.0” releases are not for the faint hearted and non-techies should always wait for “.1” before upgrading. I had always regarded this attitude as a little paranoid, but it has to be said that in the three weeks I was running 10.5.0, the Mail application crashed on me twice and once the window manager became completely wedged. Happily 10.5.1 has been a return to form and I have had no problems since.

Of the headline features, Time Machine and screen sharing within iChat are probably the most impressive and a key driver for those of us who are called upon to do Mac tech support. When it works, the implementation of the screen sharing is impressive, but iChat struggles when both computers are behind NAT devices. Similarly, Time Machine mostly “just works” but the default configuration has the caveat of trying to backup everything not included in OS, thus requiring a hard disk at least as big as the one you are backing up. If I trim the configuration to only backup my home directory then I seem to be able to get a couple of months of snapshots onto a partition that is just double the size of my data. Disappointingly, backing up over a network is requires an unsupported hack so hopefully a future update will enable this; it’s probably also worth noting that while backup and restore over the air worked, it was incredibly slow so doing the initial transfer via wired ethernet is a good idea.

Macbook not putting itself to sleep

Buried in the changelog of the latest NetNewsWire release:

Sleep
Fixed a bug that prevented automatic sleep for some people.

Which is interesting because for some time now my macbook has not been putting itself to sleep after the correct period of idleness (although a manual command to “sleep” worked fine). After shutting down NetNewsWire and leaving my machine idle for 5 minutes, it promptly went to sleep of it own accord. It would be interesting to know the technical details of this one.

Sharing a Mac Printer with a Windows PC

I felt I had to blog about this because I’ve tried to do this twice in the last 12 months and each time the Internet has given me some wrong information that has led me to spend a frustrating hour puzzling as to why it didn’t work.

To allow a Windows computer to print over the network to a USB printer connected to an Apple Mac (step 5 is the important bit):

  1. Configure your printer as normal on the Mac.
  2. Turn on printer sharing: System Preferences->Sharing
  3. On the Windows PC, install the Bonjour printer wizard from Apple.
  4. Run the wizard and select your printer.
  5. When prompted to choose a printer driver, choose the default of generic/postscript. If you attempt to use the Windows printer driver which came with your printer, the PC will think that the job has successfully been sent to the printer, but the job will in fact disappear into the ether!

And you are done — Macs are that easy. 🙂