Category Archives: Information Technology

Apple Canadian Settings through MCX

Background

I was tired of looking at my end-user’s screens and calling up “Managed Software Center” rather than “Managed Software Centre.” I figured I would enforce both the system-wide language setting, as well as enforce keyboard layouts to include both Canadian English and Hebrew.

Those are kept in two files.

com.apple.HIToolbox.plist holds the Keyboard settings
.GlobalPreferences.plist holds the language settings

The leading . means that it’s an invisible file, but you can use the terminal to copy it to another location:

cp ~/Library/Preferences/.GlobalPreferences.plist /PATH/TO/GlobalPreferences.plist

If you notice that in the second path, I removed the leading . to make it visible.

.Plist setup

The keyboard settings file just need to be setup on a test machine, and then copied, and it will work as is.

When I set it up with the Canadian English keyboard and Hebrew keyboard, it looks like this…

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>AppleCurrentKeyboardLayoutInputSourceID</key>
<string>com.apple.keylayout.Canadian</string>
<key>AppleDateResID</key>
<dict>
<key>smRoman</key>
<integer>0</integer>
</dict>
<key>AppleEnabledInputSources</key>
<array>
<dict>
<key>InputSourceKind</key>
<string>Keyboard Layout</string>
<key>KeyboardLayout ID</key>
<integer>29</integer>
<key>KeyboardLayout Name</key>
<string>Canadian</string>
</dict>
<dict>
<key>InputSourceKind</key>
<string>Keyboard Layout</string>
<key>KeyboardLayout ID</key>
<integer>-18432</integer>
<key>KeyboardLayout Name</key>
<string>Hebrew</string>
</dict>
</array>
<key>AppleInputSourceHistory</key>
<array>
<dict>
<key>InputSourceKind</key>
<string>Keyboard Layout</string>
<key>KeyboardLayout ID</key>
<integer>29</integer>
<key>KeyboardLayout Name</key>
<string>Canadian</string>
</dict>
</array>
<key>AppleNumberResID</key>
<dict>
<key>smRoman</key>
<integer>0</integer>
</dict>
<key>AppleSelectedInputSources</key>
<array>
<dict>
<key>InputSourceKind</key>
<string>Keyboard Layout</string>
<key>KeyboardLayout ID</key>
<integer>29</integer>
<key>KeyboardLayout Name</key>
<string>Canadian</string>
</dict>
</array>
<key>AppleTimeResID</key>
<dict>
<key>smRoman</key>
<integer>0</integer>
</dict>
</dict>
</plist>

The GlobalPreferences.plist had a lot of superfluous settings in it that could be eliminated. So I slimmed it down to as follows. As you can see, AppleLanguages is an array with many entries and it starts with “en-CA”, or Canadian English, then American English, Hebrew, and then French. The rest is superfluous.

<?xml version=”1.0″ encoding=”UTF-8″?>
<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0″>
<dict>
<key>AppleLanguages</key>
<array>
<string>en-CA</string>
<string>en</string>
<string>he</string>
<string>fr</string>
<string>de</string>
<string>zh-Hans</string>
<string>zh-Hant</string>
<string>ja</string>
<string>es</string>
<string>it</string>
<string>nl</string>
<string>ko</string>
<string>pt</string>
<string>pt-PT</string>
<string>da</string>
<string>fi</string>
<string>nb</string>
<string>sv</string>
<string>ru</string>
<string>pl</string>
<string>tr</string>
<string>ar</string>
<string>th</string>
<string>cs</string>
<string>hu</string>
<string>ca</string>
<string>hr</string>
<string>el</string>
<string>ro</string>
<string>sk</string>
<string>uk</string>
<string>id</string>
<string>ms</string>
<string>vi</string>
</array>
</dict>
</plist>

You’ll then need to rename the file to include the leading . using the cp tool in the terminal.

Convert to PKG and Deployment

For deployment, I use a wonderful open source program called Munki. You can use anything that will deploy profiles. Munki doesn’t, but it deploys pkg files.

To make this MCX file I need two programs developed by Tim Sutton, mcxToProfile and make-profile-pkg.

I’ve got those two setup on my Munki server

./PATH/TO/mcxToProfile.py –plist /PATH/TO/com.apple.HIToolbox.plist –plist/PATH/TO/.GlobalPreferences.plist -i Canada\ Settings -g Organization -o /PATH/TOCanadaSettings.mobileconfig –displayname ‘Canadian Settings’ -m Once

What this is doing is calling to the python script mcxToProfile, telling it to pick up the two plists com.HIToolbox.plist and .GlobalPrefernces.plist, telling it to identify as “Canada Settings” with the organization name “Organization.” Then it uses -o to know where to spit the mobileconfig file to, including a display name and how to be managed. I want my end users to be able to customize it after first use, so we use the Once flag.

This output my .mobileconfig file. So I could quickly double-click on it and it works! However, that’s not going to help me deploy it to 200+ computers. So I need to get it into Munki, first it needs to be a PKG.

./PATH/TO/make_profile_pkg.py -m /PATH/TO/CanadaSettings.mobileconfig

This python script is pretty straightforward. You call it, tell it that you want it to dump into your Munki repo (-m) and then tell it the path to your mobileconfig file. A few seconds later, it’s in your repo and a duplicate PKG is in the directory that your mobileconfig is sitting at.

Now all you need to do is throw it into the appropriate testing manifest, make sure it works, and then slowly roll it out to your fleet.

Save PDFs with one Click in FileMaker

It suddenly came to me that I could probably automate a process I do every time I purchase something for work.

Every time I create a purchase order, I then go to Print and choose “Save as PDF” and then browse to “~/Documents/Purchase Orders/<<Current Fiscal Year Expressed as Hebrew Year>>/<<PO#>> – <<Supplier>>.pdf”

I did a quick second of Googling and found this. So I took that and modified it slightly…

Set Variable [$year; Value:If(Month ( Purchase Orders::Date ) > 6; Year ( Purchase Orders::Date ) + 3761; Year ( Purchase Orders::Date ) + 3760)]

Set Variable [$path; Value:”filemac:/Macintosh HD/Users/<<username>>/Documents/Purchase Orders/” & $year & “/” & Purchase Orders::PO# & ” – ” & Purchase Orders::Supplier & “.pdf”

Print Setup [Restore; No dialog] #Damn Americans don’t know how to spell dialogue

Save Records as PDF [Restore; No dialog; “$path”; Current record]

First it sets the year to 5775 (using the current date 8/8/14). Since I work in a Jewish day school, I organize my files by the Hebrew year. The vast majority of the fiscal year falls into 5775.

Second it sets the $path variable to filemac:/Macintosh HD/Users/<<username>>/Documents/Purchase Orders/5775/1111 – Apple Canada.pdf

This wouldn’t work so well if it was a multiuser database, but I’m the only one who uses it. That file that the fourth step outputs sits in a folder which is synced to our financial administrator’s via BitTorrent Sync.

OS X Server Mavericks

Today was supposed to be an easy day. I was telecommuting. I began my day at waking up at the usual time, instead of commuting to work, I went swimming. I got back home for 9 am and got to work. I was a maniac, getting everything I needed done. My to do list was completely checked off by 1:30. So what did I do? I started on tomorrow’s to do list. I had an appointment scheduled that I knew would get in the way of those tasks, so I thought I’d start them.

Task 1: Back up both Macintosh servers.

Task 2: Install OS X 10.9 Mavericks

Task 3: Download and install Server.app version 3, and follow prompts to migrate server settings.

It’s supposedly a pretty simple task, until you are faced with…

Screen Shot 2014-07-02 at 1.43.45 PM

Server.app is great for a central location to manage your OS X server, but when something goes wrong… like this… there’s no information. I hate you, Apple.

What am I going to do?

I will make a Mountain Lion install USB drive. Boot into that, and pull up Disk Utility.

The OS is sitting on a mirrored internal RAID. I will disconnect the RAID, wipe one of the drives, rename it “OSHD_Use” to differentiate it from its buddy “OSHD.”

From there I’ll use Time Machine to restore the Backup drive to OSHD_Use.

After that, install Mavericks (10.9) once again, and download Server.app 3, and try again.

And hoorah! It worked! Took me about five hours, but it worked.

Next to the South Campus, where after I started the Mavericks install, it just won’t come back up on Remote Desktop (ARD3). Sigh.

I went to the South Campus, and found that it had an error message of a failed install. I rebooted the server, and it took me to the generic 10.9 create an admin account screen. I went to get a Firewire 800 cable, booted in target disk mode, confirmed that the files were still stored there, confirmed the latest Time Machine Backup was there, rebooted and told it to recover from Time Machine. It’s now ten to 10pm, so I’m gonna go home and check on this in the morning.

Onion Paywall version 2.0

It seems 99% of the visitors to my blog are looking for ways to get around the Onion paywall. I posted about it a while ago in this post.

Turns out it has changed. Here’s the updated instructions…

Once AdBlock is installed, click on the Adblock icon and choose Options. Click Customize, and click edit beside the manual section. Paste the following in and save.

theonion.com##div[style*=”background-image”][style*=”width: 100%”]

##img[src=”http://s.ppjol.net/static/fb/fancy_close.png”]
##a[id=”gregbox-signInTab”]
##div[id=”gregbox-outer”]
www.theonion.com##IFRAME[id=”ppUI”][src=”https://ui.ppjol.com/lightbox/lightbox_ui.html?start”]
www.theonion.com##DIV[id=”pressplusOverlay”]

This also resolves an issue I had with Tumblr and “background-image” where it would prevent your browser from rendering Tumblr correctly.

Mac Pro eSATA

I recently purchased the 2012 Mac Pro. Not the brand-spankin-new Mac Pro that looks like a subwoofer. The giant Mac Pro which does a poor job at replacing the XServe.

I needed eSATA, but sadly the Mac Pro doesn’t have either an eSATA port, or a Thunderbolt port. I could use PCI and get an eSATA card, but that’s pricey. Instead I found NewerTech makes an eSATA extender cable. Basically it takes a spare eSATA port on the board, and makes it external, and it’s only $25. Not bad. The instructions are incredible. It gives you the choice. Pre-2008 Mac Pro, or the 2008 Mac Pro… umm, I have the 2012 Mac Pro. The website even says “Works with all Mac Pros versions*” There’s that lovely asterisk, which says…

*The 2009 Mac Pro comes equipped with two SATA ports, but one port is utilized by the factory installed optical drive connector. As a result, one of the Newer Technology eSATA Extender Cable connectors must be removed prior to installation.

*The 2010 Mac Pro comes equipped with two SATA ports, but one port is utilized by the factory installed optical drive connector. As a result, one of the Newer Technology eSATA Extender Cable connectors must be removed prior to installation.

I can live with that. I have the 2012 model, but once again, the manual is 2008 and earlier. I go to install it and the instructions make no sense. I then download a newer set of instructions which breaks installation into two versions 667MHz boards, and 800MHz boards. The 800 doesn’t make much sense for my machine. Ugh. I don’t even recall what the board speed is. I figured out that the board doesn’t have any spare SATA connectors. There’s the four drives, all are in use, and the two optical drive bays. I’m using the top drive bay for the Superdrive, but I have a free one. I only need one eSATA port anyway, so who cares. Let’s use the bottom bay. I run the cable and it’s too short. I made a quick call to my cable supplier, and they don’t carry or make SATA extension cables. It took me a few minutes to figure out this hack.

Unscrew the extension cable from the faceplate, and run the external cable internally. Not so elegant as you can see, but it’ll do. With this solution my eSATA RAID will be able to work.

eSATA

The biggest pain in the ass of this whole ordeal was unplugging the lower bay from the logic board and plugging in the new cable. It’s a tight space, and I have large hands. I also was hoping that my theory was right, that the lower bay was in the lower SATA port, but I might have been wrong. Turns out I was right.

eSATA

 

Database disk image is malformed

I really like Google Drive. I’ve been using Google Docs for years, and when they modified it to Google Drive, I celebrated. Free syncing, all the features of Docs plus Dropbox… sweet.

One of my coworkers started using it intensely, and over the Christmas break it didn’t sync for two weeks. When he got in, Google Drive just plainly didn’t work. He was getting the error message “database disk image is malformed.” Huh? We tested it on another machine, it worked. Reinstalled Google Drive. Disassociated the account, reassociated it. etc etc. Nothing worked. Even deleted the com.google.drive.plist files in the ~/Library/Preferences folder.

When I was on the phone with Google trying to troubleshoot this problem, We tested and saw that it wasn’t working on the main computer. Tested on another where it worked. I then thought “ZOINKS! It MUST be a file sitting in the users’s ~/Library folder!” So I went into the user folder searched for “Drive” and found some files. There was a com.google.drive file sitting in the ~/Library/Caches folder, and also a folder called “Drive” located in ~/Library/Application Support/Google/. Once I deleted those files, woo hoo! It worked!

The Onion Paywall

Update (2014/04/01):  This doesn’t seem to work anymore, check out this updated post, or see comments….

I’m not a big fan of advertisements. I’m also not a big fan of paywalls. Seeing as I do want companies to make money from their content, I’m a horrible person for finding ways around both these things. I’m worse because I’m sharing.

AdBlock for Google Chrome does a great job at removing ads from everything. However, the Onion paywall is still a problem. I’m also worried about how Canadian newspapers are about to begin paywalls. I had a workaround to The Onion’s paywall, that worked well, until a few months ago. With some Googling I finally found a solution. Once AdBlock is installed, click on the Adblock icon and choose Options. Click Customize, and click edit beside the manual section. Paste the following in and save.

##div[style*=”background-image”][style*=”width: 100%”]
##img[src=”http://s.ppjol.net/static/fb/fancy_close.png”]
##a[id=”gregbox-signInTab”]
##div[id=”gregbox-outer”]

Oh no! iPhone

A few days ago I realized that I haven’t changed my iPhone password since I first purchased the device a year and a half ago. So I did what any normal person would do, I changed my password. After that I spent two days typing in my old password, getting rejected, and putting in the new password. No problem. I’d get used to the password.

I was out at the Horseshoe Tavern with two thirds of Daniel, Fred, and Julie, and a friend of Julie’s from Hot Docs1. I was using my phone, I was still entering the wrong password initially and then putting in the right one, and all was working.

Suddenly I put in my new password, and it rejected it. I put it in again. And again, and again, until I saw my phone was temporarily disabled. I tried my new password, I tried my old password. I typed it in super-meticulously and nothing worked. Sigh.

I can blame the phone and say that it’s the phone’s fault. It somehow corrupted the password and wasn’t accepting it, but we all know that it was most likely that I thought I knew the new password but confused it somehow in my mind, but I can’t see how I did that.

So in other words, it was probably my fault, but I want to blame the phone.

Eventually I got to the point where my phone was disabled for 60 minutes. They decided to go see a late show at the Bloor for Hot Docs. I was interested in the documentary, but decided my time was better spent going home and fixing my phone, so that I’d have an alarm clock to wake me in the morning.

When I got home, I logged into iCloud and remote wiped my phone. I then plugged it into my media machine, and let it sync. After half an hour of restoring from backup, I realized that it was restoring with a year old back up. That won’t do. I wiped the phone once again, and then I unplugged it. Turns out if you want to restore from an iCloud backup, you have to do it when the phone is NOT plugged into a computer.

I ran the iCloud restore, and it took a long time. It was pretty wonderful. Everything came down rather quickly. The restore happened faster than from the computer, which I don’t quite understand how that happens. It had to redownload all the apps, but it kept my screen layouts, and placement of all the apps and folders. However, if you’re going to restore your iPhone, make sure your iTunes account is up to date with the corrected credit card info. It wouldn’t download my apps that were attached to my anklewicz.com Apple ID. It did deal with the multiple Apple ID situation quite well, and the work apps (Server Admin, Workgroup Manager, etc.) all came down no problem.

It attached all my settings, and all my content, all my iPhone photos, except for iTunes, and photos from my Aperture library, but those are all on my media machine, and ready to be synced.

The only thing missing is yesterday’s text messages, as the last backup was from yesterday morning. Other than that. I have my phone as I left it.

iCloud is pretty bloody awesome. Daily zero-effort backups are nice.

  1. A hot Hot Docs chick. []

Apple Wifi Menu

Apple doesn’t always like to document things. Did you know that when you option-click on the wifi menu it gives you this…

Another Day

Passport

I woke up this morning, it was around 3:30. I didn’t want to wake up that early but I did. So I put on my GSD1 hat.

I waited around until it was a reasonable time, and then I headed to the Passport Canada office in Scarborough2. After waiting way too long, they processed my paperwork, and OH YEAH! I’ll be getting a passport.

Apple Connect 2012

From there, I went up to Steeles and joined Apple Connect 2012 after the opening talk. I don’t really know what I missed, but oh well. What I do know I missed was breakfast, and after having lunch and dinner there… OH MY GOD! I was expecting shitty sandwiches and that kind of stuff like at other Apple events I’ve been to… but no, they’re pulling out all the bloody stops3!

The sessions I did go to were thus:

Apple Environmental Footprint
There was nothing else going on at that time, and my god was this a bloody boring speech. I really don’t care what Apple’s footprint is. It was long, boring, and *YAWN*.

Lion: Where is my server?
The title made me think of this. This was a discussion mostly of where to find pieces of Lion Server that aren’t preinstalled like it used to be. The vast majority of this was pointing us to the binary for MySQL or how to enable FTP on a server4. Those things weren’t that interesting, what was were the items that he had to take out of his presentation, because since the release of 10.7.0 and the release of 10.7.3, it is not easy, and builtin.

Lion Open Directory Update
Open Directory is an authentication protocol which Macs can use to authenticate to a server. It’s a decent system, has some advantages, though, honestly it would probably be more accessible to use Active Directory, but I do not. The presenter was a programmer for the OD services. Apparently the rewrote it from the ground up and she gave a very technical and detailed examination of the services. It was interesting, but barely useful.

Certificates and PKI: Concepts and Lab
This was my favourite of the talks, mostly because of Arek Dreyer.  He is very animated and he seemed to be genuinely excited about the subject. It was an excellent two hours. We had a lot of information thrown at us, both technical and practical. We had a chance to actually play with the self-signed certificates that are default to Mac OS X Server.

I missed two sessions, as they conflicted with others, including one from Mobile Iron a third party company who make a Mobile Device Management solution. Apple just released one called Apple Configurator, which I’m looking forward to playing with along with a cart of iPads. I just worry about the fact that the app seems to be thinking the iOS apps should be volume licensed, when there is no volume licensing for Canada, yet.

The other session I missed was Intro to iOS Development. I’m a terrible developer, and honestly don’t care.

After a tasty tasty dinner, I went to downstairs to the main event room where I wrote a test for certification. OS X Support Essentials 10.7 Exam was the test, and I passed! WOOO! That makes me an Apple Certified Support Professional, whatever that means. It’s a certification that will last until Mountain Lion is released in the summer. These exams were built into the cost of the event, so I took it on a whim not expecting to pass, and without having studied, but WOO HOO I passed5!

There’s many more tests I can take tomorrow, but I’ll only be able to take one more. I can go with OS X Server Essentials 10.7 Exam  which will make me an Apple Certified Technical Coordinator. That will be a much harder exam, which I could probably pass with study, but I haven’t studied whatsoever. I could at the least read the 30 page Exam Preparation Guide.

They also have exams for Final Cut Pro X and Aperture, which have very little actual worth in the real world, I use these apps nearly constantly. They have a Level One and Level Two for FCPX, and I know I wouldn’t get to level two with my knowledge, and wonder about Level One. As for Aperture, I’m sure I can pass it in my sleep. So I don’t know which I should opt for.

Bow ties are cool

In additional to all the fun I had with Passport and AC12, I also sent an email to Wickham House Brand who have a bow tie of the month club. I signed up for three months starting in February and have yet to receive my first tie. I was kinda worried, so I sent an email. I was told it should’ve arrived last week (but I didn’t say I was in Canada, and he answered from his iPhone, so he might not have looked my order up), he suggested I contact him again at the end of the week if it hasn’t arrived.

I got home from AC12 and checked my mailbox, which had been empty every day for the past two or three weeks. There was a notice from Canada Post in there. I checked the notice and saw that Shoppers was open for another 3o minutes. I headed down the street, and got a package, which was too big for a bow tie. sure it was flat, but it was about 12″ squared. I looked at the return address, and it wasn’t from the United States, it was from Halifax… WHO WOULD BE SENDING ME SOMETHING FROM HALIFAX?!?! Then I saw the name on the return address, “Mike O’Neill.”

It was Mike O’Neill’s new record! Hooray! I had figured it would come from Zunior.com owner Dave Ullrich, who lives a few blocks away from me in Toronto6.

Sad there were no bow ties, but WOO! MIKE O’NEILL.

Man I’m tired.

  1. Get *expletive deleted* Done. []
  2. Eww, Scarborough. []
  3. Food did not contain blood. []
  4. which is omitted for good reason, use SSL. []
  5. Students, don’t follow my example. []
  6. I’ve seen him in the street a few times, he never noticed me when I waved. []