After a long silence on Xsanity, 318 has published the first of a number of articles for the site. The article focuses on how to install and configure StorNext clients running Red Hat Enterprise Linux (RHEL) to connect to an Xsan. It is available here.
Archive for the ‘General Technology’ Category
Article on Xsanity – Linux + Xsan
Tuesday, January 13th, 2009UDDI Server 2008
Friday, September 12th, 2008UDDI is an acronymn for Universal Description, Discovery and Integration. It is a specification used for publishing and locating information about services.
In Windows Server 2008 it can be used within a domain (intranet), or between companies sharing data (extranet or Internet).
From the Microsoft Website:
“Microsoft UDDI Services provides developers and IT administrators with the following benefits:
• A scalable solution for organizing, discovering, reusing, and managing Web services and other programmable resources
• A standards-based infrastructure that is compliant with Version 2 of the UDDI application programming interface (API) specifications
• Categorization schemes for describing providers and their Web services that you can customize to meet the needs of your organization
• Integration with various development tools
• User-friendly administration with the UDDI Services snap-in”
What this means is if you wanted to build a client application, and then want other applications to use information from that application (without having to re-invent the wheel so to say), it would be possible with UDDI. It opens up a whole new opportunity for sharing and utilizing ideas, projects, or resources that have already been developed. These deliverable resources can be used for furthering other developments that may need to use only pieces of the original project (or resource) to further itself.
It would seem that after the public UDDI nodes were closed in January 2006, UDDI seemed to find a home in private corporate implementation. This is especially so when implemented in projects where multiple heterogeneous applications request resources that only the UDDI can provide. UDDI client applications can request certain data that the UDDI can provide regardless of the Operating System that the client application resides on.
The following is a brief summary of the offerings of UDDI in Windows Server 2008:
Windows Server 2008 Standard provides ONLY a Stand-alone installation
WIndows Server 2008 Enterprise and Datacetner both provide Distrubted Installation.
NOTE: Distributed Installation can provide fault tolerance throughout the enterprise.
It will be exciting to see what the future holds for UDDI implementations with small business seemingly moving away from separate applications for billing/accounting/etc, to an ERP/EDI platform. This may lead to UDDI implementations where the technology can be leveraged to quickly provide information during the transitioning of smaller applications to larger applications, and/or sharing of data between different applications sprinkled throughout the company, and possibly throughout the Internet to clientele as well as to vendor partners.
Sites:
http://en.wikipedia.org/wiki/Universal_Description_Discovery_and_Integration
http://en.wikipedia.org/wiki/UDDI
http://uddi.xml.org/
[ DNS ] Setting hostnames based on PTR
Friday, August 29th, 2008Xsan 2 will use the hostname to connect to a client, normally this is set correctly but due to some caching issues I had to manually set this via ARD the other day. Enjoy the quick code:
scutil --set HostName "$(host $(ifconfig en0 |
awk '/inet /{ print $2;exit}') |
awk '{print $NF;exit}' |
sed 's/.$//g')"
If would you like to contact me with comments or inaccuracies about this article, feel free
Mac OS X Server 10.5: NATd
Tuesday, August 12th, 2008There are certain aspects of Mac OS X Server that it just isn’t that great at. One of them is acting as a router. It’s just a fact that an appliance by SonicWALL, Cisco, Watchguard and sometimes LinkSys will run circles around the speed and feature set of Mac OS X Server. So with that in mind, let’s look at how you would go about configuring a basic port forward on OS X Server if you decided not to listen to us on this point…
You can use the /etc/nat/natd.plist. The key you’ll want to edit is the redirect_port, one per port or a range of all in one key… Basically the array would look something like this assuming you were trying to forward afp traffic to 192.168.0.2 from a WAN IP of 4.2.2.2:
You could also use the route command or ipfw depending on exactly what you’re trying to do with this thing. Route is going to be useful if you’re trying to respond to network traffic over a different interface than the default interface.
Leopard: What, No NetInfo?
Thursday, May 15th, 2008As many will already be aware, there’s no NetInfo in Leopard. So where are those pesky account settings stored? Well, local user account settings are now stored in plist files. The plist files are stored in the /var/db/dslocal/nodes/Default/users directory for users or /var/db/dslocal/nodes/Default/groups folder for groups. Password hashes are stored in the /var/db/shadow/hash folder. Inside each plist file for user accounts you can augment (or create) attributes required in order to perform certain actions. So, for example, if you want to change the location of your home folder you can open the users plist file and search for the home key and edit it’s contents.
Ubuntu 8.04 Released
Sunday, May 11th, 2008
Ubuntu 8.04 is now available – the first major release since 7.10. Code named Hardy heron, 8.04 will look familiar to long-time Ubuntu users. But under the hood, 8.04 sports a new kernel (2.6.24-12.13), a new rev of Gnome (2.22), improved graphical elements (such as Xorg 7.3), a spiffy new installer (Wubi), the latest and greatest in software, enhanced security and of course more intelligent default settings. The build is free to download the desktop version from ubuntu.com.
The new Ubuntu installer comes with a new utility called Wubi. Wubi can run as a Windows application, which means that Windows users will be able to more easily transition and learn about Ubuntu. Wubi can perform a full installation of Ubuntu as a file on a Windows hard drive. This means that you no longer need to install a second drive or perform complicated partitioning on an existing drive. When you boot up Ubuntu the system reads and writes to the disk image as though it were a standard drive letter, much like VMWare would do. Ubuntu can also be uninstalled as though it were a standard Windows application using Add/Remove Programs.
The new application set is solid. Firefox 3.0 comes pre-installed. Brasero provides an easier interface for burning CDs and DVDs. PulseAudio now gets installed by default (which is arguably a questionable decision but we found it worked great for us). The Transmission BitTorrent client is now included by default. Vinagre provides a very nice and streamlined VNC client for remote administration (although the latency for remote users is still a bit of a pain compared to the Microsoft RDP protocol). Inkscape has always been easy to install and use, but the popular Adobe Illustrator-like application it now comes bundled with Ubuntu.
In order to play nicer in the enterprise, the security infrastructure of Ubuntu has also had a nice upgrade. The Active Directory plug-in is provided using Likewise Open (unlike Mac OS X which sees a custom package specifically for this purpose). There is a new PolicyKit which provides policies similar to GPOs in Windows or MCX in Mac OS X. The default settings in 8.04 are also chosen with a bit more of a security mindset. New memory protection is built into 8.04, primarily to make exploits harder to uncover and prevent rootkits. Finally, UFW (uncomplicated firewall) is now built into the system to make firewall administration more accessible to the everyday *nix fan.
Network Administrators will be impressed by the inclusion of many new features. KVM is included in the Kernel and lib-virt and virtmanager are provided to make Ubuntu a very desirable virtualization platform. iSCSI support provides more targets with which to store those virtual machines and also expanded storage for those larger filers (eg – using Samba 3). Postfix and Dovecot provide a standardized mail server infrastructure out of the box. CUPS in 8.04 now supports Bonjour and Zeroconf protocols as well as the solid standbys of SMB, LPD, JetDirect and of course IPP. Those building web servers will be happy to see Apache 2, PHP 5, Perl, Python and Ruby on Rails (with GEM) and of course Sun Open JDK (community supported). If you need the database side of things there’s MySQL, Postgresql, DB2 and Oracle Database Express.
However, if you are just starting out keep in mind that Ubuntu Server does not come with a windowing system by default – so beef up those command line skills sooner rather than later! We are also still waiting for a roadmap for integrating much of the more Enterprise or Network-oriented packages. For example, we now have the PolicyKit and a solid Active Directory client. But how do we push out en masse the policies that we want our users to have post imaging?
So if you use Ubuntu or are interested in getting to know the Linux platform then 8.04 is likely a great move. It’s solid, stable and much improved over 7. It’s easier to migrate, virtualize and work in. The developers should be proud!
Office Unified Communication Server
Wednesday, May 7th, 2008Communication is the transfer or collaboration of thoughts, ideas and plans between individuals. It is essential in the organizational success of most businesses to have various easy to use methods of communication. Today’s communication varies from chatting to video teleconferencing. Combining these forms of communication into a simple easy to use interface or tool can drastically increase the flow of collaboration and communication of staff members.
Microsoft’s Unified Communication Server and Office Communicator comprise a suite of programs and services that allow businesses to integrate most communication platforms into one centralized management console. Unified Communications takes the functionality of outlook and exchange and combines email with VOIP service, voicemail, chatting, faxing and video teleconferencing. Along with the integration of all these services, Unified Communications comes with one tool to rule them all.
Office Communicator gives anyone with a laptop or Windows Mobile Smart phone the ability to switch methods of communication on the fly, without having to worry about loss of communication. This simple tool will give you ability to take your office anywhere in the world as long as you have an Internet connection. It also has the ability to attach additional phone numbers to your main office number. Chatting, faxing, emailing, calling and video teleconferencing have never been so easy.
Unified Communications and Office Communicator provide a new method of centralized communication that when implemented in your company will greatly enhance the flow of communication between the staff at your business.
318, Inc. Announces Immediate Availability of RepTools™ 2008
Thursday, April 24th, 2008
318, Inc. is proud to announce the immediate availability of our flagship software product, RepTools™ 2008.
RepTools™ 2008 is a customer relationship management (CRM) suite developed specifically for the entertainment industry. RepTools™ 2008 has nine integrated modules that are designed to efficiently manage all of the information businesses need to manage sales forces automation, asset management, and customer relationships from the beginning to the end of production. With instantaneous access to every aspect of the production process and comprehensive metrics for detailed analysis, RepTools™ 2008 will let you worry about what matters the most: your customers.
Over 100 New Features:
- Document Management – RepTools™ 2008 has an all new document management system that will automatically organize your storyboards, bids, treatments, callsheets, location photos, and more.
- Completely New Interface – Built to be faster over your network and keep you more productive than ever before.
- New QuickFind – Now you can find any of your projects, contacts, or bids in seconds.
- Live Filters – See only what you decide is relevant and prevent information overload from bogging down your workflow.
For more information about RepTools™ 2008 and how it can dramatically increase the productivity of your business, please visit http://www.reptools.com or call us toll-free at (888) 347-3318.
Windows XP: No longer being sold after June
Tuesday, April 15th, 2008
Microsoft has announced that as of June 30th, 2008 Windows XP will no longer be distributed. You will still be able to buy machines that run Windows XP but it will become increasingly difficult in the months that follow. Windows XP will be supported by Microsoft until April 14th, 2014. However, only security-specific patches will be released for XP after June.
Open XML Draft Approved
Saturday, April 12th, 2008The Microsoft Open XML standard is what Microsoft is hoping will be the standard in document formats. The first step in that process is now complete with Office Open XML being accepted as a draft standard by ISO, the International Organization for Standardization. ISO is the world’s largest developer of standards and has no governmental affiliation.
Office 2007 created a stir by omitting the Open Document Format (ODF), which is already an ISO standard. Many had hoped that ODF would help to spark an uptick in the interest of applications such as OpenOffice.org as a replacement for the Microsoft Office Suite of applications. However, the ODF standard has had slow adoption in large part due to the Microsoft omission of it from Office.
If Microsoft’s Open XML format receives ratification from ISO as a standard then it would introduce a pair of rival standards into the document community. In many ways, the non-official standardization of documents around the Microsoft doc format over the past decade has led to an unparalleled ability for organizations to trade information freely. However, many (especially in the open source community) feel that allowing Microsoft to hold all the cards is a dangerous thing and that by bringing about a truly open standard such as ODF there will be more options in the word processing suite that organizations can use.
The battle between ODF and Open XML is likely to rage on for years as the appeals and votes and red tape continue to drag on. Just to put things in perspective, ISO rejected the Open XML proposal in September of 2007 and after a rewrite based on input from vendors and members of ISO it was voted as a draft standard in March. The appeals process doesn’t close until June but we’re likely to see more red tape for awhile given the interests of the parties involved.
Setting Up Blackberry Enterprise Clients
Tuesday, February 19th, 2008To Setup Blackberry Enterprise Services use the following steps on your Blackberry Handheld:
1) Go “Options” / “Settings” Icon which is usually the Wrench on the main menu and click on it
2) Go to “Advanced Options” and click on it
3) Go to “Blackberry Enterprise Activation” and click on it
4) Enter your email address
5) Enter this Code / Password “aaaa” (or whatever was created as the code)
Save, Ok or Enter (Whatever it asks)
Leopard: Get buttons from ARD for Screen Sharing
Wednesday, February 13th, 2008Screen Sharing is a great enhancement to Leopard. The ability to control other Macs isn’t only available through third party applications any more. However, many administrators who are used to using Apple Remote Desktop will want some of the features they have become accustomed to, such as curtain mode, full screen, get clipboard, etc. So to obtain these features, the following command (all on one line) will unlock many of the buttons that have been disabled in Screen Sharing:
defaults write com.apple.ScreenSharing \
'NSToolbar Configuration ControlToolbar' -dict-add 'TB Item Identifiers' \
'(Scale,Control,Share,Curtain,Capture,FullScreen,GetClipboard,SendClipboard,Quality)'
Microsoft Office Live Workspace
Wednesday, January 30th, 2008Microsoft Office Live Workspace is a portal that allows you to view your Microsoft Office documents online. This includes the ability to share documents and do desktop presentations of Microsoft Office documents. Microsoft Office Live Workspace is in beta and free, so why not give it a try? That’s what Microsoft is asking now that Google Docs and Zoho are moving towards commoditizing the document and spreadsheet space.
So first impressions? Office Live Workspace doesn’t let you edit documents. Anyone who has used Google Docs or Zoho is going to be looking for that feature. There is a nice plug-in that is free that allows you to save up to 500 Megabytes of new or existing files into the Workspace portal as well as edit documents that are actually located on the portal. You can also create multiple locations for others to access, called workspaces and sync task lists or online events with Microsoft Outlook (a feature most Outlook Web Access users are already using). If you don’t have Office though, you can only view files and create notes about them. Changes are automatically synchronized so you can easily work while offline without a lot of headache.
There’s also SharedView. SharedView is part of Microsoft Office Live Workspace and gives other users the ability to view or take over your desktop as part of the collaboration benefits of Microsoft Office Live Workspace. This is already available through other Microsoft technologies, but this is a little more user friendly and nicely ties together with the document editing process.
All in all, users of Microsoft Office just got a host of new features with the Microsoft Office Live Workspace. So we might as well take use of this new technology since Microsoft was so nice to give it to us. However, if we’re looking for something that mirrors the functionality of Google Docs then this isn’t it. It’s more of meeting half-way between Google Docs and Microsoft Office.
Leopard: Use Screen Sharing as an Application
Sunday, January 20th, 2008Screen Sharing is a new feature in Leopard that allows you to control machines that appear in your side bar. However, you can actually open Screen Sharing and use it in a similar manner as how you use an application like Chicken of the VNC (although not with an identical feature set). The way you go about this is to create a shortcut to the Screen Sharing application bundle from the /System/Library/CoreServices/Screen Sharing.app file somewhere else, such as the Applications folder, or maybe just put it in your dock. Then you can run the following command:
defaults write com.apple.ScreenSharing ShowBonjourBrowser_Debug 1
You will now be able to open Screen Sharing on its own as well as continue using it from the side bar.
Solid-State Drives up to 128GB
Monday, January 14th, 2008The new MacBook Air was introduced at MacWorld with the option for a 64GB Solid-State hard drive. Toshiba is also now offering Solid-State drives in sizes that are 32GB, 64GB and 128GB. The drives still seem to be lagging in adoption due to high costs, but they offer more durability, faster boot times and lower power requirements which should all lead to higher adoption over the next two years.
Toshiba will also begin making Solid-state SATA drives in May that can be used in desktop systems.
Setting Up VPN Clients in OS X, Vista and Windows XP
Thursday, November 29th, 2007The steps for setting up VPN connections are straightforward for both Macs and PCs. Here are the steps to follow for setting up new VPN connection on a client desktop or laptop to their server:
Mac OS X (Tiger) -
* First, open the ‘Applications’ folder by going to the Finder and choosing “New Finder Window” from the “File” menu. Click on the ”Applications” icon, then scroll down until you see the “Internet Connect” icon.
* Click on the “Internet Connect” icon.
* Next, go to the ‘File’ menu and select “New VPN Connection Window.”
* On the window that pops up prompting you to choose which type of VPN, click ‘PPTP,’ then click ‘Continue.’
* In the new window, for the configuration, Click on the ‘Other’ and select ’Edit Configurations…’
* A new window will come up. You should then type in a description of the VPN connection in the Description text field.
* Type in the DNS name of the server you want to connect to as the ‘Server Address.’
* Type in the username you will use to access the server. This username should have already been created on the server.
* In the next text box, enter your VPN password. The password should also have been previously set.
* Un-check ’Enable VPN on demand’, and ’Encryption’ should be set to ’Automatic’.
* Click the ’OK’ button. Your configuration is saved, and you are ready to connect.
Mac OS X (Leopard) -
* Go to the Apple menu in the upper left-hand corner of the top menu.
* Click on System Preferences from the drop-down menu.
* Click on ‘Network’ icon.
* In the right-hand menu, click on the drop-down menu next to ‘Configuration’ , which currently says ‘Default’, and select ‘Add Configuration’.
* Type in a name the configuration CITES VPN or the alternate name you chose in step # 8.
Mac OS X (Lion) -
* Go to the Apple menu in the upper left-hand corner of the top menu.
* Click on System Preferences from the drop-down menu.
* Click on ‘Network’ icon
* Click on the ‘plus’ button on the bottom of the left column and choose VPN from the Interface dropdown menut.
* Choose the type of connection from the ‘VPN Type’menu (typically PPTP).
* Label the connection with a name of your choosing in the ‘Service Name’ field.
* Enter the proper information in the the ‘Server Address’ and ‘Account Name’ fields
* If you are not using a shared computer you can click on the ‘Authentication Settings’ button and enter your password to store it for future sessions
* Check the box labeled, ‘Show VPN status in menu bar’
* From the menu choose Connect yourchosenVPNlabel – the status of the connection will update and start counting seconds when you are connected.
12. In the right-hand menu, enter the following information:
Configuration: CITES VPN (or a name of your choosing)
Server Address: vpn3.near.uiuc.edu
Account Name: Your guest ID
Encryption: Maximum (128 bit only) from the drop-down menu
13. Check the box next to Show VPN status in menu bar.
Windows Vista:
1. From the Start Menu, right click on Network, select Properties. This will open the Network and Sharing Center.
2. On the left side, click on Set up a connection or network.
3. Select Connect to a workplace.
4. Click on the Next button.
5. Select Use my Internet connection (VPN).
6. Replace the Example with the actual WAN IP address of the VPN server you will be connecting to. Also, you can change the name from VPN Connection to something that is more meaningful.
7. Click on the Next button.
8. Enter in the User Name and Password of your VPN account.
10. Now from the Network and Sharing Center, you can go to Manage Network Connections to see the new VPN connection. This is also where you disconnect. To reconnect later, go to the Network and Sharing Center and click Connect to a network.
Leopard Server: Auto-populate User Lists in iChat Server
Tuesday, November 20th, 2007If you want to enable the auto-population of buddy lists for users of your iChat server, use the following command:
serveradmin settings jabber:enableAutoBuddy = no
If you have a lot of users and this causes performance issues, consider disabling this feature again by using the following command:
serveradmin settings jabber:enableAutoBuddy = yes
Leopard: Making the Top Menu Bar Solid
Tuesday, November 20th, 2007In Leopard the Top Menu Bar is fairly transparent and will overlay on top of the background image. For those who want to disable it the following command will do so:
write /System/Library/LaunchDaemons/com.apple.WindowServer 'EnvironmentVariables' -dict 'CI_NO_BACKGROUND_IMAGE' 1
We have seen some reports that this command didn’t work for users; therefore it is important to point out that when you’re using the command you need to unload and load the launch daemon. Or just reboot. If you later start to miss this menu bar then you can undo this change by using the following command:
defaults write /System/Library/LaunchDaemons/com.apple.WindowServer 'EnvironmentVariables' -dict 'CI_NO_BACKGROUND_IMAGE' 0
ZFS: What was all that fuss about?
Friday, November 2nd, 2007ZFS was released by a team at Sun in November of 2004. The name stands for “Zettabyte File System”. ZFS is a 128-bit file system, so it can store 18 billion billion (18.4 × 1018) times more data than current 64-bit systems. We’re not going to sit here and do the math for that but you are more than welcome to figure out what the theoretical size is at that point – all we can say is that it’s friggin’ huge.
Traditional file systems reside on single devices and require a volume manager to use more than one device to generate a logical or physical volume. ZFS is built on top of virtual storage pools called zpools. A zpool is constructed of virtual devices called vdevs. Vdevs are constructed of block devices that include files, partitions, or drives. Block devices within a vdev can be configured in a variety of different manners, depending on the needs of a user. The storage capacity of all vdevs is available to all of the file system instances in the zpool. This is similar in some ways to how Xsan builds volumes, but more customizable and without a requirement for vdevs to be based on Fibre Channel storage in order to be accessible by multiple hosts.
Quotas can be set to limit the amount of space a file system instance can occupy and a reservation can be set to guarantee that space will be available to a file system instance. This gives some nice features to those wanting to limit access for some volumes while still making sure other volumes have the space that will be required for planned future possible expansions. Other features of ZFS include: snapshots, write-cache, filesystem based encryption (in Alpha stage of development) and checksumming.
While users of Leopard may be disappointed in the fact that ZFS did not make it in the final build, giving greater volume sizes and more features for volume management, rest assured that Apple will be thoroughly testing any new file systems before making them available to the public and that with something as precious as a file system, if it wasn’t ready for prime time then it’s good that it wasn’t included with Leopard. ZFS is still going through changes and is not a completed or matured project by any stretch of the imagination. In /Library/FileSystems you will see that ZFS is not present but the framework for future ZFS is present which can be seen by the introduction of some ZFS binaries to the system. So keep a look out for ZFS in the future and maybe even an SDK from SUN on using it at some point.
BarCamp LA -> 4
Thursday, November 1st, 2007There’s an open source conference of sorts coming up in LA on November 3rd. It’s called BarCamp. Check it out at: http://barcampla.org/
We start by gathering together in one space and going around the room to introduce ourselves with three tags to describe what we’re passionate about (or want to talk about). There will also be some announcements. After this, people who intend to lead a session will add their session info to an empty schedule grid (may be moved around early on). If you see a session you’re interested in, go to it.
After a couple of sessions, you will have a significant amount of downtime for lunch. Feel free to wander around and socialize while or after you eat. More announcements will be made, and any newly proposed sessions will be announced.
After the sessions are finished, please stick around to clean up. It’s generally as simple as throwing trash away and taking down signs, but all the help is appreciated.
If you brought wireless equipment or power strips, find a coordinator and ask where they’re most needed. Please set your wireless router to a unique SSID (e.g.- barcamp_xxx), to avoid networking conflicts (nasty with a dozen routers in the same room named the same thing). Also, if you can, please lower the radio output of your router. There’ll be plenty of WiFi cloud to go around without everyone blasting out at full power.
While loosely structured, there are rules at BarCamp. All attendees are encouraged to present or facilitate a session. Everyone is also asked to share information and experiences of the event, both live and after the fact, via public web channels including (but not limited to) blogging, photo sharing, social bookmarking, wiki-ing, and IRC. This open encouragement to share everything about the event is in deliberate contrast to the “off the record by default” and “no recordings” rules at many private invite-only participant driven conferences.
Fun stuff. November 4th, check it out.
Leopard Server: Troubleshooting iCal Server
Saturday, October 27th, 2007So you installed your new server and you’re having a few problems. Let’s look at the common issues and a few simple fixes for them.
iCal will not start, with log entries that it is unable to create a virtual host:
Check your host name. iCal is going to need the host name to be correct in order to start. Use scutil --get HostName and then make sure that the host name listed in the iCal Server settings is identical to this value.
You setup a user, check the box in Workgroup Manager for Enable Calendaring and then save your settings but you get the following error in your logs:
Oct 12 15:51:26 cedge Workgroup Manager[2282]: +[WPUser userWithGUID::] returned nil!
This is likely caused by the fact that you are enabling a calendar for a local user. Try using an OD based user and see if you get the same error.
You got everything started and the account was created for the user but when you add an account in iCal it fails to connect. Make sure that the port that iCal server is using is located at the tail end of the host name for the iCal Server. One issue that we see here is that unless you are using managed accounts then iCal Server is not likely going to append the port number for you iCal Server. Also verify that you can connect to the remote server, and remember that you can always open the URL of the server followed by a : and then the port number and get a login prompt. If you can authenticate to this as the user whose calendar that you are trying to setup then you can use the information in this screen to determine ACL information and other security settings that could be keeping calendars from working. Also keep in mind that while your default port might be 8008 your default port if you are using SSL is actually 8443.
Once you get this far, you should be able to create an event and see data listed in the Overview tab for iCal. If so then you should be able to about anything you want in the iCal server.
If you prefer to use the serveradmin CLI to control your services, you can also use the serveradmin settings calendar:ServerHostName = "SomeHostName" variable to change your host name. You can also use the calendar:HTTPPort to change the port number you are using for connectivity.
Happy Calendaring!!!
Leopard: New Certification Track
Saturday, October 27th, 2007The Tiger Apple Certified Systems Administrator (ACSA) track allowed certification candidates to accomplish the ACSA by getting an Apple Certified Technical Coordinator (ACTC) and then obtaining 7 points. Points were obtained by taking a variety of exams whose point values were based on the number of days of the corresponding class.
Apple has now posted the ACSA requirements for 10.5. There is no longer a point system, which was a unique approach in the IT industry for achieving certifications. Instead, for the Leopard ACSA, Apple has now trimmed down the number of courses that are provided and require that all exams be completed to accomplish the ACSA. For now, the certificates listed include:
Mac OS X Server Essentials v10.5
Directory Services v10.5
Deployment v10.5
Advanced Administration v10.5
Notice that there are no workstation oriented exams listed. The Support Essentials exam is all that is required to achieve an Apple Certified Help Desk Specialist (ACHDS) for Tiger. The ACHDS certification has been retired and replaced with the Apple Certified Support Professional for Leopard, which replaces the ACHDS and only requires the Support Essentials exam.
More information on the new certification program can be found here:
http://training.apple.com/certification/macosx
New 318 Tech Journal Widget
Friday, October 26th, 2007A new CMS means a new widget to view the new CMS. Check out this dashboard widget to stay updated on the latest 318 TechJournal posts!!!
318-tech-journalwdgt.zip
Leopard Server: CalDAV Event Formatting
Thursday, October 25th, 2007A key aspect of any groupware solution is the ability to share calendars. Leopard server brings the long-awaited ability to share calendars to the Mac OS X Server platform. Leopard uses CalDAV as the back end protocol for Calendar sharing. CalDAV is currently supported by Facebook, Novell Evolution, Zimbra, Drupal, Microsoft Exchange, Kerio and now Mac OS X Server.
CalDAV looks at each event as an HTTP resource, giving users the ability to view events in a web browser. Each event is stored in the iCalendar format.
A typical event in the iCalendar format:
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Apple Calendar//Calendar1//Charles Edge
BEGIN:VTODO
DTSTAMP:19980130T134500Z
SEQUENCE:2
UID:uid4@host1.com
ORGANIZER:MAILTO:riaa@us.gov
ATTENDEE;PARTSTAT=ACCEPTED:MAILTO:riaa@host.com
DUE:19980415T235959
STATUS:NEEDS-ACTION
SUMMARY:Random Music File
BEGIN:VALARM
ACTION:AUDIO
TRIGGER:19980403T120000
ATTACH;FMTTYPE=audio/basic:http://myhost.com/publish/audio-
files/file.mp3
REPEAT:3
DURATION:PT1H
END:VALARM
END:VTODO
END:VCALENDAR
Parsing this data can help you to imbed data from Leopard Server into your 3rd party web services. One difference between CalDAV events in Mac OS X Server and other types of event handlers is how they are presented over the wire. For example, Kerio, a popular Mac-based groupware solution presents CalDAV in the form of an ICS file so it can be viewed through iCal in pre-Leopard computers.
A Brief History of Cryptography
Tuesday, October 23rd, 2007Cryptology is derived from the Greek words kryptos, which stands for “hidden” and grafein, which stands for to “write”. Through history, cryptography has meant the process of concealing the contents of a message from all except those who know the key. Cryptography is used to protect e-mail messages, credit card information, and corporate data. Cryptography has been used for centuries to hide messages when they are submitted through means where they might be intercepted, such as the Internet.
But encrypting email messages as they traverse the Internet is not the only reason to understand or use various cryptographic methods. Every time you check your email, your password is being sent over the wire. Many ISPs or corporate environments use no encryption on their mail servers and the passwords used to check mail are submitted to the network in clear text (with no encryption). When a password is put into clear text on a wire it can easily be intercepted. This is especially dangerous when you are on the road, at hotels, on wireless hotspots, or at an internet café. However, it is often simple to also obtain another users password for email, payroll systems and file servers while at work and on the same network. Applications such as WireShark, Ethereal and many others and have existed for a long time and are now fairly advanced, allowing the user to possibly replay the password or a stream of packets that resemble credentials to a server in order to gain entry.
To aid in protecting communications between computers, there are a wide variety of cryptographic implementations in use. They are typically provided for one of two reasons: to protect data on the computer or to protect data as it is being transferred. Most cryptographic techniques rely heavily on the exchange of cryptographic keys.
Symmetric-key cryptography refers to encryption methods where both senders and receivers of data share the same key and data is encrypted and decrypted with algorithms based on those keys. The modern study of symmetric-key ciphers revolves around block ciphers and stream ciphers and how these ciphers are applied.
Block ciphers take a block of plaintext and a key, then output a block of ciphertext of the same size. DES and AES are block ciphers. AES, also called Rijndael, is a designated cryptographic standard by the US government. AES usually uses a key size of 128, 192 or 256 bits. DES is no longer an approved method of encryption triple-DES, its variant, remains popular. Triple-DES uses three 56-bit DES keys and is used across a wide range of applications from ATM encryption to e-mail privacy and secure remote access. Many other block ciphers have been designed and released, with considerable variation in quality.
Stream ciphers create an arbitrarily long stream of key material, which is combined with a plaintext bit by bit or character by character, somewhat like the one-time pad encryption technique. In a stream cipher, the output stream is based on an internal state, which changes as the cipher operates. That state’s change is controlled by the key, and, in some stream ciphers, by the plaintext stream as well. RC4 is an example of a well-known stream cipher.
Cryptographic hash functions do not use keys but take data and output a short, fixed length hash in a one-way function. For good hashing algorithms, collisions (two plaintexts which produce the same hash) are extremely difficult to find, although they do happen.
Symmetric-key cryptosystems typically use the same key for encryption and decryption. A disadvantage of symmetric ciphers is that a complicated key management system is necessary to use them securely. Each distinct pair of communicating parties must share a different key. The number of keys required increases with the number of network members. This requires very complex key management schemes in large networks. It is also difficult to establish a secret key exchange between two communicating parties when a secure channel doesn’t already exist between them.
Whitfield Diffie and Martin Hellman are considered the inventors of public-key cryptography. They proposed the notion of public-key (also called asymmetric key) cryptography in which two different but mathematically related keys are used: a public key and a private key. A public key system is constructed so that calculation of the private key is computationally infeasible from knowledge of the public key, even though they are necessarily related. Instead, both keys are generated secretly, as an interrelated pair.
In public-key cryptosystems, the public key may be freely distributed, while its paired private key must remain secret. The public key is typically used for encryption, while the private or secret key is used for decryption. Diffie and Hellman showed that public-key cryptography was possible by presenting the Diffie-Hellman key exchange protocol. Ronald Rivest, Adi Shamir, and Len Adleman invented RSA, another public-key system. Later, it became publicly known that asymmetric cryptography had been invented by James H. Ellis at GCHQ, a British intelligence organization and that both the Diffie-Hellman and RSA algorithms had been previously developed.
Diffie-Hellman and RSA, in addition to being the first public examples of high quality public-key cryptosystems are among the most widely used.
In addition to encryption, public-key cryptography can be used to implement digital signature schemes. A digital signature is somewhat like an ordinary signature; they have the characteristic that they are easy for a user to produce, but difficult for anyone else to forge. Digital signatures can also be permanently tied to the content of the message being signed as they cannot be ‘moved’ from one document to another as any attempt will be detectable. In digital signature schemes, there are two algorithms: one for signing, in which a secret key is used to process the message (or a hash of the message or both), and one for verification, in which the matching public key is used with the message to check the validity of the signature. RSA and DSA are two of the most popular digital signature schemes. Digital signatures are central to the operation of public key infrastructures and to many network security schemes (SSL/TLS, many VPNs, etc). Digital signatures provide users with the ability to verify the integrity of the message, thus allowing for non-repudiation of the communication.
Public-key algorithms are most often based on the computational complexity of “hard” problems, often from number theory. The hardness of RSA is related to the integer factorization problem, while Diffie-Hellman and DSA are related to the discrete logarithm problem. More recently, elliptic curve cryptography has developed in which security is based on number theoretic problems involving elliptic curves. Because of the complexity of the underlying problems, most public-key algorithms involve operations such as modular multiplication and exponentiation, which are much more computationally expensive than the techniques used in most block ciphers, especially with typical key sizes. As a result, public-key cryptosystems are commonly “hybrid” systems, in which a fast symmetric-key encryption algorithm is used for the message itself, while the relevant symmetric key is sent with the message, but encrypted using a public-key algorithm. Hybrid signature schemes are often used, in which a cryptographic hash function is computed, and only the resulting hash is digitally signed.
OpenSSL is one of the main applications used in Linux and Mac OS X to access the various encryption mechanisms supported by the operating systems. OpenSSL supports Diffie-Hellman and various versions of RSA, MD5, AES, Base, sha, DES, cast and rc. OpenSSL allows you to create ciphers, decrypt information and set the various parameters required to encrypt and decrypt data.
THIS ARTICLE IS A REPRINT FROM:
Foundations of Mac OS X Security, from Apress
Written by Charles Edge, William Barker and Zack Smith of 318
SANS Mac OS X Fundamentals Now Avaliable
Tuesday, August 21st, 2007The SANS Institute recently released a course by Charles Edge on Mac OS X Security Fundamentals. The course is described in the following manner:
“SANS is the leader in Information Security. This course on securing Mac OS X is the fastest way and most comprehensive way to get up to speed on applying the principals of the information security industry to the Mac. Written and taught by one of the security veterans of the Mac community, this course covers how real world security concepts are applied to the Mac with real world examples from the Mac community. The course offers a balanced mixture of technical issues making it appealing to attendees needing to understand how to effectively secure a Mac.
We begin by reviewing existing Mac exploits and then move on to covering the basic concepts and challenges of securing a Mac. Next, we review the standard security measures that should always be employed and the usability implications of each. We cover forensics, intrusion detection, firewalls, web browsers, mail programs, network infrastructure, preferences, system policies, command line tools, encryption, hardware and OS X Server. Through the course you will find thorough coverage of defense in-depth on the Mac platform.
If you’re a newcomer to the field of information security but a long time user of the Mac or a newcomer to the Mac but a long time information security expert then this is the course for you. You will develop skills that will help you to bridge the gap between the Mac administrators and the security administrators in most organizations. You will also learn the ins and outs of keeping your data private.
This is an ideal course for anyone charged with securing Mac systems. From securing a desktop to the high availability options available on the platform, this course is going to be a whirlwind overview of the Mac that will leave you ready to move to the next level!”
For more information on the course, see the following link:
https://www2.sans.org/staysharp/description.php?tid=1492
RDC to Windows Server With Maxed Out Remote Connections
Friday, August 3rd, 2007This must be done from a Windows computer (NOT Mac RDC client). CoRD has an option for “taking over console session”.
On the PC, go to Start -> Run -> type “mstsc /console /v IP or name of server”
This will kick out the console user but you can then get access to the server.
Thanks to Eli for pointing this out!
Distributed Computing for Good
Friday, July 6th, 2007Most screen savers just waste power. Might as well just put your computer to sleep. But if you want to use a screen saver and you want to do something good for humanity then check out one of these:
fightaidsathome.scripps.edu – Join more than 300,000 other computing nodes and dedicate your computing power to finding new AIDS treatments
climateprediction.net – Improve climate prediction models with the University of Oxford
mersenne.org – Help George Woltman be the first to find a 10 million-digit prime
einstein.phys.uwm.edu – Test Einstein’s theory of gravitational waves
Factory Reset for Brother MFC-8860DN
Tuesday, May 22nd, 2007This reset should not clear saved addresses and quick-dials. It will reset the TCP/IP and SMTP/POP3 settings. This reset should be used when the machine is having memory issues or you are unable to upgrade the firmware.
1. Hold down the Menu button (keep holding for the duration)
2. Power the machine off (keep holding Menu)
3. Power the machine on (keep holding menu). Once you see the “Maintenance” screen, you can let go of Menu.
4. Enter 91 on the keypad and wait for the “Maintenance” screen to return (can take up to a minute)
5. Enter 99 – the machine should reset then reboot.
6. Once this has been completed, set the IP addressed as desired with the main control buttons and then you can remote access via a web browser and set up the SMTP/POP3 settings.
First Look: Final Cut Server
Monday, May 7th, 2007The release of Final Cut Server (along with Final Cut Studio 2) mark a huge step forward for Apple in the media production market. Final Cut Sever is going to revolutionize the way that the entire post production process is handled.
From Apple’s Website:
“Meet Final Cut Server, Apple’s powerful new media asset management and workflow automation software. Final Cut Server takes the headache out of managing large collections of media files, then extends to tracking job status, managing reviews and approvals, and automating complex sequences of tasks – all with Apple’s legendary ease of use, and all in a single product designed to work seamlessly with Final Cut Studio.”
Content Catalog w/ Search Functions:
Final Cut Server creates a catalog of media files and the information that goes along with them. Think iPhoto for professional video. You will be able to assign specific values to media files via metadata tags. You will then be able to use this information to find your media later via a layered keyword search.
There are several ways to bring files into Final Cut Server. You can physically add the files to the browser, or you can configure “watched folders” that automatically update the catalog whenever they are updated. Apple states that Final Cut Server will support more than 100 different filetypes. Reference media (thumbnails and proxies) are automatically created when files are added to the catalog. There is also an option for configuring versioning of files so that a history of the file is maintained should you need to return to an older version. This is particularly powerful in environments where several people are collaborating, as some aspects can get accidentally changed or overwritten without properly using file versioning.
Content “Containers”:
This feature of Final Cut Studio allows you to create “containers” or “Productions”. A Production is basically a place to gather assets for a particular project. The great thing about this, however, is that the Production container references the original files instead of copying the original files. The advantage of this is that you can re-use media for different cuts or projects without increasing the amount of storage space required.
Metadata:
Final Cut Server includes a powerful metadata system. It allows you to customize the information that is stored with the file. For instance, you can create custom stages for the project tracking area that apply to your workflow.
Access Control:
Included with Final Cut Server is an access control module. While it has not been stated as to whether this will tie into Open Directory, the access system allows the administrator to control access to media through users/groups and even allows you to control access through different points of the production.
Workflow Management:
Final Cut Server’s workflow is completely customizable, even on the per-project basis. The program looks for specific events and user inputs to make it’s next move. Here’s an example that could be configured: when a project status is changed to “Ready to Publish and Close”, Final Cut Server responds by exporting the final timeline to several different formats (DVD, web, streaming, iPod). Once it has done this, the program could be configured to automatically archive the files for that project and move them to an alternate storage location. The ability to customize this process for each specific project and/or client is going to boost productivity immensely.
Remove Review/Approval:
From Apple’s Final Cut Server Fact Sheet: “Final Cut Server lets you automate review and approval processes so that internal or external clients can view, annotate, and approve content from anywhere. You can configure Final Cut Server to notify reviewers by email when a project is ready for evaluation.
Reviewers can add timecode-based clip annotations to low-resolution proxies so that a Final Cut Pro editor can see the comments displayed shot by shot. You can add or modify rough cuts right in Final Cut Server to show the editor what you have in mind. Because the proxy file sizes are not large, it’s possible to review Final Cut Pro projects in the Final Cut Server browser even over a low-bandwidth connection.”
Many media projects require input from all over the country (and even the world), therefore Final Cut Server’s remote review and approval feature is going to make things so much easier. No need to worry about compressing and uploading the file to an FTP site when you can now simply have Final Cut Server automatically encode the file and host it for you.
Cross-Platform Solution:
Since many of 318′s clients are mixed Windows/Mac environments, Apple’s decision to make Final Cut Server cross-platform will be very helpful for our clients. The server software runs on OS X, while the client can run on both Windows and Mac computers. This means that a Windows-based client can view rough cuts as they are completed using the Final Cut Server client software, or a producer on a Windows-based laptop can still view footage and approve cuts.
Integrated Cuts-only Editor:
This is truly an interesting feature. Apple chose to build a cuts-only editor into Final Cut Server. This means that users can throw together quick cuts to test out ideas or select shots without even leaving the program. This functionality is fantastic for that occasional disconnect between editors and producers, allowing the producer to take control in the easy-to-use interface and actually show the editor what he is talking about instead of simply describing it.
Final Cut Studio:
This is an obvious feature, but Final Cut Server ties directly into Final Cut Studio. Creating a Final Cut Pro project within a Final Cut Server environment means that your assets will be managed by the server, and you will simply have to “check out” your project when you want to make changes. When you go back and “check in” your changes are uploaded, along with any other media that was locally cached. This is an awesome solution for both high-speed fibre networks as well as the traveling editor, as you can edit directly with the Final Cut Server or locally cache your project and then upload the changes when done, all with a few simple clicks.
Compressor:
Final Cut Server also utilizes Compressor 3 for its rendering and transcoding jobs. As previously stated, specific export settings can be saved in the workflow, so that when a project hits the finalization point, Final Cut Server will handle the exporting and transcoding work for you. Apple also touched on the formats available for Compressor 4: “Add the Episode Pro plug-in from Telestream to encode to VC-1, WMV, GXF, and FLV formats as well as High Profile H.264 and a number of third-party proprietary broadcast server formats.”
318 Recommends:
We here at 318 are very excited about the advancements in both productivity and creativity that this product will bring to our clients. Final Cut Server is going to revolutionize the industry, and 318 is going to be there for you in both setup and support for this product as well as finding new and exiting ways to innovate your business.
Sources:
http://www.apple.com/finalcutstudio and the Final Cut Server Fact Sheet available at this site.