OS X’s UNIX layer is a wonderful compliment to its excellent GUI. As with any other flavor of UNIX though, there are some peculiarities that can make configuring things frustrating until you know what the rules of engagement are.

I was recently asked to create a reshare of a SAN volume for a client. I selected the file sharing protocol SMB because we can control what permissions are applied to new files and folders. This functionality is especially important since there’s no centralized authentication system to coordinate permissions within this setup. Unfortunately, an apparent bug in the Server Admin GUI for OS X Server 10.6.8 made this goal far more difficult to achieve than just clicking a few options.

The prescribed method for controlling newly created file and folder permissions is to select one of two options for “Default permissions for new files and folders:” under Protocol Options. I wanted all new items to be fully open to everyone, so I selected the option, “Assign as follows:”, and chose “Read & Write” for Owner, Group, and Everyone. A bit of testing showed that this adjustment was ineffective. Everything was still being created with the default permissions of r/w for the owner, read-only for everyone else (i.e., 744 for files, and 755 for folders). Replicating this setup on another server showed that the problem was not unique to the original machine.

Thanks to the aforementioned UNIX layer, I had another way of achieving my goal.

Although it’s found in the same place (/etc/smb.conf) as other UNIX flavors, OS X’s smb.conf file is a unique beast. Note the following comment at the head of the file:

; Parameters inside the required configuration block should not be altered.
; They may be changed at any time by upgrades or other automated processes.
;
; Site-specific customizations will only be preserved if they are done
; outside this block. If you choose to make customizations, it is your
; own responsibility to verify that they work correctly with the supported
; configuration tools.

Scanning through the file showed that there was no entry for the SMB reshare that was currently being served. However, running the command testparm showed that there was indeed a configuration entry for it:

[Volume_Name]
comment = Volume_Name
path = /Volumes/Volume_Name
read only = No
strict locking = Yes

What the heck? Where is this mount coming from? It turns out that OS X Server is pulling share information from an auto-generated file - /var/db/samba/smb.shares. However, we’re clearly not meant to alter this file, as per the leading comment it includes.

The trick is to include our share specific permissions settings at the bottom of /etc/smb.conf under an entry for the volume name. Ergo, you’d add the following:

[Volume_Name]

create mask = 0777
directory mask = 0777
force create mode = 0777
force directory mode = 0777

You’ll obviously want to adjust the included entries and their relative settings to suit your security situation. Also, note that the section name must match the entry listed by testparm for the association to work.

Additionally, I found that I had to include a setting to disable UNIX extensions for everything to work. Your mileage may vary. Rather than edit the untouchable global block, I added another section at the bottom of smb.conf in the following manner:

[global]

unix extensions = no

Curiously, SMB-attached users will see everything as being owned by them, with no access to anyone else:

-rwx——  1 administrator  staff      0 Nov 22 16:46 test_via_smb

Fortunately, this is only for appearances. In reality, new files and folders are being created as specified. Here’s the same file viewed from a fibre attached workstation:

-rwxrwxrwx   1 <uid>            wheel     0 Nov 22 16:46 test_via_smb

Hopefully this bit of knowledge will save someone else some time. Systems administration is ultimately a group effort!

Share this:

The computer arts and sciences lost another visionary with the recent passing of John McCarthy. Indeed this year seems cursed for the field, with the passing of Dennis Ritchie, father of the C programming language and the operating system UNIX, and Steve Jobs, whose aesthetic and ideological influence on computers drastically reshaped several markets in his too short life.

The effect of these visionaries on how we use computers cannot be overstated. While we encounter the works of great inventors, thinkers, and intellectuals on a daily basis, it is uncommon to have so many of them still alive, as is true with computers. The fact that we are only now losing these people to time speaks to how young this field is, and how quickly it enveloped the world.

I can only imagine that this is what it felt like to be alive in the early part of the last century, when now-legendary people like Albert Einstein, Erwin Schrödinger, Enrico Fermi, and Werner Heisenberg greatly advanced the study of physics, producing the time honored works that they are now famous for. Singularly their names command respect, but the thought of them working side by side as contemporaries is truly awe-inspiring.

Not to be presumptuous of how history will remember our own times, but I’d wager that school children a century from now will read of the golden era of personal computing and how we created the first public world wide network. To them, a world without such advances would seem inconceivable, but we ourselves are witness to the times and people that pushed the state of the art. I am simply glad to be along for the ride.

– Ivan Wright, Server Engineer

A. Piccard, E. Henriot, P. Ehrenfest, Ed. Herzen, Th. De Donder, E. Schrödinger, J.E. Verschaffelt, W. Pauli,W. Heisenberg, R.H. Fowler, L. Brillouin;
P. Debye, M. Knudsen, W.L. Bragg, H.A. Kramers, P.A.M. Dirac, A.H. Compton, L. de Broglie, M. Born, N. Bohr;
I. Langmuir, M. Planck, M. Curie, H.A. Lorentz, A. Einstein, P. Langevin, Ch. E. Guye, C.T.R. Wilson, O.W. Richardson

(Photo Source: bit.ly/sQ2Eph)

Share this:

Yesterday Apple announced that the long time iTunes holdout, The Beatles, would finally be making their way to the iTunes Music Store. In a decade where file sharing addresses availability when the market won’t, the news is almost more novel for its, “Who still needs to buy this?” factor than anything else.

The most compelling reason to acquire Beatles music through iTunes would be for the direct masters-to-digital conversion. It’s a “purer” copy than ripping from a CD. As to whether or not repurchasing your Beatles collection is worthwhile for such a change, who can say? The laser turntable owners of the world probably think so.

The other story behind this is the interesting relationship between Apple Records and Apple Computers. In 1981, Apple Records made Apple Computers promise that they’d never get into the music business after a lawsuit over the company name. Several years later Apple introduced MIDI and audio recording capability to its IIGS line. Apple Records sued again, and the resulting decision effectively squashed Apple’s multimedia development for the next couple of years.

Frustrations over the legal battle, and its limitations placed on Apple Computers, led to the following anecdote from 1991:

When new sounds for System 7 were created, the sounds were reviewed through Apple’s legal department and they objected that the new system sound alert “chime” had a name that was “too musical”, under the recent settlement. The creator of the new sound alerts for System 7 and the Macintosh Startup Sound, Jim Reekes, had grown frustrated with the legal scrutiny and first quipped it should be named “Let It Beep”, a pun on The Beatles’ “Let It Be”. When someone remarked that that wouldn’t pass legal’s approval, he remarked “so sue me.” After a brief reflection, he resubmitted the sound’s name as sosumi (a homophone of “so sue me”), telling the legal department that the name was Japanese and had nothing to do with music.

- Sosumi – Wikipedia, the free encyclopedia

The Sosumi sound effect is still included with Snow Leopard, and is right up there with Clarus the Dogcow for favorite Apple lore among us cultists.

Share this:

Autodesk has announced that AutoCAD will be released for OS X coming this fall. While it’s true that this is a return of sorts for Autodesk’s flagship product (AutoCAD was available for Mac OS in the ‘90s), the release represents a fresh start for Autodesk on the platform. Showing that Autodesk is treating this as a first class Mac application, AutoCAD will support core OS X technology such as the always-useful Quicklook and multi-touch gestures with an Apple laptop trackpad or Magic Trackpad for desktop computers. AutoCAD for OS X will also play nice in mixed environments with the ability to read and write the same drawing files that its Windows brethren can.

The excitement surrounding this news is understandable for architects. Familiar with OS X from home use, I’ve heard many of our clients lament not being able to run their preferred platform in the office as well. The benefits of doing so are certainly undeniable.

First and foremost, OS X enjoys a relatively malware-free existence. It’s no secret that cleaning viral infections from Windows machines constitutes a large portion of workstation downtime. Apple computers also tend to enjoy a longer lifecycle than their Windows counterparts. Complementary software suites and products for OS X, such as Adobe’s Creative Suite and Autodesk’s Maya, take the architecture workflow from design to pre-visualization. With the announcement of Outlook for Mac (Also a returning Mac product!), the technological reasons for avoiding OS X have all but evaporated.

As if the promised release of AutoCAD for OS X weren’t enough, Autodesk has also announced an upcoming application for Apple’s iOS devices. Not just a viewer, the new application will reportedly allow architects to annotate drawings, making site visits that much more productive. If it’s anything like Autodesk’s excellent iPad app SketchBook Pro, it’s sure to be a winner.

Being equal parts designer and engineer, architects are sure to love AutoCAD on OS X. I look forward to our first Mac-based rollout.

Share this:

With the release of Safari 5, Apple included the ability to choose between several search engines for the default search target. Confronted with the choice, I found myself recalling the days when I’d flip between Lycos, AltaVista, Excite, &c while trying to find something. It’s no wonder one would resort to memory when pondering alternative search engines. Google’s become peerless in its original pursuit.

Since complacency is antithetical to discovery, I found myself wondering if I was missing out by not trying Bing. Besides, Google has enough of my life on record between using it for email, phone calls, Internet searching, route mapping, and DNS servers. With much trepidation, I opened Safari’s preferences and changed my default search engine selection from Google to Bing.

It’s amazing how ungainly I felt afterwards. Even the simple change of not seeing the grayed-out word “Google” in the search field felt weird, to say nothing of having a visually unfamiliar results page come up. I’d find myself double-checking searches with Google as some sort of reassurance.

There were also immediate upsides to the switch. Bing’s image search layout is a welcomed improvement over Google’s offering. Bing also does better when researching Windows-related issues; something I do frequently for work. Certain queries for things like company names will return a specially formatted overview that includes the stock price, contact number, and other useful information.

Putting comparisons of design and feature implementation aside though, the most noticeable effect of the switch was the social aspect.

“Bing‽ Are you [expletive deleted] kidding me?” was the first thing I heard from a coworker when he glanced over at my display. This was coming from a guy who employs any beta product he can get his hands on in his daily routine. I might as well have told him that I prefer IE5 for my daily browser.

Other people were less abrasive than my coworker, but just as confused. No one reacted passively. Some people wondered if I mis-set my preferences. Others assumed I made the change as a political statement. Even my non-technical girlfriend had a few choice words for the change.

Based on these observations, it would seem that using Google has evolved into being a cultural choice. Further evidence of this is the word, “Google”, becoming a verb in 2006. I wish the best of luck to Bing on that uphill battle. The world’s a better place with both Coke and Pepsi.

It has now been several weeks since the switch, and I’m finding myself becoming comfortable with Bing. At the risk of continuing my status as a search engine outcast, I plan on trying Yahoo next.

Hopefully my friends will understand.

Share this:

Being told that you’re going to assist in upgrading two of your favorite TV shows to HD brings a level of excitement that’s matched by an equal amount of fear. George Hoover, CTO of the production company NEP Studios, described the pressure aptly in the recent CIO Magazine article, Moving the Daily Show and Colbert to HD: 5 Change Management Lessons: “The world expects that TV shows will start when you expect them to start.” Couple a short window of downtime with the uncertainty of new equipment and unproven workflows, and one begins to wonder if a fluid upgrade is even possible.

Fortunately Control Group’s approach to formidable projects allowed us to complete the project smoothly and on schedule. As noted in the aforementioned article, the trick is to break everything down into manageable tasks, and identify which of those tasks are best addressed with technology, rather than manpower. The workstation setup for the two shows illustrates the benefits of this approach nicely.

The Colbert Report and The Daily Show needed nine new workstations set up for the artists, including installing several 2D design suites, 3D design applications, and a host of supporting plugins. Several render farm servers had to match these workstations setups so that the creation of HD elements could be distributed. Since this is a fair amount of equipment to arrange, we wanted to first be sure that the artists would be comfortable in their new environment. We created a “perfect” workstation for each show, and invited the end users to try them out at our office.

After making a few adjustments based on user feedback, we duplicated these master machines to their brethren using OS X’s excellent Apple System Restore utility. Used in concert with a networking technique known as multicast, we were able to get all of the workstations set up simultaneously, saving countless hours of manpower.

The time savings allowed us to get a jump on the real time sink of setting up design workstations – installing plugins. Due to the way many plugins are licensed, the installations had to be performed individually as each user. A team of Control Group employees attacked the 225 some-odd separate installs, completing them over the course of a day or two. Afterwards, specially crafted project files allowed us to test all the workstations and render nodes in a single shot, ensuring that the artists wouldn’t be confronted by a licensing dialog at show time.

As demonstrated at The Colbert Report and The Daily Show, a carefully planned approach allowed Control Group to assist NEP in completing their HD rollout on time and within the budget allotted. The satisfaction of watching both shows in full frame 1080p HD has been well worth the effort. (Getting to hear Stephen Colbert riff on an auto-tuner backstage wasn’t half bad either.)

Here’s a clip of Stephen Colbert enjoying the new HD setup.

Share this:

In the beginning, there was just one web browser… and it was good. Mainly because there wasn’t another web browser to be “the bad one”.

Written for NeXTStep by Sir Tim Berners-Lee, WorldWideWeb was the first of many browsers to offer up their view of how web pages should be rendered for the end user. Although the world wide web is based on open standards that are interoperable by anyone, the browser community became a near monoculture during the mid to late 90s thanks to Microsoft’s inclusion of Internet Explorer with Windows. Even Mac OS X users were ensnared by Internet Explorer as it was not only the first browser for the then-new OS, but one of the very first 3rd-party applications as well.

Then, in 2003, Firefox (then called Phoenix) showed up on the scene. Although other web browsers such as Netscape Navigator and Opera Software’s Opera had established user bases, it was Firefox that captured the hearts of the alpha geeks by way of its altruistic goal to create a good open source web browser. No longer was browser functionality beholden to the whims of its parent corporation. Now the end user was king.

Initially this freedom brought a flurry of innovation in browser design. Things like tabbed windows, download managers, and an interface add-on architecture were created or borrowed to make Firefox a more useful browser. Companies such as Apple saw value in the open source browser effort and joined or started open source projects of their own. Soon the idea of a modern browser became so powerful that even Microsoft updated Internet Explorer to include these improvements.

As the browser grew up, the Internet continued to diversify in use, and discovered along the way that one browser layout does not fit all. Although interface hacks gave Firefox specialized capabilities, people started to wonder whether or not it would make more sense to design a browser for a specific purpose from the interface up. Now came the rise of the specialized browser.

Google Chrome

Flock is probably the most well known of the specialized browser breed, which is to say that you’ve probably never heard of it unless you’re a geek or one of their unwitting testbed friends. Available for Linux, Mac OS X, and Windows, Flock is built around interacting with social networking sites, webmail, blogs, and more. Friend lists for sites like Facebook are readily available in a browser sidebar. Posting a link on your blog is as easy as bringing up special text edit panel without leaving the site you’re on. Overall the goal is to abstract services from their respective websites to make them more tool-like.

Some specialized browsers are reductions rather than additions. Google turned a lot of heads when they released Chrome, a web browser with a uniquely minimal interface. While the “get the browser out of the way” interface was warmly embraced by alpha geeks, the hoovering of personal web activity by Google through Chrome was not.

Enter Iron. Since Chrome is run by Google as an open source project, enterprising programmers took the Chrome source code and removed all the components that transmitted personal data to the Google mothership. The browser retains the look and functionality of Chrome while respecting the user’s privacy.

The Ghostzilla Browser

Other specialized browsers serve more subversive purposes. Based on the Gecko rendering engine, the now discontinued Ghostzilla allowed sneaky office users a chance to peek at the Internet without raising the suspicions of their over-the-shoulder glancing managers. Rather than display content in a traditional browser window, Ghostzilla masked its purpose by running inside the window space of a traditional Office app such as Microsoft Word. Web pages were rendered in black and white and images were not loaded unless moused over. The entire browser space itself disappeared when the mouse was moved away, making covering your tracks as simple as a gesture.

The specialization of web browsers shows that the world wide web is evolving in a way that is healthy and intended. Although he could have used closed, secretive code to instruct web browsers on how to display web pages, Sir Tim Berners-Lee chose to employ an open human-readable language called HTML. This even playing field has fostered a level of communication that is unprecedented in human history. Let the good times download.

Share this:

Apple’s venerable Apple Software Restore (asr) tool includes the insanely useful ability to image a nearly unlimited number of network clients. It accomplishes this via a router’s ability to broadcast data to any number of clients simultaneously from a single IP address. Known as multicasting, this allows even a modest computer to image a hundred Macs with 35GB images in a single fell swoop.

An ASR Restore Image in Disk Utility

The disk images asr works with are the same format used by Mac OS X’s Disk Utility. This means you can do a rollout over the network and keep the master file on hand in your re-imaging kit, should one of your workstations run into trouble and need to be re-imaged over FireWire. To ensure the sanctity of the final result, disk images include an embedded checksum which is automatically verified during the deployment process. This can be a significant advantage in using asr over of Apple NetInstall, which requires its own folder-based setup of restore source files.

Disk images are also hardware agnostic for the most part. You can build your image on a Mac Mini and apply it to anything from a PowerMac G5, to an Macbook Pro so long as it can get on the same subnet as the asr host.

The usual caveats of disk imaging apply unfortunately. You’re going to have to sweat individual serial numbers if you don’t employ network or volume licensing. Settings like hostnames and non-ubiquitous local users will require individual workstation visits without centralized management. However, having asr around to do the heavy lifting means you may be able to turn a strenuous two day deployment into a breezy one day affair.

Share this: