chealion.ca

On Learning Gateway API using Cilium's Node IPAM and L2 features

chealion@chealion.ca (Micheal Jones) — Thu, 13 Nov 2025 11:26:19 -0700

During my learning of the Kubernetes gateway API, I wanted to explore two of the different options Cilium has to assign an external IP to a service. Namely leveraging Node IPAM which will allow you to use the IP addresses of your nodes, as well as the more general L2 option where you specify what IP addresses it should respond to within my home’s local network.

It’s not intended to be used this way for long, but gives me flexibility in presenting services in a way I know will work while sorting out some larger IPv6 routing choices by my ISP. (Figuring out how to convince my router to handle multiple /64s since I have a /56 delegated to me)

My learning/example application is using echoserver as the application and service, and then we’ll leverage gateway API and HTTPRoutes. It also shows the code and assumes the contents shown are put into a file and applied using kubectl apply

Without further adieu, let’s show how you configure it and what the results look like.

Let’s set up a basic echo app with Cilium’s Gateway API using both Node IPAM and L2!

1. Configure Cilium for L2

There are two items we need to set up with Cilium:

Configure Cilium to do L2 announcements - by setting l2announcements.enabled=true in Cilium’s config. (see upstream docs for full instructions on customizing Cilium)
Create a LoadBalancerIPPool and a CiliumL2AnnouncementPolicy object

The below sets what IPs are available, and on what interfaces on the nodes should Cilium respond to these IPs on.

---
apiVersion: "cilium.io/v2"
kind: CiliumLoadBalancerIPPool
metadata:
  name: "example-l2"
spec:
  blocks:
  - cidr: "192.168.123.0/24"

---
apiVersion: "cilium.io/v2alpha1"
kind: CiliumL2AnnouncementPolicy
metadata:
  name: example-l2-policy
spec:
  interfaces:
  # Advertise on enp* named interfaces
  # Change if you interface is different
  - ^enp[0-9]s[0-9]f[0-9]+
  externalIPs: true
  loadBalancerIPs: true

Once that is applied, we now have IP addresses associated with our L2 setup for the load balancer (Envoy in our case) to leverage. Because we have no selectors set up as seen in the upstream docs, it will be the greedy default provider.

2. Create your Node IPAM configuration

To do this, we need to configure Cilium to allow Node IPAM - by setting nodeIPAM.enabled=true in Cilium’s config. (see upstream docs for full instructions on customizing Cilium).

To leverage this, we will need to make sure our LoadBalancer service is using the loadBalancerClass of io.cilium/node.

3. Create our deployments

Our next step is that we will deploy two different deployments of echoserver named for each gateway to make it easier to tell apart. This is the same deployment with different names.

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: echoserver-l2
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: echoserver-l2
  template:
    metadata:
      labels:
        app: echoserver-l2
    spec:
      containers:
      - image: ealen/echo-server:latest
        imagePullPolicy: IfNotPresent
        name: echoserver
        ports:
        - containerPort: 80
        env:
        - name: PORT
          value: "80"
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: echoserver-node
  namespace: default
spec:
  replicas: 2
  selector:
    matchLabels:
      app: echoserver-node
  template:
    metadata:
      labels:
        app: echoserver-node
    spec:
      containers:
      - image: ealen/echo-server:latest
        imagePullPolicy: IfNotPresent
        name: echoserver
        ports:
        - containerPort: 80
        env:
        - name: PORT
          value: "80"

You can check out the pods with kubectl get pods at this point to ensure they are running.

4. Deploy our gateways

Our goal here is to create a gateway targeting each IPAM approach (Node vs L2). It’s important to note that the Node IPAM approach requires a second GatewayClass to be created and it’s associated config to set loadBalancerClass as mentioned in step 2

---
apiVersion: gateway.networking.k8s.io/v1
kind: GatewayClass
metadata:
  name: node-gateway-class
spec:
  controllerName: io.cilium/gateway-controller
  description: Non default gateway class to use node ipam.
  parametersRef:
    group: cilium.io
    kind: CiliumGatewayClassConfig
    name: node-gateway-config
    namespace: default
---
apiVersion: cilium.io/v2alpha1
kind: CiliumGatewayClassConfig
metadata:
  name: node-gateway-config
  namespace: default
spec:
  service:
    loadBalancerClass: io.cilium/node

---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: my-l2-gateway
spec:
  # Use default gatewayClass
  gatewayClassName: cilium
  listeners:
  - protocol: HTTP
    port: 80
    name: l2-gw
    allowedRoutes:
      namespaces:
        from: Same
---
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: my-node-gateway
spec:
  gatewayClassName: node-gateway-class
  listeners:
  - protocol: HTTP
    port: 80
    name: node-gw
    allowedRoutes:
      namespaces:
        from: Same

To confirm they are created you can see them with kubectl get gateway. If you have errors - you’ll want to start with the cilium-operator logs.

5. Deploy the HTTPRoutes

Next, we can add the route that ties the service defined in the next step with the gateway we just created for each of our example deployments.

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: http-l2-route
spec:
  parentRefs:
  - name: my-l2-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: l2-service
      port: 80
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: http-node-route
spec:
  parentRefs:
  - name: my-node-gateway
    namespace: default
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: node-service
  port: 80

To confirm they are created you can see them with kubectl get httproute. If you have errors - you’ll want to start with the cilium-operator logs.

We should see 1 attached route to each gateway, and each gateway should have an external IP. The Node IPAM will list all of the available nodes.

kubectl get gateway -o yaml | grep ttach 

    - attachedRoutes: 1
    - attachedRoutes: 1

kubectl get gateway

    NAME             CLASS                      ADDRESS        PROGRAMMED   AGE
    my-l2-gateway    cilium                     192.168.123.2  True         3m
    my-node-gateway  nodeipamlb-gateway-class   192.168.124.3  True         3m

6. Deploy the services

Next, we need to attach our deployments to our gateway using a service - seeing the labels attach the components together.

---
apiVersion: v1
kind: Service
metadata:
  name: l2-service
  labels:
    app: echoserver-l2
    service: l2-service
spec:
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    name: http
  selector:
    app: echoserver-l2
---
apiVersion: v1
kind: Service
metadata:
  name: node-service
  labels:
    app: echoserver-node
    service: node-service
spec:
  ports:
  - port: 80
    targetPort: 80
    protocol: TCP
    name: http
  selector:
    app: echoserver-node

And as always you can double check they exist using kubectl get svc.

7. Confirm connectivity

The last part will require jq for ease. We can use it to grab our external gateways and then curl the IP to find out which deployment we’re talking to.

Grab the external gateway IPs and then we’ll curl to echo back the info we want:

L2GATEWAY=$(kubectl get gateway my-l2-gateway -o json | jq -r '.status.addresses[0].value')
NODEGATEWAY=$(kubectl get gateway my-node-gateway -o json | jq -r '.status.addresses[0].value')
curl -v http://${L2GATEWAY}/ | jq '.environment.HOSTNAME'
curl -v http://${NODEGATEWAY}/ | jq '.environment.HOSTNAME'

If it’s working correctly you’ll see the normal curl output followed by "echoserver-l2-<rest of container name>" or "echoserver-node-<rest of container name>"

NOTE: As of 1.18, it’s not possible to enable access logs in Envoy which makes debugging a little harder to note that your HTTPRoute is not pointed to a service that exists.

Starred Podcasts to mcjones.ca

chealion@chealion.ca (Micheal Jones) — Sun, 23 Jul 2023 23:54:02 -0600

I have finally completed a piece of work I started July last year with mcjones.ca - that is having a good spot to dump all the starred podcasts from Overcast. I’ve wanted to share them or create something I can go back to reference, and this still isn’t quite that, but it is at least getting everything in one place.

The majority of the entries do not have any notes - just the name and I’ve had to go digging for links to the various podcast’s websites. Apparently I have/had 392 entries I’ve sent to Bear from Overcast with the #podcast tag.

Here’s hoping it proves to be useful with the demise of most social media lately.

SSH Key Types and Crytography Short Notes in 2023

chealion@chealion.ca (Micheal Jones) — Mon, 06 Feb 2023 21:15:24 -0700

This is an update to my personal notes that made up my 2016 post: SSH Key Types and Cryptogpraphy: The Short Notes.

Things have changed in short 6+ years since this post. Namely DSA is long one, RSA is on well on its way out, and the two newer options in that post are now considered the minimum standard.

The too long, didn’t read version of this entire post is almost the same as what I said in 2016 - use ed25519 for your keys unless something explicitly does not support it.

OpenSSH Version References

From the notes I gathered to make the previous blog post - ed25519 was introduced in OpenSSH 6.5+

Ubuntu

OS Version	OpenSSH Version
12.04	5.9
14.04	6.6
16.04	7.2
18.04	7.6
20.04	8.2
22.04	8.9

macOS

OS Version	OpenSSH Version
10.12 Sierra (2016)	7.3
10.13 High Sierra (2017)	7.6
10.14 Mojave (2018)	7.9
10.15 Catalina (2019)	7.9
11.x Big Sur (2020)	8.1
12.x Monterey (2021)	8.6
13.x Ventura (2022)	9.0
14.x Sonoma (2023)	9.3

Nova / Horizon (OpenStack)

Of note ed25519 support was removed prior to Ocata, and then restored with around version 19 (Stein / Apr 2019) of nova-api.

Dev Diary - Community Development Map

chealion@chealion.ca (Micheal Jones) — Mon, 30 Aug 2021 09:00:00 -0600

The Problem

The City of Calgary has a number of resources available for finding out what development is happening in your community. The primary resource is the Development Map, which while comprehensive is significantly off putting because of the amount of information presented. It also only covers the major developments - land use changes and development permits, that are open to some community consultation.

My particular community - Sunalta - has an additional problem because we joined a project with the City of Calgary removing the need for most businesses to apply for a development permit for change of use on our Main Streets (10th Ave. and 14th St). While we are very supportive of the project, we’ve always struggled with notification or knowing when a new business has moved in so we could welcome them to the community. The lack of development permit makes this a bit harder.

The Data

Thankfully, the City provides this data via their open data portal:

However the City also releases the information for more minor information to help answer resident’s questions that are sometimes directed to us.

[Building Permits])(https://data.calgary.ca/Business-and-Economic-Activity/Building-Permits/c2es-76ed)
Tenancy Changes - when businesses move in to the neighbourhood!

But can I use it?

So cool, we have some data. How do we make this easier to use? The Open Data Portal does present the data and even allows you to do some visualization but you’re unable to share your visualizations and filtered datasets without logging in. So using data.calgary.ca is only good for exploration. It also does not provide a great way for less technically minded folks on our board to get this data or even glance at it.

So the next best thing is to look at setting something up to read the data and create the visualizations we want!

The “solution”

From here I’ll share my notes about how I arrived at my solution. It’s far from the only solution, but is the result of my trial, error, and realizing there are a LOT of options I’m simply not even aware of.

Filtering

The first step was to try and filter the data from the 4 datasets to just the area I cared about - turns out this is easy with Socrata’s Query Language. Adding ?communityname=SUNALTA to my queries and the python py-soda library and I’m off to the races. The land use dataset however does NOT include community fields, so I bet heavily on that 1000 land use items is sufficient for the last 365 days worth of data.

Visualization (Streamlit)

The next tech I dove into - was how can I show off this data on a map and in a table. At work another team has started using Streamlit and it was incredibly easy to get started with. It also had a fantastic feature where it will cache data removing my worry about needing to jump through hoops to avoid hitting data.calgary.ca too many times and needing to create a caching layer myself.

The biggest gotchas with streamlit I have found is that the default map is nowhere near as featureful as using the plotly library to put dots on the map. Plotly’s table feature while supported has terrible performance and causes everything to drag to a halt. As such I went with Plotly for showing the map, but used Streamlit’s native table view to show off the data.

Hosting

While Streamlit is easy to run and put a reverse proxy in front of (for SSL and caching), they do also run a free service to deploy your Streamlit app to Heroku for showing off. Streamlit Sharing is free for public repositories (like this project). It will also hook up to GitHub to redeploy your app whenever you push an update without needing to code this in GitHub workflows yourself. Very convenient.

Hugo Archetypes

chealion@chealion.ca (Micheal Jones) — Thu, 26 Aug 2021 15:04:54 -0600

As the first post to my TIL section where I’m trying to encourage myself to write more frequently on smaller topics; I learned about Hugo’s Archetypes.

The tl;dr is that archetypes is the template for new content. As such instead of typing out all of the metadata fields each time, I can type hugo new blog/<name>.md to get a new blog post and hugo new til/<name>.md. These are each defined in the archetypes folder in blog.md and til.md.

For example I use the below in blog.md:

+++
categories = []
tags = []
description = ""
slug = '{{ .File.BaseFileName }}'
draft = true
title = "{{ replace .Name "-" " " | title }}"
date = {{ .Date }}
author = "Micheal J."
+++

Dev Diary - yycbike_count - Python 3 and GitHub Actions

chealion@chealion.ca (Micheal Jones) — Thu, 08 Jul 2021 00:00:00 +0000

A couple weeks back, a Twitter bot I run stopped working correctly. It’s been on my list for a long time to revamp and clean up - if only because the server that it was running on was very overdue for being rebuilt. So when Eco Counter changed their private API and broke the script it provided a great chance to rewrite.

Fun items learned along the way:

Python 3 Upgrade Notes

Changing print is straight forward.
f strings are awesome
Cleaning up data is super time consuming, but cleans things up so nicely.

GitHub Actions

As part of the rewrite I wanted to explore ways to stop managing a server in order to run the bot. As it turns out GitHub actions has a schedule feature and could work quite well for both testing and running the script. They also provide a fantastic learning tutorial at https://lab.github.com/githubtraining/github-actions:-hello-world.

It gave me a great easy chance to get into actually setting up a simplistic CD system for myself, and to get my hands dirty. This coupled with act made it easy to test and run the script through being rewritten.

The whole process is summarized in a sentence, but it took some time and I hope will pay off in spades in the future.

You can find the workflow used on GitHub.

Repurposing or Extending yycbike_count

For those who are interested in taking the work in yycbike_count to use for their own city - please do. There are a couple things to mention if you want to re-use most of the work I did.

Counter Config

The counter config is hard coded into twitterBot.py - sorry.

GitHub Actions

If you want to use the workflow you’ll need to make 4 GitHub secrets correspondding to the environment variables (TWITTER_TOKEN, TWITTER_TOKEN_KEY, etc.). If you want to use act, you’ll also need to add them to the .secrets file.

act

If you want to use act to run the workflow locally you’ll need to add the following to your .actrc file:

-P ubuntu-latest=catthehacker/ubuntu:act-latest

Running Pihole using Docker on your Mac

chealion@chealion.ca (Micheal Jones) — Thu, 08 Aug 2019 20:00:02 +0000

A colleague of mine mentioned an open source program called Pi-hole designed to act as a DNS resolver in your local network to blackhole trackers and ads. The biggest advantage of this is that it can also be used by devices that don’t support adblockers natively or are cumbersome to use.

So how does one trial something on their local Mac to see if it’s worthwhile? Turns out the project has a Dockerfile and it works quite well, and if you don’t expose the DHCP ports you can ignore breaking your work network with a rogue DHCP server. So assuming you already have Docker installed:

cat <<EOF | tee ~/.piholeenv
WEBPASSWORD=pihole
DNS1=1.1.1.1
IPv6=True
EOF

docker pull pihole/pihole

docker run -d -p 80:80 -p 53:53 -p 53:53/udp -p 443:443 --restart=unless-stopped --env-file ~/.piholeenv --name pihole pihole/pihole

open http://127.0.0.1/admin/

Next, set your DNS server to 127.0.0.1:

networksetup -setdnsservers Wi-Fi 127.0.0.1

And nada, a quick, dirty, and SUPER ephemeral test that doesn’t mess with the current DHCP setup on your network. If you want to run it more long term, follow the docs properly and specify a volume to save the data.

To shut it all down:

docker stop pihole
docker rm pihole

Unfortunately my home router provided by my ISP doesn’t offer the ability to change DNS. So I guess that’s the push necessary to get around to putting it in bridge mode and getting a proper router.

Using CloudFlare as a v6 to v4 Bridge

chealion@chealion.ca (Micheal Jones) — Sat, 09 Jul 2016 06:45:08 +0000

CloudFlare offers the ability for you to turn on CDN caching and present your service to the public without requiring a public IPv4 address (so long as you have a publicly accessible v6 address) To turn it on, add the DNS entry to your domain on CloudFlare, and then turn on the caching service (Coloured in logo)

The caveats with the CDN are the same as if you had a v4 address; only certain ports (eg. 80, 8080, 443 , 8443, etc.) work. The output from your server is cached/proxied via CloudFlare’s CDN servers. So it’s not a full fix; eg. no port 22 to ssh in, but for running a web/http based service can be quite useful.

SSH Key Types and Cryptography: The Short Notes

chealion@chealion.ca (Micheal Jones) — Mon, 20 Jun 2016 18:41:23 +0000

On nearly all current (< 3 years old) operating systems there are 4 different types of SSH key types available - both as a client’s key and the host key:

DSA (No longer allowed by default in OpenSSH 7.0+)
RSA
ECDSA (OpenSSH 5.7+)
ed25519 (OpenSSH 6.5+)

So which one to use?

In general, the best practice preference is to use ed25519 if possible, otherwise use RSA (4096 bits) due to mistrust of NIST’s curve for ECDSA. Which key is chosen/created is managed by HostKeyAlgorithms in sshd.conf, and when you create a client key by running ssh-keygen. So what about the other parts of an SSH connection, and can I use an ed25519 key anywhere?

The key types are just one portion of an SSH connection; authentication. SSH connections have three major cryptographic phases, the key exchange, the authentication, followed by the negotiated symmetric encryption used by the rest of the connection. (If you want more detail, check out Digital Ocean or Cisco’s explanations.)

Unlike the SSH key type, the ciphers and key exchange are decided on between sshd and ssh depending on their feature set and what is defined in their config files.

If you’re running OpenSSH 6.3 or newer you can see what algorithms are supported by running one of the three commands: ssh -Q [cipher|mac|kex], or read man ssh_config.

Key Exchange

A glossed over version of the key exchange, has the client and the server share some information (eg. public keys) and use the Diffie-Hellman algorithm with a decided curve to set up the cipher (symmetric key) and the MAC (message authentication code to confirm validity) to be used for the rest of the connection.

Mozilla’s recomended list of kex choices to use (specify in sshd_config) per their wiki is a great starting point. The summary being anything at least with a sha256 confirmation helps.

Encryption

The symmetric key created during the key exchange step is now used to encrypt and decrypt the rest of the connection.

Mozilla’s wiki again lists the most recommended ciphers and MACs with the new chacha20-poly1305 being the first on the list.

Key Type Reference

OS	OpenSSH	Type
Ubuntu 12.04	5.9	dsa,rsa,ecdsa
Ubuntu 14.04	6.6	dsa,rsa,ecdsa,ed25519
Ubuntu 16.04	7.2	dsa*,rsa,ecdsa,ed25519
Fedora 23	7.1	dsa*,rsa,ecdsa,ed25519
CentOS 7	6.4	dsa,rsa,ecdsa
Mac OS X 10.11 (El Capitan)	6.9	dsa,rsa,ecdsa,ed25519
macOS 10.12 (Sierra DP)	7.2	dsa*,rsa,ecdsa,ed25519
Cmder	7.1	dsa*,rca,edsa,ed25519
Window 10 (14342)	6.6.1	dsa,rsa,ecdsa,ed25519
PuTTY	N/A	dsa,rsa,ecdsa[1],ed25519[1]

* - disabled by default for sshd
1 - PuTTY stable only supports dsa and rsa but the latest development snapshots support ecdsa and ed25519.

TL;DR

Unless you’re using CentOS 6 or Ubuntu 12.04, use ed25519 keys and Mozilla’s config files to limit the preferred connection ciphers.

What's calgary.bike?

chealion@chealion.ca (Micheal Jones) — Sat, 18 Apr 2015 21:10:48 +0000

On April 8th I stopped redirecting calgary.bike to Bike Calgary[1] to start showing off the aggregated data that I was pulling together from the 3 Eco-Counter installations. With the source on GitHub, I thought it’d be worth explaining a little of the why and how.

At the start of January, the City of Calgary made public the web page for bike counter on the Peace Bridge with promises of making more available including at least 10 more during the upcoming cycle track pilot. The Peace Bridge counter had data stretching back to April 24th, 2014 and by default was always showing the entire daily data set.

My first curiousity was whether I can could have a bookmark to just show the last week or so worth of numbers which led me to figuring out how the webapp worked. (Good ol’ WebKit developer tools)

After that in tandem with some projects I was looking into for work I decided to start seeing about scrapping the data and storing it somewhere to compare numbers (different installations, averages, weather) more easily. So a big thank you for the people at the City and Eco-Counter for not telling me to “get lost and don’t use things inappropriately”.

As for how - the Python scripts just ask Environment Canada and the counters once a day for their last day’s worth of new data (if possible) and store it in Graphite. Interacting with the data is Grafana 2 behind nginx. All hosted on a tiny instance on some publicly available free compute resources that I just happen to also manage as part of my day job. Funnily, most of the script writing was done during an all nighter at a Denny’s in Kamloops waiting for 4 AM to roll around so I could swap some power cables in a maintenance window.

It’s nothing fancy but it’s fun to see what might come of it when data is made available.

1 - I had registered the domain last year and figured that was a good place to point until I had a better idea of how to use it.

Trying to make sense of when to use Docker vs. LXC

chealion@chealion.ca (Micheal Jones) — Tue, 10 Jun 2014 19:36:58 +0000

While working on some side projects the past couple weeks I kept confusing myself on how things worked behind the scenes between Linux Containers and Docker. They both leverage the Linux kernel’s cgroups to function on Linux (and in Docker’s case - similiar technologies in other OSes), but differ completely in terms of how you interact with them.

While Linux Containers can best be thought of a super lightweight VM to run a whole VM, Docker contains a slew of other features that blur the lines between it acting like a super lightweight VM and being a full platform to build off of. Docker plays closer to the idea of a process/group of processes (application) under a chroot versus LXC’s idea of a whole OS/machine in a chroot jail.

So it’s misleading to think of a Docker container the same way as a LXC container. Same technology behind the scenes but completely different approaches. For Docker it’s all in how you set up your container to run - you can have all the other services you normally get in a VM if you so wish.

For example with LXC setting up MySQL would consist of making the container, running the command to install MySQL and setting the service to go. You can then log in or attach and run other commands as well if necessary.

Docker on the other hand involves similar steps with the flexibility of having Docker do the install and run the service when the container starts (defined in the Dockerfile). However if you want to attach to that container and run more commands you have to have set access to do that up ahead of time (eg. supervisord, runit), create a new container with that command, or try and force your way into the container. (you can try lxc-attach but if you want a new TTY and you’re attaching to a mysqld instance? Not going to work)

After figuring that out - the use of Puppet in Docker started to make more sense. Have Puppet configure your image and then save/commit that state or kick off the supervisord process to keep the container “alive”. Docker lends itself more to recreating/iterating whenever a new update is needed over updating settings.

In summary - LXC container is analagous to a VM, while Docker a very supercharged sandbox for running a process or group of processes. Use LXC when you’re wanting a separate “server” without the extra overhead, Docker when you’re wanting to run a “service”.

I also recommend reading the FAQ - primarily the what Docker “adds to LXC”. In the end it’s left me more leery of using Docker - it’s a bit of a paradigm shift I’m not ready to do just yet.

On one last sidenote, IPv6 support also looks like a lot of pain - but not any worse than LXC.

IPv6 and Systems

chealion@chealion.ca (Micheal Jones) — Sun, 04 May 2014 23:23:51 +0000

Last Monday I was part of a team presenting a workshop at BCNET’s 2014 conference about Configuring IPv6 for Networks and Systems. The network walkthrough and slides put together by BCNET are available on their wiki while the Systems portion I worked has the slides and workshop examples on Github.

Thanks to everyone who came out.

About Me

chealion@chealion.ca (Micheal Jones) — Tue, 18 Feb 2014 05:28:04 +0000

I am a Technical Operations Manager at Cybera by day, a geek, father, and husband by night. My current role grants me a great deal of freedom to try out various different solutions both as a learning exercise and as a way to improve how things run. I’ve used the pseudonym Chealion online since 1998 and have subsequently owned and posted content on chealion.ca off and on (more off than on) since 2006.

I’m writing this for myself so I apologize in advance if you find it not very focused.

You can get contact me by emailing me chealion AT chealion DOT ca

Other haunts:

Github
Flickr
Mastodon

Moving to Ghost

chealion@chealion.ca (Micheal Jones) — Tue, 18 Feb 2014 05:21:02 +0000

Alongside changing hosts (moving from TextDrive to my own VPS), adding IPv6 support for my websites and taking far too long to do it I’ve also swapped WordPress for Ghost. Slightly involved installation but much nicer. Most importantly no comment spam.

Calgary FCPUG: Outputting to Blu-ray, DVD and the Web

chealion@chealion.ca (Micheal Jones) — Sat, 12 Mar 2011 00:23:13 +0000

I’ve now uploaded the slides from the talk I gave to the Calgary FCPUG about outputting to Blu-ray, DVD and the Web. You can grab them from the following link:

https://chealion.ca/other/OutputBDDVDWeb.pdf

I do have an audio recording of the first presentation I’ve given since high school but have yet had a chance to listen and edit it as necessary.

I hope everyone found it useful.

Using Gmail as your SMTP server When Using your ISP's Email

chealion@chealion.ca (Micheal Jones) — Sat, 22 Jan 2011 15:07:22 +0000

NOTE: You’re going to be using Google’s service to send the email but for all intents and purposes it’s completely transparent to both you and your recipient. It’s also a world lot better than using some random SMTP server (having to find out the local one and always change it) or finding all your email you sent doesn’t even arrive in your recipient’s inbox because it’s been marked as spam because of the server used. I’d recommend looking for an IMAP host instead for the long run.

For brevity I’m leaving out the exact steps to hook this up with your favourite mail client but you can find that out fairly easily as it’s only changing the SMTP server (or check my post about setting up Shaw’s SMTP service) and change mail.shaw.ca to smtp.gmail.com and using your Google login instead of say Shaw’s in the section about changing your SMTP server).

Set up a Google Account. If you have one you’re good to go.
Log into Gmail
Go to Settings (link is in the top right)
Go to Accounts and Import
Under “Send mail as:” section click “Send mail from another address”
Enter your email address you want to use (eg. username@shaw.ca) and press Next
Choose to use Gmail’s servers, press Next and choose Send Verification
Click on the link in the verification email. This will verify the email address so you can move onto step 9. You may need to check your Junk Mail folder.
Back at the “Send mail as” section (you may need to refresh the browser) click the “make default” link for the email address you set up and be sure that below it “Always reply from default address” is selected.
Now be sure to change your SMTP settings on your computer/mobile device accordingly. This varies from device to device as to the steps but is the most important step. If not set correctly (eg. not turning off other SMTP servers on an iOS device) will make everything we’ve done for naught.
Send an email to yourself to test and reply to it and make sure it gets to the right address. The only times I’ve ever seen an error here is if the SMTP wasn’t set up correctly, step 9 wasn’t followed or the carrier’s SMTP server was enabled again (yes it’s repeated because it accounts for 99% of errors I’ve seen).

Not difficult, but something I can grab when writing an email on how to do it. :-)

Hooking Up with Shaw's New "Remote SMTP" Service

chealion@chealion.ca (Micheal Jones) — Sat, 22 Jan 2011 14:46:50 +0000

Update (February 2012 - Webmail 2.0 is completely up with all it’s Exchange goodness - so check out Shaw’s new instructions )

Please join me in welcoming Shaw’s new feature of actually allowing Shaw email users to send email while travelling without resorting to webmail or trying to find the local ISP’s SMTP server address (or seeing that Telus’ mobile SMTP server is blacklisted AGAIN marking all your email as spam). This is of course ignoring that I don’t recommend anyone actually use their ISP provided email address but instead use something a bit more dedicated like your own domain or an actual email service. It’s still better than an AOL address.

Previously I’d been setting clients up to use a Gmail account as their proxy sending address when they have a Shaw or Telus email address - this makes it easier for Shaw clients. It’s also a lot simpler than the Gmail approach (which I have yet to post here).

Coles Notes

Turn on Mobile Access using the new Webmail beta: https://wmbeta.shaw.ca
Change your SMTP settings to point to mail.shaw.ca using port 587, STARTTLS, and use your username and password as the authentication

More elaborate instructions

Setting Up Shaw’s End:

Sign into https://wmbeta.shaw.ca
Click on Preferences (right side of screen - it’s a text link beside Feedback)
Click on the ‘tab’ that says ‘Mobile Access’
Set it to Enabled (click the radio button beside it)
You may need to change your password to meet their new security requirements.
Press Save. It will say “Preferences saved” in a small yellow box at the top of the page if it’s successful.

Thunderbird:

Go to the Tools menu and choose Account Settings
On the left side on that window click on “Outgoing Server (SMTP)”. You may need to scroll as it’s always the last item.
There should be an item associated with the Shaw account you just turned on. Whichever account you turned on Mobile Access for and click on it and then click the button that says “Edit…”
In the window that appears change the server name to mail.shaw.ca instead of shawmail or shawmail.cg.shawcable.net that it was set to. The port number should be changed from 25 to 587 and the Connection Security to STARTTLS. Authentication: Normal password and then enter your username
Press OK
If you did not change your password when setting up Shaw then press OK and you’re done. If you did change your password when setting up Mobile Access the next time you check email it will ask you for a new password and you can enter it.

Mail.app:

Go to the Preferences and click on the Accounts section
Click on your Shaw account on the left side
Where it says Outgoing Mail Server (SMTP): click on the drop down menu and choose “Edit SMTP Server List”.
Find the Shaw SMTP server in that list and click on it.
Change Server Name to mail.shaw.ca
Click on the Advanced tab
Check off Use Secure Sockets Layer
Change the Authentication drop down menu to Password
Enter your username and password and then press OK.
Close the accounts preferences window and say yes to saving it if necessary.

Shaw’s already provided instructions on setting up an account anew for iOS, Android and Blackberry devices: https://wmbeta.shaw.ca/doc/offnet-device-instructions.html

Using Compressor to Make H.264 MP4s

chealion@chealion.ca (Micheal Jones) — Thu, 23 Sep 2010 14:06:05 +0000

In April I pushed to GitHub my RewraptoMP4 Script I put together to help assist in creating proper MPEG-4 container files while being able to use the x264 QuickTime component in Compressor. Compressor only allows you to specify the codec being used when exporting to a QuickTime file, however it is possible to use QuickTime Player after the fact to convert a QuickTime Movie to an MPEG-4 without transcoding so long as the codecs are supported in the MPEG-4 container spec.

My primary reason for the extra work is that Google Chrome will not recognize a .mov file as a valid wrapper for video in HTML 5’s <video> tags.

Using Compressor

You need to make your Compressor preset using x264 as a normal QuickTime movie preset (use the table below to help with settings if necessary). You’ll then want to grab the script from GitHub and add it as a script to your preset.

Scripting Compressor isn’t very straight forward, while you can use AppleScript or launch a script using Compressor they fail to mention that the script must be saved as an application and the file is accessed by using on open.

Helpful Table of Limitations

Device	Max Res	Max Bit Rate	H.264 Settings
iPhone	640x480	2.5 Mbps	Can only use Baseline profile Level 3.0 with CAVLC
iPod touch	640x480	2.5 Mbps	Can only use Baseline profile Level 3.0 with CAVLC
iPhone 3G	640x480	2.5 Mbps	Can only use Baseline profile Level 3.0 with CAVLC
iPod touch 2G	640x480	2.5 Mbps	Can only use Baseline profile Level 3.0 with CAVLC
iPhone 3G S	640x480	2.5 Mbps	Can only use Baseline profile Level 3.0 with CAVLC
iPod touch 3G	640x480	2.5 Mbps	Can only use Baseline profile Level 3.0 with CAVLC
iPad	1280x720	"Unlimited"	Can only use up to Main Profile Level 3.1
iPhone 4	1280x720	"Unlimited"	Can only use up to Main Profile Level 3.1
iPod touch 4G	1280x720	"Unlimited"	Can only use up to Main Profile Level 3.1
G1	480x320	600	Lack of documentation for anything Android
Droid X	1280x720	?	Lack of documentation for anything Android - can't play more than 24FPS

Android information is rather limited. Official Android information is near non-existent.

Thanks to:

http://www.proactiveinteractive.com/software/compressor/index.php

Using HTML 5's Video To Serve Baseline and Main Profile Content

chealion@chealion.ca (Micheal Jones) — Wed, 11 Aug 2010 16:49:12 +0000

At work I was trying out to see if I could use the new video tag in HTML 5 to show two different versions of the same video; one optimized for devices that accept only the Baseline profile (eg. iPhone 3G S and older, many other phones) and one optimized for larger devices (eg. iPad, iPhone 4 that support the Main profile). Turns out it works absolutely fabulous by using the codecs section in the type (Thanks to Dive into HTML 5 for the documentation).

<video OTHER_ATTRIBUTES_HERE>
    <source src="PATH_TO_MAIN_PROFILE.mp4" type='video/mp4; codecs="avc1.4D401F, mp4a.40.2"' />
    <source src="PATH_TO_BASELINE_PROFILE.mp4" type='video/mp4; codecs="avc1.42E01E, mp4a.40.2"' />
</video>

The video codec for H.264 is: avc1.YYYYXX where YYYY represents the profile, while XX is the level (multiplied by 10 and turned into HEX):

Profile     Value   
Baseline    42E0
Main        4D40
High        6400
Extended    58A0

Level       Hex Value   
3.0         1E
3.1         1F
4.1         29
5.1         33

Now when I visit with an iPhone 3G it loads the baseline version, while my iPhone 4 and iPad both load the Main Profile version. For my current project I use video for whenever Flash isn’t available and it does leave a gap for Firefox and Opera users who don’t have Flash but according to our web stats they don’t actually exist.

It’s also important to note that Android users are also left in a lurch because any version lower than 2.0 doesn’t support <video>, and those that do can’t handle a <source> element having a type value like above. To top it all off it isn’t able to play or show controls on a video on it’s own. You have to add some JavaScript to your page in order to play to pass the click event and tell it to play.

Mail.app, Outlook, Attachments and Disappearing Text

chealion@chealion.ca (Micheal Jones) — Mon, 21 Jun 2010 17:57:59 +0000

There’s a particularly nasty implementation detail that doesn’t seem to come up often but is just waiting to bite just about every Mac user in the ass. Mail.app allows users to attach files inline allowing them to be part of the flow of the text or in the case of one of my users be right alongside the paragraph talking about the changes in that paragraph. Or like me, right below the email you’re sending and above the replied emails because of Mail.app’s defaulting to top posting. The issue isn’t being able to put attachments inline, but the fact that by default Mail.app will encode the attachment in the same spot in the email file causing other email clients to see the rest of the email as a set of attachments.

The fix: Make sure “Always Insert Attachments at End of Message” is checked off (preference key is AttachAtEnd - boolean for you MCX minded folk) and you can now attach inline as you would normally want to without having Outlook eat your message.

Thunderbird will display the text correctly, but you’ll lose it and it will only appear as an attachment once that email is forwarded or replied to: (Part 1.1.3 is the text “There’s an attachment”). You’ll also notice the horizontal rule separating between the different HTML portions of the email.

What program completely falls flat on it’s face is Outlook; it just puts all attachments off to the side and you have no idea what’s in the those ATT documents and your client sure as hell isn’t going to read them. So you’ve sent the email, the email was successfully sent, the text will be visible on their webmail systems, on their mobile device (Blackberry or iPhone), and even visible in other mail clients but because it’s technically an attachment Outlook won’t display it inline by default. (For the same reason they won’t show images by default in emails - the cookie tracking and that it’s a great attack vector)

Of note, this only occurs when sending from Mail.app. Outlook can attach items inline and have no issue as it attaches the images at the end of the email.

Correct view:

Comments, No Comments, and When It Doesn't Matter

chealion@chealion.ca (Micheal Jones) — Wed, 16 Jun 2010 23:32:53 +0000

Today I’ve been heckling D’arcy Norman on Twitter about his plan to try out turning off comments on his blog. The discussion of comments versus no comments is not new but has come to the forefront again because of Gruber’s defence of not allowing comments.¹ D’Arcy has done a good job showcasing several opinions on the matter - so good read his post first.

Why would I want comments on my site? They provide a relatively frictionless (provided no registration is required) way for a reader to respond to something I have written to power Google’s index.² This includes developers responding to my criticisms of their applications, or some method of feedback. The feedback is part of the reason I even write comments anywhere else. It’s still very possible to get a large volume of feedback relevant and helpful to the article/essay/what-have-you without detracting from it. (eg. Coding Horror as an example - not always, not perfect but on a whole a decent example) Comments at one time also help differentiate the “new media” from the “old media”, it promoted the idea that the reader could be involved instead of just a a passive listener.

Why do I think I should remove comments from my site? Spam and focusing on the content. I don’t like being required to run Akismet, or remembering the issues of using Moveable Type 2.x and the necessity of MT-Blacklist. Erasing the spam issue is definitely enticing, especially with some many other avenues of feedback.

Additionally once comments grow beyond a certain quantitative threshold they simply become drive by soapboxes or discussion boxes with little to no control of their direction (unless heavily moderated) and relevance to the whole point of the page’s existence. If you really want people to discuss with each other about something you’ve put forward as a conversation piece? Consider setting up a proper forum³ for the thread control so it doesn’t feel like a discussion has been shoehorned into something that doesn’t quite fit correctly. Personally the whole point of my corner of the web is not to make conversation pieces but to showcase something I actually want to broadcast more widely to the world.

But wait. Why should I even care if they’re on or off? Be practical - for many comments are your first way to get feedback without the roadblocks (registration, emailing, etc.) that are necessary to keep the volume manageable for higher volume sites. Comments don’t scale with the purpose of a blog, website, whatever you want to call your little corner of the world wide web. If you’re small enough they don’t exist, if you’re big enough they overshadow or fail completely miserably at being either a way to leave a note for the author or as a discussion board. So in the big picture - the choice doesn’t matter. What matters is whether they are a positive or a negative impact to you, the moment it’s negative kill it - there’s no saving the signal when the noise gets too loud. If it’s positive, keep it.

Don’t sweat it and focus on writing (or doing your thing).

RIP daringfireballwithcomments.net - it was hilarious and a perfect example as to why Gruber should keep his site just the way it is. ↩︎
My traffic consists of 3 people who follow using RSS and about 30 people a day from random search terms. ↩︎
This doesn’t have to be proper forum software such as phpBB and such but they do offer the more advanced features one would want when dealing with diverging threads of discussion. ↩︎

Curious Notes about WebM on YouTube

chealion@chealion.ca (Micheal Jones) — Fri, 21 May 2010 12:22:37 +0000

When looking at one of the trailers (Tetro: Original Trailer) that has been transcoded into WebM. I wanted to compare YouTube’s x264 settings versus their WebM settings. I’ve also uploaded some 1080p footage for more recent footage (in case the H.264 settings had changed between Dec. 2009 and now - which AFAIK they haven’t) to compare. It’s also important to note that the HTML5 access to YouTube videos is only available on non-monetized content.

During my testing I noticed that in the HTML5 Beta on older versions of Chrome and Safari (aka H.264 using browsers) when you select 360p for your video size, YouTube does NOT give you a 360p file - it is actually smaller in terms of resolution (480x270) and has to be upscaled. This is most likely a reason why my initial thoughts on Twitter didn’t match with what I had on paper.

Disclaimer: Subjective paragraph to follow - I’m not an expert and I’m judging just by general visual quality to my eye.

A quick visual inspection shows the WebM version in 360p seem noticeably sharper in terms of details than the 480x270 H.264 which had to be upscaled. The 720p WebM version was close enough to it’s H.264 counterpart. However I did definitely notice with the 360p version, a “quality bump” every once in a while as described in the ratecontrol section of a blog post by one of the x264 developers when criticizing the VP8 specification.

Using MediaInfo Mac the following settings can be found:

Tetro Trailer (Originally encoded 12/26/09)

Resolution	Container - Codec	Total Rate (kbps)	Video Bit Rate	File Size (MiB)	Notes
640x360	WebM - VP8/Vorbis	812	?	14.2
480x270	MPEG4 - H.264/AAC	500	393 VBR	8.7	Baseline Profile - HTML 5's "360p"
640x360	FLV - H.264/AAC	677	568	11.8	Main Profile
1280x720	WebM - VP8/Vorbis	2887	?	50.4
1280x720	MPEG4 - H.264/AAC	2172	2045	37.8	High Profile

Part of the reason I chose Teatro is that it has some excellent DOF changes, the other reason is that I just liked the visual style of the trailer. It was also the first trailer I clicked on that worked in the HTML5 beta that didn't resort to using Flash because it has been monetized.

12 Second Test Clip Uploaded Today

Resolution	Container - Codec	Total Rate (kbps)	Video Bit Rate	File Size (MiB)	Notes
640x360	WebM - VP8/Vorbis	709	?	709 KiB
480x270	MPEG4 - H.264/AAC	508	415 VBR	751 KiB	Baseline Profile - HTML 5's "360p"
640x360	FLV - H.264/AAC	542	466	835 KiB	Main Profile
1280x720	WebM - VP8/Vorbis	1736	?	2.61
1280x720	MPEG4 - H.264/AAC	2120	2005	3.06	High Profile

What's the conclusion for what YouTube is offering? Visually, WebM can be made to look quite decent - especially for what I believe is it's target market; the web and mobile devices. However on higher resolution and higher bit rates, H.264 definitely appears better. I don't think most people will notice - they're close enough with the current settings. However I do believe that the WebM settings are more fine tuned than the x264 settings to get a little bit more video quality. Encoding my sample 12 second video with a relatively recent version of x264 locally with some rather generic settings is more visually appealing than YouTube's.

Even though H.264 is definitely better on paper, I think VP8 will do just fine as a replacement for Theora and a competitor to H.264 for use on the web. For the near future (next 3 months IMO) you won’t see a lot of WebM footage available as the playback availability is extremely limited.

i5/i7 MacBook Pros do NOT support Jumbo Frames

chealion@chealion.ca (Micheal Jones) — Sun, 02 May 2010 01:51:18 +0000

While doing some research I discovered (first with the 27" iMacs) and now with the new MacBook Pro line that runs the i5 or the i7 processors; Apple has slotted in an ethernet controller that does NOT support Jumbo Frames.

See page four of the PDF of the Broadcom 5764 Chipset

Google Chrome on the Mac - When beta doesn't mean beta

chealion@chealion.ca (Micheal Jones) — Tue, 08 Dec 2009 12:13:51 +0000

I’ve been using Chromium (the developer version of Chrome) since May side by side the WebKit nightlies. They’re very fast and I like Chrome quite a bit however I won’t be moving to Chrome/Chromium as my main browser. Yet. After all it’s still a beta and under very active development.

And like any craptastic method of making sure one has an easy time of making an article/blog post/etc. a set of pros and cons as to what I like and dislike about Chrome/Chromium)

Pros:

Super fast, uses a newer version of WebKit than Safari. (If you like Safari but want the new versions of WebKit - use nightly.webkit.org - will never use Vanilla Safari again)
Automatically updates itself silently (Chrome only, Chromium must be manually updated
Updates often so new features and bug fixes in WebKit show up quite quickly.
Bookmark Sync (this came online last week). Awesome.
If one tab crashes the entire program doesn’t crash. Huge. Not as huge since Safari started sandboxing Flash but huge none the less.

Cons:

Silently installs an auto updater that is hard to remove and impossible to control in a managed environment.
Extension support not easily accessible
Bookmark Management is near non-existent. It’s a completely broken feature at this time.
No Click To Flash yet. Flash Blocker is a poor substitute.
Tabs just become a set of mountains when too many are open.
Top Sites look alike feature isn’t as customizable. Oddly I use Chrome’s Top Site feature but not Safari’s.

I like it a lot but I believe calling it a beta is disingenuous. A beta usually refers to something feature complete and in bug testing. My usage however says that it’s very solid but that new features are being added all the time. The reality is that Google Chrome is being treated like a web application - iterated fast and often and there is no real distinction between alpha, beta or a final “1.0” version number. Just a stable and unstable branch and the version number to correspond to where development is at.

It’s a bit more chaotic but represents a change in how developers can approach development, after all there are no instances of a user using a version 3 or 4 versions old when you make sure everyone is using the latest version all the time.

Xdebug, Leopard, and 64-bit shenanigans.

chealion@chealion.ca (Micheal Jones) — Sat, 07 Nov 2009 17:10:56 +0000

In order to profile some in house web application development and find out a couple bottlenecks that were appearing I went looking for a decent PHP profiler and found Xdebug. Because I am using the built in version of PHP on the Leopard Server, and a MacPorts version on Snow Leopard (we also have an application that fails miserably on PHP 5.3) it lead to some fun installing Xdebug on the Leopard machine since I didn’t want to reconfigure apache2 to use PHP 5.3 from MacPorts.

The crux of it is to grab the source of Xdebug, and then when configuring prefix your standard ./configure --enable-xdebug with the statement CFLAGS='-arch ppc64' or CFLAGS='-arch x86_64' as necessary. Compile xdebug as a 64-bit extension and it will actually work with a 64-bit version of Apache. With MacPorts it was as simple as enabling the xdebug variant and letting it recompile PHP.

I highly recommend using webgrind. It gave me more useful results than MacCallGrind, and didn’t require an hour hoping MacPorts could compile all the dependencies for kcachegrind (which would require graphviz as an additional install). Now I have some numbers to tell me where to look for proof old me is a moron.

Magic Mouse: Impressions

chealion@chealion.ca (Micheal Jones) — Tue, 03 Nov 2009 13:24:44 +0000

As many of you are aware, Apple released a new horribly named mouse, the Magic Mouse. On Saturday I had the opportunity (since I was in the mall anyway) to drop by the Market Mall Apple Store and give the mouse a whirl - it was comfortable, did not have the gum-up-every-5-seconds trackball, and was exceptionally responsive. On a whim I ended up purchasing one later that day.

The Good

The mouse is accurate, responsive and the multitouch feels intuitive and that with software updates it could become even more. Additionally the weight has just enough heft to feel solid but much lighter than most other wireless mice Definitely the best Bluetooth mouse I’ve ever used.

Scrolling without a wheel (and momentum on Snow Leopard) brings the best of scrolling on an iPhone/iPod touch to the desktop and for the reason alone is worth it. Instead of a tiny wheel that just spins the entire surface of the mouse is now you touchpad for scrolling, perfect for reading long PDFs and being able to lean back and just use one finger without having to clutch a mouse.

Of note the two finger swipe to go back in Safari hasn’t been an issue and actually useful on occassion.

The Bad

The mouse is smallish and does not offer the ability for a “middle click” (3rd button). If you are used to the Mighty Mouse the muscle memory of squeezing may take a little while to get used to not being able to do. The loss of being able to trigger Exposé in any form is definitely a large loss and the primary reason I normally prefer 5 or 6 buttons on my mice. Being forced to use a less than optimum layout for Exposé on the Aluminum keyboard makes using Exposé more and more of an afterthought without resorting to Dock Exposé in Snow Leopard. Apple’s hardware definitely is not very Exposé friendly at times.

The Ugly

The new mouse is quite cramped and not all that comfortable compared to full size mice like Logitech’s MX Revolution, 1000 or the Performance. This is a huge misnomer because the Magic mouse is surprisingly comfortable even for long periods of time - it’s that the MX line fits my hand more completely and feels nicer to hold at odd angles. That said, I always have a hand on the keyboard and avoid mousing unncessarily as keyboard shortcuts are nearly always faster then hunting for them in the menus.

Conclusion

Suffice to say, it’s an excellent Bluetooth mouse, it’s minimalistic and has all the features I want. For users who don’t require a middle button, those who want a solid mouse it’s perfect. I’ll definitely be keeping it - at least until the wife steals it and I upgrade to an MX Performance.

I highly recommmend the mouse so long as you’re not looking for a large or gaming mouse.

Initial Snow Leopard Client Impressions

chealion@chealion.ca (Micheal Jones) — Fri, 28 Aug 2009 17:15:01 +0000

My initial impressions are that Snow Leopard is very much worth the upgrade if you can afford the time to do an operating system upgrade (in this case for me it was ~1.5 hours: 45 minute install, 45 minutes testing apps and seeing they still worked without any modification)

Pros:

Speed
Awesome!
New Services Feature
My favourite feature
OpenCL
If you haven’t seen MacResearch’s Introduction to OpenCL check out 33:30 to 34:50 or so. (Rough timecodes
iCal Event Editing Gets a Window Again
Spotlight Default Search Location Fix and Sortable Results I can finally search within a folder without holding a needle to my eye first!
Enhanced Icon View Neat if I used icon view.
Faster wakeup to password screen Hawt.
Faster Time Machine Backup Hawt.
Airport Menu Changes Neat animation, but more info when holding the option key as well.
Gamma 2.2 Default No longer do I have to set this up each time.
New Fonts Menlo is cool, but Chalkduster; Heiti SC and TC; and Hiragino Sans GB are all fonts I’ll never use.
Safari Plug-ins are sandboxed Awesome - Flash won’t hurt as much even after ClickToFlash
QuickTime Player New UI is great for viewing.
Preview Faster and better scaling.
Mail Much faster. :-)
Set a time before the screen saver asks for a password. THANK YOU.
Smaller footprint I liked the good thwack of disk space I got back (~6GB)
Grand Dispatch Can’t wait to see the results on the Mac Pros at work.
Screen Recording Neat, but I’ll stick with ScreenFlow.
Revised Keyboard Shortcut / Services Preference Pane Much nicer to work with.
Wake on Demand No more having to worry about whether the computer is asleep or not? Over wireless? Sweet (Airport Extreme only though)

Cons:

Base 10 Counting
WTF. DO NOT LIKE. “Mac OS X can not count” Would prefer a preference to turn this off and/or proper suffixes (eg. MiB instead of MB)
QuickTime Player Absolutely neutered into being useless beyond viewing and “Sharing” your movie to MobileMe.

In summary, there is no one real feature in Snow Leopard worth upgrading for - no major consumer focused feature. It’s the sum of all the parts that make it worth much more than the $29 they are charging. Once installed you never want to go back.

iCal Server Multiple / Sub Calendars and Sunbird

chealion@chealion.ca (Micheal Jones) — Wed, 05 Aug 2009 12:51:28 +0000

At my workplace we use iCal Server running on Mac OS X 10.5 Server to share several calendars all under our one staff group. With iCal, so long as the group is delegated to be shown on the user’s accounts you can see all the calendars but with Sunbird you only get to see the first calendar.

Before going further it’s worth noting how to delegate a group calendar so a user can view it without manually adding the group calendar as it’s own calendar (if using Delegates instead of multiple calendar “accounts” (same credentials, different calendars) is your aim). To do so you have to add the group calendar as a normal account in order to set it up, and then set up delegation as you would for a normal account. The important URL to know for using a group calendar is http://FQDN.OF.SERVER:8008/principals/groups/groupname (as always replace http with https and 8008 with 8443 if you are using SSL).

Sunbird uses slightly different URLs than what you use in iCal to start with, where in iCal an example URL might be http://FQDN.OF.SERVER:8008/principals/users/USERNAME or http://FQDN.OF.SERVER:8008/principals/groups/GROUPNAME. The corresponding URL to use in Sunbird is http://FQDN.OF.SERVER:8008/calendars/users/USERNAME/calendar or http://FQDN.OF.SERVER:8008/calendars/groups/GROUPNAME/calendar

That’s great for adding a single calendar but what if a user or a group has multiple calendars under their one account? iCal will automatically show them as a group whereas Sunbird requires you to add each and everyone that you wish to have show up.

You can specify a “sub-calendar” to subscribe to in Mozilla Sunbird by specifying the unique ID of that calendar instead in the form of the url http://FQDN.OF.SERVER:8008/calendars/__uids__/UID_OF_GROUP_OR_USER/UID_OF_SUB_CALENDAR (Newer versions of Lightning will take http://FQDN.OF.SERVER:8008/users/USERNAME/UID_OF_SUB_CALENDAR). Note the lack of calendar at the end of the URL. To determine the UIDs in question it’s easiest using iCal, if you click on a calendar and press Command-I (File -> Get Info) you can see part of the CalDAV URL at the bottom of the sheet that appears.

You will see calendars/__uids__/UNIQUE_ID/ONLY_PART_OF_THE_UNIQUE_ID because the label the text is placed into is not big enough to fit the URL. Because you can’t get the full URL from there it’s easiest to go to the iCal Server itself and navigate to /Library/CalendarServer/Documents/calendars/__uids__/ (you’ll need administrator privileges to view this). From there find the folder named the same as the UNIQUE_ID portion of the URL and open it to find a folder with the UNIQUE_ID of the “sub-calendar”. You can now put the URL together and use that in Sunbird to view that additional calendar.

Example URL of a sub-calendar in the group:
https://FQDN.OF.SERVER:8443/calendars/__uids__/FA26C8C6-5B78-4AB0-AE73-0E9576574EBB/F74174B7-380C-4630-9192-9025F4C691A2

EDIT:

Sub-calendars also work at https://FQDN.OF.SERVER:8443/calendars/users/USERNAME/UID_OF_SUBCALENDAR

Sources Used:

Chromium Mac Build Bot Updater Script

chealion@chealion.ca (Micheal Jones) — Wed, 13 May 2009 16:07:34 +0000

When I read on MacRumors that the Chromium builds for the Mac were available and were actually launching the “stupid” geek in me jumped at the opportunity to try the unfinished, unpolished software. By “stupid” I refer to the side of near any geek who sees the OOO SHINY and is fully prepared to deal with the instability and issues that will crop up with using pre-alpha/alpha software. Naturally when I saw how fast and furious the updates were happening alongside the fact there was no automatic update mechanism apparent in Chromium (I don’t have the Google Updater installed and don’t want to) I sought to find out how to automate the updates to make the pain of manual downloads, copies and such go away.

Using my previous WebKit script, 5 minutes looking at the Chromium application layout and how the builds are stored on the server I changed the script. I fully expect it to break horribly in the future as Google changes folder layouts and/or adds Chromium support to their own “silent” updating mechanism.

#! /bin/bash

# Based off my WebKit nightly script (now defunct as WebKit uses Sparkle)
# Copyright 2009 Micheal Jones
# Software License: Do whatever you want.

#Find current revision
currentRevision=`/usr/libexec/PlistBuddy -c 'Print :SVNRevision' /Applications/Chromium.app/Contents/Info.plist`

#Get latest revision
latestRevision=`curl -s http://build.chromium.org/f/buildbot/snapshots/chromium-rel-mac/LATEST`

#Abort if there is no update
if [ $latestRevision -le $currentRevision ]
then
	echo "There is no update for Chromium available"
	exit
fi

#Append download address
address='http://build.chromium.org/f/buildbot/snapshots/chromium-rel-mac/'${latestRevision}'/chrome-mac.zip'

echo "Downloading... $address"
curl -s $address -o /tmp/chrome.zip

#Abort if the build is not available
if [ "`head -n 3 /tmp/chrome.zip | tail -n 1`" = "404 Not Found" ];
then
	echo "Latest Version is not available yet (try again in a couple minutes)"
	rm -rf /tmp/chrome-mac.zip
	exit
fi

#Unzip
unzip /tmp/chrome.zip 1>/dev/null

echo "Copying..."
#Copy to Applications
cp -RfL /tmp/chrome-mac/Chromium.app /Applications/ 2>/dev/null

echo "Cleaning up..."
#Clean up
rm -rf /tmp/chrome*

revision=`/usr/libexec/PlistBuddy -c 'Print :SVNRevision' /Applications/Chromium.app/Contents/Info.plist`

echo "Finished. (r$revision)"

Realistically you should be looking for the latest source at the link below:

As always this script can be found in my git repository on GitHub.

Quick Looking a .csv File

chealion@chealion.ca (Micheal Jones) — Mon, 11 May 2009 15:37:04 +0000

On ServerFault someone was asked a question why .csv files were unable to be viewed in Quick Look. For some reason .csv files are not defined as plain text by the operating system which leads to odd conflicts between applications that can deal with .csv files that causes QuickLook to report that it can’t find a generator for the file and just show the icon.

The one way to force it to work is to roll your own, with a bit of help after reading the QuickLook Programming Reference it was rather simple to roll together a proof of concept QuickLook generator for .csv files.

It’s not pretty, it may break at any time (if only because it’s using a dynamic UTI since one is not defined anywhere, however .csv files have been using the UTI “dyn.age80g650” for quite a while - as far back as prior to 10.0) but it works and forces the .csv to display properly.

The code and a download of CSVQL is available on GitHub:

Source: http://github.com/Chealion/chealion/tree/master

Download: http://cloud.github.com/downloads/Chealion/chealion/CSVQL.zip

Check out Pascal’s comment for a much nicer looking version - actually puts the data into tables.

DROC.CA : Douchy Business Practices

chealion@chealion.ca (Micheal Jones) — Mon, 27 Apr 2009 18:57:02 +0000

I’m unsure as to exactly why this annoyed me so much but on receiving junk mail to my home address from a company called “Domain Registry of Canada” (spammer’s website) I felt compelled to write an email (if only to get myself off their mailing list).

Hi,

I’d like to inquire why environmental resources, postage, and my time was wasted by sending a letter to my home address “as a courtesy” to “renew” or should I say SWITCH for 4 times ($40.00 CDN) the price I currently pay to register my domains.

Please remove me from your database and in my obtuse opinion grow a pair of non shifty business practices. (“Domain Registry of Canada”? It may be legal but it’s certainly douchy).

Pissed off over junk mail and shady business practices,

Micheal

I’m fully aware it will do nothing, they won’t (and most likely should not) care about my opinion of their practices but making it known that Domain Registry of Canada is soliciting me to switch (under the guise of renewing) is douchy. The domain is even transfer locked (meaning I can’t switch registrar’s with their fancy paper form). It does stand to point that the moment you start reading further it’s quite obvious it’s a solicitation - it’s not hidden but the fact that I am being solicited for this annoys me even if it “standard practice” by those who have business practices I despise.

Aborting On the Second Disk on a Restore

chealion@chealion.ca (Micheal Jones) — Tue, 17 Feb 2009 15:22:08 +0000

Scenario: Client attempts to restore their iMac using their Software Restore disks (10.4.10) but the second disk containing iLife for some reason refuses to be recognized. iLife is already installed and the OS has been installed but the Installer will come up everytime you attempt to start up the computer.

The workaround: Start up the computer in single user mode. Then use the following commands (not the ones with ## preceding them however)

## Mount the filesystem so you can read and write to it
mount -uw /
## The files we want live in /var/db
cd /var/db/
## Files that tell us it's a multi disk install
rm .AppleMultiInstall*
## File that tells us to pop up the registration dialog
rm .AppleCustomMac
## Something else to do with setup (Locale Setup?)
rm .locsetup.plist

I removed all 3 files because they looked like the most likely culprits but gut tells me the .AppleMultiInstall* files are the only ones that have to be removed but I wasn’t able to test it.

You’re now able to boot the computer just fine - it’s imperative however to be sure that you know what has been installed as you’re interrupting the installation. Because in this case I knew that only iLife was on the second disk (in terms of what had been selected to be installed) I didn’t go ahead with reinstalling the OS to be on the safe side.

This has been tested on Mac OS X Tiger 10.4, it should be identical for Mac OS X Leopard 10.5 as well but I’m not 110% positive.

Invisible Shield

chealion@chealion.ca (Micheal Jones) — Fri, 06 Feb 2009 17:44:17 +0000

When I got my iPhone I went looking for a case that ideally would not make the iPhone much more thicker than necessary, protected the screen from fingerprints and scratches and generally didn’t suck. It took a while but after reading reviews I settled on using the Invisible Shield by Zagg.

Good

The Invisible Shield protects my iPhone quite well against scratches against keys and well near anything that doesn’t actually slice the material itself. While often the scratch will be visible, running your thumb over the scratch or just giving the material time will have the scratch disappear like it never existed. It’s remarkably resilient to scuffs as well as often wiping away the offending scuff will cause it to disappear, or if dirty a little bit of water will work as well.

It’s also exceptionally thin and clear leaving the screen of the iPhone easy to see underneath it’s protective layer. Additionally dirt, dust, and other cosmetic annoyances can be easily washes or wiped off the screen just like the glass screen on the iPhone.

I prefer the slightly more tactile feel of the material (and if applied to the back as well if applied) as it gives a better sense of tactile feedback on the touch screen. It feels like you’re moving your finger across the screen a certain amount - much akin to using a scroll wheel on a mouse with grooves versus one that was completely smooth. The additional traction also makes the iPhone easier to hold - especially with your finger tips.

Bad

The suckers are hard to apply - compared to just slipping your iPhone into a case the initial time investment is pretty steep. However if you spend the 5 minutes reading the instructions and/or watching the video instructions on their website and then take your time applying it on the iPhone you’ll avoid the major issues of dust, air bubbles and streaks.

Between all the Invisible Shield’s I’ve installed I’ve seen all 3 major issues and all were my fault and thankfully if you’re paying attention can be avoided by taking the screen off and restarting the procedure over before it has time to start to set (according to the instructions). Having air bubbles or dust under the screen is really distracting but I find the streaks the most annoying if only because they aren’t obvious until you’re looking intently at the screen by watching a movie, reading text or something similar. I’ve found they happen when you pull the shield too taunt and are different then the streaks you get after installation.

After installation you will notice there are streaks on the screen that take a couple days to go away. These are normal and I’ve found will go in the direction that you used the squeegee to push out the excess liquid. So for the first couple days they can be a bit annoying as the streaks will distort the colour of some pixels making it seem as if there are razor thin lines of green or red at certain points. Thankfully after a while for the iPhone and the shield to get used to each other it disappears. I’ve also noticed that until this happens as well the quality of the iPhone screen will appear slightly fuzzy - not bad but as if the anti-alias filter was set a notch or two off optimum.

I’ve found that over time the screen likes to grab and hold onto oil and dust requiring wiping. The slight fuzzy appearance of elements on the iPhone comes back as well because of the oil but after cleaning it’s back to where it should be.

The biggest downside I’ve found is that they are not realistically reusable. For example each time I’ve had my iPhone replaced I’ve had to take the old one off and it would stick to itself creating a nice ball of Invisible Shield destined for the garbage requiring me to shell out another $25-$30 CAD for a new one. Be prepared to buy a new one if you have to replace your device.

Conclusion

So of all the faults with the Invisible Shield (which I find are more caveats than faults) I heartily recommend it because it’s unobtrusive and works exceptionally well. After having purchased 4 of them and applying them on 4 different iPhones I’ve still come back to the Invisible Shield every time.

iPhone Restoration : Restoring Home Screen Layout (Pre 3.0)

chealion@chealion.ca (Micheal Jones) — Fri, 06 Feb 2009 16:57:01 +0000

After having gone through 3 iPhones and countless restores of different iPhones and iPod touches I had to get to the bottom of how to restore my layout of my apps on my home screens.

The Cause

When you restore your iPhone / iPod touch to it’s factory defaults the device is not connected to an iTunes account. When you restore it from your backup (to put your apps and info back on) it will load anything that does not require authorization through the iTunes store (with the exception of free apps - though purchased from the iTunes Store they seem to get loaded anyway). So when you finish a Restore From Backup the first time around it will not load any paid apps or music until it’s authorized. It does it’s authorizations seemingly right after you’ve restored it as it accesses the iTunes Store as if it was just plugged in. Why that has no effect on purchased music I’ve no idea.

In the end you’re left with a phone / iPod that has only part of the data it had on it before and requires you to press Sync again to put your paid applications and purchased music on to it. The biggest issue here is that if you have any data stored in that application, like say Things, or high scores from a game, or just find reorganizing your home layout frustrating you’re out of luck. The paid apps are installed anew, and placed one at a time into the earliest empty spot on your home screens. Frustrating. Thankfully there is a workaround.

The Workaround

Perform a backup before you restore.
After restoring your Phone to the whichever OS version
Restore from your backup (you can cancel syncing music when this part finishes - it will start up again after the next step)
Restore once more - you may see two backups to choose from as it would have created a backup after the restoring. Choose the one that would have a timestamp just before you do the restore.

Annoying because a restore from backup may take as long as 5 or 6 minutes but at least you aren’t stuck reorganizing your applications the way you wanted them again.

EDIT: From what I can gather 3.0 has fixed this issue.

Agricola - Initial Impressions

chealion@chealion.ca (Micheal Jones) — Thu, 22 Jan 2009 11:38:39 +0000

After becoming slowly disenchanted with Settlers of Catan which left me feeling like I could tell who would win often within 1 or 2 moves - if the dice would actually play like it statistically should I felt that I really wanted to get another more serious board game that wasn’t as well known and would best of all be fun. After much searching and asking around I purchased the board game Agricola (BoardGameGeek) after a promising recommendation and the fact that it has taken over as the #1 rated game on BoardGameGeek.

Three members of my family and I set up the Family Game (a simpler variant recommended for starting out) and I’m certainly happy that we did. The game from unboxing (pieces already separated earlier) to finish took a good 4 hours. The 4 hour number is artificially inflated due to reading the rules and figuring out the rules on top of interruptions. Once we had started the game itself only took a bit over the 90 minutes it says to expect. I highly suspect after several more plays it will become considerably faster than that.

The Good

The game plays like a well oiled machine - thought out, exceptionally balanced, and insanely competitive without forcing one into an all out war against someone. Without any dice rolling (the bane of my existence in Risk) the element of chance takes a back seat to good old fashioned strategy and ingenuity.

The game is serious but quite fun - I can’t comment on the “let’s play it again” factor as nearly any brand new game I wish to play it again now that I have learnt the rules and mechanics. [EDIT: After playing several more games since writing the first draft of this - the let’s play it again right away factor is not as high as one would expect. Games can get a bit long but that idea that you can play again the following day is high - or if someone asks to play I’ve yet to have anyone say no. But 2 or 3 games in a row? Not as much]

I look forward to introducing the minor improvements alongside the Occupations of the full game that will result in a much more diversifed game.

The Bad

Your best attack is to go first and take the action that your opponents want the most, and when there are multiple routes to victory and easy to change your strategy it becomes a game where you have to think for yourself and see how you can use the different advantages you have to improve your standing instead of sabotaging others. It’s also quite apparent how important it is to not always go last in the turn order - it makes life much more difficult for sure.

Another “bad” point is the rules. While praised for being concise and very informative and easy to consult they are best compared to a comprehensive reference book instead of a how to or introduction. I explain more later about the insane learning curve.

The colour / aesthetics feel bland - with the muted colours of the majority of the pieces the initial feeling is the only exceptions is the green of the farmyards. After more research there are available upgrades for the vegetables and animals to appear like animals instead of just wooden disks or cubes. The disks and cubes only accentuated the initial overwhelming complexity as pieces are not self obvious.

The Ugly

The initial learning curve if all you have is just the rules is massive. Absolutely positively aggravatingly massive. The game creators have included additional illustrations to make it easier to understand on the back of some of the game boards but if you are unaware that is their point or how they fit together (which isn’t revealed until a page or two into the rules) that simply add to the mass confusion of pieces. The good news is that if you’re patient and just read it all through and be patient while going through those first 7 pages, that items that are brought up that haven’t been discussed will be covered shortly it’s easy to get by.

The silver lining of this is that if you have someone who has played the game before or are able to watch a game in play before playing yourself the learning curve is quite trivial in comparison as the game, once aware of the purpose of the pieces is straight forward and well designed.

The Reality

If you can - find someway to play this game. It’s not the most inexpensive game (retails for ~$75-80 CAD) but the quality of the pieces is excellent and the design top notch. While it won’t be the most favourite game of everyone I can heartily recommend it as no matter what is happening in the game it’s possible to use the advantages you have in hand to do your best if not win.

Disabling Mail.app's To Do Mailboxes and Quasi-Debugging Mailbox Creation

chealion@chealion.ca (Micheal Jones) — Mon, 15 Dec 2008 15:02:11 +0000

Leopard’s Mail.app introduced some nice speed improvements over Tiger’s version but introduced one of the most annoying features (IMNSHO) in Leopard. System Wide “To Dos” in a garish Marker Felt font intent on polluting my IMAP mailboxes with Apple Mail To Do or ToDos.mbox seemingly placed randomly (they aren’t but when your Prefixes differ from account to account it seems random at first). Additionally when I moved servers at my host my accounts on my computer started misbehaving creating nested mailboxes continuously. In the end it’s mostly user error but I’m hoping these tips on how to disable the To Do mailbox (see the edit for the easy way) and force Mail to look properly for the right mailbox will help someone jump to the fix that will stick.

Mailbox Setup Reference

To start with for reference I have several computers and an iPhone that share 4 IMAP accounts (GMail, my webhost and one from work). The main reason I use IMAP is that it keeps them in sync - the backup on the server is just gravy. By default Mail.app uses a mailbox called “Sent Messages” and “Deleted Messages” for it’s Sent and Trash mailboxes. If they do not exist it will attempt to create them - which isn’t entirely interoperable with some webmail clients out of the box (eg. Squirrelmail and RoundCube don’t use those mailboxes by default) or other email clients such as Thunderbird (which doesn’t allow you to change your Trash mailbox in Account Settings so you can’t tell it to use Deleted Messages as well).

Changing Your Sent and Trash Mailboxes Normally

In Mail.app you can click on a mailbox (eg. Trash Man O’ Doom) you’ve created and then under the Mailbox menu scroll down to “Use This Mailbox For” and set the mailbox for what you would like to use it for Drafts, Sent, Trash or as the Junk Mailbox. Nice, easy and it nearly always works. (I’ve had it not work once and that wasn’t Mail’s fault)

To Do Mailboxes Are From Hell

You may have noticed above that there was no option for a “To Do” mailbox or even an option anywhere to disable System wide To Dos which means that once iCal is opened or any To Do is intentionally or accidentally created Mail.app will dutifully create Apple Mail To Do mailboxes for each account you have following the IMAP Prefix if necessary. On my iPhone where To Dos are not even recognized it means I’m always seeing a completely useless Apple Mail To Do mailbox somewhere in the hierarchy of my mailboxes.

Following the publishing of a hint on MacOSXHints.com that described the key used in Mail.app’s Preference file (com.apple.mail.plist) I decided to go digging to see what else was stored there. I discovered that by setting the value to nothing (as in just leave it blank) that To Dos were effectively disabled on that account - I could then delete the Apple Mail To Do mailbox on the account. By doing the same change on the other computers (4 accounts * 4 computers = tedious) I was then Apple Mail To Do mailbox free!

**EDIT: According to a newly published hint there’s another way to avoid ToDo mailboxes being recreated by changing the NewNoteToDoAccount key to the ID of your local account. After deleting all my To Do mailboxes this was auto set so I didn’t notice that it had changed.

**EDIT 2: As far as I can tell this is akin to setting Create Notes & To Do’s in: to On My Mac in the Composing section of the Mail Preferences - which is FAR easier than messing with the plist file.

Multiplying Inboxes

When I changed servers at my webhost, Mail.app got confused about the IMAP Prefixes (I believe the new server was telling Mail.app INBOX and the old server was saying /, but I’m unsure) and decided to whenever I deleted a message to move the message to a new mailbox it would create at INBOX/Deleted Messages. Thinking it was an anomaly I would move the message where it should have gone and delete the newly create mailbox. The next time a message would be deleted (wasn’t necessarily on that computer) it would recreate that mailbox but oddly at INBOX/INBOX/Deleted Messages and the cycle would keep repeating. This was the one time that selecting the Trash Mailbox (Deleted Messages at / and not in INBOX) and telling it to use it failed.

Using the knowledge that the mailbox information is stored in com.apple.mail.plist I edited the offending section setting it properly and haven’t had a problem with it since - it was a good way of having somewhere to write in “I want my Trash to go here”. So it’s useful for making changes and checking to see what path that Mail.app is looking for when it shouldn’t be looking at that location (especially via SSH when VNC is unavailable).

So my frustration ends with that to edit a binary plist the only Apple provided tool is the new Property List Editor 3.0 which is not an optimum solution for editing - it doesn’t provide searching and I find that the extra work using plutil to convert to xml instead of binary and back so I can use TextMate not worth it in the end. Much of what you need to do is in Mail.app itself but when Mail.app is acting up, it’s good to know where you can go to set it back straight and stop the cluttering of your mailbox hierarchies.

Alert: Flash Player 10.0.12.36 Installer Opens Up Root Home Folder

chealion@chealion.ca (Micheal Jones) — Wed, 10 Dec 2008 15:21:30 +0000

I updated the current installation of Adobe Flash Player at work today over ARD and had several people ask me odd questions about why there was a Finder window with the word root for a title when they came in to login this morning. Needless to say that raised warning bells all over the place for myself.

On checking the computers I noticed it occurred on every computer running Tiger and that every computer running Leopard did show the menu bar and said Finder was running but unlike Tiger it did not allow you to perform any actions beyond opening a menu. In Tiger you were essentially logged in as root into the Finder (and SystemUIServer) which gave you complete access to anything. The kicker is that the root user was not enabled on any of the computers.

Now in the big picture it’s mostly a non-issue because the following requirements have to be taken to see this edge case:

The workstation must be running 10.4.0-10.4.11 (Flash Player 10 doesn’t run on Mac OS X older than 10.4)
You must be using Apple Remote Desktop to install the package
You must ensure that you choose not to restart the computers in question. By default the package wants to restart the computer if no one is logged in (I assume it is to avoid this very situation). If someone is logged in however it doesn’t request a restart. The kicker is that if you select a group of machines and send it to install and one of them has a logged in user by default it does not ask you to restart.

If you check on the workstation you will see a Finder window open to root’s home folder - even if you don’t have the root user enabled (which I am of the opinion you shouldn’t especially with sudo available). Anything then opened via the Finder then runs as root as well (including Terminal).

So it’s easy to work around - either restart them all, or do it when you have users logged in (not ideal). If you do choose the username for the action to be done in ARD; the Finder window will open up as that user (quite possibly a local administrator account) so filing in a username there is not a workaround but much less dangerous than root access. Once the computer is restarted or someone logs in the issue goes away.

Rose and Crown: Banff

chealion@chealion.ca (Micheal Jones) — Wed, 10 Dec 2008 14:12:15 +0000

I really like the Rose and Crown pub in Calgary. I had a Christmas party this weekend at the Rose and Crown in Banff which I had read only shares the name - not owners and was not as good. What I didn’t realize was just how bad of euphemism “not as good” was. All in all the most positive thing I can say about my experience there was “at least it didn’t suck” or “it was edible food and I didn’t get food poisoning”. I put up with much of it as I was under the assumption that I was not going to be paying and such didn’t pay attention much to price as much of what I was ordering was something similar to what I and my fiancee would order in Calgary. So my expected price with everything all told would be ~$45 tops. It should be noted that I’m quite easy going on food quality as most things taste quite good to me.

Drinks

I ordered a Crown Float ($8), a Sleeman Honey Brown ($7), a double Jack and Coke ($11.51), and a glass of Robinson Wine Shiraz that was given to me. Of the four, my water ($0.00) which wasn’t even listed was the best tasting drink and I think had the most alcohol. The double Jack and Coke which cost $11.50 tasted like it had double coke to half a shot of Jack. The Crown Float tasted like warm Guiness and slightly cool Strongbow Dry Cider - making neither taste any good. The Sleeman Honey Brown tasted decidedly flat and was hard to stomach at best. Whereas the Robison Wine Shiraz (RSA) tasted like a wannabe fruit bomb - not terrible but decidedly not good. So the

Food

My fianceé ordered Mussels ($10) as an appetizer and the Rueben ($11) with French Onion Soup ($3 extra) as her main course. I ordered the Maple Salmon ($15). The prices weren’t absurd and relatively close to what I would have expected in Calgary - the quality however was decidedly “it doesn’t suck - it tastes like barely decent British Pub Food”.

The Mussels were thankfully plentiful (with a lot of empty shells) and were decent - not good, not bad. Just satisfactory. I’ve had better many times and worse a couple times as well. The Reuben was not Montreal Smoked Meat - it was just a swack of Pastrami with some partially melted Mozzarella on some bread with a decidedly soft pickle. Really disappointing but it was food and it didn’t suck (but that means it was far from good). The French Onion Soup ($3 extra) was bland, boring and utterly and totally forgetful - so much so I don’t remember my two spoonfuls whatsoever.

My Maple Salmon is best described as decent. With Basmati Rice and vegetables the best portion was the steamed pea pods accompanied by well steamed carrots. The rice was unseasoned, plain and completely forgettable. The Maple Salmon was seared (pro), but lacked much in terms of texture and taste beyond a very subtle maple taste as if the scorch marks on the salmon contained the maple sauce retrieved from the grill. Forgetful at best, unsatisfactory at worst.

Price

The worst portion of this whole debacle was the resulting price - after a 15% tip, tax the total came to just barely shy of $80 ($79.95 for those keeping count). Was the evening worth even close to $80? Or heck worth $40? (Barely the latter IMNSHO). The value was appalling especially when considering the drink total ($31.80 with tax and tip) was a complete and absolute regrettable wash. The food ($48.15 with tax and tip) also did not measure up in value. At half the price it might be acceptable in terms of value.

Atmosphere

Shockingly, the atmosphere can also be described as “it didn’t suck” - nowhere near good and not terrible. Just barely adequate. It was very loud, dimly lit and not conducive to talking to anyone more than half a metre away from you. It’s very similar to other pubs I’ve been to but somehow a step or two worse without being outstandingly crappy.

Service

To close up this review I end with the most positive aspect of the evening at the Rose and Crown: the service was prompt and just what would be normally expected. Nothing exceptionally or above what should normally be expected from a waitress at a pub. The exception was it took a couple minutes to track her down in order to pay the grossly overpriced bill.

It’s not only just barely adequate in terms of quality of food, a complete waste in terms of alcohol, and acceptable in terms of service - it’s absolutely terrible in terms of value for money.So in summary, for the love of God and all that is holy avoid the Rose and Crown in BANFF.

The Rose and Crown in Calgary is awesome and not affiliated with the Rose and Crown in Banff. Thank God.

iPhone Cryptic Error : Invalid Recipient

chealion@chealion.ca (Micheal Jones) — Tue, 04 Nov 2008 21:08:49 +0000

While I really enjoy my iPhone’s ease of use it does spit some really cryptic errors sometimes. Namely one I’ve kept running into after changing over my domains to the new Shared Accelerators from Joyent which changed my SMTP information.

For some reason my new SMTP information just wouldn’t sync to my iPhone correctly - at best the server info will but the username and password were blank. I’m not 100% certain that the error is not exclusive to Joyebt’s email servers as I have seen it on another server as well - but when the username or password is wrong when attempting to send uemail you are presented with the following error:

“One of the recipient addresses was invalid”

Frustrating and exceedingly cryptic, but if I write it down then I might actually remember what the error means next time.

Showing Network Volumes in the Sidebar

chealion@chealion.ca (Micheal Jones) — Tue, 28 Oct 2008 14:49:07 +0000

At work I have a user that really, really was having a hard time with Network Shares being moved to under Network in Leopard instead of showing up with the rest of the Volumes as they used to in Tiger. After a bit of digging around I found the following information but failed to figure out how to create a script to automagically put Network shares in the Devices section of your sidebar but if you’re managing several computers it is possible to copy the com.apple.sidebarlists.plist file saving a lot of time.

When a network share is mounted in Leopard it does not appear in the Finder sidebar on it’s own - it is accessible via the server it is on if you have Connected Servers checked off in the Finder preferences. At work we have Back to My Mac, Connected Servers, and Bonjour Servers all hidden by default because they do little to assist anyone in finding anything. (Not to mention Back to My Mac isn’t used and Bonjour Servers lists every computer in the building). Your one alternative was to navigate back to the Computer (Command-Shift-C) and find your Volume there - instead what you can do is drag a Network share to your sidebar (or press Command-T when it is selected) where if mounted it will appear.

What I wanted to do was make it so they would automatically appear no matter what was connected - making the change more future proof. I ultimately failed to do so but I did learn the following tidbits about com.apple.sidebarlists.plist:

Under :systemitems:VolumesList (PlistBuddy syntax in use) you have a list of different hard drives and such that have been plugged into your computer - and if you happen to add a share to your sidebar this portion is what is changed.

Each Item consists of:

An Alias (Data) - This is the base64 decoded form of a _CFULRAlias (identical to as seen in com.apple.dock.plist)
EntryType (Integer) - I found the codes for several different types:
16: Special Access (Computer, iDisk, Network)
261: Hard Drive (and ZFS Pool)
517: Time Machine
515: USB Drive
Icon (Data) - Again this is Hex but if you have a hex editor (such as Hex Fiend) but is the form “ImgR? SYSL fldr” (Default Finder Folder icon) with two fields separating each section. The default for a server icon is: 496d6752 0000001c 00000000 5359534c 00000010 00000000 73727672
Visibility (string)(optional) - Can be NeverVisible or AlwaysVisible. In this case we want AlwaysVisible.

My big issue in not being able to figure it out was that I couldn’t figure out through research how to write the necessary alias data that is being looked for by com.apple.sidebarlists.plist . James Reynolds created the dockit.c program. Tweaking the program so it’s start and end points only included the CFURLAlias data (329 and 326 respectively) gave me the base64 encoded information that you see when editing an XML version of the Dock or Sidebarlists plists - but using PlistBuddy to input the information did no good.

So what I ended up doing instead was to use one computer to mount all the possible shares put them in the sidebar (since they’re hidden when not mounted it’s fine having shares that wouldn’t even be mounted) and then push out the changes via MCX. It’s not perfect but it works and it will make finding the shares much easier. I’m hoping this entry helps someone else on their search for getting such a script created.

Thanks to the following places for information:
CocoaDev (note: The Alias data when viewed in an xml plist is base64 encoded - but not in Property List Editor)
JeremyForPresident
MacOSXHints

Tethering your iPhone : Experiences

chealion@chealion.ca (Micheal Jones) — Sat, 25 Oct 2008 17:20:41 +0000

Update: Nov. 17th, 2008 - PDANet 1.4.0 allows VPN access, however at first look it doesn’t work correctly with VPN Tracker 5.

One of the biggest benefits of my iPhone that I’ve been waiting vainly to try was the ability to tether my iPhone to my laptop so I could access the net from anywhere in case of an emergency - whether it be a server at work or a life or death flash video that isn’t on YouTube. It’s also very worthwhile to note that this will suck your iPhone’s battery faster than anyone would like - for me it lasts about 2.5 hours as both the WiFi and 3G antennae are in heavy use.

It should be noted that all the present options require jailbreaking your iPhone which is not without its caveats and primarily a reason I want an official solution simply because if Apple breaks the jailbreak during an upgrade you’re forced to wait for the iPhone dev team (it’s amazing the work they’ve done) to be able to get a patch out so they can still jailbreak themselves. The good news on this front is the current jailbreak they have is quite resilient as the current jailbreak method they are using can’t be fixed with software. (Although iTunes 8 does look for jailbroken ipsws and tries to stop them). For more details on the jailbreaking process I recommend checking out the iPhone Dev Team’s Blog

PDANet 1.3.3

By June Fabrics PDA Technology Group
Homepage | Available through Cydia

Pros:

Very easy to use
Very little setup - only need to have the iPhone connect to your laptop’s created wireless network
Keeps working even after the iPhone’s screen has turned off.

Cons:

Does not work with VPN (deal breaker) - IPSec Passthrough does not work
Some Terminal commands do not work - eg. can not ping
Can not use your iPhone for anything else without disrupting connectivity.

Using ssh and SOCKS

Sample Instructions | Requires OpenSSH to be installed on your iPhone
Linked are some instructions on how to do this - I’ve done this before as a poor man’s VPN before so it was straightforward.

Pros:

Easy setup (as OpenSSH is installed by default when jailbreaking now)
Keeps working even after the iPhone’s screen has turned off. Not 100% reliable though.
You can still use your iPhone

Cons:

For those unfamiliar or comfortable with the Terminal it may be a bit confusing.
Does not work with VPN (deal breaker) - IPSec Passthrough does not work

3proxy

Sample Instructions | Available via Cydia

Very similar to simply using the ssh setup - but uses 169.254.x.x and port 1080 for your SOCKS Proxy.

Pros:

It works
Can still use your iPhone

Cons:

Requires more setup (downloading and installing 3proxy).
Requires use of Mobile Terminal. The instructions require force quitting Mobile Terminal, but if you added a & at the end of the command you could then run jobs -p when you want to quit, see the process id and type kill PID (where PID is that number that jobs -p gave you).
Does not work with VPN - IPSec Passthrough does not work

iPhoneModem zsrelay

Homepage | Part a download for OS X (or use PuTTY on Windows) and part iPhone app on Cydia.

Note: There is another iPhoneModem application by Addition that exists that costs $9.99 and as far as I can tell has nothing to offer that the free options here don’t have.

The Mac application side is only required if you’d like to secure the connection between your computer and the iPhone. It will use ssh to secure the connection between the two to start and then puts WEP on the ad-hoc network created as well to help discourage anybody jumping on to the network. (WEP may not be secure but the network I really doubt is going to be around for longer than a brief period of time).

Pros:

Nicest setup
You can still use your iPhone
Secure connection between your computer and the iPhone

Cons:

Harder setup in comparison to other options
Advanced Settings on the iPhone has a download counter that appears to reset whenever you leave that page but updates properly once more data is used.
As with all these options that just use proxies - VPN (IPSec) is not allowed over SOCKS.
Slow setup - and more involved.

NetShare

The original tethering application that was available on the App Store. I opted to not try and install NetShare on my iPhone because even though it’s not publicly available to buy anymore it’s still illegal.

Conclusions

Of the options available iPhoneModem zsrelay is the nicest setup with a good mix of security, ease of use and other features however the easiest to set up and use is hands down PDANet. The unfortunate portion for me is that none of them will allow me to use VPN Tracker to connect to the VPN server at work. Personally I’ll stick with PDANet as it’s the least invasive

Venus T5 : Benchmarks (ZFS versus Hardware RAID)

chealion@chealion.ca (Micheal Jones) — Mon, 20 Oct 2008 14:02:16 +0000

After trying out ZFS on a handful of fitful USB keys I pulled out the AMS Venus T5 a 5 drive SATA RAID enclosure with an eSATA port for plugging into the computer. The Venus T5 was outfitted with 5 x 7200RPM 1TB Seagate Drives for the test. I was curious as to what the difference would be

RAID 0 setting has them all striped together. The Single Drive results are an average from all 5 drives. To keep in with the previous post I still used date +%s for the timings instead of using the more accurate time command.

Standard Test (5 cycles):

	Single Drive	Hardware RAID 0	Software RAID 0	ZFS
Sequential Read Speed:	71.542	68.170	66.358	678.275
Sequential Write Speed:	63.107	68.043	64.925	338.702
Random Read Speed:	17.203	21.308	28.053	276.802
Random Write Speed:	29.525	29.634	46.104	505.464

Extended Test (5 cycles):

	Single Drive	Hardware RAID 0	Software RAID 0	ZFS
Read Speed:	100.501	113.045	125.893	248.304
Write Speed:	90.517	97.360	101.469	299.403

Speeds in MB/sec

As seen in the ZFS test on the USB keys it’s quite obvious that QuickBench 4.0 is useless in benchmarking a ZFS formatted drive in comparison to other formatted drives. ZFS isn’t supported so it isn’t surprising.

As a continuation of a more consistent test we then copied a 903MB file (Xcode 2.5) and a folder of of 1500 0 byte files numerically named.

date +%s; cp ~/Desktop/SpeedTest/xcode.dmg DESTINATION; date +%s;
cp ~/Desktop/SpeedTest/*.txt DESTINATION; date +%s

	Single Drive	Hardware RAID 0	Software RAID 0	ZFS
Large File Time:	0:36 (~25MB/sec)	0:31 (~29MB/sec)	0:29 (~31MB/sec)	0:41 (~22MB/sec)
Small File Time:	0:01	<0:01	<0:01	<0:01

Measured in seconds. 5 trials, highest and lowest scores dropped and remaining 3 trials averaged.

With much better hardware the actual throughput information is a lot more interesting.

Messing with USB Keys: ZFS Fun and Shenanigans

chealion@chealion.ca (Micheal Jones) — Wed, 15 Oct 2008 17:20:10 +0000

In the quest to sate my curiosity of the viability of ZFS for replacing hardware RAIDs I gathered a few extra USB keys that were lying around my office in hopes to see just how much of a difference in terms of numbers one can find between a single USB key, a software RAIDed set and the new Zettabyte file system (ZFS) that will be more predominantly shown in Snow Leopard.

I used two identical Kingston DataTraveler 2.0 Media DTI/1GB keys. Key 1 reports 980MB, whereas Key 2 reports 984MB. I had originally 4 keys lined up to use, but the two other keys I had would not format. I am unsure why there is such a difference in reported size, and the two keys that wouldn’t format would both report 970MB.

Because ZFS is a software RAID I was comparing it to the software RAIDs created by Apple’s Disk Utility (Version 11.1 in Mac OS X Leopard 10.5.5). The ZFS installation was the 119 release that was put on MacOSForge on July 23rd, 2008 and is still very much under development as the Mac OS X port isn’t even complete yet.

All test performed using QuickBench’s Standard Test, which is a test that transfers several small files ranging from 4KB to 1MB:

	Single Drive	RAID 0	RAID 1	RAID Concatenation	ZFS
Sequential Read Speed:	11.394	18.487	11.556	11.024	360.927
Sequential Write Speed:	3.386	6.090	3.431	3.750	258.036
Random Read Speed:	11.159	18.167	11.416	10.963	220.398
Random Write Speed:	0.741	0.593	0.608	0.637	423.246

All speeds in MB/sec

Given the insane speed increase seen by ZFS (which I assume is greatly improved by it’s ability to use compression reducing the amount of I/O work) which makes the test sound horribly flawed I redid the test using the Extended Test in QuickBench 4.0.

Extended Test (20-100MB)

	Single Drive	RAID 0	ZFS
Read Speed:	13.892	27.288	65.964
Write Speed:	5.396	9.954	202.043

In this second test we were again getting wildly fast results that didn’t fit with reality - the files divisible by 30 were wildly faster than any other result.

Lastly a very simple copy using the command line copy:

date +%s; cp ~/Desktop/Reverie_Final_Cut2_midres.m4v DESTINATION; date +%s

As a baseline a simply copy on my 5400RPM drive in the MacBook Pro this was done on takes 11 seconds.

	Single Drive	RAID 0	ZFS
Time (seconds):	37	22	11

Measured in seconds. 3 trials averaged.

Caveats: The RAID 1 copy trials ranged from 13 seconds (subsequent trials) to as much as 39 seconds (the first copy). While ZFS was 11 seconds each and every time. Also the commands used are going to be imprecise - if I wanted it to be more accurate instead of easily out by as much as 1 second I would have used the time command.

As a continuation of a more consistent test we then copied a 903MB file (Xcode 2.5) and a folder of of 1500 0 byte files numerically named.

date +%s; cp ~/Desktop/SpeedTest/xcode.dmg DESTINATION; date +%s;
cp ~/Desktop/SpeedTest/*.txt DESTINATION; date +%s

	Single Drive	RAID 0	ZFS
Large File Time:	4:13	2:40	3:10
Small File Time:	0:03	0:01	0:01

Measured in seconds. 3 trials averaged.

So what does this all mean? From the first two tests we can see that ZFS does improve throughput but our standard QuickBench tests aren’t any help of determining how much because of ZFS’ difference in dealing with files giving us consistent odd results. The more practical test of copying an H.264 file and the large file with many small files gave us inconsistent results. There isn’t anything concrete in my non-scientific results but I’m looking forward to Snow Leopard being released and ZFS becoming a full fledged filesystem citizen in the Mac OS - if only because with maturity ZFS might be a faster option for a RAID system.

Tomorrow the same file copying tests will be performed on a 5TB RAID connected to the computer via eSATA for kicks.

LaunchBar Snippets

chealion@chealion.ca (Micheal Jones) — Tue, 14 Oct 2008 17:06:03 +0000

One of the very first programs I install on any machine I will be spending a good deal of time on is LaunchBar. I am a self confessed LaunchBar whore because of the amount of time it saves me from going down to the Dock or having to find the Applications folder to launch Applications on top of being able to calculate, do web searches and manipulate files just from a few keystrokes.

Here are three snippets I’ve added to my LaunchBar configuration that make my life a bit easier:

Add /Library/CoreServices as a folder to search - it means you can access applications like Screen Sharing and a few other lesser known applications without digging.

Searching Apple Mailing Lists: http://search.lists.apple.com/?q=*&cmd=Search%21&form=extended&m=all&ps=50&fmt=long&wm=wrd&wf=2221&sp=1&ul=

LargeText: x-launchbar:large-type?string=*

Lastly a couple other tips that I keep running up against:

** allows you to do powers of in the calculator. Not ^.
If you consistently misspell something (eg. LIHGR instead of LIGHR for Lightroom) you can set the abbreviation by typing in something that does bring up the file or application and then press Command-Option-A (Select->Assign Abbreviation with the mouse) and then type in the misspell that you keep typing.

build_hd_index

chealion@chealion.ca (Micheal Jones) — Sat, 27 Sep 2008 00:58:07 +0000

I came across a process running on my iMac at home tonight that was consuming a fair chunk of RAM, and a consistent 40-50% of my CPU while accessing each and every hard drive I have hooked up. The process in question is called build_hd_index and is part of Apple’s built in Remote Management software in OS X.

The specific file can be found in /System/Library/CoreServices/RemoteManagement/ as part of ARDAgent.app (ARDAgent.app/ Contents/Support/build_hd_index) and is used by the program (Apple Remote Desktop Agent) to build user and applications reports to be sent back to Remote Desktop Admin (an Apple program for managing multiple computers that is awesome). The reason this was even turned on was that as part of an attempt to get a VPN server working I added my home computer to Remote Desktop Admin on my work computer. By default (as it’s set in my preferences and I believe always default) it will gather reports on certain data which run at midnight in order to cache the data on the computer running Remote Desktop Admin so you don’t have to requery such information every time you wish to look at it.

A quick Google search on build_hd_index showed several other people having issues with it suggesting ways to neuter the process (which would break System updates) or other attempts to disable it.

To turn it off, on every computer running Remote Desktop Admin you need to tell it to stop collecting data (Get Info on the computer) or you can force this by removing the plist file in charge of ARDAgent at /Library/Preferences/com.apple.ARDAgent.plist . More of this is covered in detail in Apple’s KBase article.

So as of a result, since my work computer is a laptop and is not on, let alone at work at midnight I’ve turned off uploading information at scheduled intervals - however I still want my work computers to cache the data as the information is useful to debugging why something may be happening.

WebKit Nightly Update Script

chealion@chealion.ca (Micheal Jones) — Thu, 25 Sep 2008 04:15:23 +0000

This is a repost of a much older post that was lost when I transitioned from Moveable Type 3 to 4.

I personally like using WebKit nightlies as my main browser as it’s more or less Safari with a better, faster, and much more current rendering engine underneath it. That and the gold logo looks much better than the silver. It does have bugs occasionally (for example I was unable to post comments to Flickr with WebKit nightlies for a couple weeks) but all in all the experience is very positive. This is the script I use to keep WebKit updated whenever it bugs me for an update. I use an alias in my .bashrc file so I can just type ‘wkupdate’ to run the shell script. The best part is that if I copy it and I’m still using the program the changes won’t take effect until I restart but it allows me to copy it still. (Not advisable however)

#! /bin/bash

#Find current revision
currentRevision=`cat /Applications/WebKit.app/Contents/Resources/VERSION`

#Get address
#Download start page and find address
address=`curl -s http://nightly.webkit.org/start/trunk/$currentRevision | grep 'WebKit-SVN-r[0-9]*' -o | head -n 1`

#Abort if there is no update
if [ "$address" == "" ]
then
	echo "There is no update for WebKit available"
	exit
fi

#Append download address
address='http://nightly.webkit.org/files/trunk/mac/'${address}'.dmg'

echo "Downloading... $address"
curl -s $address -o /tmp/WebKit.dmg
#Mount Image
hdid -readonly -quiet /tmp/WebKit.dmg

echo "Copying..."
#Copy to Applications
revision=`cat /Volumes/WebKit/WebKit.app/Contents/Resources/VERSION`

cp -RfL /Volumes/WebKit/* /Applications/ 2>/dev/null
ls /Volumes/WebKit/

echo "Cleaning up..."
#Clean up
hdiutil detach /Volumes/WebKit/ -quiet
rm -rf /tmp/WebKit.dmg

echo "Finished. (r$revision)"

EDIT: Updated 12/30/08 - Fixed URL check. Realistically you should be looking for the latest source at the link below:

As always this script can be found in my git repository on GitHub.

Opening/Copying Locked DVDs

chealion@chealion.ca (Micheal Jones) — Tue, 09 Sep 2008 17:56:15 +0000

At work we sometimes receive DVDs that we need footage off of that are locked. They will play back fine in DVD Player but we don’t want it for playback. The resulting DVD images are always titled SONATA_VOLUME and are created by a stand alone Sony DVD Recorder.

In order to copy the VIDEO_TS file off of the DVD you require sudo access but given that sudo access is limited to administrators (and not the editors) - this gets to be a bit of hassle because I have to be called to copy the DVD which adds unnecessary overhead to just get some footage off a simple DVD.

The solution? Create a droplet application (in this case AppleScript with shell scripts) so the editors don’t have to disrupt their workflow to get me to unlock the footage they need.

The source follows:

(* Files dropped onto the application will be copied to the root folder
of the main hard drive and set so the user has ownership - allowing 
them to move, rename and delete said file/folder. *)
on open files_
	repeat with file_ in files_
		--Get name of file, path, and the current username of editor
		set name_ to name of (info for file_)
		set file_ to POSIX path of file_
		set username_ to short user name of (system info)
		(* The 3 shell commands here can be condensed into one longer line
			but I left them separate for debugging and readability reasons
		*)
		do shell script "/bin/cp -R " & quoted form of file_ & " /" & quoted form of name_ user name "ADMIN_USER_NAME" password "PASSWORD" with administrator privileges
		do shell script "/bin/chmod -R 777 /" & quoted form of name_ user name "ADMIN_USER_NAME" password "PASSWORD"" with administrator privileges
		do shell script "/usr/sbin/chown -R " & username_ & " /" & quoted form of name_ user name "ADMIN_USER_NAME" password "PASSWORD"smoke@#$" with administrator privileges
		do shell script "open /"
	end repeat
end open

The Move To WordPress

chealion@chealion.ca (Micheal Jones) — Sat, 30 Aug 2008 23:20:16 +0000

After much (okay very little) persuasion from Matt and coincidentally a well written breakdown on how he has set up his WordPress installation I’ve pulled the trigger and installed WordPress. The installation replaces my MT4.1 installation that languished under the wait for me to find some time to design the new blog and accompanying photo blog on mcjones.ca. I had even got so far I had it written it out and sketched in a notebook. Finding the time to sit down and actually code it however never came to pass as when I did make time it was the last thing I felt like doing.

So please bear with some minor growing pains as I decide and modify a theme for WordPress - I’d still love to go with the design I made but since that is never going to come to fruition I should move and start creating articles that interest me.

kCFErrorDomainCFNetwork: 302

chealion@chealion.ca (Micheal Jones) — Thu, 10 Jul 2008 23:27:08 +0000

After seeing this error popping up a lot while having issues with my internet connection dropping packets left and right I searched CFNetworkErrors.h for what the error code meant (since Google didn’t say much other than it appeared in 10.5.3). The line in question is: kCFErrorHTTPConnectionLost = 302,

So if you get kCFErrorDomainCFNetwork: 302 errors, it’s because the HTTP connection was lost somewhere along the way. As to what causes it can really definitely seem like voodoo.

Tab Count to Growl for Safari

chealion@chealion.ca (Micheal Jones) — Tue, 17 Jun 2008 20:50:41 +0000

The following AppleScript snippet figures out how many tabs are open in the frontmost window and spits it out to Growl. Helps when I don’t feel like counting how many tabs I’ve opened in WebKit/Safari. Note: To get this to work with Safari change WebKit to Safari.


tell application "WebKit"
    activate
    set numtabs to index of last tab of front window
    tell application "GrowlHelperApp"
        set the allNotificationsList to {"Number of Tabs"}
        set the enabledNotificationsList to {"Number of Tabs"}
        register as application "Growl AppleScript Sample" all notifications allNotificationsList default notifications enabledNotificationsList icon of application "WebKit"

        notify with name "Number of Tabs" title "Number of Tabs" description "" & numtabs application name "Growl AppleScript Sample"
    end tell
end tell

launchd Caveats: StartCalendarInterval and Sleeping

chealion@chealion.ca (Micheal Jones) — Tue, 27 Mar 2007 12:00:00 +0000

After a couple hours of testing, and searching on Google I’ve come to the realization (and subsequent confirmation) that the reason my launchd periodic task doesn’t always run on time (but sometimes hours late) is that the process is tied to a timer and not a specific time of the day like you specify in the plist.

So if your computer is asleep for 3 hours, the process will run 3 hours later unless you restart your computer which will fix the timer issue, until the next time you sleep.

I really hope this is fixed in Leopard, and have subsequently filed a bug report. (Radar 5091911 - link will only work for Apple employees)

So in summary, don’t depend on StartCalendarInterval to run your launchd process at the time you’ve said unless you know the computer has restarted since the last time it was put to sleep.

Note: This was fixed in Leopard. Unsure if it was fixed in 10.4.11 as I don’t use Tiger anymore.

launchd : cron with less suck?

chealion@chealion.ca (Micheal Jones) — Tue, 20 Mar 2007 12:00:00 +0000

So while figuring out launchd I came across the revelation that launchd will run any tasks it is given at it’s prescribed time, or the next time available (eg. the computer is asleep or turned off). I now remember hearing that when 10.4 Tiger was first released but had completely forgot it. Since Apple has the periodic tasks running in launchd instead of cron in Tiger, this makes the often touted reason to run Onyx moot and useless.

The system runs the scripts when it can (when it’s supposed to, or when you turn your computer on next), and doesn’t just “not run them” as cron would.

Running the periodic scripts sounds just as helpful as “Repairing Permissions” now, but I may be underestimating the value of the placebo effect.

Source: man launchd.plist

  StartCalendarInterval <dictionary of integers>
  
  This optional key causes the job to be started every calendar interval as
  specified. Missing arguments are considered to be wildcard. The semantics are much
  like crontab(5).  
  Unlike cron which skips job invocations when the computer is asleep, launchd will start the job the next time the computer wakes up.   
  If multiple intervals transpire before the computer is woken, those events will be
  coalesced into one event upon wake from sleep.

So for replacing cron? launchd kicks ass. I’m disappointed it took me until 10.4.9’s release for me to truly start finding out the power of launchd.

Carnarvon Lake

chealion@chealion.ca (Micheal Jones) — Mon, 14 Aug 2006 00:00:00 +0000

Note: Pictures so far are only on Flickr: Carnarvon Lake Set

Having never been backpacking before I wasn’t sure what to expect when invited for a backpacking trip up to Carnarvon Lake[1] at the Southern tip of Kanasakis Country.

Three friends, my brother and I left Calgary around 7:30 AM so we could start our 10K hike in by 10:00 AM or so. Having arrived fine at our parking spot on Cat creek we unloaded and began our hike that would see roughly 500 metres in elevation gain, most in the last 300 metres or so.

The hike itself includes 3 creek crossing (one mid thigh, one mid calf and one mid toe.[2]), so a good pair of sandals was recommended. Unfortunately mine sucked and while extremely useful for the crossing caused me to develop 3 blisters on each foot pretty quickly. The joys of being a city boy not used to travelling on cow trails and logging trails.[3]

Your first 9 kilometres or so yield some good rolling terrain with a general uphill feel giving good vantage points and a good view as you go around one of the foothills to get to the headwall. The headwall is broken into two sections, with the first section allowing you to follow a couple hundred metre path or do what those who don’t know about the path; scramble up the scree about 100m.

The scramble up the scree took us an hour and wasn’t fun as you went from safe spot to safe spot trying to stick to any vegetation available. Once we got up to the path it was apparent that the path would have shaved off 50 minutes and saved several litres of sweat from each person. It should be noted that not being protected the wind had picked up and was appreciable keeping the beating sun from overheating us.

From there we made our way up the path to the second section where chains have been attached to the rocks to make the scramble up a heck of a lot easier. It’s possible without the chains, but the chains offer some safety and give you a path to follow. Another 15 minutes climbing rocks we hit the top of the headwall.

At this point, I was exhausted and just happy to be at the top so I could get some water and some respite from the climb. Coming over the headwall we faced a hundred kilometre or so wind battering us as the wind came through the 3 valleys behind the lake, across the lake and down into the valley below. Another 15 minute hike around the lake brought us to where we would make camp, on the lee side of a ridge reducing the wind considerably.

From there after shedding all our gear and setting up the tents we were able to head to the lake and relax. All in all the 10k hike had taken us about 6 hours, longer then expected largely to the unexpected hour long scramble up the scree. My friend Earl (who was leading us) was right however. The 6 hour hike was definitely worth the view, bot at the headwall and the ridge above the lake which a couple of steps from that was the continental divide and British Columbia.

After getting a few pictures of Mount Armstrong from the ridge we headed back down to get some food (reheat some pasta) and get some sleep.

It’s been a really long time since I’ve seen stars that bright, but my biggest regret was being as tired as I was, I didn’t see much.

The following morning we immediately headed to the headwall to get some shots of the valley below before the cloud cover burned off and the sun rose any higher in the sky. (8:30 AM) Afterwards which we headed back to camp to get some light breakfast ready (jerky and cereal bars). For the next few hours (until 1) we then hiked into BC getting several shots of the Purcells, and heading up one of the mountains checking for an unnamed lake further up.

Coming down was much easier then coming up, although the wind was going roughly a hundred again, and giving the lake some really nice looking whitecaps. It only took about 4 and a half hours to get down and back to the car, and in all we saw a total of 11 people or so going up and back down. (A group of three on horseback passed us on the trail to go fishing on the way up, a group of two were there when we arrived fishing, the conservation officer who was using a bike to do the trail, and a group of two we saw on Sunday who hiked up as we were leaving for BC, and hiked down while we ate lunch.)

Would I do it again? Yes, but I can’t do it every weekend. I’m just not cut out for it. Yet? Was it a lot of fun? Yes. If you’re looking for something a wee bit challenging and know about doing backcountry backpacking it’s definitely a place to visit.

Just take a look at the pictures on Flickr for a more visual idea.

1 - It’s on a trail off the Cat Creek trailhead. (Google Maps Link)
2 - Obviously this would be higher if it wasn’t done in late July.
3 - No excuses. I wasn’t as fit as I thought, but I did it fine.

chealion.ca

On Learning Gateway API using Cilium's Node IPAM and L2 features

1. Configure Cilium for L2

2. Create your Node IPAM configuration

3. Create our deployments

4. Deploy our gateways

5. Deploy the HTTPRoutes

6. Deploy the services

7. Confirm connectivity

Starred Podcasts to mcjones.ca

SSH Key Types and Crytography Short Notes in 2023

OpenSSH Version References

Ubuntu

macOS

Nova / Horizon (OpenStack)

Dev Diary - Community Development Map

The Problem

The Data

But can I use it?

The “solution”

Filtering

Visualization (Streamlit)

Hosting

Hugo Archetypes

Dev Diary - yycbike_count - Python 3 and GitHub Actions

Python 3 Upgrade Notes

GitHub Actions

Repurposing or Extending yycbike_count

Counter Config

GitHub Actions

act

Running Pihole using Docker on your Mac

Using CloudFlare as a v6 to v4 Bridge

SSH Key Types and Cryptography: The Short Notes

Key Exchange

Encryption

Key Type Reference

TL;DR

Other Resource Links

What's calgary.bike?

Trying to make sense of when to use Docker vs. LXC

IPv6 and Systems

About Me

Moving to Ghost

Calgary FCPUG: Outputting to Blu-ray, DVD and the Web

Using Gmail as your SMTP server When Using your ISP's Email

Hooking Up with Shaw's New "Remote SMTP" Service

Coles Notes

More elaborate instructions

Using Compressor to Make H.264 MP4s

Using Compressor

Helpful Table of Limitations

Using HTML 5's Video To Serve Baseline and Main Profile Content

Mail.app, Outlook, Attachments and Disappearing Text

Comments, No Comments, and When It Doesn't Matter

Curious Notes about WebM on YouTube

Tetro Trailer (Originally encoded 12/26/09)

12 Second Test Clip Uploaded Today

i5/i7 MacBook Pros do NOT support Jumbo Frames

Google Chrome on the Mac - When beta doesn't mean beta

Xdebug, Leopard, and 64-bit shenanigans.

Magic Mouse: Impressions

The Good

The Bad

The Ugly

Conclusion

Initial Snow Leopard Client Impressions

iCal Server Multiple / Sub Calendars and Sunbird

Chromium Mac Build Bot Updater Script

Quick Looking a .csv File

DROC.CA : Douchy Business Practices

Aborting On the Second Disk on a Restore

Invisible Shield

Good

Bad

Conclusion

iPhone Restoration : Restoring Home Screen Layout (Pre 3.0)

The Cause

The Workaround

Agricola - Initial Impressions