Automatically lock your Mac when you step out

Of course, being a mac user at home, after yesterday’s post on locking a windows machine I have been looking for a similar solution to automatically lock my mac when I step out. A similar setup as with btprox for Windows can be established easily by combining the power of an open-source tool called Proximity with a little AppleScript.

Proximity is a more generic solution that allows one to run an AppleScript when a Bluetooth device gets in or out of range. The generic solution was already described on Lifehacker and Macworld Hints. However, they both have a too generic solution where just getting in range with the paired device would unlock the computer, which is not exactly what I wanted. I use the following AppleScript instead, which only switches off iTunes if it is running (and does not start it when it is not) and locks the screen:

    if application id "com.apple.iTunes" is running then
        tell application id "com.apple.iTunes" to pauze
    end if

    activate application id "com.apple.ScreenSaver.Engine"

My Default settings for the screen saver to always require a password after 1 minute suffice for me and render the setup I need on my Mac OS X Lion machines.

Automatically lock Windows when you step out

For my work I need to use a laptop running MS Windows 7 Enterprise in a domain. To ensure that all laptops lock automatically, my employer’s IT department has deployed a domain policy to activate the screen saver after 10 minutes idleness and lock the screen. These settings are enforced through adomain policy and cannot be modified by the user, which means that I cannot have the screen lock sooner either so I have been looking for a way to work around this.

Some time ago I discovered BtProx, an open-source Bluetooth Proximity Lock Utility for Windows and I am quite happy with how it works. This utility allows one to lock the screen when a bluetooth device gets out of range. I have paired this app with my cell phone so now my laptop’s screen locks 1 minute after I step out from my desk.

So far, the only drawback I noticed is that I need to activate it manually after logging in (you cannot set it up an forget about it). Besides that for me this is a perfect solution to lock my screen when I need it to despite the enforced domain policy.

Enabling TFTP on Mac OS X Lion

While migrating my linux-based server to Mac OS X Lion Server, I noticed it did not have a TFTP server enabled by default. A little googling pointed me to a blog post of The Weezey Geek, who outlined that everything is there, it’s just disabled.

 I enabled the TFTP server as follows (which is slightly different from the post referred to below):

  1. edit /System/Library/LaunchDaemons/tftp.plist as root (sudo vi /System/Library/LaunchDaemons/tftp.plist)
  2. Change
    <dict>
            <key>Disabled</key>
            <true/>

    into

    <dict>
            <key>Disabled</key>
            <false/>
  3.  Next load the configuration with sudo launchctl load /System/Library/LaunchDaemons/tftp.plist

 Which makes the change permanent and starts the TFTP daemon.

by default TFTPD uses /private/tftpboot as it’s root directory. To change this, modify the following fragment in /System/Library/LaunchDaemons/tftp.plist:

        <array>
                <string>/usr/libexec/tftpd</string>
                <string>-s</string>
                <string>/private/tftpboot</string>
        </array>

To allow TFTP uploads, make sure that the directory to be uploaded to (be wise and make this a subdirectory of your TFTP root directory) is writable to all users.

Migrating to Mac OS X Server

Just before Christmas I bought myself a Mac Mini Server with OS X Lion Server. The idea behind this machine is to replace my current server (a almost 7 year old Dell PowerEdge 2850). From the specs this machine is way faster, has more diskspace (although no RAID5, but I have a NAS for storage anyway) and it uses way less energy than the current setup. Based on a quick calculation, the mac mini server would use less than 15% compared to the Dell, which means that this investment would earn itself back in about 2 – 3 years.

I have been playing around with the Mac OS X Lion Server for a while to make up my mind how I want to migrate my current setup. Since Mac OS X is based on BSD, it does provide a very good platform to replace my linux-based setup, but I am not quite convinced yet the way Apple has structured would work for me. Besides, I do like to keep some things separate, so I am still looking for a good way to do this. So far the only (and most efficient / easiest) way to achieve these appears to be running some services in a VM.

In the coming weeks I will be migrating different services from my Linux-based setup to either something running on Mac OS  X Lion Server natively, or inside a VM running on Linux on the Mac Mini Server. Each of these migrations will be described here to help others.

Changing the Synology icons for Mac OS X Finder

I have been the happy owner of a Synology DS-1010+ NAS for some time now. The NAS works without problems since I got it and although it took a short while, it fully supports Mac OS X Lion after the last upgrade to DSM 3.2.

One of the things that had annoyed me for some time though, was that on the Mac Finder, the Synology NAS is shown as if it was a Windows host, both for the AFP shares as well as its TimeMachine function. Functionally nothing wrong, but not as I wanted. Since I had been playing with AFP and Avahi on Linux and set this up correctly in the past based on this blog post of Simon Wheatley,I decided to check whether I could achieve the same on my NAS.

Screenshot of Mac Finder after the patchAfter a bit of debugging I found out that the Synology NAS (DSM 3.2) was also using avahi, but that its configuration files were re-generated every time the avahi service was restarted based on the configuration of the NAS. To show the right icons in the finder meant 2 simple changes to the file /usr/syno/etc/rc.d/S99avahi.sh, which changes how the Synology NAS to what is depicted to the right

In the function AddTimeMachine(), one has to add the following just before the </service-group> tag:

  <service>
    <type>_device-info._tcp</type>
    <port>0</port>
    <txt-record>model=TimeCapsule</txt-record>   
  </service>

and in the function AddAFP(), the following must be added just before the </service-group> tag:

  <service>
    <type>_device-info._tcp</type>
    <port>0</port>
    <txt-record>model=Xserve</txt-record>   
  </service>

Next, the avahi service must be restarted/reloaded with the following command:

/usr/syno/etc/rc.d/S99avahi.sh reload

and after logging in again on you Mac the Finder will start showing the right icons (apparently this information is cached).

The resulting S99avahi.sh file for DSM3.2 that can be used as a drop-in replacement is attached to this post.

Monitoring e-mail while respecting someone’s privacy

My kids each have their own e-mail address. As they are still very young and not using checking their e-mail very frequently, my wife and I would like to be able to monitor what is happening while still respecting their privacy. They each have their own logins and we do not want to check their e-mail, but we do want to know what is happening and at least be aware that they received certain e-mails (i.e. reminders from the library that they need to return books).

Today I have implemented a simple solution for this using SIEVE rules using the folowing script:


require ["enotify", "variables"];

# Store the sender in a variable
if header :matches "From" "*" {
    set "from" "${1}";
}

# Store the subject in a variable
if header :matches "Subject" "*" {
    set "subject" "${1}";
}

# And notify the parent
notify :message "NAME has new mail from ${from}: ${subject}"
                           "mailto:user@mydomain.tld";

The script above simply stores the sender and subject in a variable and then uses the enotify SIEVE extention to notify a user by e-mail. This way we get notified of a new e-mail and know who sent it and what the subject was, without ever seeing the e-mail itself.

Please note that this script requires a mail server supporting SIEVE, e.g. Cyrus or Dovecot with SIEVE plugin, contact your system administrator to find out if you can use this. For a list of clients to manage rules, see this list.

Firefox 4 Multi-Language

One of the features I really like of MacOS  X is that is is multi-language out of the box and, unlike M$ Windows, does not require a reinstall to switch language. For some people (like myself) English is the only language a computer should be, but or my kids having everything in their own language really helps them to find their way around (actually they are bilingual but that is no problem either as they can switch language as they like).

As we really got used to Firefox and really like its cross-platform availability, we also use that as our browser on our Macs. Unfortunately there is no multi-language version of Firefox. Since I don’t like to maintain multiple installed versions on the same computer (one for each language), I found a reall solution that was actually very simple.

Using the Quick Locale Switcher plugin for Firefox one can switch the locale of Firefox. One neat feature of it is that it will also change the language of Firefox if you have the right language pack installed. As it was not that obvious where to find these, I decided to document that here:

  • Go to the Firefox releases folder on the Mozilla website ftp://releases.mozilla.org/pub/mozilla.org/firefox/releases/
  • Select the folder of the version you use (or the latest version)
  • Select the folder of the platform you are using (i.e. mac for MacOS X)
  • Scroll down the list of available installer languages and enter the xpi folder (direct link to the latest MacOS X xpi folder)
  • Next click on the language packages to install them.
    A popup may appear requesting permission to install from an untrusted location,which looks like this on MacOS X with Firefoxe 4:
    Screenshot showing Firefox4's popup for an untrusted installation location on MacOS X
    Click allow to proceed with the normal installation of the language pack
  • After the installation of language packs, Firefox must be restarted to install them and make them active.
  • Once Firefox has been restarted, you can now switch locale using the Quick Locale Switcher’s controls and/or preferences and Firefox will switch locale/language as well if the corresponding language pack is installed.

I hope this is clear, let me know if not.

Glassfish Admin Console fix after 3.1 upgrade

After upgrading my GlassFish server from 3.0 to 3.1 using its updatetool the admin console was no longer working. When accessing the admin console, I only got an empty page. In the domain server.log file I noticed the following error:

[#|2011-05-07T20:58:45.708+0200|WARNING|glassfish3.1|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=102;_ThreadName=Thread-1;|ApplicationDispatcher[] PWC1231: Servlet.service() for servlet FacesServlet threw exception java.lang.RuntimeException: java.lang.reflect.InvocationTargetException while attempting to process a 'beforeCreate' event for 'event1'.
        at com.sun.jsftemplating.layout.descriptors.LayoutElementBase.dispatchHandlers(LayoutElementBase.java:422)
        at com.sun.jsftemplating.layout.descriptors.LayoutElementBase.dispatchHandlers(LayoutElementBase.java:394)
        at com.sun.jsftemplating.layout.descriptors.LayoutComponent.beforeCreate(LayoutComponent.java:348)
        at com.sun.jsftemplating.layout.descriptors.LayoutComponent.getChild(LayoutComponent.java:288)
...
  

After a little searching I found that this issue was apparently already reported and fixed (GLASSFISH-16087). Unfortunately on my server the problem still existed and the suggested workaround didn’t work for me. Fortunately directly changing the domain’s config/server.xml file directly did work. I shutdown Glassfix and lookup the following entry:

    <property name="restAuthURL" value="http://localhost:${ADMIN_LISTENER_PORT}/management/sessions"/>
  

as I understood from the reported issue the server was no longer listening to localhost I changed it into (please note I added both the hostname and changed the protocol to https):

    <property name="restAuthURL" value="https://prod.glassfish.mydomain.tld:${ADMIN_LISTENER_PORT}/management/sessions"/>
  

and after restarting my Glassfish server the admin console worked normally again.

Started a new challenge

Today I started a new challenge as senior manager with one the largest global Consultancy and System Integration practices. The first day was already very promising after working for a very small firm. A lot of things have been organized and people are taking care of it, instead of having to sort out things yourself. I am currently going through a 3-day introduction and hope to start my first assignment soon. Anyway the coming months will be very interesting…

Great… my employer declared bankrupt

I was informed today that my employer was declared bankrupt today by the court in Amsterdam… the interesting part is that 3 out of the 4 employees were still working on customer projects with contracts for between 1 and 6 months…

This definitely felt like a strange situation to be in, I definitely need to think this over to decide how to move forward. Later more…