mind the explanatory gap

Ever since I started managing Macs in a corporate environment, I’ve been annoyed that Apple has failed to offer a sanctioned way of locking the screen via a keyboard command. This is a reasonably common requirement in a lot of corporate deployments. Sure we can use hot corners etc, or we can use one of the sanctioned methods to activate the loginwindow via Fast User Switching, but the former isn’t for everyone, and the latter sucks because it will tear down userspace VPN/802.1x connections.

We have reasonable MCX controls to require a password for the screensaver, but nothing to actually activate it. There are a bunch of private API calls you can use to achieve this, but using private APIs makes me feel dirty.

When I first started poking at Automator again in 10.6, I was pleased to notice that we have a “Start Screen Saver” action. This means that we can save such an Automator workflow as a Service, and then assign a keyboard command to it such that we can activate it from any application.

Unfortunately this action is buggy. If you activate the workflow and wiggle the mouse around, you’ll get an error dialog after unlocking the screen.

Luckily we have another way of achieving the same goal. The System Events AppleScript dictionary contains the same functionality.


tell application "System Events"
start current screen saver
end tell


So you can simply create an Automator “Service” workflow and add a “Run AppleScript” action with the following code snippet.


on run {input, parameters}

return input
end run


Save it, and assign a hot key, and you can finally activate the screensaver from the keyboard.

November 25th, 2009 | Category: macosx | Comments (7)

Thanks to Dave Dribin for pointing this out.

In http://opensource.apple.com/source/CF/CF-550/CFBinaryPList.c

So really there’s no reason why we can’t have plistlib etc for Ruby/Python/whatever deal with binary plists on non-Mac platforms.

/*
HEADER
	magic number ("bplist")
	file format version

OBJECT TABLE
	variable-sized objects

	Object Formats (marker byte followed by additional info in some cases)
	null	0000 0000
	bool	0000 1000			// false
	bool	0000 1001			// true
	fill	0000 1111			// fill byte
	int	0001 nnnn	...		// # of bytes is 2^nnnn, big-endian bytes
	real	0010 nnnn	...		// # of bytes is 2^nnnn, big-endian bytes
	date	0011 0011	...		// 8 byte float follows, big-endian bytes
	data	0100 nnnn	[int]	...	// nnnn is number of bytes unless 1111 then int count follows, followed by bytes
	string	0101 nnnn	[int]	...	// ASCII string, nnnn is # of chars, else 1111 then int count, then bytes
	string	0110 nnnn	[int]	...	// Unicode string, nnnn is # of chars, else 1111 then int count, then big-endian 2-byte uint16_t
		0111 xxxx			// unused
	uid	1000 nnnn	...		// nnnn+1 is # of bytes
		1001 xxxx			// unused
	array	1010 nnnn	[int]	objref*	// nnnn is count, unless '1111', then int count follows
		1011 xxxx			// unused
	set	1100 nnnn	[int]	objref* // nnnn is count, unless '1111', then int count follows
	dict	1101 nnnn	[int]	keyref* objref*	// nnnn is count, unless '1111', then int count follows
		1110 xxxx			// unused
		1111 xxxx			// unused

OFFSET TABLE
	list of ints, byte size of which is given in trailer
	-- these are the byte offsets into the file
	-- number of these is in the trailer

TRAILER
	byte size of offset ints in offset table
	byte size of object refs in arrays and dicts
	number of offsets in offset table (also is number of objects)
	element # in offset table which is top level object
	offset table offset

*/

October 30th, 2009 | Category: macosx | Leave a comment

We’ve uploaded the 0.25.1 debs, but due to this work, it might take a little while before they appear.
http://blog.ganneff.de/blog/2009/10/27/debian-ftpmaster-meeting.html

It will appear here when done.
http://packages.debian.org/sid/puppet

Instructions for building yourself….

$ git clone git://git.debian.org/pkg-puppet/puppet.git
$ cd puppet
$ git-buildpackage --git-upstream-branch=origin/upstream


October 29th, 2009 | Tags: puppet | Category: puppet | Leave a comment

If you’re a Mac IT person, and you don’t know about Greg Neagle’s Managing OS X blog, you need to fix that situation now.

One of the reasons Greg is so awesome in our field is that he’s eminently pragmatic, with enough hacker mentality to make sure he simply gets the job done with a minimum of fuss. His recent post on the trials and tribulations of working with the Adobe Enterprise Deployment Kit is a great example.

Not only is he trying to come up with something flexible enough to actually use efficiently, he’s dug into the innards and explained exactly what’s going on.

I talked to a few people at Puppet Camp last week about large scale Mac management, and everyone seemed really excited about the Munki Project, which is all Greg’s work so far. Basically the idea is to provide OS X with an actual repository for package management, using native Mac packages, and attempting to reuse vendor packages as much as is feasible.

If no-one else does it, I’ll end up putting together a munki type and provider for Puppet. I’m really looking forward to being able to simply do stuff like:

package { "iWork":
  ensure => latest,
}

just like other operating systems, letting the repository handle dependencies. The way it should be….

This really could be one of the most important community contributions to large scale Mac management in the history of OS X in my opinion.

October 8th, 2009 | Category: macosx, puppet | Comments (1)

I’ve submitted a diff to update facter in MacPorts to 1.5.7, so it should be available soon.

Note that I’ve set the maintainer for both Puppet and Facter in MacPorts to ‘openmaintainer’. This means that I accept patches from anyone, and it’s really quite trivial to update either of them, as is the case with the vast majority of Portfiles.

The process goes something like:

$ sudo port selfupdate (to get the newest versions)
$ mkdir /tmp/facter
$ cd /tmp/facter
$ cp /opt/local/var/macports/sources/rsync.macports.org/release/ports/sysutils/facter/Portfile .
$ cp Portfile Portfile.orig
(edit the port file to change version from 1.5.6 to 1.5.7)
$ port -v checksum (this will print out the expected and obtained checksums. Use this info to update the ‘checksums’ component of the Portfile)
$ port -v checksum (this should return happily now)
$ sudo port -v install (verify that the port is installed correctly)
$ diff -u Portfile Portfile.orig > Portfile-facter.diff (submit an update ticket on the MacPorts Trac site with the diff attached)

October 7th, 2009 | Tags: facter, puppet | Category: puppet | Comments (2)

This has been flowing all over the #puppetcamp twitter tag, but it’s worth repeating.

“Think of the complexity in your environment as a form of technical debt that you’re going to have to pay down” – Paul Nasrat

This is so awesomely pithy you just know he’s a bloody Pom.

(England 3/83 in the Champions Trophy semi-final as of right now…)

October 2nd, 2009 | Category: puppet | Comments (3)

Puppet Camp is on today and tomorrow.

It’s already exciting being in a room full of involved sysadmins who are concerned with making our jobs better and thinking about how the place our field will be in in the next few years…

It’s always good to put faces to IRC handles too :)

Already had a great talk from Ohad Levy on The Foreman and his infrastructure. I’m excited about The Foreman, even if we don’t end up using it at Google.

October 2nd, 2009 | Category: puppet | Leave a comment

http://www.lavenderhell.com

The things that go on inside her head…

September 29th, 2009 | Category: macosxserver | Comments (2)

In case you’ve been wondering where the debs are for Puppet 0.25.x, we’ve decided to wait until 0.25.1 to publish it to Debian unstable.

The good news is that we’ve set things up in our Alioth git repository so that you can use git-buildpackage to build 0.25.x debs. We’ll publish an article on the Debian wiki and link to it from the Puppet wiki that will describe how to build debs for any 0.25.x branch of puppet using git-buildpackage, which should make it a lot easier for people to work on the bleeding edge.

If you’re already familiar with git-buildpackage, you can work against the anonymous repository  now at: git://git.debian.org/pkg-puppet/puppet.git

September 29th, 2009 | Category: puppet | Comments (3)