Has your OD master began to run really slow, with DirectoryService taking over 100% of your CPU? Running iCal server on the same machine? Deleted any accounts recently?

Then you might be bitten by the same bug I finally figured out, thanks to the AFP548 forum.

When you delete a user, the delegates are not deleted, which, depending on the number of delegates you have (we have quite a few as all group members are set as RW delegates for the group account in addition to personal delegations), puts a tremendous burden on DirectoryService as caldavd pounds it with questions it doesn't know how to answer, ala:

    2009-06-05 14:49:09+0300 [-] [caldav-8010]  [-] u'No principal found for UID: 0681EE7A-8DE9-4070-B32D-2E1D971EE640'
    2009-06-05 14:49:09+0300 [-] [caldav-8010]  [OpenDirectoryService] Unable to find any record with GUID EE2223F2-1077-49FE-A76C-BB90F4B47E8E
    2009-06-05 14:49:09+0300 [-] [caldav-8010]  [OpenDirectoryService] Unable to find any record with GUID EE2223F2-1077-49FE-A76C-BB90F4B47E8E
    2009-06-05 14:49:09+0300 [-] [caldav-8010]  [OpenDirectoryService] Unable to find any record with GUID EE2223F2-1077-49FE-A76C-BB90F4B47E8E
    2009-06-05 14:49:09+0300 [-] [caldav-8010]  [OpenDirectoryService] Unable to find any record with GUID EE2223F2-1077-49FE-A76C-BB90F4B47E8E

In the same thread there is a link to a tool that deletes the orphaned principals, but a word of warning: it completely hosed my group delegates (ie you configure a group account using it's URL and then delegate all the members so that they only have to check the group in iCal). Personal delegations were left intact.

The good news is that the server is working fine again. Many thanks to Mr. Jack Miller for finding the solution!

Shell scripting is awesome, but there are situations where it just won't help you. Like when you're supposed to save the full-res icon of any file as a PNG image.

Luckily it's quite easy with a bit of ObjC. This is what I threw together for this particular problem:

# GeIcon.m
# Save icon of given path as a PNG image
#import <AppKit/AppKit.h>

int main (int argc, const char * argv[])
{
    if (argc < 2) {
      printf("Usage: GetIcon input output");
      return 1;
    }

    NSAutoreleasePool *pool = [[NSAutoreleasePool alloc] init];

    NSString *imgPath = [NSString stringWithCString:argv[1]];
    NSString *outPath = [NSString stringWithCString:argv[2]];

    NSWorkspace *ws = [NSWorkspace sharedWorkspace];
    NSImage *img = [ws iconForFile:imgPath];
    NSData *data = [img TIFFRepresentation];
    NSBitmapImageRep *bits = [NSBitmapImageRep imageRepWithData:data];
    NSData *imgData = [bits representationUsingType:NSPNGFileType properties:nil];
    [imgData writeToFile:outPath atomically:NO];

    [pool drain];
    return 0;
}

If anyone know how to do this using shell tools, please let me know. ;-)

I needed a reliable way to find out which mail client the user was using. After having enough of monkey around with launchservice defaults and awk, I turned to XCode, and wrote this:

# GetHelper.m
# Return the helper app for a URL scheme
#import <Foundation/Foundation.h>

int main (int argc, const char * argv[])
{    
  if (argc < 2) {
    printf("Usage: GetHelper scheme");
    return 1;
  }

NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init];
NSString * s = [NSString stringWithCString:argv[1]];

id helper;
NSUserDefaults * defaults = [NSUserDefaults standardUserDefaults];

[defaults addSuiteNamed:@"com.apple.launchservices"];
NSArray * helpers = [defaults objectForKey:@"LSHandlers"];
NSEnumerator * helperEnum = [helpers objectEnumerator];

while (helper = [helperEnum nextObject]) {
  NSString * key = [helper objectForKey:@"LSHandlerURLScheme"];
  if ([key isEqualToString:s]) {
    printf([[helper objectForKey:@"LSHandlerRoleAll"] UTF8String]);
  }
}

[pool drain];
return 0;

}

Which gives me:

./GetHelper mailto
com.apple.mail

It seems a bit overkill, but it works and eventually wasn't all that hard to put together.

Something for people who use PHP for Mac OS stuff - a class wrapper for Theo Hultberg's nice PLIST parsing implementation. Usage example:

include "plist.php";
$plist = new PropertyList("/Users/filipp/Music/iTunes/iTunes Music Library.xml");
$array = $plist->toArray();
echo count($array['Tracks']);
6670

Great for building reports from System Profiler dumps and all sorts of cool stuff. Download here.

A customer was having problems with server-side Spotlight searching in Finder giving inccurate results - basically using a partial file name would give less results than with the whole name. When rebuilding the index didn't help I began to study this problem closely...

... which lead me to the discovery of yet another "undocumented (bad) feature" in Finder and more importantly, Spotlight. When you use the built-in search field, the search term is not "any name that contains this" or even "any name that starts with this", but rather "any *word within a name* that contains this".

The following illustrates this (I use mdfind to save bandwidth, but the results are the same from the Finder GUI):

$ mkdir sltest
$ cd sltest
$ touch summertime.txt
$ alias mdfind="mdfind -count -onlyin $PWD"
$ mdfind summer
1
$ mdfind time
0
$ mv summertime summerTime.txt
$ mdfind time
1
$ mv summerTime.txt summer\ time.txt
$ mdfind time
1
$ mv summer\ time.txt sumMertime.txt
$ mdfind time
0

... you get the idea. The default search in Finder and mdfind uses a weird matching logic which differs from what most people would assume. The problem exists on both server and workstation versions of 10.5.6.

The good news is that there is a workaround - always use the Cmd-F Name > contains criteria for the broadest search, giving you this:

instead of this:

Spotlost indeed. :-)

Diskspacemonitor is a nice feature and something I try to remember to activate on all servers I manage, but unfortunately it's missing the ability to choose which volumes you actually want to monitor. So whenever someone sticks a CD in or mounts a disc image, your helpdesk inbox will be flooded with messages, every 10 seconds.

I looked into it and could't find any hidden variable to change this, but being a nicely written shell script, diskspacemonitor is easy to customize. The more academic way to do this would perhaps be through the various .local files, but I really wanted this to be "central" so I decided to modify diskspacemonitor directly.

We start by telling the system what we actually want:

$ sudo nano /etc/diskspacemonitor/diskspacemonitor.conf

... and define a variable, like "volumes", which contains a regex of all the mount points you want to monitor, for instance, to only monitor the boot volume (keeping in mind that we're filtering df -l output):

volumes='/$'

You must use alternation to define several volumes, like:

volumes='/$|data$'

Now add the checking to the diskspacemonitor script:

sudo nano +66 -B /usr/sbin/diskspacemonitor

Modify that line to something like:

df -l | awk '/^\/dev/{print $1}' | grep -E "${volumes}"

And that's it!

When (if) Apple decides to fix this, I hope they also move it launchd, since this whole thing is totally reliant on cron right now.

SmartSieve is something one can use to set up server-based mail filtering, including vacation messages. It has a nice feature which enables it to fetch any list of email addresses for a user account. The default hook for this uses LDAP, but unfortunately does not work with OS X server. Here's a modified get_email_addrsesses_hook that works on both 10.4 and 10.5:

function getEmailAddresses()
{
  $server = 'localhost';
  $baseDn = 'cn=users,dc=pretendco,dc=com';
  $addresses = array();

  if (extension_loaded('ldap')) {
      $ds = ldap_connect($server);
      // To avoid protocol error
      ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
      if ($ds) {
        // Anonymous bind.
        $r = ldap_bind($ds);
        $sr = ldap_search($ds, $baseDn,
          "uid=".$_SESSION['smartsieve']['authz'], array('mail'));
        $entries = ldap_get_entries($ds, $sr);
        // Strip count
        array_shift($entries[0]['mail']);
        $addresses = $entries[0]['mail'];
        ldap_close($ds);
      }
  }

  return $addresses;

}

And just to clarify, the list of addresses comes from what's defined under WGM > User > Info > Email.

HansaWorld Enterprise is probably the most used enterprise-level business software for the Mac in Europe (maybe because it's the only one). It's been around for ages and so has picked up a bit of cruft along the way (I hear there's a native Cocoe port in the works, but we'll see). This means that when it works, it works, but when it starts to crash, you're options are to try what little tricks you may know yourself, pay an insane amount of money to have some guy look at it, or just restart it.

You can easily automate the latter with combining launchd and a bit of shell:

#!/usr/bin/env bash
# /Library/Scripts/hansakicker.sh

if ps -Ac | grep -q hansa51 ; then
  logger "Hansa is running, no need to restart"
  sleep 10
else
  sleep 10
  logger "Hansa crashed, restarting"
  launchctl start my.hansa.launchd
fi

exit 0

A couple of obvious things to note: in this case the Hansa binary is called "hansa51", it may differ in your install. The sleep commands are there to calm launchd down. The second sleep comes before everything else to give CrashReporter time to finish up. Also this assumes that Hansa's being started from launchd, ie with something like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">   
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>fi.humac.hansa5</string>
  <key>ProgramArguments</key>
  <array>
    <string>/Applications/Hansa5/hansa51</string>
  </array>
  <key>RunAtLoad</key>
  <true/>

  <key>WorkingDirectory</key>
  <string>/Applications/Hansa5</string>

</dict>
</plist>

In the launchd part, we are simply looking for the moment Hansa's crash log is modified:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.$
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>my.hansa.hansakicker</string>
  <key>OnDemand</key>
  <true/>
  <key>ProgramArguments</key>
  <array>
    <string>/Library/Scripts/hansakicker.sh</string>
  </array>
  <key>WatchPaths</key>
  <array>
    <string>/Library/Logs/CrashReporter/hansa51.crash.log</string>
  </array>
</dict>
</plist>

Once everything's been set up and loaded in, we can do a test:

touch /Library/Logs/CrashReporter/hansa51.crash.log

... which should trigger the script.

Obviously this is little more than a band-aid and you should really do something about it if this happens daily, but is more than useful for those intermittent Saturdays when you're salesforce is working and you're not. :-)

Instead of doing something useful, here I am, writing about what could be the most pointless subject ever. LOL. As if the millions of screaming teenagers weren't enough, I'm going to chime in on this subject and say it: the Xbox 360 is a better gaming system than the PlayStation 3. Here's why:

Graphics

First impressions are important here. From the moment I saw Resistance 2 on the PS3, I realised that the 360 is graphically more capable. Tried it with other games as well, same thing. 360 games have more detail, especially all sorts of bumps are rendered more realistically.

There's been some cool particle effects in PS3 games (like smoke in Uncharted and MGS 4) that looked nicer than the stuff I was used to on the 360, but overall, 360 games have better graphics.

MGS4 and the Killzone 2 demo look nice (I've actually played both), but when you look at the details, it's mostly just effects and some AA tricks that make them look as good. I think the reason why people are so confused about which one has better graphics is that you really can't tell the difference from a Youtube video. Seriously.

Full HD

This came as a pretty big surprise to me - only certain of PS3 games are actually 1080p compatible. This might not have been a big deal in 2006, but it sure is now, if even my TV can do 1080p. Lower resolution not only gives you less detail, but also makes your TV not work at it's native resolution so the outcome depends on how well your TV displays lower res material. It's highly likely that many of the 360 games are not natively 1080p, and that Microsoft is actually cheating but I personally couldn't care less.The upsampling the 360 does works very well, even over component video. The point is the images look great and my TV never drops below 1920x1080.

I really hope this isn't some horrid design flaw with PS3 which forces developers to make separate versions of a game for every resolution. Really strange that Sony hasn't got this right yet, considering they've been tooting the HD horn the loudest in all of their other products.

Controller

Sure, the DualShock 3 brings back many memories (mostly ofhigh-school years wasted), but the 360 controller is simply better. It's bigger, so it's better to grip, it's got a better texture to it, the controls are laid out better and the analogue sticks are more accurate. The buttons feel more robust. The trigger buttons feel better as well. Also I have no idea what I'm going to do once the battery in the PS3 controller dies...

"Please wait"

You see a lot of that on the PS3. It seems like almost every thing you touch on the PS3 has to be first downloaded, installed and updated. It's really frustrating and reminded me of how bummed out I was when I swapped my N64 for a PlayStation back in the day. Unlike on the 360, PS3 games must be installed before they can be used. With some titles it takes ridiculously long. When you downloaded a demo on the 360, you could just play it, on the PS 3 you have to install it first. Often after installing a demo, you have to do the whole thing again because there's an update (and unlike on the 360, updates are mandatory on the PS 3).

The 360 allowed me to copy a whole game to the hard drive and this was actually a useful feature since it cut down on load times and made the machine run a little quieter. It took me over 2 years and over 20 games to fill up maybe 10 GB on my 360, whereas the 3-day old PS 3 has already surpassed that.

Price

Even though the price of the PS3 has come down from the stratosphere and now costs about the same what I paid for my 360 Pro back in 2007, the cheapest 360 (the Arcade version, which has better specs than my Pro) is about 2,5 times cheaper. So even though the numbers have changed, the relative price difference has remained pretty much the same.

So in all, I'd say that the 360 is clearly the better gaming system. What's sad is that there's a lot of FUD out there about how much more superior the PS 3 actually is. It's not. If you're planning to migrate to the PS 3 just to get a better console (better graphics and games) then don't. I must admit that Microsoft pulled quite a stunt with the 360 - coming out a year before Sony and actually delivering a superior, next-gen product.

Many say that the games that really harness the PS 3's power are just beginning to come out and while that may be true, you wonder why that is, almost 3 years in the product's life-cycle? Maybe it's true what they say about the PS3 being a very difficult platform to develop for. Whatever the reason, you don't buy something for something it may or may not do some day.

There are also some things that I think are better on the PS 3:

Exclusive titles

This is purely a matter of preference, but the PS 3 exclusives, like MGS and Uncharted appeal to me much more than any version of Halo or Gears of War. I even liked Flower and Little Big Planet's on the wish list. Looking forward to Heavy Rain, don't care than much about KZ 2, however the old PSP version was kinda fun. On the 360 I was only looking forward to RE 5, but that's cross platform.

Sixaxis

Even though the 360 controller is better overall, the sixaxis feature is cool and I hope more games take advantage of it. It's kinda like the Wiimote, but for serious gamers. ;-)

Noise

The PS 3 is considerably quieter than the 360, even to the point of being usable as a standalone DVD player (which I never would have done with the 360). My 360 broke (the infamous RRoD) and was replaced by MS less than a months ago (very well handled service, btw) and the new unit seemed quieter, but still way to loud for any sort of movie watching.

Convergence

Even though it's one of the reasons why the PS 3 isn't the best console out right now, I kinda like having true all-in-one machine in my living room. The Blu-ray player, built-in WiFi, HDMI, web browser, more open media support (which I haven't tested yet), upgradable HD, etc - a device that can do many things and also integrate with the outside world. One of the main reasons I switched was to get rid of junk in the living room and I must say it has worked out quite well.

On a more general note Sony's "packaging" feels more polished and "expensive", the industrial design is fancier and blends better with modern home theatre set-ups. Also I like their menu navigation system a lot more.

Not much info out there on this device, especially from a Mac user's perspective, so here goes. I've used this thing for about 4 months now so this "review" might have some points that some others might miss. I usually just skip to the conclusion, so:

The Good

• Really does support a wide range of video formats. Haven't really run into a file that it couldn't handle. They're of course out there (QuickTime comes to mind), but for all intents and purposes, I'd say the format support is more than adequate. Media stays in sync, well, even with network dropouts.
• Can seek. Well. Something that not every media player can do, especially over a network. And this isn't your typical "can fast forward but not resume playing"-type seeking either - push a button and it will just go faster, push a button and it will play. Nice and accurate.
• Solid subtitle support. Supports pretty much any format and comes with a custom font with a black border that looks crisp on any background.
• Can play back from any SMB or NFS share, comes with a built-in FTP server. Doesn't need any proprietary server software.
• Looks cool. The "brushed metal" faceplate blends well with any darker AV setup.

The Bad

• FTP server is ridiculously slow, averaging about 900kbit/s uploads! This means it will take over an hour to transfer a DVD image, onto the SATA drive. Very frustrating to have something on your LAN that's slower than your Internet connection :(
• SMB client is practically unusable. Your typical 1mbit/s DVD rip will stutter to the point of being unwatchable. NFS works much better, luckily.
• The copy function is nice (i.e. using it to pull stuff over NFS, instead of the anaemic FTP server), but doesn't handle folders! Also if there's a name clash between the source and destination, the whole operation is cancelled. These three problems make it painfully difficult to actually get media onto the device, especially since
• ... there're no ports on the front. This one's of course tricky, since it affects the design, but it's just incredibly frustrating having to crawl behind your AV system to plug in a memory stick after you've realised it's going to take an eternity to get that DVD rip onto it over the network.
• There's no format command for the SATA drive. You have to format it yourself before installation. So while it's really easy to physically install a drive yourself, actually using it is much trickier. This means you're basically screwed if you only have a Mac laptop. The manufacturer recommends using NTFS and writing that requires the Paragon fs plugin...
• A bit noisy. It's not a G4 XServe, but slightly noisier than a Mac mini, IMHO. This wouldn't be a problem in an office environment, but in a living room, during a quiet scene in movie it becomes an issue. It also forces you to turn it off rather than use standby since it's startup time is pretty long. The HD that I use is a 500GB WD "Green Power" which should be one of the quietest 3.5" drives around (AFAIK). There's a setting for the fan speed, but it doesn't seem to do anything.

The Useless

• The remote. Why on earth does a device, 98% usage of which can be limited to roughly 7 buttons (power, play/pause, FF/RW, arrow keys) have 43 buttons on the remote?
• The front LED. This would almost go under "The Bad" - there's a button panel on the front under which they've put a bright blue LED. Having this thing under your TV is quite distracting and I can't understand why they didn't put an option in there to turn it off!
• AVCHD, bitmap and audio playback. What for? Why would I not just connect my camcorder, camera, iPod, whatever straight to the TV, amp, etc? Especially since this thing doesn't have any ports in the front...

The bottom line

The M-6500A has more than it's fair share of flaws, but it does fulfil it's most important task - playing back any video material you've downloaded - really well. The subtitle support is solid and it doesn't make you afraid to use the fast forward button. Too bad that getting the media onto it is way too painful. You almost have to wonder if installing a hard drive is worth it, considering how much easier it is to just stream over NFS. This is a shame, because with a large enough drive, this thing could make a nice little jukebox.

This one's a bit of a "blast from the past", but I found so much confusing and contradictory information on the subject that I decided to write down the exact steps myself.

To region unlock, and get rid of the crippling 4x ripping speed of a Pioneer DVR-106 DVD writer (a very popular SuperDrive Apple used in many G4 towers and iMacs back in the day), complete these easy steps:

• Download and unzip DVRFlashX Apple 106
• Download and unzip OEM_Pioneer_DVR-106_UNIVERSAL_Flash
• Open DVRFlashX - Apple 106/DVRFlashX/Contents/Firmware
• Create a folder named Pioneer 106D 1.07 RPC1
• Move the files R6100106.107 and R6100006.105 from the OEM_Pioneer_DVR-106_UNIVERSAL_Flash archive to the newly created folder
• Run DVRFlashX and select Pioneer 106D 1.07 RPC1 from the dropdown menu, click though the dialog(s)
• Reboot and test. System Profiler should say 1.07 as the revision and the drive should be region free.

After this procedure, my MDD G4 can rip a dual layer Region 1 DVD in 17 minutes (MTR 2.6.6, Full Disc Extraction). The drive seems to still work as a native burner, at least in Disk Utility - haven't tested with the iApps.

PS. You can simply download the "modded" DVRFlashX app from here as well.

Today's the big day, or more exactly, today at 01:31:30 is the big second:

filipp@Vorchan.local [~]  > date -r 1234567890
laupäev, 14. veebruar 2009. 01:31:30 EET

... when the Unix timestamp hits the magical 1234567890 number!

And here it is:

Thanks to Jens for bringing this up...

Oh, and to any friends reading this - happy Valentine's. ;-)

Everybody hates delivery receipts, but who cares when the customer needs them. Mail.app doesn't support them, but does have the hidden preference UserHeaders which can include any additional headers, including Disposition-Notification-To.

Here's a very simple AppleScript I wrote that toggles the header. When not set, it allows you to select a receipt address (from every address of every account) and when set, deletes the preference (the whole key, including any other custom headers you might have defined!).

This won't make Mail understand delivery receipt requests.

The otherwise excellent Zend Framework manual unfortunately doesn't mention how to get the auto-incremented ID of a Zend_Db_Table. Luckily this is pretty simple when we know that ZendDbTable uses the same Zend_Db adapter mechanism.

In your Zend_Db_Table_Abstract subclass, just override the insert method:

public function create(array $data)
{
  parent::insert($data);
  return parent::getDefaultAdapter()->lastInsertId();
}

Not sure if that's the best way of doing it, but it works and makes sense.

Here's a server backup script that someone else might find userful as well. By "server backup" I mean configuration (/etc and serveradmin) and Open Directory as well as calendar and wiki data.

The OD backup is the entire archive which also includes user passwords. Very handy in case you have to re-od-master a server.

#!/usr/bin/env bash
# serverbackup.sh

ODPASS=somepass         # Password used to encrypt the OD archive
CALDATA=/Library/CalendarServer/Documents
WEBDATA=/Library/Collaboration
BACKUP_DST=/Volumes/BackupRAID/backup/server
SERVICES='mail afp calendar dirserv swupdate web dns radius dhcp'

logger -p local0.notice "Starting server backup"

umask 077

if [[ ! -d ${BACKUP_DST}/serveradmin ]]
then
  mkdir -p ${BACKUP_DST}/serveradmin
  mkdir -p ${BACKUP_DST}/wiki
  mkdir -p ${BACKUP_DST}/ical
fi

# Clean OD backups older than 2 weeks
find ${BACKUP_DST} -name odbackup-* -mtime +14 -delete

# Backup OD
echo -n "Creating Open Directory Archive..."

CMD_FILE=/tmp/sacommands.txt
LOCATION=${BACKUP_DST}/odbackup-$(date "+%Y%m%d")
echo "dirserv:backupArchiveParams:archivePassword = ${ODPASS}" > $CMD_FILE
echo "dirserv:backupArchiveParams:archivePath = ${LOCATION}" >> $CMD_FILE
echo "dirserv:command = backupArchive" >> $CMD_FILE
serveradmin command < $CMD_FILE

srm $CMD_FILE
echo "   OK"

echo -n "Backing up active Server Admin settings"

rm ${BACKUP_DST}/serveradmin/*.sabackup

for s in $SERVICES
do
  serveradmin settings $s > ${BACKUP_DST}/serveradmin/${s}.sabackup
done

echo "   OK"

echo -n "Backing up config files"
/usr/bin/rsync -aqu --delete /etc/ ${BACKUP_DST}/etc/
echo "   OK"

echo -n "Backing up wiki pages"
/usr/bin/rsync -aquE --delete ${WEBDATA} ${BACKUP_DST}/wiki/
echo "   OK"

echo -n "Backing up iCal data"
/usr/bin/rsync -aquE --delete ${CALDATA} ${BACKUP_DST}/ical/
echo "   OK"

logger -p local0.notice "Server backup finished"

exit 0

As with any backups, simply taking them is only half the work - you should also make sure you can restore them. Unfortunately that's not as straight-forward as it could be with iCal Server.

Say one of your users has accidentally deleted a group calendar (R/W permissions mean the user can delete, but not create cals under a group delegate). This happened yesterday so you know you should have the calendar in last week's snapshot.

Here's what I found:

• Calendars are just folders stored under calendars/uids. Their mnemonic names are unfortunately hidden (probably in some DB). The only way to find the right folder is just to look at the events (the ICS files in the folder)
• Get the GUID from the web interface at principals/groups/groupname
• Because of this hidden DB layer it's not just enough to move the folder(s) back into place. The method that worked for me is to simply create the calendars by hand in iCal and then drag the contents of the folder onto that calendar.

Syncing notes from Mail.app to your iPod touch is not as bad as it may seem. I wanted to put a shopping list on mine, and almost joined the angry hordes when I couldn't find a "Notes" checkbox in the syncing prefs, but it turns out all you have to do is save the note on any IMAP account (must have "Store notes in Inbox" option checked under Mailbox Behaviours) and then check your mail on the iPod.

This isn't as slick as a local sync and it litters your Inbox, but it works and is certainly better than having to jailbreak your iPod or buying a 3rd party app just to get a piece of text onto it.

Notes are simply HTML-encoded "emails" with the special header "X-Uniform-Type-Identifier: com.apple.mail-note" and no "To:" header.

Just remember to check your mail before you leave the house - at least our grocer doesn't have free WiFi (yet). ;-)

Centralized logging can be a Really Good thing and something that I think every SA should consider if they have more than 1 system to look after. Unfortunately Apple's documentation on the subject is only correct for the client side, however:

    "To configure Mac OS X Server as a log server that accepts log messages from other 
    systems on the network: 
    1 Open /etc/rc and locate the following line: 
    /usr/sbin/syslogd -s -m 0"
    ...

Everyone knows that /etc/rc has been retired in 10.5. The correct procedure is much simpler - just open /System/Library/LaunchDaemons/com.apple.syslogd.plist and look for the following:

    "Un-comment the following lines to enable the network syslog protocol listener."

That, combined with Splunk running on the syslog server can make a pretty sweet centralized logging system indeed. :P

As I understand, my biggest gripes with the Drobo (noise, heat, slow speed, no FireWire) have been fixed in the 2.0 version. However there's one thing that is not mentioned anywhere on the product pages:

... namely the insane amount of time it takes to rebuild the set. I just thought it would be nice to upgrade the last 300 GB drive to 500 GB. It's been doing that for the past 4 hours and by the looks of it I'll be sleeping with earplugs tonight. To be perfectly honest the estimate has dropped to 11 h while writing this, but all of this still looks like Drobo Inc is using 60 GB drives with minimal data to make everything seem smooth in their demo videos. :-/

There's no shortage of ways to generate passwords on a Mac. I used to like Xyzzy, until I realised it's really not that good. Keychain Access is fine for quickly generating one random password for, say a MySQL account, but isn't really appropriate for creating password lists. There's also plenty of cool tricks to generate them from within "the BSD subsystem", but I always seem to forget them when the need comes.

So I decided to create my own password generator. My requirements were simple:

• Ability to form passwords from any word list
• A switch to set the minimum length and max count
• Support for different output separators
• CamelCase support (randomly uppercasing certain characters)
• A mapping feature (arbitrarily mapping certain characters to something else) and ASCII conversion (stripping accented characters)

The first point is very important because it allows you to create native passwords, ie use words indigenous to the language your users speak. I haven't done the math, but a nice Finnish compound word is probably much less susceptible to a dictionary crack. Converting everything to ASCII may weaken the password, but it also makes them usable regardless of the keyboard layout.

But enough talk, some examples:

 > ./passgen.php wordlist.txt
Achr3n1n
AHOS3N
L4kk4Om3n4
An4n4sk4n3l1
AMOROS4
Astr4k44n1T
B3RG1US
Borgovskoj3
Ed3lM4n
El14ks3l4n

That's a password list generated from a list of different apple varieties.

Thanks to the magic of PHP's URL wrappers we can also use a HTTP URL as the word list:

> ./passgen.php http://www.hs.fi/uutiset/ 4 4 ,
Uut1s3T,H3ls1Ng1n,S4NOM4T,D1g1l3hT1

You can download the script from here.