The Design and Implementation of laffer1

I've been asked to find a solution to using boot camp at work.  We need to image 20-30 machines in a dual boot setup.  According to various sources there are only a few options.

1. Netrestore.  The idea here is that you'd setup a Mac and make copies.  Windows must be on a NTFS volume.

2. dd.  This old friend can duplicate a disk including the GPT/MBR hybrid needed to boot OS X and Windows.  Of course if your drive is another size, you are out of luck. 

3. Manually setting up each machine with boot camp.  This one is out.

4. Imaging the machine as normal for OS X and then using a Bart PE disk customized with the OS X drivers for Intel macs to use Windows ghost.  Of course this breaks the Microsoft EULA for Windows.  I do like ghost, and this one is interesting.  We do not have a license that I can use in the CS department. 

I'm leaning toward the dd solution.  We could do that with a Mac OS X boot on firewire which Kirk is into right now.  I could script it pretty easily.  I can't find a firewire cable to test it tonight though.  I really do want to try this. 

There are further limitations.  GPT does not support extended partitions.  MBR does not support more than 4 partitions.  The combination means you can't use extended or more than 4 primary partitions.  One is used by EFI.  That gives you a maximum of three partitions for this to work in hybrid mode.  Windows must be on the last partition. 

Some people can get os x, linux and windows triple booting by using a third party boot loader.  The apple loader doesn't support triple boot effectively. 

Kirk has proposed multibooting OS X, OS X and Windows.  I'm not sure if that will work or not with Apple's software.  (10.4, 10.5 and XP)

I'm preparing for class, but I had an opportunity to work with the 10.5.1 update for 10 minutes. First observations:

1. The firewall dialog has changed.  Instead of fixing it, they changed the text to something logical.  "Allow only essential services"   Better, but I want more control over the firewall. A "quick list" of built in OS X apps and services to allow is a good start. 
   
2. Mail closes MUCH faster.  It is like night and day.  I'm quite happy with that.
3. The finder seems to be working subtly better.  I don't know what it is, but it "feels" better.
4. After another reinstall my wacom tablet is working.  I don't know if that will last
5. It's a 40mb update.  Not "small"

I come in to find that the iMac I was trying to develop an image on for boot camp has been dicked with and is without a keyboard but ASLEEP.  Next, i find the keyboard in the middle of my build cluster with half the units partially disconnected and beater macs in their places.  SHIT has been put all over the room that i had been cleaning very carefully.

And this is why nothing gets done.  Now kirk wants us to deploy logins and has taken away my job with bootcamp.  I sense a power struggle between kirk and new chris.. well an agenda difference at least.  This fucking sucks. 

To compile a qt33 app in MidnightBSD, you need to run the qmake command first.  (like all platforms)  However, you need to define the path to a spec file or else you'll get an error. 

Here is the proper command line usage:

qmake myfile.pro -spec /usr/local/share/qt/mkspecs/freebsd-g++

We need our own mkspecs file.

You may need to edit the Makefile as well. QTDIR isn't getting set.

The secrets...

You MUST format the partition in the windows installer (full format) for it to work.  Not formatting or a quick format will not allow the install to boot even though it appears to complete.  This causes the dreaded disk error.  A fast NTFS format will get you an ntloader error.  (XP SP2 VLK)

I've got a CS test in 30 minutes or so.  I'm not prepared as I'd like to be. 

I spent 10 minutes reading the manual on my calculator.  I'm so mixed about buying this thing.  It can do so many things, but I don't know how to use it and it's not intuitive to me.  Doh!  I miss the Ti85. 

The CS work is another matter.  I think I know most of the technical data, but I'm not sure about procedures.  Half the test is math and that is not my strong suit.  We can have very limited notes, but I'm not sure they will be of much help.  For instance, one type of problem requires synthetic division of binary numbers.  I understand the procedure to do that, but I almost always make a mistake and end up with the wrong result.  Since he only gives 1 point, that means I automatically get the problem wrong even though I get the procedure.  There are going to be 15-20 1 point problems and some require a lot of work.  One mistake or putting it in the wrong units can be the end as you only get 1 point.  It sucks.

I studied before my english class, after my english class, and probably one more time before class starts.  I can't relax as I know how I an English paper due and a programming assignment (wed and thurs respectively). 

I just love the bsdstats project.  It's so interesting to see what systems are on there.  PC-BSD is number 2 and they report on all installs by default.  MirBSD also does that.  I don't know about DesktopBSD.  We do not report on all of them and I've got our build cluster in there now. :) 

Some systems have not reported yet and there will be more running MidnightBSD shortly.  I wish those were "real" users.  I mean people do use it an EMU now, but I'd like to see some random people listed.  Perhaps I should reconsider the reporting.

Here's a list of mail servers ranked in popularity

http://www.securityspace.com/s_survey/data/man.200710/mxsurvey.html

postfix is not as popular as one might believe. sendmail and microsoft products are at the top.

I just had a dreadful day. I had an x-ray of my back done at the hospital to determine if there was any damage from my car accident in 2005. My back has been quite sore since the accident. I'm not sure if there is a problem with my back or merely that I've been much more tense since the accident combined with longer periods on the computer. I've also founded an open source project which takes most of my time during this period.

If the results are negative for injury, I'll have to go get my back "cracked". (i love scary quotes)

Caryn's family had a last minute event in Lansing. We just spent 4 hours in transit or at the event. Her grandmother is building a house in PA and moving there soon. She's in Flint right now. Most of her church friends are in the Lansing and Flint areas. Their faith is very different. They don't like TV, dress extremely conservatively and think everyone else is a heathen. It is an offshoot of christianity best I can tell. They don't like churches and are not that organized. Their members have to get married twice (once legally). We stuck out like sore thumbs. We saw Caryn's aunt and uncle today. It has been a few years.

I spent 45 minutes trying to debug a problem NAT'ing the open computer lab in the CS department. I forgot to turn on the firewall. Very stupid of me. How would natd divert the traffic if it can't be diverted from anywhere... lol. Now the lab is behind an OS X server with NFS/AFP for imaging, a caching DNS server, and a very loose firewall ruleset. I'd like to improve that but triv erased my rules on the white board. I'll have to think them up again.

I spoke with Jessica a bit today. She was updating software in one of the side labs. Nothing real exciting, but it's been awhile since I chatted with her. Kirk was talking to a former student employee who now works for ICT as a security person. He was very interested in the build cluster in terms of security and that concerns me. I think we'll have to harden that.

KDE is failing to build with our 0.1.1 tagged ports tree. I'm a bit worried about that and trying to work around it as much as possible. Caryn convinced me some people will be upset.

I drew a picture recently on my new tablet. I don't think I've posted this one yet. Right now it's my desktop background.

I did this one in photoshop.

I'm trying to write a dashboard widget for Just Journal. It's not coming out quite like I had hoped, but it's something.

My Wacom tablet periodically "loses" it's drivers in 10.5. They're still shipping a beta driver for a seed of Leopard on the site. Often the tablet doesn't work.

I haven't tried the printer yet.

A seagate USB external hard drive works well. My emagic (now apple) external sound card that has not been updated since 10.3 still works on PPC hardware. It did not work for awhile on 10.4 so this is impressive.

There has been a lot of misinformation about the time change this year. My mother called me to tell me it was changing. ICal in Mac OS 10.5 says it happened this last weekend. That is incorrect.

My DVD had a scratch in it from shipment. The Power PC layer was fine, but the Intel build would fail during the middle of install. My G4 got it to test the DVD in another machine, but I realized it was not proof since we have only one intel mac.

I contacted Apple support at 6:05 PM as support was opened. They just had Leopard training. At 6:55 PM he told me he'd call me back with a solution. Their computer systems did not have the product id in the system yet so he couldn't order me a replacement DVD. The tech was very nice, although I was on hold for most of that call. This was the first time I've ever called apple technical support! I've been a Mac user for 7 years at home and even longer in work environments. There was an instance at work where we should have called, but did not once. Anyway, within 10 minutes he called me back asking if I'd go to the local apple store. I said OK. In fact, this was better as I could get the disc right then and fix the Mac Pro that wouldn't boot.

I went to the apple store to find some very rude help. I wish I had written the girl's name down or something. They gave me attitude about not having a receipt. Mind you I had a damaged, opened DVD... Under normal circumstances, I would have brought the receipt. Remember the Mac won't boot so I can't print a copy of my web order on that one. I also had MidnightBSD compiling so windows was out, and my other printer has been giving me issues. The box came with a PACKING SLIP that didn't have my name on it so I doubt that would help. Finally she did it and I was able to return with 10.5.

The phone support was under stress with a new release and not enough planning. I understand that. I was very angry with my store experience. I wonder if it was related to the fact I interviewed for a job there. I've never seen that behavior at any apple store before.

Now, an update on using 10.5. The transparency is disabled for the top menu bar (apple menu area) on an old Power Mac G4 Dual 867 with an nvidia geforce 4 mx. It is enabled on the Mac Pro. I don't like it and would like to turn it off on new Macs. The G4 version is white with a nice drop shadow. It is easy to read.

I bought an external seagate drive as a backup drive for time machine on Friday. Best Buy had a nice sale on them. The drive is bigger than my boot drive (which is practically required). It has to keep copies of files beyond the contents of your disk. It took about 6-7 hours to copy 149GB of data to the drive over USB 2. (i have a belkin USB 2 card) The UI is ugly on the G4. The animation does not work properly. I'm sure it's much nicer on newer Macs. Whenever you're doing a lot of file modifications, it starts syncing which cuts down on throughput. I've noticed problems copying files between Macs while it' s going. This would probably be more noticable on SATA drives as they are serial and multiple requests can be an issue. I haven't tested it though. It is very thorough, but I don't think it changes the need for .Mac or "Backup" that comes with it. I still feel the need to do separate backups for certain items.

The new version of Mail is nice. It has support for RSS feeds. The notes and todo features are great. They finally added a check box to approve SSL/TLS certs for INCOMING connections! No more hell with keychain for incoming mail. Outgoing requires MORE HOOPS though. I did get SSL/TLS support going. My sendmail + dovecot setup is happy again. Overall, I like the new Mail application.

Safari 3 is much more stable in 10.5 than the betas. It is a little slower, but it works on more websites. I prefer the stability. When the focus is off the window, it gets lighter now. I wish that color was default. The dashboard feature to save parts of web pages is great. I've got my build cluster on there. :)

10.5 does not come with most of the iLife applications like previous versions. You have to get iPhoto, iWeb and friends yourself. I'm sure they probably include them on new Macs, but if you're thinking you can save a few bucks during upgrades, think again.

Although ipfw doesn't block connections directly, by disabling connections, it does block AFP connections. It appears they tied in binding of their services with that setting instead of relying on ipfw. I'm still playing with it. I don't know how it would do blocking other apps like say limewire or azerus.

While I think there are some issues with 10.5, it's worth the upgrade price. The UI enhancements might not be your favorite, but some of my friends like them.

My copy came via Fedex. I've been a little leery of this release as I've been running a version at work. (developer seed) Apple fixed my big two complaints with the system. The menu bar at the top is not uber transparent on this old PowerMac. That was really bothering me. The dock has been fixed when it's on the side not to use the hideous floor theme.

However, there are some issues. The firewall is off by default. It is no longer located in sharing, but rather security. They got rid of the convenient check boxes for common services. Instead you have to do it manually. What's worse, when it's enabled for "deny by default", ipfw show still shows allow any .... if I turn on stealth mode it just blocks some types of ICMP! Allow is still on.

% sudo ipfw show
33300 0 0 deny icmp from any to me in icmptypes 8
65535 490 46714 allow ip from any to any


Next, software update is failing. Someone at apple forgot to put the index up on their webserver! It's launch day! Granted I got it early.

The wizard setup .Mac fresh on my system even though I had it configured previously. Spotlight has to create a fresh index which takes some time. Safari feels slow and bulky compared to betas, but it is a little more stable.

I'm not fond of the new login screen background. .Mac syncing is better and I do like spaces.

Spotlight is now reporting 7 hours for indexing! I have a 160GB ide drive in this PowerMac G4. I have 1.75 GB of RAM!

I know I have an old mac, but this is very sad.

http://linuxwiki.riverworth.com/index.php/LDAP_Authentication#Pluggable_Authentication_Modules

It is possible to get a Mac OS X 10.4 Tiger Server (redundant) and a MidnightBSD (or FreeBSD) client to authenticate happily together.  The BSD box is the client in this case.

I'm still figuring out exactly what I need, but this tutorial helped

based on http://www.bresciani.ca/how-to/

install the nss_ldap and pam_ldap from ports

configure the conf file
vi /usr/local/etc/ldap.conf
(symlink this for nss_ldap.conf)

add the lines
#######################################################
host 192.168.0.4

base dc=ldap,dc=domain,dc=com

nss_base_passwd      cn=users,dc=ldap,dc=domain,dc=com?one
nss_base_shadow      cn=users,dc=ldap,dc=domain,dc=com?one
nss_base_group       cn=groups,dc=ldap,dc=domain,dc=com?one

ldap_version 3
#######################################################
and make sure the file is readable by everyone or usernames will not get mapped.

modify /etc/nsswitch.conf by changing the following lines so they match below.
passwd:      files ldap
shadow:      files ldap
group:       files ldap

A quick test at this point is to run the command  getent group
to see if it is looking in ldap for users and groups. This assumes that users 
and groups exist in ldap.

Weird day.  I made an appointment with a doctor finally.  I've been sick too long.  I got everything figured out with blue cross finally.

Someone in my tired, sick state, I managed to get Firefox working on MIdnightBSD.  I'm referring to a native build.  I still need to update it, unbrand it, and so forth but it's there.  I'm very excited about it.  I'm using it right now on CURRENT/amd64. 

That also means that I'm no longer blocked on gnome.  I may try to get more in this weekend. 

Caryn's starting to teach tomorrow.  That's good for her and kind of interesting.  I'm curious what she'll think of the experience.  It's a little extra money. 

My iBook G4 800Mhz was sold on ebay today.  I'll miss it a bit, but it's time for it to find a new owner.  I bought it in 2003 i think.  4 years on a computer for me is doing pretty good.  I did buy the refurb thinkpad this year so you might say 3 years, but even so that is good considering it was lowend at the time.  It wouldn't run 10.5 anyway. (CPU too slow)

I have a lot of homework to do this weekend.  That sucks. English and CS homework that is due next week will be my objectives for tomorrow. 

The MidnightBSD site has transferred 76 GB in the last 34 days!  That's just HTTP traffic!

I've been "ill" for several weeks now. The problem is that we have a massive mold problem in our furnace room. The roof caved in from the upstairs neighbor's leak with their air conditioner. The wood and drywall have rotted. The apartment complex is finally doing something about it, but it's so bad now that it's going to be a long process. It's causing me all sorts of problems with allergies. Also with the weather changing constantly, it's much worse yet.

Anyone who knows me very well will tell you that I"m very illogical when I'm sick. It's really hurting on homework and other things. I couldn't even get to sleep last night and it's already 12:15 tonight.

Today is blog action day. This year, the topic is the environment. The idea is for bloggers to write about the environment to see what can be accomplished in one day.

My topic is Al Gore. You see, Al likes to talk about global warming and doing your part for the environment. That's all well and good, but it does not mean that you can do harm to the environment in another area because you're making a stink about global warming. There is a picture floating around of Al Gore in his office in from of 3 30 inch monitors and watching a big plasma TV. As a computer geek, I can't even phathom the need for 3 30 inch monitors, let alone a big plasma tv running as well. The cost and energy waste there are enormous not to mention the materials in monitors. One might be thinking, well luke you have a lot of computers. Very true. Many of them would have ended up in a dump instead of being used longer in my care. I have tried to donate them with little luck because they are not new enough. One can surf the net on most of them. Also, I don't make documentaries on saving the environment and then get a picture of myself running as much as 800 watts for no apparent reason. How did I compute such a high number? Well first you have 3 30 inch displays. My recent LCD at 20 inches uses 50 watts. We'll assume a 30 inch wich is treated as two monitors by the computer (probably a Mac Pro). So a conservative estimate is 75-100 watts per display. That's as much as 300 watts just in monitors. (high end) Then you have his plasma tv which appeared to be at least the size of my tv. I know my tv uses like 150 watts or more. I forget the exact number. Plasmas use more power than LCD or CRTs in many cases. We'll assume 200 watts. That brings us up to 500 watts. Finally, you'd need 3 video cards to drive 3 30 inch monitors running in dual head mode. Any gamer will tell you that a video card adds a lot of power consumption to your PC (or Mac). That means his PC might be consuming 300 watts in video, but certainly it's using 500-600 watts totay. If we're nice that's 800 watts. This does not take into account for speakers or other devices in his office. He most likely has a printer somewhere, maybe a cable box, etc. Cable boxes use 10-15 watts according to my recent reading about kill-a-watts.