For a long time, creating custom networks in VmWare Fusion has been a challenge. For some bizarre reason, for years Fusion lacked the network-management GUI commonly found in the equivalent VmWare Workstation product for Windows.
Since switching to OSX last year I've had to edit each VMX file, forcing interfaces to use a custom network definition, but I've recently come across a lovely tool that greatly simplifies this task AND finally clarified for me how Fusion stores network definitions.
This tool is UBER Network Fuser, by Nicholas Weaver. It was released in 2012 when he wasn't working at VmWare yet, and it's not been updated since -- likely because Fusion 6 now offers similar functionality in the twice-as-expensive Professional version (which I think is ridiculous -- Workstation comes in one version with all features, why does the overall-less-powerful OSX equivalent have two?) but it still runs fine on OSX 10.8.5 Mountain Lion.
The tool itself is really easy to use: just go to the Networks tab to add or edit subnets, specifying whether you want to use the Fusion-provided dhcp and NAT services and to run through a virtual adapter. For some reason it won't allow you to customise subnets (you get a random 192.168.x.x net with mask 255.255.255.0), but that can be hacked-in as I'll show you later.
Next, go to the Configuration tab and click on the path to your Virtual Machines (which might already look correct, but won't work until you actually set it yourself). Leave the Preferences Path alone.
Now go to the Virtual Machines tab, refresh the list, select a machine to edit, select the interface you want to assign to your custom network, and select the network. Done!
This is already a nice set of features, but the real kicker is still to come. Close the tool, start Fusion, edit another image, select your network adapter, scroll the option list… your custom network is now an option for all machines! This is because Fusion stores network definitions in /Library/Preferences/VMware Fusion/networking - open it with a text editor and you'll see it contains old and new network definitions. UBERNF manipulates this file, and Fusion is happy to go along with it. You could just change subnet values here, I believe.
Unfortunately Nicholas didn't release any source code for UBERNF (I wouldn't be surprised if some of it ended up in Fusion Professional, to be honest), so there is no way to improve it or even just fix little defects that are probably due to OSX changes between 10.7 / Lion (the version he compiled it on) and 10.8 / Mountain Lion. It would be nice if somebody could write a similar app for Mountain Lion / Mavericks and release it as open-source, or simply charging a few dollars less than the difference in cost between Fusion Standard and Professional. Silly, silly VmWare...
02 November 2013
16 September 2013
Character shifting "encryption" in Windows program -- any idea...?
I could do with some help on this StackOverflow question I just posted. It's one for Windows programmers and/or amateur codebreakers.
21 July 2013
How to make pull requests on GitHub or BitBucket
Github and Bitbucket make it very easy to submit pull requests; probably too easy, in fact. The temptation to just fork somebody's repo, fix the obvious mistake and submit a pull request is quite strong. But that's not how you're supposed to work! So this is basically a dummy's guide to mark this procedure into my brain.
A pull requests marries the entire branch to the one you're targeting; if you keep making changes here and there, a pull request will include all these new changes, regardless of when you originally opened it. It makes your request basically un-mergeable by upstream repositories, in most cases.
So the real procedure is:
A pull requests marries the entire branch to the one you're targeting; if you keep making changes here and there, a pull request will include all these new changes, regardless of when you originally opened it. It makes your request basically un-mergeable by upstream repositories, in most cases.
So the real procedure is:
- Fork the upstream repository. Now you have your own master branch. Clone it locally as usual.
- Create a new branch, either via web or (easier) from the command line with git branch FixBugBranch && git checkout -b FixBugBranch.
- Make your changes on this FixBugBranch. Make only the minimum amount of changes necessary to fix a specific issue, then commit and push.
- On GitHub, create a pull request from FixBugBranch towards the original repository
- When/if your pull request is accepted upstream, you can delete FixBugBranch.
If you want to make further changes, you can either create a further branch from FixBugBranch, or create and merge a pull request from FixBugBranch into your master. The important thing is that you don't touch FixBugBranch anymore, so that upstream maintainers won't receive all your extra commits but only ones relevant to the particular bug you raised.
18 July 2013
Unicode URL-handling in web.py
Web.py is a lovely tool I'm currently using for a silly project (warning: explicit Italian language). Unfortunately, it does some clever things to support URLs containing Unicode, but then drops the ball when it comes to actually do anything with them (i.e. dispatch/route them as expected, using regular expressions that actually match Unicode objects).
This was a real problem in my app, so I came up with a quick and dirty patch, which may or may not work for you and may or may not break other things. Basically I've tracked down the regex operations on URLs, and added Python's re.UNICODE flag to them, so that unicode characters will be matched as "\w" etc.
Feel free to tell me where I'm going wrong -- I'm not a web.py guru by all means -- but this little patch significantly improved my quality of life today, so to speak.
This was a real problem in my app, so I came up with a quick and dirty patch, which may or may not work for you and may or may not break other things. Basically I've tracked down the regex operations on URLs, and added Python's re.UNICODE flag to them, so that unicode characters will be matched as "\w" etc.
Feel free to tell me where I'm going wrong -- I'm not a web.py guru by all means -- but this little patch significantly improved my quality of life today, so to speak.
11 July 2013
Safari extension to show XML
A few months ago I started using Safari for most of my browsing, because I love trackpad gestures and I'm a sucker for smooth animations. However, if there's one thing that Safari gets spectacularly wrong, it's dealing with XML. As far as I know, in Safari 6.x there is no way to display raw XML, the damn browser will always try to launch an external feedreader, and even selecting which feedreader requires industrious hacking that I'd rather avoid. This is particularly annoying when some memory-hungry, battery-burning giant application hijacks this process: in my case, VmWare Fusion will always try to launch one of my images, which is just terrible.
To cut the story short, I wrote a small extension to prevent this horrible process. When I want to have a look at an XML file, I right-click on the link and select "Show me that feed". The result is a slightly-formatted view of the file, in a new tab.
You can download the ShowMeThatFeed Safari extension on BitBucket.
I haven't been a web-plumber for more than 10 years now, so I'm sure it can be dramatically improved -- the formatting in particular is implemented with regexes (argh). Please feel free to fork the BitBucket repository for ShowMeThatFeed, pull requests are very welcome.
UPDATE: Apologies, I've pushed quite a few updates (included some buggy ones!) in the last few hours, but now it should work fine.
To cut the story short, I wrote a small extension to prevent this horrible process. When I want to have a look at an XML file, I right-click on the link and select "Show me that feed". The result is a slightly-formatted view of the file, in a new tab.
You can download the ShowMeThatFeed Safari extension on BitBucket.
I haven't been a web-plumber for more than 10 years now, so I'm sure it can be dramatically improved -- the formatting in particular is implemented with regexes (argh). Please feel free to fork the BitBucket repository for ShowMeThatFeed, pull requests are very welcome.
UPDATE: Apologies, I've pushed quite a few updates (included some buggy ones!) in the last few hours, but now it should work fine.
Labels:
GeekDiary,
mac,
OSX,
rss,
safari,
safari extensions,
showmethatfeed,
xml
07 June 2013
iTunes "File Sharing" is a ridiculous pain
There is no way to programmatically access the application-specific "File Sharing" directories on iPhone from OSX. You are forced to start iTunes and manually select the phone, select "Apps", select your app, drag&drop files.
In 2013.
With a unix-based OS talking to another unix-based OS.
This is ridiculous.
No, I will not jailbreak my phone. This is something that Apple should expose in an API, either via iTunes / Scripting Bridge or via direct Obj-C calls. iCloud simply doesn't cover all use-cases (and, reportedly, it's broken anyway).
This is the frustrating side of the Apple ecosystem: sometimes, you'll be prevented from doing something very simple and very obvious, for some obscure reason nobody cares about (except Apple, of course).
In 2013.
With a unix-based OS talking to another unix-based OS.
This is ridiculous.
No, I will not jailbreak my phone. This is something that Apple should expose in an API, either via iTunes / Scripting Bridge or via direct Obj-C calls. iCloud simply doesn't cover all use-cases (and, reportedly, it's broken anyway).
This is the frustrating side of the Apple ecosystem: sometimes, you'll be prevented from doing something very simple and very obvious, for some obscure reason nobody cares about (except Apple, of course).
28 May 2013
Social Abstinence
On Saturday evening, I've officially stopped using Facebook, Twitter and G+.
The reason is that I was sucked into socialmedia-overload by certain political events back in my home town (i.e. a referendum). I unofficially took over a troll-cleaning role and started enjoying the keyboard-warrior role a bit too much. I recognised, halfway through, that my engagement had gone way beyond sane levels. I forced myself to promise that, once the situation was over, I'd stop living on the internet and reassess my life priorities. The night before the referendum was due to be hold, I posted a goodbye status on Facebook, and logged off. Then I went on twitter to say what I'd done, and thought I might as well go the extra mile and quit that as well as G+.
"We" won that referendum. I like to think that I helped, if just a little bit. Now it's time to re-establish some focus on my own priorities, look outside the window, be a better dad, exercise regularly, that sort of thing.
If you need me, for the next few months please use email or any other instrument developed in the XX Century. Thank you.
Labels:
diet,
Facebook,
GeekDiary,
GooglePlus,
personal,
Politics,
social media,
twitter
18 May 2013
Fully disable User Access Control (UAC) via Group Policy (GPO)
I'm sure Windows' User Access Control is a wonderful idea and dramatically improved security levels of this once-beleaugured operating system. Unfortunately, most COM/DCOM-based software was written before 2007 and simply doesn't like it (cough*Oracle EPM Financial Management*cough); 6 years later, we're still forced to disable it in many cases.
This is usually achieved through Active Directory policies. Most documents and guides will tell you that you just need to turn off three policies in Windows 2008, under Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options:
Unfortunately, this will bring that lovely UAC slider all the way down, but will still results in a weird behaviour where local administrators have most rights but not all of them. The typical test I perform is to open a regular Command Prompt and try to navigate to C:\Windows\SysWOW64\Config - if I get an Access Denied message, then UAC is still lurking in the shadows.
The extra kick we need is, from my tests, this:
This is usually achieved through Active Directory policies. Most documents and guides will tell you that you just need to turn off three policies in Windows 2008, under Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options:
- User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode (set to Elevate without prompting)
- User Account Control: Detect application installations and prompt for elevation (set to Disabled)
- User Account Control: Run all administrators in Admin Approval Mode (set to Disabled)
Unfortunately, this will bring that lovely UAC slider all the way down, but will still results in a weird behaviour where local administrators have most rights but not all of them. The typical test I perform is to open a regular Command Prompt and try to navigate to C:\Windows\SysWOW64\Config - if I get an Access Denied message, then UAC is still lurking in the shadows.
The extra kick we need is, from my tests, this:
- User Account Control: Only elevate UIAccess applications that are installed in secure locations (set to Disabled)
As explained on the technet site, this policy refuses to elevate applications that don't live in "secure locations" (i.e. %windir% or Program Files). It makes sense that such a policy would affect third-party software dropping executables in their own home folders (cough*lots of Java stuff*cough), but why cmd.exe? No idea, but there you are. For all intents and purposes, UAC is completely turned off only when all these four policies are disabled; miss one of them, and things will get weird.
I wish Microsoft had just given us a big button that said Behave like Windows 2003, but I guess it wouldn't have sold new manuals and certification lessons.
Labels:
active directory,
diemicrosoftdie,
GeekDiary,
Microsoft,
policies,
uac,
user access control,
Windows
17 May 2013
Apple Firewire-related update resulting in USB disk not mounting - fix
Last night Apple pushed a small OSX update, purportedly related to Firmware. It required a reboot and completed successfully. Unfortunately, it also stopped one of my external USB disks from mounting. Others were mounting fine, but this disk (which was mounted the night before, during the upgrade, and removed after shutdown) couldn't be seen.
To say I was scared to death is an understatement: there's always a chance that problems like these are due to hardware issues. Unfortunately, Solid State Device (SSD) disks have a limited life and will eventually fail. This was a 500 GB disk with a lot of very useful stuff on, programs I need every week or so, now-untrovable applications, etc. Before I'd let go of this baby, I wanted to go to the bottom of it.
Almighty Google pointed me to an old post mentioning USBProber but it didn't mention what USBProber is (a debug tool by Apple) nor where I could find it (it's not installed on OSX by default, at least not on 10.8 Mountain Lion). Luckily, another blogger mentioned it, and I could finally get it from the Apple site: you will find USBProber at the Apple Developer Site under the name "IOUSBFamily Log". I got the 10.8 version and installed the package ending in "-Log", as instructed.
USBProber.app can be found under /DevTools/Hardware. Once launched, it gives you a number of options to track USB activity. I'm not a hardware hacker, I only have a cursory knowledge of Plug and Play mechanics from my old Linux days, so I poked and prodded here and there without much luck. Eventually, what seems to have done the trick was to select "Bus Probe", ticking "Probe suspended devices", and then hitting "Refresh" several times, until the drive appeared in the list. Switching to Finder, I could see that the drive was in fact mounted, and all contents were displayed. Phew.
I hope this is not something I'll have to do over and over. Hopefully I'm not the only one to see this issue, and Apple will eventually push a correction. Meanwhile, USBProbe looks like a nice find to troubleshoot problems like this, and hopefully this post will be useful to people in the same situation.
To say I was scared to death is an understatement: there's always a chance that problems like these are due to hardware issues. Unfortunately, Solid State Device (SSD) disks have a limited life and will eventually fail. This was a 500 GB disk with a lot of very useful stuff on, programs I need every week or so, now-untrovable applications, etc. Before I'd let go of this baby, I wanted to go to the bottom of it.
Almighty Google pointed me to an old post mentioning USBProber but it didn't mention what USBProber is (a debug tool by Apple) nor where I could find it (it's not installed on OSX by default, at least not on 10.8 Mountain Lion). Luckily, another blogger mentioned it, and I could finally get it from the Apple site: you will find USBProber at the Apple Developer Site under the name "IOUSBFamily Log". I got the 10.8 version and installed the package ending in "-Log", as instructed.
USBProber.app can be found under /DevTools/Hardware. Once launched, it gives you a number of options to track USB activity. I'm not a hardware hacker, I only have a cursory knowledge of Plug and Play mechanics from my old Linux days, so I poked and prodded here and there without much luck. Eventually, what seems to have done the trick was to select "Bus Probe", ticking "Probe suspended devices", and then hitting "Refresh" several times, until the drive appeared in the list. Switching to Finder, I could see that the drive was in fact mounted, and all contents were displayed. Phew.
I hope this is not something I'll have to do over and over. Hopefully I'm not the only one to see this issue, and Apple will eventually push a correction. Meanwhile, USBProbe looks like a nice find to troubleshoot problems like this, and hopefully this post will be useful to people in the same situation.
16 May 2013
Referendum sul Finanziamento delle Materne a Bologna - strumento di analisi
(Apologies, this post is for Italian readers only.)
Il 26 Maggio a Bologna si terrĂ un referendum consultivo sul finanziamento comunale delle scuole materne pubbliche e private.
Il quesito chiede agli elettori se i finanziamenti dovrebbero dare prioritĂ alla scuola pubblica (opzione A) piuttosto che continuare a sostenere parzialmente le scuole paritarie private (opzione B). In pratica, si chiede un giudizio sul finanziamento che il Comune eroga dal 1995 alle materne private grazie a una delibera del sindaco di allora, Walter Vitali, approvato nel 1994. Il contributo iniziale (circa 300mila Euro) è cresciuto nel tempo fino agli attuali 1,2 milioni di Euro, in un contesto in cui le scuole comunali si trovano invece in notevoli difficoltĂ economiche per colpa dei tagli alle amministrazioni locali da parte dei vari governi nazionali. Centinaia di bambini vengono così privati del loro diritto all'istruzione; solo una parte di questi puĂ² permettersi di accedere ad una scuola privata, vuoi per ragioni economiche (le paritarie richiedono rette tra i 200 e i 500 euro mensili) o per ragioni culturali (oltre il 90% delle scuole paritarie sono gestite da vari organizzazioni che fanno capo alla Chiesa Cattolica, elemento che si riflette esplicitamente nei loro programmi e regolamenti e, di fatto, nella composizione delle famiglie che ne usufruiscono). Nel 2012/13, 143 bambini sono dovuti rimanere fuori; simili proiezioni circolano per il 2013/14.
Ăˆ chiaro che la scelta di chi finanziare con i soldi dei contribuenti è sempre squisitamente politica. L'amministrazione attuale, capitanata dal sindaco Virginio Merola, si è schierata pesantemente a favore del mantenimento dei contributi ai privati ed ha fortemente voluto uno scontro frontale con i referendari. In particolare, da subito il "fronte del B" (che annovera praticamente tutti i partiti maggiori, inclusi quelli di opposizione) ha sostenuto come questa scelta fosse fortemente pragmatica perchĂ©, si afferma, non ci sarebbero comunque i soldi per garantire a tutti un posto in scuole pubbliche.
Per discutere di questa affermazione, ho creato un banale strumento per calcolare il budget delle scuole paritarie e pubbliche a Bologna. Lo strumento mostra come, reindirizzando i contributi pubblici verso scuole comunali, è altamente probabile che si troverebbe lo spazio per accomodare tutti. Cercando di essere obiettivo, lo strumento mostra anche il possibile impatto sulle rette delle scuole private -- che in realtà era la mia motivazione originale quando ho iniziato a lavorarci. I dati utilizzati sono quelli forniti dallo stesso Comune in una pagina recentemente pubblicata e criticata per i toni non particolarmente super partes.
La critica piĂ¹ facile verso questo strumento è che assume che la domanda per posti privati non sia influenzata dalle possibili variazioni della retta. Purtroppo questo non è calcolabile senza il dato delle iscrizioni pre-1995,dato che il Comune si guarda bene dal divulgare nonostante le richieste [EDIT: il Comune ha risposto, dicendo che i posti pre-95 erano "circa 1600"]. Le cifre ufficiose parlano di 1660 iscritti nel '94, contro gli attuali 1736 (o 1961, a seconda se si includono le scuole private tutt'ora non aderenti alla convenzione); se fosse vero, mostrerebbe che quindi l'influenza dei cntributi è complessivamente marginale rispetto alla domanda, e quindi il mio modello rimarrebbe è sostanzialmente valido. Sono comunque aperto a discutere qualsiasi lacuna: il codice utilizzato è disponibile pubblicamente su Github.
Per concludere, è chiaro che questo discorso è riduttivo. Il referendum non è solo questione di soldi: in ballo ci sono principi e indirizzi fondamentali a livello etico e politico su chi e come debba gestire l'educazione. Il modello sussidiario, che tanto andava in voga 20 anni fa sull'onda privatizzatoria del post-89, ormai mostra le crepe in Italia come in gran parte d'Europa. Si ricomincia a discutere del ruolo fondamentale dello Stato di tutti, dei beni comuni, del ruolo sociale delle istituzioni collettive; in quest'ottica, è doveroso ridiscutere scelte fatte quasi in sordina (e spesso in una logica di voto di scambio) su cui i bolognesi non hanno mai potuto esprimersi. Questo strumento è solo una risposta all'approccio pragmaticista su cui l'amministrazione comunale ha impostato la sua campagna fino a pochi giorni fa.
Da buon iscritto AIRE, anch'io posso votare e cercherĂ² di farlo, nonostante le difficoltĂ logistiche del caso.
Il 26 Maggio a Bologna si terrĂ un referendum consultivo sul finanziamento comunale delle scuole materne pubbliche e private.
Il quesito chiede agli elettori se i finanziamenti dovrebbero dare prioritĂ alla scuola pubblica (opzione A) piuttosto che continuare a sostenere parzialmente le scuole paritarie private (opzione B). In pratica, si chiede un giudizio sul finanziamento che il Comune eroga dal 1995 alle materne private grazie a una delibera del sindaco di allora, Walter Vitali, approvato nel 1994. Il contributo iniziale (circa 300mila Euro) è cresciuto nel tempo fino agli attuali 1,2 milioni di Euro, in un contesto in cui le scuole comunali si trovano invece in notevoli difficoltĂ economiche per colpa dei tagli alle amministrazioni locali da parte dei vari governi nazionali. Centinaia di bambini vengono così privati del loro diritto all'istruzione; solo una parte di questi puĂ² permettersi di accedere ad una scuola privata, vuoi per ragioni economiche (le paritarie richiedono rette tra i 200 e i 500 euro mensili) o per ragioni culturali (oltre il 90% delle scuole paritarie sono gestite da vari organizzazioni che fanno capo alla Chiesa Cattolica, elemento che si riflette esplicitamente nei loro programmi e regolamenti e, di fatto, nella composizione delle famiglie che ne usufruiscono). Nel 2012/13, 143 bambini sono dovuti rimanere fuori; simili proiezioni circolano per il 2013/14.
Ăˆ chiaro che la scelta di chi finanziare con i soldi dei contribuenti è sempre squisitamente politica. L'amministrazione attuale, capitanata dal sindaco Virginio Merola, si è schierata pesantemente a favore del mantenimento dei contributi ai privati ed ha fortemente voluto uno scontro frontale con i referendari. In particolare, da subito il "fronte del B" (che annovera praticamente tutti i partiti maggiori, inclusi quelli di opposizione) ha sostenuto come questa scelta fosse fortemente pragmatica perchĂ©, si afferma, non ci sarebbero comunque i soldi per garantire a tutti un posto in scuole pubbliche.
Per discutere di questa affermazione, ho creato un banale strumento per calcolare il budget delle scuole paritarie e pubbliche a Bologna. Lo strumento mostra come, reindirizzando i contributi pubblici verso scuole comunali, è altamente probabile che si troverebbe lo spazio per accomodare tutti. Cercando di essere obiettivo, lo strumento mostra anche il possibile impatto sulle rette delle scuole private -- che in realtà era la mia motivazione originale quando ho iniziato a lavorarci. I dati utilizzati sono quelli forniti dallo stesso Comune in una pagina recentemente pubblicata e criticata per i toni non particolarmente super partes.
La critica piĂ¹ facile verso questo strumento è che assume che la domanda per posti privati non sia influenzata dalle possibili variazioni della retta. Purtroppo questo non è calcolabile senza il dato delle iscrizioni pre-1995,
Per concludere, è chiaro che questo discorso è riduttivo. Il referendum non è solo questione di soldi: in ballo ci sono principi e indirizzi fondamentali a livello etico e politico su chi e come debba gestire l'educazione. Il modello sussidiario, che tanto andava in voga 20 anni fa sull'onda privatizzatoria del post-89, ormai mostra le crepe in Italia come in gran parte d'Europa. Si ricomincia a discutere del ruolo fondamentale dello Stato di tutti, dei beni comuni, del ruolo sociale delle istituzioni collettive; in quest'ottica, è doveroso ridiscutere scelte fatte quasi in sordina (e spesso in una logica di voto di scambio) su cui i bolognesi non hanno mai potuto esprimersi. Questo strumento è solo una risposta all'approccio pragmaticista su cui l'amministrazione comunale ha impostato la sua campagna fino a pochi giorni fa.
Da buon iscritto AIRE, anch'io posso votare e cercherĂ² di farlo, nonostante le difficoltĂ logistiche del caso.
04 March 2013
Clean your Xcode downloads folder to reclaim some memory
I'm always looking for ways to reclaim space on my crammed hard disk. Thanks to the lovely JDiskReport, I've found a little directory where XCode stores the files it downloads when you choose to install components from the Preferences screen:
/Users/<YourUser>/Library/Caches/com.apple.dt.Xcode
. I wouldn't usually mess with this sort of internal caches, but in this case it looks like XCode won't remove old files after installing new ones: I had three .dmg files with different versions of Cli-Tools. I removed all .dmg files except latest version, and it doesn't look like I broke anything, so it's probably a safe trick. In my case, I claimed back some 250 MB -- not huge, but coupled with cleaning all caches for my secondary browsers (done from the proper UI), I got back about 1.5 GB today.14 February 2013
Apple Mail + Exchange WebServices = Madness
I bought my first Mac last year, and I've been using the default Mail client ever since. Despite all its shortcomings, it's one of the very few clients supporting Exchange, and probably the only one I know (apart from Outlook) that supports even its WebService-mode my employer uses. OSX even supports shared calendars!
However, there is one particularly annoying problem I keep encountering.
Exchange has an "auto-discovery" feature, which means that you pass a web address to Mail, the app connects to that URL and it receives the addresses of all necessary servers involved. Say you are a responsible sysadmin, and you run TWO Exchange servers to get some redundancy; when Mail does the auto-discovery dance, it gets told that there are indeed two servers. Mail will try the first one, prompt the user for his credentials, and if successful, it will save server address and credentials in its settings and use it. When the first server goes down, it will switch to the second one, and the user will live happily ever after.
Now, OSX has a system-wide keychain for password storage; basically, applications store all passwords (and other securable objects) in a central, protected place in encrypted form. In order to discern which password is used by which app, they are organized in different "items" with name, description, etc.
It appears that Mail will write each server/user/pass combo in a different item. So when it connects to server1, it will create an item saying "for server 1, connect with username X and password Y"; when it connects to server2, even though it came from the same auto-discoverable Exchange setup, it will write a new item saying "for server2, connect with username X and password Y". When you change your password in Preferences, Mail will update only the last-used item. Which means, the next time you switch server, your authentication will fail at least once. It appears also that Calendar (or any other program using the accounts specified in System Preferences) will randomly pick one of the two.
If you also have the misfortune to install Outlook 2011 for Mac (which you might want to do because some niche Exchange features are not supported by Apple programs), that program will write yet another item.
The result: you have three items for one account -- and this doesn't even include other devices! (phone etc). Whenever your password changes, you have to make sure all of them are updated, or authentication will likely fail somewhere. Because these subsystems poll servers very frequently, and don't give up very easily when refused access, there is a very high chance that a password change will result in your apps triggering a lock-out by constantly trying to use the old password. This is what regularly happens to me! Note that simply changing your password in Preferences might not be enough, because Mail will update only one of the two items.
Workaround: turn off *all* your clients (quit Mail, Calendar, Outlook, shut down your iPhone etc), change the password on Exchange, then open the Keychain ( /Applications/Utilities/Keychain Access.app ), select Passwords, search your username and update all necessary items, then reboot for good measure. Now all apps will use the correct credentials, and not lock you out.
However, there is one particularly annoying problem I keep encountering.
Exchange has an "auto-discovery" feature, which means that you pass a web address to Mail, the app connects to that URL and it receives the addresses of all necessary servers involved. Say you are a responsible sysadmin, and you run TWO Exchange servers to get some redundancy; when Mail does the auto-discovery dance, it gets told that there are indeed two servers. Mail will try the first one, prompt the user for his credentials, and if successful, it will save server address and credentials in its settings and use it. When the first server goes down, it will switch to the second one, and the user will live happily ever after.
Now, OSX has a system-wide keychain for password storage; basically, applications store all passwords (and other securable objects) in a central, protected place in encrypted form. In order to discern which password is used by which app, they are organized in different "items" with name, description, etc.
It appears that Mail will write each server/user/pass combo in a different item. So when it connects to server1, it will create an item saying "for server 1, connect with username X and password Y"; when it connects to server2, even though it came from the same auto-discoverable Exchange setup, it will write a new item saying "for server2, connect with username X and password Y". When you change your password in Preferences, Mail will update only the last-used item. Which means, the next time you switch server, your authentication will fail at least once. It appears also that Calendar (or any other program using the accounts specified in System Preferences) will randomly pick one of the two.
If you also have the misfortune to install Outlook 2011 for Mac (which you might want to do because some niche Exchange features are not supported by Apple programs), that program will write yet another item.
The result: you have three items for one account -- and this doesn't even include other devices! (phone etc). Whenever your password changes, you have to make sure all of them are updated, or authentication will likely fail somewhere. Because these subsystems poll servers very frequently, and don't give up very easily when refused access, there is a very high chance that a password change will result in your apps triggering a lock-out by constantly trying to use the old password. This is what regularly happens to me! Note that simply changing your password in Preferences might not be enough, because Mail will update only one of the two items.
Workaround: turn off *all* your clients (quit Mail, Calendar, Outlook, shut down your iPhone etc), change the password on Exchange, then open the Keychain ( /Applications/Utilities/Keychain Access.app ), select Passwords, search your username and update all necessary items, then reboot for good measure. Now all apps will use the correct credentials, and not lock you out.
12 January 2013
on Aaron Swartz
I've lived through my fair share of internet lore in the last 15 years. Since 2001, Aaron's name kept popping up here and there; he belonged to that special pantheon of people whose genius is so clear, it makes other people despair that they will never, ever measure up to it. When I found out he was A FUCKING KID, well, it wasn't an easy day for my ego. His code was always, invariably fantastic; at a time when people were saying "Python will never match Java for raw performance", he (re)built Reddit to sustain inordinate amounts of traffic, and gave away the code for good measure. He kept contributing his flawless logic to umpteen projects, from Markdown to Django, helping them succeed with grace and selflessness. And then he started going really political, and damn, was he fighting all the good fights. A lot of people claim to be "talented" or be "good", but you could see he was the real deal. He was the sort of person I wanted to be if I only I could rewind my life 20 years and start again.
Back in the '90s, we used to think there was such a thing as "internet culture". We used to think the online world was free, the 'net community would have been immune to the evils of offline corruption, information wanted to be free, "they" couldn't fight disruption, progress was inevitable.
Lies, all of them.
We are losing this social revolution like our fathers lost in the '60s and '70s. Established players have made clear, over and over, that they will crush our lofty ideals as soon as we hit their wallets. They will ruin our lives, bankrupt us, force us into exile. Aaron is the last casualty of this counter-revolution. Sooner or later there will be a Vienna Congress moment, indeed it almost happened last month.
Aaron was the best we could be, and even him couldn't bear the pain of living while fighting the good fight in this corrupt world. How are we supposed to cope? The small ones with simple jobs, normal families, little talent, broken dreams, and our own baggage of bad life choices and mediocrity -- how are we supposed to still believe?
Ah fuck. What a sad day.
Subscribe to:
Posts (Atom)