OS X Meanderings

Apple has added an application layer filter to their OS and is using it to filter incoming network traffic. Ipfw still exists, but isn’t utilized. The ALF seems to be a work in progress and has received a lot of bad press and some not so bad. I would be curious to see if Apple decides to include the new ALF system in Darwin. It would certainly make sense and would match a pattern that they’ve followed in the past. There was a lot of FUD about Apple closing the Intel kernel for the several months before it was made open. Apple was cleaning up the code and documenting it before making it public, which was reasonable.

I’ll go out on a limb and predict that Apple knows the new system is buggy (read insecure) and is enhancing it’s effectiveness by means of obfuscation. Come 10.5.2 or so, the system will quietly appear in the darwin repository. It’s a hunch. I’m optimistic.

I have replaced Blojsom with Wordpress for gojiro’s blog. Wordpress is easier to work with than Blojsom, the default that OS X server uses. Case in point, exporting posts isn’t supported out of the box. Since there aren’t many posts to this blog, I’ll be manually copying them over.

Why Apple kludged this, I have no idea.

http://docs.info.apple.com/article.html?artnum=302977

This came in handy when I experienced some oddness after a system update:

http://docs.info.apple.com/article.html?artnum=303197

http://www.macwrite.com/criticalmass/secure-shell-mac-os-x-part-1.php
Local host: Mac OS X running OpenSSH v3.0p1
Remote host: Ultrix running OpenSSH v2.5.1p2
Generate keys on local machine with ssh-keygen -b 2048 -t dsa
Keys get placed into ~/.ssh/id_dsa & id_dsa.pub
Sftp to remote host, and put id_dsa.pub into ~/.ssh
Append id_dsa.pub to ~/.ssh/authorized_keys2 using cat id_dsa.pub >> authorized_keys2.

I’ve been working on getting sieve filtering to work in OS X server and have made some progress. The end goal is a vacation response configurable with Squirrelmail. So far, everything appears to be working properly EXCEPT the last step. These are the steps I’ve completed so far:

enable sieve port in /etc/services by adding this line:
sieve 2000/tcp #Sieve mail filtering

Enable Login style authentication for IMAP in Server Admin
restart mail

install the avelsieve plugin:
http://www.squirrelmail.org/plugin_download.php?id=73&rev=1125
Tell avelsieve to use LOGIN style authentication:
$preferred_mech = “LOGIN”;

More when I actually get the filters to work…

Make sure that your domain andhost name are set properly in the mail settings in Server Admin. In my case, the names were the same. If the hostname isn’t set properly, the filtering works, but no auto-reply.

The OS X Implementation of squirrelmail is not fully realised. If you want everything to just work with all the domains you host, you have to manually edit the config file. Using config.pl will break all kinds of things. The perl script doesn’t write an Apple-freindly config. Or rather, Apple doesn’t conform to Squirrelmail’s standards.

So to get plugins to work, follow all the directions up to the point where they ask you to run config.pl. Go into config.php with your favirite text editor and manually add the references to plugins.

Click, ckick ….. the sound of a failing hard drive. The work that ensues. It’s been a few hours of migrating data and trying to figure out where everyone hides things. Lets see if I’ve got write permissions to this misbehaiving blog.

The intel macs use a different partition table (GPT) than tha PPC ones. Select that when formatting your drives intended to boot intel.

Source:
http://developer.apple.com/documentation/MacOSX/Conceptual/universal_binary/universal_binary_tips/chapter_5_section_10.html