2014 in review

The WordPress.com stats helper monkeys prepared a 2014 annual report for this blog.

Here’s an excerpt:

A New York City subway train holds 1,200 people. This blog was viewed about 6,500 times in 2014. If it were a NYC subway train, it would take about 5 trips to carry that many people.

Click here to see the complete report.

Using LDAP’s altServer on OS X Clients

Binding an OS X client to an LDAP server is pretty simple, but when it’s time to scale up, Apple wants us to use proxy servers and load balancers to offer failover and redundancy. This is by far the best approach, but sometimes setting up such a front-end for a cluster of servers is time or cost prohibitive depending on the scope of the project and the size of your fleet. In this case, it would be easier to simply have the OS X clients authenticate to a single server, using a list of trusted replica servers as a failover for when that primary server is unreachable for any reason. RFC4512 defines a LDAP attribute called altServer, and we can use that attribute to configure exactly such a setup.

UUIDs, LDAP and FileVault 2

Many thanks to Rich Trouton and Greg Neagle for helping me figure out why case matters to OS X when dealing with UUIDs. Couldn’t have written it better myself!

Der Flounder

A little-known fact about FileVault 2 is that it uses the GeneratedUID user attribute (also known as a UUID) of an account to help identify enabled accounts. For example, when you run the fdesetup list command, you’ll see the user information appear with both the username and UUID information.


For local accounts, this isn’t an issue as the OS will properly generate a UUID for the local account. Active Directory also generally handles this correctly on Macs, so I haven’t seen UUID problems occur for AD mobile users.

Where I have heard of problems has been with non-Apple LDAP servers. If the LDAP server doesn’t provide the GeneratedUID user attribute for mobile LDAP accounts on Macs, or it does not provide the UUID in the way that FileVault 2 is expecting, you may see one or more of the following behaviors:

1. The LDAP account’s icon disappearing from…

View original post 422 more words

Gimp on OS X

Gimp on OS X

Just pure awesome coming from the GIMP project. September brought version 2.8.2 to OS X, which no longer requires X11 or XQuartz to run. OS X 10.8.0 or higher is required. So far I’m very impressed. Good job to all involved!