A wikit? I am so underwhelmed.
I was really expecting something impressive and almost entirely composed of eye-candy… I’m still not sure where Dashboard is going to fit-in outside the novelty realm. I mean, little informational pop-ups are great, but they seem to be a dime-a-dozen. Is the contest winner just the first in a long line of too-small versions of standard apps? I guess we’ll see.
I am totally stoked for the Mac version of Doom 3 in February. There’s a good, in-depth preview over at InsideMacGames. Doom 3 will be the first game I’ve bought in years. I just don’t play many computer games any more, but I have followed Doom since the original shareware version. Configuring my old 20Mhz laptop with 4MB RAM to run Doom was the impetus behind my studying Computer Science!
Even though I don’t play games on the computer much any more, there will always be a place on my disk for one game...
I think I have finally settled on a backup strategy for my Mac. You’d think it would be easy—given Mac users’ fondness for backups. But, it wasn’t. It was quite difficult to find a quality backup solution that provided the features I required:
I have an external Firewire disk that I have divided into two partitions: one for a bootable clone and one for 3-days worth of rolling backups of my /Users directories.
There is certainly no shortage of articles and forum posts regarding Mac backup software, but - as is often the case - it really boils down to personal preference. After a bunch of research, I narrowed my final candidates to the following:
While initially I liked the simplicity and interface provided by Impression, I quickly discarded it. It just didn’t do enough. I am already familiar with rsync ; I use it extensively at work to backup source code across multiple machines. So, I wanted to try SuperDuper first. What impressed me most about SuperDuper and what I think is the best thing it has going for it is packaging. From the downloadable disk image to the interface—this application is good-looking, intuitive and easy-to-use. It is very straightforward to create a bootable clone and the app gives plenty of easy-to-understand feedback. Most importantly, it seems to be the only backup software with useful documentation! Note to other backup software developers: include a manually with a “quick start” or “Making your first backup” section!
Unfortunately, two things are lacking from SuperDuper: rolling backups and scheduling. I know that scheduling is scheduled for the next major release. The deal-breaker was lack of built-in support for rolling backups. SuperDuper comes with some feature they call “Safety Clones”. It basically checkpoints your system software and ignores your data, letting you roll-back in the case of an application- or system-software malfunction. That’s great—but it’s the exact opposite of what I need. I assume something could be hacked together using AppleScript, but I’m not sure it would be worth it.
So, I fell back the Ol’ Standby: rsync. I will just say this about RsyncX: it has the worst, most user-unfriendly interface I’ve every used. That being said, the Rolling Backup assistant was helpful and I was able to use my familiarity with the standard rsync to quickly build a comprehensive backup solution.
As far as scheduling is concerned: I just added an entry in ”/etc/daily.local” for my full and rolling backup commands and called it a done deal! This way, I can check “daily.out” every morning to verify things completed.
All in all, it was a bit more painful than I’d hoped. But, in the end, I settled on a strategy with which I am happy.
Quick note: be sure to uncheck “Ignore ownership on this volume” as it is the default after partitioning and/or erasing a disk with Disk Utility. Without this, a disk will not be bootable and rsync’s file modification check will (wastefully) assume the file has changed.
What a great way to start the New Year: I have been looking for The Conet Project for a long time! Of course, my problem was that I could not remember what it was called. I very clearly recalled reading something about recordings of WWII code stations on Slashdot years ago. So, it was just a matter of coming up with the right Google search phrase…
Anyway, the Conet Project is a 4-CD set of recordings from so-called Number Stations. I won’t rehash what has been extensively covered elsewhere:
There is an interesting side-story about how Wilco used a recording of a woman’s voice repeating “Yankee Hotel Foxtrot” in one of their songs (and as the title of the album) and was then sued by the Conet Project. This WIRED article has the details. By the way, “Yankee Hotel Foxtrot” is a phenomenal album… So, it’s a shame (or, perhaps, a blessing) that you can now download all four discs plus the 80-page booklet for free!
CocoaTextile is a simple text editor for the Mac that will convert plain-text to an XHTML fragment using either the Textile or Markdown engine. I know the name is a little misleading, but I had originally intended only to support Textile, until I realized it would only take minimal effort to support Markdown as well…
Anyway, this is Not Another Weblog Editor. It is intended to be a helpful tool for anyone - like myself - who uses Textile or Markdown, but also wants to see a preview without reloading their browser. Since CocoaTextile uses Cocoa’s text view component, all of the standard editing features are included “for free”. This includes, but is not limited to:
In the future, I’d like to override some of the built-in features to use the corresponding Textile or Markdown tag (e.g. selecting the Italic menu item would surround text with underscores). Also, since the preview pane uses WebKit, I plan on adding support for CSS. Documents can be saved as plaintext or HTML.
This humble project is great fun. I am continually impressed by the power and depth of Cocoa.
Download: CocoaTextile-0.01.dmg
The obligatory screenshot.
While working on adding forecast support to my Quicksilver plugin, I was investigating web services (in particular SOAP) support in Cocoa. From the Xcode documentation it initially looked like Applescript was the way to go. However, a little investigation turned up a WebServices framework inside the CoreServices framework! Strangely enough, these two (Part 1, Part 2) articles on Bioinformatics at the MacDevCenter on O’Reilly were absolute Gold Mines!
What really impressed me about the Apple’s covert support for webservices was the WSMakeStubs utility. Basically, you feed it a URL to a WSDL file and it generates the appropriate “wrapper” code in the language of your choice (Objective-C, AppleScript or C++). Very slick. It literally took a matter of minutes to add client-side webservices support to my app.
Before discovering the WebServices framework, I found AEXMLTutor . In a nutshell, you can enter some webservices AppleScript and it will give you back a ton of feedback… Much more than Script Editor.
Once I can parse the forecast data from the NOAA, I’ll update my Quicksilver plugin. Won’t be long!
This HOWTO explains the steps necessary to implement authentication in JBoss using the underlying Linux OS. Using a custom JBoss LoginModule (provided), SysAuth and Linux/PAM, users on your website can use their Linux username and password to authenticate. I post snippets of code and config. files along the way and provide a single download with everything at the end.
<!-more->
Initial Setup The first thing you will need is SysAuth. It is a Java interface to PAM, the underlying authenication subsystem that drives most, if not all, current Linux distributions. You will need the jar file when compiling your Java code and the shared library, libSysAuth.so, when running in JBoss.
The rest of this tutorial assumes that you have JBoss 3.2.* installed in a directory called jboss.
Configuring JBoss First, decide on a place to put the SysAuth shared library. For simplicity’s sake, I put it in jboss/bin. Next, we need to indicate where JBoss should look for the shared lib by modifying the java.library.path variable passed to the JVM. For JBoss, that is accomplished by modifying changing the JAVA_OPTS variable in jboss/bin/run.conf.
Add the following to the end of jboss/bin/run.conf:
JAVA_OPTS="-Djava.library.path=bin $JAVA_OPTS"
Configuring PAM I have tested this setup on Gentoo and RedHat ES 3, though it should work for any Linux distribution that uses PAM. The only change needed is to add an entry to the /etc/pam.d/ directory. We’ll call the file called java_auth. Depending on your PAM configuration, you will need to use one of the following. In RedHat (and, most likely, all others), java_auth should look like so:
auth required pam_stack.so service=system-auth
This particular configuration “passes” authentication through to the system-level configuration. In Gentoo, I was able to get by with:
auth required pam_unix.so
Try the first. If it doesn’t work, try the second. If that doesn’t work: pester your Sys Admin—they love this stuff!
One more note: BEWARE OF TABS. I spent way too longing wrestling with a problem caused by a spurious tab.
Download: java_auth
Build a Custom JBoss Login Module The process of creating a custom JBoss Login Module is pretty advanced and there are many, many options. But, in the case of simple authenication against the underlying Linux operating system we can take a pretty direct approach. To implement a login module that will supply a username and password to PAM (via SysAuth) we need to subclass JBoss’s UsernamePasswordLoginModule class. The subclassing requires that we implement the following functions:
So, put this in a file called MyLoginModule.java. Compile it with SysAuth.jar in your classpath. The class should end up in the WEB-INF/lib directory of your Web Application. Our main concern is with getUsersPassword which is where we will use SysAuth.
public boolean validatePassword(String inputPassword, String expectedPassword)
{
boolean result = false;
result = SysAuth.isAllowed(getUsername(),inputPassword);
return result;
}
Pretty simple, huh? As you can see, it simply passes the username and password to SysAuth. Sysauth will return true or false for authenticated or denied, respectively. The other two functions are equally exciting:
public String getUsersPassword() throws LoginException {
return "";
}
and here we create an arbitrary group to which our user will belong (more on this later):
public Group[] getRoleSets() throws LoginException {
userRoles.addMember(new SimplePrincipal("AuthenticatedUsers"));
Group[] roleSets = {userRoles};
return roleSets;
}
Download: MyLoginModule.java
While we are here, it is a good time to point out the main deficiency in this PAM-based implementation: Authorization. I have yet to find a good way to setup any advanced group- or role-based access controls. Basically, the user is either authenticated or not. This is a deficiency in PAM not JBoss or JAAS.
Configure your Web Application
Now, let’s bring it all together by configuring your web application to use the custom login module we wrote. All of these changes are standard JBoss configuration changes for using JAAS. Check jboss for more information.
First, we need to setup a JBoss security configuration. So, we will need to add the following to jboss/server/default/conf/login-config.xml. (Note: if you are using a custom server/configuration, just change “default” to the name of your server/configuration). Put the following at the bottom of login-config.xml, just before the closing < / policy >:
<application -policy name="my_security">
<authentication>
<login -module code="com.example.security.MyLoginModule"
flag="required" debug="true">
</login>
</authentication>
</application>
Download: login-config.xml
Set the class package to wherever you put your code.
Second, we need to tell our web application to use the built-in JBoss authentication scheme. Gee, thanks, JBoss! We get this by having a form that calls j_security_check. Again, standard stuff. I put mine in index.html
<form id="login" action="j_security_check" method="post">
<h1>Login</h1><br />
<p>Username</p><input type="text" size="10" name="j_username"/>
<p>Password</p><input type="password" size="10" name="j_password"/>
<input type="submit" value="Login"/>
</input></input></input></form>
Download: index.html
Note: the names of the form controls does matter. Next you need to configure your web.xml:
<welcome -file-list>tml</welcome>
<error -page>
<error -code>400</error>
<location>/index.html</location>
</error>
<!-- Default: Access to everything requires login -->
<security -constraint>
<web -resource-collection>
<web -resource-name>My Web Application</web>
<description>Require users to authenticate</description>
<url -pattern>*.jsp</url>
<http -method>POST</http>
<http -method>GET</http>
</web>
<auth -constraint>
<description>Only allow AuthenticatedUsers role</description>
<role -name>*</role>
</auth>
<user -data-constraint>
<description>Encryption is not required for the application in general. </description>
<transport -guarantee>NONE</transport>
</user>
</security>
<login -config>
<auth -method>FORM</auth>
<form -login-config>
<form -login-page>/index.html</form>
<form -error-page>/LoginError.html</form>
</form>
</login>
<security -role>
<role -name>AuthenticatedUsers</role>
</security>
</>
Download: web.xml
As you can see, this is pretty standard stuff. The only things to note are that I set role-name to * which basically means: any user who has been authenticated. You could change this to be “AuthenticatedUsers” or whatever you pass back from getRoleSets in the Login Module. But, again, PAM won’t give you different groups… The other thing to note is that I set the error page for 400 (Bad Request) errors to the login page, index.html. This gets around a -bug- feature in JBoss.
Next, we need to modify jboss-web.xml. This one is pretty easy. It ties together your app and the security configuration we setup above.
< ?xml version="1.0" encoding="ISO-8859-1"?>
<jboss -web>
<context -root>/</context>
<security -domain>java:/jaas/my_security</security>
</jboss>
That’s all there is to it!
Download: jboss-web.xml
Summary
Conclusion
This HOWTO certainly assume that you have some JBoss “know-how”. But as a supplment to all the great info on the JBoss site, it should be enough to get you going. Please feel free to post comments. Suggestions are welcome too!
Download all the files you need to change to make this work: jboss_linux_authentication.tar.gz
Version 1.0
I was able to hack minimal Growl support onto Firefox. I can’t stand the default Firefox download manager and I thought Growl is the perfect way to inform me that a downloaded has completed. So, I cobbled together a little plugin.
Unfortunately, I had to write a little shell script to take the message (in this case, the name of the file being downloaded) as an argument, since growlnotify reads from STDIN. Even more unfortunately, there seems to be a bug in nsIProcess<pre><code> #!/bin/bash cat ~/Documents/growl.txt | /usr/bin/growlnotify "Download Complete" </code>See? Told you it was a hack. To make this actually work, nsIProcess.run needs to be fixed and I need a better way to actually interface with growl (besides a shell-script to growlnotify…) Perhaps a javascript binding?
I just watched the International Space Station soar across the pre-dawn sky. Very cool. Check the sighting listings for your city.
Do I Need A Jacket? is probably the best (or, at least, the most clever) use of the NOAA’s weather data ever.