via http://twitter.com/#!/danothebeach/status/199885837066973184
May 8, 2012
Mac Malware Breakdown.. by Microsoft
March 28, 2012
"* I should totally speak for the project since I technically own it. Also,
Rudá is a big fan of mine, so whatever I say tends to become the truth."
Rudá is a big fan of mine, so whatever I say tends to become the truth."
—
BDFL! Love these guys. This one’s great too:
Committees rarely get things done. I see no reason whatsoever for any kind
of decision-making committee at this point. Honestly. I think Rudá has been
doing a great job as it is.
> 1. One thing that preoccupy me is that I see that the project RudiX is > BSD license. It is ok, but we should consider to change it to GPL to not > allow other people to take its liberty.Ah, for fuck’s sake, DO NOT start a licensing argument. Pretty please.
(Source: groups.google.com)
March 22, 2012
March 16, 2012
Grand Pkginfo Unification Scheme Proposed
There has been talk from time to time on the Munki mailing list about coming up with a centralized Munki repository. For solutions like Simian, the only files you actually need a mac for are pkginfo files, since they need to be generated by the makepkginfo tool.
For those who can’t keep up with meme’s, or don’t know what they are, pardon me when I say: for some of us Git is our new bicycle, and Github is here to stay. The great environment Github has fostered around the tool makes distributed collaboration that much easier. How does this relate to Munki and pkginfo files? Well I’ve taken it upon myself to consolidate all of the pkginfo files myself and collaborators have access to, into a centralized collection called BundleOfPkginfos. This takes advantage of a Git feature called submodules, with a separate repo for each software manufacturer.
We all know pkginfo files have a certain level of customization, since different Munki setups will divide packages into subdirectories by type(‘browser’) or other criteria when running munkiimport. (Heck, some collaborators use .pkginfo, some .plist, and others _no_ extension!) For the ones I’ve posted, I used makepkginfo against software/updates distributed in .dmg format, and for those in .zip I unpacked and ran munkiimport with the -n (—nointeractive) flag on the .app bundles, which places the packages in the root of the pkgs folder.
So how will these benefit the community, since there are a bunch of proverbial cooks making the broth? Well I will be curating things to standardize them a bit as best I can, but more importantly, everybody wants to know how to modify a Microsoft Office updates to work within Munki, and now theres a place to look for working examples! The makepkginfo and munkiimport tools can’t always tell what programs should be closed before install, or if it would be beneficial to have a postflight script run after the package install (even more helpful to see examples where this is relevant!). Remember the Munki motto: ‘if you’re repackaging, u r doin’ it rong’
Sorry, meme’s again.
So feel free to copy-paste directly from the website (I recommend using the “Raw” button on the right at the top of the window to help ensure the copy respects the indentation, e.g.) and make sure to test before deploying. Or if you’re git savvy, you can clone the master BarrelsOfPkginfos repository, then pull the submodules contents with these commands:
git clone git://github.com/arubdesu/BarrelOfPkginfos.git
git submodule init
git submodule update
March 10, 2012
March 8, 2012
Our government: ‘documentation’ means 259 rows, in an excel file, to harden RHEL systems?
Hey, what’s those files on the right?
March 4, 2012
February 28, 2012
"What we do know is that the phone is chunky at 12.5 mm, owing in large part to the projector…"
— http://www.anandtech.com/show/5582/samsung-fleshes-out-tab-2-line-and-unveils-galaxy-beam
February 24, 2012
More taking photos of the login screen
Originally: More initial FileVault observations
Funny that it wants to restart, probably to allow lock down access to the semi-booted system’s network credentials to use Safari…
February 24, 2012
Standalone Cauliflower Complex
Lots of rumors and hushed voices have accompanied the buildup to Google’s Macintosh Operations team revealing they had cracked the FileVault2 key escrow ‘nut’. All they had been saying up until recently was… don’t use institutional keys. Now the fruits of their labor have been open sourced, and wouldn’t you guess? It’s very google-specific (echoing Simian before it, a major part relies upon Google App Engine), but who’s concerned with that when they’ve even shared the building blocks that make up the solution (after navigating the undocumented API’s to achieve our common goal).
As an exercise, I used the csfde binary that was released along with the tools and documented the process (top left in this diagram, probably having something to do with ‘core storage full disk encryption’). First, I needed the source code, which you could download here or use git from here if you’re savvy. Then, as I was running this from a new machine, I’d need Xcode. A quick trip to the Mac App Store later the .app was installed… and while I thought I was good, I didn’t realize I only had the IDE. When I tried to build the csfde.xcodeproj file… I couldn’t figure out where the binary was supposed to pop out on the other side. And then I went to that path in the terminal and got this message:
Allisters-MacBook-Air:csfde 318admin$ xcodebuild
xcode-select: Error: No Xcode folder is set. Run xcode-select -switch <xcode_folder_path>
That wasn’t particularly illuminating, but luckily all i needed was a quick trip to Xcode’s Preferences > Downloads to get the command line tools.
Then I decided to come at it from another angle: plain ol’ make. Having an affinity for makefiles due to a particular project, I saw that I could call make csfde from the root of the cauliflowervest source code folder - but Xcode wasn’t actually done barking at me, I needed to set my Xcode path with xcode-select -switch /Applications/Xcode.app before make would run…just like I was told above. And then I had csfde right where I wanted it! …in the src/csfde/build/Default folder. Y’know.
After checking the BSD name of my boot disk,
I fed csfde the options it wanted, and I was off to the races. Well, the drive wasn’t supposed to actually start encrypting until after a reboot, but I had my recovery code spit out and the stage was set!
And since new things like this are worth testing, I verified the recovery code works… and doesn’t expire after use… and can’t be swapped out at present without de- and re-encrypting…. and you can only give one user access at a time with the csfde tool (as Greg Neagle points out here).
All in all, it works as advertised. Just like how the MDM solutions can only work with the API’s that are exposed as updates occur… file those radars early and often to get a documented solution AND in anticipation of OS updates!
February 10, 2012
If you are able to read this because it’s in your Tumblr dashboard, please take heed:
This site is now www.aru-b.com, the more business-formal blog of Allister Banks
We now return you to your irregularly scheduled program
(Source: ruffand)
February 2, 2012
"Using single label names or unregistered suffixes, such as .local, is not recommended"
—
From the horses mouth, via @arekdreyer
Assigning the Forest Root Domain Name: Domain Name System (DNS); Active Directory
January 31, 2012
"This isn’t a “product” so much as a disjointed bundle of software with several nice-looking but not very functional GUIs on top"
—
Harsh
January 19, 2012
"Windows Logs -> System log, and then filter by Event ID 6006"
—
When grepping systeminfo for boot at the command prompt won’t do
January 6, 2012
RSS feed: http://www.aru-b.com/rss
1 of 40
Next page
