Category Archives: Mac

Apple Inc., Macintosh Computers and Mac OS X

The “ps” conspiracy

The first decent UNIX systems I worked with were the good old Sun 3 and Sun 4 systems of the computer science department of the University Paderborn. At that time all the machines were running SunOS 4.0 which was derived from BSD 4.2. And of course it supported the proper syntax of the ps command e.g. ps -guwx. And that is what I got used to.

When the University started deploying Solaris 2.x I was really annoyed that ps now expected System V style options. But I found /usr/ucb/ps which supported all the options I knew. All was well.

But the System V nonsense didn’t stop there unfortunately. Linux was the next victim (or offender?). ps started complaining about bad syntax at some point. This could however be fixed by setting the enviroment variable PS_PERSONALITY to bsd. I made the necessary changes to my account’s configuration and all was well.

I was however really shocked when I found out that Mac OS X Leopard had joined the conspiracy. Its ps command doesn’t accept BSD options anymore and expects System V style options instead. I personally find that highly annoying especially considering that Mac OS X is a BSD derivative.

But there is a bit of hope for BSD fans like me: if you omit the hyphen in front of the options Leopard’s ps command still accepts BSD style options. So I wrote a little script called ps which behaves like Mac OS X Tiger’s ps command. And all is well.

Less Downtime And Problems

A while ago I complained about problems with NIS under Mac OS X. The amount of comments I received on that posting suggests that a lot of people had similiar experiences.

Encouraged by Iain Patterson’s excellent post about using LDAP under Mac OS X and with a bit of help from my fellow worker Robert Brown I managed to get LDAP working. I’m using OpenLDAP on my NetBSD server to provided this service.

The LDAP directory is kept up to date by a self written Perl script. It automatically replicates the contents of the NIS maps passwd.byname, group.byname and mounts.byname into the LDAP database. As the script is automatically run by the makefile on the NIS master the LDAP server will pick up all changes immediately.

I’m using LDAP instead of NIS on my Mac for several weeks now. The change-over fixed all the problems I previously encountered:

  1. I can always login using my LDAP account after the machine finished booting up.
  2. lookupd doesn’t wedge after DNS problems anymore.
  3. I can suspend and wake up my Mac without losing access to my NFS mounted home directory.
  4. When I rebooted my server to finish the NetBSD 4.0 RC1 update the Mac handle that outage without problems.

To say it with the words of Daniel Jackson: The only way to defeat NIS is to deny it battle.

Mac OS X … Blessing or Curse?

These days my preferred desktop machine at home is my Power Mac G5. The machine is reasonably fast, very silent (or at least less noisy than the other machines) and runs Mac OS X.

And using Mac OS X on your desktop computer is nice:

  1. The user interface is easy to use, consistent (unless you use X11 applications), looks nice (a matter of taste of course) and is very fast despite the eye candy.
  2. Features like 3D acceleration (even for X11 applications) and dual head mode work out of the box without any tinkering.
  3. Mac OS X comes with most of the necessary multimeda bits and pieces to deal with today’s Internet (e.g. Macromedia Flash, Java and QuickTime). More stuff (e.g. Windows Media support, RealPlayer) is available as easy-to-install downloads.
  4. If iLife 06 is installed on your computer Mac OS X can store, manage and edit all your photos and videos created with your digital camera or camcorder.
  5. Watching a DVD works out of the box. Creating a video DVD is very easy thanks to applications like Roxio Toast Titanium.
  6. Connecting my father in law’s scanner-printer-combination went smoothly. The necessary drivers were on a CD-ROM comming with the printer. It took only a few mouse clicks to install them. Afterwards all the features of the printer including the scan button on the front worked without problems.
  7. And beneath the shiny surface there’s a real UNIX like operating system. All you need to do is launch the terminal application and you’ll get a shell prompt.

But not all is well in Mac OS X land:

  1. The basic security approach in Mac OS X is reasonable: users don’t use an adminstrator account (in UNIX terminology: you don’t login as root). If an operation requires administrator privileges Mac OS X asks for an administrator’s account and password first.
    But unfortunately Apple went to far too keep things nice and simple. They often forget security implications when adding new features.
    After installing Mac OS X you get automatically logged in. You have to change the configuration to enforce a login with account name and password. Another prime example is the default behaviour of the browser Safari. As soon as it has finished downloading a disk image (a file with a Mac OS X filesystem in it) it mounts the image automatically. And that can cause bad things including a kernel panic if the filesystem in the disk image is corrupted. A user which is a member of the administrator group is also allowed to change a lot of system settings by default which could compromise the system’s security. Fortunately you can (and should) tighten security by turning off all these features.
    Besides having an insecure default configuration Mac OS X also suffers from a lot of security problems caused by avoidable bugs. There was (before the last security update) a setuid shell scripts (bad idea) which used the user supplied command search path (you’re out).
  2. Integrating Mac OS X into a network seems easy. And managing your basic network configuration is pretty easy. Ad hoc access to a file server via CIFS is also well supported including a graphical network browser.
    But if you need a more sophisticated setup things become difficult. Something as simple as a static NFS mount is actually tricky. Performance of CIFS and NFS over TCP is very bad by default until you find the magic knob to tune the TCP performance. Certain features (e.g. remote desktop access) just don’t work for accounts managed by a network directory service (e.g. NIS).
  3. Mac OS X is also cranky from time to time. Something stops working and it is really hard to figure out why.
    Yesterday the installation of the Cisco VPN client would just not start on my wife’s PowerBook G4. She had to log out and log in again to make it work.
    My personal archenemy in Mac OS X is lookupd. Besides causing NIS problems it hung my Mac at least twice when Firefox tried to lookup an unresolvable hostname.

Does this mean that Mac OS X is just another Windows? I would actually argue that Windows is a bad Mac OS X imitation. A lot of the new features in Windows Vista are already available in Mac OS X Tiger or even older versions. And while the security problems in Mac OS X can be solved by a more restrictive default configuration and better quality assurance Windows still has fundamental problems.

Despite the present problems I’m still enjoying the blessing of Mac OS X … and curse it occasionally.