Mac OS X

The Macintosh operating system “for the next twenty years.”

Authenticated printing with Active Directory on Leopard

A few+posts+on+the+MacEnterprise+mailing+list+have+reported+that+Leopard+does+support+authenticated+printing+with+Active+Directory. This is a good step forward for Mac OS X. However, it's unclear if it is using Kerberos to do so.

Leopard includes CUPS 1.3.3. I don't exactly know how to tell this from the command line. There's no cups -V at all, as the main executable is cupsd. But, there's no cupsd -V, either. So, I resorted to the CUPS Web administration page, which is found at http://localhost:631/ on any modern Mac.

The What's new in CUPS page — which as of this writing documents version 1.3 — says that Kerberos is now supported. So it's reasonable to guess that Kerberos could be in use on Leopard for this type of authenticated printing.

So, I took a moment to ask on the Apple Printing mailing list, and got immediate results. Right away, Michael Sweet posted that no, by default it doesn't … but it can be activated with the "Negotiate" option in cupsd.conf. There is one caveat: it reportedly doesn't work with Windows Server 2003R2, however. You need CUPS 1.3.4 for that.

I found out that CUPS 1.3.3 in Leopard can potentially be replaced with version 1.3.4 at your own risk. You should only do that if you are comfortable with compiling applications, if you absolutely need to make Kerberized authenticated printing work with Windows Server 2003R2, and you are willing to test the changes before you deploy it to more than your non-production test computer. Otherwise, the following risk is not worth it. However, if you still feel the need to try CUPS 1.3.4 despite these warnings:

  1. Get the CUPS 1.3.4 source and compile it as a "4-way fat" binary with:
    $ ./configure --with-archflags="-arch i386 -arch ppc -arch x86_64 -arch ppc64"
    $ make
  2. Copy the resulting cups/libcups.2.dylib file to /usr/lib/.
  3. Reboot or log out.

The new libcups.2.dylib could then be copied to other computers if your testing with it is successful and it fixes the problem with authenticated printing through Windows Server 2003R2. You're on your own if you try any of this; I'm not suggesting you do it, and can't help you if you try. It's unsupported and YMMV.

(By the way, replacing one key file like this is a really great opportunity to use a Radmind overload, if you're into that sort of thing.)

Leopard installer utility and install choice change XML files

In reading the man page for the updated installer utility in Leopard, it looks like it offers the equivalent of "answer files" on Windows. This sounds like a big improvement, especially for systems administrators who want to automate the installation of packages on Mac OS X.

The "install choice change XML file" can be used to apply changes to the default option in an installer package. This uses the -applyChoiceChangesXML flag.

The installer can also show the defaults as well as the result after applying a choice changes XML file to them. Use the -showChoicesXML to find the choices and -showChoicesAfterApplyingChangesXML to see the outcome of choice changes, respectively.

For what it's worth, the -dominfo and -query flags are also new and have functions that I don't recognize from Tiger, comparing the two man pages.

Anyway, the install choices sound like a "win" — even just to get reliable, reproducible Radmind transcripts, if you're into that sort of thing. Imagine creating an installer choice change file for a package you install/update all the time — the system software itself, and the Apple Xcode Developer Tools, both spring to mind. Whether you're creating install choice change files for bulk installation or just automation of your build process, it sounds as if this new capability should be really helpful.

TidBITS: Apple to Allow Virtualization of Leopard Server

TidBITS: Apple to Allow Virtualization of Leopard — Mac OS X Server, not the workstation version.

This is pretty big news, even though it's really only the change in EULA right now. It would solve a great many problems in hosting Mac OS X Server if VMWare ESX could run on Apple hardware. If you could make Xserves part of an ESX cluster, and you could limit the Mac OS X Server to running on just the Apple hardware in that cluster … that would be very good. But this is all wishful thinking and speculation on my part.

Disappointing xar version in Leopard

I checked on the version of xar that ships with Mac OS X 10.5 Leopard, and I was dismayed to find it's 1.4. Xar is new to Leopard, but it's got a much older version that dates back to January 10, 2007.

$ xar --version
xar 1.4

The latest version, 1.5.1, is from June 10. Version 1.5 is from May 14. The benefit of the newer versions is that they have fixed flaws and passed the Backup Bouncer test. Leopard's bundled version is apparently too old to incorporate the fixes that put xar over the top on the test. That's too bad. I was — and am — looking forward to its possible use for backups of all the kinds of data that can sit in the Leopard filesystem.

Sandboxing man pages in Leopard

I also found the man pages for process sandboxing in Leopard; it's found under "sandbox":

$ man sandbox

Code signing man page in Leopard

I found the man page for code signing in Leopard; it's found under "codesign":

$ man codesign

Update: It's worth noting that Apple has released the Code Signing Guide to document this feature further, from a developer perspective.

SoftRAID 3.6.5 kernel extension in Leopard

I came across a kernel extension for SoftRAID 3.6.5, from SoftRAID LLC in Leopard's /System/Library/Extensions folder. I found the version in the SoftRAID.kext's Info.plist file, and it really truly does appear to be SoftRAID, based on the copyright and the bundle identifier and so on.

This is notable simply because it's included (although I don't know how it's being used, if at all) and it is also a newer version than I've seen press releases for.

Screenshots of Quick Look windows in Leopard are themselves transparent

One thing I find incredibly neat is that screenshots I've taken of Quick Look windows in Leopard are actually transparent — I can layer them on top of other graphics in applications such as Keynote, and the backgrounds show through.


I'm sure this sort of thing happened if you took screenshots of transparent windows in Tiger, but I never bothered. The windows weren't everywhere. Quick Look is everywhere in the Finder, and as a Big New Feature With A Marketing Name, having screenshots when you're explaining it to others is really handy.

For reference, I'm using a Python script to take the screenshots. It's basically calling the built-in screencapture tool and then adding a drop shadow to it with the Python Core Graphics bindings. I got+the+script+from+Lankhmart+on+the+Mac+OS+X+Hints+forums — I found it after trying to write my own, since I'd been wanting such a script for a long time.

Thoughts about the Leopard line

I got together with some folks to stand in line for the Leopard release on Friday evening; we went camping in Victor outside the Apple Store Eastview. I wanted to jot down a few observations of the outing, and I’ll do so in no particular order.

It was fun, both for the event itself and to spend time outside the home with friends. (Unfortunately — or perhaps fortunately — Christen was stuck at home with Elijah.)

It’s perhaps not the best advertising in the world to have a line 200-some odd deep waiting to get into your store. It becomes a curiosity for others in the mall and a hassle for patrons who just wanted to saunter in but are turned away. Amplify this with a line that is predominantly composed of white males, aged 20 to 60 — and the store suddenly looks a lot less hip.

Those of you who’ve stood in lines for Apple conference or trade show keynote addresses know of what I speak. Though this crowd was less like WWDC’s and a little more eclectic like Macworld’s, it was still a turn-off for the teenage girl iPod demographic.

Speaking of which, some young girls walked up to others in the line behind us, asked what the line was for, and then rolled their eyes and stalked off in revulsion.

Unlike any other retailer I can think of in this situation — a captive audience of 200 people waiting to rush through your doors — Apple didn’t have any other promotions in force. Just a new operating system. They didn’t give anyone 5 or 10% off a new computer, or a discount on an iPod, or any other kind of bundling incentive, as far as I could tell.

Frankly, most of the people I saw walking in played with a computer for a few moments and walked out again with only their free t-shirts. And then a few jumped back at the end of the line for another t-shirt.

Did Apple even make any money on this, after staffing up, closing the store to prep, and then giving out the freebies? It looked like they wanted you to go in and out immediately … preferably with your copy of Leopard, sure, but they weren’t exactly encouraging anyone to get more than that.

The Eastview store has been totally reconfigured. I haven’t been there since its remodelling, but the Genius Bar is in the back now, where the checkout used to be. Now, there’s no obvious checkout so I assume they’ll be heavily using those hand scanners from now on. Overall, it was hard to get a feel for the changes since the Leopard checkout line was roped off through the center of the floor.

The iPod touch, which I saw in person for the first time, is really thin. The outer ring on its face is beveled in a black material, maybe metal, that appears similar in style to the sloping edges on the new iPod classics and nanos.

The store employee I chatted with about the Mac Pro didn’t have much help to offer me about the optional BTO RAID card. In fact, he was just looking up the details on the Apple Store Web site, thankyouverymuch. But, he was pleasant while he was performing that admirable service, and I’ll give him credit that he was genuinely trying to be helpful.

Non-universal libraries and more in Leopard

Dave Dribin notes a non-fat library file in the shipping version of Leopard. I whipped up a quick test to see if there were other libraries that were PowerPC-only, at least based on my understanding of lipo (see also Compiled for ppc7400). There is one other I found:

$ for a in /usr/lib/*.dylib ; do if [ -f "$a" ] ; then lipo -info "$a" ; fi ; done | grep -v "i386" | grep -v "x86_64"
Non-fat file: /usr/lib/libcrypto.0.9.dylib is architecture: ppc7400
Non-fat file: /usr/lib/libssl.0.9.dylib is architecture: ppc7400

Duplicating that with grep "Non-fat", which I settled on in my next step, produces the same results.

I figured I'd widen the scope a little bit — and wondered if any non-universal files would be Intel-only — so I experimented until I came up with the following search. It turned up some interesting results, including non-universal files that were ppc, some ppc7400, some i386 … and "veo."

$ find / -type f -perm +u=x,g=x,o=x -exec lipo -info {} \; 2>/dev/null | grep "Non-fat"
… 64 lines of non-universal executables omitted but attached as a file to this story …

I'm surprised that there were 64 non-universal executables. Some of them didn't necessarily need to be universal, as they appeared to be architecture-specific drivers. Others, I'm not so sure.

What the heck is veo? I guess it might+be+related+to+PowerPC, but that still doesn't explain to me why its architecture type shows up in Leopard.

64nonuniversal.txt7.71 KB
Syndicate content