More (Race) Data Nerdery

Submitted by Edward Marczak on Tue, 12/13/2011 - 19:32

So, another race (Habitat for Humanity 5k charity, 2011), another batch of data. Unlike the last batch of data, I had less pre-conceived notions about the makeup, as I was paying more attention to our 9-year-old who ran her first 5k with us. Like the last set of data, the bulk of people came from towns in close proximity:

Ronkonkoma        Bohemia
   35                31 
Oakdale           Sayville 
   18                12 
Holbrook          Patchogue 
   11                11 
Manorville       West Babylon

Challenge Your Assumptions

Submitted by ladmin on Tue, 12/06/2011 - 09:36

I've been on a small data analysis kick lately. It was great news when a recent race I ran freely shared the race data in a nice plain-text format (http://www.flrrt.com/results/sea11.txt). I converted this into a CSV file and read it into R. Now, just looking at the crowd, I would have guessed that there were a 'few hundred' people, the bulk of which were men. In fact, there were 969 runners overall with nearly an even split between men and women (480 female and 489 male - that's a pretty insignificant margin).

MacTech Conf 2011 Intro Playlist

Submitted by Edward Marczak on Sat, 11/05/2011 - 11:14

Once again, I had a lot of people asking me about the music I chose for MacTech Conference. The idea for the Intro Playlist is that it entertain people while waiting for the initial opening of the conference. It's timed so that as the final song plays, Neil, Scotty and I can get up on-stage with no worries of changing, muting or stopping the music. Here's what I played this year:

Updated[2]: For Security's Sake: Remove Diginotar CA Certificate

Submitted by Edward Marczak on Tue, 08/30/2011 - 16:16

*
Apple has released a security update for Snow Leopard and Lion that addresses this issue:

Snow Leopard: http://support.apple.com/kb/DL1446
Lion: http://support.apple.com/kb/DL1447

There is no update for Leopard, so, in that case, you should still follow the instructions below.

Apple's update simply drops these files into place (on Lion):

/System/Library/Keychains/EVRoots.plist
/System/Library/Keychains/SystemRootCertificates.keychain
/System/Library/Keychains/SystemTrustSettings.plist

So, no matter which updates you made to the Diginotar cert -- delete or untrust -- the Apple update will just plow over all of that with the right setting and updated certs.
*

While ignoring how broken the entire Certificate Authority (CA) model is, here's what you should do right now: Delete the CA cert for Diginotar from your system. Why?

http://www.computerweekly.com/Articles/2011/08/30/247730/Microsoft-warns...

Now, if you're an individual, this is simple: just remove it from your system. Since I largely focus on Macs here, that would be in the keychain. Open Keychain Access.app, search for "Diginotar" and delete the resulting certificate.

...and don't forget Firefox, which keeps its own list of CAs:

http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert

But, what if you're a Sys Admin responsible for protecting a fleet of machines and you don't expect end-users to do this themselves? (Or, that you're going to personally visit each machine.) Automate it, of course! The security binary will help you do that:

sudo /usr/bin/security delete-certificate -Z C060ED44CBD881BD0EF86C0BA287DDCF8167478C /System/Library/Keychains/SystemRootCertificates.keychain

(You can first check for the existence of the certificate using security's find-certificate instruction.)

Of course, you're using a system management framework that will allow you to run this command on all the machines in your fleet, right?

Update: This turns out to be a little more complex than simply removing the certificate. While removing the Diginotar cert is still recommended, DigiNotar is cross signed by other CAs. Removing the Diginotar root only removes one of them (and there are 5 paths). Also, it seems that there are some bugs in Apple's certificate handling in some cases. So, what can we do?

Certainly, remove the Diginotar cert from your machines, as that does help the most egregious cases. From there, we have two options: Use FireFox 6.0.1, which uses its own root certificate store and is now protected against this. Secondly, we need to wait for a patch from Apple--the only one in a position to really address this. Only a patch from Apple can completely fix browsers and apps that rely on the system store, Safari, of course, being the biggest use case, with Chrome and Mail.app as two other Webkit-based apps that may rely on the system root store for certificate handling.

(Big thanks to Harald Wagener for review on this, and reminding me about using find-certificate.)

Check GMail with IMAP and Mail.app

Submitted by Edward Marczak on Fri, 08/19/2011 - 11:30

GMail, when accessed via IMAP tends to do some "interesting" things. There are several settings that lessen the pain:

1 - Click on, 'Settings,' at the top of the GMail web page while you're signed in. Click on "Forwarding and POP/IMAP" and then scroll down to the "IMAP" section.

2 - Update the following settings:
"When I mark a message in IMAP as deleted" - Auto-Expunge off
"When a message is marked as deleted and expunged from the last visible IMAP folder" - Immediately delete the message forever
"Folder Size Limits" - leave as default

Doing it Live

Submitted by Edward Marczak on Wed, 04/13/2011 - 01:24

Over the next week or so, I'll be moving this site to a new host. I'll admit right now: I don't have a great plan in place, much more than backup, transfer and get things going. There may be a short bit of downtime, but honestly, this site isn't a money-making resource for me, nor do I think anyone is depending on for their day-to-day livelihood. It can stand a little downtime if it comes to that.

For those of you using the RSS feeds, you may need to reset those.

The address stays the same: http://radiotope.com. Never mind the debris. Thanks.

Dumping the Dropbox Database

Submitted by Edward Marczak on Sat, 04/09/2011 - 11:01

A while ago, I wrote a quick script to dump the database that Dropbox uses to store its config info. I use this in my .bash_profile script mainly to locate the Dropbox folder on any given machine I'm on. If you're curious as to what's getting stored, I've attached the script here.

Reset Apple Software Update Service (SUS)

Submitted by Edward Marczak on Tue, 03/08/2011 - 18:10

Honestly, there's no more finicky service under OS X Server than Software Update. Sometimes, you just need reset the service and start from scratch. Under Server 10.6, the best way I've found is to:

- Stop the service.
- Get a shell on the server and sudo up to root.
- mv /var/db/swupd /var/db/swupd.old
- mv /etc/swupd /etc/swupd.old
- mkdir -p /var/db/swupd/html
- chown -R _softwareupdate:_softwareupdate /var/db/swupd
- chmod g+w /var/db/swupd
- Use ServerAdmin to (re)set the preferences for the service
- Let 'er rip. (start the service)

Macworld IT881 Notes

Submitted by Edward Marczak on Thu, 01/27/2011 - 18:30

I'll be giving a presentation at Macworld 2011, A Week in the Life of Google IT. So people don't have to furiously scribble down notes for the things we mention, we've created a PDF of every product/project/whatever we mention in the presentation. Get it here:

Macworld IT881 Notes

MacTech Conf 2010 Intro Playlist

Submitted by Edward Marczak on Fri, 11/19/2010 - 13:49

A number of people have asked me about the music that I had playing during various points at MacTech Conference 2010. Here's the intro playlist I had set up:

1. Robyn Miller, Myst Soundtrack - Myst Island: Planetarium
2. Power of Seven - Marathon 2: Durandal Theme Music
3. Autostar - Dreadland
4. Gamer Symphony Orchestra - Portal Live from [SUBJECT HOMETOWN HERE] Still Alive

Syndicate content