lion

Mountain Lion and Tunnelblick - Playing Nice Together

One of the things that requires some tweaking after the installation of Mac OS X (Mountain Lion) is Tunnelblick, a free and open-source GUI for openVPN.  I use Tunnelblick for work and play so it's pretty important that it be working correctly. After Mountain Lion installed, Tunnelblick no longer worked on either of my VPNs.  Scanning the forums, blogs, and support sites, I found several solutions, none of which worked on their own (for me), but instead required combining the solutions to get things to work.

First, you're going to need to de-install your existing copy of Tunnelblick but, before you do, open a finder window, or cd from the command line, into "~/Library/Application Support/Tunnelblick".

Copy all of your current configuration files to someplace safe in the event you don't need new configuration files for your VPN.  Personally, I use BolehVPN and   I generated new key files as part of this process.  My work VPN files are going to require some tweaking too but, either way, it's always nice to have back-ups so you don't have to start-over from scratch creating your configs.

I used a sweet little program called AppZapper to remove Tunnelblick - it thoroughly cleans out all files associated with the app - hence the reason why you want to back-up your config files.

Once you've removed Tunnelblick, download the beta version of the software.  The current release is versioned at 3.2.6(2891.3007) and was built on May 3, 2012.  This version does not work with Mountain Lion.

You want to download and install Tunnelblick 3.3.  The Beta release version changed four iterations in 24-hours so don't worry about which rev your getting -- this has worked for me since beta release 12.

Once you're down with the install, you can either download new key files (certificates, keys, and configs with the opvn extension) or you can see if your current configurations will work with the beta.

Once I installed the new key files, I found that I could connect to my VPN provider successfully, but I couldn't do anything after that point.

If this is the case for you, which you can confirm by loading a website by it's IP address instead of the URL... As a matter of routine, it's good to memorize (or at least write-down) this IP address: 74.125.53.100 which is the IP address for google.com.

If you can get Google to load by IP and not by name, (google.com), in the URL bar, then you need to tweak your nameserver settings for your VPN configuration.

Click on the Tunnelblick icon in your menu bar and then click on "VPN Details" at the bottom of the drop down.  This will open a dialog box with your available VPN configurations on the left in a scrolling text box and, on the right, a two-tab  panel for your Logs and Settings.

If your connection failed, scroll through the information under the Log tab and you should see something that looks like this:

[codesyntax lang="text" lines="no"]

2012-07-27 08:51:06 *Tunnelblick process-network-changes: SearchDomains changed from

* *                     to *                    <array> { *                    0 : openvpn *                    } *                    pre-VPN was *

[/codesyntax]

This information shows you that you've no search domains selected for the new VPN connection because normally you should see IP address in these containers.  Unless you do everything by IP address, you're going to be dead in the water...so....

Click on your VPN listing and then click on the Settings tab.

By default, your DNS/WNS configuration has the setting "Set nameserver".  You want to change this setting to "Set nameserver (3.0b10)".

Click back to the Log tab and attempt your connection.  You should be able to successfully resolve DNS/WNS at this point however, if for some reason this doesn't work, then go back to the Settings tab and try the other nameserver options in the drop down.

Finally, something else you may wish to check is your DNS server settings for your OS.  Open System Preferences -> Network -> Advanced... for your internet connection.   Click on the DNS tab and look a your nameservers listed in the box on the left side.

If you're using your ISP's router IP as your DNS server, you're probably going to have a bad time.  I use Google's nameservers but there are other free nameservers available too, such as OpenDNS.  Whatever you decide to use, enter the nameserver IP address in this block after removing the IP for your ISP or network router.

Google's DNS nameserver IPs are: 8.8.8.8 and 8.8.4.4.

That's it!  Hope this helps!

 

 

Waaaaake-up! Hello? Lion? You awake? WAKE-UP!

Oh, Apple.  What did you do now?

It's one thing to introduce broken (or bent) functionality in an upgrade release.  It's quite another to break (or bend) existing functionality in the same upgrade.

I really like Lion so far.  What I thought I would miss, I don't, and I've already become dependent on several of the base features that the upgrade offers.

And, hey, Microsoft (you big wad o' suck) take note:  a major update for $30 that I can install on all of my machines!  And I don't have to pay attention to see if it's ultimate home premium 64, too!

(aside:  I'm more pissed that usual at Microsuck.  Earlier, using Bootcamp, I was playing Rift and I noticed that performance was lagging badly.  To the point where I just decided to log-out and get some work done.  After logging, I see that my tx/rx light on the dsl modem is solid.  During shut-down, I see the usual dire-imprecations and deadly warning spew that pops when you update a Microsuck in-progress system update download.

WTF?  I explicitly turned off the "feature" of independent updates in favor of only-update-when-I-tell-you option.  You know, the way real operating systems do it.  Apparently this setting means jack-shit as the crapware decided, again and on it's own, to go out and download god knows what from the 'net.  Pure and unadulterated hubris.

Now I don't mind the constant virus updates -- I deleted three security exceptions from the Windows box today alone.  But this constant updating without my permission really is pushing it.  You confirm everything I want to do, concerning downloaded content, several times.  But true to the "do as I say not as I do" philosophy of this bloatware, Windows continues to ignore user selections and configurations and just farts and whistles it's way through a continuous stream of critical updates.  Pure crapware.

Wanna end the wars in Iraq and Afghanistan?  Send them free copies of Windows to install on all their military infrastructure.  War will be over in a week, guaranteed.)

That was a long "aside".  Or rant.  Or some factual observations.  Whatever.

Anyway, back to a real operating system that not only let's you get real-work done, but also listens, remembers, and then doesn't ignore your configuration settings...

I've been having problems with my Lion installation not waking from deep sleep.  I define two levels of sleep.  One is light-sleep: where the computer's screen saver kicks-in, and a simple mouse-twitch brings it back.  The other is deep sleep: this would be when you explicitly put the computer to sleep, or your power management settings kick in.

What I've been experiencing has been happening either on weekend-mornings, or in the evenings when I get home from work.  I sit down at the computer and poke the shift key, twitch the mouse, tap the space bar and ... nothing.  Repeat shit-key poke, mouse twitching, space bar tapping. ... Still nothing.

I poke the caps-lock key.  ... No light.  This is not good.

Both my keyboard and my mouse are wired USB peripherals.  So I dis(re)connect the devices from the hub and, again, twitch the mouse, poke the cap-lock key and ... black screen.  There is no power indicator on the new 27" iMacs.  So I have no idea what state the computer thinks it's in.  Time for some drastics.

I tap the power button.  This is usually enough, on my MacBook Pro, to jog it awake but, on my iMac...nothing.

Eventually, frustration wins out and I do a hard-reset by holding down the power key until it powers off and then I reboot.

Goddamnit.

I have a three support contract with Apple on this desktop but I'll be damned if I'm going to call them to confess that I've no idea on how to wake-up my desktop from sleep.  So, I google it.

I found this article, which explains how to reset the PRAM and NVRAM on your iMac because, you know, batteries get old and flash memory gets stupid over time.  So I follow the steps and, when the computer restarts, it's definitely brighter.  (I'm not that good of a touch typist and I tend to inadvertently do things to both the brightness and volume controls...)

But, the next day when I get home from work, the computer is back in Rainman mode and I have to power-down to bring it back.

So I google it again, and this time I see a post on a mac-forum that blames the problem on disk permissions.  Sure.  Why not?  So I run verify disk and, lo'!  I have a bunch of crap that gets re-perm'd.

Still not going to call Apple.

I'm writing this article and I guess I'll see what happens the next time I try to roust the machine from deep-sleep.  I'm pretty confident that it's going to fail and, if it does, then I'll log a call to tech support.

In the meantime, if any of you have suggestions, I'm open...

 

 

X11Forwarding from CentOS 6 Linux to Mac OS X Lion via SSH

In my previous post, I wrote about getting gpass (a password manager for the gnome desktop) compiled from source and running on our CentOS 6 platform.  The screenie I took of the welcome screen was a mac-i-fied version.

I had configured my Linux machine to support X11 port-forwarding over a secure shell.  It was surprisingly quick and easy to set-up and execute.

I wanted to remote-display the gpass window to my Mac OS X Lion desktop because I needed to transfer passwords from my 1Password application (running on Lion) to my gpass (Linux) program.  Some of the passwords are pretty gnarly so the only way I can guarantee transferring data without making typos was to set-up a copy-paste-friendly environment.

One quick caveat. I've noticed that, when I terminate an X11 program from my Lion shell, I can no longer use that shell to initialize another X11 applet.  I need to exit and re-start the terminal.  If you know of the work-around for this, please leave a comment/reply to this post.

For all the following commands, it is assumed you have sudo privileges on your Linux system.

The first step I took was to edit the /etc/ssh/ssh_config file.  At the end of the file, past the comments, there is a section labeled:

Host *

...

ForwardX11Trusted yes X11 Forwarding yes

...

Make sure that you have those two lines, uncommented and present, in your configuration.

Next, (re)start your sshd server:

# /etc/init.d/sshd restart

Stopping sshd:                                         [ FAILED ] Generating SSH1 RSA host key:         [      OK      ] Generating SSH2 RSA host key:         [      OK      ] Generating SSH2 DSA host key:         [      OK      ] Starting sshd:                                           [      OK      ]

 

In case you're curious, the FAILED message in the first line of output was generated because I didn't already have sshd running on my system.

My machines run on a 192.168 subnet behind two firewalls - the firewall on my DSL modem, and the firewall on my multi-port router.  Normally, I'm not too concerned about the security of my individual machines.  (e.g.: I'm not running a software firewall on my Mac or my Linux server.)  My subnet is DHCP-served by my router and the router is on it's own subnet DHCP-served by the dsl router/modem.

I need to obtain the current IP address of my linux server which I do so my running the ipconfig command.

Next, I switch over to my Mac and open a terminal -- within the terminal, I enter:

iMac:~ mike$ ssh -X 192.168.0.6
The authenticity of host '192.168.0.6 (192.168.0.6)' can't be established.
RSA key fingerprint is f9:04:2d:0e:70:3d:a7:8f:92:c0:02:69:8c:f2:e6:51.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.0.6' (RSA) to the list of known hosts.
mike@192.168.0.6's password:
whassup?
/usr/bin/xauth: creating new authority file /home/mike/.Xauthority
[mike@codeMonkey ~]$

At the command prompt, I now only have to enter whatever X11 command and that program will be displayed on my Mac Desktop.  I can even open and start an entire desktop session.  I could - but I won't -- my Linux server only has 2gB of Ram...

Instead, I'll open a gnome-terminal.  So, at the prompt, I simply type: gnome-terminal and I get the gnome-terminal to appear on my desktop:

That's pretty much all there is to it, as far as I could tell.  Eazy-peezy.

One last note -- once you have a terminal running on your Lion desktop, then any X11 commands, such as gpass, you enter will all be displayed on your Lion desktop.  This circumvents the one-terminal-one-applet restriction I mentioned at the top of this article.

That's pretty much it for this article -- hope this helps!

Lion Upgrade -- Recovering mac ports, ncurses and mongodb

Lion ate my mac ports install. On the other hand, mac ports has never been very robust when it comes to operating system upgrades.

Earlier this week, I did a time machine restore to a new mac book pro from an (much older) mac book pro -- I spent the next four hours or so recovering and rebuilding my XCode and mac ports environment.

So, it wasn't really that much a surprise to see that my mac ports installation failed to selfupdate or upgrade outdated following the Lion OS update.

The first thing I had to do was grab the new (OX X 10.8) version of XCode from the Apple AppStore.  This, as it turned out, was a bit of a challenge.  I couldn't see to get the new rev to download from the AppStore and, Apple being Apple, there's no such thing as  a mirror site.   Long story short, it took about 36 hours of repeated download requests/attempts to get the upgrade downloaded.

Once I installed the XCode update, the next step was to re-build mac ports from scratch.

[cc lang='bash' line_numbers='false']

# sudo svn checkout http://svn.macports.org/repository/macports/trunk

# cd trunk/base

# sudo ./configure --enable-readline

# sudo make install

# sudo make distclean

# sudo port -v selfupdate

# sudo port upgrade outdated

[/cc]

...and this is where I started getting a lot of errors...  Basically, ncurses was failing to install returning with a shell-error command.  If I tried to install individual packages that depended on ncurses like, say, mongodb, then I got returned to this error.

About 30 minutes of reading in the mac ports bug filings, and I learned that there is an issue between ncurses -> libiconv -> gawk.  The tl;dr of the issue is (if I remember right) that libiconv was looking for awk and finding gawk and wasn't building.  Since it didn't build, then nurses won't build, and if ncurses won't build, you're pretty much screwing the pooch on your mongodb install.

So, through trial-and-error, and you may have to repeat the sequence, I figured out the following commands to get all the innards back into the stomach of mac ports:

(note: either sudo these commands or exec as root.)

  1. port clean gawk
  2. port uninstall gawk
  3. port clean libiconv
  4. port uninstall libiconv
  5. port install gawk
    1. this will automagically reinstall libiconv
  6. port clean ncurses
  7. port install ncurses

This should result in a clean build and installation of ncurses.  Earlier in the process, since ncurses is dependent on ncursesw, I cleaned, uninstalled, and installed ncursesw.  But I'm not convinced that was a necessary step.  If the above process is failing for you, then maybe you should try r&r'ing ncursesw first.

I'm still having issues with mongodb...and I'll document the solutions as I figure them out -- but the ncurses dependency is, for the moment, addressed.

[cc lang='bash' line_numbers='false']

In file included from util/processinfo_darwin.cpp:30:
/usr/include/mach/shared_memory_server.h:48:2: warning: #warning "<mach/shared_memory_server.h> is deprecated.  Please use <mach/shared_region.h> instead."
In file included from util/processinfo_darwin.cpp:23:
/usr/include/mach/task_info.h:252: error: 'vm_extmod_statistics_data_t' does not name a type
/opt/local/include/boost/system/error_code.hpp:214: warning: 'boost::system::posix_category' def

[/cc]

And I see there's a bug reported for this issue with the comment that they're kicking it over to the folks at mongodb for a fix.

Stay tuned...

[Edit 8/1/2011]

I did a Lion upgrade on a fresh Leopard system - there's been some changes since I wrote the article, most notably, the problems with ncurses, gawk, et. all., seemed to have been fixed.  The steps are pretty simple, actually:

  1. download (holy constipated broadband! anyone else notice the slow-as-frozen-cement download speeds Apple squicks out for this application?)  and install XCode for Lion from Apple's AppStore application.
  2. check and, if necessary, modify your PATH variable to include the mondodb bin path (for me: /opt/local/bin).
  3. self-update the mac port install  (sudo port selfupdate)
  4. update the outdated ports  (sudo port upgrade outdated)
  5. Follow the steps left by Peter in the comments below to patch and install mongodb.  (Thank-you, Peter!)
Once I did this, I had a fully-functional port installation, complete with mongodb and all the other cool kids. (Apache2, mysql5, php5, etc.)
Hope this helps!

OS X Lion - First Looks

I downloaded Lion, Apple's latest upgrade to Mac OS X yesterday afternoon.  I used my work connection to do so and completed the download in about 20 minutes.  When finished, I had a new application installed named "Install Mac OS X Lion" in my /Applications folder.  I burned it to a DVD and scurried home to install the upgrade on my 27" I7 iMac.

What follows are some first impressions about the new operating system.  This is just the kinks and quirks that I've discovered.  If you want a painfully in-depth review, I suggest the Ars-Technica review.  All 20 pages worth.

I was somewhat worried about the install as I'd heard, through co-workers, that there were problems with the install and that your system had to absolutely be up-to-date with the latest software upgrades in order for the installation to be seamless.  So, I ensured that, before installing, I hit software-update off the main menu and installed everything Apple recommended that I install.

That took about a half-hour because there were a lot of 10.8 updates (iTunes, iWhatever) to install.  When that finished, I copied over the "Install Mac OS X Lion" folder from the DVD into my Applications folder and double-clicked.

It took about three minutes for the installation prelims to sort themselves out.  Then my machine re-started itself and began the install in earnest.  It informed me that I had about 30 minutes to go.  Watching the progress bar tick across isn't all that absorbing, and Sarah had a chicken wings cooking, so I left the upgrade to it's own fate and left to go scarf a couple pounds of her awesome chicken wings.

When I returned, the computer had finished the install and was displaying the Lion login screen waiting for me to sign-in.  I did so, and was presented with the new welcome dialog box and the new-ish desktop.  So far, so good....and, uh-oh.  Up popped a dialog box telling me that Lion had detected incompatible software on my system and had removed said software to a folder called "Incompatible Software" on my install drive.

I had two programs in this folder - one I don't use anymore, can't remember what it was called, and really didn't care.  The other was visor, my terminal program hider which I did, very much, care about.  I checked the author's website and, sure enough, a replacement program was already available for download and installation.

I didn't have a lot of time to play with the new OS, but this is what I learned in the hour or so that I did have.

-- I crashed terminal once, after SSH'ing into a remote server.  The crash report popped and I sent it off to Apple.  I relogged into the remote server and it's not crashed since.

-- Safari failed to display the Netflix plug-in necessary to display/run/show movies.  Chrome worked without issue.

-- The new email program is really cool.  A lot like the iOS mail program in terms of the UX.

-- I have a dual-boot set-up with Windows 7 running off another partition on the same drive.  After installing Lion, I checked and tested and the partition was accessible and stable.  (As stable as Win7 can be at any rate.)  The only difference I noted was that, before since Win 7 was the last OS installed, it booted by default; I had to hold-down the option key to boot into Mac.  Now, Lion boots by default and I hold down the option key to select the Win 7 bootable partition.

-- I have a recovery partition now in addition to the Win 7 and Lion partitions...I had read about this in the Ar review so no surprise.  It's nice to see that I have this parachute though in case things really head south.

-- Not sure if all my mac-ports software will still function.  I do some development at home and I know that whenever you change OS versions, you have to pretty much R&R ports which is a real pain in the patoot.  I'll need to test this later today when I get home...

-- The application formerly known as spaces is very new, interesting, and will take some getting used to.  Overall, I prefer the new UX.

Everything at this stage is superficial as I've not checked CPU burn or memory usage.  Does it feel faster?  Ah, meh.  I've not run any serious apps under it so I can't say at this point.  As I explore more, I'll share what I discover...

[Edit: July 22, 2011]

Mac Ports is definitely broken.  It requires a re-install of Xcode which is, in itself, a total pain in the ass apparently to download and install.  I've been trying now for over a day to get Apple to push this application down to me and it's only been in the last hour that I've started to see some bits and bytes squick down the line to me.  You can only install this app from the AppStore, unfortunately.

(And, while I'm thinking of it -- why the hell do I have to keep plugging in my AppStore password every single goddamn time I access the store?  Wasn't there a reason you had me store this information?  (System Preferences -> MobileMe?)  FFS, Apple, one of the reasons why the Android Market is so much better than the iPhone AppStore is that I'm not forced to enter my password each and every time I want to do something.)

Anyway, when I tried to update ports, I got errors.  So I checked-out the source and went to build from source and was informed that I don't have a worthy C-compiler installed.  You *have* to download the XCode package for Lion and install that first.

Also, I cannot recover my Lion install from sleep mode.  Key presses, power-button flicks, mouse shaking, nothing seems to work other than a hard re-boot.  I called Apple Support and scheduled a call -- which was incredibly unsuccessful.  I was advised to try the following:

-- turn off your computer and remove the power cord for 15 seconds.  Me:  Why?  How is this different from shutting off all power to the computer during a reboot?  Them:  Well, it's different if there's no power to the computer.  Me:  Oh.  So, when I shut off the computer by holding down the power button for 5-seconds, and it goes black, it really continues to run?  Them:  Uh, no.  It's, ah, just better to not have power.

-- boot from the restore partition and run the equivalent of fixperms (reset all file/directory file permissions on the filesystem)  Me:  You're saying that Lion messed up my permissions during installation?  It was working, I installed Lion, it's not working, and you're telling me file permissions are keeping my computer from waking from sleep?  Them:  Uh, no - this is just what it says on the support forums.  (Thank you, Support Forums, for not suggesting that immersing my computer in water is also a solution.)

-- Reset the pROMS by booting holding down option-R until it beeps twice. Me:  Are you serious? How about you just acknowledge this as a hardware-interrupt driven software failure and tell me you'll file the bug and send me on my way?  Them:  Uh, can you send in your system report, please?

Jeez.  What a waste of time that was...