techblog 

I use a MacBook Pro at work, but of course there are always one or two Windows applications that I need to run too.  Consequently, I recently installed Parallels to allow me to run these both in the office and at home.  I knew that others were using this method to run these apps, so I wasn’t too worried about getting it to work.

When I fired up Parallels for the first time though, the CPU usage shot right up and the whole OS X interface became incredibly sluggish for several minutes.  The strange thing was that this was just starting Parallels itself, not booting the virtual machine.  Once the application was started, sanity was restored.  The offending process was “WindowServer”, so it seemed to have something to do with the graphics processing.  There were reports of other folks having similar problems on the Parallels forum, but none of the solutions seemed to be definitive.

Then I tried starting Parallels while I was away from my desk.  It came straight up with no problem at all.  What was different?  It turned out to be a Good Way USB Display Adapter I am using to allow me to run 2 external monitors from my laptop.  Once this was disconnected the problem went away. So now if I’m at my desk, I unplug the USB cable, start Parallels, then reconnect.  I don’t understand what is going on here, but at least I have a workaround.

I’ve been a vim user for many years.  More recently I have been mainly working on a Mac, but the version of vim for OS X was never very good.  It felt like a Linux application that had been ported to the Mac.  It didn’t support multiple windows, the standard Mac shortcut keys didn’t all work as expected and it just didn’t feel like it fitted in very well.  I was almost tempted to move to TextMate, but I missed all the regular expression commands I had grown used to.  Recently I have moved over to use Bjorn Winckler’s MacVim.  It is a proper Cocoa application which supports multiple windows etc and just looks and feels more Mac-like.  It even automatically updates when there is a new version.  It has got to the point where it is better than the old Carbon version in under a year.  I recommend you give it a try.

Recently I had a weird problem on my laptop. Web browsing was slow and certain lookups failed altogether. The failures were exclusively associated with nominet.org.uk domain names, specifically connections to our office network. When the problems first started my mail client failed to work unless the VPN was activated, which is not the way our security policy mandates it should work. After a while the mail client failed even after activating the VPN. I was effectively locked out of my email unless I visited the office!

The error messages from the mail client suggested that the DNS lookup for the mail server was timing out. Using wireshark on the wireless interface I noticed that there were no DNS lookups for nominet.org.uk, though other search domains were being appended. Everything in System Preferences looked fine, /etc/resolv.conf had no surprises. However, I did find a suspect file: /etc/resolver/vpn-resolver-662638-0 which contained:

domain nominet.org.uk
nameserver 213.248.199.17
timeout 3

This file dated from early 2006, which seemed odd as the laptop was only installed in March 2008! I presume it was copied over from my previous laptop by the Migration Assistant. Removal of this file fixed the problem, but where did it come from?

Our present VPN solution is based on OpenVPN and I use the Tunnelblick client to connect. My first thoughts were to blame this combination. There have been some stability problems with Tunnelblick on Leopard, apparently. But, before we used this system we used an SSL VPN solution terminating on a Netscreen firewall. I used the VPN Tracker client from Equinux to connect. I now believe the rogue resolver file was left behind by VPN Tracker after it was deleted. I am still at a loss to explain why it took so long to start affecting the laptop, or why it appeared to degrade in stages, rather than just fail.

Wireshark is a free, open source network protocol analyzer. It can be used as a graphical interface when viewing tcpdump files. Alternatively, it can be used to capture live network traffic. For this, it must be able to read raw data from network interfaces. Using the standard install from DMG package under Mac OS X this is not straightforward.

By default the /dev/bpf* interfaces are owned by root with permissions set to rw-------. They can be opened for reading using sudo chmod go+r /dev/bpf*, but this is not persistent across reboots. To permanently ensure that Wireshark can be used in capture mode it is necessary to run this command on start up. The mechanism to do this is explained here. I made a slight modification to the ChmodBPF script to run the command above. The gzipped file is attached. Simply unzip this and put it in /Library/StartupItems.

I recently upgraded my OS X Java development environment to
the Java SE 6 Developer Preview 9 release. After the upgrade I encountered the following error when running code which relied upon the AWT libraries:

seventh-circle$ java AWTExample
2008-04-24 12:15:12.061 java[1035:10b] Apple AWT Startup Exception : *** -[NSCFArray insertObject:atIndex:]: attempt to insert nil
2008-04-24 12:15:12.087 java[1035:10b] Apple AWT Restarting Native Event Thread


Ugoogalizing the stack trace indicated this was a rare but not unknown problem, with no obvious solution. A known unknown, if you will.

After blaming everyone else I retraced my steps and realised that I had changed the CurrentJDK and Current symlinks in /System/Library/Frameworks/JavaVM.framework/Versions to point at 1.6, in a misguided attempt to make this the default version of Java for the shell. Specifically by repointing the Current symlink from A to 1.6 I had broken the Java Native Foundation framework. I reset the symlink and chalked the lost hours up to the arrogance of youth:

cd /System/Library/Frameworks/JavaVM.framework/Versions
sudo rm Current
sudo ln -s A Current

In summary, if you want to change the default version of Java to 1.6 for a command line process on OS X, I’d recommend using the Java Preferences Application. If you want to be sure add the following to your .bash_profile:

JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH


IntelliJ, the extremely good Java IDE from Jet Brains will often fail to pick up external file changes; for example performing a subversion “svn up” on your source code.

The problem can be fixed by removing or renaming fslogger in IntelliJ’s bin directory (e.g. /Applications/IntelliJ IDEA 7.0.3.app/bin) as is well documented.

Jet Brains continue to ship this library — enabled by default — for version after version of IntelliJ. Each time I install a new version, the first thing I have to do is disable fslogger and if I forget, then I tend to end up wrongly accusing a colleague of checking-in broken code.

The fslogger library doesn’t work for anyone here as far as I am aware. Shipping a library that actually stops a product from working, when it works so well without it is something I find hard to understand. Perhaps Jet Brains would consider removing this library from the IntelliJ distribution or shipping it disabled by default.

If you’ve got Leopard, you may have noticed that it tags files that you download and then warns you that you are opening a downloaded file. This annoys some people, but I think it is quite a nice touch for the average user. As a power user, you might want to remove this tag from the file manually (read: using the command line). To do this you need to use the xattr command as explained nicely by Henrik. It seems like the tag is stored in special extended attributes on the file which show up in detail if you issue the ls command with the -@ flag. To remove them you just do

xattr -d com.apple.quarantine <downloaded_file>

Strangely this command has no man page, but will give usage if you pass it a -h flag.

Having just upgraded to Leopard (OSX 10.5) I had problems getting my Novatel (aka Merlin) XU870 to connect to the Internet over 3G. I’ve used Vodafone data services for several years now so the settings are burned into my brain:

With Tiger (OSX 10.4) I used to have all that configured, partly in Network Settings and partly in Internet Connect. To connect I would have to dial from Internet Connect.

With Leopard it turns out that Internet Connect is not needed, nor is the phone number. However there is one oddity that is not what you expect.

In the basic Network Settings box you set the Username and Password as above. Then select the advanced button. On that screen you set:

You have to trust me on the model, if you select CDMA then it does not work and the APN is not displayed. It does connect over 3G and does do HSDPA when available. So this is definitely an oddity with the software.

There have been some other blogs about deleting files and adding old drivers, but I already had the most up to date drivers and did not have to touch them. I had a colleague test it who has never installed the drivers at all and it worked fine for him, so I guess this uses the drivers included with Leopard.

Now, in order to connect I just use the WWAN icon on the menu bar (the one that looks like a gradient of vertical bars) and from that menu select Connect. Previously this icon automatically showed dark bars indicating the signal strength, but now it has varying shades of grey until you connect when it turns black. If you want to see some lights to indicate traffic flow then you need to keep the Network Settings screen open.

PS. I tested this, wrote this blog and posted it, all from a train !

For some reason, I decided to upgrade my laptop to Leopard yesterday. Not sure why, as there isn’t anything that I simply must have. Everything went well after the upgrade, with only one thing broken: The login window. As soon as it received focus I got the dread spinning beachball of death. I found that there were some other folks getting the same issue. As mentioned there you need to do an Archive and Install to fix the problem. So I tried that with the ‘Preserve User and Network Settings”. Same thing. Finally I tried it without preserving any settings and I was in. So then I had to copy across all of my files and preferences from the archived copy of my system. Phew, not bad for a day’s work.

I think the problem is that I am a tweaker. I can’t help installing 3rd party apps to change this and that. But that’s because I’m a techie and we jealously guard our freedom to tinker. It looks like if I want a trouble free life I should learn to live with the defaults.

Chatting to a colleague this morning, and it looks like Leopard’s Time Machine just won’t work with Filevault when he tried on his laptop. As Apple state on their Time Machine page in their marketing blurb: “Time Machine: a giant leap backward” …when working with Filevault.

Time Machine monitors your disk drive by checking for changed files on the hour and backing these up incrementally. Filevault works by encrypting and storing the entire contents of your Home folder into a safely encrypted disk image, then reading and writing to that, encrypting and decrypting on the fly.

Because of this, your home directory is essentially a single file as seen by Time Machine, so every time you try to make a change to your Filevault protected home directory, Time Machine tries to backup this whole disk image.

Now as a business user, I can see why Filevault would be used to protect sensitive business data on a laptop in a business environment, but really businesses should have a more robust backup solution should be in place already, rather than depending on a consumer grade solution, and businesses should not really depend on Time Machine as their sole reliable backup solution. Time Machine won’t work reliably across a network (unless to another Mac) anyway, which is what a lot of businesses will be doing backup-wise.

However as a home user, on my machine at home, I can see the benefits of Time Machine, and really running Filevault on my home directory would be pointless, as the amount of RAW image processing I do would seriously be hampered by encrypting/decrypting on the fly, and I have absolutely no need to encrypt my MP3s! At home, most of the document processing I do now is web based anyway, and short of a few applications and music/photos, I have precious little on my home hard drive that really needs encryption, but would benefit from something like Time Machine for occasional file recovery/chance of component failure. At work, I use Filevault on my laptop, and our source code repository for storing code and Lotus notes for storing project related info, so have no need for Time Machine, but Filevault on the other hand is very useful.

Now obviously my particular computer usage will work well with this situation, but for those who store more sensitive documents and want encryption and to use time machine, another solution might well be needed.

The only workaround I can think of is to use the Disk Utility to create an encrypted AES-128 disk image. This is the same technology Apple uses for Filevault. Them while using this, mount it and write files to it, and close it when done. Time Machine will back this up as usual, but as it is storing just the files you want encrypted, it should be a lot snappier, due to much smaller file size. It’s not an ideal situation, but if someone had to use both encryption and Time Machine it might help.