MariaDB log output showing encryption is working

Utilizing encryption at rest to protect the database data living on your hard drive is a smart choice, especially when dealing with sensitive customer data. Encryption at rest protects the data files by encrypting the actual files the MySQL/MariaDB server reads and writes to on the file system. Although they are binary files they can still be read relatively easily using standard tools as well as being “imported” into a different MySQL/MariaDB server. Encryption at rest is just one part of a total solution and this post is going to cover what it takes to get it running using the AWS Key Management System for key control on macOS using Homebrew.

Continue reading

I’m not going to lie.  I think OS X Lion 10.7.0 is a buggy release.  Is it buggier than some other releases of OS X?  Possibly.  Can Apple fix the bugs, most certainly.  But bugs aside, there a few design decisions Apple made that don’t seem fully baked.

First, lets touch on some of the bugs I’ve noticed so far.

Finder is one of those things in OS X that is almost universally disliked for one reason or another.  Finder in Lion has a new feature where it just stops doing things at all.  At times disk usage stops being updated and it won’t actually copy files.  While a restart of Finder resolves this issue, it’s odd that it is there at all.

Wi-Fi, formerly known as AirPort, has a strange tendency to just not connect after resuming from sleep.  That said, when it is connected I find it to be more reliable with more stable throughput.

Launchpad, the iOS like view of your installed applications has a tendency at times to lag heavily when launching an app.

There are a number of other smaller bugs that exist in Lion that are a bit grating but I have faith that Apple will fix them in short order.  Leopard was initially, at least in my opinion, unusable after the initial installation and I found myself going back to Tiger a couple of times.  Apple fixed those issues and then some.

But what really gets me are the things Apple will probably never fixed because they are working as designed and my real issue is that I don’t like the design.  Gestures for one are a cluster.  Many were changed from Snow Leopard and worse is that a good number of them contradict what a person would have learned.  Four finger swipe up now produces mission control rather than show desktop.  The show desktop gesture has now been replaced by a more awkward five finger gesture.  All in all, I spent the most time tweaking gesture settings on Lion than anything else after install.  Between the available options in System Preferences and BetterTouchTool I think I have things where I want them.

More annoying than the gestures is the addition of “natural scrolling.”  Natural scrolling reverses the scrolling direction when using the mouse wheel so that to scroll the page down you pull your fingers down on the trackpad or mouse.  The naming of this option is also interesting because unchecking the natural scrolling option says to the user they are about to enable something that is less natural.  I don’t think this could be further from the truth.  Like flying a plane, it’s natural for your body to want to push the stick forward to cause the plane to pitch down, but you push left or right to pitch left or right.  Natural scrolling makes complete sense on touch device where it is more like you are pushing a sheet of paper around.  At any rate, my issue comes in when you disable natural scrolling.  Not only does it reverse scrolling but it also reverses the direction used for changing spaces.  With natural scrolling off, using four fingers left causes you to go to the space on the left and four fingers right brings the space on the right into view.  In writing this makes sense, but in practice it feels awkward.

Lion also lacks the kind of polish I’ve come to expect from OS X.  Parts of it down right ugly.  Mail.app for example has a new layout which is great except for the hideous message count badging, shown below:

 

There is just something about the numbers that make them appear to be off in some fashion.

The boot process, at least what you see on screen, has been revamped some and I can’t help but feel that it all looks very clunky.  While the fading and moving the Apple logo from the center of the screen to above the list of users on the login screen is very clever, the steps required to move from boot splash to getting this animation setup is jarring.  The boot process basically boils down to showing the typical boot splash screen with the Apple logo which is then replaced with an image that looks the same and is ultimately used during the final animation that reveals the available users.  This transition just isn’t the kind of smooth and elegant thing a person would expect from Apple.  Couple that with the sometimes jarring color correction applied just prior to the animation effect and you have what is in my eyes a really poorly done boot sequence.  The shutdown process is also odd in that the desktop goes way and is covered with a plain gray screen.  The blue screen used in previous releases was much better and if it had to be replaced at all it should have been replaced with black.

All that said, there is a lot to like about Lion.  I find the autocorrect to be a fine addition.  I like Mission Control a lot, resume is a great feature, Mail.app’s new layout is superb and the refinements to iCal and Contacts are welcome.  I know Apple will fix the real bugs in the software but I can only hope they provide better System Preference options for customizing gestures.

I’m also surprised that none of the reviews I read seemed to point out the shortcomings of Lion and gave it glowing reviews.  As I said, there is a lot to like but it certainly isn’t perfect and I think Apple deserves to hear about it.  Lion isn’t Apple’s Vista by any means, but it’s obvious to me that Jobs had less input in this release than previous releases.

Been a lot of rumors flying about that the Macbook Air is finally getting an update. The Air hasn’t gotten a meaningful update in quite a while and is currently the only laptop model from Apple that doesn’t have a the large multitouch trackpad. Rumors include an 11 and 13″ sku and SSD only. AppleInsider has the details at http://www.appleinsider.com/articles/10/10/16/more_details_surface_on_apples_next_generation_macbook_airs.html.

In my previous post I talk about needing a TFTP server in order to serve some files to a hardware device. This post describes how I used expect to automate the process of logging into the hardware device and issue commands that copy in a config file, commit it to the device, upgrade the firmware and finally tell the device to reset to factory defaults and reboot.

Expect is a way to programmatically work with a normally interactive process. Using expect you can write a script that telnets into a system and then issues commands based on what it “sees.” Here is the script I used, with some important values removed, to automate the process of updating a number of devices.

#!/usr/bin/expect
set timeout 300
spawn telnet 192.168.1.1
expect "login: "
send "root\n"
expect "Password: "
send "tehmagicphrase\n"
expect "# "
send "cd /tmp \n"
expect "# "
send "tftp -g -r config.ini 192.168.1.159\n"
expect "# "
send "config.sh import config.ini\n"
expect "# "
send "tftp -g -r firmware.img 192.168.1.159\n"
expect "# "
send "firmware_upgrade /tmp/firmware.img 1\n"
expect EOF

The above script was saved into a file called pushConfig.expect and set as executable using ‘chmod +x pushConfig.expect’. To run the script, I powered on the device and waited for it to be ready, once ready I issued ./pushConfig.expect to start the update process.

Using expect is fairly straightforward. The most difficult part is ensuring you correctly tell expect what to look for before sending the next command. In the script above I do the following:

set timeout 300

This tells expect to wait at least 5 minutes for matching text before continuing to the next send command. What this means, is if I tell it to send some data it’ll wait up to 5 minutes to see what is in the expect line after the send. In the case of my script the firmware upgrade could take quite a bit of time and I didn’t want it to timeout so I set the value fairly high.

The next line tells expect to start a telnet session to a remote machine and then to wait until it sees:

login: 

Once it sees that it sends the username. The script continues like this until it sees EOF. At this point expect knows that the process is now complete and it exits.

By using an expect script I was able to simply power on the hardware device and wait for it to boot. Once booted I ran the script. This saved me and a co-worker a lot of time while pushing custom configurations and upgrading the firmware on a number of devices.

Expect is capable of a lot more than I used in my example and can react differently based on what it receives back from the interactive process or even loop over a series of commands. To learn more about expect try ‘man expect’ or search your favorite search engine.

Ran into a situation today where I needed a tftp server in order to serve files to a hardware device. Normally I would have fired up a Linux system to get the job done but it hit me (again) that I’m using a UNIX operating system and it’s bound to have a tftp server built in. Sure enough I found it hiding on the system but I couldn’t get it to run. After some searching around I found my answer and I thought I’d post it so hopefully someone else will find it.

If you want to run the tftp server issue the following command:

sudo launchctl load -F /System/Library/LaunchDaemons/tftp.plist

This will cause the tftp server to load and stay running until it either crashes or you restart your system. If you want to ensure that tftp is always running issue the following:

sudo launchctl load -w /System/Library/LaunchDaemons/tftp.plist

To stop the tftp server issue the following command:

sudo launchctl unload /System/Library/LaunchDaemons/tftp.plist

To permanently disable tftp issue the following command:

sudo launchctl unload -w /System/Library/LaunchDaemons/tftp.plist

Apple announced yesterday that they will be streaming their September 1 event live. The catch? It’ll only work in Safari on Mac and on iOS devices. So in other words, only about 9/10’s of the internet will be able to view the live stream.

But that 9/10’s of the internet will be able to enjoy the exact same video stream no matter what device they are on, be it laptop or the tiny iPod touch. No need for a desktop optimized version and no need for a mobile optimized version. The same stream will play on any sized device.

Make no mistake, this is a giant stab at anyone who is arguing that flash is needed on Apple’s devices. If you need any further information about the state flash on Android you need only watch the video here and then read the comments. People love to rail on Apple while completely missing the point that having flash at all doesn’t mean flash works and a half-assed flash experience is not what Apple is willing to allow on their devices. Reading through the comments you’ll find a few people who argue that “at least it is there” and that “it doesn’t matter that flash sucks today because there are better phones coming out tomorrow.” That makes no sense.

AppleInsider is reporting that the latest build of Mac OS X 10.6.5 has been seeded to developers. One of the expected improvements is with 3D graphics support. As someone who as recently taken up the Steam habit this is welcome news for me.

According to this post on the AppleInsider forums it sounds promising:

From some I’ve the reports I’ve seen, Apple at the urging of Valve and others is really starting to get serious about their OpenGL implementation. With the drivers in development some willing to break the NDA have reported scores up to 3 times higher in OpenGL Viewer and significantly higher game performance on all cards.

I’m a bit behind on my Mac tip of the week entries and these two tips won’t really make up for it but they’re interesting all the same.

First one is that you can manage applications from the application switcher. By pressing command tab you can then tab to different applications. Once an application is highlighted you can issue other command+? commands like command+q to quit or command+h to hide an application.

The second tip involves iCal. iCal in Snow Leopard now officially supports synchronizing with Google Calendar. Adding new accounts is simply done in iCal’s preferences area but adding addition calendars you have access to isn’t as obvious. To add additional calendars simply click on the delegates tab when editing your iCal accounts in preferences.