CBC interview with School of the Photographic Arts: Ottawa!

Update: All In A Day’s archives have now been updated, so you can listen to the interview there as well.

Khalia Scott and Michael Tardioli are founders, directors and teachers at the School of the Photographic Arts: Ottawa. They held a great Open House yesterday, and this afternoon they were interviewed on CBC Radio’s All In A Day.

Until the CBC updates their archives of the show, you can listen to it here: SPAO Interview as an MP3.

If you are looking for more details than what is in the interview, the SPAO site will be launching in November. Meanwhile you can email info@spao.ca.

Full Disclosure: SPAO is a client of mine. I was responsible for getting their Macs, printing, scanning and network gear purchased and installed.

Kermit the Blog: That’ll be… Aw, heck. No charge.

Over on the Kermit the Blog he’s having one of those days. Another friend gets free computer help, and now he’s wondering if he’s too nice or just a sucker.
Kermit the Blog: That’ll be… Aw, heck. No charge.

My take:

One of my clients, who runs a very successful jewellry business, explained it to me: When you charge little or nothing then there is no associated value. Which means there is no way to compare what you are really giving them to anything else they are familiar with.

So the next time you get a call to a ‘family or a friend’s’ house to fix something, interrupt them and tell them up front: “I am no longer able to help you for free. $$$ an hour, minimum one hour. When should I come by to fix things?”

Then things get really interesting! 😉

As he says “What’s your take?”

Promise UltraTrak100 TX8 and rebuilding RAID

This is from memory, as it happened about a year ago, but I figured I’d document it, in case it helps someone.

I own a Promise UltraTrak100 TX8 SCSI to IDE RAID array. If it helps, here are local mirrors of product manual and specifications.

I had a case once, when I shut the array down, and one of the drives did not spin back up.

Situation:

disk0: Good
disk1: Good
disk2: Did not Spin up
disk3: Good
disk4: Good
disk5: Good
disk6: Good
disk7: Good

Array (configured as 8 disk RAID5, Maxtor 120 gig drives, 800.5 GB of formated disk space) of course started beeping, so I grumbled, yanked a cold spare off the shelf, and put in in place of “failed” drive and went to sleep.

Situation:

disk0: Good
disk1: Good
disk2: replaced with good one, put onto shelf, resyncing
disk3: Good
disk4: Good
disk5: Good
disk6: Good
disk7: Good

About 3 hours into raid resync (no, UltraTrak100s are not really speedy), array instead of short beeps raised a rucus, and it’s crying woke me up. Turned out that another drive failed while into resync. So the nightmare happened – there were two failed drives in a RAID5, and of course the array is not designed to handle this.

Situation:

disk0: Good
disk1: Good
disk2: resyncing
disk3: Good
disk4: Good
disk5: failed with bad sectors
disk6: Good
disk7: Good

I had not backups. As an aside, when you have 800 gigs of on-line storage, all used, how do you back it up? DLT7K (which I also have) would take maybe 3 days, and at this point, do I trust the tapes? After all, when you have 20 tapes, probability of tape read failure would be raised to n^20. Then there is dust in the drive, SCSI cables (differential SCSI in my case), power fluctuations, etc. The only way to back up 1 TB is to put a second 1TB array near it, and mirror them, and start using filesystem snapshots (like NetApp does, or Solaris 8 and newer). Any way, backups are a subject of a rant of it’s own.

So I grumled, and cursed, but went ahead and examined the original drive, one that didn’t spin up. SMART was complaining that the drive takes too long to spin up, but in the end I managed to convince it to spin up. So now I had a case where I had an array with two “bad” drives, yet one drive was actually “good”, only market as bad in the NVRAM of the UltraTrak.

After a while on long distance calls to Promise, I got to talk to a chinese guy who actually was one of the developers. He told me of a magic way to try as last resort.

So don’t do this at home, this is serious evil, etc.

He told me to turn array off, yank all the drives out of the array, and put one new drive into it.
Upon power on, array would complain about lack of the original drives. Then he told me to delete the existing configuration, and power the array off.

After that, he told me to put the drives including drive that was originally having problems spinning up back into the array in the original order:

Situation:

disk0: Good
disk1: Good
disk2: Drive that not Spin up originally, but got convinced to spin up again
disk3: Good
disk4: Good
disk5: failed with bad sectors
disk6: Good
disk7: Good

Then he told me to go and configure the array again from scratch, RAID5, whole disks, etc.
At the moment when I were to commit the configuration of the array I had to be careful. Essentially at that point all of the lights on the disks in the array would flash in sequence, as the configuration of the array would be written to disks. After that there would be a 1 second pause. During it, I had to turn the array off.

This is a once time shot. If one doesn’t turn the array off at this 1 second interval, the array would proceed with formatting the disks, and all of the data would be lost.

As I did it, array wrote configuration of the array to disks, matching the configuration that I had before, but did not re-initialize the array. So the data was still there.

When I powered the array on, it span up all the drives, and proceeded to claim that it’s fully functional.

So I manually failed drive 5, that had bad sectors on it by yanking it out of the array, and replacing it with a cold spare.
About 10 hours later array re-initialized. Then I failed disk2, that had issues spinning up, and replaced it. Array re-initialized.

You have no idea how stressed I were until the first rebuild was done.

Any way, maybe this will help someone. Obviously this is not exactly a technique for the faint of heart, and is not supported by Promise. But it saved my ass. If you have spare disks, try building a test array (of like 2 disks) and practice on it first. And, have good backups.

This should work on UltraTrak100 TX4 as well, but I have no idea about any other models. Probably not. Talk to Promise, they can be nice to you.

Tiger: Differences between stock and Apple OpenSSH

Adam asked me to look if my OpenSSH install also does SRV lookups when attempting to resolve hostnames.

Under Tiger (10.4.1, md5sum of the OpenSSH binary is b582a5b1da5999b6832dec6cb9477917 /usr/bin/ssh, OpenSSH_3.8.1p1, OpenSSL 0.9.7b 10 Apr 2003) it indeed behaves the same way as Adam describes.

Under Panther (10.3.9, md5sum of OpenSSH binary is 878ef654570e14c103a20b54afe3c417 /usr/bin/ssh OpenSSH_3.6.1p1+CAN-2004-0175, SSH protocols 1.5/2.0, OpenSSL 0x0090702f) I am not seeing any SRV lookups at all.

So I started investigating.

I’ve pulled own OpenSSH from Darwin 8.1 (corresponding to 10.4.1) from http://darwinsource.opendarwin.org/tarballs/other/OpenSSH-56.tar.gz, and the “correct” build from OpenSSH site

diff file was 940K in size, (vast majority of the differences were due to the fact that newer version of autoconf was run on Apple’s sources, and regenerated all the “configure” framework anew) and let me put it this way – OpenSSH as Apple ships it has a whole lot of differences compared to portable OpenSSH 3.8.1p1.

patches subdirectory of Apple tree has most of the patches, but something is telling me that possibly not all of them.

So how is SSH as shipped by Apple differs from SSH as shipped by the portable team of the OpenSSH project?

  • Support for BSM (Basic Security Module) framework, under Solaris, and under MacOS X.
    As an aside – what’s up with BSM and auditing under MacOS X? Solaris (OK, I looked at Solaris 8, maybe things changed in Sol 10) has /etc/security/* with things like audit_class, audit_event, tools to enable and disable auditing, etc. 104.1 has /var/audit that is empty (Obviously – Auditing is not enabled), and prints two lines during kernel boot-up:

    Jun 24 04:13:15 localhost kernel[0]: Security auditing service present
    Jun 24 04:13:15 localhost kernel[0]: BSM auditing present
    

    Anyone has any idea how to actually tweak what gets audited, etc? /usr/include/bsm/ exists, so technically one can attempt to build Solaris BSM tools, but what would Brian Costello^W^WApple do?

  • HEIMDAL support
  • CCAPI – Credentials Caching
  • Fix for Mindrot bug 874 – Swapped parameters of SSH_FXP_SYMLINK packet of SFTP protocol
    +/*
    + * "Blind" conversation function for password authentication.  Assumes that
    + * echo-off prompts are for the password and stores messages for later
    + * display.
    + */
    
  • PAM support for password authentication.
  • Under MacOS X uses Security/AuthSession.h AuthSession – APIs for managing login, authorization, and security Sessions.
    from sshd.c:

    +#ifdef USE_SECURITY_SESSION_API
    +        /*
    +         * Create a new security session for use by the new user login if
    +         * the current session is the root session or we are not launched
    +         * by inetd (eg: debugging mode or server mode).  We do not
    +         * necessarily need to create a session if we are launched from
    +         * inetd because Panther xinetd will create a session for us.
    +         *
    +         * The only case where this logic will fail is if there is an
    +         * inetd running in a non-root session which is not creating
    +         * new sessions for us.  Then all the users will end up in the
    +         * same session (bad).
    +         *
    +         * When the client exits, the session will be destroyed for us
    +         * automatically.
    +         *
    +         * We must create the session before any credentials are stored
    +         * (including AFS pags, which happens a few lines below).
    +         */
    
  • functional GSSAPI tie-in – tied into PAM and BSM, and HEIMDAL – part of making OpenSSH in 10.4.x kerberized. By default is turned on (refer to sshd_config man page under Tiger, applies to Protocol 2 ONLY) Supports lack of hostkey, reverts to “null” method of keying (from sshd.c)
    +#ifndef GSSAPI
    +       /* The GSSAPI key exchange can run without a host key */
            if ((options.protocol & SSH_PROTO_2) && !sensitive_data.have_ssh2_key) {
                    logit("Disabling protocol version 2. Could not load host key");
                    options.protocol &= ~SSH_PROTO_2;
            }
    +#endif
    
  • Support for using memberd for resolving group memberships and to see if Serivce ACLs permit user to use ssh
  • Capabilities support. in sshd_config:
    +# SACL options
    +#SACLSupport yes
    
  • Extended attributes and resource fork support when copying between two 10.4.x systems – option -E for scp, implementation in copyfile.h and scp.c. Seems like metadata gets collected into an additional file, that gets transfered same way as a file would be, at gets re-applied on the other end.
  • Note: openssh/compat.c contains a list of all the “known” implementations of SSH clients, and what bugs they have. Quite an interesting read.

That’s about all I’ve noticed.

Now, regarding SRV lookups…. I’ve not noticed anything magic in the source that causes that to happen. Maybe that’s part of GSSAPI stuff – I frankly weren’t looking too closely. Maybe it’s something that libSystem.B.dylib does on behalf of ssh. Further investigation is needed, as it didn’t jump out at me. Sorry, Adam.

Update: I guess I should have been clearer. I did compile stock OpenSSH 3.8.1p1, and saw what kind of DNS queries it attempted. If the system in question is in /etc/hosts, it does no DNS quieries. If the system is not in /etc/hosts, all it looks at is

17:28:37.287350 IP 10.9.15.194.51980 > 10.9.15.1.domain:  52104+ A? www.epals.com. (31)
17:28:37.593401 IP 10.9.15.1.domain > 10.9.15.194.51980:  52104 1/2/2 A www.epals.com (128)
17:28:38.211709 IP 10.9.15.194.51981 > 10.9.15.1.domain:  55591+ PTR? 1.15.9.10.in-addr.arpa. (40)
17:28:38.212701 IP 10.9.15.1.domain > 10.9.15.194.51981:  55591 NXDomain 0/1/0 (117)
17:28:38.217308 IP 10.9.15.194.51982 > 10.9.15.1.domain:  6539+ PTR? 116.141.26.64.in-addr.arpa. (44)
17:28:38.333627 IP 10.9.15.1.domain > 10.9.15.194.51982:  6539 2/2/2 CNAME 116.96-127.141.26.64.in-addr.arpa., PTR www.epals.com. (190)

(Yes, I enjoy attempting to ssh to epals.com, as most assuredly it would not be an IP address in my /etc/hosts)

On the other hand, Apple’s implementation of OpenSSH does these regardless if the system in question is in /etc/hosts or not:

17:30:25.107046 IP 10.9.15.194.51989 > 10.9.15.1.domain:  50351+ SRV? _telnet._tcp.iskra.ottix.net. (46)
17:30:25.108158 IP 10.9.15.1.domain > 10.9.15.194.51989:  50351 NXDomain 0/1/0 (86)
17:30:25.108981 IP 10.9.15.194.51990 > 10.9.15.1.domain:  3246+ SRV? _telnet._tcp.iskra.ottix.net. (46)
17:30:25.109571 IP 10.9.15.194.51991 > 10.9.15.1.domain:  3821+ SRV? _telnet._tcp.iskra.ottix.net.bhwireless.com. (61)
17:30:25.110614 IP 10.9.15.1.domain > 10.9.15.194.51990:  3246 NXDomain 0/1/0 (86)
17:30:25.110937 IP 10.9.15.1.domain > 10.9.15.194.51991:  3821 NXDomain 0/1/0 (134)
17:30:25.111186 IP 10.9.15.194.51992 > 10.9.15.1.domain:  7928+ SRV? _telnet._tcp.iskra.ottix.net.bhwireless.com. (61)
17:30:25.112891 IP 10.9.15.1.domain > 10.9.15.194.51992:  7928 NXDomain 0/1/0 (134)
[...]
stany@gilva:~/src/ssh/openssh-3.8.1p1[05:30 PM]$ grep ottix /etc/hosts 
192.231.228.2   iskra.ottix.net www.ottix.net
stany@gilva:~/src/ssh/openssh-3.8.1p1[05:30 PM]$ uname -a
Darwin gilva.local 8.1.0 Darwin Kernel Version 8.1.0: Tue May 10 18:16:08 PDT 2005; root:xnu-792.1.5.obj~4/RELEASE_PPC Power Macintosh powerpc
stany@gilva:~/src/ssh/openssh-3.8.1p1[05:30 PM]$ 

Another interesting side effect: Usually Apple’s sshd (enabled in control panels -> sharing -> Remote Login) registers itself with Rendez-Vous/ZeroConf. I have a piece of software called Rawr-Endezvous (0.6.b3, with my modifications to Growl framework 0.7. Newer versions of it just keep on dieing for me whenever I change location or enable/disable service,so I keep on waiting when Jereme Knope will fix it), that throws up a pop-up on my screen whenever new service is discovered. If one is to disable Remote Login in Sharing control panel, and start Apple’s ssh by hand, it registers the service as ZeroConf. If one starts up a stock OpenSSHD compiled from source, it doesn’t. I wonder if part of the problem is Apple’s patch to enable zeroconf in OpenSSH.

stany@gilva:~/src/ssh/openssh-3.8.1p1[05:38 PM]$ sudo ./sshd -f /etc/sshd_config -h /etc/ssh_host_key -h /etc/ssh_host_rsa_key -h /etc/ssh_host_dsa_key -d
debug1: sshd version OpenSSH_3.8.1p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.

(Remove -d if you want sshd to run in daemon mode).

MacOSX: Upgrading firmware for Pioneer DVD drives

I did a large and opinionated post earlier about benefits of using cheap DVD drives over things like Pioneer. There is a benefit of paying for Pioneer drive too – ability to flash the firmware under MacOS X.

The software one needs for it is DVRflash compiled for Mac OS X, and a firmware image containing the kernel code necessary to get the drive into kernel mode (that permits flashing) and the (patched) firmware. Kernel code from any version of the firmware would do, as it is only used during the flashing to get the drive into receptive state. Firmware, on the other hand, should probably be either newer then the one you have already, or at the very least same version but with different features.

For the firmware for your particular model of the drive, you should probably look at RPC1.org web site. Also worth looking at are Pioneerdvd and Gradius’s web pages.

Here is the actual flashing session.

#include <stddisclaimer.h> /* Not responsible for anything! */

I’ve put the Pioneer DVR-105 drive into an external USB/FW enclosure connected over FW. Operating system is MacOS X 10.4.1 (Still PPC, not yet mactel :-), drive is connected over firewire.

First I determine that the software sees the drive (as root):

root@gilva:~/Desktop/DVRFlash_2.0/DVR-105 v1.33 - RPC-1 + 2xDVD-R + 12xRip[05:16 PM]# ./DVRFlash

DVRFlash v2.0 : Pioneer DVR firmware flasher
by Agent Smith et al.,  July 2004

Commandline:
  ./DVRFlash 

Device parameter was not given, detecting all DVR drives:

     Device : B:
     Vendor : PIONEER 
      Model : DVD-RW  DVR-105 
   Revision : 1.00

Now run DVRFlash again, from the command prompt, using
one of the device(s) listed above as first parameter

Press the Return key to exit

root@gilva:~/Desktop/DVRFlash_2.0/DVR-105 v1.33 - RPC-1 + 2xDVD-R + 12xRip[05:19 PM]#

At this point I know that drive B: is the drive I want (Drive A is presumably the built in Matsushita combo), so I run the software again, this time with the right arguments:

root@gilva:~/Desktop/DVRFlash_2.0/DVR-105 v1.33 - RPC-1 + 2xDVD-R + 12xRip[05:19 PM]# ./DVRFlash 
-f PIONEER  R5100004.133 R5100104.133 

DVRFlash v2.0 : Pioneer DVR firmware flasher
by Agent Smith et al.,  July 2004

                       DISCLAIMER

THIS PROGRAM IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.

THE ENTIRE RISK AS TO THE ABILITY OF THIS PROGRAM TO FLASH A
PIONEER OR COMPATIBLE DVR DRIVE IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY
SERVICING, REPAIR OR CORRECTION.

THIS PROGRAM IS NOT ENDORSED BY PIONEER CORPORATION OR ANY
COMPANY RESELLING PIONEER EQUIPMENT AS THEIR OWN BRAND

IF YOU UNDERSTAND THE RISKS ASSOCIATED WITH THIS PROGRAM AND
DISCHARGE BOTH THE AUTHOR AND PIONEER CORPORATION FROM ANY
DAMAGE OCCURING AS THE RESULT OF ITS USE, PLEASE INDICATE SO
BY ANSWERING THE FOLLOWING QUESTION:

Do you understand and agree to the statement above (y/n)?
y

Commandline:
  ./DVRFlash -f PIONEER R5100004.133 R5100104.133 


Drive Information:
  Description    - PIONEER DVD-RW  DVR-105 
  Firmware Rev.  - 1.00
  Firmware Date  - 02/10/10
  Manufacturer   - PIONEER  
Drive is in normal mode.

Are you sure you want to flash this drive (y/n)?
y

Switching drive to Kernel mode:
  Description    - PIONEER DVD-RW  DVR-105 
  Firmware Rev.  - 0000
  Firmware Date  - 00/00/00
  Manufacturer   - PIONEER  
Drive is now in Kernel mode

Now sending the Kernel part...
Now internal Kernel reflashing. Please wait... OK.

Now sending the Normal part:
0%          25%          50%          75%         100%
|============|============|============|============|
Please hold your breath for about 30 seconds...

Now internal reflashing. Please wait... OK.

Updated Information:
  Description    - PIONEER DVD-RW  DVR-105 
  Firmware Rev.  - 1.33
  Firmware Date  - 03/05/26
  Manufacturer   - PIONEER  
Flashing operation successful ;)

root@gilva:~/Desktop/DVRFlash_2.0/DVR-105 v1.33 - RPC-1 + 2xDVD-R + 12xRip[05:20 PM]#

So after holding my breath for about 30 seconds, it finished. I went ahead and verified that firmware got updated:

root@gilva:~/Desktop/DVRFlash_2.0/DVR-105 v1.33 - RPC-1 + 2xDVD-R + 12xRip[05:20 PM]# ./DVRFlash 

DVRFlash v2.0 : Pioneer DVR firmware flasher
by Agent Smith et al.,  July 2004

Commandline:
  ./DVRFlash 

Device parameter was not given, detecting all DVR drives:

     Device : B:
     Vendor : PIONEER 
      Model : DVD-RW  DVR-105 
   Revision : 1.33

Now run DVRFlash again, from the command prompt, using
one of the device(s) listed above as first parameter

Press the Return key to exit

root@gilva:~/Desktop/DVRFlash_2.0/DVR-105 v1.33 - RPC-1 + 2xDVD-R + 12xRip[05:21 PM]# 

Dual Layer DVD burners in PowerMac G5s

Andy called my “employer” today, and asked us to find out for him what dual layer burners are in PM G5s. So of course the question percolated down to me, without the associated name attached to the question.

Apple ships different burners in different batches of systems, depending on which manufacturer gives Apple a better deal. So new PM G5s can come with either SONY DW-Q28A or Pioneer DVR-A09 (Which is just an Apple branded version of Pioneer DVR-109, and has no functional or firmware differences).

While I can understand why someone might want an Apple Shipped/Apple Supported DVD burner, the benefts of such support are in reality rather slim. Apple will support CD burning on either Apple Shipped or Unsupported DVD burner, as licensing is limited to DVD support. Ditto with booting (Booting is actually something that starts regardless of the OS, as it’s triggered by OpenFirmware. Thus as long as device supports standard ATAPI command set, it can be used for booting). So in reality all one loses is lack of DVD burning from Disk Utility, iTunes and things like iDVD.

What I recommend is buying whatever is the cheapest dual layer burner you can find that has patched firmware available from download from rpc1.org, and then using Patchburn to install a profile, turning the device into “Vendor Supported”, and reenabling burning from iTunes, Disk Utility and iDVD. That coupled with RPC1 firmware and ripping lock removal (That removes the restriction built into most new DVD drives to slow down reading of disks to 2x if a directory VIDEO_TS is detected on disk) makes the drive into a rather useful piece of equipment that OWNER controls.

So you might think that something free, like Patchburn would be slow to release updates for Tiger. You’d be wrong, however, as support for Tiger existed on the day Tiger was released. We will of course see what happens when Leopard comes out.

Patchburn might sound like an inconvinience. One has to go to a germanweb site, download software, click… So let me ask you a question: how often do you burn DVDs using Apple Disk Utility, while waiting for it to create 8.5 gig dmg file? Right. You burn your DVDs using Roxio Toast, aren’t you? And your Roxio Toast supports “Unsupported” drives as well as it does “Apple Shipped”, right? So I don’t see a problem, but please leave a comment and let me know if you don’t agree.

Here is some basic economics: I bought an LG HL-DT-ST GSA-4160b dual layer DVD burner at Best Buy on boxing day 2004 for 120 CAD, with 40 mail in rebate (that I recieved). So in reality after taxes I spent 98 CAD on it. At that time a Pioneer DVR-A09 was selling for 150-170 CAD plus taxes. On the saved money I bought an external enclosure for it, making it mobile.

Don’t get me wrong, Pioneer DVR-109 is a great drive, and I see that Compunation is listing it for just a shade over 100CAD at the time of this writing, but then again, LG burners are ~65CAD now too. Lasers in CD/DVD burners burn out after about the same number of writes, so is paying 40$ extra worth it?

Lastly, I have a DVR-105 at work. I’ve upgraded it to the latest firmware, and tried burning with it. It chokes on cheap silver only DVD-R media (No idea what kind, probably rebranded ritek, or something equally cheap), creating corrupted burns in all tries (I learned the lesson after 3rd attempt to burn). A cheap LG and BenQ burners I have here don’t have an issue with media at all, writing on it at 8x, and passing all the verifications afterwards (Generally it’s a good idea to do verification, just to prevent frustration later). So go figure, cheaper drive reliably burns on cheap media too, so you don’t need to buy expensive Apple branded blanks. I wonder…..

BTW, I am still wondering how to turn MATSHITA CD-RW CW-8123 (Combo drive that shipped with iBook G4) into a region-free drive – I don’t believe that firmware updates for it exist.

Tiger: Disabling dashboard

Adam e-mailed me this, so I am preserving it here for posterity.

Since I've not actually found a use for Dashboard:

$ defaults write com.apple.dashboard mcx-disabled -boolean YES

You need to restart the Dock.app (I just killed the process and it came right back.)

Once this is done, you can poof the dashboard app off your dock, as it now does nothing.

Note that this is per user setting, however I am happy, as Dashboard widgets wanted 35 or so megs of real RAM in default configuration.

As an aside, the only widget I were actually using was the weather, and it was talking to american weather site, that was giving me incorect information most of the time.

Tiger: Disabling Spotlight

Spotlight introduces a fairely large performance hit on to the system, especially if the files you are working with are both large and have the Spotlight plugin, and thus can be indexed. Performance hit might be less noticable on the desktop system with fast drives, however on my laptop with 4200 rpm drive, and constantly dealing with megabytes of source code and compilations spotlight introduced less of a benefit and more of a hindrance.

So, without further ado, in order to disable spotlight, one has to edit /private/etc/hostconfig, find the line that reads SPOTLIGHT=-YES-, change it to SPOTLIGHT=-NO-, and rebooot.

This will prevent MetaData Service, / System / Library / Frameworks / CoreServices.framework / Versions / A / Frameworks / Metadata.framework / Versions / A / Support / mds from starting on boot time.

Note that this will not disable file change notifications in the kernel, as can be checked using Amit Singh’s fslogger. On the same page there is some more in depth information on the kernel notification service that Spotlight (and fslogger) subscribe to.

A perty GUI called Spotless was written by someone, but I am not sure I’d trust a GUI to parse and edit a text file.

If you want to get rid of the looking glass icon in the top right hand corner as well, you might want to either remove (perferably just move out of place) or chmod -R 0000 /System/Library/CoreServices/Search.bundle (Key file. Actual parts of Spotlight are: /Library/Spotlight /System/Library/Spotlight /System/Library/CoreServices/Search.bundle /System/Library/PreferencePanes/Spotlight.prefPane /System/Library/Services/Spotlight.service /System/Library/Contextual Menu Items/SpotlightCM.plugin /System/Library/StartupItems/Metadata plus /usr/bin/md*, although I’d argue that metadata tools in /usr/bin/md* are actually useful.)
Changing permissions means that if at some point you want to undo the changes, you can always repair permissions. In any case, little looking glass in the corner doesn’t bother me much.

Technically one can probably selectively start and stop Spotlight by killing or startng mds and mdimport, however a way Apple recommends is using mdutil -i off / to turn off indexing of the boot volume (ie existing databases would be preserved and accessible through spotlight).

If you ever want to blow away your Spotlight database, and force reindexing (assuming mds/mdimport run), you can do mdutil -i off /, mdutil -E / , mdutil -i on /

Note: Apprently killing spotlight interferes with find in Finder and in Mail.app. As I never use either (locate or find . -name “*foo*” -print on the command line is much more powerful, plus gives me an -exec stuff {} ; option), it doesn’t bother me, however ocdinsomniac has some nice additional information and a script that purports reverting Finder’s find to the Panther style behavior.

MacInTouch – Comments about FireWire/USB Enclosures

Yesterday there was a post on Macintouch asking for experiences with Oxford and Prolific chipsets in Firewire/USB enclosures;

[Ed Fortmiller] I need to purchase a drive enclosure that supports both FireWire (1394) and USB 2.0. For FireWire, some enclosures use the Oxford 911 chip whereas others use the Prolific PL-3507 chip.
  Is one chip preferable over the other? Are there known problems with either of these chips? Suggestions for a good reliable (dual FW/USB) drive enclosure?

Here is my response, as well as several other’s comments;

A number of people responded to yesterday’s query about FireWire/USB drive enclosures:
[James Ehrler] I purchased a Plumax enclosure from Dealsonic about 4 months ago that had an Oxford chip and Firewire/USB. Works great.
  Needed another so I purchased the same case (same part number and also from Dealsonic) but it had the Prolific chip. Didn’t work for beans.
  I had to get an RMA and swap it for an Oxford-based case (FireWire only) from Dealsonic.

[Jason Froikin] Any time you need a hard drive enclosure that supports both FireWire and USB, the best source I know of is Firewire Depot. Most of their enclosures use Oxford chipsets. I’m not sure if it’s superior, but it does have native Mac OS X support dating back to the public beta.

[David Rostenne] I do Mac consulting, and several of my clients have recently needed Firewire/USB enclosures. We originally got some with Prolific PL-3507 chipsets and had a lot of problems with them. When we switched the same drives over to enclosures with Oxford chipsets the problems went away. Make sure to upgrade the firmware of the Oxford chipsets before using the enclosures, as there are several bug fixes..
  Also make sure to read the specs carefully as we also have run across enclosures that have only a single firewire port, and not enough airflow to keep the drives cool. For 2.5 inch enclosures make sure that both sets of ports can be bus-powered, and use normal sized connectors, instead of the mini-plugs.. less cables to carry around!
  Currently we are recommending the Macally enclosures, for 3.5 and 2.5 inch drives. We have also had no problems with the Maxtor Onetouch series, they come with drives and are firewire/USB and also come with a copy of Retrospect.

[Paul Kneipp] Regarding Ed Fortmiller’s request for USB/1394 enclosures: I can highly recommend anything made by MacPower. I have owned a lot of these type of devices, but I am completely in love with my Clearlight 2.5″ model. Elegant, simple design and very strong. MacPower have won a heap of awards for their products. Better to pay a little more for a good housing – it’s worth it, especially on the day it accidentally slides out of your briefcase as you open the car door . . .

[Richard Barrett] I just bought a couple of drive cases and here is my view: Drive cases are pretty much the equal. They use different chips and most work well.
Just about anything with the Oxford 911 works great at Firewire 400. Usually no USB.
The Oxford chip 922 gives you USB 2.0 also.
The Prolific chips work well. But, frequently have a single input so you can’t daisy-chain drives.
Make sure you check for large drive support or the case won’t work with drives bigger than 120 GB
A case with a quiet fan can extend your drive life.
Case stories (with my Dual G5):

Generic Firewire 400 two ports Oxford 911 chip, no USB ($40). Works great. No problems. [Plumax PM-350F2-POS]
SanMax Firewire 400 / USB 2.0 single port prolific Chip set ($70). One little problem with two drives with the prolific chipset on two firewire ports … only one drive appears. One Oxford and one Prolific work fine, too. One on Firewire and one on USB 2.0 works fine. Nice Mobile Disk small case with external power supply and fan.
ADS Firewire 800 / USB 2.0 ($109). Chipset reports as “ADS Tech.” When I installed a new 250 GB Maxtor drive in the case, I couldn’t initialize the drive for the Mac with Apple’s disk utility or the software provided by ADS. I put the drive in a SanMax case, initialized it, put it back in the ADS case and it has worked flawlessly since then. FW800 is very fast. Measured throughput is about twice the FW400 for about $30 or $40 more. Internal power supply.
ADS Firewire 400, no USB Oxford 911 chipset ($70). I installed a CD recorder and used PatchBurn. Works great.
If you have a computer that can use it, get Firewire 800.

Macintouch does not use permanent links, so this url was only valid for that day… MacInTouch Homepage 10.20.2004