Safari crashes in exactly one situation in my daily browsing habits: while rendering macworld.com. It’s totally reproducible and happens virtually every day.
Macworld is the most popular US Mac magazine. Safari is the most popular Mac Web browser. Does this seem completely bizarre to anyone else?
John Gruber writes:
So but what did surprise me is that both of the new Intel-based machines are using the existing enclosure designs. I can’t recall a single previous instance when Apple switched to a new processor family without introducing new case designs, and the switch to Intel processors is as big a switch as they’ve ever made, certainly a bigger deal than, say, the switch from G3s to G4s, or G4s to G5s — all of which transitions coincided with the introduction of new case designs.
He might want to check his memory, then, because it seems to stop in 1998. Consider the PowerPC transition—the Power Macintosh 6100, 7100 and 8100 had identical case designs to the Quadra 610/660AV, 650 and 800/840AV that preceded them. The G3 transition was almost the same way—the original PowerBook G3 looked like the 3400, the desktop G3 like a 7300/7600, and the tower model like a shrunken 8600.
Regarding my own software and Intel compatibility: I don’t have any plans to buy either of the current Intel Macs, nor do I have easy access to one for the time being. ICeCoffEE needs recompilation, certainly, and I hope to find a little time to test it on a friend’s Intel iMac. I’d imagine everything else would work in Rosetta.
A quick way I just discovered to get an .icns file out of any Finder icon, using no third-party software.
Arjan van der Velde made several valiant attempts to post a shell script that did most of what my Python script did, but there seem to be some issues with the HTML parser in the comments truncating whatever he tried to post.
I’ve posted Arjan’s script; you may prefer it to mine because it doesn’t have the PyObjC/SystemConfiguration wrapper dependencies, though it doesn’t support multiple VPN domains/nameservers. It uses scutil to apply the same changes as my script, unlike the first shell script linked in the comments.
Here are a few minor tweaks I’ve made to my OpenVPN client setup.
First, I start OpenVPN with a zsh function and completion:
7:41 PM
4 Comments
vpn () {
title "OpenVPN" "${1:r}"
sudo openvpn --config ~/.openvpn/$1
chpwd
}
compctl -W ~/.openvpn -g '*.conf' vpn
which lets me type vpn <tab> to see a list of the (currently four) networks I can connect to, and the window title will change to OpenVPN:calamity or similar, courtesy of the title function:
title () {
if [[ $TERM = "screen" ]]
then
print -Pn "\ek$1\e\\"
print -Pn "\e]0;$2\a"
elif [[ -n $xterm_prompt ]]
then
print -Pn "\e]0;$1:$2\a"
fi
}
That’s part of another tweak I made a few months ago to get screen titles to be concise yet helpful… I’ll write about that another time.
Second, I added a line under if going_up at the end of acm-client.py to minimize the window once it’s connected:
if going_up: [...] print '\x1b[2t'
That way there’s a very visual cue indicating the VPN connection is established, and I can mouse over the minimized Terminal windows in my Dock to see what VPNs I’m connected to. Not exactly the world’s best UI, but it works.
Evening at Adler was smaller and more intimate than I expected; the few photos I took are on Flickr. The last week has been rather busy, but in a good way—I’m getting work done. Paper revision is about 99% done, hopefully will be finished today, and I got Abe Fettig’s new Twisted book yesterday, which looks good so far. The annoying DSL outages at my parents’ place that started last week appear to be resolved, though it was an excuse to clean up my Nagios configuration, and get Cacti and Smokeping set up for some additional monitoring. Smokeping is extremely cool and easy to set up on Debian; I’m not sure why I hadn’t heard of it before.
Like many people, I run a bunch of private services for family, and we have our own certificate authority (CA) for SSL access to Web sites, mail, and so forth. When I’m home at Thanksgiving, as part of a larger transition to Mac OS X Server, I’ll probably move at least mail to Kerberos, which doesn’t require all the PKI stuff, but has its own problems.
Every year when Nagios starts bugging me that certificates are about to expire, I end up spending hours tracking down the right way to create a CA, sign certificates, install them, and so forth; for tools that are as widely used as they are, openssl and friends are not particularly user-friendly or flexible.
So, in an effort to save time next year, here’s what I came up with. Before doing the first few steps, you should edit /etc/ssl/openssl.cnf to include sane defaults appropriate to your site.
# cd /etc/ssl # /usr/lib/ssl/misc/CA.sh -newca Accept defaults, except: Organizational Unit Name (eg, section) []:Certificate Authority Common Name (eg, YOUR name) [mail.rileys.us]:Rileys CA Email Address []:ca@rileys.us # mv demoCA rileysCA
# /usr/lib/ssl/misc/CA.sh -newreq Accept defaults, except: Email Address []:postmaster@rileys.us # /usr/lib/ssl/misc/CA.sh -signreq # install -m 644 newcert.pem /etc/apache/ssl.crt/mail-server.crt
# openssl rsa -in newreq.pem -out /etc/apache/ssl.key/mail-server.key
# /etc/init.d/apache stop # /etc/init.d/apache start
# rm newreq.pem
# scp /etc/ssl/rileysCA/cacert.pem nicholas@arnold:/var/www/rileys.us # ssh nicholas@arnold chmod 644 /var/www/rileys.us/cacert.pem
% curl -O http://rileys.us/cacert.pem
On Tiger:
% sudo certtool i cacert.pem v k=/System/Library/Keychains/X509Anchors
On Leopard, the above command returns a warning and is ineffective. Instead use:
% sudo security add-trusted-cert -d -k /Library/Keychains/System.keychain cacert.pem
# cd /etc/ssl/certs # wget -O rileys-ca.pem http://rileys.us/cacert.pem # chmod 644 rileys-ca.pem # update-ca-certificates
Update, February 2007:: Recent versions of Gecko-based browsers (and Thunderbird, etc.) give you a very confusing error message claiming that there’s a duplicate serial number, even if the certificate has only expired. (Since I create a new CA certificate every time, I don’t think this is giving me the right answer). So, you do need to remove the old certificate from the browser’s certificate store before adding the new one.
