The Practice of Code

I’ve always had a bit of a bag fetish, especially when it came to bags to store my technology in. In addition to loving the most portable pieces of technology (perfectly exemplified in the 11” MacBook Air being my computer of course), I’ve always loved the smallest and most minimal bags to support them. Whenever I get a new laptop, I always buy a second power adapter for it, so I can leave one at home, and one at work, and thus, not have to worry about making space for it in my bag.

I had always been a big fan of Crumpler bags, and up until the point that Apple stopped making 12” laptops in favor of 13” widescreen laptops, getting a minimal Crumpler bag to support my laptop was always the best choice. But when Apple switched form factors, it was as if Crumpler was frustrated or annoyed, as it took them years to make a small, snug, form-fitting shoulder bag for the 13” Apple form factor. Instead of having such an offering, whenever I periodically checked into a Crumpler shop to see if they had woken up, they would push a 15” bag on me with extra bits of removal padding on the sides. No, thank you.

So, when Apple released their latest return to the ultra-portable form factor with the 11” MacBook Air, I knew I had to have one, and I knew it deserved an equally impressive and portable bag. Luckily, with only a temporary and mild bit of stretching, my previously retired 12” Crumpler Skinny (S) actually suited it well at first, but I knew it wasn’t purpose-made; I was ready for something of a different style, and I was no longer interested in touting the Crumpler brand due to their abandonment of the Apple ultra-portable, so the search began.

Snow Leopard Server shipped with a postfix policy for greylisting email. It was easy enough to disable if you didn’t like it, and Server Admin was typically kind enough to not overwrite your settings. Unfortunately, Lion Server isn’t as nice about it.

In addition to occasionally removing the greylisting policy on some servers, I always like to alter the default smtpd_recipient_restrictions directive to include some additional parameters, as well as reorder them to work more efficiently. My directive is typically something like this:

smtpd_recipient_restrictions = 
   reject_non_fqdn_recipient, check_recipient_access hash:/etc/postfix/access, 
   permit_mynetworks, reject_unauth_destination, 
   reject_non_fqdn_sender, check_sender_access hash:/etc/postfix/sender_access, 
   reject_non_fqdn_hostname, reject_invalid_helo_hostname, check_helo_access hash:/etc/postfix/helo_access, 
   reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, 
   permit

Naturally, this entire directive gets overwritten whenever Lion Server overwrites Postfix main.cf.

So, I’ve written a script that checks to see if the smtpd_recipient_restrictions directive has been altered, and if so, returns it to the preferred state:

#!/bin/bash
restrictions_preferred="reject_non_fqdn_recipient, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_hostname, reject_invalid_helo_hostname, check_helo_access hash:/etc/postfix/helo_access, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, permit";

restrictions_current_full="`postconf smtpd_recipient_restrictions`";
restrictions_current=${restrictions_current_full:31};

if test "$restrictions_preferred" = "$restrictions_current"
    then
    echo "Postfix smtpd restrictions are set correctly."
    exit 0;
else
    echo "Postfix smtpd restrictions are NOT set correctly."
    serveradmin settings mail:postfix:smtpd_recipient_restrictions = "$restrictions_preferred";
    exit 0;
fi

So, update the first variable, restrictions_preferred, to have the parameters you want to populate smtpd_recipient_restrictions with. If all you’re looking to do is disable greylisting, just remove check_policy_service unix:private/policy from the original directive in /etc/postfix/main.cf.

I’ve personally saved this script at /usr/local/bin/disable_greylisting.bash and set its permissions to 755. You can name it and put it anywhere you’d like, but note its full path as you’ll need it for the launchd job plist to trigger it. That plist is as follows:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.practiceofcode.disable_greylisting</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/local/bin/disable_greylisting.bash</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>StartInterval</key>
    <integer>120</integer>
</dict>
</plist>

Similarly, I’ve placed that at /Library/LaunchDaemons/com.practiceofcode.disable_greylisting.plist. This file needs to be owned by root:wheel and be 644. Again, you can name it as you’d like, but the value for Label in the file’s contents should match the file name (leaving off the .plist).

When the script detects that the directive needs to be repaired, it does so using the serveradmin command. The benefit of using that command is serveradmin automatically restarts Postfix after making the change. Since the script will not restart Postfix if the directive has not been changed, feel free to keep the StartInterval at 120 seconds, or of similar high frequency, as there is little to no tax for just testing your configuration.

I still get a bit of traffic for my post on how to compile mtr under Snow Leopard, so I thought I’d write a update for anyone looking to install it on Lion.

First of all, according to commenters, that process still works.

However, I decided to try a different approach with Lion, by first installing the much-buzzed-about Homebrew.

Updated with benchmarks for 2010 MacBook Air with Encryption as well as clearer charts and data

I purchased a 2010 11.6” MacBook Air earlier this year with the maximum, possible specs: 1.6 Core 2 Duo with 4 GB of RAM and a 128 GB SSD. I took a performance hit when I switched from my aluminum unibody MacBook (which had a 2.4GHz Core 2 Duo), but it never felt slower. As a matter of fact, it always felt faster, to which most, if not all, will agree was due to the switch from a traditional hard drive to an SSD. Shortly after I purchased it in February, there were some reports that Apple was using different SSDs across the line, some made by Toshiba, and some made by Samsung, and the Samsung ones were faster. I had a Toshiba. Regardless, while I was able to condense my entire life to fir on 128 GB, down from 250 GB, I had no breathing room, so when the 2011 MacBook Airs were announced, I upgraded again.

So I ordered a fully loaded 11.6” model, this time with a 1.8 GHz Core i7 with 4 GB of RAM and a 256 GB SSD. While awaiting its construction and arrival, some initial benchmarks had been released on the web for Lion’s full disk encryption, aka FileVault 2. This was something I was very interested in, but the results seemed inconclusive to me, and none were specific to the upgrade I was awaiting. So, when my new machine arrived, I decided to record and publish my own benchmarks.

The famous Cabel Sasser of Panic put out a tweet the other day regarding Lion’s Address Book’s new Twitter username support:

I thought I’d take up the challenge and I hobbled together an AppleScript to pull this information down.

Like every good computer user, I log into my laptop every day as a non-administrator. Using OS X, it’s quite easy to still run installers and escalate to admin rights on a per-use basis. This means that if some nefarious process wants to go on a deleting spree, it will at least be quarantined to my user folder.

Like every good system administrator, I like to see what’s going on in system.log at any one time. I even use GeekTool to subtly, transparently overlay it on my desktop:

Only one problem, only Administrators can view system.log.

The value is not so much inherent in their use as ringtones, but rather as alarm sounds.

• Non Je Ne Regrette Rien
• Half Remembered Dream (Non Je Ne Regrette Rien at 1/10th speed)
• 528491

Was using my MacBook today tethered to my iPhone 4 over Bluetooth. WiFi was disabled on my Mac, and not connected on the iPhone. I launched Things.app, and to my great surprised, it synced! I tried syncing Jumsoft Money and Bento, and they also synced without a hitch.

This makes perfect sense as OS X speaks Bonjour out of all its interfaces. I’m all but certain it would just fine over USB as well. Naturally, syncing over Bluetooth was not as quickly as syncing over WiFi.

P.S. I even used PasteBot Sync (over Bluetooth) to grab the screenshot for this post.

I’ve never been able to accept a foreign event invitation directly into a CalDAV calendar instead of being forced to put it into a local calendar. With an event I received today, not only did it properly show up in iCal, but holding the Accept button gave me the choice of which CalDAV calendar to put it in:

This must be a result of the 10.6.4 update. It’s long due.