Cursor Tracking Lag Caused by system_profiler

Posted: May 5, 2013 | Author: | Filed under: Hardware, Mac OS X, Scripting, Uncategorized, Unix | Tags: , , , , , , , , | 3 Comments »

We’ve noticed problems with mouse cursor tracking, on Thunderbolt Macs attached to displays.

In the middle of moving the cursor with mouse or trackpad, the cursor jumps or skips making it difficult to control.

We tracked down the problem to background runs of system_profiler.  Specifically, when system_profiler queries the display for information.

Running system_profiler without flags or with the SPDisplaysDataType data type triggers the problem.

To reproduce the problem at its worst, run the following in Terminal on a Thunderbolt Mac attached to a display and attempt to use the tracking device:

while [ 1 ]; do system_profiler SPDisplaysDataType; done

Apple is aware of the issue, but has stated that this is expected behavior.

Many tools that rely on system_profiler trigger the issue including JAMF Casper Suite, Puppet, and Apple Remote Desktop.  These and other tools routinely inventory the Mac using system_profiler.

There is currently no workaround for getting display information such as Display serial number.  And the only way to avoid the trigger is to run system profiler with each data type excluding SPDisplaysDataType.

If you think Apple should address the issue, please let them know.

Load or Reload a LaunchAgent from installer script

Posted: April 27, 2013 | Author: | Filed under: Deployment, Mac OS X, Scripting, Security, Unix | Tags: , , , , , , , , | 5 Comments »

Apple has some restrictions in place to prevent access to LaunchAgents running in a user session context.

But you may want to load or refresh a LaunchAgent as part of your install without requiring the user to log out and back in.

I prefer not to require logouts and reboots in my installation packages.  Where possible, I use munki’s unattended option so software installs silently and the user is not prompted.

After some experimentation, I came up with this hacky method of getting a LaunchAgent to load from a package being installed as root.  If you have a cleaner way to accomplish this, please let me know.

 

Triggering a shell script from MySQL

Posted: September 14, 2012 | Author: | Filed under: Database, Scripting, Security, Unix | Tags: , , , , , , , | Leave a comment »

Sometimes you need to trigger a script when data changes in mysql.  Sometimes there just aren’t other hooks into the system and the database is your last resort.

It seems like this would be a common use case with a simple solution, but no.

MySQL does support triggers.

However what you can do inside a trigger is limited to what you can do in mysql.  This is good for security.

Using the following DOES NOT work!

\! /bin/ls >> /log/yourlog.txt

The !\ (bang or exclamation point + backslash) is a mysql console feature for running commands in the console.  These are ignored on the actual server.  Do not be fooled.  Since you are testing in the console, it will appear to work once, but the trigger will not cause your code to fire.

So you have two options:

1.) Polling

2.) MySQL UDF (plugin)

Polling

Yes, polling sucks.  But what you can do is still create a trigger that uses a separate (maybe in memory) table for capturing the changes.  Then your polling script only needs to look at that table to do its work.

So you could use something like this:

Create the temp_changes table (this example creates an in memory table):

CREATE TABLE temp_changes (changed_id INT, from_value VARCHAR(40), to_value VARCHAR(40)) ENGINE=MEMORY MAX_ROWS=500;

Create the mysql trigger:

DELIMITER $$
CREATE TRIGGER tg1 AFTER UPDATE ON `table_i_want_to_watch`
FOR EACH ROW
BEGIN
INSERT INTO temp_changes SET from_value = OLD.column_i_want_to_track, to_value = NEW.column_i_want_to_track, changed_id = NEW.id;
END $$
DELIMITER ;

The above will create a row in the temp_changes table with the old and new values and id of the column I want to track in the table I want to watch.  Substitute column_i_want_to_track and table_i_want_to_watch with your own table and column names.

Read the MySQL trigger documentation if you need to do something different.  This is just an example.

Now your external polling script can query only the temp_changes table without polling your whole database for changes.

MySQL UDF (plugin)

MySQL UDFs offer a powerful way to extend the functionality of your MySQL database.  But with great power comes great responsibility right?  (A. Yes.)

These plugins are written in C.  They need to be compiled and installed in your mysql plugins folder on the mysql server.

Plugins add custom functions you your mysql server.

Security is a major concern with this option because these functions run with the same privileges as the mysqlserver user.

There are a number of plugins published here including lib_mysqludf_sys, that will allow you to run shell commands.

Here is the justifiably scarey warning from that site:

Be very careful in deciding whether you need this function. UDFs are available to all database users – you cannot grant EXECUTE privileges for them. As the commandstring passed to sys_exec can do pretty much everything, exposing the function poses a very real security hazard.

Even for a benign user, it is possible to accidentally do a lot of damage with it. The call will be executed with the privileges of the os user that runs MySQL, so it is entirely feasible to delete MySQL’s data directory, or worse.

SQL injection takes on new meaning when the attacker can also run any command on your server.

So my recommendation is to download the source and modify it to hard code a specific path to the executable you want to run if you go this route. I was going to do this, but I’ve had to move on to other endeavors now.

Using the UDF plugin still involves using the mysql trigger functionality.  See Mike E’s solution on this stackoverflow post.

dockutil 1.1.2 released

Posted: May 26, 2012 | Author: | Filed under: Deployment, dockutil, Mac OS X, Python, Scripting, Unix | Tags: , , , , | 1 Comment »

No feature changes, just a few bug fixes:

  • fix issue with replacing a url dock item
  • add legacy support –hupdock option for backward compatibility
  • fix paths with spaces when passing full path to plist

https://github.com/downloads/kcrawford/dockutil/dockutil-1.1.2.pkg.dmg

dockutil 1.1 released

Posted: February 5, 2012 | Author: | Filed under: Deployment, dockutil, Mac OS X, Mac OS X Server, Python, Scripting | 7 Comments »

Version 1.1 of dockutil is out:

  • fixes many issues with paths (should now work with Default User Template and other paths with spaces)
  • adds option to not restart the dock (–no-restart)
  • fixes issue where item would be added multiple times (use –replacing to update an existing item)
  • resolves deprecation warnings
  • adds option to remove all items (–remove all)
  • fixes issue with removals when a url exists in a dock
  • adds option –version to output version

Ruby Time to Integer does give you seconds since Epoch

Posted: August 26, 2011 | Author: | Filed under: Ruby, Scripting | Tags: , , , , | Leave a comment »

“Time is stored internally as the number of seconds with fraction since the Epoch, January 1, 1970 00:00 UTC.”

 >>require 'time'
 >>Time.parse("January 1, 1970 00:00 UTC").to_i
 => 0

As expected, but nice to verify.

For the reverse, be sure to use Time.at rather than Time.new

>> Time.at(0).to_i
=> 0
>> Time.new(0).to_i
=> -62167201200

Tips for writing command line tools in ruby

Posted: August 2, 2011 | Author: | Filed under: Mac OS X, Ruby, Scripting, Uncategorized, Unix | Tags: , , , , , , , , , , | Leave a comment »
  1. Option parsing: Read this article by Allen Wei on RubyLearning Blog for a great overview.  I recommend sticking with the built-in OptionParser if you want to reduce dependencies.
  2. If you want your code to be loadable so you can access functions and classes in the irb console for testing, use the following pattern: 
    def main
 #option parsing and execution code here
end
if __FILE__ == $0
 main()
end

    This way the main function will only be automatically called if the script is being executed on the command line.
    And in irb, you can call your functions and classes as you see fit for testing without triggering your whole script to run.

    Note that this is similar to the python __main__ test if you are coming from a python background.

  3. Naming without ruby’s.rb extension: You can name your executable without the rb extension if you wish, just be sure to include your shebang (#!)

    To use the user’s default ruby, use:
    #!/usr/bin/env ruby
    But in some cases you may want the specify the path to ruby so you can use macruby or rubycocoa if you are need those frameworks to be available
    #!/usr/bin/ruby

    When testing in irb,
    require 'script-name'
    won’t work without the rb extension, but
    load 'script-name'
    does work.
  4. Use exit codes. When your script fails or needs to communicate status at exit, use standard exit status codes.
    Exit zero for default success status
    exit 0
    Exit any other number for a failure or warning status. You choose the exit codes for your tool, but be sure to document them if they require more explanation than simple success or failure.
    exit 27
  5. Output to stderr using:
    $stderr.puts "error: problem ...."

Parsing Mac OS X System Profiler

Posted: February 4, 2011 | Author: | Filed under: Deployment, Hardware, Mac OS X, Mac OS X Server, Scripting, Unix | Tags: , , , , , , , , , , , | 3 Comments »

It is pretty cool how Apple System Profiler has a command line equivalent (system_profiler). And it is pretty cool how system_profiler has a -xml option to allow for easier parsing. You might use this info for extracting asset information into a database or for puppet facter facts.

However if you’ve ever looked at that xml, you know that it is a tree full of unpredictable semi-structured data that was designed specifically for the GUI app. So even though you can parse it with your favorite plist parser, there is still a lot more work to do to get to the data you care about.

The tree structure is nice for a browsing through on a single machine, but not so good for reporting across many machines.

Apple stores most of the same data as key value pairs in its database for ARD reporting, but they do a lot of massaging of the data to get it that way.

It is possible to get at this data in an ARD database if you have an ARD collection server, but an ARD collection server isn’t for everyone and doesn’t serve every use case.

You can still get at the nicely formatted ARD information. ARD client includes a tool that outputs most, if not all of the asset information you care about in a much nicer structured format for reporting.

The tool is called sysinfocachegen and you use it like this:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/sysinfocachegen -p /tmp/com.yourorganization.systeminfo.plist

Just use your favorite language’s plist parser to read the plist.

Quickly Calculate size of radmind Transcript Payload

Posted: May 13, 2010 | Author: | Filed under: Deployment, Mac OS X, Scripting, Unix | Tags: , , , , , | 1 Comment »

grep ^[af] /var/radmind/transcript/transcript_name.T | awk ‘{sum = sum + $7} END {print sum/1000}’

Every line that starts with “a” or “f” is a file. Sum up the size field. Divide by 1000 to get KB.

← Older Entries
Follow

Get every new post delivered to your Inbox.