Tag Archives: apple

Under the hood: OS X Server’s Profile Manager

Updated on 6-Nov-13 for OS X Server 3.0 on Mavericks

Let’s say you’re running the MDM software Apple ship with OS X Server, Profile Manager. (You’ve chosen this because you don’t really need the fancy features of Casper and friends.)

Let’s say you’re also running other services that would benefit from live access to Profile Manager’s device metadata, e.g. a Squid proxy that implements MAC-based iOS authentication (because proper proxy authentication has been broken on iOS since forever). “An external_acl_type that could check enrolled device MAC addresses be super-awesome!” you say to yourself.

Where to start?

Turns out, Profile Manager data lives in an embedded PostgreSQL database, and opening it up for remote access is relatively straightforward.

First, you’ll need to modify /Library/Server/ProfileManager/Config/PostgreSQL_config.plist (note: this path has changed in Server 3.0) to enable access over TCP/IP (by default, postgres only listens on a UNIX socket). Edit the existing listen_addresses= entry, and add the last two lines:

<string>-c</string>
<string>listen_addresses=OSX_SERVER_LAN_IP</string>
<string>-c</string>
<string>port=5432</string>

Note: Server 3.0 creates multiple instances of PostgreSQL, one for each service that depends on it, all on different UNIX sockets. Just in case another instance opens PostgreSQL for TCP connections on localhost, I recommend binding the Profile Manager instance to a LAN-facing IP. Alternatively, you could use a non-standard port.

Then tell postgres that any host on your network is allowed to connect with an encrypted password, by adding a line like this to /Library/Server/ProfileManager/Data/PostgreSQL/pg_hba.conf (note: changed in Server 3.0):

host all all 192.168.0.0/16 md5

Almost done! Now you just need to set up a postgres user to connect as. Start by opening a psql session:

sudo -u _devicemgr psql -h /Library/Server/ProfileManager/Config/var/PostgreSQL devicemgr_v2m0

(This entire command has changed in Server 3.0; note particularly the new database name.)

Then you’ll probably want to run a couple of commands like:

CREATE USER squid WITH PASSWORD 'XXXX';
GRANT SELECT ON ALL TABLES IN SCHEMA public TO squid;

If you want to create a more privileged user:

CREATE USER dbadmin WITH PASSWORD 'XXXX';
GRANT ALL ON ALL TABLES IN SCHEMA public TO dbadmin;
GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO dbadmin;
GRANT ALL ON ALL FUNCTIONS IN SCHEMA public TO dbadmin;

Reboot the server and test with pgAdmin or some other PostgreSQL admin tool.

Oh, and don’t blame me if you break your Profile Manager, or Open Directory, or your entire OS X Server.

Fraser Speirs on iPads for consumption and creation

Fraser Speirs on iPads for consumption and creation

This has already done the rounds, but if you haven’t seen it yet, click through for a helpful analysis of the iPad’s suitability for tasks based on their complexity and duration. As usual, Fraser is spot-on.

Also, Apple has just posted a 5-minute video showcasing a school that’s using student iPads REALLY well. (For consumption AND creation.) Worth a watch.

Daring Fireball on “Innovation through simplicity”

Daring Fireball on “Innovation through simplicity”

One of the more common critiques I hear of iOS is that its home screen is boring / featureless / widgetless / uncustomisable.

Now, don’t get me wrong, I’d love to see customisable widgets in the notifications pull-down of iOS. But the simplicity and consistency of its home screen is a win, in my opinion.

Daring Fireball agrees:

The utter simplicity of the iOS home screen is Apple’s innovation. It’s the simplest, most obvious “system” ever designed. It is a false and foolish but widespread misconception that “innovation” goes only in the direction of additional complexity.

Why “Open In” doesn’t solve the brokenness of iOS silos

Why “Open In” doesn’t solve the brokenness of iOS silos

From Federico Viticci, on MacStories:

You just used five apps and created four copies of a file (two of them are iOS Camera Roll + Photo Stream) to annotate a photo. Lather, rinse, repeat for note taking, PDF reading, electronic bill management, and assembling that nice slideshow of your vacation in Italy.

Yes, I love a lot of things about Apple, but it’s not a blind love.

File sharing between apps on iOS still needs a LOT of work. Meanwhile, it’s incredibly annoying, benefits notwithstanding.

Killer [iPhone] app: Fantastical

Killer [iPhone] app: Fantastical

If you follow blogs that talk about apps, you’ve probably already seen this, but if not:

Fantastical is THE must-have iPhone calendar app. It has completely replaced Apple’s built-in one for me. Its free-text event creation is flawless (especially when paired with the iPhone’s dictation), and the innovative “DayTicker” is the best calendar browsing implementation I’ve seen in.. forever.

Go buy it.

On the iPad mini’s lack of retina

I’m not saying anything new here. I’m just doing a brain-dump so I can tell people to “go read my tumblr” rather than answer the same question ad infinitum. I’m lazy (efficient?) like that.

I’ve already made a couple of posts about the iPad mini, but more detail about its “low-resolution screen” has been requested.

The iPad mini has the same pixel count as the iPad 2 – i.e. 1024×768 – so given its size, the mini’s DPI is higher than the iPad 2. That said, it’s definitely not retina. You can easily make out individual pixels (if you try hard and/or care about such things).

I don’t have a problem with this. Apple’s anti-aliasing is excellent, so even text-intensive tasks like reading are comfortable on the iPad mini. That said, if you’ve been spoiled by a retina iPad, your mileage may vary.

But was I disappointed that the iPad mini was announced without a retina display? Yes and no. Obviously a “high-resolution screen” would be great, but at what cost? The device would be more expensive, it would need a more powerful graphics processor, it would draw more power, and to get the same battery life, it would be significantly thicker.

In my opinion, Apple have struck the right balance between price, size and battery life with the iPad mini. Hopefully with ever-improving processors and battery technology, a future mini will be retina. Meanwhile, I love my tiny low-res iPad :)

iPad mini + education = indecision

iPad mini + education = indecision

I should probably add an AUX port to my car stereo. Then I’d be able to listen to more podcasts than I do. (Which is almost none.)

But I was keen to hear Fraser Speirs’ extended thoughts on the iPad mini in K-12 education, so I sat down and listened to this one. It was very helpful, confirming many of my own thoughts on iPads in schools, and adding a few new ones into the mix.

Mostly, it became clearer that it’s genuinely difficult to choose the right device now that Apple are making excellent 8” and 10” tablets. But at least I know which way I’m leaning for each use case at my school.