Mountain Lion was released in July 2012, its encryption code was effectively identical to that in Lion. As is usual Apple still had to apply for a new certification for Mountain Lion and did so. However the wheels obviously grind very slowly and it was only on June 14th 2013 that Mountain Lion finally received FIPS 140-2 certification.
This should now make it possible to use Apple's built-in FileVault2 encryption in organisations that require a FIPS 140-2 certified product. I myself have been using PGP instead due to this issue.
Anyone interested in doing this should visit the following two links
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2013.htm (search for Apple)
http://support.apple.com/kb/ht5396
Monday 24 June 2013
Sunday 23 June 2013
Using Apple Lossless (aka. ALAC) in Windows
Apple has without a doubt won the music wars, their iPods and now iOS devices are by far the most popular personal music players, and the iTunes Store is by far the most popular music download store. Even Microsoft has conceded defeat and discontinued their Zune Player and store. Furthermore when Windows 7 was launched Microsoft added built-in support for AAC format music files as popularised by Apple.
However many people want to use a lossless music format rather than a lossey format like MP3 or AAC and this is still an area that requires a bit of extra work. First some background.
Many years ago I decided to setup a Microsoft Media Center because back then and still now, it was far superior to any equivalent solution on the Mac. Yes this maybe a shock but it’s true :)
Elgato’s EyeTV does a great job for recording and playing back TV shows but that is all it does. FrontRow (when it existed) could playback files including your iTunes Music library but could not do TV recording. At the time PlexApp did not exist but even XBMC which PlexApp is based on also does not do live TV or record TV. While there are some equivalents to Microsoft Media Center like Myth, or MediaPortal, or SageTV they either did not work on the Mac at all, or had poor support for Mac compatible TV tuners, or were not as attractive as Microsoft Media Center. Gasp! Another shock, a piece of attractive Microsoft Software!
So I wanted to use Microsoft Media Center (running on a Mac of course via Boot Camp). However I wanted to have a single copy of my music and still be able to sync it to my iPod or iPhone which meant the music needed to be in a format compatible with those devices. On the Apple side, supported music formats are MP3, AAC, AIFF, WAV, and Apple Lossless. On the Windows side supported formats were MP3, WMA, WAV, and AIFF. However Apple software does not support tags in WAV files, and Windows Media Player does not support tags in AIFF. Also as you can see from that list Apple Lossless was not supported at all in WMP. I therefore began by looking for additional codecs for WMP to let it play Apple Lossless files. I rapidly found several codecs that supported AAC for WMP but after an extensive search found there was none at all for Apple Lossless. So initially I had to settle for using AAC which could be used on both Apple and Microsoft systems with full support for meta-tags.
I did not give up, I then decided to look for any Windows solutions that supported Apple Lossless in the hope one might be adapted to my needs, I then found that a plugin was available for dbPowerAmp and Foobar2000 but that it could not be used with Windows Media Player. I then found a developer library called BASS which is available for Windows and Mac. On their website I also found an addon which supports Apple Lossless in Windows. These by themselves were not a solution, but at the same time I found a developer called Milenko Mitrovic had used the BASS library and a BASS MP3 addon and made a directshow filter called DC-BassSource out of them. This showed that it would be possible in theory to do the same with the Apple Lossless addon. I managed to get in touch with the developer of DC-BassSource and persuaded him to make a new version which added support for Apple Lossless (and AAC). When he sent it to me for testing, I then became the first person in the world to successfully play an Apple Lossless music track in Windows Media Player. As Microsoft Media Center uses WMP to manage and play the music it then meant I could also successfully play the music in Media Center as well.
There was only one final step that needed addressing which was allowing WMP to read the tags in AAC and Apple Lossless files. (Both use the same file MPEG4 file format, file extension and tag format.) As there was already several codecs available for WMP to let it play AAC files there was also already two different plugins available for WMP to let it read tags from AAC files and since Apple Lossless uses the same file extension, file format, and tag format these worked equally well for Apple Lossless files. These two plugins are WMP Tag Support Extender and WMP Tag Plus. The combination of the modified DC-BassSource codec and one of these two WMP plugins meant that you could easily add Apple Lossless tracks to WMP and it would read the embedded tags to show the track name, album name, artist etc. You could even set WMP to monitor your iTunes library folder and when you added a new track/album to iTunes WMP would automatically spot this and add them to its own library using the same single copies of each track.
This was an excellent result and worked fine from Windows XP through Windows Vista (not that I used Vista myself). However Microsoft did initially throw a spanner in the works when they released Windows 7. As you may remember above I mentioned that Microsoft added built-in support for AAC with Windows 7, they even added built-in support for reading MPEG4 tags as used in AAC files and even supported reading the embedded album artwork from AAC files. In theory this should not have been a problem, it was still possible to add an additional codec to allow playing Apple Lossless in WMP with Windows 7 and in theory as Apple Lossless files use the same file extension, file format, and tag format it should have happily read tags from Apple Lossless files as well. Unfortunately Microsoft went out of their way to specifically detect these files were not AAC files and even though (with the additional codec) it could play them Microsoft chose deliberately to move them to the ‘other’ section and not treat them as music files. This was incredibly frustrating as the pre-release version of Windows 7 had not done this. Fortunately Tim De Baets the developer of WMP Tag Plus was eventually able to come up with a way of tricking WMP in to thinking Apple Lossless files were AAC files. We could now once again have them play in WMP and have WMP accept them as music files and read the tags and artwork from them.
There was one more added complexity with Windows 7 which had already been solved. The preferred type of codec in Windows 7 was no longer directshow filters but a new type called Media Foundation. If a suitable Media foundation codec was present it took precedence over a directshow filter one. Therefore the built-in Media Foundation codec for AAC took precedence over the directshow AAC/Apple Lossless codec meaning that initially it would not play Apple Lossless even if you installed the appropriate directshow filter. Fortunately a new multi-codec pack was released for Windows7 which was known as Win7Codecs from ‘Shark007’. This included the same modified DC-BassSource directshow filter but had a button specifically for disabling the built-in Media Foundation AAC codec thereby allowing the DC-BassSource codec to take over.
If you would also like to use Apple Lossless with windows then download the appropriate choice from the list below.
Windows XP or Windows Vista
DC-BassSource - http://www.dsp-worx.de/?n=15
Wmp Tag Plus - http://bmproductions.fixnum.org/wmptagplus/index.htm
Windows 7 or Windows 8
Win7Codecs - http://shark007.net/win7codecs.html
WMP Tag Plus - http://bmproductions.fixnum.org/wmptagplus/index.htm
As a bonus iTunes itself can now automatically convert from Apple Lossless to AAC when syncing to an iPod or iOS device. This allows you to keep your music on your computer in its full lossless original quality, and to copy a slightly lower quality version to your music device that takes up less space – which as iPods or iOS devices have far less storage space is an important consideration. With this automatic conversion you do not have keep two copies of each track.
Apple Lossless is now an open-source standard with free source-code available here http://alac.macosforge.org/
However many people want to use a lossless music format rather than a lossey format like MP3 or AAC and this is still an area that requires a bit of extra work. First some background.
Many years ago I decided to setup a Microsoft Media Center because back then and still now, it was far superior to any equivalent solution on the Mac. Yes this maybe a shock but it’s true :)
Elgato’s EyeTV does a great job for recording and playing back TV shows but that is all it does. FrontRow (when it existed) could playback files including your iTunes Music library but could not do TV recording. At the time PlexApp did not exist but even XBMC which PlexApp is based on also does not do live TV or record TV. While there are some equivalents to Microsoft Media Center like Myth, or MediaPortal, or SageTV they either did not work on the Mac at all, or had poor support for Mac compatible TV tuners, or were not as attractive as Microsoft Media Center. Gasp! Another shock, a piece of attractive Microsoft Software!
So I wanted to use Microsoft Media Center (running on a Mac of course via Boot Camp). However I wanted to have a single copy of my music and still be able to sync it to my iPod or iPhone which meant the music needed to be in a format compatible with those devices. On the Apple side, supported music formats are MP3, AAC, AIFF, WAV, and Apple Lossless. On the Windows side supported formats were MP3, WMA, WAV, and AIFF. However Apple software does not support tags in WAV files, and Windows Media Player does not support tags in AIFF. Also as you can see from that list Apple Lossless was not supported at all in WMP. I therefore began by looking for additional codecs for WMP to let it play Apple Lossless files. I rapidly found several codecs that supported AAC for WMP but after an extensive search found there was none at all for Apple Lossless. So initially I had to settle for using AAC which could be used on both Apple and Microsoft systems with full support for meta-tags.
I did not give up, I then decided to look for any Windows solutions that supported Apple Lossless in the hope one might be adapted to my needs, I then found that a plugin was available for dbPowerAmp and Foobar2000 but that it could not be used with Windows Media Player. I then found a developer library called BASS which is available for Windows and Mac. On their website I also found an addon which supports Apple Lossless in Windows. These by themselves were not a solution, but at the same time I found a developer called Milenko Mitrovic had used the BASS library and a BASS MP3 addon and made a directshow filter called DC-BassSource out of them. This showed that it would be possible in theory to do the same with the Apple Lossless addon. I managed to get in touch with the developer of DC-BassSource and persuaded him to make a new version which added support for Apple Lossless (and AAC). When he sent it to me for testing, I then became the first person in the world to successfully play an Apple Lossless music track in Windows Media Player. As Microsoft Media Center uses WMP to manage and play the music it then meant I could also successfully play the music in Media Center as well.
There was only one final step that needed addressing which was allowing WMP to read the tags in AAC and Apple Lossless files. (Both use the same file MPEG4 file format, file extension and tag format.) As there was already several codecs available for WMP to let it play AAC files there was also already two different plugins available for WMP to let it read tags from AAC files and since Apple Lossless uses the same file extension, file format, and tag format these worked equally well for Apple Lossless files. These two plugins are WMP Tag Support Extender and WMP Tag Plus. The combination of the modified DC-BassSource codec and one of these two WMP plugins meant that you could easily add Apple Lossless tracks to WMP and it would read the embedded tags to show the track name, album name, artist etc. You could even set WMP to monitor your iTunes library folder and when you added a new track/album to iTunes WMP would automatically spot this and add them to its own library using the same single copies of each track.
This was an excellent result and worked fine from Windows XP through Windows Vista (not that I used Vista myself). However Microsoft did initially throw a spanner in the works when they released Windows 7. As you may remember above I mentioned that Microsoft added built-in support for AAC with Windows 7, they even added built-in support for reading MPEG4 tags as used in AAC files and even supported reading the embedded album artwork from AAC files. In theory this should not have been a problem, it was still possible to add an additional codec to allow playing Apple Lossless in WMP with Windows 7 and in theory as Apple Lossless files use the same file extension, file format, and tag format it should have happily read tags from Apple Lossless files as well. Unfortunately Microsoft went out of their way to specifically detect these files were not AAC files and even though (with the additional codec) it could play them Microsoft chose deliberately to move them to the ‘other’ section and not treat them as music files. This was incredibly frustrating as the pre-release version of Windows 7 had not done this. Fortunately Tim De Baets the developer of WMP Tag Plus was eventually able to come up with a way of tricking WMP in to thinking Apple Lossless files were AAC files. We could now once again have them play in WMP and have WMP accept them as music files and read the tags and artwork from them.
There was one more added complexity with Windows 7 which had already been solved. The preferred type of codec in Windows 7 was no longer directshow filters but a new type called Media Foundation. If a suitable Media foundation codec was present it took precedence over a directshow filter one. Therefore the built-in Media Foundation codec for AAC took precedence over the directshow AAC/Apple Lossless codec meaning that initially it would not play Apple Lossless even if you installed the appropriate directshow filter. Fortunately a new multi-codec pack was released for Windows7 which was known as Win7Codecs from ‘Shark007’. This included the same modified DC-BassSource directshow filter but had a button specifically for disabling the built-in Media Foundation AAC codec thereby allowing the DC-BassSource codec to take over.
If you would also like to use Apple Lossless with windows then download the appropriate choice from the list below.
Windows XP or Windows Vista
DC-BassSource - http://www.dsp-worx.de/?n=15
Wmp Tag Plus - http://bmproductions.fixnum.org/wmptagplus/index.htm
Windows 7 or Windows 8
Win7Codecs - http://shark007.net/win7codecs.html
WMP Tag Plus - http://bmproductions.fixnum.org/wmptagplus/index.htm
As a bonus iTunes itself can now automatically convert from Apple Lossless to AAC when syncing to an iPod or iOS device. This allows you to keep your music on your computer in its full lossless original quality, and to copy a slightly lower quality version to your music device that takes up less space – which as iPods or iOS devices have far less storage space is an important consideration. With this automatic conversion you do not have keep two copies of each track.
Apple Lossless is now an open-source standard with free source-code available here http://alac.macosforge.org/
Saturday 22 June 2013
Running Django webapps with OS X Server.app
Django is a framework for writing python webapps. Typical instructions for installing and running Django webapps are targeted at Linux environments but as OS X is a full Unix operating system and supports the same open-source software as Linux including Python, Apache and Django it is possible to use (almost) the same Linux aimed instructions to install and run a Django webapp.
However if you want to run such a Django webapp via Apple’s Server.app software then you need to undertake some extra steps. One step that you will not need to do if you have Apple’s Server.app installed is to install mod_wsgi to allow the Apache webserver to run Django i.e. Python webapps. While the standard OS X does not include this module Server.app does.
This article will give an overview for installing a Django webapp for use with OS X Server.app but another later article will specifically show how to install the Django webapp ‘Crypt Server’. First we will look at how to install Django itself, the typical instruction for installing Django is -
sudo pip install django
However OS X as standard does not have the pip tool installed. OS X does have a similar tool called easy_install which could be used to install django but fortunately you can also use easy_install to install pip itself as follows
sudo easy_install pip
You can then use the command
sudo pip install django
You can then test it has been successfully installed and confirm what version it is using the following commands
sh-3.2# python
Python 2.7.2 (default, Oct 11 2012, 20:14:37)
[GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import django
>>> print django.get_version()
1.5.1
>>> quit()
sh-3.2#
After installing Django you would then download and install your webapp. We then need to setup various files so the webapp can be managed via Server.app. Apple don’t really provide any documentation on how to do this (hence this article) but fortunately they do provide an example which is located at
/Library/Server/Web/Config/apache2/webapps/com.apple.webapp.wsgi.plist
So the first step would be to make a copy of that with a new name. The following is what that files contains.
Note: You can also test your webapp without Apache using the command
python manage.py runserver 80
(You have to do this from the webapp directory.) This uses the lightweight webserver included with Django instead of Apache and means it also is not managed via Server.app
However if you want to run such a Django webapp via Apple’s Server.app software then you need to undertake some extra steps. One step that you will not need to do if you have Apple’s Server.app installed is to install mod_wsgi to allow the Apache webserver to run Django i.e. Python webapps. While the standard OS X does not include this module Server.app does.
This article will give an overview for installing a Django webapp for use with OS X Server.app but another later article will specifically show how to install the Django webapp ‘Crypt Server’. First we will look at how to install Django itself, the typical instruction for installing Django is -
sudo pip install django
However OS X as standard does not have the pip tool installed. OS X does have a similar tool called easy_install which could be used to install django but fortunately you can also use easy_install to install pip itself as follows
sudo easy_install pip
You can then use the command
sudo pip install django
You can then test it has been successfully installed and confirm what version it is using the following commands
sh-3.2# python
Python 2.7.2 (default, Oct 11 2012, 20:14:37)
[GCC 4.2.1 Compatible Apple Clang 4.0 (tags/Apple/clang-418.0.60)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import django
>>> print django.get_version()
1.5.1
>>> quit()
sh-3.2#
After installing Django you would then download and install your webapp. We then need to setup various files so the webapp can be managed via Server.app. Apple don’t really provide any documentation on how to do this (hence this article) but fortunately they do provide an example which is located at
/Library/Server/Web/Config/apache2/webapps/com.apple.webapp.wsgi.plist
So the first step would be to make a copy of that with a new name. The following is what that files contains.
<?xml version="1.0" encoding="UTF-7"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>name</key> <string>com.apple.webapp.wsgi</string> <key>displayName</key> <string>Python "Hello World" app at /wsgi</string> <key>launchKeys</key> <array/> <key>proxies</key> <dict/> <key>installationIndicatorFilePath</key> <string>/Library/Server/Web/Data/WebApps/hello.wsgi</string> <key>includeFiles</key> <array> <string>/Library/Server/Web/Config/apache2/httpd_wsgi.conf</string> </array> <key>requiredModuleNames</key> <array> <string>wsgi_module</string> </array> </dict> </plist>
You then need to make the following changes, the name key needs to match the name of the copy of the above file you made, the displayName can be anything you want and is the description that will show up in Server.app, the installationIndicatorFilePath is a file it will look for to confirm your webapp is actually installed and therefore allow running it, and includeFiles is another configuration file we will look at next. You do not have to alter it but the requiredModuleNames ensures the mod_wsgi module is loaded so it can run the wsgi script i.e. the python code that makes up your webapp.
Now looking at the above mentioned includeFiles value. If you look at the file the example points to which is /Library/Server/Web/Config/apache2/httpd_wsgi.conf you will need to make your own copy of this (and updated includeFiles to match) and this is what that example contains
WSGIScriptAlias /wsgi /Library/Server/Web/Data/WebApps/hello.wsgi
This works just like a standard apache alias command and lets you point Apache to where your wsgi script is located which can be anywhere on computer and does not have to be in the standard websites folder. So you would put the full file path to your wsgi script here. This is typically somewhere in the set of folders making up your webapp. The wsgi file would be provided as part of your webapp.
Tip: If your 'wsgi' file actually came as wsgi.py then you need to rename it to have a wsgi file extension e.g. something.wsgi this is because Apache at least in Apple's configuration only accepts that file extension.
Tip: If your 'wsgi' file actually came as wsgi.py then you need to rename it to have a wsgi file extension e.g. something.wsgi this is because Apache at least in Apple's configuration only accepts that file extension.
Presuming you have now installed Django, your webapp, and setup the above files for Server.app the final step is to create a website in Server.app which will host your webapp. This is pretty much the same process as creating a normal website but with the additional step that you click on the ‘Edit Advanced Settings…’ button in the new website and enable the entry for your webapp that should hopefully now be listed.
Note: You can also test your webapp without Apache using the command
python manage.py runserver 80
(You have to do this from the webapp directory.) This uses the lightweight webserver included with Django instead of Apache and means it also is not managed via Server.app
Saturday 15 June 2013
DHCP Server on OS X Server
No Apple code was harmed during the production of this utility.
Ever since Mac OS X Server was introduced, Apple have included a DHCP Server. This was and still is based on the open-source bootpd server. This article is not intended to discuss the purpose of a DHCP server, for that you might want to read http://en.wikipedia.org/wiki/Dhcp.
While the original open-source bootpd server has the capability to define additional fields of information (via DHCP option fields) that can be provided via DHCP to clients, the version included with Mac OS X 10.4.11 Server and earlier did not support this. After several years of my and presumably others submitting requests for this feature, this was finally added to Mac OS X 10.5 Server. The overwhelming majority of router based DHCP servers do not have the ability to define DHCP option fields.
Note: This is a facility Microsoft have provided since at least Windows 2000 Server.
Probably the most common scenario that you would come across that needs DHCP option fields, is the use of a VoIP (Voice over IP) phone system. It was my experience that small to medium enterprises were earlier to adopt this type of phone system than big enterprises, and these smaller organisations are also more likely to use Macs and Mac servers - just like the company I run the IT for in fact.
So, Apple finally introducing the ability to define DHCP option fields in Mac OS X 10.5 Server was good news. Unfortunately, Apple did not and still does not even in OS X 10.8 Mountain Lion Server, provide a user friendly method for defining these values which are stored as Base64 encoded data values in the /etc/bootpd.plist configuration file. Thanks to the efforts of myself and others, the method of generating and encoding values has now been sufficiently deciphered that I am now able to create and provide a simple utility with a graphical user interface that mere mortals can use to generate any required DHCP option field. Here is what it looks like…
It can be downloaded free of charge from -
DHCP Option Code Utility
If you don’t feel comfortable editing Unix configuration files like /etc/bootpd.plist then I advise you don’t try doing this. If you have not already, I advise reading the Unix man page for “bootpd” on your Mac OS X 10.5, 10.6, 10.7, or 10.8 server. This is done in the Terminal.app by typing “man bootpd”.
Update: DHCP Option Code Utility 1.1 has the following improvements.
- It now works under Mountain Lion properly (1.0 worked from Tiger to Lion), this was due to a change Apple made
- It now can generate null-terminated strings as well as normal strings, null-terminated strings are used for example to define PXE boot servers in DHCP Option Code 67
- It is now more forgiving on the format of text entered for hexadecimal values and will happily ignore spaces, colons, and dashes making it simpler to just paste a value in
Subscribe to:
Posts (Atom)