Archive for the 'Apple' Category

HOWTO: Correct and avoid clock skew on Windows and OS X platforms

ntpd-server-statsThis has come up a lot recently in the context of Zwift rides and races, becasue many rider’s PC and Mac gaming rigs are suffering clock skew. In short, it can be defined as:

“Clock skew is when the clock arrives at different points of the circuit at different times due to the distance, capacitance etc which may cause it to malfunction.”

If you want more detailed set of diagrams and explanations describing clock skew, there’s a great discussion on the StackExchange electronics forum about it.

When your machine is suffering from clock skew, you can inadvertently enter a ride or race earlier or later than you meant to do, and your overall finish time can be later than you expect. For races where the winner is separated from the other podium places by mere seconds or less, having an accurate clock matters!

Here’s how to fix it for both Microsoft Windows and Mac OS X platforms!

Read the rest of this entry »

HOWTO: Fully automated Zwift login on Mac OS X

Zwift LogoQuite a few riders on the Facebook Zwift Riders group have expressed an interest in this, so I decided to take a couple of hours, learn AppleScript and knock this out. Done! (if you’re on Windows, you want this other HOWTO instead)

What this code does, is allows you to create a single icon that will log you into Zwift, with no human interaction needed. It will put in your email, password, click the “Start Ride” button and away you go!

This also leverages the OS X Keychain to store your Zwift email address and password, so it’s secure, not leaked into the filesystem and is able to be called on by any other apps that might need it (ahem, like… Zwift itself!) :D

So here’s how to get it working…

First, we need to create a separate keychain to store the Zwift credentials. You could store them in the main keychain, but I’m a fan of credential separation, so let’s use that.

Launch Keychain Access on your Mac (cmd + spacebar, type in “Keychain”).
Mac OS X Keychain Access

You’ll see a number of keychains listed there in the upper-left of Keychain Access. We’re going to create a new one, so go to File -> New Keychain and call it whatever you want.

I called mine “Zwift” so I can remember it when I see it on the filesystem or in the app later. It should default to save in ~/Library/Keychains/. Don’t change this path for now.

When you click “Create”, you’ll be prompted for a password to secure that keychain. Make it something relatively strong if you want to protect your credentials. If you don’t care, make it weak. Click on “Ok” and it will be created and saved.

Creating the Zwift keychain

Now right-click on the new keychain you just created in the list and select “Change Settings for Keychain Zwift”. We’re going to adjust the timeout when you have to re-enter your password to unlock this keychain.

Changing Zwift keychain settings

If you want a fully automated login, where you never have to enter a password or interact with this at all, uncheck both boxes, so it doesn’t lock after inactivity or when your computer goes to sleep.

If you prefer a bit more control/security, change the settings as you see fit.

Mine looks like this:

Zwift keychain timeout settings

Click on “Save” to save those settings.

Next, we need to add an account to the keychain. This will be your Zwift account, the same one you use to log into Zwift itself in the app and on the website. Click the little [+] at the bottom of the Keychain Access window to create a new entry. Here’s what it should look like when you’ve got it filled out correctly:

Creating a new Zwift keychain entry

Click on “Add” to add this entry to the keychain. Now you’ll see one entry in your list.

Zwift keychain user login entry

If you right-click on the entry, you can add some more details to it, but you don’t need to. I left it at the defaults.

Zwift keychain account additional details

Now let’s test that it locks and unlocks properly. Right-click on the keychain in the list on the left side and choose “Lock Keychain Zwift” (do not accidentally choose “Make Keychain Zwift Default”, or you’ll have a bad time)

Locking the Zwift keychain

Once locked, you’ll see the litte padlock icon next to it show “closed”. Right-click again and select “Unlock Keychain Zwift”, put in your password and see that it cleanly unlocks and that the padlock shows “open” next to the name:

Unlocking the Zwift keychain

That’s just about the hardest part of this process. Now on to the code!

I’ve never written a single byte of AppleScript until today, so I decided to give it a shot, learn the language, tried a few early attempts at this storing passwords in the code, then in files I’d read from disk, then encrypted files I’d decrypt, but that was messy. Why reinvent the wheel when OS X already has an encrypted keystore I can use? So I did.

Launch “Automator” (cmd + spacebar) and when prompted, select “Application” and click “Choose” to create one.
Mac OS X Automator
Mac OS X Automator Start screen

You’ll see a blank screen on the right and some macros and variables on the left. Don’t be scared, this is going to be EASY!

In the search dialog in the upper-left area, start typing “AppleScript”. You should see the list of items shorten to only one, as shown here:

Automator with AppleScript

Click that one entry and drag it to the empty canvas area on the right side of the Automator screen. When you let go, you’ll see something that looks like this on the right:

AppleScript starting point

Put your cursor in that window, select all of that default boilerplate and delete it, we’re going to start with a blank script here.

Blank AppleScript script

I’ve already written the code for you, so all you need to do here is cut and paste it into this window. Here’s the code (also available as a downloadable file by clicking this link)

on run {input, parameters}
  set userName to long user name of (system info)                 # User's full name
  set userHome to (system attribute "HOME")                       # User's home directory
  set secBin to "/usr/bin/security"                               # Full path to 'security' binary
  set kcName to "\"Zwift Login\""                                 # Keychain Name
  set kcPath to userHome & "/Library/Keychains/Zwift.keychain"    # Path to where the Zwift keychain lives
  set mySedMess to "sed 's/.*\"acct\"<blob>=\"\\(.*\\)\"/\\1/'"   # A horrible mess of sed. Nuff sed.
  
  # This is ugly, but it's the only way I could find to pull the account name from the Keychain.
  # Don't forget all of those escaping backslashes! (LTS - Leaning Toothpick Syndrome)  
  set zUser to do shell script (secBin & " " & "find-generic-password 2>&1 /dev/null -gs " & kcName & " " & kcPath & " | grep acct | " & mySedMess)
 
  set zPass to do shell script (secBin & " " & "find-generic-password -wa " & zUser & " -gs " & kcName & " " & kcPath)
  
  activate application "Zwift"

  tell application "System Events"
    delay 3                                              # Wait for the login dialog to show up
    set frontmost of process "Zwift" to true             # Force Zwift process to the front
    keystroke tab                                        # Put the cursor into the Email field
    keystroke zUser                                      # Send the username (from above)
    keystroke tab                                        # Jump to the Password field
    keystroke zPass                                      # Send the password
    keystroke return                                     # Press Enter to start the fun!
    
  end tell
  return input
end run

Cut and paste that into the script window (or use the direct link to the file).

At the very top of the file are a couple of minor tunables. Make sure those match what your system and environment are set up with. If you chose a different name for your keychain file for example, you’ll need to change that here. Likewise with the name of the account’s title within that keychain; change that here as well. If you called it “Zwift” and used “Zwift Login” as I did, you don’t need to change anything.

Also, there are some delays built into the script (search for the word ‘delay’). If your system is a bit slower, you may need to increase that delay by a few seconds.

cmd + S to save the script, which should prompt you for a name. I called this one “AutoZwift”, but you can call it whatever you like. This will become its own standalone .app file you can launch from anywhere by double-clicking on it, so feel free to put it wherever you want.

We’re not quite done! Before you close Automator, let’s make sure it works as expected. Click the little “Run” button on the far, upper-right corner of the Automator GUI to test the script. If you got everything correct, you should get no warnings, errors or popup dialog boxes.

Automator Run button

One last thing: Because you’re asking Automator to read events and pass keyboard events into windows owned by other processes, you need to grant Automator the permission and access to do so. To do that, go into your System Preferences -> Security & Privacy and make sure you enable (check the box) Automator to do so:

OS X Security & Privacy

OS X Automator Permissions

Now you should have a fully-automated Zwift login icon with credentials secured by your OS’ built-in encrypted keystore.

Good luck and #RideOn!

(p.s. For those run Zwift on Microsoft Windows, I’ve written a detailed HOWTO for you too! Stay tuned for more great HOWTOs for Zwift!)

How Many Java Versions is Enough for Mavericks, Apple?

Apple OSX Mavericks logoA lot of software outright fails to work on Apple OS X Mavericks.

It’s a disaster. Almost nothing works right.

Not only is the entire OS noticeably slower, by several orders of magnitude over the previous Lion (10.7.5) was running until a few days ago on my 11″ MacBook Air, but there are dozens and dozens of glaringly-obvious bugs that make me want to go back to my Linux laptop full-time.

Here are some obvious ones:

  • The trackpad randomly disables two-finger scrolling and the only way to get it back is to either log out and back in, or restart the machine entirely.
  • The direction of the trackpad scrolling was reversed after the upgrade. Dragging fingers down, used to pull the page down, now it pulls the page up. You can flip the toggle to reverse it, but why was it changed at all from the default?
  • The audio up/down buttons are about 1-2 seconds behind the actual button press, which is a bit disjointed when you’re trying to determine how far down or up to change the volume for a video or song.
  • USB Ethernet used to work plug-and-play, but now if your OS X machine is booted and you connect a USB Ethernet dongle, it will not be recognized, until you reboot the machine with the dongle plugged in. Every time. This feels like Windows to me. I never had to do this with Lion previously.
  • There’s a cut-off/echo with the voices in OS X Mavericks. When I have the clock set to announce the time every 15 minutes, instead of “It’s three-fifteen” or “It’s eleven o’clock”, I hear “…ee fifteen” or “…ven o’clock”, the first 1-2 syllables are completely missing, cut off.

There are dozens more that I’ve tripped on (and reported), but they still hamper productive use of the machine.

I also run several apps that depend on Java, including XCode, XMind, The Hit List and others. Most of these just flat-out fail to function. I was so frustrated at the amateurish quality of this major “greatest ever” OS update, that I started investigating myself.

Apple, a plea… how many Java versions, incorrect, non-current Java versions is enough? On this upgraded version of OS X (Lion -> Mavericks), I count 6+ distinct installs!

# OpenJDK Runtime Environment (build 1.7.0-internal-root_2012_07_25_17_59-b00)
./Applications/Xcode.app/Contents/Applications/Application Loader.app/Contents/MacOS/itms/java/bin/java

# Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
./Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java

# Java(TM) SE Runtime Environment (build 1.7.0_04-b21)
./Library/Java/JavaVirtualMachines/1.7.0.jdk/Contents/Home/bin/java

# Java(TM) SE Runtime Environment (build 1.7.0_04-b21)
./Library/Java/JavaVirtualMachines/1.7.0.jdk/Contents/Home/jre/bin/java

# Java(TM) SE Runtime Environment (build 1.7.0_04-b21)
./System/Library/Frameworks/JavaVM.framework/Versions/A/Commands/java

# Java(TM) SE Runtime Environment (build 1.6.0_65-b14-462-11M4609)
./System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/bin/java

[...]

The only one that is clean and current, is the one I installed:

# "./Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java" -version
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)

Of course, you don’t use it anywhere, no apps are referring to it, and instead you refer to the other versions which crash, break or fail to correctly launch any applications that use these Java interpreters.

Please, don’t tout your OS as being the “greatest work ever”, while providing a slow, buggy, de-evolved experience from the previous versions.

Fix it, or allow us to roll back to the previous version of the OS, which did work.

UPDATE: After much testing, I determined that the short-term “solution” was to rm the symlink to ‘java’ in ‘/usr/bin/’ and point it to the version of Java I installed from Oracle, as follows:

$ sudo ls -l /usr/bin/java
lrwxr-xr-x  1 root  wheel  74 Oct 27 15:55 /usr/bin/java -> /System/Library/Frameworks/JavaVM.framework/Versions/Current/Commands/java
$ sudo rm /usr/bin/java
$ sudo ln -s /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin/java /usr/bin/java

After doing this, my Java-based OS X apps started working as expected. This is not a fix, it’s a temporary hack and workaround, but it gets me back up and running on apps that were crashing and failing before.

Apple, please fix this.

HOWTO: Configure XChat Azure on OS X to connect to Freenode using SASL + Tor

Tags: , , , , ,

With all the recent news about the NSA, Prism Surveillance Program and the US Federal Government actively spying on its citizens without cause, I decided to update the detailed HOWTO I posted in early 2011 describing how to connect to Freenode using Xchat (on Linux/FreeBSD) using SASL + Tor. The process is relatively simple, but there is a simplified version now, and it works seamlessly with XChat Azure on OS X, as well as Linux, without having to compile any plugins using GCC.

A win, win, all around! Let’s get started! (click the images below to zoom to full size)

Installing Tor on Your OS X Machine
Configuring Browsers to use Tor (to validate Tor functionality)
Configuring XChat Azure to Speak Through the Tor Proxy
Adding a Freenode Tor Network Server to XChat Azure
Installing the SASL Perl Script to Manage SASL Connections
Connecting to Freenode using SASL + Tor

 

Installing Tor on Your OS X Machine

To get Tor running on your OS X machine, you’ll need to install it. There are several ways to do this, but the easiest is to use the TorBrowser Bundle, package for OS X.

It’s straightforward to install that, just download and install it as you would any other OS X software. Once you’ve got it installed, you’ll see the main Control Panel, shown here:

Vidalia Main Control Panel

If you see the green “onion” icon in your Finder menubar at the top of your screen, you’re up and running and connected to the Tor network. You can check this further by looking at the “Bandwidth Graph” to see if bytes are actually flowing across your connection.

 

Configuring Browsers to use Tor (to validate Tor functionality)

Now you’ve got Tor running, you’ll need to verify that it actually works and that you can send and receive traffic over it.

Open your browser of choice (I use Firefox but any browser will work) and find the configuration option in your browser’s Preferences pane for setting a “Proxy Server”. You’ll want to point it to a proxy server address of 127.0.0.1, port 9150, as shown below.

The reason this isn’t the “standard” Tor port of 9050, is because the Tor Browser Bundle project wanted to ensure that they didn’t collide with a system-installed version of Tor, so they went with 9150 instead.

Firefox Vidalia Proxy Configuration

Once you’ve got that configured, point your browser to the Tor Check Site. You should see output that looks like this:

Tor Browser Check Results

If you’ve gotten this far, you’re almost there! If you see an error message or cannot connect to the Proxy, make sure Tor Browser is running, that it’s showing ‘green’ in your menubar, and that you’re using port 9150, not 9050 in your Proxy port configuration.

 

Configuring XChat Azure to Speak Through the Tor Proxy

Now let’s configure XChat Azure. Open up your XChat Preferences (Command-,) and go to the “Network setup” page. Here is where you’ll configure similar parameters we just used for Firefox above to permit XChat Azure to communicate across Tor.

Configure it to look like the following values:

XChat Azure Vidalia Proxy Configuration

Now ALL of your networks will attempt to use Tor, which may not be what you want. We’ll go over that in a moment, so you can exclude (“bypass”) the proxy for public networks.

 

Adding a Freenode Tor Network Server to XChat Azure

To add a new Network in XChat Azure, you’ll want to go to “File => Network List”, or use Command-S. You’ll see a default network list here.

Click the [+] sign in the lower-left corner to add a new network. You’ll name this “Freenode_Tor” or something similar. Don’t put spaces in the name, this is important.

When you add this network, you’ll want to click on “Show Details” and configure it to look similar to the following two screenshots.

The first tab, you’ll want to double-click the server name line and add a server with the name:

p4fsi4ockecnea7l.onion

And the port:

6697

Make sure you also check the “SSL” box there. This is the SSL port for Freenode servers.

XChat Azure Freenode Onion Tor Configuration

On the second tab, you’ll want to check the two boxes shown. If you want to reject invalid SSL certs (not a bad idea), uncheck that second box.

XChat Azure Freenode SSL Configuration

You’ll also see a checkbox that says “Bypass proxy server”. You’ll want to check that box for all other non-Tor networks, but not this one. We actually want to use the proxy server here, so leave it unchecked.

 

Installing the SASL Perl Script to Manage SASL Connections

Next, we need to install a small script that will be used to manage our SASL connections under XChat Azure. You can find several of those on the Freenode SASL page. I haven’t tested any of the scripts there except the Perl script, so we’re going to use that one for this HOWTO.

Download that Perl script using whatever tool you use, and put it into your $USER/.xchat2/ directory using iTerm or Finder.

Now when you start up XChat Azure, you should see something like this at the top:

[07:58]   Perl interface loaded
[07:58]   Python interface loaded
[07:58]   SASL: auth loaded from /Users/setuid/Library/Containers/org.3rddev.xchatazure/Data/Library/Application Support/XChat Azure/sasl.auth

We need to make sure we set some auth values while this script is loaded. To do that, you’ll run the following command inside the XChat Azure text box:

/sasl set Freenode_Tor <username> <password> PLAIN
/sasl save

So if your Freenode username was ‘foobar’ with a Freenode NickServ password of ‘MyS3cretPas5word’, you’d type:

/sasl set Freenode_Tor foobar MyS3cretPas5word PLAIN
/sasl save

Now your SASL authentication is saved, and you’re ready to connect!

 

Connecting to Freenode using SASL + Tor

Using Command-S (or File => Network List from the app menus), highlight your “Freenode_Tor” network and click the “Connect” button. It will take a few moments, but you should see something that looks like the following:

XChat Azure Freenode Successful Connection
If you see that, you’re all set! Now you can join any channels you wish and be sure that your IRC communications are being anonymized behind the Tor network.

Note: Sometimes you’ll see an error that looks like the one below, when you randomly reach a Freenode server with a wildcard SSL cert.

XChat Azure Freenode Wildcard SSL Cert Error

If you run into this, just close XChat down and restart, or attempt to reconnect to the “Freenode_Tor” network again until you get a proper server in the randomized list.

That’s it, good luck!

Bad Behavior has blocked 545 access attempts in the last 7 days.