Waterroof is incredulous
I've been using WaterRoof, a frontend for ipfw on OS X. It's only a bit clunky and works well. What is particularly endearing, however, is its response when you have configured your rules and you tell WaterRoof that you want your computer to load them at startup:

Moving Swap on OS X 10.5 Leopard
By default, OS X 10.5 stores its swapfiles in /private/var/vm:
$ ls -lh /private/var/vm
total 131072
-rw------T 1 root wheel 64M May 28 10:32 swapfile0Recently I've been having some fun with a Mac Pro that has 32GB (sic) of RAM. The machine is being used for some bioinformatics work which involves huge chunks of memory. Naturally we ran out of memory and started swapping, but we wanted to swap faster.
I created a RAID 0 (OS X calles it a striped set) using 32GB partitions across four disks for a 128GB RAID volume. Creatively, I called this volume swapraid0. I chose that size because Leopard can have a maximum of 64 2GB swap files (at least that's what Yves wrote). The first few swap files are smaller (Leopard creates 64MB, 128MB, ... 1GB files) so 128GB should be plenty.
I made this RAID 0 volume the first volume (and put the OS on the second volume) because some people reported trouble if swap was not on the first volume.
Then I copied the existing paging directory to the new volume:
$ sudo cp -Rp /private/var/vm /Volumes/swapraid0/.vmI used a dot in the name so it wouldn't show up in the Finder. -R is recursive and -p means "preserve permissions".
If you simply edit /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist to point to your swap on the new volume, you run the risk of the volume not being mounted in time during startup. So I put the following at /sbin/dynamic_pager_init:
#!/bin/bash
#launch Apple's dynamic_pager only when the swap volume is mounted
#see http://forums.macosxhints.com/showpost.php?p=452409&postcount=14
if [ "x`df -H | grep /Volumes/swapraid0`" = "x" ]; then
echo "Waiting for swap volume to mount";
else
echo "Launching dynamic pager on volume swapraid0";
/sbin/dynamic_pager -F /Volumes/swapraid0/.vm/swapfile;
fiChanged permissions on /sbin/dynamic_pager_init to make it executable:
sudo chmod ugo+x-w /sbin/dynamic_pager_init
sudo chown root:wheel /sbin/dynamic_pager_initDouble-checked:
$ ls -l /sbin/dynamic_pager_init
-r-xr-xr-x 1 root wheel 388 Jun 1 20:41 /sbin/dynamic_pager_initNext, I made a backup of the plist that launches the dynamic pager:
$ sudo cp -p /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist /Users/jvandyk/com.apple.dynamic_pager.plistThen I edited the plist so that it would run the script at /sbin/dynamic_pager_init:
$ sudo nano -w /System/Library/LaunchDaemons/com.apple.dynamic_pager.plistThe result:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.dynamic_pager</string>
<key>ProgramArguments</key>
<array>
<string>/sbin/dynamic_pager_init</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>After rebooting, I ensured that the pager had actually launched:
$ ps aux | grep swap
root 161 0.0 0.0 610348 3504 ?? S 10:00AM 0:00.01 /sbin/dynamic_pager -F /Volumes/swapraid0/.vm/swapfileWarnings/Caveats
1. You'd have to be nuts to do this. The existing pager settings work fine.
2. I am not responsible if you blow up your machine.
3. When I made a typo while I was experimenting, I found out what happens when the pager isn't actually running and you use all the memory. Ugly.
4. Certainly there are ways to improve this.
Sources
Pretty much all of this approach was taken from the posts by E James, whom I thank.
Also, read the dynamic pager man page:
$ man dynamic_pagerOS X: To Protect and Serve
Over the weekend an importer force attacked my Mac. Fortunately, even though the box was unattended at the time, Mac OS X retaliated, eliminating all traces of this hostile force.

I couldn't find much on the web about the "Importer force killed!" message other than Simone Manganelli's helpful tweet.
ImageMagick, MacPorts and MAMP
After installing ImageMagick from MacPorts, I ran into the following error in my MAMP Apache error log when trying to run PHP code that resized images:
Symbol not found: __cg_jpeg_resync_to_restart
To solve this, edit /Applications/MAMP/Library/bin/envvars to read:
DYLD_LIBRARY_PATH="/Applications/MAMP/Library/lib:$DYLD_LIBRARY_PATH"
export DYLD_FALLBACK_LIBRARY_PATH=/Applications/MAMP/Library/lib
Cannot install OS X Server Admin software on Leopard
I'd like to install Apple's Server Administration Tools for OS X 10.4 Tiger Server. But I'm running Leopard. The installer stops with the following helpful message: "You are not allowed to install the software on this disk for an unknown reason."

Apparently if you just copy the apps from a computer running Tiger to one running Leopard, it works fine.
Subversion server on OS X 10.5
Sonzea: Installing a Subversion server on Leopard.
Time Machine cannot do a full restore
I've been using Time Machine in OS X 10.5 Leopard on my Mac Pro to do nifty backups. It has come in handy a couple of times now, when I've been chasing problems down a rat hole (like, "why does ImageMagick work from the command line but not from an exec() call in PHP?") and I just want to give up and revert back to a previous state. Very nice.
Yesterday I got a new drive (WD2500YS) that has a nice 16MB cache on it, and I thought I'd swap in that drive as my boot drive. Normally I'd use SuperDuper! for this but it's not yet fully Leopard-compatible. So I thought, now's the time to do a full restore using Time Machine and see how it goes.
I booted from the Leopard DVD and selected Restore from Time Machine Backup. I was a bit nervous because the "time of last backup" shown by Time Machine was two hours earlier than it should have been, but this turned out to be a time zone issue; all my files were restored, including the ones saved just before I shut the machine down.
It took a while (over an hour) and booted up fine. As I've learned from my attempted Tiger-to-Leopard upgrades (do a clean install!) things are not always running smoothly under the hood. Sure enough, the console greeted me with
11/21/07 8:36:41 AM com.apple.launchd[1] (org.postfix.master) Failed to count the number of files in "/var/spool/postfix/maildrop": No such file or directory
Upon further examination, /var/spool is...empty! Taking a look at my previous drive, there are over 100 entries (some noted here). Why is this? Devin Lane has a nice post listing the exclusions Time Machine makes. Wait, I thought, maybe they are created on demand?
bash-3.2# mail foo@example.com
Subject: Hi
This is a test.
EOT
bash-3.2# postdrop: warning: mail_queue_enter: create file maildrop/229433.449: No such file or directory
postdrop: warning: mail_queue_enter: create file maildrop/230063.449: No such file or directory
postdrop: warning: mail_queue_enter: create file maildrop/230821.449: No such file or directory
Nope.
Conclusion: Time Machine is fine for protecting the mainstream data in your home directory, but is currently not capable of doing a full restore of a boot drive.
Installing Drupal on Mac OS X 10.5 Leopard
I thought I'd write up the steps I took to get Drupal running on a stock Leopard installation. You may wish to save some time and install MAMP instead. Especially if you need GD support (i.e., you're going to have Drupal do image resizing). Update 17-Dec-2007: In fact, I recommend using MAMP instead.
Step 1: Enable PHP
Uncomment line 114 in /etc/apache2/httpd.conf to enable Leopard's built-in PHP:
LoadModule php5_module libexec/apache2/libphp5.so
Start Apache 2 by using the Sharing panel in Preferences or at the command line with the following:
sudo apachectl start
(If Apache was already running, use restart instead of start.)
Place a test document into the default htdocs root to see if php is running. I created /Library/WebServer/Documents/phpinfo.php with the following content:
<?php phpinfo(); ?>
Now going to http://localhost/phpinfo.php shows me the info page for PHP 5.2.4. Yay!
Step 2: Friendly Virtual Hosts in Apache
I don't like keeping my websites in /Library/WebServer/Documents. It's a cumbersome place; I'd much rather keep them in /Users/john/Sites. That's right in my home directory and when I copy or sync my home directory I get the sites I'm working on, too. But using Leopard's built-in URL support for my home directory is verbose, too:
http://localhost/~john/sitename
I'd much rather use a nice short URL like http://dev/sitename. So first I assigned the name dev to my computer by adding a line to /etc/hosts:
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 dev
127.0.0.1 localhost
255.255.255.255 broadcasthost
...Since Leopard caches DNS queries, we force it to reread /etc/hosts by using dscacheutil which replaces the lookupd utility that was in OS X 10.4.
dscacheutil -flushcache
I changed /etc/apache2/users/john.conf from
<Directory "/Users/john/Sites/">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>to
<Directory "/Users/john/Sites/">
Options Indexes MultiViews FollowSymLinks
# Allow .htaccess files to override httpd.conf.
AllowOverride All
# No access allowed.
Order deny,allow
Deny from all
# Except from this machine.
Allow from 127.0.0.1
</Directory>
# Enable virtual hosts.
NameVirtualHost *:80
# Point virtual host to our directory.
<Virtualhost *:80>
DocumentRoot /Users/john/Sites
Servername dev
</Virtualhost>You can test that everything works and you didn't make any typos by using
sudo apachectl configtest
which should tell you that the syntax of your Apache configuration files is OK (it will point you to the line containing the error otherwise). If all is OK, restart Apache to effect the changes:
sudo apachectl restart
Now you should be able to go to http://dev/ in your browser, and the file at /Users/john/Sites/index.html should be displayed.
Installing MySQL
There was no friendly installer for OS X 10.5 so I used the OS X package for 10.4. It ran fine.
It was unclear from my web searches whether the startup item for MySQL is working on Leopard. So I created the following file at /Library/LaunchDaemons/com.mysql.mysqld.plist to autostart MySQL (thanks Joannou Ng):
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>KeepAlive</key> <true/> <key>Label</key> <string>com.mysql.mysqld</string> <key>Program</key> <string>/usr/local/mysql/bin/mysqld_safe</string> <key>RunAtLoad</key> <true/> </dict> </plist>
Before I restarted, I wanted to make sure that mysql would be in my PATH environment variable when I restart. So I created a file at /etc/paths.d/mysql containing
/usr/local/mysql/binFor more information on this, type man path_helper.
Then I restarted to make sure that MySQL would launch. Yes, it's running:
ps -ax | grep my
40 ?? 0:00.01 /bin/sh /usr/local/mysql/bin/mysqld_safe
88 ?? 0:00.11 /usr/local/mysql/bin/mysqld --basedir=/usr/local/mysql --datadir=/usr/local/mysql/data --user=mysql --pid-file=/usr/local/mysql/data/localhost.pidNow to set it up securely.
mysql_secure_installation
This allows you to set a root password, disallow remote root logins, and generally tighten up MySQL security.
It's nice to be able to tweak MySQL parameters, so I created a my.cnf file:
sudo cp /usr/local/mysql/support-files/my-large.cnf /etc/my.cnf
The only thing I tweaked in the my.cnf file was to add one line under the [mysqld] heading to prevent MySQL from listening on port 3306 (I don't like unnecessary open ports):
skip-networking
Now I can create a database for Drupal to use:
mysql -uroot -p
mysql> CREATE DATABASE drupaldb;
Query OK, 1 row affected (0.00 sec)One more thing. PHP and MySQL are confused about which socket to use (/tmp/mysql.sock vs. /var/mysql/mysql.sock). So let's provide a symlink so they can use either one:
sudo mkdir /var/mysql
sudo ln -s /tmp/mysql.sock /var/mysql/mysql.sockInstalling Drupal
Pull down a copy of Drupal 5 from the CVS repository:
cd ~/Sites
cvs -z9 -d:pserver:anonymous:anonymous@cvs.drupal.org:/cvs/drupal checkout -r DRUPAL-5 drupalChange permissions on the settings file so the installer can modify it:
chmod o+w drupal/sites/default/settings.php
Run the Drupal installer by going to http://dev/drupal.
Remove the permissions from the settings file:
chmod o-w drupal/sites/default/settings.php
And create Drupal's files directory:
mkdir /Users/john/Sites/drupal/files
sudo chown www /Users/john/Sites/drupal/filesRejoicing
Now I've got an easy setup where I can create my Drupal sites under /Users/john/Sites and refer to them with short names like http://dev/foo. MySQL is running nicely. Public access to my dev sites is disabled by Apache. Life is good.
Leopard and SoftRAID
If you use a RAID 0 array created by SoftRAID 3.6.4 as the boot drive on your Intel Mac and you feel the urge to install Leopard on it, don't. Just be patient until SoftRAID 3.6.6 comes out. Also, get your head examined. You should not be running striped RAID as your boot drive! *grin*
Leopard firewall
OS X Server 10.4 has an excellent firewall. It has a nice UI, lets you rearrange firewall rules by dragging and dropping, and is basically a sweet interface to ipfw. I haven't checked if they've made any changes or improvements on OS X Server 10.5.
What I can tell you is that it is a crying shame that Apple didn't take that nice firewall interface and put it into OS X 10.5. I understand their motivation (make it easy for Aunt Betty to feel secure) but I want more control. More at Securosis.com and Leopard firewall takes one step forward, three steps back. Alternatives are WaterRoof and DoorStop.


