Tiger Lab Migration Part 9: More Problems and Solutions

Well, when last we visited this issue, we were having problems saving, among other things, Final Cut Pro files. After working long and hard with the Panasas folks, I was confident I'd found a solution. And I had, but the solution has created new problems. I want to kill Apple for Tiger.

To refresh, the original problem was that Final Cut was trying to write files across filesystems, and the OS was choking on this operation. This was happening because our RAID exports its /home volume -- and this is what we mount -- but each user account is also an individual volume. FCP writes to the /home level, and then has to cross filesystems to save the file to the user's home account, itself a seperate volume. Our solution was, rather than mounting all of /home, to mount each user's home account individually. This required a whole bunch of scripting and launchd voodoo to really work the way we wanted, particularly with regards to adding new users. But we got it working, and it fixed the Final Cut problem. I implemented it, tested it, and emailed the community about the fix.

Unfortunately, I recently discovered that using this method causes some new, less ugly, but certainly annoying problems: the sidebar home account link no longer works, causing untold confusion among users who suddenly think their home account no longer exists (as per the alert message that appears when clicking this link); but most alarming, users can no longer open documents from their home accounts. Not only can users not open docs, but root via cron fails to open documents. This is a big problem, as our "Scratch" partition gets deleted every Friday, and the users rely on an alert message to warn them of the oncoming doom. This message no longer launches, and that's a real bummer.

So I was in the middle of drafting an email to the community informing them of the latest bugs and workarounds, when I was struck with extreme embarrassment and shame. How can I continue to expect users to work around these bugs when each week brings a new set? Sure, it's not my fault that Tiger is broken. It's not my fault that the Panasas is set up the way it is. But it is my responsibility to create a user environment that works seamlessly and properly for the user. So I resolved to do everything in my power to implement a solution. I stayed at work on Friday night until 2:30 AM, learning much, but left with no solution in hand.

What I learned on Friday, essentially, is that automount in Tiger is totally fucked. I already knew that NFS in Tiger was fucked in that it can't cross filesystems. But it turns out there have been some major changes to the way automount is handled in the GUI, and thus, for all intents and purposes -- or at least for our intents and purposes -- it is indeed fucked. Hard. The inability to follow sidebar references is a direct result of automount's new Finder behavior: automount mounts in the Finder are now invisible! Unless the path is explicitly called, the user accounts, mounted as they are, are quite invisible, both to the user, and apparently to the Finder's sidebar. I also discovered that the Finder's inability to launch files from the user's home account has something to do with automount, or at least how automount is implemented in the GUI. This behavior only exhibits itself from these invisible NFS mounts; it goes away if we mount the user's home account in /home, as we used to do. And it goes away if we use a different command to mount user homes.

Enter mount_nfs.

The mount_nfs command is used to directly and statically mount NFS exports, and it has its own set of peculiarities. First and foremost, mount_nfs grafts mounts to existing folders, which means that mount_nfs requires a folder named for the user who wants to log in. Secondly, and equally important in our scenario, mount_nfs magically mounts the export in the Finder. Or, rather, shows the mount in the Finder (and this has actually, probably more to do with how the Finder translates mounts requested by nfs_mount). Lastly, since the mounts are static, they remain mounted and appear in the Finder until they are explicitly unmounted. Mounting via mount_nfs is equivalent to mounting nfs exports in the Finder with command-k. It also seems to work, you may notice, completely opposite to automount.

To do what we've been doing -- which is to automount home accounts at boot -- using mount_nfs instead would require us to mount every home account at boot on every machine, and those 200+ mounts would be present in the Finder at all times. This simply would not work. So, mount_nfs at boot: not good. You thinking what I'm thinking?

Enter loginhooks.

To use mount_nfs at boot would be disastrous. What we need in this case is something that will dynamically mount and unmount users' home accounts at login and logout respectively. And that's just what loginhooks and logouthooks do, respectively. Getting loginhooks to work in Tiger was again an exercise in frustration, but this time it was due to my own poor understanding of the technology. There is a great reference on login hooks at Mike Bombich's site, and a decent one at Apple's Knowledge Base as well. Between these two resources, I was finally able to cobble together a solution over the weekend which I think will work.

Briefly, there are three things you need to do to implement loginhooks, and some info you need to know.

The info first:
1) Scripts called by loginhooks run as root (good)
2) They run before login to the GUI takes place, and after authentication (also good)
3) The user requesting login can be represented in your script by the variable $1 (excellent!)

What to do:
1) Write a script to be executed at login, make it executable, put it somewhere accessible
2) Run this command:
sudo defaults write com.apple.loginwindow LoginHook /path/to/loginScript
3) Test the script! This is imperative! You can test it as any user you want by running it thusly:
sudo /path/to/script User

For "User," specify a user who would actually log in, and who is available to the system. "User" here will be interpreted in your script with the $1 variable, just as it will at login. If it works in your test, it should work in practice as a loginhook.

Setting up a logouthook works the same way, except you run the command:
sudo defaults write com.apple.loginwindow LogoutHook /path/to/logoutScript

And, BTW, to ch eck that the loginhook (or logouthook, or both) has been successfully added, you should see your script(s) listed, when running this command:
sudo defaults read com.apple.loginwindow

Finally, to disable, login(logout)hooks run:
sudo defaults delete com.apple.loginwindow LoginHook
and:
sudo defaults write com.apple.loginwindow LogoutHook

So, what I have now are two scripts. The login one creates a folder in /home named for the user who's logging in, and then uses mount_nfs to requset the user's home account from the server and mount it in this folder. The logout one forcibly unmounts the user's home account. And that is all.

I've only tested this at home, but it seems to work brilliantly here, and is fast even over a wireless connection. I will be trying it at work on Monday morning and will post back with my results, success or failure.

Wish me luck.

UPDATE 1:
So far, so good. There were some snags, though. I came in a little early this morning (in hopes of starting before the lab became overrun with students) to implement and test my loginhook plan, only to find the home account server had crashed. So, I had to spend the first hour restarting and troubleshooting the Panasas. By the time I'd finished, the lab was filling up. So I had to do everything piecemeal, and it took a bit longer then I'd hoped. That was snag one.

The next snag was that, after one user logged in, the next user would be locked out of his/her home account. This turned out to be a simple matter of setting permissions (on the /home directory) via the loginhook in a manner in which this did not happen.

There are some advantages and disadvantages to this new mounting method. The greatest benefit is that any changes to the mount method are done via very simple shell scripts, and changes don't require a reboot to take effect. Just change the script and you're done. Another big plus it that, if the home account server goes down, the machines aren't really affected to the extent they once were. If no one's logged in, there's no server access happening, so the machines are fine. Only if someone's logged in is it a problem, but then, that's always a problem. It occurs to me, though, that I may want to add a -hard option to my mount script sometime soon. Another advantage is the fact that, since only individual user accounts are mounted, and not the entire home account server, a command like sudo rm -rf /home can't wipe out the entire server as it could before. The final advantage is that reboots are now much faster, since nothing happens at boot time.

The disadvantages are twofold, and solvable but minor: First, since the entire home account server is never mounted now, users no longer have easy access to each other's home accounts. To access another user's home account, they now must connect to the home account server via the Finder's "Connect to Server..." command (or command-k). Secondly, any user who wants to ssh to one of the other Macs, say, from a laptop, will not have access to his home account since the mount only occurs when logging in to the GUI. These issues are minor, and can be solved by simply mounting the home account server somewhere other than /home, but I think we'll try and live without it for now, as I kind of like not having the whole RAID mounted.

Anyway, no complaints thus far. I'll be convinced this is a go after a week or so without problems. But I'm cautiously optimistic at this point.

UPDATE 2:
Day two, and all's quiet on the Western front, as it were. I'm obsessively monitoring the situation, but it's looking very good at this point. Fingers crossed.

This is Getting Ridiculous

This month Apple has announced an almost completely revised product line, including new software. But still, no Tiger update. Today my Powermac became unable to output sound. On reboot it suffered a kernel panic. I also discovered today, on the heels of the latest wave of product announcements, that my Tiger clients cannot launch documents from our newly set-up NFS home accounts. I am hard-screwed by Tiger, and sick of it. But Apple just keeps cranking out new products. I seriously contemplated downgrading the entire lab to Panther today, but it would be stupid to do so with the hope of a fix in the next update. But where is it?

I'm no longer excited by the new video-enabled iPod. I shall not swoon over dual-core processors. Until Apple fixes their seriously fucked up operating system, I will fail to be impressed with anything they might roll out. They can raise the dead for all I care, I won't be impressed. In fact, I won't even link to their site until this stuff gets fixed, not that anyone cares, but hey, it's a political statement. I guess I feel like if Apple can't even take care of the stuff that's out there, why should we give two shits about the new stuff? Sure it looks pretty; so did Tiger. Question is: Does it work?

Oh yeah, and one other thing: Aperture? $500 bucks? Are you kidding? Lame, lame and lame.

I want my 10.4.3.

UPDATE 1:
AppleInsider has estimated release times for the update for both the first half of September and the first half of October. Dude. October's almost over.

I want my 10.4.3.

UPDATE 2:
Here we go again. I'll believe it when I see it.

I want my 10.4.3.

UPDATE 3:
And again.

I want my 10.4.3.

Latest Tiger Annoyances or: Where is v.10.4.3?

Tiger has caused me no end of headaches. From the home account problems in the lab, to the bugs in the Finder, Spotlight problems, and overall system wonkiness. Here are just a few more little problems I've noticed. And while I can see why 10.4.3 is taking so long, the wait is killing me. And if it doesn't fix a majority of the problems, I'm gonna... I'll just... Well, I'll be bummed, that's what. And more than a little aggravated.

1. Safari window position: This bug is so irritating, I continue to mention it, even though I know it's not likely high on the Apple priority list. If it's not fixed in 10.4.3, I'm switching to Firefox. Hell or high water.
2. Caching problems: Tiger has some serious problems with cache. It gets corrupted a lot, and then you're screwed until you manually delete it.
3. Help crashes: I almost can't open Help without it crashing, particularly if I'm doing a search. Also, sometimes the searches bring up nothing (not "No Results Found," but literally nothing -- no change in the window). Some of this is cache related. Seems almost every time I run Help, I have to empty its cache. Not helpful.
4. Sherlock UI glitches, cache corruption and crashing: That pretty much says it all. Sherlock will, on occasion, refuse to update the UI, showing me, basically, an empty window, and then crashing. Again, clearing the cache is the fix.
5. System sounds just stop working: So do Mail sounds. Don't know why. All I know is, my Inbox is suddenly full and I'm none the wiser. And when I empty the trash there's no crunching sound, which could be a good thing. But still... WTF?

Good God! Sherlock Crashes Again!
(click for larger view)

Every day I get a little more irritated with Tiger. And every day I'm taunted by the rumor sites with intimations that v.10.4.3 is right around the corner. This has been going on for months now. I don't think I've ever waited longer or with more bated breath for an update than I have for this one. The scary thing is that, with all the major bugs that exist in Tiger, it's unlikely that these minor ones will be addressed, and even less likely that improvements to new Tiger-specific technologies like Spotlight will be added in this release. We're waiting quite a long time here for some pretty basic functionality. Can we ever expect to see additions or improvements to Spotlight or Automator? Well, they did it with Dashboard and 10.4.2, so you never know. But if I hold my breath until 10.4.3 gets here, I'll surely be dead for the release.

UPDATE:
Add to the list, Tiger keeps changing my "Font smoothing style:" (under the Appearance Preference Pane) from "Standard - best for CRT" (which I prefer even on an LCD) to "Automatic - best for main display." Real problems with settings sticking. Don't know why.

A Tiger Bonus: Keyboard Input During Wake From Sleep

I've discovered something I can really appreciate in Tiger. Finally. It's subtle, but wonderful.

In Panther and earlier, if your computer was asleep, after waking it up you'd have to wait maybe 5-10 seconds before the computer would accept any input from the keyboard. Typically this manifested itself like this: Wake computer; watch the login window until the mouse cursor pops up; finally, after the seemingly endless 5-10 second wait, enter login info and go. Was this ever a big complaint for me? No. Was it something that ever even bothered me? No. It's really not a big deal at all.

But in Tiger it's better.

Somehow, magically, Tiger will capture and retain keyboard input entered during that 5-10 second period in which the computer wakes from sleep. I was so used to waiting to enter keyboard input, I didn't even notice it at first, but the other day I was feeling very impatient, and began typing my username and password immediately after waking my machine. Nothing appeared to happen, but once the computer was fully awake, all fields were filled in with the information I'd just typed, and I was immediately logged in. How this works, I've no idea. But it works, and it's cool. If you put your computer to sleep like I do, this is a nice little time-saver. Just wake it up and start typing.

Speech Recognition in Tiger

Let's get one thing straight: Tiger is buggy. If you have any doubts about this you might just try playing around with Speech Recognition.

Speech Recognition is by no means new. It's been around since the Classic days, and it hasn't changed much since. I first played with it in grad school, in Mac OS 9. Though it may not be new, and it may not be perfect, it is pretty nifty in concept. Basically, you can control just about anything you want using a microphone and your voice. There are a whole bunch of ready-to-use "Speech Commands" that come built right into the OS. All you do is turn it on (in the "Speech" System Preferences), a little microphone do-hicky pops up, and you can begin commanding your computer to do whatever your heart desires. (Well, almost.*)

Speech Recognition is always a bit frustrating: The computer is slow to recognize commands; it misinterprets all the time; and you have to speak way to slow for it to understand you. Heaven help you if you're eating a burrito while you want to use Speech Control. Star Trek it just ain't. (And, yes, I firmly believe Captain Picard was a big burrito freak.)

Using Speech Recognition in Tiger, though, was plagued with problems far beyond the usual Speech Recognition frustrations. Problems that seemed to be in the OS. Turning Speech Recognition on in the Speech System Preferences pane seemed to work fine. The microphone commander widget popped up, I got a sound level, but upon opening the "Speech Commands" window, I discovered I had no speech commands. Thinking I'd missed something in my OS install, I hunted around for awhile, looking for the speech command files. I eventually determined that I had them, and they were right where they should be, but Speech Recognition just wasn't seeing them. Finally, I went to the Speech pref pane, and looked under the "Commands" tab. Here there is a listing of default speech commands, groups of which which you can check or uncheck per category. Mine were all checked. On a lark, I decided to quit Speech Recognition, uncheck and then recheck all these items. Voila! that did the trick. After restarting Speech Recognition, I finally had speech commands.

Using Speech Recognition for awhile, I was amazed at how much you could do. One cool addition since I first played around with it, is that Speech Recognition can now be used to navigate menus in any application, which means you can control, really, just about anything. Menu control is amazing, but could use some refinement. For instance, there is no obvious way to navigate back through a menu -- to back up through a menu hierarchy. It turns out, the way to do this is to issue the command for the top-level menu item (like "File" or "Edit"). If you're in a nested menu structure, that's how you back out. Not terribly intuitive. But not awful, either, once you figure it out.

At some point, however, Speech Recognition just stopped taking commands. It didn't freeze. It still showed mic input. It just wouldn't listen. I expect this from a five-year-old, but coming from my PowerMac G5, it just pisses me off. The solution was to turn off Speech Recognition, and then turn it back on. But guess what I found after doing this: Yup, no speech commands. I had to go back and repeat the entire process of enabling speech commands, just to get the app working properly again. These are OS bugs if you ask me. I don't think Speech Recognition's changed one bit since Panther, nor have a lot of apps that have had problems, yet Tiger still seems, somehow, to make a mess of them. Add Speech Recognition to the list.

*One last thing: My initial reason for wanting to use Speech Recognition was to control my iSight camera. It should be noted that one thing you can't do with Speech Recognition is control the device that's being used to input commands, i.e., the microphone, or in my case, the iSight. I know... Duh...

Anyway, you might want to give Speech Recognition a try sometime. It's pretty cool, and if nothing else, a fun time-waster. Just be aware, like so many things, it's buggy in Tiger.