Using FontExplorer X With Networked Home Directories

FontExplorer X has some really funky behavior when it comes to users with networked home directories. Normally, the application files for FontExplorer are stored in ~/Library/Application Support/Linotype/FontExplorer X/. Everything works fine and dandy…until a user with a networked home directory tries to open in.

When a user with a networked home folder tries to open the FontExplorer X, the file ~/Library/Application Support/Linotype/FontExplorer X/FontDatabase.db is made into an alias. Note that this is a rather important file. It appears to store the references to all of your fonts (not the fonts themselves, just the references). The alias points to a newly created FontDatabase.db file in /Users/Shared/Linotype/FontExplorer X/_/, where is the username of the current user and is the user id of the current user.

The end result of this behavior, is that FontExplorer behaves as if it’s the first time FontExplorer X has been opened, every time someone uses it. Of course, in a lab type environment this behavior is completely unacceptable.

Below are login/logout scripts that I wrote to circumvent this behavior. You can download the scripts and a readme.txt file here:

Update: I should point out here that this particular script has only been tested on OS X 10.4 (Tiger). It will work on 10.3, but the way that you set up the login hook is slightly different than what I describe below. I’m also using FEX 1.2.2 for this script and it should be noted that the way FEX stores it’s database changed slightly in this version. Previous versions of FEX should work with this script using only a small tweaking. As I have not gotten my hands on a Leopard yet, I have no idea if this will work with them. (added 11/8/2007)

Update #2: This script is still working like a charm using OS X 10.5.4 and FEX 1.2.3. (added 8/12/2008)

Update #3: This script still works using OS X 10.6 and FEX 1.2.3. (added 2/7/2011)

The Setup

  1. Start by setting up FEX on a test computer. Set all the preferences as you want them and make sure the fonts are imported into appropriate sets.
  2. Font Library: Make a copy of your entire font library and note the location it’s stored in. I use /Users/Shared/Font Explorer X/ so that everybody has access to it.
  3. FEX plist: make a copy of the FEX plist file located in /Users//Library/Preferences/com.linotype.FontExploereX.plist
  4. Application Support Files: Make a copy of the Linotype application support folder located in /Users//Library/Application Support/
  5. A copy of each of these must reside on the client computer (the one your running the login script on).

* Make sure that the entire font library is in the same location on the client computer as it was in the test machine (/Users/Shared/ in my case). * Copy the FEX plist and Linotype folder to a privileged location on the client computer. It doesn’t matter where they are, we just don’t want normal users to be able to modify them. I use an admin’s document folder.’ 6. Change the $backupprefs and $backupdb variables in login.sh to the correct locations. They should be lines 11 and 14.

Installation

  1. Copy login.sh and logout.shto client computers. Make sure that you limit access to the files. They will be run as root, so these permissions will work:
     sudo chown root:admin <pathToFile>/login.sh <pathToFile>/logout.sh sudo chmod 750 <pathToFile>/login.sh <pathToFile>/logout.sh 
  2. Add the login and logout hooks. Run these two commands in the terminal of the client computer:
     sudo defaults write com.apple.loginwindow LoginHook <pathToFile>/login.sh sudo defaults write com.apple.loginwindow LogoutHook <pathToFile>/logout.sh 
    Note: This works on 10.4. The syntax for 10.3 might be slightly different
  3. To test to make sure the hooks got set up correctly, run this command and ensure that the directories are correct:
    sudo defaults read com.apple.loginwindow

Adding to Existing Login and Logout Hooks

If you already have login and logout scripts running, simply append the contents of these scripts to your existing ones. Everything should still work fine.

Login.sh

 #!/bin/sh ### Modify these ### # change to location where you put FEX plist file backupprefs="/Users/admin/Documents/com.linotype.FontExplorerX.plist" # change to location where you put Linotype file backupdb="/Users/admin/Documents/Linotype" ### Start of Script ### # Get the shortname of user who just logged in username=$1 # create hidden file containing username for the logout script echo $username > /Users/.username # get the user id of user who just logged in userid=`su - $username -c "/usr/bin/id -u"` # set a variable for the FontExplorer folder in the format of _ userfolder=${username}_${userid} # get the path to the networked home directory of user userhome=`su - $username -c "/usr/bin/id -P | cut -f9 -d:"` # Make the prefs directory in /Users/Shared/ for networked users mkdir -p "/Users/Shared/Linotype/FontExplorer X/$userfolder/" # On the rare occassion that the logout script fails to copy the FontDatabase.db file back to user's folder, # this will copy in a default backup copy of the FontDatabase.db file if [ ! -e "$userhome/Library/Application Support/Linotype/FontExplorer X/FontDatabase.db" ]; then cp -R $backupdb "$userhome/Library/Application Support/" chown -R $username:$username "$userhome/Library/Application Support/Linotype/" fi # Copy the real FontDatabase.db file from user's home to the /Users/Shared location cp "$userhome/Library/Application Support/Linotype/FontExplorer X/FontDatabase.db" "/Users/Shared/Linotype/FontExplorer X/$userfolder/" # Set the ownership and permissions on the /Users/Shared/Linotype/ directory chown -R $username:$username /Users/Shared/Linotype/ chmod -R 700 /Users/Shared/Linotype/ # Copy correct user preferences (users can't break them) # Don't need to do this step, but helpful in making sure correct prefs are always set cp $backupprefs "$userhome/Library/Preferences/com.linotype.FontExplorerX.plist" chown $username:$username "$userhome/Library/Preferences/com.linotype.FontExplorerX.plist" chmod 700 "$userhome/Library/Preferences/com.linotype.FontExplorerX.plist" 

Logout

 #!/bin/sh # Get username of current user username=`cat /Users/.username` ### Start of Script ### # get the user id of current user userid=`su - $username -c "/usr/bin/id -u"` # set a variable for the FontExplorer folder in the format of _ userfolder=${username}_${userid} # get the path to the networked home directory of user userhome=`su - $username -c "/usr/bin/id -P | cut -f9 -d:"` # Remove the sym link version of FontDatabase.db in user's home rm "$userhome/Library/Application Support/Linotype/FontExplorer X/FontDatabase.db" # Copy version of FontDatabase.db from /Users/Shared/ back to user's home cp "/Users/Shared/Linotype/FontExplorer X/$userfolder/FontDatabase.db" "$userhome/Library/Application Support/Linotype/FontExplorer X/FontDatabase.db" # Make sure ownership is correct chown -R $username:$username "$userhome/Library/Application Support/Linotype/" # Remove all of the user's Linotype directories from the /Users/Shared/ directory rm -R /Users/Shared/Linotype 

Cheers.

Theft Detection for Mac Laptops

Are you ever scared that your fancy MacBook might get stolen? I am. I don’t actually own mine, so at least I wouldn’t have to front the cost of a new one if it got stolen. The worst part is really the data loss though.

There is a new theft detection software called Undercover which actually looks very nice. Basically you install it on your system and forget about. It does it’s own thing in the background and won’t bother you. If your laptop ever gets stolen, you file a report with Undercover online to declare that it has been stolen. The next time a user goes online using your laptop, Undercover will track the network information, take screenshots and even use the built-in iSight to take pictures of the thief.

If your Mac has a built-in or external iSight, Undercover will transmit pictures of the thief and his surroundings every 6 minutes, making it even easier to identify the current user. It’s like having a private detective working for you.

Undercover will then work with law enforcement agencies and ISPs to recover the laptop.

If the first method is unsuccessful, Undercover will basically render the laptop unusable, with a full-screen message reporting that the laptop has been stolen.

One of the first things that I wondered about was how a theif would log into your account (provided you’ve actaully enabled a firmware password and turned off auto-login). Their answer to this was actually quite surprising:

What if the thief can’t login into an account? Will Undercover still phone home?
Even when no one is logged in, Undercover will still phone home because it’s a root process that’s always active. However, we do recommend to create a dummy account that will enable the thief to play around on your Mac. This account should have a blank password and no admin privileges.

I’d really like to try this software out. It sounds really cool and I’m curious to know how well it actually works. Unfortunately…I think you’d actually have to get your laptop stolen to find that out.

Managing fonts with FontExplorer X

Somehow I completely missed this article when it came out. It has lots of good general tips about OS X font management and Font Explorer X.

Office 2008 Will Follow Some Mac Standards

Honestly, this is probably one of the first really good things that I’ve heard about Office 2008 for Macs. The MacBU team has just announced on Mac Mojo that the Office update will now come in a package file and use Apple’s Installer.

I am happy to announce that Office 2008 for Mac will use the Apple-recommended Apple Installer technology for Office 2008 installation. This means that the data that Office installs will ship on the disc in .pkg format, installs will work well with Apple Remote Desktop (ARD) and will be Applescript-able. Once installed, the user has the freedom to move the Office folder to a different location on the system and Office will run from there. I hope that this will make Office for Mac configuration/deployment easier for IT admins.

You can read more about installers and Apple’s recommendations for them on Apple Developer Connection . Being able to easily deploy Office through ARD is great news for IT people.

My favorite piece of news though is about fonts (emphasis added):

In addition to the change to the Apple Installer, we’ve provided IT admins greater ability to customize their deployment with optional font installations.

The current practice for Office on Macs is to automatically copy a gazillion Microsoft True Type fonts into a user’s font directory the first time they open an Office application. This behavior is truly obnoxious, especially if you already have a ton of fonts that you are trying to manage. It’s also wrong. If those fonts are actually needed for everybody for that application, they should really be put into /Library/Fonts/ at the time of the installation.

I don’t have a lot of good things to say about Microsoft these days, but I am at least happy that their Mac team is taking steps to create a better “Mac Application.”

Via Daring Fireball.

What is Interference Robustness?

There is a really helpful article over on Macinstruct about the weird feature in Airport called “interference robustness.” I’ve always wondered what that did, and more importantly, if it does something good, why is it off by default?

The answers are here:

Using Interference Robustness will essentially slow down your wireless connection. As discussed above, if you’re looking for speed, you send a high frequency of large packets. If you’re looking to battle interference you send smaller packets at a lower frequency. So your connection will be slow but strong.

Another important thing that this article notes is that “Use Interference Robustness” only applies to Apple’s AirPort networks:

It’s also important to understand that if you run a Mac and use a Linksys, Netgear, Belkin or one of the many other options one has, checking the “Use Interference Robustness” option will not work. Interference Robustness is specific to Macs connected to Apple’s AirPort Express and Airport Extreme.



appointive
appointive
appointive
appointive