Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog Archive Cutedge

by: Bernard Teo

Latest Joy of Tech!

Joy of Tech ... from Geek Culture

Creative Commons License

Copyright © 2003-2012
Bernard Teo
Some Rights Reserved.

Sun 13 Apr 2014

Liya 3.0.2 Released

Category : Technology

A Fresh New Liya. This a bumper bug fix release. Fixed some of the more quirky user-interface oddities, so it’ll work as modelessly (and smoothly) as I can make it. 

This is the first version to get iCloud support for the App Store version. You can share SQLite files in iCloud with the (soon-to-be-released) iPad version of Liya. 

Fixed a bug when working in Mavericks where the smart quotes get in the way of entering custom SQL commands. 

Also, at some point, MySQL stopped allowing the time zone to be included in a timestamp field. Updated Liya to handle this rejection more gracefully. 

Finally, one oft-requested feature - Liya now reports SQL command line errors when users run custom SQL commands (or when Liya has a bug). 


I’ve made so many changes in this version that I could have introduced even more bugs. As usual bug reports are very welcome.

Posted at 6:14PM SGT | permalink

Tue 25 Mar 2014

Signing Mobile Configuration Profiles

Category : Technology

I’ve figured out how to get VPN Enabler to sign the configuration profiles that it produces. 

If the server VPN Enabler is running on has either a valid SSL cert in OS X’s OpenSSL folder, or even a test cert generated by apps like MailServe or WebMon, then VPN Enabler will give the user a choice to generate and sign a mobile configuration profile, as shown below, when he is creating or editing a VPN user account :


The mobileconfig profile that is generated here will contain the user’s VPN password, in Base64 format. It’s not human-readable, preventing casual snooping, but Base64 is not encryption. It is easily decipherable by any knowledgeable techie. I’m still looking for a way to encrypt the profile data, but this version is useful enough to be released. It can be downloaded now.

Posted at 11:50AM SGT | permalink

Fri 21 Mar 2014

VPN Enabler & Mobile Configuration Profiles

Category : Technology

I love how mobile configuration profiles work—how it does all the job of setting up network clients to access Internet services (e.g., mail or VPN servers, etc), without users having to enter all the torrid details manually.

So, in version 1.0.2 of VPN Enabler, I included a “Create Config Profile” button that will light up when you click on a VPN User account name. You can save the resulting .mobileconfig file and send it to the user’s mobile device.


When the user opens that .mobileconfig file, e.g., on a MacBook, he’ll see the dialog box below. Go ahead and install it. You’ll be amazed how easily everything gets set up—the system uses the information in the profile to set up all the fields the user has to, otherwise, enter manually into Network Preferences. All the user needs to do is to give the password for the VPN user, when he’s accessing the VPN Server.


The ability to do that is such a God-send. For one, it eliminates the tons of documentation one has to write to guide a user on how to set up Network Preferences, or create mail user accounts on, etc. Secondly, it also eliminates some significant hours of support calls, because even if you have the patience to write detailed step-by-step guides, there’ll still be users who can’t, won’t or are simply unable to follow any kind of instruction. 

Finally, it streamlines organisational processes—like hiring, outfitting, training, and bringing new hires up to speed quickly. One mobileconfig profile can contain, in one packet, all the data needed to help each user gain authenticated access to all kinds of server resources, without too much handholding overheads.

If you have a server with its own digital certificate, like an SSL certificate, you can go one step further—encrypt the mobileconfig file, so it’s not humanly readable. Then, if encryption is available, you can go yet another step further—include all the passwords, so the user doesn’t even need to enter the password on logging in.

You can mail these mobileconfig files to the users, or let them access a password-protected web page to download, install and configure their iPhones, iPads and MacBooks—all at one go, automatically.

It all works so automagically. It’s not like you can’t do this on PCs, or Android devices, but on the Apple ecosystem, everything fits in so snugly and wonderfully, that when you layer such a capability on top, you can get unprecedented levels of efficiency and productivity.

The Mac, complemented by the iOS devices—they’re the Ultimate Business Machines. I shake my head in wonder that I can still hear the familiar refrain—Real Businesses Don’t Use Macs. Well, use Macs. And kill the competition.

As if to underline my point about efficiency and productivity, in the manual setup of the VPN client, there’s one obscure button called “Advanced” that we have to teach the user to click, just so he can access this dialog box to set a particular checkbox, the one titled “Send all traffic over VPN connection”. It’s obscure and difficult to explain to a user, but without this option being selected, he can’t go out through the VPN connection to access (otherwise) blocked sites like Facebook and Twitter, which is the whole point of using the VPN. 


But the .mobileconfig file can be made to select this option for the user automatically, so you don’t even have to trouble yourself to explain all the drab technology things that go with it. 

Just click, install, run, enter the password, and go. What could be easier than that?

And even the password step can be eliminated, if we can encrypt the mobileconfig file—which is what I’ll be working on next.

Posted at 9:53PM SGT | permalink

Mon 17 Mar 2014

Liya 3.0.1

Category : Technology

I’ve figured out how to tell whether a running app was downloaded from the Mac App Store, or directly from our web site. With that, I can now build in features for the non-App Store version that go beyond the constraints placed by Apple in their curated wall-garden. For example, there is no need to Sandbox apps that are not going to be distributed from the App Store. The Sandbox is a pain and makes the user interface clunkier than it should be.

In Liya’s case, the Sandboxed App Store version requires all SQLite files to be opened via NSOpen Panels. Therefore I can’t just let the user type or paste the URLs directly into the relevant entry fields in Liya’s interface. They’re forced to navigate everywhere via the Open Panel dialog box. It’s a pain, and the users complain about the loss of freedom to move from point A to point B.

The non-App Store version of Liya retains the purity of the original idea - you can go from A to B in at least a couple of alternatve ways and you choose the faster one always.

So, so long as Apple remains determined to close up the Mac the same way they did to iOS, we’re going to have to live with this.

Liya without the closed up URL box can be found in Liya 3.0.1, which also restores the app’s ability to let the user check back with our site for updates. You can get it from the Liya web page now.

Posted at 9:59PM SGT | permalink

Sun 16 Mar 2014

Luca at the Mac App Store

Category : Technology

We’ve released Luca for the Mac App Store, for only US$9.99.

Screen Shot 2014-03-16 at 11.22.51 am.png

But this is a stand-alone version of Luca (with no access to MySQL or Postgres databases, relying only on the built-in SQLite database to store its accounting data) and since it's in Apple's curated wall-garden, it may lack features or innovations that the non-Apple Store version may sprout, going forward. 

But we hope that offers a great low-cost way to try out Luca, for a start. Do check it out if it fits your needs.

I’ve also released a new Sandboxed version of Liya for the Mac App Store (version 3.0). Now that we’ve learnt how to work with the app Sandbox, it’s time to learn how to work with iCloud.

Posted at 11:39AM SGT | permalink

Mon 10 Mar 2014

Liya 3.0

Category : Technology

I’ve released a new version of Liya, which makes Liya conformant to Apple’s App Sandbox guidelines for the first time. I had a problem working with SQLite files under the App Sandbox because SQLite creates a new file when the database is updated and saved (but the Sandbox only allows updates to the same file a user has opened and won’t allow an app to create new files in most folders outside designated user folders like the Home directory).

I couldn’t move ahead until my friend, Hai Hwee, solved the problem with the Sandbox, for the accounting app she is working on, called Luca, which we’re getting ready to sell on the App Store. That definitely had to be sandboxed and, necessity being the mother of invention, she found a way through and, since Liya and Luca share the same database access code, Liya is the beneficiary.

With this settled, I can now move on to making Liya work with iCloud and, hopefully even DropBox. 

But for now, Liya 3.0 is ready for download (though the App Store version is held up by Apple’s interminable approval process). 

With this version, Liya is also able to read SQLite dates created by Core Data (that are stored as a certain number of seconds from January 1st, 2001). Plus there are some bug fixes and minor interface improvements.

Posted at 7:03PM SGT | permalink

Wed 26 Feb 2014

Controlling Web and Mail Servers from the iPhone or iPad

Category : Technology

I’m trying out the libssh2 library for iOS. It allows me to do something like this, connect back to my web server from my iPhone (or iPad) and run some shell commands on that server and return the results to my iPhone. For example, I can grab a few lines from my Apache log file and see who has been hitting my server, in real time. In effect, this allows me to build a version of WebMon on the iPhone.

It looks like an interesting thing to do. Will see how far I can go with this.

Again, feedback is welcome. Let me know if this is something that will be useful to you, too. I work harder on things that people want to use :)


Other things we’re (i.e., my friend and co-programmer, Hai Hwee, and me) working on now:

One. Liya and Luca. OS X and iOS Sandbox compatibility. Specifically, we are trying to see if we can open and save SQLite files from anywhere on the file system, without restriction, and still maintain compatibility with the Sandbox. Not so easy to do because dealing with the Sandbox is a real pain.

Two. Liya. How to handle SQLite dates saved by Core Data, which uses a different reference date from that used by Unix systems. So, I can now handle dates saved as a certain number of seconds from a certain reference date but I’ve yet to find a way to handle the conflicting start dates used by the two systems, Unix and Core Data, smoothly and transparently to an end user.

Three. We’re getting a version of Luca ready for sale on both the Mac and iOS app stores.

Four. Lots of people downloading LDAP Enabler for Mavericks, but I’m still not able to make Postfix and Dovecot authenticate with the LDAP Server, so enabled by my enabler on Mavericks systems. It used to work on versions of OS X prior to Mavericks, so how come it doesn’t work now? I’m still looking for a solution.

Five. Lots of things to improve on all my “enabler” apps. "So much to do and so little time in a day” ® ™ :).

Posted at 3:39PM SGT | permalink

Tue 25 Feb 2014

VPN Enabler for Mavericks

Category : Technology

I have a new documentation page for VPN Enabler for Mavericks. The current version is 1.0.1. Enjoy !

As far as I can tell, the VPN Server that I’ve set up using this enabler app continues to be used by my friends in China. So, yes, Let a Thousand VPN Servers Bloom.

Posted at 12:14PM SGT | permalink

Fri 20 Dec 2013

WebMon for Mavericks 7.0.2

Category : Technology

I finally found the time to update WebMon for Mavericks. The scrolling performance of WebMon’s (Apache Web Server) Log Window in Mavericks was rather weird, and sometimes it doesn’t refresh itself until you try to scroll the table view.

Version 7.0.2 fixes it and scrolling is much smoother now.


If you can look at the log records for my “live" web server, above, you will see that the most downloaded pieces of software from my site are for Liya (a data management tool for SQL databases) and for the MariaDB installer. Both are free software, of course, but I’m surprised by the popularity of MariaDB on Mac OS X, which is a “drop-in” replacement for MySQL — for those of us who are kinda concerned about the future of MySQL under Oracle. 

I have a MySQL installer, too, but the downloads for MariaDB far exceed that of MySQL, from my site. Ok, it could be that there are other sites that provide one-click installer downloads for MySQL. But I think my installer provides a Preference Pane that works much better than even the one you could get from the official MySQL site. And then it plays nice with MariaDB, if you have both database systems running on the same Mac. So, what I can tell is, there are a lot of people running MariaDB on Mac OS X.

And, one more thing, I’m surprised, but then again not, that Sendmail Enabler (remember this?) is still being downloaded. There is one way in which software, as a merchandise, is quite unlike fish or meat or newspapers or most other produce – it doesn’t get stale. Because of this thing called “The Long Tail”, there is always someone, somewhere in the whole wide Internet who needs something that you think would have run its course by now, if you didn’t know better. I still get money from Postfix Enabler — in each of the last three months. So I never take things off my “shelf”. I’m happy to keep them on my virtual shop window, as long as I’m physically alive and kicking in the real world, or even hereonafter :)

Posted at 6:52PM SGT | permalink

Thu 19 Dec 2013

VPN Enabler 1.0.1

Category : Technology

I’ve updated VPN Enabler to make it more helpful. I’ve added a “Suggest IP Addresses” button. (Download VPN Enabler 1.0.1)

If you’re running VPN Enabler on the single machine, on the local network behind the router, that has all the Internet services loaded on it (e.g., web, mail, and dns server, all on one machine, which is quite a reasonable assumption for the user base that is running all my “enabler” apps), then when you click on that “Suggest IP Addresses” button, it’ll try to provide you with reasonable values that you can use.

These values are provided to an incoming VPN client, which is joining your private local network, so it’ll firstly be assigned an IP address within the range you provided, and then it’s told where to go for DNS services. Basically, the VPN Server acts like a DHCP Server for the incoming VPN clients.


If you hadn’t noticed, I’ve added a Step 4. It reminds the user to set up the router to forward three known UDP ports (500, 1701, and 4500, used by VPNs) to the VPN Server’s IP address. If you had clicked the “Suggest IP Addresses” button, it’ll helpfully tell you the exact IP address of your VPN server machine. Enjoy! Really.

Posted at 7:21AM SGT | permalink

Wed 18 Dec 2013

Let a Thousand VPN Servers Bloom

Category : Technology

I’m releasing Version 1.0 of VPN Enabler (this is the download link). I used this to set up a VPN Server on OS X Mavericks before I went to China, so I can access Facebook, etc, while I was on wifi networks in Chengdu, Sichuan. As far as I can test myself, the VPN Server works (wonderfully, if I may add :)


Only three steps and one click. That’s all it takes to get your own VPN Server running. Of course, your Mac server must be accessible from the Internet. If you’re on a dynamic IP address, sign up with DNS providers like, and use my app, DNS Agent (for Mavericks), to keep your IP address in sync with your domain name, no matter how often that changes.

On the Mac client, set up your VPN configuration like this, in Network Preferences :


Click the Authentication Settings… button:


And click the Advanced… button to set the “Send all traffic over VPN connection” option:


For iOS clients, look for Settings > General > VPN. Add a VPN Configuration:


and, in the Add Configuration panel, do this:


And that’s all there is to it. Enjoy!

Important Tech Note :

If you’re running the VPN Server on a local network behind a router, you need to set up your router to forward UDP (not TCP) ports 500, 1701, and 4500 to the IP address of your VPN Server.

This is not as difficult as it sounds. Your router (which might be bundled with a wifi base station) would have a setup page that you can access using a web browser. Look for the Port Forwarding setup page, which is probably lumped with the Firewall settings. Then use that setup page to create three port forwarding records to associate UDP ports 500, 1701, and 4500 with the local IP address of the Mac that is running your VPN Server. This way, when network traffic comes in from a VPN client, the router will know which machine to route them to for processing.

Posted at 9:37AM SGT | permalink

Wed 13 Nov 2013

VPN Server

Category : Technology

I’ve got a VPN Server running on the plain client version of Mavericks. As usual with these installations, I did so many things to get this to work. I’ll need to figure out what I did that actually worked, and then put them all into a “VPN Enabler” app.

There are many uses for a VPN server. I’ll be going to Chengdu in China in a little less than three weeks’ time. I’ll be able to see if this helps me get past that Great Firewall of China, so I’ll still be able to get through to Facebook, etc, while I’m surfing the public WiFi over there.

I’m going to start work putting together this VPN Enabler app. If there is anyone interested in trying it out when I’m done, just drop me a note.

It felt great to get this working. I couldn’t get LDAP working properly on Mavericks (it doesn’t authenticate for Postfix or Dovecot anymore), so I was worried I was on a losing streak :) 

I’m like a junk man poking inside Mavericks, to see what’s there and what I can do with it. That’s why I hate the “iOSification” of Mac OS X. Lock up iOS all you want (though I could argue even against that). The Mac’s got all the power of Unix on tap. Don’t emasculate it.

Posted at 9:08PM SGT | permalink

Read more ...

Put your Mac to Work Now how would you do something like that?

Weblogs. Download and start a weblog of your own.

A Mac Business Toolbox
A survey of the possibilities

A Business Scenario
How we could use Macs in businesses

VPN Enabler for Mavericks

MailServe for Mavericks

DNS Enabler for Mavericks

DNS Agent for Mavericks

WebMon for Mavericks

Luca for Mavericks

Liya for Mountain Lion & Mavericks

Postfix Enabler for Tiger and Panther

Sendmail Enabler for Jaguar

Services running on this server, a Mac Mini running Mac OS X 10.9.2 Mavericks:

  • Apache 2 Web Server
  • Postfix Mail Server
  • Dovecot IMAP Server
  • Fetchmail
  • SpamBayes Spam Filter
  • Procmail
  • BIND DNS Server
  • DNS Agent
  • WebDAV Server
  • VPN Server
  • PHP-based weblog
  • MySQL database
  • PostgreSQL database

all set up using MailServe, WebMon, DNS Enabler, DNS Agent, VPN Enabler, Liya and our SQL installers, all on Mavericks.