I had to manuver about 800GB of research databases (I use DEVONthink Pro Office) from one zfs filesystem to another because at some point after OS X Server got ahold of my Research volume the permissions and filesystem ACLs went bananas and DEVONthink was completely baffled by it.

Solution was to use Apple’s ignorant-of-xattrs-and-ACLs

to move it to another filesystem where everything is fine. So sometimes it’s good to have a broken

available. Still can’t be certain it won’t happen again and I’d like a more elegant way to recover.

And no, smart-asses,

did f-all to fix anything. Oh, it ran alright. But

still listed long ACLs on everything after supposedly removing it. I suspect it’s something to do with posixacls, and ACL inheritance in OpenZFS’s options, or the mimic HFS+ code is involved somewhere.

Either way, I was sweating recovering those databases with long restore times from Google Nearline until I tested one and it was fine again. Going to alter my backup destinations for different databases anyway to rely on S3 for my Personal and Household stuff at least. Oof.

What a pain.


Filesystem ACLs on OS X are Tedious


iTerm 3 Test Builds & Shell Integration

They had me at:

When shell integration is enabled, iTerm2 automatically adds a mark at each command prompt. Marks are indicated visually by a small blue triangle in the left margin.

You can navigate marks with Cmd-Shift-Up and Down-arrow keys.

I started running the test builds of iTerm 3 last week and overall I love it and haven’t had any stability issues that I can recall because of using it (though since I use

most of the time it wouldn’t exactly be a big deal if I did.)

I was a little wary of the idea of shell integration with iTerm 3 but I read about the features this brings and went ahead and started kicking the tires. Automatic profile switching, the ability to right-click a filename on a remote host and

a copy of it locally, not to mention easily paging my way through exiting jobs has been a really useful enhancement to an already great piece of software. It’s funny how something like a terminal window can actually improve over time.

(Don’t sweat the fact that the documentation mentions to

the script down and then pipe it to

for the integration glue; download the script and look it over and you’ll see it figures out you’re using a superior shell like

and correctly appends the appropriate

directive for you upon execution. Obviously you shouldn’t blindly be

ing yourself to failure so you’d be checking that script yourself anyway, right?

Research Workflows and Tips (Primarily Oriented at Academics)

Liz recently had a conversation going on Facebook where some academic workflows came up. This is the sort of thing I love to read and then run my mouth about, particularly about software and methods of organizing the things that end up getting collected because I think it’s especially relevant to the ABDs.

I had some bookmarks on Pinboard that I hastily shared but I wanted to grab a few more things and put together a more tailored list.

Caveat: Since she and I both are firmly ensconced in the Apple Family, most of these are directly related to iOS and OS X software and I will make no apologies for that. There are many exceptional options for research and organization of information that favor OS X and iOS, and that’s where I spend the majority of my time so my sources are slanted that way.


The problem I had in putting this list together is that in some cases my bookmarks are a few years old, and things move and change quickly. Because of technology being such a fast-moving target, some of this will be a little different (or a lot different), but this shouldn’t be too distracting since, as best I can tell, most academic researchers commit to something and don’t fiddle with it nearly as much as I do.

General Workflows and Notes for Researchers and Academics

“There’s more than one way to skin a cat, and more than just a few tools for creating a paperless workflow for academic research and writing. I’ve noted some of the possibilities on the Affordable Mac apps for academic tasks page.”

Goes into some detail with various tools like Sente and DEVONthink, including the workflow they use for research, drafting, and polishing their work. Scrivener fan, too.

Luc Beaulieu

The e-Office series has some interesting workflow and notes relevant to academic research.

He’s also got some interesting Academic templates for DEVONthink Pro.

More about DEVONthink

I love DEVONthink Pro Office so much I want to marry it. Some notes I’ve found dealing specifically with DEVONthink are bound to happen. Luc’s templates are interesting but I’ve got tons of links!

DEVONthink is great at a lot of things, but honestly I don’t find it that exceptional for collecting — especially when I’m away from the computer. I prefer Evernote for that sort of thing.

Evernote Stuff

Rabbit-hole warning: Numerous outbound links here for other workflows

Sidebar: the Creating Personal Flow article on doing research lead me to a neat post about Commonplace Notebooks, which LL may like.


Thoughts and observations on software and workflows for more-productive academics.

Sidebar: I must tell you that I love Ulysses 3 and use it for writing projects all the time. It’s pretty awesome.


A lot of good notes about Scrivener but other interesting tidbits as well.

Academic workflows: revisited

It’s been a year since I wrote this post on academic workflows. The way I work has changed a bit since then – some apps have gone out, some have been added, and the relationship between some of them have changed, primarily affecting my literature review work flow. Here’s a little post on my current set up.


Fuck this shit, I’ll use paper

Go see my friend Patrick, and do not pass Go and do not collect the USD$200. You won’t need it anyway. Paper based markup systems!


My more complete archive of things I scrape away for later is pretty large, but some especially relevant items include but are not limited to things I tag as:

You’ll notice that many of these use tags for platform, e.g. iOS and OS X.

Building and Using OSSEC on OS X Mavericks

This is full-frontal nerdery, so if you’re normally here for pictures, links to interesting things, and my never-ending bitching about astroturfed “grass-roots political movements”, this post will probably not be relevant to your interests.

One of the things I’m interested in is log management and intrusion detection, and there are a lot of fascinating options for this sort of thing ranging in cost from hella expensive to free. Any grizzly neckbeard with a three button mouse and a copy of the sed and awk book has probably used logsurfer, tripwire, or any number of other options for keeping an eye on system logs, but I find OSSEC‘s feature set to be far more suitable and flexible and require much less effort and patience.

OSSEC is a really interesting piece of software that manages to do an excellent job at monitoring logs and also acting as a HIDS1. So it is excellent at monitoring system logs, but it also detects changes to system utilities and binaries, and uses some logic that you can interact with to detect anomalous behavior. There are a lot of health monitoring suites that offer to alert system admins based on error messages or changed files, but OSSEC also offers central agent and policy management, active response capabilities, and it works across a variety of network topologies2.

Further information on OSSEC is out of scope so from here on I’ll be assuming you know what it is and that you want to install the agent or the server on a Mac OS X 10.9 Mavericks system and that you’re familiar with homebrew and comfortable with the CLI.

Gotcha 1: llvm — y u no inline asm?

The first gotcha you’ll likely encounter with OSSEC’s method of building and installing the agent and/or server, is that Apple’s compiler doesn’t like inline assembly language. Oops. You’re going to need to install a new bundle for gcc to proceed, so install one via homebrew.

Ensure sure you have Xcode and the Command Line Tools installed, and then install a version of gcc you’re comfortable with

brew install gcc-4.8

after tapping

" rel="footnote">3. Once you’re building you can go for a walk around the prison yard being mindful of inmates with shivs and grudges, and come back to a built and installed


  along with the rest of your homebrew favorites.4

So now you’ve probably got


and you’d think you’re going to all square from here on out, but you’d be wrong. Prepare to do battle with what I can only assume is a broken configure script because no matter how I tried to insist on wanting to use gcc/g++ out of homebrew, it refused. Some tutorials will have you putting on a pair of Bad Idea Jeans and replacing Apple’s binaries in

— and I wave my hands at them disdainfully.

Instead, this will get you going without doing anything too stupid. There is a directory inside your extracted OSSEC tarball called

and a file in there called

. Edit the

file and adjust accordingly. Mine merely declares my favored compilers living in



So now we’ll prefer the stuff we just installed with homebrew over Apple’s tools. You can get fancier with it, but generally I prefer using Apple’s compiler and use vanilla

only when required. You could alternatively set aside Apple’s binaries (as root)

and then symlink




and assume that updates to the Xcode CLI package or OS X can and will stomp these with complete disregard for your feelings.

You may now resume your use of

to configure and build your server, agent, hybrid, or local instance as expected. While you’re installing agent keys and/or provisioning your Mavericks system for monitoring, you should know that it probably won’t start automatically when you reboot. Weaksauce.

Gotcha 2: StartupItems? What?

OS X doesn’t want to use

anymore so we’re not going to try to make it happen. The OSSEC installer shoves some stuff in there and leaves a file in

that isn’t needed, so you can safely remove the OSSEC startup script from

because we’re sophisticated users that aren’t running Mac OS X 10.4 or something equally antiquated. Instead we’ll make a

job, like a boss.

launchd Like a Boss

I created a file named

on a system that is acting as an agent that needs to phone in to an OSSEC server, and made it read like so:


Now I need to load that job and start it, and confirm it started the processes correctly. This won’t work very well if you haven’t actually provisioned the agent for non-server installs, but you can probably find your own way from here.


and confirm it’s running the processes you’d expect:


Easy as pie, piece of cake, something something cupcake. We now have a Mavericks system that compiled and installed OSSEC, and it will start the services upon reboot.

Yes, it's just that simple.
Yes, it’s just that simple.

For more information on OSSEC, please go to the OSSEC website, and if you’re curious about the project and the developer, Daniel Cid, he’s been featured on The Setup a couple of years ago. It’s a pretty good post for The Setup, especially considering it was somewhat unusual seeing a researcher in my field listed there. If you subscribe to the OSSEC mailing lists or read the archives you’ll discover quickly that Daniel and I have many personality traits in common. Guess what they are!

  1. host intrusion detection system, as opposed to network intrusion detection systems like snort 

  2. case in point — I’m using the hybrid server mode at home to correlate local event streams and then escalate interesting things to a remote server for further analysis and handling the alerting 

  3. i.e.


    after tapping



  4. What are my favorites? That’s easy: mac-vim, mutt, nmap, dcraw, exiftool, yasm, tmux, sshfs/fuse, gpg, fasd, offlineimap, markdown, mmd, unrar, par2, links, and a few other odds and ends.