As per the title, this isn’t necessarily intended as a prediction of what will happen, but, it is speculation on what could happen.

Background

I think Microsoft is on to something with the Surface Pro. I think the idea of a combined, ‘laptop and tablet’ hardware device is good. It is the execution that has caused them issues.

The main problem (IMO) they’ve encountered is that due to a lack of completed touch apps, the user is almost always forced into the laptop experience – which is horrible when all you have is a finger.

The ‘Tabtop’

Putting a few pieces together:

  • Hardware
    • A bluetooth keyboard (possibly with integrated touchpad)
    • A touchpad / mouse
    • An iPad-like toucbable device (12” ?!)
    • A Dock
    • A inductive charging mat (to avoid plugging things in)
  • Software
    • File Sync technology – that insulates the user from the actual local storage location (e.g. iCloud)
    • Quality apps for both touch and laptop experiences, that use the same file formats (e.g. Pages, Numbers, Keynote)
    • Laptop operating system (OS X)
    • Touch operating system (iOS)

There are definitely a details to work out:

  • What happens when you ‘undock’ the screen?
  • What about the network hungry laptop apps?
  • Can you run OS X efficiently on an ArmChip?
  • What about additional connectors (display / USB)?


Maybe, just maybe, Apple has all of the pieces already.

After a rather annoying hour, I’ve managed to update my copy of mitmproxy to the latest. I’d previously used pip to install it, but, that was failing to get the latest version (including concurrent requests).

In the end, I reverted to the manual approach of:

  • git clone https://github.com/mitmproxy/mitmproxy.git
    • sudo python setup.py install
  • git clone https://github.com/mitmproxy/netlib
    • sudo python setup.py install
  • git clone https://github.com/pyca/pyopenssl
    • sudo python setup.py install

:–)

Contact me @richie5um

Introduction

This guide shows you how you can use DTrace (OpenSnoop) and Splunk to quickly and easily view what processes are opening files on your Mac.

OpenSnoop is a great tool, but, it can be very noisy and therefore slightly annoying to use effectively – apart from basic greping. Splunk is a superb system for quickly and dynamically investigating event data.

By combining the two, we get an incredible amount of detail which is very easy to navigate through.

Details

OpenSnoop is a shell script that uses DTrace to log file opens in space separated columns. We are going to amend the shell script so that the output is in key/value form – as this makes it much easy to parse with other tools (e.g. Splunk).

With our ammended shell script, we’ll then get Splunk to import the data.

How To

  • Download and install Splunk (you can use the free license, which is capped, but, should be usable).
    • There may be a suitable free alternative, but, I’ve not looked.
  • Download OpenSnoopKV.sh
    • This adds the -k parameter which outputs the data in Key/Value format. This was a quick hacky adjustment, there is likely a cleaner way of changing OpenSnoop than lots of if’s.
    • Note: Your system default OpenSnoop is in /usr/bin/opensnoop.sh
  • Run OpenSnoopKV.sh (DTrace will need to be elevated) so that it outputs to a file
    • sudo ./OpenSnoopKV.sh -k -v -A > /tmp/opensnoopkv.txt
  • Configure Splunk to import from OpenSnoop output.
    • Step 1 – Add a data input:
    • Step 2 – Add the file input:
    • Step 3 – Configure the input file:
    • Step 4 – Setup the source type:
    • Step 5 – Verify the format is detected:
    • Step 6 – Specify the source type:
    • Step 7 – Enjoy, and start searching in Splunk:

Additional

  • OpenSnoop can also monitor a specific file. This will help you reduce the volume of events. For example:
    • sudo ./OpenSnoopKV.sh -k -v -A -f ~/File.txt > /tmp/opensnoopkv.txt
    • Note: I’d ideally like to add a path prefix match to filter to only log paths under that parent folder. I’ll look at a mod to OpenSnoop at some point.
  • If you want to clean all the data from Splunk, or, want to perform Splunk operations then you’ll need to run the cmd line tools, for example, to delete all Splunk data:
    • Start Terminal.app
    • cd /Applications/Splunk/bin
    • ./splunk stop
    • ./splunk clean eventdata

Disclaimers

  • Given there are a lot of file events, it may be better to send directly via UDP – rather than using a file – as the file will get very big very quickly.
    • Also, if you leave this running it is likely that you’ll hit the Splunk cap pretty quickly.