Mountain Lion Certificates

Before starting up Certificate generation, there are some important concepts to be understood. There are three possible roles that can be assigned to Apple Developer Program members: Agent, Admin, or Member.

Borrowed from Apple’s website.
1. Agent
The Agent (the original enrollee accepted into an Apple Developer Program) is the primary contact for the development team, is responsible for accepting all Developer Program Agreements, and can enroll their team in additional Apple Developer Programs.

2. Admin (company/organization only)
Developers assigned the Admin role serve as a secondary contact for teams enrolled in an Apple Developer Program as a company. Team Admins can invite members to the team, assign roles, and have access to the resources and benefits of the developer program they are enrolled in.

3. Member (company/organization only)
Developers assigned the Member role have access to the resources and benefits of the developer program they are enrolled in.

Now that you know the rules. So if an “Admin” user goes to certificate creation page, the option is disabled.

Disabled option to generate certificate

The rule also means that the Admin user cannot download the certificates either. It is the responsibility of “Agent” to generate and download the certificate and share it with the team.

Download option is also disabled.

Generating Certificates
If you are logged in as an Agent the button in first image will be enabled. Click on it and APPLE will guide you through the process to generate the certificates. But remember you have to generate 2 certificates: Developer ID Application Certificate and Developer ID Installer Certificate (First time I tried, I missed out on generating Developer ID Installer Certificate). Developer ID Application Certificate is used for signing the application and Developer ID Installer Certificate is used for signing the installer. While you are at it make it a point to download Developer ID Intermediate Certificate. Without Developer ID Intermediate Certificate Gatekeeper wouldn’t allow your application to launch.

As mentioned earlier only an Agent can download the certificates. So it is the duty of agent to generate the certificate and share it with his team.

Mountain Lion Gatekeeper

This is the first in a series of 3 posts documenting the working of Gatekeeper and signing of the plug-ins and the installers.

Gatekeeper is Apple’s security feature that is designed to protect Mac OS X users from malicious software.

Gatekeeper will be able to run in three modes:
1. Mac App Store: The default mode, a stricter mode in which users will only be able to install applications downloaded from the Mac App Store.
2. Mac App Store and identified developers: Relaxed mode that allows users to install applications downloaded from the Mac App Store or identified developers (Applications signed using certificate generated by Apple.)
3. Anywhere: Any application can be installed.

Gatekeeper options

While option 1 is the safest, option 3 is like being back on Lion or any other previous version of Macintosh. Option 2 seems like a good middle path which quite a few developers will take.

Important points to remember regarding Gatekeeper:
1. The Gatekeeper does not check or restrict Plug-ins, Frameworks etc.
2. Any software already installed—and that has been run at least once—will continue to run even after Gatekeeper is enabled. Gatekeeper checks on first launch of an application.
3. Gatekeeper uses OCSP (Online Certificate Status Protocol) to verify the certificate, OCSP talks to servers over the Internet.
4. Gatekeeper validates/checks all the installer.

For more information on Gatekeeper behaviour refer: Macworld article and tidbits article

I did few experiments to understand the Gatekeeper better.

Check 1: Downloaded a pkg installer (unsigned) on 10.6 and ran it on 10.8 from a pen drive
I Downloaded a pkg installer which doesn’t work (not signed) on 10.8 (Mountain Lion) on 10.6 (Snow Leopard) using Google Chrome and transferred it to a pen drive next day and tried installing it. The Gatekeeper detected that the pkg was not signed. The behavior was same when I downloaded the installer from a mail server.

Downloaded on Snow Leopard but Gatekeeper detected it.

Check 2: Downloaded a pkg installer (unsigned) on 10.8
I Downloaded an pkg installer which doesn’t work (not signed) on 10.8 on 10.8 and tried installing it again Gatekeeper was up to the task. The behavior was same when I downloaded the installer from a mail server.

Check 3: Downloaded a signed pkg installer on a fresh 10.8 machine without internet
Basically this machine had Mountain Lion Preview 4 and my signed installer was not used on this machine. I pulled out the LAN cable (WiFi was turned off) and I tried to install my package using the pkg installer. Gatekeeper allowed the installer to run without any warning. Looks like OCSP (Online Certificate Status Protocol) is not the only check Gatekeeper performs. Good news is that Gatekeeper doesn’t need the machine to be connected to internet for it to verify the certificates. The behavior was same when I downloaded the installer from a mail server.

Check 4: Downloaded an application (unsigned) on 10.6 and ran it on 10.8 from a pen drive
The application didn’t have a pkg installer. I just had to drag and drop the app into “Applications” folder. Copy worked fine but when I tried to launch the application, Gatekeeper kicked in. I used an older version of TextWrangler to generate the issue.

Check 5: Downloaded an application (unsigned) on 10.8
Same as Check 4. Gatekeeper wouldn’t allow me run the application. I used an older version of TextWrangler to generate the issue.

Check 4 and 5

Check 6: Downloaded a signed application on a fresh 10.8 machine without internet
Gatekeeper verified and allowed the application to launch.

Gatekeepers doesn’t quite meets my expectation. I would be very happy if it starts validating frameworks, plug-ins and command line tools that the user can download from internet. There are already improvements in Gatekeeper implementation in Mountain Lion GM over Mountain Lion Preview 3. But it is a good start none the less.

The Dark Knight Rises

“High expectation” two words to define The Dark Knight Rises. Three hasn’t been a lucky number for lots of movie franchises.

The Dark Knight Rises

Take for example Alien 3 (4 was even worse), Spider-Man 3, The Matrix Revolutions. But there are exceptions to the rule The Lord of the Rings: Return of the king, Ice Age 3, Back to the Future Part III. I expect The Dark Knight Rises to follow the latter and not the former.

Not much is known about the movie. But there are rumours that the play boy Millionaire (later Billionaire) Bruce Wayne is going to find a new love interest and this movie will introduce Bane and Catwoman. Once again Chris Nolan has assembled a strong cast. There is no need to mention anything about the acting prowess of Christian Bale, Michael Caine, Gary Oldman and Morgan Freeman all seasoned actors. If you have seen this trailer you would realize that there will be massive mayhem in Gotham City.

Will it match the heights of The Dark Knight?
I hope so and I have my fingers crossed. There was a point in The Dark Knight were I started to feel that the mayhem unleashed by the Joker will never end and that is a kind of feeling you will rarely feel in a movie these days. Every time I watch The Dark Knight I remember it. So in a way The Dark Knight Rises has a huge challenge in front of it.

New characters added to the cast are

Marion Cotillard of Inception fame as Miranda Tate
Joseph Gordon-Levitt of Inception fame as John Blake
Cillian Murphy of Inception (28 days later) fame as Jonathan Crane/Scarecrow
Tom Hardy of Inception (Warrior) fame as Bane
Liam Neeson as Ra’s al Ghul.
Anne Hathaway as Selina Kyle

I have put Inception next to the names for the actors to re-emphasize the fact that Chris Nolan re-works with stars. Most of these actors have done well in the past.

The Dark Knight series have had strong negative characters Ra’s al Ghul, Jonathan Crane/Scarecrow and Carmine Falcone in Batman Begins, Joker and Harvey Dent in The Dark Knight and Selina Kyle, Ra’s al Ghul (hoping it’s not a guest appearance) and Bane in The Dark Knight Rises. There are two characters I am most interested in. One is Ra’s al Ghul and the other is Bane.

Ra’s al Ghul
Liam Neeson has an amazing screen presence. He is able put life into characters and movies that are not that well written and make them watchable. Unknown and Taken would have bombed (flopped) at the box without Liam Neeson, he simply elevates the movies and the characters he plays. It would be fun to see him as Ra’s al Ghul again. I didn’t have any negative emotions (that I normally have for negative characters) for his portrait of Ra’s al Ghul, he simply came across as a natural person. A man taking revenge for loss of his family.

Bane
The role of Bane is played by Tom Hardy, those of you who have seen Warrior (I have seen) would agree that Tom Hardy looked natural playing the role of Tommy Conlon. Tom Hardy played a role of former U.S. Marine who is angry with his family in the movie Warrior. It would be interesting to see what he does with Bane. I am looking for lots of intensity from him. It could be his big break. Not sure whether he needs it after Inception and Warrior.

No Batman movie discussion will be complete without Heath Ledger’s Joker. Sadly we wouldn’t see Heath Ledger’s Joker in the final installation of the series. I hope the movie has some kind of homage to Joker and Heath Ledger because without Heath, Joker wouldn’t be as menacing as in The Dark Knight and without Joker The Dark Knight wouldn’t have been The Dark Knight.

For one thing this movie is going to be a sure shot hit. Unfortunately I won’t be able to watch the movie in its first week of release. Hopefully I will be able to watch it in the second week!

To read more movie reviews and to book tickets please click on The Dark Knight Rises.

Arsenal 2012-13

This(2012-13) season will be my 12th season cheering for Arsenal. I had become a fan while playing FIFA 99. Arsenal was the first team in the list of teams in that game and ever since then I have been in love with Arsenal. I know a couple of other guys who fell in love with Arsenal the same way.

In those days Arsenal was a tough team to beat but things have gone down a bit, But Arsenal FC is lucky club, it’s been 7 years and they haven’t won a title and we Gooners (We like calling ourself that) still cheer for our club. The ticket prices aren’t low either. It is one of the most expensive in the EPL. But still people come out in large number to cheer for Arsenal. Unfortunately every year things take a turn for the worst. Last year Cesc Fàbregas, Samir Nasri and Gaël Clichy walked away from Arsenal. After receiving 8 -2 trashing from Manchester United many (including me) thought it was game over for Arsenal. But Arsenal survived, they recovered from the depths of relegation zone to clinch 3rd place in the English Premier League and get a direct entry into Champions league which in fact was better than what Arsenal achieved in 2010-11. This is after

• Selling some of their top players: Cesc Fàbregas, Samir Nasri and Gaël Clichy.
• Long term injuries to one of their regular defender and a Midfielder: Bacary Sagna and Jack Wilshere

So I started believing that Arsenal could win some trophy in 2012-13 after they signed on Lukas Podolski and Oliver Giroud. But then thunder bolt stuck and it was déjà vu time all over again.

Is he a traitor?

Robin van Persie decided not to sign a contract extension. Will I hate him for that?
No, never. He is one of the hero who saved the 2011-12 season for gunners. He has done more for the club than most others. Almost single-handedly resurrecting Arsenal in the previous season. May be I don’t hate Van Persie decision because I expected him to go. But I didn’t like the post he put up on his personal web page, It was like slapping the club. He would have lost a lot of goodwill after that.

Do I now think Arsenal will not win any trophy this year?
Well the answer to that question is very simple, it all depends on whether Mikel Arteta is fit through out the season. Mikel Arteta was one of the unsung heroes of the 2011-12 season. If you dig out the stats you would realize that Arsenal’s season began to teeter out towards the end when Arteta was injured. This was despite the fact that Robin van Persie was still scoring goals. With addition of Lukas Podolski and Oliver Girourd Arsenal should be able to cope with the loss of Robin van Persie.

Here are some stats to make my point.
Arteta missed six league games through injury in his debut season (having joined after the opening three matches of the campaign).

Statistics

	Played	Won	Draw	Lost
Arsenal Without Arteta	9	1	4	4
Arsenal with Arteta	29	20	3	6

 

In all competitions his personal playing record was Wins 25 Draw 5 Loss 8 for a win percentage of 65.8. By way of comparison, Arsenal’s overall win percentage for the season was 57.4.

Although Robin van Persie was/is an important player the impact Arteta had cannot be ignored. Towards the end of the season when Persie’s form started going down Arteta was the MVP for Arsenal.

Arteta could be the captain this season

If Robin van Persie and Theo Walcott don’t agree to sign a contract extension, they should be sold to some other club before the season begin. There is no point in holding on to players who doesn’t want to play. We all saw what happens when you have players in the team who don’t want to play for the team. It only increases the toxicity in the team and will pull the entire team back.

I would also like to see the back of following players.

• Sébastien Squillaci: Never looked like he would do well at Arsenal. It’s time to let him go.
• Andrei Arshavin: Started brightly but since then has gone down the pecking order.
• Park Chu-Young: Not sure why he was signed?

Should be given another oppurtunity

• Paddy Powered Nicklas Bendtner: With Robin van Persie and Theo Walcott almost certain to go Arsenal can do with a player with Premier league experience. Bendtner did well till he got injured, he can be given another chance.
• Marouane Chamakh: Deserve another chance. Robin van Persie’s form meant Chamakh didn’t get enough opportunity. This could be his silver-lining.
• Yossi Benayoun: It’s clear Chelsea doesn’t need him and he has proved he is a capable player. Arsenal can try to get him on loan again this season.

I would like more playing time for these players
• Lukasz Fabianski: Has improved a lot and healthy competition is good for the team.
• Andre Santos: Not one of the best defenders at Arsenal but his goal scoring skills is quite impressive. It would be great if he could improve his defensive skills.
• Ryo Miyaichi: I can’t wait to see him play. I have a lot about him but haven’t been able to see him play.

Arteta got standing ovation from Everton crowd when he played for Arsenal against Everton. I hope Robin van Persie get the same when he comes back to Arsenal next time (either as part of Arsenal team or some other team). Robin van Persie has done enough for Arsenal. He has given 8 years of his life to the club there aren’t many other footballer who can claim that. At least he has won a trophy with Gunner unlike big talking Samir Nasri and PR Maestro Cesc Fabregas.

If I were Arsene Wenger I would sell Theo Walcott and Robin van Persie (if they don’t agree to sign a contract extension) and sign on couple of players (Midfielders) instead of putting that money into the bank!

Before ending this I would like to thank Monish Shah was reviewing this post despite not being a soccer fan and for his kind words. Thanks mate.

My mistake!

I took to blogging because I though it would be fun. I must admit it has been an interesting experience. I enjoy writing but I also enjoy reading what other people say. If I like a post I don’t forget to write comments. One blog that I used to enjoy reading is Plan Your Investment. It basically has loads of information on financial stuff that my small skull cannot easily comprehend (normally it never goes in) but I still make it a point to read through every post religiously. Just in case I could save some money on taxes!

Some time back the blogger Krishna (of Plan Your Investment) had written about Employee Provident Fund. It basically dealt with EPF (Employee Provident Fund) Office sending EPF account balance information via sms. EPF office happens to be one government office that I have visited the most in the recent past. It’s been 4 trips and the results have been depressing. Even the guys at the reception tend to recognize me now! I don’t know whether it’s a problem with the government office or it’s just my dumb luck. I will write about it some other day.

Anyway coming back to the topic at hand, I had some questions so I posted my queries and got reply too. But the problem was I had ticked a box indicating that I should receive a mail if somebody post a comment on the post. I was interested in the author’s comment and normally most of his posts doesn’t get lots of comments, but this post was different. Well TBH it was one of the funniest mistake I have ever done!

Every since that day I get mails with silly queries and requests in it. It looks like people don’t really read they drop by write to their heart’s content and hope for a miracle. Unfortunately Plan Your Investment website isn’t EPF Office website nor does it have any connection to EPF Office, So in this case there won’t be any miracles!

Thanks to these folks, I have had to reconsider my policies a bit. I had two options

Option #1

No Comments

I either do the above “No Comments” for all the posts.

Option #2

Don’t click option 1.

I should make sure that I never ever click “Notify me of following comments via e-mail” option. I have decided to go with Option #2.

These days I am hoping for a miracle, I wake up in the morning and pray that there aren’t any mails regarding EPF! I have got close to 240 mails on this in my inbox. Proof attached below.

My Bane

This post has become my Bane!