(Back to) California or bust!

I’m excited to announce that I’ve accepted a job with Apple in California with a title of Dev Ops Engineer, starting February 15, 2016. I will be working with a great team of individuals doing lots of linuxy, pythony, and puppety things to help maintain the worldwide infrastructure that makes Apple Search/Spotlight possible. My family will probably stay in Virginia for about a month before joining me in the Bay Area. This is still to-be-determined.

April 2016 would have marked my 16th year with HHMI. In April 2000, a few months out of college, I started working for HHMI as a (glorified?) Network Engineer, supporting Windows servers, desktops, and Cisco networking devices around the country out of a remote office on the Stanford University campus in California. In late 2001 our office relocated to downtown Berkeley, much closer to home. In 2002, I got married and then in 2003 and 2005 had a son and a daughter.

In late 2005, HHMI moved my family from California to Virginia so I could work at their new Janelia Farm Research Campus (now Janelia Research Campus.) I started there as a Mac Admin, supporting researchers and administrative staff. In 2009, I transitioned to the Scientific Computing Systems team to support the linux workstations and servers. This is when my love of scripting, programming, and automation really had a chance to take off.

Working at Janelia was the best part of my tenure at HHMI. I’ll be leaving behind many friends and respected colleagues there. I owe a lot to my last HHMI boss, who was a fantastic mentor and let me explore and develop my skills in directions I couldn’t have anticipated when I started working for him.

I quite like my career’s arc and how it has led me to where I am today and to what I’m about to do. The only thing I’m not sure about is what this move means for my future availability to work on ADPassMon and KerbMinder. I don’t anticipate having to cease work on these projects, but even if I do, the excellent collaborators I’ve managed to acquire will keep them alive and thriving.

Thanks for reading, and Happy New Year! I’m really looking forward to what’s next.


KerbMinder updated to v1.3


This release brings some significant changes (besides the slick new logo) thanks to a new collaborator, Francois Levaux. All of the original functionality is there, but he made the code much better (you should care about such things!) while adding a killer new feature.

With this release, KerbMinder no longer requires the Mac to be bound to Active Directory. On an unbound Mac, KerbMinder will prompt users for their username and domain information and use it to retrieve a kerberos ticket from the domain.

You can download v1.3 here.

ADPassMon updated to v2.20.7

I’ve neglected to post about the last few updates, but we are now at version 2.20.7.

There have been no major changes since my last announcement, but a few bugs have been fixed.

Change summary

  • General spiffing: Removed pre 10.8 code, polished other code, cleaned up comments, user feedback, and logging.
  • If password does not expire, the Re-check Expiration menu item and the Test Settings button in the prefs window are disabled. This prevents an expiration days count (typically a very large number) from being displayed.
  • Resolved an issue where the Create New Keychain button was not showing in the password dialog.
  • Resolved an issue where changing the expiration check interval did not take effect.
  • Resolved an issue where a “missing value” dialog box would appear when trying to change your password.

ADPassMon is “de-forking”

icon_forkBut first, some history. In April of 2014, Ben Toms (aka macmule), released his fork of ADPassMon to the world. It has three main features that differentiate it from mine:

  1. Where my version relies on the native OS change password dialog box, Ben’s fork gives you the option of changing passwords using a dialog box provided by ADPassMon. One of the main advantages here is that you can customize the text displayed in the password window and tailor it to your environment. If your organization uses a web-based password changing service, Ben’s fork can even take users to that site.
  2. Ben’s fork can verify that the user’s login keychain password is correctly synced with their login password, and prompt to fix it when it is not. This is a big deal, as out-of-sync keychain passwords are a hassle for many Mac admins to deal with.
  3. The interval between AD password checks is user-configurable in Ben’s fork. My version used a fixed 12-hour interval.

Since the time of the great forking, Ben and I have both worked independently on our code, adding changes and fixing bugs here and there, so there has been a bit of drift and duplication of effort in the last year. After a fair bit of discussion and some false starts, we finally pooled our resources and have reunited our code into a single project.

So, without further ado…

We’re proud to announce ADPassMon v2.20!

In addition to the features listed above, this release brings the following:

  • Notification alerts now include a Change button, which takes you directly to your selected change password method.
  • Even though it was listed as a feature, “offline functionality” didn’t work correctly until now. The menu item now will now update to show the correct number of days remaining even if your computer has been away from the work network for a while.

Going forward, ADPassMon’s source code, releases, and documentation will be maintained and updated at https://github.com/macmule/ADPassMon/.

Since this is a big change for both forks, we’re still in pre-release mode. Please download and test the app and share your feedback. If you discover any issues, or have feature requests, we ask you to please let us know by submitting them to the github project.

KerbMinder updated to v1.2

This version incorporates fixes submitted via github that remedy the following issues:

  • When the kerberos principal’s realm and the AD directory domain that the computer is bound to do not match, KerbMinder was unable to properly renew the ticket. E.g. the kerberos principal can be FOO.EXAMPLE.COM while the AD domain can be EXAMPLE.COM. KerbMinder would try to use a realm matching the domain. This is not always a correct assumption.
  • The postinstall script for the .pkg installer contained two typos that caused the script to run incorrectly.

Thank you to Francois Levaux-Tiffreau and Noel B. A. both for your pull requests.

Download the v1.2 release here.

ADPassMon updated to v1.11.4

Download the latest release on GitHub.

New feature:

This version introduces a user-configurable check interval. You can adjust the check interval anywhere from 1 to 24 hours.


Bug fixes:

ADPassMon is designed to poll AD for password expiration info immediately upon launch, 15 seconds after the computer wakes from sleep, and/or every x hours as determined by the check interval. Blog commenter Andy May let me know that the automatic expiration check was not working properly. This release fixes that bug.

ADPassMon updated to v1.11.3

Hot on the heels of v1.11.2, this release addresses two issues:

  • Fixed an annoying bug where the Use Notifications checkbox in the Preferences window, and both the Enable Notifications and Enable KerbMinder menu items would not change state the first time they are selected.
  • Added a log entry for when ADPassMon triggers a Notification Center alert to help troubleshoot an issue where notifications were not being spawned.

Download this release from GitHub.

ADPassMon updated to v1.11.2

This release includes the following changes/fixes:


  • New icon with high-resolution (Retina) equivalents.
  • Removed square brackets from the status menu display. Where previously “[31d]” would be shown, now “31d” will be shown.
  • Improved first-run logic to fix an issue where some users were being shown the Preferences window each time ADPassMon launched.

Download this release from GitHub.