--- /dev/null
+Over the past few months, my wife has gone through a number of
+operating systems. The Windows XP on her elderly laptop was finally
+overrun by viruses, and we didn't have an XP install CD, so I moved
+her over to Ubuntu. Recent stock Ubuntu installations are not
+particularly snappy on 300-odd MB of RAM, so after a few days I moved
+here over to Gentoo, since I have a lot of experience running
+stripped-down Gentoo systems on my netbook. Unfortunately, my wife's
+not really a big supporter of the stripped-down approach, so after the
+second 30-MB slide show started taking down Open Office, we threw in
+the towl and went shopping for a Mac. The entry-level MacBook Pros
+are reasonably priced (especially with my student discount), and she
+gets another core and 10 times the memory and disk space. I, on the
+other hand, get to work the kinks out of a Unix system so I can quash
+it into our home network. Ready?
+
+User switching
+--------------
+
+By default, there's no easy means to switch between users without
+logging out completely. Can't have that. Go to
+
+ System preferences -> Accounts -> Login Options
+
+and select `Name` (or whatever) for `Show fast user switching menu
+as`. This puts a widget in the toolbar near the clock which lets you
+switch users without closing all your running applications.
+
+SSH
+---
+
+Sooner or later, your wife will come home and want to sit down in
+front of her shiny new laptop. Add a second keyboard by enabling
+[[SSH]] ;).
+
+ System preferences -> Sharing -> Remote login
+
+Kerberos
+--------
+
+I recently moved the home fileserver to [[Kerberos + NFSv4|Kerberos]].
+Luckily, OS X support for Kerberos is pretty solid, and NFSv4 support
+is just solid enough for me to mount my shares. Copy your
+`/etc/krb5.conf` over to `/Library/Preferences/edu.mit.Kerberos`.
+
+You might have to edit it slightly, because Snow Leopard was ignoring
+my DNS network name suggestion and using `.local`. This is probably
+what I should have used in the first place, but it's not worth
+reworking the home system now, so use something like
+
+ [domain_realm]
+ .d.net = R.EDU
+ d.net = R.EDU
+ .local = R.EDU
+
+If your DHCP server doesn't point out your home DNS resolver, you can
+add it by hand in
+
+ System preferences -> Network -> AirPort -> SID -> Advanced -> DNS
+
+Now `kinit` and company should work as expected, but with OS X, you're
+not doing it right unless you're using a graphical interface, so they
+provide `/System/Library/CoreServices/Ticket Viewer`.
+
+If you want to store your password in your keychain, run
+
+ $ echo | kinit
+
+which will pop up a password dialog with a `Remember this password...`
+checkbox. Find the entry in
+
+ /Application/Utilities/Keychain Access
+
+and click on the `info` button. Under `Access Control`, it should
+mention that access is always allowed from `kinit`. You can test this
+from the command line by running
+
+ $ kinit
+
+which will now grab a new TGT automatically (i.e. no password prompt).
+
+For long-running NFS mounts, you might want to setup automatic ticket
+renewal. This is a task for [launchd][], an `rc/init/cron`
+replacement that reads service info from `plist` files
+(`launchd.plist(5)`). There is a system-provided Kereberos renewal
+service
+
+ /System/Library/LaunchAgents/com.apple.Kerberos.renew.plist
+
+but it [has some issues][krenew]. Rather than patching the system
+file, I just created my own alternative:
+
+ $ cat ~/Library/LaunchAgents/local.Kerberos.renew.plist
+ <?xml version="1.0" encoding="UTF-8"?>
+ <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+ <plist version="1.0">
+ <dict>
+ <key>Label</key>
+ <string>local.Kerberos.renew.plist</string>
+ <key>Program</key>
+ <string>/usr/bin/kinit</string>
+ <key>Disabled</key>
+ <false/>
+ <key>RunAtLoad</key>
+ <true/>
+ <key>ThrottleInterval</key>
+ <integer>6000</integer>
+ <key>KeepAlive</key>
+ <dict>
+ <key>SuccessfulExit</key>
+ <true/>
+ </dict>
+ </dict>
+ </plist>
+
+Start the service with
+
+ $ launchctl load Library/LaunchAgents/local.Kerberos.renew.plist
+
+The `Disabled` `false` setting shouild mean that the service will
+start automatically on the next boot. Note that if your KDC goes down
+and a renewal fails, the service will stop, and you'll have to restart
+it once the KDC is back up.
+
+NFS
+---
+
+Once you've got Kerberos setup, mounting an NFS file system is just:
+
+ $ sudo mount -t nfs -o vers=4.0alpha,sec=krb5p,intr,soft my-host:/ /Volumes/my-nfs/
+
+Note that the Apple folks are still nervous about their NFSv4
+implementation. From `mount_nfs(8)`:
+
+ The current NFSv4 functionality is "alpha quality" software. Some
+ basic functionality is not yet implemented. Use at your own risk.
+ Currently, the only way to enable NFSv4 is to specify the mount
+ option:
+
+ -o vers=4.0alpha
+
+ This special option value is only temporary and will no longer be
+ necessary (or supported) once the NFSv4 functionality is ready for
+ general use ( -o vers=4 will be sufficient ).
+
+I haven't noticed any glitches yet, but it might be wise to restrict
+write access from the OS X client to less critical directories, just
+to be on the safe side.
+
+The graphical approach to configuring NFS is
+
+ Applications -> Utilities -> Disk Utility -> File -> NFS mounts
+ Remote NFS URL: nfs://my-host/
+ Mount location: /Volumes/my-nfs
+ Advanced Mount Parameters: vers=4.0alpha,sec=krb5p,intr,soft
+
+After you do this, the mount should come up automatically on boot.
+You can unmount the drive through the Finder sidebar, but I haven't
+figured out how to remount it through the graphical interface.
+
+ $ sudo mount -a
+
+seems to work fine though ;).
+
+FLAC and Ogg
+------------
+
+Somewhat shockingly, iTunes doesn't support [FLAC][] or [Ogg Vorbis][]
+out of the box. To get Ogg Vorbis support, install the [Xiph
+Quicktime Component][xiphqt]. Their `ReadMe.rtf` explains that
+installation is just
+
+ $ sudo cp -r Desktop/XiphQT-unpacked/XiphQT.component /Library/Components/
+
+XiphQT gives you the ability to decode assorted xiph codecs and
+containers, but iTunes may still need some handholding to actually
+import the files into its library. [Fluke][] handles that for FLAC
+files, but the code is a bit crufty. I've been cleaning it up a bit,
+and I'll probably post my changes on the Google Code site over the
+weekend.
+
+iTunes
+------
+
+Once you've got codec support in place, you should configure iTunes.
+I unchecked `Copy files to iTunes Media folder when adding to library`
+in
+
+ iTunes -> Preferences -> Advanced
+
+Then get iTunes to index your NFS-mounted FLAC with
+
+ File -> Add to library
+
+Add the FLAC with
+
+ $ flukeapp path/to/my/music/directory
+
+Remote desktop
+--------------
+
+There's not much documentation online, but there is a [MS Remote
+Desktop][rd] client available ([Microsoft page][rd-ms], [Apple
+page][rd-a]). The package installs into
+
+ /Applications/Remote Desktop Connection.app
+
+double-clicking on this from Finder will fire it up, and you can
+configure it to log into your company's server, save the
+configuration, and make a symlink for easy launching from the desktop:
+
+ $ ln -s ~/Documents/RDC Connections/Default.rdp ~/Desktop/WidgetsLtd.rdp
+
+Gentoo Prefix
+-------------
+
+The above steps get everything setup for basic usage, but you'll
+notice that we had to install a few applications by hand. This just
+consisted of unpacking a few bundled objects onto the system, but the
+OS will not be out checking for bug fixes and upgrades to keep our
+installations current. I'm missing my [portage][] package manager.
+It's ok though, there are a number of package managers designed for OS
+X. The major players are [Fink][] ([Debian][] tools) and [MacPorts][]
+([FreeBSD][] tools?), but there are fringe groups supporting the DIY
+[Homebrew][] and my personal favorite, [Gentoo Prefix][gprefix]
+([Gentoo][] tools). Pick your favorite. The issue with any of these
+tools will be interfacing with the underlying OS, since you don't want
+the OS to sneakily replace your GCC without your package manager
+knowing about it. To deal with this, the package managers do varingly
+complete jobs of toolchain bootstrapping to isolate their toolchain
+from Apples [Xcode][]. Unfortunately, Xcode is not free, but if
+you've just bought a Mac, you can probably afford the $4.99 it costs
+for 9.3 GB of installed tools ;).
+
+Bootstrap your Gentoo Prefix following the [MacOS docs][gp-mac]:
+
+ $ export EPREFIX="$HOME/Gentoo"
+ $ export PATH="$EPREFIX/usr/bin:$EPREFIX/bin:$EPREFIX/tmp/usr/bin:$EPREFIX/tmp/bin:$PATH"
+ $ export CHOST="x86_64-apple-darwin10"
+ $ curl 'http://overlays.gentoo.org/proj/alt/browser/trunk/prefix-overlay/scripts/bootstrap-prefix.sh?format=txt' > bootstrap-prefix.sh
+ $ chmod 755 bootstrap-prefix.sh
+ $ ./bootstrap-prefix.sh $EPREFIX tree
+ $ ./bootstrap-prefix.sh $EPREFIX/tmp make
+ $ ./bootstrap-prefix.sh $EPREFIX/tmp wget
+ $ ./bootstrap-prefix.sh $EPREFIX/tmp sed
+ $ ./bootstrap-prefix.sh $EPREFIX/tmp python
+ $ ./bootstrap-prefix.sh $EPREFIX/tmp coreutils6
+ $ ./bootstrap-prefix.sh $EPREFIX/tmp findutils
+ $ ./bootstrap-prefix.sh $EPREFIX/tmp tar15
+ $ ./bootstrap-prefix.sh $EPREFIX/tmp patch9
+ $ ./bootstrap-prefix.sh $EPREFIX/tmp grep
+ $ ./bootstrap-prefix.sh $EPREFIX/tmp gawk
+ $ ./bootstrap-prefix.sh $EPREFIX/tmp bash
+ $ ./bootstrap-prefix.sh $EPREFIX portage
+ $ hash -r
+ $ emerge --oneshot sed
+ $ emerge --oneshot --nodeps bash
+ $ emerge --oneshot pax-utils
+ $ emerge --oneshot --nodeps wget
+ $ emerge --oneshot --nodeps baselayout-prefix
+ $ emerge --oneshot --nodeps xz-utils
+ $ emerge --oneshot --nodeps m4
+ $ emerge --oneshot --nodeps flex
+ $ emerge --oneshot --nodeps bison
+ $ emerge --oneshot --nodeps binutils-config
+
+Now check `gcc --version` to see which version of [GCC][] Xcode
+installed. If it's not 4.2.1, check the bootstrap docs.
+
+ $ emerge --oneshot --nodeps binutils-apple
+ $ emerge --oneshot --nodeps gcc-config
+ $ emerge --oneshot --nodeps gcc-apple
+ $ emerge --oneshot coreutils
+ $ emerge --oneshot findutils
+ $ emerge --oneshot tar
+ $ emerge --oneshot grep
+ $ emerge --oneshot patch
+ $ emerge --oneshot gawk
+ $ emerge --oneshot make
+ $ emerge --oneshot --nodeps file
+ $ emerge --oneshot --nodeps eselect
+ $ FEATURES="-collision-protect" emerge --oneshot portage
+ $ rm -rf $EPREFIX/tmp/*
+ $ hash -r
+ $ emerge --sync
+ $ USE=-git emerge -u @system
+ $ echo 'USE="unicode nls"' >> $EPREFIX/etc/make.conf
+ $ echo 'CFLAGS="-O2 -pipe <my-cpu-flags>"' >> $EPREFIX/etc/make.conf
+ $ echo 'CXXFLAGS="${CFLAGS}"' >> $EPREFIX/etc/make.conf
+ $ emerge -e @system
+ $ cd $EPREFIX/usr/portage/scripts
+ $ ./bootstrap-prefix.sh $EPREFIX startscript
+ $ cp $EPREFIX/startscript ~/
+
+Then run `startscript` whenever you want to start a shell from the
+Prefix with appropriate path and environmental variables. Use this
+shell for future `emerge` calls.
+
+Bootstrapping is not the most fun procedure in the world, but once
+it's done, you don't have to worry about it ever again. All your open
+source packages can then be easily maintained with a mature package
+manager, which will certainly save you some time later on.
+
+Unfortunately, there are not as many open source devs running OS X as
+there are running GNU/Linux, so it may take a bit of leg work to get
+oddball packages into your package manager's repository. I've
+published my [[Gentoo Prefix overlay]] with assorted tools I used to
+troubleshoot Fluke; take a look if you like [[Python]] ;).
+
+Resources
+---------
+
+OS X is certaily different from the GNU/Linux systems I've worked with
+to date. For example, the file system is all shuffled around, and
+it's built on [HFS+][], which stores metadata and resource forks for
+each file. There are also [aliases][] (fancy symlink), bundles apps,
+etc. For an old-but-useful introduction to the OS from a Linux
+perspective, check out Amit Singh's 2003 [What is Mac OS X][wmox].
+
+[launchd]: http://www.afp548.com/article.php?story=20050620071558293
+[krenew]: http://linsec.ca/Using_Kerberos_5_for_Single_Sign-On_Authentication#Setting_up_a_Mac_OS_X_Client
+[FLAC]: http://flac.sourceforge.net/
+[Ogg Vorbis]: http://www.vorbis.com/
+[xiphqt]: https://www.xiph.org/quicktime/download.html
+[Fluke]: https://code.google.com/p/flukeformac/
+[rd]: http://en.wikipedia.org/wiki/Remote_Desktop_Protocol
+[rd-ms]: http://www.microsoft.com/mac/remote-desktop-client
+[rd-a]: http://www.apple.com/downloads/macosx/networking_security/remotedesktopconnectionclient.html
+[portage]: http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=1
+[Fink]: http://www.finkproject.org/
+[Debian]: http://www.debian.org/
+[MacPorts]: http://www.macports.org/
+[FreeBSD]: http://www.freebsd.org/
+[Homebrew]: http://mxcl.github.com/homebrew/
+[gprefix]: http://www.gentoo.org/proj/en/gentoo-alt/prefix/
+[Gentoo]: http://www.gentoo.org/
+[Xcode]: http://developer.apple.com/xcode/
+[gp-mac]: http://www.gentoo.org/proj/en/gentoo-alt/prefix/bootstrap-macos.xml
+[GCC]: http://gcc.gnu.org/
+[HFS+]: http://en.wikipedia.org/wiki/HFS_Plus
+[aliases]: http://en.wikipedia.org/wiki/Alias_%28Mac_OS%29
+[wmox]: http://osxbook.com/book/bonus/ancient/whatismacosx/