~chetan/blog/

Problem

You need to run a program (like icalBuddy) which requires access to protected macOS resources like your Calendar, Reminders, or Contacts. When you run it from the terminal, you are prompted as usual and grant access. Later, you try to run that program via some other process and nothing happens or you get some obtuse error.

In my case, I was trying to run icalBuddy to pull my calendar appointments into Obsidian, following Ben’s example. Worked great from the command line but not so much from within Obsidian. The problem, as it turns out, is that the privacy grant applies to the “top most app” which launches the process, in this case iTerm.app, and there’s no way to manually grant access directly to icalBuddy or Obsidian.

Solution

After struggling to find a working solution via lots and lots of github reports of similar problems, I finally found a working solution in this comment. I’m writing up here my full solution here as I’m sure I won’t be the last to run into this.

In simple terms, we create an Automator application which simply runs the program we need with whatever arguments we like. We can even pass extra arguments on the command line. The program is saved as a .app and when executed, the privacy prompts are opened and the grants assigned to our new .app.

1. Open /System/Applications/Automator.app and create a new Application:

2. Search for ‘Run Shell Script’ and drag it into the workflow area:

3. Change the pass input setting and add script:

Here’s the script for easier copying:

rm -f /tmp/getCalEvents.out
/usr/local/bin/icalBuddy -npn -nc -ps "/: /" -iep "datetime,title" \
    -po "datetime, title" -b "\n\n### " \
    -tf "%H%M" -ic "$1" \
    eventsToday 2>&1 >>/tmp/getCalEvents.out

4. Save the application somewhere, e.g., ~/bin/getCalEvents.app and run it once. You should get the privacy prompts as usual which results in the following access grant:

5. Finally, to integrate it into our application, we create another small wrapper which opens the app and returns the output from the tmp file:

#!/bin/bash
rm -f /tmp/getCalEvents.out
open --wait-apps $HOME/bin/getCalEvents.app --args Calendar
cat /tmp/getCalEvents.out

Save that script to, e.g., ~/bin/getCalEvents and call it from your application.

Yeah, but do you have them all in a spreadsheet on google docs?

A hard core of Foursquare users love to checkin. I am one of them. I want to database my life, the places I go, and what I see and do there. I have checked in a total of 6,342 times since I started using Foursquare.

via The New Foursquare – AVC.

We’ve known for some time that sleep is essential for forming and consolidating memories and that it plays a central role in the formation of new neuronal connections and the pruning of old ones. But that hardly seems enough to risk death-by-leopard-in-the-night.

via Goodnight. Sleep Clean. – NYTimes.com.

Last week saw the return of DevOpsDays to New York and like many who attended, I went into day one without a solid definition for, or real understanding of, what “DevOps” actually means. Does it mean wearing both dev and ops hats? Is it a new team outside of the existing dev and ops teams? Is it a tool?

Continue reading…

according to the research firm the Standish Group, 94 percent of large federal information technology projects over the past 10 years were unsuccessful — more than half were delayed, over budget, or didn’t meet user expectations, and 41.4 percent failed completely.

via Getting to the Bottom of HealthCare.gov’s Flop – NYTimes.com

Sounds interesting, but no mention of OpenStack..

Yesterday Seagate introduced its Kinetic Open Storage Platform, and I’m simply blown away by it. It’s a truly elegant design, “as simple as possible, but no simpler”. The physical interconnect to the disk drive is now Ethernet. The interface is a simple key-value object oriented access scheme, implemented using Google Protocol Buffers. It supports key-based CRUD (create, read, update and delete); it also implements third-party transfers (“transfer the objects with keys X, Y and Z to the drive with IP address 1.2.3.4”). Configuration is based on DHCP, and everything can be authenticated and encrypted. The system supports a variety of key schemas to make it easy for various storage services to shard the data across multiple drives.

via Reinventing storage – Ethernet über alles! | Speaking of Clouds

This is insane.

When asked whether Verizon had met its contract obligations, the mayor’s office first asked The Verge what Verizon had said, then referred us to DOITT, which actually has the contract. DOITT referred us to the mayor’s office. When told that the mayor wasn’t commenting, DOITT suggested we speak with Verizon. When pressed, a spokesperson said, "We just don’t have anything to add here."

via A few feet from failure: why Verizon FiOS in New York is a sad joke | The Verge.

Game over.

We’ve had enough of lawyers and politicians not fully understanding technology; we need technologists at the table when we build tech policy.

via The US government has betrayed the internet. We need to take it back – Bruce Schneier.

Unlike some classified information that can be parceled out on a strict “need to know” basis, one document makes clear that with Bullrun, “there will be NO ‘need to know.’ ”

via N.S.A. Foils Much Internet Encryption – NYTimes.com.