User Profile

Hi. I run a website where people login using OpenID. And sometimes my DOS protection triggers a warning because of too many similar requests from the same IP. It works for 99.99% of the users, but a few users trigger the system. I investigated that further and did a server logfile extract on the calling IP. The log extract Please have a look. The /?p=connect lines are for a normal connect after the OpenID server successfully redirected the user. At first, I expect there to be one. But here it was 4 times. And also, why does the browser do so many request on the root (/)? Is there something wrong in my page that triggers such? And why only for a few users? I would love to get some hints about to reproduce such behavior and about the possible reasons. Hint: There is one 403 code at the bottom, which was after the DOS protction system identified this as an attack.

Hi,I recently started to add notarization to our build script. By this, apps are built, signed, packaged and notarized every hour, given that some developer has changed something.Now, the notarization emails annoying me. For every build I get such "Your Mac software was successfully notarized." email. If something fails, my build script will send me an email anyway. I really do not need this notarization emails.Is there a way to turn this off?

Hi,I develop a tool which has to come as PKG installer to the customers by download. The tool is built automatically. Thus, no manual XCode signing but using a Makefile with productsign:$ productsign --sign "Developer ID Installer: company (P5L99xxxxx)" unsigned.pkg signed.pkgFinally, everything seems fine and this is what the test with spctl returns:$ spctl --assess --verbose --type install mac/signed.pkg mac/signed.pkg: accepted source=Developer IDI also tried to verify using pkgutil:$ pkgutil --check-signature mac/signed.pkg Status: signed by a certificate trusted by Mac OS X Certificate Chain: 1. Developer ID Installer: company (P5L99xxxxx) SHA1... 2. Developer ID Certification Authority SHA1... 3. Apple Root CA SHA1...For me it looks all good but all the customers will get the message"signed.pkg" can't be opened because it is from an unidentified developer.If such customer is calling the above spctl call after he got the warning, his tool also reports "accepted". Upon this, it no longer complains any more.You can try by yourself by downloading the signed app from here: http://www.regify.com/DOWNLOAD/beta/ (please test the regibox .pkg file)I tried several certificates and already learned that the "3rd Party Mac Developer Installer" certificate is wrong and only for tests. Thus, I exported the "Developer ID Installer: company..." certificate from XCode and used this (as seen above). But it does not work :-(What's wrong?Best,Kukulkan

Hi,we run automated builds and package creation using a build-machine. The machine checks every hour, if some source code in GIT repository has changed. If changes are detected, it will build, package and sign the affected products. By this, if some developers are busy, it will build and sign the same app up to 8 times a day.The benefit is, that the most recent builds simply can get copied and sent to testers and they test an app like getting deployed from the beginning. It would be very good for handling in QA etc. Also, QA testers do not need to notarize and install/use XCode. More like everyday users.I just wonder if I'm allowed to also add notarization to the build scripts? In this case, the same app (which is mostly never deployed) is notarized many times. If Apple stores every notarization of every version of the app in it's database, it would grow rapidly. They very likely do not want me to do this. Or is this no problem?What do you think? Is there any documentation telling me "when" to notarize and "how often" I'm allowed to notarize even only QA builds?Thanks,Kukulkan