Kilala.nl - Personal website of Thomas Sluyter

Unimportant background
Login
  RSS feed

About me

Blog archives

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

> Weblog

> Sysadmin articles

> Maths teaching

Running Jira locally on Mac OS X

2016-03-10 19:39:00

Jira on OS X

It's no secret that I'm a staunch lover of Atlassian's Jira, a project and workload management tool for DevOps (or agile) teams. I was introduced to Jira at my previous client and I've introduced it myself at $CURRENTCLIENT. The ease with which we can outline all of our work and divide it among the team is wonderful and despite not actually using "scrum", we still reap plenty of benefits!

Unfortunately I couldn't get an official Jira project setup on $CUSTOMER's servers, so instead I opted for a local install on my Macbook. Sure, it foregoes a lot of the teamwork benefits that Jira offers, but at least it's something. Besides, this way I can use Jira for two of my other projects as well! 

Getting Jira up and running with a standalone installation on my Mac took a bit of fiddling. Even Atlassian's own instructions were far from bullet proof.

Here's what I did:

  1. Download the OS X installer for Jira. It comes as a .tgz.
  2. Extract the installer wherever you'd like; I even kept it in ~/Downloads for the time being.
  3. Make a separate folder for Jira's contents, like ~/Documents/Jira.
  4. Ensure that you have Java 8 installed on your Mac. Get it from Oracle's website.
  5. Browse to the unpacked Jira folder and find the script "check-java.sh". You'll need to change one line so it reads as follows, otherwise Jira won't boot: "$_RUNJAVA" -version 2>&1 | grep "java version" | (
  6. Find the files "start-jira.sh" and "stop-jira.sh" and add the following lines at their top:
export PATH="/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/bin:$PATH"
export JAVA_HOME="/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home"
export JRE_HOME="/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home"
export JIRA_HOME="/Users/thomas/Documents/Jira"

You should now be able to startup Jira, from the Terminal, by running the "start-jira.sh" script. The best thing is that Jira handles the sleep mode a laptop just fine (at least it does so on OS X), so you can safely forget about your Terminal session and close it. I've had Jira run for days on end, with many sleeps and resumes each day!

Upgrading Jira should be as easy as downloading the latest archive (step 1) and then repeating steps 5 and 6 on the files from the new installation. All Jira data lives outside of the installation path, thanks to step 3.

EDIT: If you ever need to move your Jira data directory elsewhere (or rename it), then you'll need to re-adjust the setting of JIRA_HOME in the shell scripts. You will also need to change the database path in dbconfig.xml (which lives inside your Jira data directory). 


kilala.nl tags: , ,

View or add comments (curr. 0)

Installing CentOS Linux as default OS on a Macbook

2013-08-12 16:46:00

While preparing for my RHCSA exams, I was in dire need of a Linux playground. At first I could make do with virtual machines running inside Parallels Workstation on my Macbook. But in order to use Michael Jang's practice exams I really needed to run Linux as the main OS (the tests require KVM virtualization). I tried and I tried and I tried but CentOS refused to boot, mostly ending up on the grey Tux / penguin screen of rEFIt

On my final attempt I managed to get it running. I started off with this set of instructions, which got me most of the way. After resyncing the partition table using rEFIt's menu, using the rEFIt boot menu would still send me to the grey penguin screen. But then I found this page! It turns out that rEFIt is only needed in order to tell EFI about the Linux boot partition! Booting is then done using the normal Apple boot loader!

Just hold down the ALT button after powerin up and then choose the disk labeled "Windows". And presto! It works, CentOS boots up just fine. You can simply set it to the default boot disk, provided that you left OS X on there as well (by using the Boot Disk Selector).


kilala.nl tags: , , , ,

View or add comments (curr. 0)

When FileVault2 fails, it fails hard

2013-07-23 20:54:00

mac os x boot no access screen

For quite a while now I've had my Macbook's boot drive protected using Apple's full-disk encryption, called FileVault2. I've been very pleased with the overall experience and with the fact that the performance hit wasn't too big. All in all it's a nice tool. 

But today i learned that when (if) FileVault2 fails, it fails hard. 

I was on the train to work, fiddling with my Linux VMs and the virtual NICs. Since something wasn't working right, I reckoned I'd reboot the whole laptop and see if that wouldn't clear things up. Heck, my last reboot was at least 20 days ago, so why not?

Well, turns out that my Macbook wouldn't boot anymore. After entering my FileVault password the system would attempt to boot, halting at the "no access" symbol. Not good.

Basically, the boot loader's working and the part that knows my FileVault passwords was also okay. However, poking around with diskutil on the command line quickly showed that the CoreStorage config for my boot drive had gotten corrupted. It showed disk0s2 as being a CoreStorage physical volume, but this was also listed as "failed". There were no logical volumes to be found. Ouchie. This was confirmed by using the diskutil GUI, which greyed out the option to open the encrypted volume.

The only recourse: to delete the failed volume group and to start anew. I'm restoring my backup image as I write this, after which I'll be restoring my homedir through Time Machine, as before. I'm aware that both Filevault and Time Machine can be a bit flaky, so I'm very lucky that they haven't failed on me simultaneously. 

This is all highly ironic, as my Macbook died only a few days before the arrival of my newly ordered Macbook Air. *groan* Now I'm spending a few hours recovering a laptop, which I'll only be using for four more days. Ah well.

This is again a gentle reminder to all you readers to make proper backups. In my case I'm lucky to only lose a few weeks worth of tweaking my Parallels virtual machines, as I chose not to include those with my Time Machine backups (they'd backup multiple gigs every hour). 


kilala.nl tags: , , ,

View or add comments (curr. 0)

A dream come true

2013-03-10 21:00:00

my new iMac G4

A few days ago I was discussing various models of Apple computers with one of the other consultants at the office. It didn't take me long to wax lyrically about the iMac G4, which in my opinion is the most beautiful PC ever produced by Apple. It combined good specs with a revolutionary design: the sunflower / lampshade design was really new. In my opinion the flexing arm for the screen really is one of the best inventions ever and I'm sad that the only way to get one with normal monitors, is to buy an expensive extra mount. 

Anyway, my colleague Peter overheard us talking and wondered whether I'd be interested in owning an iMac G4. DO I?! Haha, of course! It's been a dream of mine for a damn long time. The above paragraph should have made it clear that I love the design of the machine and that I consider it a timeless classic. Which is why he offhandedly remarked that his girlfriend has one at home, one they've considered sending to the scrapheap for a while now. Holy carp! ( O_o)

So here I am! Giddy and gleeful! Because what I now own, with many thanks to Peter and Ellen, is an iMac G4/1.25 17-Inch "FP" (USB 2.0). Or to put it in human words: the latest model of the iMac G4 series, with the improved TFT screen as well as USB2/FW400. It's from the same era when I bought my first Macintosh, the venerable Powermac G5 (aka, the first "cheese grater"). And it's in pristine condition, because they hardly ever used it. It's beautiful! It's complete (no parts missing) and it's now mine :9

The setup above is just about exactly how you'd expect to see it in 2003, with the exception of the speakers. The Apple Pro speakers look great, but they really don't sound too great. So I've replaced those with the LaCie Firewire Speakers that I bought years ago. These really sound awesome and come with a minimum of cable fuss as they are also bus-powered.

The iMac came with OS 10.4.11 installed, which is pretty old already. Unfortunately I don't have my 10.5 DVD anymore (returned to Snow when i left their company), so I'm borrowing a friend's install disk. When it's upgraded to 10.5 I'm sure it'll make a heck of a nice machine. Heck, even at 10.4 it's already very nice and completely usable. I'm actually surprised at the performance! The 1.25GHz G4 and the 768MB RAM work very nicely.


kilala.nl tags: , , ,

View or add comments (curr. 6)

Finally a chance to test my backups

2012-11-13 21:46:00

Restoring from Time Machine

I've always been pretty "okay" about making backups. For years now I've been pulling drive images of both our Macbooks every month or two and both our systems run hourly backups to our NAS. Huzzah for Time Machine! Well, this weekend I got the chance to test our backups!

Having been bitten by the MMORPG bug after watching to much of SAO, I decided to save a lot of time (and money?) by closing the tab with worldofwarcraft.com and by reinstalling Warcraft 3. A few years back my brother-in-law Hans had given me the game for Christmas, so I still had the discs lying around. But! They're for PPC Macs only and obviously my Macbook has an Intel processor. Luckily you can download a Univerisal Binary version of the game through Battle.net (Blizzard's online store etc), after entering your CD keys. Which i promptly did.

Turns out that the whole Warcraft 3 game is a Universal Binary, except the bloody installer! WTF Blizzard?!

The solution is easy, yet stupid: install Snow Leopard (Mac OS 10.6) onto an external USB drive, which still has Rosetta (OS X's way to run PPC code on an Intel system). Everything went fine and I got the game installed. But when I tried to reboot to my Macbook's internal drive, I was greeted by the dreaded blinking question mark. Fudge! ( =_=)

The boot drive had gotten corrupted along the way. I have no clue whatsoever why, but it did. The only course of action, after I couldn't get the full disk encryption to open up, was to re-image the drive and restore from backups. The first part was easy: hook up my backup drive, boot from USB install stick and use Disk Utility to re-image. But then came the restore from Time Machine

As a Unix admin I was over thinking the whole process! I was afraid that, if I were to simply reconnect the Time Machine backup drive, the TM software would erase everything and overwrite it all. So instead I tried to use the good old Migration Assistant, which usually is a great idea. But no matter what I tried, it failed: MA wouldn't see my backups over the network and they wouldn't show up when connected locally over USB either. Turns out there are two good reasons for this:

  1. MA is meant to migrate from another system and because the backups were for this system, MA was ignoring them.
  2. TM backups made over LAN have a different structure than TM backups made onto a locally connected drive. 

Turns out that what I was afraid of, really is the right way. So here's the course of action that works:

  1. Re-image the drive, or do a clean install.
  2. Verify that the basic restore works properly.
  3. Use this command to temporarily enable the showing of hidden files in Finder.
  4. Configure Time Machine to connect to your original backup location. 
  5. Start a backup, which will first do a full inventory of what's there.
  6. When the actual file transfer starts, cancel to save time and space.
  7. Enter Time Machine. Browse to your last good backup date+time.
  8. Select your home directory and select all directories you want, including Library.
  9. Press restore and watch in awe as the counter of files quickly rises.

It could be that your restore borks once or twice, because a file is being locked by a running process. Most likely this is a cache in Library, or a plist locked by iCloud syncing. You could temporarily turn off all syncs and remove the offending files.

In my case, over 126.000 files were restored ringing in over 32GB.


kilala.nl tags: , ,

View or add comments (curr. 0)

Oh iPhoto, you crazy!

2012-11-04 11:12:00

iphoto you crazy

I've fought with iPhoto before and by now I'm not nearly as happy with it as I used to be. Could be that it's getting wonky now that we have 16.000+ photos in there, but who knows. The screenshot above was just the latest bout of craziness :)


kilala.nl tags: , ,

View or add comments (curr. 0)

Photostream: how to restart the agent after sleep

2012-06-22 20:38:00

Finally! I have finally figured out how to restart the PhotoStream agent, after waking my Macbook from it's sleep!

After figuring out how to access the PhotoStream data through Finder, I now needed a way to trigger a synchronization in the Stream. Normally, after setting up PhotoStream in OS X system preferences, the agent software will be started when you login to your desktop. However, this says nothing about potential restarts after sleeping your Mac. 

First I dug around in launchd / launchctl and quickly discovered the full name of the agent: com.apple.photostream-agent

After that, things got difficult as I couldn't find any configuration file to load the agent with once it had been kicked out of launchd. So you can launchctl [stop|start] all you want, but once you launchctl unload I cannot load the agent back in. 

I found that the actual agent appears to be an application in /Applications/iPhoto.app/Contents/Library/LoginItems. There you will find PhotoStreamAgent.app, which can be ran and which will in fact load com.apple.photostream-agent. However, this will not be the vanilla one, but one with an extra label in front of it. 

Mmm, this doesn't seem to work properly yet. I'll need to do some more researching. 


kilala.nl tags: , ,

View or add comments (curr. 0)

Apple iTunes Match: problem with many copies of same playlist

2012-05-31 19:21:00

Sadly, not all things Apple are awesome. 

While I love the idea of the iTunes Match service, it's wrought with problems. One of the most commonly seen problems is when Match creates dozens if not hundreds of duplicates of a playlist. In my case there are over 500 copies of a "On the go" playlist. This kills performance on iTunes and occasionally also on your iPod / Music iOS application. 

Luckily it's easy to clean up these copies using an Applescript:

with timeout of (45 * 60) seconds
          tell application "iTunes"
                    delete (every playlist whose name is "NAME OF PLAYLIST")
          end tell
end timeout

With many thanks to Apple Support Forum member TRujder who explained the script here.


kilala.nl tags: , ,

View or add comments (curr. 0)

Accessing Photstream without using iPhoto

2012-05-19 17:22:00

Finally! I've been searching for this for quite a while now and I finally found the solution!

Question: "How can I access iCloud Photostream without using iPhoto?"

Answer: "By accessing ~/Library/Application Support/iLifeAssetManagement/assets/sub/ and searching for all images."

Here is the source for this information. The best thing: you can obviously store this procedure as a Saved Search in the sidebar, so you'll always have a shortcut to your Photostream


kilala.nl tags: , ,

View or add comments (curr. 0)

iPad 2 sound issues: headphones work, speakers do not

2012-05-16 09:57:00

Apparently, there are plenty people who experience problems with their iPad2 pertaining to the internal speaker. Specifically: the iPad refuses to play audio and the volume slider does not work. Thanks to some troubleshooting and help from the Apple support fora I've fixed our iPad.

Symptoms:

A lot of people hypothesized that the problems are linked to the upgrade to iOS 5, or that you need to flip the hardware switch settings between "mute" and "rotation lock" a few times.

It's none of that. As forum member Val E Um notes, it's the dock connector: something is causing glitches, causing the iPad to think that it's dock-connected to external speakers. By wiggling a dock cable in the iPad I could make the volume slider appear and disappear. If I wedged the dock connector in at just the right angle, sound kept on working.

The solution: take an alcohol wipe, wrap it around a stiff piece of cardboard and scrape the dock connector on the iPad. Of course, first power down the iPad! After cleaning the dock connector, my sound problems are over :)


kilala.nl tags: , ,

View or add comments (curr. 5)

Airport Extreme custom DNS setup issues

2012-05-07 17:55:00

Airport DNS setup

Tonight, it seems that UPC are having DNS issues. I was startled that we even noticed it, because I thought we were using OpenDNS. Not so apparently. When I went to change the configuration of our Airport Extreme I found the DNS IP boxes to be greyed out. WTF?

Turns out that, in the new Airport Utility one needs to do the following:

And presto! It works. No idea why the DNS boxes work that way, but they do. Oh well. At least our DNS problems are over :p


kilala.nl tags: , , ,

View or add comments (curr. 0)

Maintenance: iPhoto, HFS+ and AFP

2012-01-29 10:17:00

Laptops and drives

Over the past week Marli's Macbook had been performing worse than usual. Time Machine kept on hanging, Spotlight kept on using 100% CPU on one core and Safari and iPhoto were very slow. What with TM and SL being hard drive intensive software I reckoned I'd better check out the hard drive using Disk Utility (which does an fsck). Bingo: plenty of problems detected! To a point where DU informed me I needed to boot from another drive, because the laptop's drive was too broken. :(

Booting from the recovery partition using CMD-R quickly quickly gave me access to DU again, which after a while of running puked the following error: "Disk Utility can't repair this disk. Back up as many of your files as possible, reformat the disk, and restore your backed-up files.". Basically it's telling me to grab what you can and run to the hills! Oy vey! 

Luckily we regularly make full hard drive images of our laptops, using asr (the command line access to Disk Utility). Booting from Marli's drive image was a cinch, as was making an extra copy of her home directory from the laptop. Sure, Time Machine makes hourly backups, but it never hurts to have an extra copy! The course of action was:

Making the extra backup took the most time because Marli's 42GB was turned into 120GB because the "cp -rp" made symlinks into actual files; took four hours in all! The restoration was a snap: 1.5 hours for the drive image, 2 hours for the OS upgrade and software updates, 1 hour for the homedir restore. And most of that time was spent waiting, not actually doing anything. 

While waiting for Marli's laptop to do her thing I took it upon myself to give our NAS a once-over as well. The file systems had some minor problems which were fixed easily. I then performed maintenance on the iPhoto database using the built-in tools and by doing a sqlite vacuum. That made a huge difference! Finally, because our iPhoto resides on an AFP share on our NAS I tweaked the AFP kernel settings on both our laptops. 


kilala.nl tags: , ,

View or add comments (curr. 0)

iTunes Match: what could possibly go wrong?

2012-01-21 21:54:00

I was pretty happy when I got my hands on iTunes Match. Still am by the way. But Marli? Not so much! You see, when at least one of the people using the account actually care about things like play counts and star ratings, you need to take a really good approach in switching to Match. Case in point, the rather pissed off voice mail left during kendo practice this morning ^_^;

What'd happened? Thursday I'd immediately set my Mac to syncing with iCloud and yesterday morning it was done. It all works swimmingly and I was playing music from the cloud all day at the office. Great stuff! So in the afternoon I told Marli to enable it on her Macbook as well. Clickety-click and you're done. Until this morning when she was rather unpleasantly surprised to find that all of her playlists and her meticulously kept database had been fscked up. Because my Macbook was the first to sync, iCloud assumed that it was also -my- ratings and playcounts that mattered most. She also had now gone from a library listing of ~3300 songs, to ~9000 songs. And she really doesn't want to see all my music :D 

So! Here's my tips when sharing an iTunes Match account between two people, hoping that one of them (like me) does not care about play count and star ratings. 

  1. On the iTunes library of the person who does NOT care: reset all play counts and star ratings.
  2. On the iTunes library of the person who DOES care: make a backup of 'iTunes Library.itl' and then enable iTunes Match. Finish the whole syncing process.
  3. On the iTunes library of the person who DOES care: change all the smart playlists to include the extra rule "Location is on this computer".
  4. On the iTunes library of the person who DOES care: create a smart playlist which is "Location is on this computer" and "Media kind is music". This will act as the new, local library for this person.
  5. Finally enable iTunes Match on the other person's computer. He'll now get a bunch of ratings from the other user, but won't care ;)

The main library of the caring user will still show -all- of the music in iCloud, but at least the ratings and such will be retained.


kilala.nl tags: , ,

View or add comments (curr. 2)

Reinstalling the Macbook

2010-11-08 23:59:00

Well this doesn't happen very often: I've been forced to re-install my Macbook after two years of trusty service. The laptop was still functioning normally, but had begun to show glitches in file saving dialogs. A quick check with Disk Utility showed that there was corruption in the file systems's inode table and that (sadly) a format and restore were needed. 

Took me four hours in total to run a full backup, then perform a clean install, then return all my files to their original locations. Not too shabby, but I would've preferred to spend those four hours programming. Oh well...


kilala.nl tags: , ,

View or add comments (curr. 0)

Two nice tools for my daily workflow

2010-10-24 09:42:00

Evernote + EgretList

A month or so ago I started using Evernote, which could be described as a digital scrapbook-meets-notebook-meets-filestorage. The application and its basic use are free and available cross-platform, with a very nice web interface and client software for Mac OS X, Windows, iPhone OS, Blackberry and a few others. Anything that you add to your Evernote storage gets synchronized to all of your devices automatically. This means that the notes I took during my CISSP class were synced to my iPhone and that the web clippings I made at home can also be read online. And so on. It really is a nice service and there's no beating the price!

Evernote also have a paid service, which adds extra functionality to your account. Your file storage space gets increased, the search function indexes any PDFs you store and your mobile Evernote client will be able to store all of your notebooks locally (instead of accessing them through Wifi or 3G). At $45 a year I wouldn't say the value's bad. So far Evernote's been very, very helpful to me.

Helpful how? Well, currently I have two distinct workflows I rely on heavily. On the one hand there's my studies for my CISSP exam and my security research. On the other hand there's my preparations for the BoKS course I will be teaching in a week. Since Evernote allows me to create multiple scrapbooks, it's a cinch to grab any Wiki pages I like, as well as any security PDFs and store them together with my CISSP class notes and my ToDo list. Similarly, for the training I have an easy ToDo list, many notes from teleconf phone calls and suggestions for new exam questions. All neatly taggable, searchable and editable. 

Speaking of ToDo lists: I have combined my Evernote account with the stunningly beautiful EgretList iPhone app. EgretList logs into your Evernote account and searches all your notes for any and all (un)finished ToDo items. These ToDo items are sorted by their Evernote categories and notebooks and presented as a faux Moleskine notebook. So instead of having to search through many different Evernote notes to check/unckeck a ToDo item, you can easily do it through EgretList. Lovely :)


kilala.nl tags: , , ,

View or add comments (curr. 3)

Fingers crossed! Repairing our iPhoto library

2010-10-22 20:28:00

Oh dear. 

This afternoon, while helping my sister out with her new website, I grabbed a few photos from our iPhoto library without any issues. This evening, wanting to order a print of Dana's second photo book, iPhoto kept on crashing. Oh no. A completely new library worked perfectly, so it seems that our library is broken. Our library, with photographs reaching back ten years. Of course I have backups and we will probably lose 0 photos. But it still sucks if we were to lose our photo books and albums. 

*fingers crossed* Hopefully we can still repair the library with a few tricks :/

EDIT:

Well cock :( iPhoto could not under any condition repair the library database. That sucks. I'm now manually restoring all of the original photographs from our old library, but this means that we've lost all metadata (like tags and such). It also means that we've either lost all of the modified photographs (clean up, colour restoration and such), unless I would import them as duplicates. I'm still hopeful about restoring the album files, based on the old iPhoto library. 


kilala.nl tags: , ,

View or add comments (curr. 9)

Holy crap Apple! Way to up the bar!

2010-10-20 20:48:00

The new Macbook Air

Wow. Just, wow. 

Tonight Steve Jobs got on stage and, among many other nice things, announced the new Macbook Air range for 2010. I was going "Nice, nice..." while he was going down the spec list, then I went "WHOA HOLY SH!T!!!" when he announced the price point: $999 for the base model which has an 11.6" screen and weighs in at -literally- one kilogram. 

Yeah. The next business laptop I'm getting? It's -that- one. If I ever need on-the-road virtualization I'll just run the VMs at home and access them through remote desktop.

EDIT:

Ah! And here is the iFixit tear-down of the new MBA


kilala.nl tags: , ,

View or add comments (curr. 7)

How to slow down your file copies

2010-10-19 22:49:00

While preparing for a course I will be teaching in two weeks time I need to set up some virtual machines for the practice labs. All of these run on Sun's VirtualBox and FoxT has provided me with a USB disk filled with the appropriate disk images. I bought two extra USB drives, so we could set up the student's computers faster (three drives instead of one to pass around the files). 

But that's where the crap starts. You see, if I'm not mistaken all the students will use Windows boxen. I have a Mac. All the virtual machine disk images are big, between 10GB and 22GB. 

Now, the only file system that is 100% read+write out of the box between Windows and Mac OS X is the aged FAT32. And no, FAT32 does not support any files over 4GB in size. Crap :(

This means that:

  1. I have formatted my extra USB drives as NTFS, using Windows XP running in a Parallels virtual machine.
  2. I have installed MacFUSE and NTFS-3G on my Mac, to enable it to write to NTFS.
  3. I am now copying 200GB of disk images from one USB drive to the other.

Because USB is CPU-bound and because the NTFS-3G driver is experimental this ordeal constantly takes up 27% of my 200% CPU time (dual core) and the actual copy will take roughly four hours. Damn!

I think I'll quit the copy and be more selective about the disk images that I copy. :) 


kilala.nl tags: , , ,

View or add comments (curr. 0)

Digital content delivery: I believe in it

2010-06-11 18:25:00

iPads as e-readers

I sincerely have the utmost faith in digital content delivery. Over the past year we've seen a huge rise in sales of e-readers, which is a great step forward. But we're not there yet! Call me an Apple fanboy if you will, but I do believe the iPad is the next step and who knows what the future will bring after that?! I hear good things about e-ink color screens!

Either way, those things are simply used to carry and present the important bit: content. And how does it get on there? Delivery through the Internet! So far it's working wonderfully on my iPhone.

I've been using Comixology's Comics to both purchase and consume comic books. The buying process couldn't be simpler and IMO pricing is very fair. Most comics ring in at 0.79 euros, with the more popular Marvel comics running 1.59 euros. Choose comic, enter password, download, read. It's wonderfully easy and the Comics app has opened my eyes to a lot of new comics. One of my new favorites is Fearless Dawn.

On a more serious note I'm loving PressReader, which gives you access to 1000+ international news papers. And I don't mean an aggregation of their online content, but the actual full PDFs of each news paper. The application itself is free and comes with seven free issues of any paper of your choosing. The economy subscription to PressReader runs $9.95 and gives you access to 31 issues each month, allowing you to mix and match any papers you would like. There are also more expensive subs, or you can pay as you go at $0.99 per paper.

The economy sub is actually cheaper than most of the online-only subscriptions to dutch news papers. PR gives access to the Volkskrant and the NRC, both of which have a more expensive online-only sub. Only NRC runs cheaper, but only if you pay per-year instead of per-month. Either way, I love reading the paper through PR and assume that it'll only be nicer on the much bigger iPad screen.

Personally I'm sold on on-demand content delivery through the Internet.


kilala.nl tags: , ,

View or add comments (curr. 2)

Some of my favourite iPhone apps (2)

2010-01-31 06:57:00

iPhone app icons

A little over a year ago I made a list of iPhone apps that I found particularly good, just to share the love. These applications are much better than most of the 140k apps available and, though all of them are paid-for apps, they are well worth getting!

AirVideo, stream video from your Mac/PC to your iPhone/iPad. It supports -ALL-video formats, by performing live conversion, so you can watch -anything- on the go!

Comics, buy and read comic books. Reading is made a very nice experience, because the app takes things one image at a time instead of dumping the whole page on screen.

Dropbox, I've written about this before. It allows me access to my onion file storage, which is synced to all my Macs/PCs. I read comics with the above Comics, watch anime with AirVideo and I read manga and PDFs using Dropbox. What a team!

Zombieville USA and OMG Pirates!, both great side-scrolling fighters by MikaMobile. Zombies, ninjas and pirates, what else do you need?!

Minigore, a frantic, top-down shooter. Easy to pick up, difficult to master.

Orbital, a relaxing and great looking puzzler. Again, easy to play, yet very hard to master.

Sudoku unlimited, for all I care the -best- sudoku app because of its "Newspaper" theme. Looks great, plays great.

So, from the list it should be apparent that I play a lot of games on my iPhone. These games are great for a short pickup-and-play during small "cigarette breaks" at the office and during my daily commute.

Mind you, now that Apple have introduced their new iPad I imagine some great productivity tools to come out as well!


kilala.nl tags: , , ,

View or add comments (curr. 2)

Obvious security hole in jail broken iPhones exploited

2009-11-02 17:02:00

Seriously, this was waiting to happen: Teenager "hacks" jail broken iPhones. The security hole is glaringly obvious and has been proven and verified by some of my security-expert acquaintances. And now, obviously, it's out in the open. Personally I wonder how the heck it took so long for this to happen.

The hole: jail broken iPhones often run an SSH daemon, allowing their owners access to the phone's operating system. Most of these owners unfortunately never change the default root password, thus giving anyone 100% access to their phones. I really don't understand why nobody has ever pushed this issue before.

The steps are painfully easy.

1. Do a port scan on T-Mobile's 3G IP range, looking for SSH servers.

2. Try to login as root using the default alpine password.

3. Install your root kit / malware / hostage message.

4. Ask that people send you five euros for the free "fix".

5. PROFIT!

The fix in question is also plainly, fscking obvious: change your root password (asshole)! The "hacker" in question says it's safe to just remove two files he installed and to change your password, but personally I'd do a completely clean wipe. There's no telling if anyone's left anything else as a present.

Some links:

* The topic at GoT that started it all.

* The news post at Tweakers.

* The original hostage website

* The "fix"

EDIT:

My pessimistic prediction for this week: the mainstream press will pick up on the story, misunderstand the issue and put the blame on Apple. Many geeks will try to diffuse the situation and explain that the fault lies with people who were mucking with things they don't understand, but their pleas will fall on deaf ears.

EDIT 2:

So I was wrong in one regard: this exploit -has- both been abused and reported before. How about December 2008 and July 2008? So, the only thing all of this really proves is that people in general don't listen and they don't learn.


kilala.nl tags: , ,

View or add comments (curr. 5)

Problem: upgrading to Parallels Desktop 4 with suspended VMs

2009-10-29 07:49:00

I recently upgraded my Macbook with OS X 10.6 without a hitch. However, I soon discovered that Parallels Desktop 3.x does work work with Snow Leopard so I was kind of forced to upgrade Parallels as well. *shrug* Oh well...

The installation process of Parallels 4 requires that all virtual machines are shut down. They cannot be running, or suspended. Funny thing: how are you going to do that if you've already upgraded the OS and thus PD 3.x doesn't work anymore? Yeah ^_^;

I scoured the web to see if there was a command line trick to stop a suspended VM, but couldn't find one. In the end I had to boot from my backup hard drive, start PD3 from there and use it to shutdown the VMs on my Macbook's drive. At least PD4 looks pretty sweet :)


kilala.nl tags: , ,

View or add comments (curr. 0)

Bye bye Powermac o/

2009-10-28 22:23:00

A bit over half a year after putting my Powermac G5 to bed I've actually gone and sold her. A new member at the MacFreak fora was interested in buying a cheap Mac to get his feet wet after living on Windows all his life. He'd tried Linux which wasn't "it" and now was curious about OS X. While the G5 is no powerhouse by today's standards it's still a very nice box for a beginner. G5 @1.6GHz with 1.5GB RAM and 200GB of hard drive space. I sold it for 220, which is a bit under the market price but it's definitely fair money for a six years old box.

Ah! I'll miss her a little bit. She was my very first Macintosh and she was definitely a woman after my tastes: reliable, gentle, nice to look at and built sturdily ^_^


kilala.nl tags: , ,

View or add comments (curr. 1)

Dropbox made things a lot easier!

2009-10-25 08:41:00

Manga + Dropbox = ereader!

I've been thinking of solutions to reading manga on the road, usually opting to just bring a pocket book or two. However, now that I've started using Dropbox life's gotten a bit easier. No more need for one of those eBook readers with electronic ink and such, because my iPhone screen is -just- big enough to comfortably read comics. Hooray for the Dropbox iPhone app which gives me access to my DB share everywhere I can have 3G Internet access.

For those unaware what Dropbox is: it gives you 2GB of free online storage space which you can access from a web browser, an iPhone app, or using software for Mac, Windows or Linux. On the PC side of things your Dropbox will appear as a normal directory in your homedir. However, everything you put in that directory will automatically get synchronized to your online storage. This ensures that your files are accessible from all your computers and even when you're someplace else with a browser. Nice.


kilala.nl tags: , ,

View or add comments (curr. 0)

Upgraded to OS X Snow Leopard

2009-10-25 07:46:00

Screenshot of my Macbook with Snow Leopard(Clickable)

Last week I finally got my mits on our OS X Snow Leopard install disc. After properly backing up my Macbook and disabling the guest acount (to ward off the horrible bug) the install went without a cinch. I fell asleep on the couch while it was running, but I reckon it didn't take more than half an hour. Anywho, afterwards (as expected) everything seemed exactly the same because just about all the changes took place under the hood.

Inspired by some fellow Arsians I went and tinkered some more with Geektool. On my desktop I now have:

* Output from top for the six heaviest processes running.

* SMART status LED for my internal hard drive

* IP address info for Ethernet, Wif and my Internet connection.

* The time and date :)

* In Iron Man's hand:

** Status LED for charger cable

** Current charge percentage of the battery

** Status LED for charging process of battery

Also, here's the original file for the Iron Man background.


kilala.nl tags: ,

View or add comments (curr. 0)

Impressive: the Ars Technica review of OS X 10.6

2009-09-02 09:30:00

Wow... A few days after OS X Snow Leopard's release the Ars Technica review has become available. As always it's a very impressive document, this time ringing in at 23 pages. The great thing about AT's reviews of OS X is that they always go rather in-depth on the technical aspect, this time starting off on page 3 with an analysis of home file system compression (implemented through a few new hacks) is not only saving space, but is also speeding up your computer.

Good stuff! Now all I have to do is find an hour or three to read through it all :D


kilala.nl tags: ,

View or add comments (curr. 0)

Wow, that new Airport Extreme is really something!

2009-06-30 17:39:00

As described earlier I got one of those new Airport Extreme base stations for our new IT setup at home. I have to say, it's really something!

Of course the setup was a snap and I easily set it up like our old AExpress. Connecting to the new 5GHz network was a snap as well, and the old Kilala network's still there for my iPhone and Kaijuu's laptop. But what's astonishing is the range of the new 5 gig net! I'm typing this up in the attic, where (according to Speedtest.net I'm getting a 12.2 / 1.7 Mbps connection. One floor down in the bedroom we're at 27.3 / 2.5, just like downstairs. That's pretty damn good! The old 2.4 Ghz net would not have reached up into the attic.

Now all I need to do is worm the cat5e cable through the house, to get full 1 Gbps upstairs for backups, file sharing and printing.


kilala.nl tags: , , ,

View or add comments (curr. 3)

This is frustrating! Finding a Firewire extension cord

2009-03-03 10:36:00

$DEITY! All I'm trying to do is to hook up my Lacie Firewire speakers to my Powermac. The Lacie's come with a non-detachable 1m FW cable, while my Mac is about 3m away.

This should of course be easily fixable with an extension cord or a hub. Right? Were it not that this is not USB, which is the VHS to Firewire's Betamax and thus there is next to nearly nothing usable out there for Firewire. Oh sure, Belkin has a USB/FW hub, but it rings in around 40 euros. And there's -one- extension cord available in the Netherlands, but it's a whopping 27 euros o_O

I'll go trawl eBay/Marktplaats now... See what I can come up with on the secondhand market. *sigh*

EDIT: Thank $DEITY for Kleinspul.nl who have a 6P F-F adapter which will let me hook up two cables. At about five bob apiece, that's pretty good...


kilala.nl tags: , , ,

View or add comments (curr. 3)

Using emoji on the iPhone

2009-02-04 08:38:00

A screenshot of the emoji keyboard

Hooray for Japanese silliness! For years now (I've no clue when this got started) emoji have been a staple of Japanese cellphone culture. Combining cuteness with typing efficiency, the Japanese implemented a system involving smileys and dozens of other icons in their keitai. One can cut down on the amount of words tremendously by simply stringing together a few of these symbols to form a semi-sentence.

Or as Ars Technica member Palad1 puts it:

I'm 0.59 GBP poorer but about 12.2315% hipper now that I can text the wife ":metro: :home: :cat: :sushi: :hotmonkeysex: ?". Thanks Ars, for helping me in my eternal quest for marital nooky!

There are multiple ways of getting emoji to work on your iPhone, though all of them require firmware version 2.2 or higher. Unfortunately the emoji keyboard is invisible per default outside Japan, but using apps like Typing Genius - Get emoji ($0.99) one can enable the option in System Preferences.


kilala.nl tags: , , ,

View or add comments (curr. 9)

Some of my favourite iPhone apps

2009-01-07 18:07:00

A few logos

I've had my iPhone for a few months now and can seriously say that I do not ever want to part with it! To me it's a phone, web browser and games platform in one, with a big bunch of very handy applications thrown in. I've got about fifty apps loaded, but there's only a few that see daily use. I thought I'd highlight them over here, because they deserve some extra credit :)

In no particular order, they are (where possible links go to dev site, not appstore):

* NetNewsWire, all my RSS feeds on the go.

* Trein, trip advisor the dutch railways.

* TapTap Revenge, a free rhythm game.

* WhiteNoise, loads of soothing background sounds.

* Maps, Google Maps on the go.

* BeeTagg, clean and fast QR Code reader.

* SHOUTcast, >25.000 Internet radio stations on 3G.

* Kana, training me on kana.

* YouTube, duh :p

* World Subway Maps, photos of subway maps (like Tokyo).

The past few weeks my iPhone has really proven itself as my awesome assistant at home, at the office and on the road. I never liked full fledged PDAs or "smart phones", but for me iPhone is the perfect mix of "dumb and smart phone" :)


kilala.nl tags: , , ,

View or add comments (curr. 4)

Updating your Parrot carkit using Parallels Desktop

2008-11-28 18:03:00

I've been using my Parrot CK3100 bluetooth carkit to my utmost satisfaction for a few years now. It worked a charm with my old Nokia handset. Once I switched to my iPhone I started having weird problems though. After half an hour driving, or maybe after a phone call or two, I wouldn't get any audio on the carkit anymore. I could make outgoing calls or receive incoming calls, but there simply wouldn't be any sound. Then after a few seconds the radio would cut back to the CD or whatever I was listening to.

I decided that the best course of action would be to re-flash my CK3100 with a newer software version. Lo and behold, the release notes for version 4.18b of the Parrot OS make specific notice of the known iPhone bug in version 4.17! Goodie!

Unfortunately Parrot's updating software is only available for the Windows platform and thus, as a fervent Mac addict, I had to find a solution. Luckily I still had a Windows XP disk image for Parallels, which was working nicely. In order to get Bluetooth working under Parallels, there's a few hoops to jump through. Below you'll find the quick & dirty guide to updating your Parrot using Windows in Parallels under Mac OS X.

1. Make sure your Windows install in Parallels is working nicely. Boot it up.

2. Take the installation DVD that came with your Mac and insert it into the drive. Connect Parallels to the drive so you can read the DVD. This automatically opens an install windows which you can close.

3. Browse the contents of the DVD, going into "Boot Camp -> Drivers -> Apple".

4. Run these two installers using an admin account: AppleBluetoothInstaller and AppleBluetoothEnablerInstaller.

5. Reboot Windows. It will now automatically detect the Bluetooth hardware.

6. Go to the Parrot downloads site and download the Parrot software update tool.

7. Go the the Parrot manuals site and read the upgrading manual for your model Parrot.

8. You'll need to install the software updater under Windows. The default location is under C:Program FilesParrot Software Update Tool.

9. Run the ParrotFlashWiz application as an admin user. You'll need to download new firmware versions into the prog-files directory and this requires admin rights.

10. Take it from there using the manual from step 7.

Presto!


kilala.nl tags: , , ,

View or add comments (curr. 1)

Keeping your Mac OS X applications up to date

2008-08-27 21:57:00

It's an obvious fact that I love Apple's Mac OS X. There's one feature though that's missing from OS X that I'd love to see implemented properly. So far, the guys who made App Fresh are doing great work in achieving this feature!

The feature in question: centralised updates for all the installed applications and prefpanes.

On my Macbook I have at least fifty different apps installed, each of which has its own way of getting updates. Some software, like Adium and iTerm, do automatic checks on their webservers and allow you to immediately install an update. Others, like Transmit and Unison, check for updates but require you to manually download and install a new version. It's all a bit hodge-podge. So how about we vie for a unified method of upgrading our software?

Enter the aforementioned AppFresh. After a brief configuration, AppFresh will search your hard drive for applications. Then, using the IUseThis.com database, it checks for new versions of your software and where to download them. Give AppFresh the order and he'll download and install all the updates in one fell swoop! Great!

Of course, such a course of action should only be used in production environments after testing all the new software versions. I also haven't checked yet, but I'm curious to see if you can point AppFresh at your own software repository. That way you could build your own, centralised software repo for your company. Possibilities!


kilala.nl tags: , , ,

View or add comments (curr. 0)

OS X 10.5.2 broke some stuff

2008-02-13 06:55:00

Well carp! It seems that going from 10.4.11 to 10.5.2 in one go has broken a few things on my Macbook. Most notably, my FileVault home directory refuses to mount D:

Checking things out with fsck and Disk Utility Provides the following:

Checking catalog file.

Invalid key length.

Volume check failed.

Disk verification failed.

Ouch. Luckily the encrypted sparseimage will still mount, so I'm using rsync to copy all of my data out of the home directory. Thank Dog I have an external FW disk lying around. Also thank Dog that I make a backup recently :)

Remember kids! Always make backups!

Also, it seems that the tablet driver for my Wacom Graphire4 is incompatible with 10.5.2 as well. It was working nicely with 10.5.1, but not it's borked out :( I guess I'll have to wait for an updated version.

Oh well... While my Macbook is copying all of my data, I'll go have breakfast.


kilala.nl tags: , , ,

View or add comments (curr. 0)

Wacom Graphire4 tablet having driver troubles in Leopard

2008-01-21 12:04:00

Ever since I upgraded my Powermac to Leopard it'd been having problems with my Wacom Graphire4 tablet. The tablet would work, but only in its very basic mode. I suspected driver issues, but couldn't figure out which driver to use.

I finally got it to work though. Here's how:

1. If you have a directory called "Pen Tablet" or "Wacom" in /Applications, go in there and run the uninstaller. Remove both the prefs and the software.

2. Go into /Library/Preferences and remove all mentions of "Wacom" or "Pen Tablet".

3. Go into /Library/Application Support and do the same.

4. Go into ~/Library/Preferences and do the same.

5. For good measure, use the Find function in Finder to search for other mentions of Wacom.

6. Download the proper driver over here.

7. Install the new driver.

It should work now :)


kilala.nl tags: , , ,

View or add comments (curr. 0)

iPhoto, not without its glitches

2008-01-14 09:56:00

Meh... iPhoto is not without its bugs, unfortunately. I'm busy copying a few gigs of pics from Japan to my Powermac. iPhoto keeps borking up the exports, saying that a number of files are locked due to activity. This lock appears to be taken away, once I give iPhoto the command to "revert to original" for the pics in question. It seems that the editing process in iPhoto doesn't always clean up its crap :/

This bug's changed a process that should've taken fifteen minutes into an hour's endeavour.


kilala.nl tags: , ,

View or add comments (curr. 0)

path_helper: sometimes Apple does kludgy, stupid things

2007-11-18 15:24:00

I've always been quite happy about most of the stuff Apple does. A lot of their solutions to problems are elegant and pretty. However, there are also some cases in which they do awful stuff under the hood. Stuff that makes me cringe in disgust.

Case in point, the new path_helper command.

I've been an avid user of LaTexIT, a LaTex helper programme, for a few months now. It's great how easy it makes the creation of mathematical equations in LaTex.

Unfortunately LaTexIT doesn't yet work flawlessly on Leopard. One of the things that goes wrong is the fact that it just won't start :D After trying to start the app a few times, I noticed a run-away process called path_helper.

I asked Pierre whether path_helper might be tied to the problems he's having, because we don't often get run-away processes. Pierre confirmed that others have hinted at path_helper as well, but that he isn't quite sure yet. Unfortunately he doesn't have a Leopard license yet, so he can't debug the problems yet (hint: make a donation if you use LaTexIt! Pierre could use a Leopard license!).

To help him out, I dug around a little bit. What follows is what I e-mailed Pierre. If you don't want to read through the whole bit, here's the summary:

Apple wants to make it easy to expand the $PATH variable for every user on the system automatically. Instead of tagging on new PATH= lines onto the end of /etc/profile, they've created the path_helper command that gets called by /etc/profile. Path_helper reads directory paths from the text files in /etc/paths.d and appends these paths to $PATH.

So because the want to make it just a -little- easier to add to $PATH, they've:

* Created a new directory structure under /etc/paths.d

* Allow new apps or environments to add text files to /etc/paths.d

* Created a new command which simply reads text files and barfs out shell commands.

* Thus broken the Unix standard way of globally setting $PATH.

Good going Apple! You bunch of schmucks!

======================================================

Hmm, this seems to be a weird little, extra tool that Apple has tagged onto the OS. I'm not sure if it's the most elegant solution to the problem. I see what they want to do though: they want to be able to easily make adjustments to the $PATH variable for all users on the system.

Personally I'd just use the global profile in /etc, but apparently Apple have chosen a roundabout way.

Each user's .profile calls that path_helper process. The only thing that path_helper does is generate the requisite sh/csh commands to adjust the $PATH variable.

From the manpage:

=====================

ath_helper(8) BSD System Manager's Manual path_helper(8)

NAME

path_helper -- helper for constructing PATH environment variable

SYNOPSIS

path_helper [-c | -s]

DESCRIPTION

The path_helper utility reads the contents of the files in the directories

/etc/paths.d and /etc/manpaths.d and appends their contents to the PATH and

MANPATH environment variables respectively.

Files in these directories should contain one path element per line.

Prior to reading these directories, default PATH and MANPATH values are

obtained from the files /etc/paths and /etc/manpaths respectively.

Options:

-c Generate C-shell commands on stdout. This is the default if SHELL

ends with "csh".

-s Generate Bourne shell commands on stdout. This is the default if

SHELL does not end with "csh".

NOTE

The path_helper utility should not be invoked directly. It is intended only

for use by the shell profile.

Mac OS X

END

=====================

So instead of putting PATH=$PATH:/usr/whatever/bin in /etc/profile, Apple have decided to make a new config file: /etc/paths.d. This config file will list all directories that need to be appended to the default $PATH.

/me looks at /etc/paths.d

Actually... It's a directory, containing text files with directory paths. For example:

=====================

Kilala:~ thomas$ cd /etc

Kilala:etc thomas$ cd paths.d

Kilala:paths.d thomas$ ls

X11

Kilala:paths.d thomas$ ls -al

total 8

drwxr-xr-x 3 root wheel 102 24 sep 05:53 .

drwxr-xr-x 91 root wheel 3094 13 nov 21:11 ..

-rw-r--r-- 1 root wheel 13 24 sep 05:53 X11

Kilala:paths.d thomas$ file X11

X11: ASCII text

Kilala:paths.d thomas$ cat X11

/usr/X11/bin

=====================

I guess Apple's reasoning is that it's easier to add extra text files to /etc/paths.d, than it is to add a new PATH= line to /etc/profile. Personally, I think it an in-elegant (and rather wasteful) way of doing things :/

Wait, it's even worse! The path_helper gets called from /etc/profile! Ugh! :(

=====================

Kilala:~ thomas$ cd /etc

Kilala:etc thomas$ cat profile

# System-wide .profile for sh(1)

if [ -x /usr/libexec/path_helper ]; then

eval `/usr/libexec/path_helper -s`

fi

if [ "${BASH-no}" != "no" ]; then

[ -r /etc/bashrc ] && . /etc/bashrc

fi

=====================

Let's see what happens when I run the command...

=====================

Kilala:etc thomas$ /usr/libexec/path_helper -s

PATH="/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:/usr/X11/bin"; export PATH

MANPATH="/usr/share/man:/usr/local/share/man:/usr/X11/man"; export MANPATH

=====================

What a totally stupid and annoying way of doing this. What's worse, I'm quite sure it also breaks the Unix-compliancy of Leopard when it comes to standards for setting $PATH.

Hmm :/


kilala.nl tags: , , ,

View or add comments (curr. 12)

Return of the Word 2004 FontCacheTool troubles

2007-11-15 19:09:00

Darn... Fighting this little bit of trouble just cost me half an hour and a good chunk of my mood.

After installing the OS X 10.4.11 update, the MS Word 2004 FontCacheTool problems I had back in 2006 arose again. Apparently this part of MS Office regularly gets into trouble with OS X's fonts and caches *grr*

I tried to get rid of the problem in a nice way by disabling any duplicate fonts and by removing the font cache. But that didn't help me any. So instead I reckoned I'd play it dirty; I didn't have time to play with Word.

$ cd /Applications/Microsoft*/Office/Support*

$ sudo mv FontCacheTool FontCacheTool.orig

Screw that piece of kit... If it doesn't want to play nicely, it won't get to play at all. Of course, that's not the proper solution. On the upside of things, Word does boot up very quickly now! ^_^;


kilala.nl tags: , ,

View or add comments (curr. 0)

Leopard and new text-to-speech voices

2007-11-04 10:49:00

A small forum discussion at Ars Technica alerted me to one of the new features in OS X Leopard. Apple'd been working on a more lifelike voice-over, which resulted in the voice Alex. I have to say that it's pretty damn impressive, the way they make Alex sound rather lifelike.

What's even scarier is the fact that somehow Apple worked in little breathing-effects as well. There's something weird about hearing your computer draw breath before it starts to speak a sentence.

EDIT:

You can use the voice-over utilities to create audio files as well. Cheap audio-books anyone? Of course, Alex doesn't speak as vividly as any other narrator, but still.

Here's how to do it:

1. Open Terminal.app to get to the command line.

2. Type "say -f ".

3. Drag a plain text file from Finder into the Terminal window.

4. Type " -o ~/Desktop/Spoken.aiff"

5. Press enter.

The say command will read the text input file (-f flag stands for "file") and will output the audio as .AIFF file (-o stands for "output"). The resulting file will appear on your desktop. Once it's done you can convert the .AIFF file to .MP3 using Amadeus.

EDIT2:

Of course, another neat use for this command is to tell you when a huge task is done. For example, I run the "TEC-analysis.sh" script from the command line to analyse a weeks worth of Tivoli alarms. It'd be very easy to do the following:

$ ./TEC-analysis.sh; say TEC Analysis complete!


kilala.nl tags: , ,

View or add comments (curr. 4)

Leopard upgrade, part 1: Powermac

2007-11-03 15:44:00

My new Leopard desktop

Last night I upgraded the first of our three Macintoshes to the new Mac OS X Leopard. I'd decided to start out with the Powermac, since that one's the least crucial of our Macs. Before upgrading her iBook, Marli wants to see the new OS work on my Powermac. And of course I'm saving the all-important work-Macbook for last.

The installation was -not- without problems. I'd forgotten that I'd installed APE (Application Enhancer), which royally screws up any new Leopard install. This isn't that farfetched, since it's a rather hackish piece of software.

After doing a completely fresh, reformatted, install I found another unpleasant surprise: the Migration Assistant software cannot import users whose homedirectory has been File Vaulted. Crap. This meant that I had to transfer all my files and preferences by hand.

So far I like the new OS well enough (haven't noticed much difference), though there's one thing that I already loathe: Spaces. I -love- having a virtual desktop manager built into OS X. Absolutely. I just hate two of the "features" of Spaces.

1. You cannot move windows from one desktop to another using a key combo.

2. Spaces automatically switches to the desktop containing the -main- window of the application you select.

Why is number 2 so bad? Well, let's say that I'm typing up a report on desktop 4. Now a friend pops up on MSN, through Adium. The new Adium window appears on my current desktop: 4. I switch to Adium, to type a reply, and "zing!" I'm moved to desktop 2 because that's where Adium's main window resides.

That fscking sucks!

More Leopard gripes later :)


kilala.nl tags: , ,

View or add comments (curr. 0)

Getting my Canon scanner to work (n650u on Mac OS X)

2007-09-05 21:45:00

Please let the record state that Canon are a bunch of f-ing toolboxes when it comes to their scanners. More specifically, when it comes to using their scanners in Mac OS X. Some of their older models are completely unusable, although there are tricks, rituals and voodoo that may get you varying results.

I've fought a few times to get my N650u to work.

I need to scan some stuff for school. Since I cannot drag along my Powermac (which runs the Classic Canon tools) I've fought my Macbook for an hour or so tonight. I tried all the crap that's out there, but Canon's software's crap. So I caved in and bought Vue Scan. Thankfully it's come down in price since the last time I wrote about it.

At least I can use the bill for VueScan to get a tax write-off, since it was a purchase made for school. *sigh*


kilala.nl tags: , ,

View or add comments (curr. 0)

Tips and tools: Schoolhouse 2

2007-08-23 21:11:00

Studying is hectic business

As a student, especially as a freshman, things can become very chaotic. You will need to juggle your courses, your projects, your work and your social life. There's teachers and fellow students and there are all kinds of things you need to do.

In order to survive you'll need to keep a clear head and get your act together. Keeping track of all your work and having it all at your fingertips is crucial.

There are all kinds of tools and tricks that will help you get along. There's methodologies like PEP and GTD. And there's online tools like Gmail/Gcalender and MyQuire.

A lot of the modern operating systems also help you out by providing useful features. Mac OS X for example, features software like Spotlight, Time Machine, Address Book and iCal. I'm sure Windows comes with useful stuff too, but I'm just not familiar with that stuff ~_^

Getting organised: Schoolhouse 2

Recently I read an article on Life Hacker (a productivity blog) about Schoolhouse 2. The author lauded Schoolhouse as an innovative piece of software that has great potential.

SH lets you organize all your notes, files, project, tasks and assignments. The interface is quite similar to that of iTunes, so one should get quickly used to it. On the left hand side we can create folders and subfolders to symbolize years, terms and courses. (Smart) notebooks are the analogue of playlists, allowing you to sort assignments irrespective of their course.

Courses can be assigned a number of credits, so you'll know exactly what you're up against. Each course may also contain any number of notes, assignments, labs, midterms, exams, etc. All of these can be assigned grades, so you can track your progress throughout the term. In a nice twist of things, you can also assign each course teachers, project members, attachments and To Do lists.

The interface sports a number of useful buttons, like Ask teacher which automatically opens a new e-mail to your teach. The grade and calendar views are also pretty damn useful.

I've discovered a few downsides to Schoolhouse 2. For one the interface is still far from consistent and knows its instabilities. Also, all your notes and SH objects are stored in a proprietary database. The only exception being your attachments. As far as I know, the database doesn't hook into Spotlight, so you can't search SH from the operating system. Shame.

One of the most clamoured over features for SH is integration with iCal. Apparently the developer is looking into this, but he's only a student himself. Finding time to make a new version of Schoolhouse can be hard :)

Get Schoolhouse 2.

Also, please don't be stingy. Good software deserves a bit of a reward. If you find yourself using Schoolhouse for your daily work, please consider making a donation to Logan Collins. I'm sure he can use the dough for his software development.


kilala.nl tags: , , ,

View or add comments (curr. 0)

Mac OS X: locking your screen, without a screen saver password

2007-07-26 17:41:00

This afternoon my buddy Edmond came up to me with an interesting predicament. He runs Mac OS X on his Macbook and would like to:

A) have a password-less screen saver

B) have the ability to lock his screen with a password

Usually one simply uses screen saver passwords to achieve goal B, but Ed was adamant that he wanted A as well. Not something you often see, right? Initially I thought it wouldn't be possible, but then I had a flash of insight. It's possible! Here's how...

1. Open "System Preferences". Go into "Security".

2. Uncheck the box marked "Require password to wake...".

3. Open "Keychain Access". Open its preferences window.

4. Check the box marked "Show status in menu bar".

5. A padlock appears in your menu bar.

From now on you can lock your screen by clicking on the padlock and selecting "Lock screen". And you can still use your screen saver and go back into the OS without a password. The only downside to this is that one can also wake up your system from sleep without a password. Not something I'd like to have if my laptop was ever stolen.


kilala.nl tags: , , ,

View or add comments (curr. 0)

Fedora Core 6 image for Parallels Desktop

2007-06-11 16:47:00

Now that I've gotten my mits on an Intel Macbook I've also started dabbling with Parallels Desktop, a piece of software that'll let you run a whole bunch of virtual machines inside Mac OS X. For my work it's rather handy to have a spare Solaris system lying around, so I went with the Solaris Express image that I mentioned a few weeks ago. And now that it's about time for me to get started on my LPIC-2 exam it's also handy to have at least one Linux at hand.

Enter a pre-installed and configured Fedora Core 6 image for Parallels. At only ~730MB in size that really isn't that bad. Saves me a lot of trouble as well.

Just be sure to set your RAM at 512 MB. Any higher is supposed to crash FC, according to this OS X hint.

EDIT:

Tried it with my last day of the Parallels demo. It works like a charm :)


kilala.nl tags: , , ,

View or add comments (curr. 6)

Sun's Solaris Express image for Parallels Desktop

2007-04-27 14:32:00

Ever since Apple switched to Intel processors in their systems and Parallels came out with their Parallels Desktop software it's been possible to run Windows, Linux and other Unices inside virtual machines on your Mac. That's totally great, since it allows you to run various test systems without needing additional hardware!

A lot of people also got Solaris 10 to run in PD, although some ran into a little bit of trouble. Well, not anymore! Sun has created a pre-installed Solaris Express image for use with Parallels Desktop. This allows you to immediately get up and running with Solaris, without even having to go through any of the normal installation hoops.

I know what I'll be doing when I get my Macbook in ;)

Thanks to Ben Rockwood for pointing out this little gem.


kilala.nl tags: , , ,

View or add comments (curr. 0)

Accessing your Mac at home, from work - reprise

2007-03-13 08:11:00

Well, It works, I can use my iBook at home from my desktop PC at work. I'd tested the whole setup at home, using both my Powermac and the Thinkpad $CLIENT gave me and VNC worked properly and rather smooth.

Unfortunately the Internet connection at $CLIENT isn't too great, so the VNC connection is a bit sluggish. Changing desktops (I run Desktop Manager to sort my apps across four desktops) takes a second or three and building a completely new screen takes about two. So it's not great, but it's doable at least.

I'll try this out for a few days, see how it pans out. If I don't get stuck in any way I'll leave my iBook at home from now on.


kilala.nl tags: , ,

View or add comments (curr. 0)

Accessing your Mac at home, from work

2007-03-12 22:08:00

A screenshot of VNC in action.

For weeks on end I've been dragging my iBook along to the office at $CLIENT, even though I'm not allowed to connect it to their network. My iBook is indispensable to me, because it contains all of my archives and past projects, all my e-mail and my address book and calendar. I even use my iBook to keep track of my working hours (thank you TimeLog 3!).

Unfortunately, dragging my laptop around can get tiresome, especially if I ride my bike to work. Which is why I'm very grateful to one of my colleagues for suggesting the use of VNC or another remote desktop solution. Seriously, the suggestion was so obvious that I'm really ashamed that I didn't think of it. I guess I was just clinging -too- much to my dear, sweet iBook.

Anywho... What I'm about to describe is only one of many ways to implement a remote desktop solution for your Mac. A few other options exist, but this is the one I'm using. What we're going to be building is the following:

* I'm at my desk at work, using one of the PCs over there.

* My iBook, running Mac OS 10.4 is at home, connected to my wifi network.

* I will be using my iBook, from my desk at work :)

What you'll need:

* A VNC server. I chose to use Vine Server, which came recommended.

* A VNC client. For Windows and Linux I chose to use Tight VNC and for OS X I use Chicken of the VNC.

* An SSH server. This comes built in, as part of Mac OS X.

* An SSH client. For Windows I use PuTTY, while Linux and OS X come built in with a client.

* Your home IP address. You can find this by browsing to What is my IP address? at home.

Setting up SSH at home

You can use the basic SSH configuration that comes with OS X, but it's not rock solid. If you'd like to be extra secure, please make the following changes. This will disable remote root access and will force each user to make use of SSH keys. If you didn't, you could log in using your normal password which opens you up to brute force password attacks.

* Open Terminal.app and enter the following commands.

cd /private/etc

sudo vi sshd_config

* Change the following lines, so they read as follows. The last two lines a

PermitRootLogin no

PasswordAuthentication no

UsePAM no

* (Re)start SSH

Open System Preferences.

Go to "Sharing".

(Re)start the "Remote access" server.

Setting up the VNC server at home

Vine Server comes in a .DMG and you can simply copy the binary to its desired location. By starting the application you're presented with the applications configuration options, which has buttons at the bottom to stop and start the VNC server.

* You can leave most settings at their default values, but it's extra safe to change the following:

Connection -> set a password

Sharing -> only allow local connections

This secures your VNC server with a password and prevents people on your local network from connecting to your desktop. You'll only be able to login to VNC after logging in to your system through SSH.

* Press the "Start server" button.

Setting up your router

You will need to make your SSH server accessible from the Internet. Configure your router in such a way that it forwards incoming traffic on port 22, to port 22 on your Mac.

Setting up your SSH client at work

If you forced your SSH server to use public/private keypairs earlier, then you'll need to configure your SSH client to do the same. You can use ssh-keygen (OS X and Linux) or PuTTYGen (Windows) to generate a key pair. Please Google around for instructions on how to use SSH keys.

You will need to tell your SSH client to connect to your SSH server at home and to set up port forwarding for VNC. In both examples $HOME-IP is the IP address of your Internet connection at home.

* On Linux and OS X (from the command line): ssh -L 5900:127.0.0.1:5900 $HOME-IP.

* On Windows (in PuTTY): SSH -> Tunnel -> local port = 5900, remote port = 127:0.0.1:5900

What you're doing here is rerouting any traffic that's coming in at your work PC at port 5900 to port 5900 at your home box.

Setting up your VNC client at work

All of the real work is being done by the SSH session, so you can instruct your VNC client to simply connect to desktop 0 at localhost, or at 127.0.0.1. Enter the password that you set up earlier.

Adding more security

Unfortunately Hot Corners don't work through VNC and FUS kills your VNC session, so we'll need to find another way to lock your OS X desktop. Luckily I've found a way in this article. You can use Keychain Access to add a small button to your menu that will allow you to lock your screen.

And there you have it! A fully working VNC setup that will allow you to use your Mac at home, from work.


kilala.nl tags: , , , ,

View or add comments (curr. 0)

Why ZFS matters to the rest of us

2006-12-22 22:41:00

Thanks to a link on the MacFreak fora I stumbled onto a great blog post explaining why ZFS is actually a big deal. The article approaches ZFS from the normal user's angle and actually did a good job explaining to me why I should care about ZFS.

Real nice stuff and I'm greatly looking forward to Mac OS X.5 which includes ZFS.


kilala.nl tags: , , , ,

View or add comments (curr. 1)

Learn something new every day

2006-09-14 21:18:00

Creating my own, custom icon set for Mac OS X will be quite large a job I've learned so far :)

Basically what it boils down to, is that you:

* Create a nice icon using something like Gimp of Paintshop.

* Create an icon template using IconoGrapher.

* Size your icon down to 128x128, 48x48, 32x32 and 16x16. These four images will be used in Iconographer.

* Each "size" also requires that the mask you need is of the appropriate size.

* All of this rolled together makes a "new style" OS X icon, that can be used all through the OS.

Shit loads of work, but very interesting!

Here's the first six I've created so far. What you cannot see in this image (due to the lack of Alpha stuff), is that each icon has nice rounded corners.

From left to right: Chicken of the VNC, Adium, Adium offline, Adium away, Adium idle, Adium alert. The five Adium icons are bundled into an icon package that can be installed in Adium. The first Adium icon is used in the IconoGrapher template.


kilala.nl tags: , ,

View or add comments (curr. 4)

Using your Mac OS X system with Vodafone GPRS

2006-07-25 10:42:00

Sweet! I've finally gotten my Nokia cell phone to work as a Bluetooth modem for my GPRS connection.

Vodafone had already sent me a manual describing how to set up the connection, but unfortunately it wasn't working for me. Turns out that Vodafone skipped a few steps. The life saver in this matter turns out to be Ross Barkman's website which has GPRS modem scripts for leading brand cell phones.

If you would like to get your OS X system connected to the Internet through GPRS, do the following:

* Download the appropriate scripts for your phone from Ross' website and install them in "/Library/Modem scripts".

* Add your phone as a BT device (refer to your GSM provider's manual for details).

* Tell OS X to use the phone for a high speed Internet connection (refer to your GSM provider's manual for details).

Up to now I've been working according to Vodafone's manual. These are the changes I had to make (all of them in System Preferences -> Network -> Bluetooth modem)...

PPP tab:

* Instead of "*99#", use "office.vodafone.nl" as your telephone number (depending on your subscription it could also be "web." or "live.".

* Username and password are still "vodafone" and "vodafone".

* Turn off "Send PPP echo packets" and "Use TCP header compression" under PPP Options.

Bluetooth modem tab:

* Instead of "Nokia infra-red", use "Nokia GPRS CID1" as the modem script.

* Turn off "Wait for dialtone".

Now your connection should work. Try dialing in using Internet Connect or the Dial Now button in Network preferences.


kilala.nl tags: , , ,

View or add comments (curr. 1)

Using Airport Express with OSX and Windows

2006-01-27 06:36:00

We all know I love just about anything Apple Computers makes. There's no secret in that. However, I myself was very much amazed at the ease of setup when it comes to an Airport Wifi network. Yesterday I received the Airport Express base station and the Airport Extreme Card that I'd ordered trough the Apple Store. Looking forward to an evening filled with tweaking and fiddling, I was pleasantly surprised that all it took was fifteen minutes! And that includes installing the AE Card into my Powermac. It really is just as easy as plugging it in :)

I also had expected to have loads of problems to get Windows XP to work with Wifi, after hearing horror stories. And like I had feared Marli's laptop refused to talk to our newly built Wifi network "Kilala" ( original name, ain't it? :P ). However, that was easily fixed by completely reconfiguring the base station using the Windows software. Now the laptop had no qualms in connecting to the network and my Apple computers still attached flawlessly.

I'm one happy camper! Now all we need to do is to wait for Casema to deliver the cable modem, so we can get hooked up to the Internet again. The parcel gets delivered on Valentine's Day :D Awesome!


kilala.nl tags: , , ,

View or add comments (curr. 0)

Burn baby burn! Configuring the OS X firewall.

2004-04-03 00:00:00

It's only been a couple of months since I switched to Apple OS X, but since then I've learnt many a thing about the OS. It was only recently though that I found the need to configure the built in firewall. This little HOWTO'll explain all of the steps I took.

The built in firewall software is one of the many OS X features that Apple likes to tote around, claiming a higher level of security out of the box when compared to other OSes. And yes indeed the firewall software does appear to do its job properly. With one exception...

Conventions used within this document

Before we begin I would like to point out a couple of conventions I will be using in this document. Whenever you encounter any text written in courier new bold, this means that you're either reading commands which need to be entered into the UNIX command line of OS X or a list of packages or menu names. You will also encounter lines starting with the text "kilala:~ thomas$". This is merely the command prompt as displayed on my system and I include it in these texts to indicate the commands to be entered.

Firewalls? What the heck?...

First off I can imagine that some of the people reading this can't even begin to imagine what a firewall is or does. They might've heard the word before on the web or in Apple's (or Microsoft's) PR spiel. I won't go into any technical details, but I'll give a short explanation on the ideas behind a firewall. If you would like more detailed information I recommend a website like http://computer.howstuffworks.com/firewall.htm.

Firewalls are a sort of security measure which work by separating your computer or network from a possibly hostile network, like the Internet. This separation usually takes place by disallowing any and all network traffic to and from your systems, while only allowing a certain number of protocols in and/or out. For instance, a home user may setup his firewall to block everything except outgoing e-mail and browser traffic. On the other hand some companies could be allowing incoming browser requests to their own webserver, next to the already mentioned outgoing e-mail and browser traffic.

One of the most important things to remember though is the fact that a firewall is not the be-all-end-all security measure that fixes all of your problems. It could still be that the software serving the protocols that you do allow through the firewall is buggy with security flaws. Think of Microsoft's ISS webserver software which was famous for security holes in the past.

OS X! What's the problem?

As I said it was only recently that I found the need to manually configure OS X's built in firewall software. I'd always kind of expected the software to work straight out of the box, which it kind of did.

You see, usually with firewall software you'll say "I want to block any and all traffic to and from my box, except this, this and that protocol". Basically you do the same with OS X's firewall, but with a small snake in the grass: the protocols you allow to go in and out of your systems get permission on all of your network interfaces! So if you're hooked up onto the Internet (which I assume since you found my little article) and if you decide to turn on that Windows file sharing, remember that you're sharing your files with the rest of the Internet! You can imagine I was less than pleased with this and I can't even begin to imagine why it took me two months to start thinking about this. Usually I'm more security minded! Anywho, the damage was done and I decided to quickly learn enough about the OS X firewall, so I could configure it properly.

Reconfiguring the OS X firewall

I quickly found out that OS X uses the BSD UNIX default firewall ipfw, which can be configured in many different ways. There's Apple's custom window in the System Preferences panes. Then there are GUI's like Brickhouse and Firewalker which are available through the Internet. And finally you can take the manual approach and enter ipfw firewall rules one by one, by hand.

I chose to use the manual approach, since that is what I'm most familiar with; I've been entering firewall rules since my internship at Spherion when I was still running a firewall on Suse Linux 6.0. An added bonus to entering the rules by hand is that you know 100% sure what the firewall will do, as opposed to rules created or generated by a GUI.

I wouldn't expect Joe and Little Timmy from across the street to use to approach, so I would recommend people who're less technically involved to give software like Brickhouse a try. I hear it's supposed to be pretty good!

For the lazy people...

People who don't like typing big files by hand can download the file Firewall-config.tar from my website. This file contains all files which are to be placed in /Library/StartupItems/Firewall.

First things first

In a minute we'll start looking at how we create rules for our firewall. But as the title says: "First things first"! Because we want our own set of rules to bypass the OS X default rules we'll need to make sure that our configuration gets loaded right after the systems comes up. This is done by adding a new boot configuration for the firewall. I'll just show you all the steps I took, along with some explanations; that should make things clear enough.

First off, make sure that you're in a user account which is allowed to use the sudo command. This could be the Administrator account, but you could also modify your own account for this purpose. Then open up a Terminal.app window.

Last login: Sun Apr 4 09:46:44 on ttyp1

Welcome to Darwin!

kilala:~ thomas$ cd /Library

kilala:~ thomas$ sudo mkdir -p StartupItems/Firewall

Password:

kilala:~ thomas$ sudo chown -R root:wheel StartupItems

kilala:~ thomas$ sudo chmod -R 755 StartupItems

kilala:~ thomas$ cd StartupItems/Firewall

kilala:~ thomas$ sudo cp -rp /Systems/Library/StartupItems/NFS/* .

The previous commands created a new boot configuration directory for the service we will call Firewall. You setup the directories to have the proper ownerships and access permissions. Finally you copied over the startup configuration for the service called NFS as a basis for our own service.

Now I'm hoping that you are already familiar with the vi text editor, because we are going to make heavy use of it. If you have no clue how to use vi, please look up some tips on the Internet first!

kilala:~ thomas$ sudo vi StartupParameters.list

Modify the file to read as follows:

{

Description = "Firewall";

Provides = ("Firewall");

Requires = ("Resolver", "NetworkExtensions");

OrderPreference = "Late";

Messages =

{

start = "Starting custom firewall";

stop = "Stopping custom firewall";

};

}

kilala:~ thomas$ sudo mv NFS Firewall

kilala:~ thomas$ sudo vi Firewall

Modify the file to read as follows:

#!/bin/sh



##

# Setting up the Firewall rules at boot time

##

# Please note: added "FIREWALL=-YES-" entry to /etc/hostconfig



. /etc/rc.common



StartService ()

{

if [ "${FIREWALL:=-NO-}" = "-YES-" ]; then

ConsoleMessage "Adding Firewall Rules"

ipfw -f flush

exec /Library/StartupItems/Firewall/Ruleset

fi

}



StopService ()

{

ConsoleMessage "Removing all Firewall Rules"

ipfw -f flush

}



RestartService ()

{

ConsoleMessage "Removing all Firewall Rules"

ipfw -f flush

if [ "${FIREWALL:=-NO-}" = "-YES-" ]; then

ConsoleMessage "Adding Firewall Rules"

ipfw -f flush

exec /Library/StartupItems/Firewall/Ruleset

fi

}



RunService "$1"

We're almost there :) Only one more file to edit to set up the automatic booting.

kilala:~ thomas$ sudo vi /etc/hostconfig

Modify the file and add the following line at the bottom of the page:

FIREWALL=-YES-

Before setting up the rules

Now we'll get to the brunt of setting up our firewall. Most of the things discussed in this document are things that I had to learn in the course of a day, so please don't expect me to explain everything in detail ^_^; I was lucky enough to have enough past experience with iptables and ipchains, so that helped me in understanding the rules in the following chapter.

Unfortunately the rules below will only apply to people who have one network card in their system and who use a dial-up connection to the Internet. In my system the primary network card, which is used for my home network, is designated as en0. My Internet connection on the other hand is designated as ppp0. You can check your own settings by running the following command while you're connected to the Internet:

kilala:~ thomas$ ifconfig -a | grep UP

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500

ppp0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500

The interface lo0 is your loopback interface, which is a virtual network interface not actively used on the network itself. It is mainly used for communications within your system itself. You can recognise your network card by running the command ifconfig for each of the remaining interfaces (for instance ifconfig en0); your network card will have the IP address which is also set in the System Preferences pane.

My whole point is that, if you do not have the exact same situation as I have, you will have to modify the rules below insofar that you exchange each instance of "en0" with your network card name and each instance of "ppp0" with your Internet connection name. Also, if you have more than one network card, be sure to add additional rules for those interfaces as well.

Anyway. On with the show!

Almost there: entering the rules

Now you'll have to edit the final file in this whole setup. Make sure that you're still in the /Library/StartupItems/Firewall directory before going on.

kilala:~ thomas$ sudo vi Ruleset

This will also create a new file, which you will have to fill out completely as below. Once you're more familiar with how these rules work you could start adding rules for additional services. You may notice for example that I don't open up ports for IRC or AIM, since those are both services that I make no use of.

#!/bin/sh

# Firewall ruleset for T. Sluyter (Kilala.valhalla.org)

# Ver 1.00 3rd of April 2004

#

# Allows any and all network traffic on the "inside" network.

# Blocks almost all network traffic to and from the internet.



# Allows only a limited amount of network traffic to and from the internet.

#



# Allow a number in default traffic settings

ipfw add allow ip from any to any via lo0

ipfw add allow tcp from any to any established

ipfw add allow ip from any to any frag

ipfw add allow icmp from any to any icmptype 3,4,11,12

ipfw add deny log ip from 127.0.0.0/8 to any in

ipfw add deny log ip from any to 127.0.0.0/8 in

ipfw add deny log ip from 224.0.0.0/3 to any in

ipfw add deny log tcp from any to 224.0.0.0/3 in



# Allow any and all traffic coming through en0, from local network

ipfw add allow ip from 192.168.0.0/24 to any in recv en0

ipfw add allow ip from any to 192.168.0.0/24 out xmit en0

ipfw add allow tcp from 192.168.0.0/24 to any in recv en0

ipfw add allow tcp from any to 192.168.0.0/24 out xmit en0

ipfw add allow udp from 192.168.0.0/24 to any in recv en0

ipfw add allow udp from any to 192.168.0.0/24 out xmit en0

ipfw add allow icmp from any to any in recv en0

ipfw add allow icmp from any to any out xmit en0



# Allow FTP (File transfer) to the outside

ipfw add allow tcp from any 1024-65535 to any 20-21 out xmit ppp0

ipfw add allow tcp from any 20-21 to any 1024-65535 in recv ppp0



# Allow DNS lookups to outside

ipfw add allow udp from any 1024-65535 to any 53 out xmit ppp0

ipfw add allow udp from any 53 to any 1024-65535 in recv ppp0



# Allow SSH (Secure shell) to outside

ipfw add allow tcp from any 1024-65535 to any 22 out xmit ppp0

ipfw add allow tcp from any 22 to any 1024-65535 in recv ppp0



# Allow HTTP (Web browsing) to outside

ipfw add allow tcp from any 1024-65535 to any 80 out xmit ppp0

ipfw add allow tcp from any 80 to any 1024-65535 in recv ppp0

ipfw add allow tcp from any 1024-65535 to any 8080 out xmit ppp0

ipfw add allow tcp from any 8080 to any 1024-65535 in recv ppp0



# Allow HTTPS (Secure web browsing) to outside

ipfw add allow tcp from any to any 443 out xmit ppp0

ipfw add allow tcp from any to any 1024-65535 in recv ppp0



# Allow POP (Retrieving e-mail) to outside

ipfw add allow tcp from any 1024-65535 to any 110 out xmit ppp0

ipfw add allow tcp from any 110 to any 1024-65535 in recv ppp0



# Allow SMTP (Sending e-mail) to outside

ipfw add allow tcp from any 1024-65535 to any 25 out xmit ppp0

ipfw add allow tcp from any 25 to any 1024-65535 in recv ppp0



# Allow ICMP to and from outside

ipfw add allow icmp from any to any in recv ppp0

ipfw add allow icmp from any to any out xmit ppp0



# Block all of the rest, along with logging

ipfw add deny log tcp from any to any in recv ppp0

ipfw add deny log udp from any to any in recv ppp0

ipfw add deny log ip from any to any in recv ppp0

ipfw add deny log tcp from any to any out xmit ppp0

ipfw add deny log udp from any to any out xmit ppp0

ipfw add deny log ip from any to any out xmit ppp0

Finishing touches

Before we start rebooting our systems it might be wise to first check if our startup scripts are in full working order. You never know what happens if things aren't written a hundred percent correctly ;)

Luckily Apple has provided us with a command which can be used to run a startup script as if the system was rebooting just now. Running the following command should give you a properly configured firewall.

kilala:~ thomas$ sudo SystemStarter start Firewall

Now don't worry if running this command gives you loads of errors about the ppp0 interface not being unavailable. This is of course normal if you're starting the firewall without being logged into the Internet. Like I said: don't worry! The firewall will work properly. You may check if the firewall rules are properly loaded by running:

kilala:~ thomas$ sudo ipfw list

This command should return a list of 41 rules if you followed my example to the letter. You can count them by running sudo ipfw list | wc -l. If all of this seems to work properly, you should reboot your system. Once it's restarted, run the ipfw list command again to see if the firewall came up properly.

And that's about it! ^_^ Congratulate yourself on a job well done and rest assured that you're surfing the web a little bit safer.


kilala.nl tags: , , , ,

View or add comments (curr. 0)

Overheating Powermac G5

2004-03-28 08:12:00

Well, Apple has finally gotten rid of the overheating hard disk problems. Unfortunately the did not choose to relocate the thermo sensors for free, but they issued an update for Fan Control, which apparently is part of OS X. Jaguar users can download this pa tch seperately at Apple's Support pages, while Panther users get this update as a part of the 'jumbo patch' 10.3.3.


kilala.nl tags: , ,

View or add comments (curr. 0)

Older blog posts