Create a Bluetooth Mac-to-Mac network

December 28th, 2005

Interesting article on how to link to Mac computers using Bluetooth.

Posted in Apple, Bluetooth, Mac OS X, Networking | 1 Comment »

Mac OS/Linux/Windows Single Sign-On

November 15th, 2005

I have found a very interesting post on integrating both Mac OS X, Linux and Windows under a Windows Active Directory infraestructure: Mac OS/Linux/Windows Single Sign-On.

Posted in Apple, Linux, Mac OS X, Security | 2 Comments »

Adding extended attributes support to rsync

September 9th, 2005

The rsync software that comes with Mac OS X 10.4, and newer releases, supports extended attributes (HFS+ resource forks). This means it can sync files from a local HFS+ filesystem to a remote volume which does not suport HFS+ resource forks by using AppleDouble encoding.

The AppleDouble encoding splits a native HFS+ file in two parts:

  1. The data fork, which is the one that holds the real contents of the file, like the contents of a document, the pixels from a bitmap, and so on. It receives the same name as the original HFS+ file.
  2. The resource fork, which is built of data held on the resource forks and Finder data, like the Spotlight comments and so on. It receives a filename which consists on prepending a dot and a slash characters to the original HFS+ filename.

Thus, for a HFS+ file named MyDocument.webloc, when stored in the AppleDouble format, it is splitted in two files: MyDocument.webloc and ._MyDocument.webloc.

By default, Mac OS X rsync implementation does not enable extended attributes support. This must be explicitly enabled by supplying the -E command-line switch to the rsync command. The problem is, however, that few rsync implementations (I don’t know of any besides Apple’s Mac OS X 10.4 one) support neither this kind of functionality nor the command-line switch that activates it.

The solution was pretty easy, by the way. I downloaded Darwin rsync source code for the rsync-20 from the Darwin Projects Directory and extracted the file patches/EA.diff from within it. This patch file includes the extended attributes (HFS+ resource forks) functionality I was seeking. This patch, at the moment of this writing, is agaist rsync-2.6.3.

Thus, I only had to grab the sources for rsync-2.6.3, which are also included inside the rsync-20.tar.gz file I downloaded before, extracted them, patched, configured, made and installed:

# tar zxvf rsync-20.tar.gz
# cd rsync-20
# tar zxvf rsync-2.6.3.tar.gz
# cd rsync-2.6.3
# patch < ../patches/EA.diff
# CFLAGS="-O -pipe" \
  ./configure --prefix=/usr/local \
              --disable-debug --enable-ea-support \
               --with-rsyncd-conf=/usr/local/etc/rsyncd.conf
# make
# make install

I ran the previous commands on FreeBSD 7.0-CURRENT, thus the /usr/local prefix. Also, note the –enable-ea-support command-line switch supplied to configure. It is required in order to build the extended attributes support in. Leaving it out will produce a normal, EA-disabled rsync.

# rsync --help | grep -- -E
 -E, --extended-attributes   copy extended attributes

That’s all, folks. :-)

Posted in Apple, Mac OS X, Rsync | 2 Comments »

Hide users from the login window via prefs

September 1st, 2005

In Mac OS X Tiger, the Login Window will now show most users, even if the UID is below 500, unless the account is UID 0 (root) or user whose default shell is set to /dev/null.

Tiger’s login window preferences now supports a new setting called HiddenUsersList, which is an array of one or more user’s short account name. To hide a list of accounts from the Login Window, run the following command:

# defaults write /Library/Preferences/com.apple.loginwindow \
  HiddenUsersList -array-add account1 account2 account3 ...

where account1, account2, account3, … are the short user names for the accounts you want to hide. This would add additional names to any that might already exist.

To unhide all the names you may have previously hidden, run:

# defaults delete /Library/Preferences/com.apple.loginwindow \
  HiddenUsersList

As always, make a backup of any preference file you might change so you can move back to it.

Posted in Apple, Mac OS X, Security | 1 Comment »

Disabling Dashboard in Mac OS X Tiger

August 19th, 2005

I found the following link in macosxhints describing how to disable (or enable) Dashboard in Mac OS X Tiger.

Launch Terminal and then enter the following commands…

To turn Dashboard off:

defaults write com.apple.dashboard mcx-disabled -boolean YES

To turn Dashboard on:

defaults write com.apple.dashboard mcx-disabled -boolean NO

You have to restart the Dock after making either change for it to take effect:

killall Dock

Posted in Apple, Mac OS X | No Comments »

How to disable Bonjour in Apple Mac OS X Tiger

August 19th, 2005

I personally don’t want Bonjour (Zeroconf, mDNSResponder, Rendezvous) running all the time, because I rarely use it and because it gives away information such as your username, what services you’re running, computer name and more, depending on what you’re running. From a security perspective, you’re making it easy for an attacker to enumerate services and usernames without even having to do active scanning a lot of the time.

In order to permanently disabled the mDNSResponder daemon, run the following command:

launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

This will unload the daemon from memory and will modify the .plist file so the service will be permanently disabled and won’t be loaded during next startup. In fact, the previous command adds the lines highlighted in bold to the “/System/Library/LaunchDaemons/com.apple.mDNSResponder.plist” file:

cat /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.apple.mDNSResponder</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/mDNSResponder</string>
<string>-launchdaemon</string>
</array>
<key>ServiceIPC</key>
<false/>
</dict>
</plist>

To reenable the service, simply issue:

launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

which will, in turn, remove the previously highlighted lines in bold from the “.plist” file.

NOTE: Disabling Bonjour breaks iTunes support for remote speakers.

Posted in Apple, Mac OS X, Networking | 15 Comments »

How to prevent the creation of .DS_Store files on network volumes

August 19th, 2005

This KnowledgeBase article explains how to prevent OS X from creating new .DS_Store files when opening folders on remote volumes mounted using SMB/CIFS, AFP, NFS, and WebDAV. The creation of .DS_Store files (and more so, ._AppleDouble files which are not covered in this hint) is frequently the source of complaints against Mac users, who often leave a trail of these files scattered throughout the filesystem when “visiting” a Windows computer. Even with this hint in place, the .DS_Store files will continue to be created on local volumes (which is a good thing).

To prevent the creation of these files, open the Terminal and type:

defaults write com.apple.desktopservices DSDontWriteNetworkStores true

It may be necessary to log out and back in, or even to restart the computer (which is what the article states), for the change to take effect.

Note: Most of the settings controlled by data in .DS_Store files are “cosmetic” in nature — for example, Finder window position, view style, icon position, etc. However, .DS_Store files in OS X also store Finder “comments” so in this sense, disabling .DS_Store files may result in loss of data.

Posted in Apple, Filesystem, Mac OS X | 4 Comments »

Want to change the background of the login screen?

August 19th, 2005

Changing the background of the login window has never been so easy.

Look in folder “/Library/Desktop Pictures” for an item named “Aqua Blue.jpg”. This is the resource Mac OS X uses for the login background screen. By editing, or replacing this file, one can easily change the looking of the login window. However, it’s recommended to keep a copy of the old “Aqua Blue.jpg” in case one’s mind changes later.

Posted in Apple, Mac OS X, UI | No Comments »

Slow or hanged login

August 19th, 2005

Login in Mac OS X could stall when nameservers don’t respond to queries or do it slowly. This can happen during network outages, for example.

I discovered this today, with Mac OS X 10.3.9, while trying to log in. It took forever: the Dock started up, but finder would hang. Accidentally, I found that turning off all network interfaces (like AirPort), solved the problem, Further investigations revealed that my ADSL router had stopped forwarding packets and thus, it was impossible to reach any nameserver.

After a reboot, everything started working properly. However, I was intrigued about the reasons of the stalls during log in. By using “tcpdump” to capture traffic, I discover that my PowerBook was sending out some spureous queries against my ISP’s DNS nameserver:

16:05:33.975493 IP 192.168.0.xx.49152 > 195.235.113.3.domain: 30686+ PTR? 91.0.168.192.in-addr.arpa. (43)
16:05:34.034175 IP 195.235.113.3.domain > 192.168.0.xx.49152: 30686 NXDomain 0/1/0 (120)

192.168.0.xx is the IPv4 address assigned to my AirPort Express NIC, while 195.235.113.3 is my ISP DNS IPv4 address.

Why my system is sending out this PTR query is still a mistery to me and I haven’t been able to block it. It turns out that some component of Mac OS X is also sending out IPv4 (A) and IPv6 (AAAA) queries for “idisk.mac.com”. These can be easily blocked by adding the following entries to “/etc/hosts”:

# Mac OS X queries for these entries during log in,
# which can cause stalls if there is no Internet
# connectivity.
17.250.248.77 idisk.mac.com
::1 idisk.mac.com

Now, login is a little bit faster, but I guess it will hang the next time my router stops working properly.

Posted in Apple, Mac OS X, Networking | 3 Comments »

Case-insensitive filename completion with BASH

August 19th, 2005

If you use bash as your shell and use filename completion a lot, you can get bash to ignore the case of filenames just like HFS does.

Just put this in your ~/.inputrc file:

set completion-ignore-case on

Then, when you type ls /appli in the shell and force filename completion, you’ll get ls /Applications like you ought to.

Posted in Apple, Filesystem, Mac OS X, Shell | 3 Comments »
« Previous Entries
Next Entries »