Wednesday, October 14, 2009

mtools for Mac OS X

I'm always cleaning viruses from USB pen drives. Most reside as Windows explorer extensions in hidden files and directories on the FAT32 filesystem of the USB pen drive. I needed some FAT utilities on Mac OS X to be able to change the files' attributes and remove them.

The mtools package for Linux was just the thing needed. However, compiling it on Mac OS X proved to be a challenge. I downloaded the latest mtools-4.0.11 which fixed a problem in calculating the FAT size. These days, GNU's not what it used to be. There's hardly any documentation for mtools to help. Running make left me with an error stating "Undefined symbols: _iconv...". I managed to compile successfully using the following command:

./configure LIBS=-liconv

After that, cleaning the malware files was a breeze using mattrib, mdel and mdeltree.
Posted by at No comments:
Labels: , , , , , , ,

Friday, September 25, 2009

Ad Blocking in Vienna RSS Reader

I gave up NetNewsWire because of its ad-bombardment. Sure, I understand that free software can be expensive for the developer, but there's a limit of ad-bombardment that a user can tolerate. My threshold is very low.

Newsfeeds such as Slashdot have large and annoying graphical ad banners inserted in the RSS XML content. The size of the ads is larger than the 2-3 lines of content. This had to end.

Fortunately, the Vienna RSS reader supports customizable templates. My solution involves disabling the display of these ads using CSS. Follow these simple and easy steps to suppress the display of advertisements in your RSS feeds.
  1. Edit /Applications/Vienna.app/Contents/SharedSupport/Styles/Default.viennastyle/template.html
  2. Insert the following lines at the top (before the first <div> tag):

    <style type="text/css">
    @import url("http://adblock.googlecode.com/svn/trunk/adblock.css");
    @import url("http://www.floppymoose.com/userContent.css");
    </style>

  3. Save template.html and restart Vienna RSS.
I use the following two CSS files:

http://adblock.googlecode.com/svn/trunk/adblock.css
http://www.floppymoose.com/userContent.css

If anyone comes across a frequently updated CSS stylesheet for adblocking, please let me know. It is easy to add it to "template.html" as shown above.
Posted by at No comments:
Labels: , , , , , ,

Thursday, September 24, 2009

Quest for a good RSS Reader


I have always been searching for a good RSS reader for the Mac. My criteria for selection:
  • Free
  • Offline content
  • No sign-ups, no logins
  • I don't want Google to learn about what I'm reading
  • Good looks
  • No annoying ads
For the longest time, NetNewsWire's free version fit my needs. Recently, NNW has become annoying. Overlaid ads, greed and excessively frequent changes and updates (there's almost one every week) killed NNW's appeal. I don't care for Google Reader integration. I don't care for Google Reader, period.

I then switched over to NewsFire. It looks great. It is simple. But it lacked in many features. What killed NewsFire for me was its inability to pull in older content, even if it is on the site's feed. And there are no advanced settings.

NewsFire gave way to Vienna. I still prefer the fonts and styling of NNW and NewsFire, but Vienna does a very good job in meeting my criteria and keeping the ad banners away.
Posted by at No comments:
Labels: , , , , ,

Monday, September 7, 2009

GPGMail no more for Snow Leopard :(

Sad to learn about this, but the developer of the excellent GPGMail plugin for Mail.app has thrown in the towel. Apple has very weak documentation of Mail.app's internals and there's just no support and no thanks for someone's exceptionally hard work.

So, if you're a GPG/PGP user like I am, your move to Snow Leopard shall be without Mail.app. Your only alternative is Enigmail on Thunderbird.

Apple, atleast consider rewarding Stephane for his work and open up some good documentation for Mail.app

Google - this would be a nice idea for a Summer of Code project.

I hope the community can find a way to keep this great project alive!
Posted by at No comments:
Labels: , , , , , , , ,

Carbon Copy Cloner

Today, I upgraded my MacBook Pro's hard drive. I replaced it with a 7200 rpm 500GB HDD from Seagate. My system is a newer model and therefore I didn't require the MacBook Pro EFI Firmware update 1.7, which addressed a problem with higher capacity and higher speed SATA drives.

My upgrade was actually a very smooth process, thanks to Carbon Copy Cloner from Mike Bombich. Mike, thank you very much for building a fantastic product. I shall surely be sending a donation your way, not for saving my butt, but for building a great product!

Step 1: Place your target hard drive in an external USB or Firewire enclosure. I placed my 500GB drive in the external USB enclosure and connected it to my Mac.

Step 2: Partition the target hard drive using the Intel GUID partition format. Use Disk Utility to get that job done.

Step 3: Clone your system's drive onto the target hard drive using Carbon Copy Cloner. My system's drive is a 250GB drive. Carbon Copy Cloner went to work and in a couple of hours, my data was cloned.

Step 4: Remove your Mac's drive and replace it with your target hard drive. I followed the instructions from OWC's upgrade video.

Step 5: Ensure that you have properly closed your Mac.

Step 6: Boot up. It may take a little while at the first attempt, but soon you shall see your system boot up, with an upgraded disk capacity and everything in place as-is! I usually have verbose boot up messages turned on.
Posted by at No comments:
Labels: , , , , , , , , , , ,

Thursday, September 3, 2009

Turn off annoying iCal invite replies

Many people have complained about Apple really ruining iCal. I won't go into the depths of that. A month after I moved to a new Mac, I discovered yet another thing that wasn't properly restored from my previous system - the plugin to disable automatic replies to invitations.

iCal.app automatically sends and Accepted or Rejected email for calendar invitations. I want control over this notification, but there is none.

Enter John Maisey's extremely useful iCal Reply Checker. It took me a while to search for this utility - it is hidden in a deep corner of the web. Anyway, I am delighted that I found this utility again and installed it promptly!
Posted by at No comments:
Labels: , , , ,

Saturday, August 22, 2009

Fix ugly thick fonts

Default Mac OS X settings make some fonts look ug-lee. Read JWZ's post for some details. Some fonts end up looking thicker and more jagged than they should be.

Here's how my Terminal and NetNewsWire looked when I had to re-install my Mac:



And after the fix, here's how they look now:



What fixed this? Go to System Preferences > Appearance and set Font Smoothing Style to "Standard".

Posted by at No comments:
Labels: , , , , , , ,

Friday, August 21, 2009

Leopard Firewall Sucks

I like host based firewalls that block ports, not processes. Sure, there are merits to blocking access based on processes. I would have preferred a combination of both - access control based on both ports as well as processes. I can live without a process level access control mechanism, but I can't live without a port level access control mechanism.

Apple: "If it ain't broke, don't fix it".

Solution: I went back to ipfw. I sure wish Tiger's ipfw front-end GUI was available through some preference pane!

a) Disable the system firewall (Allow all incoming connections)

b) Create an entry in /Library/LaunchDaemons/ipfw_firewall.plist [link to pastie]

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST
1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>ipfw_firewall</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/etc/ipfw_firewall.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
</dict>
</plist>

c) Create /usr/local/etc/ipfw_firewall.sh and /etc/ipfw.conf - see code at the bottom of this message.

d) Modify /etc/syslog.conf [link to pastie] to create a separate ipfw log file

*.err;kern.*;auth.notice;authpriv,remoteauth,install.none;mail.crit /dev/console
*.notice;authpriv,remoteauth,ftp,install.none;kern.debug;mail.crit /var/log/system.log

# Send messages normally sent to the console also to the serial port.
# To stop messages from being sent out the serial port, comment out this line.
#*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit /dev/tty.serial

# The authpriv log file should be restricted access; these
# messages shouldn't go to terminals or publically-readable
# files.
auth,authpriv.*;remoteauth.crit /var/log/secure.log

lpr.info /var/log/lpr.log
mail.* /var/log/mail.log
ftp.* /var/log/ftp.log
netinfo.err /var/log/netinfo.log
install.* /var/log/install.log
install.* @127.0.0.1:32376
local0.* /var/log/ipfw.log

*.emerg *


Reference:

/usr/local/etc/ipfw_firewall.sh [link to pastie]

#!/bin/sh
## Boot Script for firewall

#
# CONSTANTS
#

IPFW=/sbin/ipfw
SYSCTL=/usr/sbin/sysctl

#
# Required startup script statements
#

. /etc/rc.common
ConsoleMessage "Configuring Firewall"

#
# Enable logging to /var/log/ipfw.log
#

/usr/libexec/ipfwloggerd

$SYSCTL -w net.inet.ip.fw.verbose=2
$SYSCTL -w net.inet.ip.fw.verbose_limit=100

#
# Enable Blackholes
#

$SYSCTL -w net.inet.tcp.blackhole=2
$SYSCTL -w net.inet.udp.blackhole=1

#
# Purge existing rules, this blanks any existing rules
#

$IPFW -f flush

#
# Load rule set from /etc/ipfw.conf
#

$IPFW -q /etc/ipfw.conf

/etc/ipfw.conf [link to pastie]

####################
# Localhost Settings
####################

# Allow everything on the localhost (127.0.0.1)
add 00100 set 0 allow ip from any to any via lo*

# Prevent spoofing attacks via localhost
add 00200 set 0 deny log all from 127.0.0.0/8 to any in
add 00201 set 0 deny log all from any to 127.0.0.0/8 in
add 00202 set 0 deny log ip from 224.0.0.0/3 to any in
add 00203 set 0 deny log tcp from any to 224.0.0.0/3 in
##############################################################
# ip-options
# (per FreeBSD Security Advisory: FreeBSD-SA-00:23.ip-options)
##############################################################

add 00250 set 0 deny log ip from any to any ipoptions ssrr,lsrr,ts,rr
############################################
# Allow outbound TCP, UDP & ICMP keep-state
############################################

add 00300 set 1 check-state
add 00301 set 1 deny log all from any to any frag in
add 00302 set 1 deny log tcp from any to any established
add 00303 set 1 allow tcp from me to any out setup keep-state
add 00304 set 1 allow udp from me to any out keep-state
add 00305 set 1 allow icmp from any to any out keep-state

# Allow traceroute out for diagnostics
add 00307 set 1 allow udp from me to any 33434-33525 out keep-state
add 00308 set 1 allow log udp from any to any 33434-33525 in keep-state

# Prevent spoofing attacks
add 00309 set 1 deny log ip from me to me in keep-state

# Deny Inbound NetBios traffic which just clogs up the logs
add 00311 set 1 deny tcp from any to any 137,138,139 in setup keep-state
add 00312 set 1 deny udp from any to any 137,138,139 in keep-state

# Prevent ident requests
add 00313 set 1 deny log tcp from any to me 113 in setup keep-state

# Attempt to prevent os fingerprinting, port 0 is commonly used for fingerprinting purposes
add 00314 set 1 deny log tcp from any to any 0 in setup keep-state
add 00315 set 1 deny log udp from any to any 0 in keep-state

#####################################
# DNS, Rendevouz, DHCP & NTP Services
#####################################
# Allow DNS
add 00400 set 2 allow tcp from any to any 53 out setup keep-state
add 00401 set 2 allow udp from any to any 53 out keep-state

#Allow Rendezvous packets (mDNS Responder)
add 00402 set 2 allow udp from any 5353 to any in keep-state
#Multicast packet required by Rendezvous
add 00403 set 2 allow ip from any to 224.0.0.251 out keep-state

# Allow DHCP
add 00500 set 2 allow udp from any 68 to any 67 out keep-state
add 00501 set 2 allow log udp from any 67 to any dst-port 68 in keep-state

# Allow NTP
add 00600 set 2 allow udp from any to any 123 out keep-state
add 00601 set 2 allow tcp from any to any 123 out setup keep-state

##################
# Services Inbound
##################

# Allow SSH inbound
add 00700 set 3 count log tcp from any to any dst-port 22 in setup
add 00701 set 3 allow tcp from any to any dst-port 22 in setup keep-state

# Allow TCP 2456 inbound
add 00710 set 3 allow log tcp from any to any dst-port 2456 in setup keep-state

# Allow TCP 6881 inbound
add 00720 set 3 allow log tcp from any to any dst-port 6881 in setup keep-state

# Deny any TCP setup requests from the outside world
add 00800 set 3 deny log tcp from any to any setup in keep-state

######
# ICMP
######

# Deny ICMP
add 00900 set 4 deny log icmp from any to me in icmptypes 0,3,4,8,11,12

# Deny external ICMP redirect requests
add 00901 set 4 deny log icmp from any to any icmptype 5 in keep-state

# Silent block on router advertisements
add 00902 set 4 deny log icmp from any to any icmptypes 9
# Drop all other ICMP
add 00903 set 4 deny log icmp from any to any
#########
# Cleanup
#########

# Default deny rule
add 10000 set 5 deny log logamount 500 all from any to any

Further References:
Posted by at No comments:
Labels: , , , , ,

iCal publish URLs lost after moving to a new Mac

I had a Mac disaster two weeks ago. To cut a long story short, Apple was nice enough to give me a new Unibody MacBook Pro when my older MBP died for the 4th time in one year. I am very vigilant about backups, and maintain a regular Time Machine backup.

The new Mac asked me to restore from an existing Time Machine backup, which I did. It took around 12 hours to restore from a 250GB backup.

One of the many things that did not get restored were my iCal publish URLs. Upon opening iCal, I noticed that my publish options had been reset to MobileMe. I had to dig through my old notes and find out what my original publish URLs were, since there is no easy way of digging that info out of my raw Time Machine backup.
Posted by at No comments:
Labels: , , , , , , ,

Thursday, August 20, 2009

ls in colour

I have become used to ls generating coloured file listings.

Add the following to your .profile file to enjoy coloured file listings whenever using ls:

export LSCOLORS=exfxbxdxcxegedabagacad
export CLICOLOR=1
alias "ls"="ls -GF"

Links:

Posted by at No comments:

Safari - delete permanent cookies


Permanent cookies are a pain. I don't want to save any permanent cookies on my system.

Firefox allows me to automatically dump all permanent cookies when closing the browser:


Safari has no such option. Apple - this is a suggestion for you.

I have been tricking browsers into dumping cookies since 2001. For Netscape Navigator on Unix, it was easy. Simply symlink the cookies.txt file to /dev/null :) This forced every cookie to be treated as a session cookie.

For Safari, I had to write a wrapper script.

  1. Go to /Applications/Safari.app/Contents/MacOS
  2. Rename "Safari" to "Safari1"
  3. Create a shell script called "Safari" in the same directory as follows

#!/bin/sh
rm -f ~/Library/Cookies/Cookies.plist
${0}1 $*
rm -f ~/Library/Cookies/Cookies.plist

This will cause Safari to erase all cookies upon launching and exiting. Crude, but works.
Posted by at No comments:
Labels: , , , , , , ,

Verbose boot-up messages

I don't like staring at a white boot up screen with an apple in the middle and a spinning wheel below it. I want to know what's going on. I want to see messages fly by like Linux.

Open up your Terminal and type:

Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)