Secured Guest Account on OSX Yosemite.

I notice something interesting with the new Guest login on Yosemite. If you have an encrypted file-system, the guest login is completely different from the normal guest login of a non-encrypted drive.

With an encrypted filesystem (File Vault), you have to re-boot into an ultra-secure mode. This is almost analogous to a Chromebook and I like it. The new guest mode only has one app running and that is Safari.

Once in guest mode, the user has no other access. He/she cannot access any applications nor can they browse the filesystem.

For comparison, here is the guest mode on my iMac also running Yosemite without File Vault. The original guest mode has desktop, application and file system access.

So if you are running a full file-vault, the guest mode will be a complete surprise. I can see some people not liking it; preferring it to the original mode. I personally like it as it appears to be more isolated and there is little to no chance a user can see anything on my drive as it is intended.

Fixing the BASH Shellshock vulnerability on OSX 10.5.8 and 10.6.8

Apple released a BASH update that addresses the vulnerabilities of ShellShock but they neglected operating systens older than 10.7 Lion.

Well, I happen to know people who are running various 10.5.8 and 10.6.8 Snow Leopard machines in production. They are used in automation and rely heavily on BASH. Thus, I upgraded  over a dozen legacy Mac OSX Servers and it was pretty straightforward.

I'm not going to take the credit but most of what you need is at this link:
http://www.macissues.com/2014/09/25/how-to-unofficially-fix-the-shell-shock-bash-vulnerability-in-os-x/

You will need to download the latest Xcode for each respective OS.
The only gotcha as 10.5.8 and cURL. 10.5.8's built in cURL does not support SSL so you will need to add a -k (insecure SSL) flag in the instructions.

Here is an example:
For 10.6.8

curl  https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -

For 10.5.8

curl -k https://opensource.apple.com/tarballs/bash/bash-92.tar.gz | tar zxf -

That is it. For 10.5, add the -k flag for each cURL request you download from Apple's servers.

Once finish, you should be able to address all of these vulnerabilities:

CVE-2014-6271 

CVE-2014-7169

CVE-2014-6277 

CVE-2014-6278 

CVE-2014-7186

CVE-2014-7187

Bash should be updated to 3.2.55(1)

Once you are patched, it is time to test.

You can go to shellshocker.net and download a bash script that run through all the vulnerabilities.

Or run it from the shell via cURL.

curl https://shellshocker.net/shellshock_test.sh | bash

I hope this helps.

Once you compile it, you can easily tar the files up and use it for re-distribution to similar machines. I only had to compile BASH twice (one for 10.5 and one for 10.6). I then took my Releasebuild binaries and rsync them across various OSX machines from my iPad.

I tested it extensively on some VMs and then to production servers. I was a bit worried about going the homebrew route as that method will install newer 4.3. That is a major generational change and there would be some major breakage somewhere. Thus, sticking with a 3.2.XX version of BASH with all the updates will be the most painless. I have OS X servers running MailMan listservs, some are used for  production automation that runs rsynch, mounting NFS shares, CalDAV, and the likes. So far, nothing has broken.

Ubuntu Folder colors. Aka Macintosh Finder Labels

Mac OS 7 had this back in the mid 1990s. Now, you can have this same feature on Ubuntu 14.04 in 2014. Mac OS calls it labels. This is basically the same principle.

I gotta say, this is a cool system add-on. It is handy for organizing work. Unfortunately, it is not built-in the OS. You will need top download and install it from the link below:

Link:http://foldercolor.tuxfamily.org/

Creating beautiful drive icons. Simple and easy on OS X.

I've been asked how do I make such beautiful desktop drive icons on my mac. Pretty simply, I find a picture I like, remove the back-ground and copy-n-paste into the drive I want.

I've been doing this since 1996. 18 years now. NO need for .icns, .ico,  autorun.inf,  hidden text files, or folder.jpeg files. On Mac OS, it is copy-n-paste. With the advent of HiDPI Retina screens, my icons are usually 500x500 pixel high resolution and they look amazing.
Sure, it is skeuomorphic but I like it.

My technique and steps are pretty simple. Google the image (preferably high-res) and remove the background. Then copy-n-paste.

Here is a visual walkthrough.

VMware ESXi, Xserve, and virtualizing your old Mac server infrastructure

I've been asked quite a bit on this blog, offline and via email about Mac Virtualization. Specifically, virtualizing old Mac OSX servers that previously ran on Apple's discontinued XServes. With VMware's ESXi, you can easily consolidate clusters of old Mac servers into fewer machines and easily provide failover and redundancy. For example if you had 4 Xserves, you can dedicate two as Hypervisors and virtualize all four older Mac Servers on a single machine. With two hypervisors, you would have duplicate and redundant standby failover new Mac servers.

Hopefully, this post will be a guide to help many of those who want to consolidate and virtualize their old Mac OSX 10.6 (and up servers). Think of this as a road-map, blueprint from this fortysome geek. This is my article on running ESXi on the Xserve and virtualizing old Mac servers.

First of all, you will need a few things.

• VMware's Free Hypervisor server, ESXi version 5.1.0
• VMware's Desktop Fusion. 
• an INTEL XEON Power Mac or XServe. My host is a XServe 3,1 which was the last one from 2009.

OSX 10.9 Marvericks - Thunderbolt Bridging IP over Thunderbolt

If you just recently installed OSX 10.9, Mavericks, you will be pleasantly surprise to know IP over Thunderbolt (Thunderbolt Ethernet / Bridging) is now supported. This is a pretty big deal for small workgroups that want to transfer "BIG" files over a closed network.

Thunderbolt is rated at 10Gbps. With a $30 cable, you are now essentially getting 10Gbe networking for free between two Thunderbolt equipped macs. This is a big deal. How big of a deal is this? 10Gbe networking isn't cheap. Gigabit ethernet has a max theoretical 125 Mb/s limit with real world 100-109 Mb/s.

When you first launch your networking preference, you will notice that the OS now adds a new network port. Thunderbolt Ethernet, bridging, networking. In other words, IP over Thunderbolt is now a reality.

Now, all you need to do is create a closed network.
I chosen 192.168.2.0/255.255.0.0. One will need to be the master and the other the slace.
My 15" Macbook Retina (192.168.2.2) as the master and my 2012 13" Macbook Pro as the slave (192.168.2.3).

With file-sharing on, I can access either via their Thunderbolt IP.

Then I did some copies and benchmarks.

AMAZINGLY FAST. See for yourself.

This is over the network. The 15" Macbook accessing the SSD of the 13" Macbook Pro over the network.

Real world copies. 15 large MP4 movies totalling 45GB in less than 5 minutes over AFP.

For you UNIX networking nerds, I ran iperf

Thats right, 760 plus MB/sec. Networking is only limited to the reads and writes of the drive now.

This is a game changer. The set-up.

UPDATE:
You can read up on multiple mac bridging here.

Cathode Terminal App for OSX. Vintage UNIX computing fun.

Here is a pretty cool terminal app for Mac OSX. Called, Cathode, it brings back some retro fun (for those over 30). It is $10 at the app store which seems pricey for a terminal app. However, after playing with it, it is loads of fun for old timers like myself.

It simulates old Cathode tube monitors from days past. You can pretend you are working on an old Lost era 1970 Aames research terminal, a 286 from 1980, even a Commodore 64, a Pet, or pretty much any old UNIX workstations long before flat panel LCD. You even have the degauss effects, blur, random jitter, RF static as if you are on a real old school terminal. In short, cool.

This is how it looks on my Retina 15" Macbook Pro. 

I had low expectations; thinking it would come with at most, 3-4 themes. I was pleasantly surprise to see the myriad of options: screen themes, monitor faceplate themes, fonts, and you can even configure the background CRT reflection. In short, you can configure this in a hundred different permutations. For example, you can pretend you have Commodore 64 connected to a 9" TV from 1976 with a janky RF adapter. You'll get the RF backfeed, fuzz, noise, scan-lines, and refresh. If you are old enough to remember switching between Channel 3 and 4 due to local tv station back-feed while connecting a home computer to a television set in the 80s, you'll know what I am talking about.

The apps is even retina optimized so you can see with extreme clarity.

Here are some screen shots.

$10 doesn't seem so bad considering I am in the terminal 90% of the time. It makes it fun. And with Apple's download policies, I can install this on multiple macs I own via the App-store. In essence, it takes the bite out of $10 for a terminal app when you spread it across 4-5 macs. It is definitely worth it for the fun and nostalgia.

I only wish for a 1990 MacTerm and Nextstep theme to complete this. And if this developer ever made this app as an SSH client for the iPad, I will be the first one in line to download.

Lastly, I finally have a reason to pull out my old 7" portable USB displaylink monitors. At 800x480, they're pretty useless but as a second terminal window, they're pretty cool.

Link on App Store: https://itunes.apple.com/us/app/cathode/id499233976?mt=12

Pear OS 7 OSX hackintosh

Here is something you don't see too often.

Here, I have Pear OS 7 which is a Ubuntu based Linux distribution running on my Thinkpad. Pear OS is known for being Cupertino inspired. It is pretty much an OSX themed Linux disto. Inside Pear OS, I have Mountain Lion 10.8.2 running inside a VMware Virtual Guest.

I cloned a few of my old Macs on my Macbook using Fusion 5. The clone VM guest was on a USB drive I had and I was wondering if my VM guests would start up in Linux on a different machine. To my surprise, double clicking the .VMX file, the VM guest launch and ran inside Pear OS running VMware player for Linux. It ran with no problem. I thought there would be some sort of check to prevent this but apparently not.

OSX Mountain Lion 10.8 UAS UASP USB Attach SCSI drivers

My blog was one of the first to write about UAS/UASP (USB Attached SCSI) on the Mac OSX platform last summer. I've been writing about it for some time.

I've been getting a lot of Google search query hits on my blog for "Mountain Lion UAS drivers", "OSX USB Attach SCSI", and "OSX UASP drivers."

Well, here is the answer for all those daily search queries in this blog post. If you came here from a search engine, this blog will help you find your answer.

What is UASP? In short.

• Enables storage products to operate much faster by utilizing the faster bandwidth now available with the new Super Speed (USB 3.0) standard
• Reduces the protocol overhead of Bulk-Only-Transport (BOT)
• Supports SATA native command queuing (NCQ)
• Multiple commands are processed in parallel

There is no "drivers" for UAS/UASP. If you have Mountain Lion, the "drivers" will be system kexts located at: /System/Library/Extensions

There are two USB kexts that OSX uses for mass storage:

IOUSBMassStorageClass.kext
IOUSBAttachedSCSI.kext

The first one for standard, traditional Mass Storage BOT (Bulk only transport) and the second for UASP. Even old Macs without USB 3.0 UASP ports will have the IOUSBAttachedSCSI.kext installed. It doesn't mean your Mac has UASP hardware.

To find out if your Mac supports UASP, here is a simple test.

Plug in a USB device. Go to  "About This Mac" > More Info > System Report  and scroll down to "Extensions" under Software.

If you have a BOT (aka regular USB drive) device, the IOUSBMassStorageClass will load up. A simple test is to plug in an older USB 2.0 stick/drive. See screenshot below.

Now, quit the "About Mac / System Information applet" and plug in your USB 3.0/UASP drive. Reload the About This Mac and repeat the previous step.

If  the following "IOUSBAttachSCSI" shows up, your Mac takes advantage of the faster SCSI USB like protocols, UAS.

I've notice that if you plug your device into a USB hub, it does not load up the UASP kext.  So take note. Even with some USB 3.0 hubs, the device will drop down to BOT Mass storage. This will be interesting to take note in the future.

Simple. Now, you don't have to Google around anymore for OSX "UASP" drivers. It is all there in Mountain Lion. The kext will load on-demand as your plug in your UAS/UASP USB 3.0 Super-speed devices.

Now, if you want to see UASP in action, here is a review of a UASP device in OSX: the Blac X 5G and a youtube video of it's speed below.

Practical UNIX style backups using an ArchLinux PogoPlug

If there was ever a reason to get a $15 pogoplug hacked to run Arch Linux, this article may sway you.

I'm going to show you how I turn an ordinary $15 linux gadget into a useful "rsync" backup client.

The tasks which I will share with my readers is the typical things I would do administering *NIX based servers. We set up redundancy and failover using some simple and tried and true methods. There really is no rocket science involved. After doing it a few times, it becomes second nature. And because of the simplicity, it becomes apparent why I love small gadgets running Linux.

The articles and methods are pretty much simplified but they illustrate the simple and powerful nature of the powerful command line.

Today, I decided to turn one of my Pogos into a remote robo-copying slave. Its only job is to do remote backups of my GIT server. Then I realize, it should be running independently as a working droid (thinking Star Wars) to find,scan my network and backup any *NIX computers running in my household. I have a few spare older 250-320GB drives that needed to put to good use, so I pared them to a Pogo.

Normally, you would initiate the copy and backup from your desktop/laptop to the PogoPlug running some form of Linux/NAS. Here, I do the reverse. I have my pogoplug go out and do all the work.

So if I turn on my NetBSD G4 mac from 5 years ago, or come home with my Thinkpad, or turn on my iMac, it would automatically back them up without my intervention. I wouldn't have to think about it. If I was working on some code on my Thinkpad. I could go out to the back-yard to my patio and from my Macbook, I can pull source code that was already synced 5 minutes earlier off the Thinkpad.

Think of it as a reverse time machine. The concept is not new. We have dedicated backup servers that do nothing else but do remote backups off-site. Here, I am using a low powered PogoPlug running ArchLinux.

In fact, it took me 30 minutes to implement it. This is the power of *NIX. So I will share it with my readers today. Everything is meant to be done on the Pogo itself.

First, I logged into my Pogo and copy my SSH keys from my Pogo to all my target computers. So if I change my passwords, it would still authenticate against it. As I write this, I am thinking R2-D2 talking to the main-frame of the Death Star. If you don't know what SSH keys are, take a detour and google it before proceeding further. In short, keys allow machines to talk to one another without using passwords.

In arch, it is pretty easy.

ssh-copy-id username@remote_server

It will simply copy your keys over to the remote machine.

Next, I wrote a small bash script that pings the remote machine. If the machine pings, it means it is online and it will then attempt to rsync with it. Rsync is the tried and true industry standard for remote file synchronization/file copies.

Feel free to use this bash script. Simply, change the variable of the "remote_machine" to the IP or hostname of the computer you want it to ping and rsync. Since my network employs Avahi/Bonjour, it pretty much works by hostname. EG. My Thinkpad is accessible via ThinkpadT420.local
In this example, my remoteserver.local is my intended target.

I do a simple IF THEN conditional check in my bash script. If the machine doesn't ping, alert us with a message. Otherwise, proceed to rsync.

 #!/bin/bash  
 remote_machine="remoteserver.local"  
 PINGCOUNT=2  
 PING=$(ping -c $PINGCOUNT $remote_machine | grep received | cut -d ',' -f2 | cut -d ' ' -f2)  
 if [ $PING -eq 0 ]; then  
           echo "Something wrong! server: $remote_machine down"  
 else  
           echo "All good: $remote_machine"  
           echo "We will rsync now"  
           rsync -au --progress --stats root@remoteserver.local:/var/www/ /media/passport/rsync/vps/www/  
 fi  

My rsync command is pretty straightforward here. Archive and update. I added progress and stats for my own reference.

rsync -au --progress --stats root@remoteserver.local:/var/www/ /media/passport/rsync/vps/www/ 

Basically, my rsync logs into the remote server, copying the /var/ww/ into my destination of my 1TB Western Digital USB drive labelled, passport. The copies go into a folder, /media/passport/rsync/vps/www


After writing it, I tested it. I named my script vps_backup.sh

I then change the permissions to executable and did a dry run.

As you can see, the files and folders populate from my remote machine. The below screenshot shows two web directories. One from my iMac and another from a remote VPS.

Lastly, I would use a cron job to run every few minutes. You can even do cron job schedules in Webmin. I would recommend installing webmin so you can have a web based administratie interface of your Pogo. It simplify things quite a bit.

When you log into webmin, head over to System . Scheduled Cron Jobs.

Cron Jobs under webmin is pretty much a point and click.

I specified the user running as "root" to have full system rights and pointed to the script I wrote earlier in /root/vps_backup.sh. For this example, I specified a daily midnight schedule but I could change to hourly or every 5-10 minutes.

And there you have it. A simple (well, at least for me) way to do interval backups from a Pogo.

i7 3770K Gigabyte Ivy Bridge Hackintosh

I've decided to publish the result of my 3 months with a Hackintosh.
I have a few Macs and Macbooks around the houses and wanted a really modern, beefy, home test machine I would be using for various things. This box would be used for all sort of things but the ability to run as a hackintosh was a secondary motivating consideration. I would mostly be running ESXi and Linux most of the time. I also wanted a Mac with USB 3, Thunderbolt, 32GB of RAM, lots of drive bays, and eSATA. Hence, I decided on a Gigabyte motherboard with the new Ivy Bridge i7 3770K.

Well, to my surprise, my hackintosh is extremely well built and amazingly, insanely great!

Here is the technical run-down:

• Motherboard: GIGABYTE GA-Z77X-UP5 TH w/ Thunderbolt
• CPU:Intel Core i7-3770K Ivy Bridge 3.5GHz (3.9GHz Turbo) HD 4000 Graphics cooled w/ Cooler Master Hyper 212 cooler
• GPU: MSI GTX 650 TI (Nvidia Kepler) w/ 1GB DDR5
• Case: Cooler Master Scout ATX Mid Tower Case - 5 drive bays,4 internal bays
• PSU: Corsair TX650 power supply
• RAM: 32 GB of CorsairRAM
• Storage: 240GB & 180GB Intel 330 SSDs for OSX and Windows 7. Seagate 3TB 7200 rpm for data drive.
• LG Blu-Ray DVD Writer 
• Display: Dual 24" Dell IPS UltraSharp Displays
• Wi-Fi: TP-Link TL-WDN4800

I did careful research and I will share with you my findings and all the great things about this build.

First of all, this particular build is pretty much bullet-proof.
I have full SATA III 6Gbp/s speeds, Bluetooth 3 works, Wi-Fi works with the built-in operating system, iCloud/iTunes/App Store account works, and Thunderbolt (with a small caveat). The only caveat with Thunderbolt is that devices need to be plugged in and powered on before you boot the machine. That is the only small minor issue  I have with this build. Thunderbolt/DisplayLink display works too. Lastly, there is no DSDT file to mess with it. It is 95% Vanilla OSX. I remembered I had to do something with the boot flag to get the NVIDIA drivers to install. Once installed, the GPU works with CUDA extensions and acceleration for Adobe CS applications.

All I had to do was really follow Hacks by Alfa and read some posts on tonymacx86.

http://hacksbyalfa.com/post/28271035968/gigabytehackintosh

Some notes on my Build.

Get the TP-Link Wifi Card. Period. The ability to have the OS natively recognize the card and have air sharing and everything is awesome. Prior hackintoshes, I had to deal with 3rd party wifi drivers and silly applications to connect to Wi-Fi. I ending up junking  the free Wi-Fi card that came bundled with the Gigabyte motherboard. The TP-Link card is well worth the $30 bucks.

The Hyper 212 cooler is pretty good at keeping the 4-core, 8 thread i7 pretty cool. I never break 50c under heavy loads. I also think it is attributed to the Scout case and air-flow. There are 120mm fans everywhere. Air circulation is very good.

The case is an older design but it is perfect for my needs.It has 4 front USB 2.0 ports along with a front e-SATA panel on the top.

The Gigabyte motherboard has 6 or so rear USB 3.0 ports and comes with a front panel adapter for two more.

Inside the case, I have my dual Intel SSDs and 3TB Seagate drive for my onboard storage.
I also installed a Syba dual dock for quick removal of drives.It allows me to quickly swap out a 2.5 and 3.5" at the same time.

The Syba dock also gave me another two front USB 3.0 ports. With the Syba dock, I have a total of 10 USB 3.0 ports, 4 USB 2.0 front ports.

So with the rear eSATA, front eSATA,dual drive dock, I can randomly swap our 4 drives externally. I pretty much used all my SATA connectors and topped it off with an LG Blu-Ray ripper.

I figured since I used up all my SATA ports, I'd do the same for USB.I forget how many headers I have but I was able to fit another two USB 3.0 internal ports. I used them to store a USB wifi dongle for Linux (running dual wifi) and a bootable "safe OSX fix disk." This is my safety plan in case my OSX gets hosed, I can easily boot off the USB and fix whatever I need to. I haven't had to do anything since. Software and OS updates have worked fine.

The case is pretty awesome in the fact it has handle. I never realize how cool it was and I can easily lug this box around.

Since I had so many extra 5.25" front panel bays, I put in a front cubby case to store things.

Performance.

Well, it runs very fast. It is faster than my 2012 Thunderbolt 27" i5 iMac. In fact, it doubles the geekbench scores. This CPU is easily clockable. I'm getting 16,000 + geekbench easily at 4 GHZ. The iMac only scores 8229. With SATA III 6Gb/s and the Intel 330 SSDs, I am seeing 400 Megabyte/sec writes and close to 500 reads. The Nvidia GTX 650 TI isn't going to win gaming benchmarks but is more than good for me to drive large monitors. It is also accelerated for many pro apps which is nice.

Thunderbolt.

The main reason to get this motherboard is the no DSTD build. However, Thunderbolt may be another reason. Like I mentioned earlier, Thunderbolt works awesome on this. Compared to my iMac and Macbook Pro, it is just as fast connecting to a Thunderbolt SSD or my Drobo 5D.
In fact, running Windows on this same machine wasn't even as pleasant. My Drobo 5D is not recognized under Windows. For displays, I have to enable the built in HD4000 Intel graphics to power a Thunderbolt/DisplayLink display.


Conclusion.

Well, I love this box but to tell you the truth, I prefer to use my iMac. The simple truth is the 2560x1440 screen. Running two 1080p 24" Dell doesn't cut it. The hackintosh simply blows everything I currently have. I loved this hackintosh when I was testing it out in the office with 30 and 27" Cinema Displays. I think this will all change when I come up with the cash to buy me a new 27" or 30" screen for the house. I may have an eventual need to re-purpose this machine for one of my other projects I am working on. I have to admit the allure of running a fast macintosh on cheap commodity hardware is very alluring.

Will this be better than a Mac Pro? Well, yes and no. Mac Pros run full on Xeon Processor rigs with ECC (Error Correction memory modules) and you can go way higher than 32GB of RAM. ECC Ram make them by definition, superior rigs for day-to-day workflow. Xeons can come in multiple socket CPU configurations and you get up to 12 cores. My i7 is still only a consumer grade 4-core CPU.  The Xeons also come with more PCI-e lanes (I believe 40) for more dedicated cards. Hence, there is a very good reason those Macs are aptly named "Pro" machines for a reason.  However, current Mac Pros are not cheap and don't have the niceties this Ivy Bridge rig has. Namely the USB 3.0, Thunderbolt, and multiple SATA 6 Gb/s connectors. If you are a serious professional and make a living using Mac products, get a real Mac. They pay for themselves in real billable and projects.

I've thought about doing an Xeon build but that would have been way above my price range.  At that point, I would rather get a real Mac Pro. Furthermore, I haven't seen any Xeon Custo-macs with Thunderbolt and the type of I/O this machine has.

And this is where the dilemma comes in. These hackintoshes simply offer more than the Mac Minis and iMacs. This is where I believe Apple should make a mid-range "Performa" line using consumer Ivy Bridge and future Haswell architecture. Not everyone needs XEON class machines for their homes.

In the ailing days of pre-OSX Apple, I miss my original Power Computing clone Mac. I remember getting a few StarMax and Power Computing "Mac clones" that offered great expandability and affordability. Those too were insanely great machines. Anyone remembered this guy? This is what the world needs now. Cheap affordable OSX based computers.