You are here: Foswiki>Main Web>WikiUsers>MarcoMambelli>MyNotes>ElMTTMLE (21 Feb 2014, MarcoMambelli)Edit Attach

Micro Things That Make Life Easier

Micro Things That Make Life Easier

Key propagation

Components are:

Public authentication
ssh-agent
keychain or equivalent mechanism to exchange ssh-agent information between shells
key forwarding

A guide: http://www.unixwiz.net/techtips/ssh-agent-forwarding.html

3 Interesting articles from IBM research:

Public keys: http://www.ibm.com/developerworks/linux/library/l-keyc.html
ssh-agent and Keychain: http://www.ibm.com/developerworks/linux/library/l-keyc2/
Key forwarding and portability: http://www.ibm.com/developerworks/linux/library/l-keyc3/

Some guides at Gentoo:

I'm using Gnome and I noticed a process /usr/bin/ssh-agent -- gnome-session. Being optimistic (here

) I tried ssh-add and it worked, keeping the keys also opening new shells. I guess that ssh-agent and gnome set up a keychain equivalent configuration.

Do not mix keychain with keyring, used to manage PGP keys.

Keep always in mind which host you consider trusted hos and which not. Using different keys you can build hierarchies of trust. A more trustful of B if A has private key to access B (= in authorized_keys of B)

ssh -i < priv_key_file > < host > : use key in priv_key_file to access host

ssh -A < host > : forward the agent (or the key) to your ssh connection

Some useful option in aah-add:

ssh-add -l : to list fingerprint and name of the currently loaded keys
ssh-add -D : to remove all the loaded keys
ssh-add -d < key > : to remove a specific key

A workaround to shared directories: if a host has a shared $HOME directory with other hosts but you want a private key to be usable only on that host put the key on a directory that you own local on the host and

3rd party scp

scp is not forwarding keys/agent as default and the option -o AgentForward=yes is ineffective. The option has to be put in a configure file in your .ssh directory in order to be effective and allow commands like:

scp srchost:srcfile dsthost:dstfile

CERN

CERN authentication is complicated by the use of AFS. Documentation is contraddictory. Does CERN support SSH-2?

See:

Here they state that they do not support SSH-2: http://consult.cern.ch/qa/3522
Here they recommend to use SSH-2: http://consult.cern.ch/qa/3373
This seems useful: http://security.web.cern.ch/security/ssh/ssh_faq.html#AEN129
Instructions to setup CVS so that is working with the agent: http://cvs.web.cern.ch/cvs/howto.php#accessing-sshlinux
https://twiki.cern.ch/twiki/bin/view/LCG/SSHGateway

ssh -A tier2-06 (with both _ring and _heplab keys loaded in the agent): key forwarding and passwordless login work for CVS access

lxplus.cern.ch still is not working and asks for password.

Other HEP Laboratories

At BNL Keys have to be uploaded here for RCF/ACF (e.g. atlasgw.bnl.gov):

upload page: https://www.rcf.bnl.gov/Auth/External/SshKeys/UploadSshKey.php
some instructions: http://drupal.star.bnl.gov/STAR/comp/sofi/facility-access/ssh-keys

Scripts etc

Simple notes

From http://www.macosxhints.com/article.php?story=20030515092523600

# simple note taking
alias note "echo `date +'m%d %H:%M - '` ${1} >> ~/Documents/notes.txt"

On mac you can use also pbcut and pbpaste

Mac

Remember to install optional software and XCode from the install DVD right after the installation, before installing all the updates.

In 10.9 (Maverick) XCode is in the Apple store but some components have been removed:

install it
open it and from the XCode menu select Open Developer Tool > More Developer Tools...
This takes you to Apple developers site with a bunch of software. You must sign in. Download and install Command Line Tools, for me "Command Line Tools (OS X Mavericks) for Xcode - Late October 2013".

Useful app:

add terminal to the dock
iTerm, replacement for terminal: http://www.iterm2.com/
firefox, skype, cyberduck, xmeeting 0.4p2, xsltpalette,
- FF plugins: firebug, codeburner, flashgotit, zotero (http://www.zotero.org/)
  - XSL Results: apply XSL, requires java 1.6, disable all "Apply Saxon..." in preferences. Sometime saved preferences for sites are not preserved
SSB fluid (add campfire, modify adv pref to allow authentication page)
- http://fluidapp.com/
office, adobe sw
quicksilver, onyx, growl
- http://growl.info/
pacifier, macport, imagemagick
- http://www.charlessoft.com/
- http://www.macports.org/install.php#requirements
fairmount (32/64), handbrake, toast, vlc, Flip4Mac WMV
- http://www.telestream.net/flip4mac-wmv/overview.htm
- http://www.microsoft.com/windows/windowsmedia/player/wmcomponents.mspx
senuti
- http://www.fadingred.com/senuti/
VNC - Mac provides one: /System/Library/CoreServices/Screen\ Sharing.app. You can enable the server in Sharing Preferences Pane, either on Screen Sharing or Remote Management.
- Chicken of the VNC: http://sourceforge.net/projects/cotvnc/
- http://www.jinx.de/JollysFastVNC.html (shw)
- http://www.testplant.com/products/vine_viewer ($35)
- Other computer sharing app:

Here is a page with a lot of useful suggestions:

Homebrew

In 10.9 I decided to try Homebrew, going with the recipe in http://hackercodex.com/guide/mac-osx-mavericks-10.9-configuration/ and http://hackercodex.com/guide/python-development-environment-on-mac-osx/ for the python environment

MacPort

sudo port -v selfupdate
port -v search imagemagick
sudo port install ImageMagick

Attention, some program e.g. Gimp have a lot of dependencies (and will build for one day or two)

To update:

port upgrade outdated
port list installed (or outdated)

Remove spaces from copy paste from terminal

Some applications, pine, add spaces at the end of the line. Copy the commands as a script in ~/bin/ to source when needed (http://forums.macosxhints.com/archive/index.php/t-21372.html):

pbpaste | sed 's/ *$//' | pbcopy

Copy and paste from x11

Enable 3 button mouse emulation (x11 Preferences) Pasteboard synchronization should already be enabled (x11 Preferences>Pasteboard)

option-click is middle click (paste)
command-click is right click
for copy select or use command-C

Tab completion in shell

If you don't want to manage server lists for tab completion with ssh, put the following line in your .bash_profile file in your home directory:

complete -W "$(echo `cat ~/.ssh/known_hosts | cut -f 1 -d ' ' | sed -e s/,.*//g | uniq | grep -v "\["`;)" ssh

sed -e 's/^  *//' -e '/^#/d' -e 's/[, ].*//' -e '/\[/d' ~/.ssh/known_hosts | sort -u

Here a function for .bash_profile:

_complete_ssh_hosts ()
{
        COMPREPLY=()
        cur="${COMP_WORDS[COMP_CWORD]}"
        comp_ssh_hosts=`cat ~/.ssh/known_hosts | \
                        cut -f 1 -d ' ' | \
                        sed -e s/,.*//g | \
                        grep -v ^# | \
                        uniq | \
                        grep -v "\[" ;
                cat ~/.ssh/config | \
                        grep "^Host " | \
                        awk '{print $2}'
                `
        COMPREPLY=( $(compgen -W "${comp_ssh_hosts}" -- $cur))
        return 0
}
complete -F _complete_ssh_hosts ssh

For sudo:

complete -c -f command sudo

bash-completion package from macports and then add the following to your .bashrc:

if [ -f /opt/local/etc/bash_completion ]; then
. /opt/local/etc/bash_completion
fi

SSH with Kerberos

Kerberos is already in OS X 10.3 and following:

http://web.mit.edu/macdev/www/osx-kerberos-extras.html

To activate Kerberos ssh add this to /etc/ssh_config

Host *.fnal.gov
  GSSAPIAuthentication yes
  GSSAPIDelegateCredentials yes

Address resolution problem

Sometime ssh and many other programs stop working. Address resolution times out. host SERVER still works but ssh SERVER times out. This is triggered sometimes by the use of Kerberos. Bouncing mDNSResponder seem to solve the problem (http://apple.stackexchange.com/questions/26616/dns-not-resolving-on-mac-os).

sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.mDNSResponder.plist

Tracing (DTrace)

To monitor processes, files network, ... e.g. dtruss -f -t open python myfile.py

Sync tools

Dropbox and Windows Live Sync.

WLS does not support (syncs) links, Dropbox does
WLS is not using the system trash but ~/Library/Application\ Support/Windows\ Live\ Sync/trash/: this page suggests to replace the folder with a link

File systems

FUSE

Fuse (MacFUSE) is used to support other file systems (NTFS, ext2, ...)

MacFUSE http://code.google.com/p/macfuse/ (Mac version of Fuse)

ext2/3 FS

ext2fuse - old library using MacFuse http://sourceforge.net/projects/ext2fuse/
fuse-ext2 - tested with SL 10.6 (installed) http://sourceforge.net/projects/fuse-ext2/ (dev page)

UFS and UFS2

Mac UFS is different from FreeBSD UFS and there is no driver for UFS/UFS2 on OS X. UFS2 read only support is included into Linux kernel since version 2.6.5 (better read-only). For example: mount -t ufs -o ufstype=ufs2 -o ro /dev/hda3 /mnt/bsd/

A possibility is using a FreeBSD appliance in VMWare: http://hintsforums.macworld.com/showthread.php?t=110824

Mac File system etc

Introduction:

Mac and natives FSs: http://osxbook.com/book/bonus/ancient/whatismacosx//arch_fs.html
HFS+ http://developer.apple.com/library/mac/#technotes/tn/tn1150.html
UFS supported natively is not BSD compatible:

Links (hard/soft) and Aliases:

TrueCrypt

http://www.truecrypt.org/

This page lists hidden and system files: http://www.westwind.com/reference/os-x/invisibles.html

Mac OS X creates a swap file of the size of the whole memory to dump the memory content when a laptop goes to sleep (hibernate, suspend): /var/vm/sleepimage. Without that file the memory content gets lost if the battery die and the computer needs to reboot.

Add known hosts addresses

This may vary.

Edit /etc/hosts to include the host. /etc is a link to /private/etc (src. Apple).
(before 10.5) You may need to update NetInfo: sudo niload -v -m hosts . < /etc/hosts (as suggested here, alias reloadhosts="sudo niload -v -m hosts ., after 10.5 there is no niload/!NetInfo Manager)
Further steps may be lookupd -flushcache, sending a HUP to lookupd or a reboot.

A ping should verify that. Note that host=/=netstat will not work because use the DNS.

Static routes

Static routes can be added with route (man route):

sudo route add -net 192.168.192 128.135.250.17
netstat -nr

Here some links to add them permanently (modify startup scripts):

Note that the interface must be active (route available)

Some troubleshooting:

http://aplawrence.com/Troubles/network_troubleshooting.html

Data recovery

Some software:

Sandisk ResquePro, works for smartcards (free demo): http://www.lc-tech.co.uk/buynow/rescueprobuynow.html
Boomerang (Mary used it with good results): http://www.boomdrs.com/macosx/
Data Resque 3 (Sam used it, free demo): http://www.prosofteng.com/products/data_rescue.php
Disk Warrior (highly prized), disk repair 100: http://www.alsoft.com/DiskWarrior/index.html
R-Studio (good online reviews): http://www.data-recovery-macintosh.com/
- They have a free R-Linux: http://www.data-recovery-software.net/Linux_Recovery.shtml
review: http://data-recovery-software-review.toptenreviews.com/mac-recovery-software/

These do not work:

Exif untrasher (free, failed): http://www.bluem.net/de/mac/exif-untrasher/

Reading mail files

Pine mail files are in mbox format (other programs use variations of it or maildir). Here are some documents about emails. Mbox files can be imported in Thunderbird or passed through some sanitating scripts. Pine can also be installed on aMac.

The best way to access mbox file seems to use the =mailbox= library in python.

Signed mail

Mail.app supports signed mail.

import your certificate in App>Utilities>Keychain
configure the SMTP server
- uchicago NSIT: http://nsit.uchicago.edu/docs/email/authsmtp/#4

Links

x509 utility: http://developer.apple.com/mac/library/DOCUMENTATION/Darwin/Reference/ManPages/man1/x509.1ssl.html
Certificates for mail: http://www.macosxhints.com/article.php?story=20050522045225980
- Note that Thawte discontinued the service as of Nov 2009

Fonts management

To do:

Reorganize folders: cleanup, centralize, collect
sort them
use FontBook to activate

Some links about fonts:

http://www.jklstudios.com/misc/osxfonts.html
http://arstechnica.com/apple/news/2006/12/fontmanagers.ars
http://www.prepressure.com/fonts/basics/snow-leopard-fonts
- test page [ (define ] : http://docs.plt-scheme.org/gui/windowing-overview.html
Fontcase (Eu 42): http://www.bohemiancoding.com/fontcase/index.html
Font Explorer X Pro (free 1.2.3 not supporting 10.6) http://www.fontexplorerx.com/macpurchase/
Ad for suitcase: http://doc.us.extensis.com/Font-Management-What-the-Pros-Use.pdf

NTFS support

There are 3 way:

MacFUSE + NTFS-3G (free, slow)
Paragon (pay)
Apple (unstable)

Install MacFUSE+NTFS-3G. Stable, supports 10.4/5/6 (no 64bit kernel). I installed it with caching disabled.

http://macntfs-3g.blogspot.com/
MacFUSE (for reference): http://code.google.com/p/macfuse/

Instructions to enable native NTFS R/W support on Snow Leopard. Unstable, mixed comments from people.

For this, you need to modify your /etc/fstab file to mount NTFS partitions for read and write.
First, uninstall NTFS-3G/Paragon if installed.
Open a terminal
Type "diskutil info /Volumes/volume_name" and copy the Volume UUID (bunch of numbers).
Backup /etc/fstab if you have it, shouldn't be there in a default install.
sudo vi /etc/fstab (and add one of the following lines: UUID or LABEL)
Type in "UUID=paste_the_uuid_here none ntfs rw" or "LABEL=volume_name none ntfs rw" (if you don't have UUID for the disk).
Repeat for other NTFS partitions.

Restart your system (a remount should be sufficient). Afterwards, NTFS partitions should natively have read and write support. This works in both 32 and 64-bit kernels. Support is quite good and fast, it even recognizes file attributes such as hidden files.

Another option basically, it's running mount_ntfs with read/write option specified. To do it, in a terminal:

sudo mv /sbin/mount_ntfs /sbin/mount_ntfs.orig
sudo vi /sbin/mount_ntfs  #(and add the following, until #END)
#!/bin/sh
/sbin/mount_ntfs.orig -o rw "$@"
#END
sudo chown root:wheel /sbin/mount_ntfs
sudo chmod 755 /sbin/mount_ntfs

Make sure to check that mount_ntfs is listed as -rwxr-xr-x and root wheel when you type ls -al /sbin/mount_ntfs and you're good to go. P.S. If it isn't working for you, it may be that the NTFS partition wasn't cleanly unmounted previously (e.g. not using safe eject in Windows). To check if this is the case, open Console in Utilities, and go to 'All Messages' instead of 'Console Messages'. Search for 'ntfs' and you may come across an error that displays like this: NTFS-fs error (device /dev/disk3s1, pid 435): ntfs_system_inodes_get(): $LogFile is not clean. Mounting read-only. Mount in Windows. You need to plug the disk into Windows-running system, and do a safe eject. Then the NTFS partition will mount in read/write mode.

Some links about NTFS on OS X:

Adapter for Mini DisplayPort

Apple provides only MDP->DVI-D or MDP->VGA. Available online there is also MDP->DVI-I. There seems to be no adapter to S-Video or composite. (Mini) DisplayPort seems not to include any analog signal, making line conversion to VGA or S-video/composite not feasible. The converter above is not working properly. No analog signal is coming out of the DVI-I. Some links:

This is supposed to work but it is $70 and big:

Day displaying in date on the menu bar

OS 10.5 allows more customization: http://paulstamatiou.com/how-to-display-date-in-os-x-menu-bar OS 10.6 has an option to show date, no customization

Gyrotransport

Plug, connect, mode2, works as a mouse. http://gyration.com/index.php/us/products/gyrotransport.html#support

The USB drive is not ejecting (it is remounting itself automatically right after, both in Finder and Disk utilities). To eject, on a terminal:

diskutil unmount /Volumes/GYROFLASH

To try

Papers: http://mekentosj.com/papers/ ($42)
OmniGraffle (OFocus, OOutliner): http://www.omnigroup.com/applications/OmniGraffle/
MailPlane (Gmail app): http://mailplaneapp.com/
google voice: http://elasticthreads.tumblr.com/post/196451895/snow-leopard-services-pt3-google-voice
Services: http://elasticthreads.tumblr.com/tagged/Service
Some tweaks: http://oz-penguin.livejournal.com/

Mac Bugs

Computer sluggish

Basically only Safari is running and 4GB are not enough. When I try to print a page (to save it as PDF) it hangs for almost one minute, the memory consumption in the machine goes up more than 1GB (but the activity monitor cannot tell me who uses it) then the memory is freed when the print screen appears.

System processes taking 99% CPU

Some system processes are known to run-away sometime (bugs...). alsmanager (logger), mds and mdworker (file indexers)

http://discussions.apple.com/thread.jspa?threadID=1831184&start=30&tstart=0

aslmanager (new syslog mgm system)

sudo launchctl stop com.apple.syslogd
sudo launchctl stop com.apple.aslmanager
sudo mv /var/log/asl/* ~/tmp (you might as well use rm but i wanted to be safe)
sudo launchctl start com.apple.syslogd

Spotlight is not working

Was searching a file that I searched other times. This time it is not finding it. Found it by hand, copy and paste the content, still nothing. It is a RTF file from text editor. Tempted to turn it off:

-- MarcoMambelli - 15 Oct 2007

Topic revision: r37 - 21 Feb 2014, MarcoMambelli

Main

Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback