Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Enable X11 listening on port 6000 Network
Are you having difficulty redirecting X11 to your Mac running Leopard without using ssh -X? Someone figured out that Leopard turns off listening to X11 traffic on TCP port 6000 by default. The following steps will TCP listening back on, so that the X11 server will service a client request.

First see if your server has TCP listening turned off by executing the following command: defaults read org.x.X11 | grep nolisten. The output will read either "nolisten_tcp" = 1; which is bad, or "nolisten_tcp" = 0; which is good. If TCP listening is off, turn it back on. I did this both as root and my default non-root username, as I didn't know which one took precedence:
sudo defaults write org.x.X11 nolisten_tcp 0
defaults write org.x.X11 nolisten_tcp 0
Shut down your X11.app, then in Terminal, type xterm, and as normal, the X11 terminal should pop-up. In the xterm, enable all remote users by typing xhost +. Back in Terminal, type the following to see if the server is now listening for inbound TCP requests: netstat -na | grep 6000. You should see something like this output:
tcp4       0      0  *.6000            *.*               LISTEN
tcp6       0      0  *.6000            *.*               LISTEN
Now on your remote system things should be as before. Just setup your DISPLAY to point to the Mac and fire away. I assume this is persistent across a reboot, but I didn't try. The original solution was found here by Johannes Overmann.
  Post a comment  •  Comments (9)  
  • Currently 3.00 / 5
  You rated: 2 / 5 (12 votes cast)
 
[22,987 views]  View Printable Version
Replace MobileMe with an open source server Network
Instead of using Apple's MobileMe account and losing control over your data, you can instead use dotmac for data synchronization and iDisk-like storage space. It requires a machine running either Linux or OS X with Apache and some Perl modules installed. It works fine here with OS X 10.5.5.

[robg adds: I hadn't heard of this project before, and it looks intriguing, claiming to support data sync for any app that uses .Mac (iCal, Address Book, etc.), iDisk-like remote storage, and support for Backup. Note that the setup process requires a fair bit of work in Terminal. Also, if you want the true benefits of .Mac (offsite hosted storage available anywhere), you'll need to set up your replacement server in the same manner. I haven't tested this one.]
  Post a comment  •  Comments (1)  
  • Currently 1.80 / 5
  You rated: 2 / 5 (10 votes cast)
 
[19,899 views]  View Printable Version
Disable ssh access for password-guessing bots Network
My machine is being hit by a lot of automated attacks that try to guess account names and passwords on sshd. (This problem has been touched in this hint.) Thanks to Little Snitch, it is very easy to see that this happens. Anyway, it is annoying, and I wanted to add an ipfw rule to block those machines that fail to log in fifteen or more times. So I wrote a launchd script to do this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>Label</key>
        <string>se.sics.lra.denyhosts</string>
        <key>ProgramArguments</key>
        <array>
                <string>/usr/bin/awk</string>
                <string>
          substr( $5, 0, 4) == "sshd" && $6 == "Failed" {
                ip = $13
                count[ip] += 1
          }
          END {
                s = "ipfw delete 101; "
                sep = "ipfw add 101 deny src-ip "
                for (ip in count) {
                   if (count[ip] > 15) {
                      s = s sep ip
                      sep = ", "
                      print count[ip] " failed attempts from " ip
                   }
                }
                print
                system(s)
          }
                </string>
                <string>/var/log/secure.log</string>
        </array>
        <key>StartInterval</key>
        <integer>20</integer>
        <key>UserName</key>
        <string>root</string>
        <key>StandardOutPath</key>
        <string>/tmp/denyhosts.out</string>
</dict>
</plist>
I put the finished script in /Library/LaunchAgents/se.sics.lra.denyhosts.plist, and set the owner as root:
 # chmod root:wheel /Library/LaunchAgents/se.sics.lra.denyhosts.plist
To start it (without rebooting), just do (in Terminal as root):
# launchctl load /Library/LaunchAgents/se.sics.lra.denyhosts.plist
The script scans /var/log/system.log every 20 seconds for failing ssh logins. If it finds more than 15 from a particular address, that address is disabled by ipfw. Do sudo ipfw list to see the active rules. Note that when the entries disappear from the log file, the ipfw rules are removed. The script must unfortunately run as root, as only root has permisson to read /var/log/system.log and to modify ipfw rules.

[robg adds: I haven't tested this one.]
  Post a comment  •  Comments (38)  
  • Currently 2.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (9 votes cast)
 
[24,738 views]  View Printable Version
Run Mac desktops virtually on PC servers Network
I'm the administrator for a group of creative artists and have a number of Macs (of most all flavors) running on our network. While I love OS X Server, it remains (for me) too hard and complex to do what I need. I want an easy path to manage all my Mac users on a central server farm (preferably HP servers, since that is what our IT department has in our data center). I've heard about Mac OS X server running virtually, but only on Xserve.

My quest for running OS X virtually only led to more frustration:
  1. I don't really want to virtualize OS X Server.
  2. I don't need or want to manage two licenses (one on the server and one on the client).
  3. We don't have Xserves and probably never will.
Then Bingo! I found DiscCloud -- and it works perfectly, with the help of this hint, of course! Here are some tips to help get it running:
  • The first mistake I made was downloading the wrong version of VMware Server. You'll need the older version, located here. Be sure to pick the right download for your system (our HP servers run Windows).
  • To demo the full version of DiscCloud, you'll need an eval license. You used to have to dig around on the DiscCloud forums to find this, but now they've added it to their download page.
That did the trick. I was able to follow the video instructions (with the exception of the VMware installation bit, as mine is for Windows), and create a MacBook Air user having a one terbayte home directory! I can back up the MacBook as a virtual machine running on our HPs -- I love it!

[robg adds: To download the trial, you'll need to register for a free account. I haven't tested this one beyond verifying the download works.]
  Post a comment  •  Comments (23)  
  • Currently 2.44 / 5
  You rated: 1 / 5 (9 votes cast)
 
[17,762 views]  View Printable Version
Avoid drop box file permission issues Network
On the Macs in my home, we have permissions issues when copying files into other users' Drop Boxes. If my wife, for example, sends me a file via the Drop Box, and I move it to another folder, the permissions are not appropriate for me -- files only open as read only, because the ownership is not correct. So to use files sent this way, we have to Option-drag them from the Drop Box. This creates a copy, with the appropriate ownership.

I'm not sure if this happens to others, but for us, it's an annoyance. As long, however, as we Option-drag, we can use the files as we want to.

[robg adds: I don't see this issue here, and in talking with Kirk about the problem, we compared the Permissions section of the Get Info dialog for our Drop Box folders. On my machines, including a brand-new iMac that's fresh from the factory, there are two entries for my user in the Permissions section -- one with Custom privileges, and one with Read & Write privileges. On his machines, the Custom permissions entry is missing.

I found this thread on our forums that talks about the same problem ... what makes this really odd, though, is that it doesn't seem to be universal, as it's working well here. If anyone has an explanation/permanent fix for this odd behavior, please post in the comments -- repairing permissions doesn't help, because that won't change things within the user's folder (and yes, Kirk tried it anyway).]
  Post a comment  •  Comments (23)  
  • Currently 2.56 / 5
  You rated: 2 / 5 (9 votes cast)
 
[35,398 views]  View Printable Version
Connect to other networks while using a 3G modem Network
A lot of 3G (or EDGE) external modems (USB or ExpressCard) require special software to build up a connection. My two modems from different providers use GlobeTrotter Connect and E-plus Online Connect (the latter a re-branding by my provider). As I understand it, these applications set up new network interfaces and group them in a new location setting. All existing network interfaces get disabled when a connection is established and the system is switched to this location.

This may be obvious, but it took me a while before I tried it out. One can simply re-add other network interface (i.e. Wifi or Ethernet) to these locations, and then be connected to both the internet via the 3G modem, and to local networks at the same time (eg, for streaming to an Airport Express).
  Post a comment  •  Comments (4)  
  • Currently 1.63 / 5
  You rated: 4 / 5 (8 votes cast)
 
[14,510 views]  View Printable Version
10.5: A possible fix for Active Directory integration issues Network
I may have found a culprit in the OS X10.5 Active Directory integration problem (see the comments on this post at AFP548.com for more info on the problem). I noticed that after a 10.5 machine is bound, it mostly freezes up when it's trying to authenticate. I started looking around and noticed interesting things in the /Library/Preferences/edu.mit.Kerberos file.
read more (220 words)   Post a comment  •  Comments (3)  
  • Currently 2.11 / 5
  You rated: 2 / 5 (9 votes cast)
 
[13,877 views]  View Printable Version
10.5: Disable DHCP-specified DNS servers Network
I've been running djbdns on all of my servers for several years. I've also been running it on OSX for about three years.

Under 10.4 and earlier, when I specified a custom nameserver, the system would use only the nameserver(s) I specified. However, under 10.5 Apple has apparently changed that behavior, and uses my specified nameservers in addition to the DNS servers specified by the DHCP server. It shows the DHCP-provided server IP on the list, greyed out, so you can't delete it.

For a while, I adopted a "grin and bear it" attitude -- after all, the DHCP server at home is handing out the IP of my internal Linux server (also running djbdns) as the DNS server, so I was only unsafe when I used the laptop outside the house. However, with the recently announced vulnerability in the DNS protocol, the massive world-wide patch effort by major DNS vendors, and the fact that many networks haven't applied the patches yet, I don't really feel safe relying on anybody else's nameservers.
read more (236 words)   Post a comment  •  Comments (15)  
  • Currently 2.78 / 5
  You rated: 5 / 5 (9 votes cast)
 
[40,589 views]  View Printable Version
Share a FireWire drive via FireWire networking Network
To make this hint work, you need to have a FireWire drive with two ports on it, two FireWire cables, and two Macs with built-in FireWire. To make things easier, I turned off AirPort and disconnected the Ethernet -- I wanted to make sure that I was getting the full speed of the FireWire, as my second Mac only has 100base Ethernet capabilities.

Connect the FireWire drive to a Mac with file sharing set up on it, and then connect that drive's other FireWire port to any other Mac. Next enable networking over FireWire in the Networking System Preferences panel. In the setup panel, give the computers manual IP addresses -- I used 10.0.0.2 and 10.0.0.3, and a subnet mask of 255.255.255.0. Finally, simply connect to the Mac with the drive showing up in the Finder, and it will show up in sharing!

This allows you to network over FireWire and share a hard drive, which for me is useful for today's task of backing up all of my DVDs onto the drive. It could be useful for a multitude of tasks -- especially for older computers with FireWire and slower Ethernet.
  Post a comment  •  Comments (14)  
  • Currently 2.56 / 5
  You rated: 4 / 5 (9 votes cast)
 
[24,469 views]  View Printable Version
Use wireless networking in safe boot mode Network
My friend has a much-loved 12" PowerBook G4. Unfortunately, it has developed a VRAM error (confirmed by Apple Hardware Test) that makes it impossible to boot in "normal" mode. However, it can boot in Safe Mode, which seems to bypass the VRAM. The graphics are obviously not as good, but the computer is quite usable in Safe Mode.

My friend wants to use it as a surfing/email computer for his wife -- but doesn't want to shell out the $300+ for a new logic board installation to fix the VRAM. The only problem is that Safe Mode disables wireless networking! I searched in vain (via Google) for any tips to enable AirPort in Safe Mode. After a bit of thinking, I found a way to get wireless running in Safe Mode (on OS X 10.4, at least).

Open Terminal and enter:
$ sudo kextload /system/library/extensions/appleairport.kext
$ sudo kextload /system/library/extensions/appleairport2.kext
Then open the Network pane of System Preferences, and re-enable the "Show AirPort status on menu bar" option. This enabled us to "Turn AirPort on" -- and the PowerBook was ready to surf!
  Post a comment  •  Comments (9)  
  • Currently 1.78 / 5
  You rated: 2 / 5 (9 votes cast)
 
[20,431 views]  View Printable Version