Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

CUPS and network security Network
CUPS or Common Unix Printing System is enabled by default in OS X and can be configure through a web interface. Just type in 127.0.0.1:631 in your web browser to connect locally to your computer. The problem with this little convenience is that anyone else can do the same and get the same results. Now you see where this is going? Basically what can be done beyond possibly reprinting old documents would be to reconfigure your print services either for good or for bad and getting whatever personal information that is revealed by the way you name your documents.

So my advice would be to disable CUPS if you are not printing anything on a public network. One way to do this is by killing the CUPS Daemon from the terminal. Just type in ps ax | grep cupsd and then sudo kill -9 PID# (where PID# is the first number in the output of the ps command) and it's dead Jim!

Another way would be to use "Printer Setup Repair", a shareware app by Fixamac Software. You can turn CUPS on/off or even choose for it to remain off after startup.

[robg adds: I'm going to use this hint to provide a hopefully better solution, along with a bit of information, on the CUPS web interface. By default, the CUPS web interface will indeed allow anyone on your local network to reach it ... but that's it. If anyone other than the local user clicks the Administration button, they'll get a 'Forbidden' response from the CUPS server. The same thing happens if they try to delete a printer you've set up, restart a printed job, or generally, do anything more than view a few pages. About the only security hole I could find is that a local user could see the list of jobs that you have printed, which includes the title of the job, the date it was printed, and the file size. But they cannot see the file itself, nor can they reprint it. In short, unless you're the local user, there's not a lot someone can do to the printers that you've installed yourself.

However, if the visibility of your jobs bothers you, you can prevent all access to the CUPS interface while still leaving the system itself running. In the Terminal, type:
 % cd /etc/cups
 % sudo vi cupsd.conf
Replace vi with the name of your favorite UNIX editor. Once in the file, search on Location and you should jump to somewhere around line 760 in the file. You should see something like:

<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
Allow From @LOCAL
</Location>
To prevent others from seeing your web admin interface, just add a # as the first character in the Allow From @LOCAL line and save the file. The # is a comment character, and it disables access for anyone other than the local user. You'll need to restart CUPS to have the changes take effect; the easiest way is to restart the machine (I'll leave it for others to describe the command-line solution). CUPS brings many benefits to the OS X print system, and it seems to me that this is a much better solution than just disabling it completely.]
  Post a comment  •  Comments (16)  
  • Currently 3.67 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (3 votes cast)
 
[12,143 views] Email Article To a Friend View Printable Version
Avoid issues with Java applets in browsers and SOCKS proxy Network
To enable java applets to load into a browser page when connecting to the internet via a Windows 2000 network from behind a firewall, you need to ensure that the SOCKS proxy option in the Network preference pane is not selected. Java appears to do its own thing with SOCKS, and having the SOCKS proxy selected works to block the java applet loading. This works in Safari under 10.3 (Panther). I did not discover this answer until I had upgraded from Jaguar and it may also apply to Jaguar.
  Post a comment  •  Comments (0)  
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[4,261 views] Email Article To a Friend View Printable Version
10.3: A fix for the Cisco VPN Client 4.0.2(C) Network
This info is around the web but I sure had to dig, so this might save someone some time. To get the Cisco VPN Client 4.0.2 (C) to work with Panther and the Cisco VPN3030 Server (router) my compnay uses, I had to do the following.

Use the Terminal to navigate to /private -> etc -> CiscoSystemsVPNClient -> Profiles. In Profiles will be a file named yourprofile.pcf. Edit this file with a text editor and add the line:

USELegacyIKEPort=0
Save the file, quit the editor, and you should be good to go.
  Post a comment  •  Comments (0)  
  • Currently 2.14 / 5
  You rated: 2 / 5 (7 votes cast)
 
[15,260 views] Email Article To a Friend View Printable Version
Darwin Streaming Server and rtsp streaming over Bluetooth Network
If you've created a local Bluetooth network (see this previous hint), you can run all kinds of services over this connection. One of the sweetest services I'm running is the free Darwin Streaming Server. Once installed, you can set-up a wireless local MP3 broadcast. Heres how it works.

After installation, the server will be running over the same IP address as your built-in web server (personal web sharing). Click Playlist in the menu, and set up a playlist of MP3s. Give it a name and mount point you will remember. Make sure the playlist is running. With a client machine, connect to your server. Open iTunes and use the command Advanced -> Open Stream. Enter rtps://yourIPaddress:554/mountpoint. Now iTunes should connect to and play from the server. This means you can listen to your MP3's throughout the range of your network without having them on you laptop. Bandwidth is limited, but I'm able to stream 160kbps mp3 files to a range of Mac client devices.

Likewise, you can stream video as well. I don't use a playlist for this but rather connect directly to the hinted media through the "Open URL" menu item in QuickTime Player or link in a web page. I've tested data rates at 400kbps, well above what is documented by Apple at this time.
  Post a comment  •  Comments (1)  
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[8,741 views] Email Article To a Friend View Printable Version
Enable secure ports for CUPS printing Network
In Panther, I suddenly lost the ability to print to my school printers over lpr/lpd. We traced the problem: Apple had changed the port from which the print job was sent from a low-numbered "trusted" port to a high-numbered one. The print server would reject this port (error #32; data file refused) as insecure. The solution is as follows. After creating your printer, do this:

 % cd /etc/cups
 % sudo emacs printers.conf
There will be a line that looks something like this:

lpd://server.domain/printqname
where server.domain is the computer the printer queue is on, and printqname is the name of the printer queue. You must change this line to look like this:

lpd://server.domain/printqname?reserve=on
Save the changes and quit the editor. This will enable the correct port behaviour. Then you need to restart cupsd. in a shell, do this:

 % ps -auwx | grep cupsd
 root      348   1.1  0.1    29016   1372  ??  Ss   Thu03PM   0:26.90 /usr/sbin/cupsd
 markian  5144   0.0  0.0     8860      8 std  R+    2:17PM   0:00.00 grep cupsd
 % sudo kill -HUP 348
Note that 348 is the cupsd (cups daemon) process id (in this example). You should now be able to successfully print. Special thanks to Carol Smith at the University of Alberta for being invaluable in solving this problem.
  Post a comment  •  Comments (5)  
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[7,135 views] Email Article To a Friend View Printable Version
A how-to on pairing mobile phones via Bluetooth Network
In trying to set up a connection to my Siemens S55 in a convenient way, I found this how-to from novamedia.de very useful ... maybe this is helpful for others, too.
  Post a comment  •  Comments (0)  
  • Currently 1.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (1 vote cast)
 
[2,563 views] Email Article To a Friend View Printable Version
Print from OS X to any Linux-supported printer Network
My problem was that I couldn't print from an OS X 10.2.8 G4 laptop via the network to my Samsung ML-1710 which is plugged into my WinXP PC . Apparently the Samsung OS X drivers only work for printers connected via USB. This solution can be used to enable a Mac to print to any printer that Linux can print to.

The CUPS ML-1210 driver on my Linux PC works fine with the ML-1710, so I decided to use it to act as a PostScript translator so that the Mac could print to it using generic PostScript, and then send the job on to the printer on my WinXP PC (or it could just as well be a printer connected locally to the Linux box).

Read the rest of the hint for the solution...
read more (358 words)   Post a comment  •  Comments (3)  
  • Currently 3.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[11,768 views] Email Article To a Friend View Printable Version
10.3: MTU fixes for Ethernet and Airport connections Network
When I started to use OS X 10.3 panther I was very pleased to find that the MTU setting of the Ethernet interface can be changed using Network preferences. As I'm using a PPPoE connection through a NAT router, I need to set the MTU to 1492 instead of the default 1500 to get my internet connection fully operational. For those of you who did not find the setting yet, it's in the Ethernet tab of the Built-in Ethernet configuration - set Configure to "Manually (Advanced)" and enter any MTU value you like!

However, Apple forgot to implement this setting for the Airport interface. The solution is basically the same as for previous OS X versions. To change the setting manually, enter the following line in the terminal (assuming en1 is your Airport interface):
 % sudo ifconfig en1 mtu 1492
To fix the Airport MTU permanently, I added a line to /System -> Library -> StartupItems -> Network -> Network. At the end of the StartService() function, I added ifconfig en1 mtu 1492. This seems to work, even after waking the computer from sleep. Yet I'm not sure if this is the best way to do this - any suggestions?
  Post a comment  •  Comments (15)  
  • Currently 2.50 / 5
  You rated: 3 / 5 (6 votes cast)
 
[36,734 views] Email Article To a Friend View Printable Version
10.3: A bit of detail on /etc/hosts and Directory Access Network
For those who use /etc/hosts (or other configuration information in /etc), it seems that Panther has changed how to activate them. This time around, the BSD flat files are automatically checked on in Directory Access, but that's not all there is to it. If you click "Configure" after selecting the BSD flat files, you'll notice this message:
The node /BSD/local must be added to the Authentication or Contacts tabs for the configuration information in /etc/hosts to be used.
Just a heads-up for the Panther crowd. I'm not sure who needs information set in both tabs and who doesn't, but this is where the last of the activation is done.
  Post a comment  •  Comments (5)  
  • Currently 2.71 / 5
  You rated: 4 / 5 (7 votes cast)
 
[11,739 views] Email Article To a Friend View Printable Version
10.3: Potential Windows server browsing fix Network
Seems that people are having issues with browsing windows networks via the Panther Finder. Well I was anyway. The symptoms were that limited or no servers were being listed in the Network "directory" and sometimes servers where not characterised into workgroups (i.e. they all appeared in the Network root directory).

Using the built in SAMBA tools, I was able to isolate the problem: The Domain Master Browser (DMB) wasn't responding properly. Why this was, I'm unshure. The DMB is required for browsing of Windows networks, and is either specified by a network admin or is automatically selected by computers on the network. Watching a few processes from the terminal, I noticed that a smbclient process (using the IP of the DMB as an argument) was attempting to talk to the DMB (Panther uses smbclient and scripts to do this). The process was blocked until the DMB responded, which it didn't, thus the corresponding folders and icons the Network directory where not updated by the Finder, and the loss of network browsing.

The DMB for a workgroup can be found using the command nmblookup -M WORKGROUP, where WORKGROUP is the workgroup your Mac is in.

The solutions:
  1. If you have access, shut down the DMB machine so that the Windows network can 're-elect' another Windows DMB. If this doesn't work, try executing this command:
    smbcontrol nmbd force-election
    This should fix the problem.

  2. If that didn't work, or if you administrate your own network, you can make the Mac the DMB by editing the appropriate SAMBA configuration files (this is what I did).
Read the rest of the hint for my solution...
read more (256 words)   Post a comment  •  Comments (21)  
  • Currently 2.13 / 5
  You rated: 2 / 5 (8 votes cast)
 
[37,960 views] Email Article To a Friend View Printable Version