mac os

Privacy Policy

2010-03-16T02:11:00.000-07:00

Privacy Policy for http://machhh.blogspot.com

If you require any more information or have any questions about our privacy policy, please feel free to contact us by email at mirna2285@gmail.com.

At http://machhh.blogspot.com, the privacy of our visitors is of extreme importance to us. This privacy policy document outlines the types of personal information is received and collected by http://machhh.blogspot.com and how it is used.

Log Files
Like many other Web sites, http://machhh.blogspot.com makes use of log files. The information inside the log files includes internet protocol ( IP ) addresses, type of browser, Internet Service Provider ( ISP ), date/time stamp, referring/exit pages, and number of clicks to analyze trends, administer the site, track user’s movement around the site, and gather demographic information. IP addresses, and other such information are not linked to any information that is personally identifiable.

Cookies and Web Beacons
http://machhh.blogspot.com does use cookies to store information about visitors preferences, record user-specific information on which pages the user access or visit, customize Web page content based on visitors browser type or other information that the visitor sends via their browser.

DoubleClick DART Cookie
.:: Google, as a third party vendor, uses cookies to serve ads on http://machhh.blogspot.com.
.:: Google's use of the DART cookie enables it to serve ads to users based on their visit to http://machhh.blogspot.com and other sites on the Internet.
.:: Users may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy at the following URL - http://www.google.com/privacy_ads.html

Some of our advertising partners may use cookies and web beacons on our site. Our advertising partners include ....
Google Adsense

These third-party ad servers or ad networks use technology to the advertisements and links that appear on http://machhh.blogspot.com send directly to your browsers. They automatically receive your IP address when this occurs. Other technologies ( such as cookies, JavaScript, or Web Beacons ) may also be used by the third-party ad networks to measure the effectiveness of their advertisements and / or to personalize the advertising content that you see.

http://machhh.blogspot.com has no access to or control over these cookies that are used by third-party advertisers.

You should consult the respective privacy policies of these third-party ad servers for more detailed information on their practices as well as for instructions about how to opt-out of certain practices. http://machhh.blogspot.com's privacy policy does not apply to, and we cannot control the activities of, such other advertisers or web sites.

If you wish to disable cookies, you may do so through your individual browser options. More detailed information about cookie management with specific web browsers can be found at the browsers' respective websites.

MacOS iPhone Project: Mac OS 7 for iPhone

2010-03-13T07:23:00.000-08:00

Mac OS 7 which, also known as System 7 (Wikipedia), has begun a port process to the iPhone.

According to the Web site: "Welcome to the MacOS iPhone Project! We are Dedicated to putting MacOS on the iPhone. We hope to be launching the code soon, but we are wanting [sic] to complete something before fully releasing stuff, so please bare with us! But heres [sic] what we have [been] working [on] so far."

The team goes on to describe some of its work. The most difficult issue so far: getting the System 7 cursor working with the iPhone touch screen. Once that was overcome, the team was able to demonstrate the ability to access menus. The sample pictures on their Web site show the emulator running MacPaint, MacDraw, Calculator, and other system functions.

The emulator isn't without flaws; the team points out that when people go through the process of shutting down Mac OS 7, the emulator crashes, "the iPhone will hang for a few minutes and then return to the home screen."

System 7 was code-named "Big Bang" and often referred to as Mac OS 7. It was first released on May 13, 1991, by Apple. It was succeeded by Mac OS 8 in 1997. New features in System 7 included cooperative multitasking, virtual memory, personal file sharing, an improved user interface, QuickTime, and QuickDraw 3D.

You can find more information about this new emulation project at the MacOS iPhone Project, photos on Flickr; while the site does not mention this, a jailbroken iPhone would be required to install and run this app or any other emulation app due to iTunes App Store restrictions. These restrictions prohibit any kind of emulation of other operating systems from running on the iPhone.

We'd also like to see the team post a video demonstrating the app going through its paces.

SSH on Mac OS X

2010-03-13T06:52:00.000-08:00

Updated 9th December 2008.

SSH is a secure way to connect to your Mac over untrusted networks, such as the Internet। At its most basic level, it allows you to log into a Mac remotely using the terminal using the sshd and ssh programs. You must enable the SSH service on the Mac you want to log in to:

Once you have the service enabled, it's a matter of logging in using the ssh program on the client to connect to the server:

iMac:~ stocksy$ ssh james@194.11.2.81
The authenticity of host '194.11.2.81 (194.11.2.81)' can't be established.
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '194.11.2.81' (RSA) to the list of known hosts.
james@194.11.2.81's password:
Last login: Mon Mar 22 21:39:48 2004
Welcome to Darwin!
Power-Mac:~ james$

The part about the authenticity of the host is only shown the first time you connect to a Mac, after that it gets added to ~/.ssh/known_hosts

So, now you've got a remote terminal on your other Mac. This is useful. Imagine that the Finder has crashed and frozen the whole GUI on your PowerBook, usually it's still possible to SSH into the machine and kill -9 the 'loginwindow' process. This just reloads the GUI and logs you out without restarting. That said, we can do more...

Passwordless logins with SSH

You can SSH without using a password by generating a private/public key pair. Bear with me! The public key resides on the computer you are connecting to (server) and is compared with your private key on the computer you are connecting from (client).

On the CLIENT:

$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/Users/stocksy/.ssh/id_dsa):
Enter passphrase (empty for no passphrase): wxyz
Enter same passphrase again: wxyz

The ssh-keygen has just created two DSA (-t dsa specifies this) keys on your Mac. You need to copy the ~/.ssh/id_dsa.pub from the client to ~/.ssh/authorized_keys2 on the server using scp:

scp [source] [user]@[remote.host]:[destination]

For example:


iMac:~ stocksy$ scp ~/.ssh/id_dsa.pub james@194.11.2.81:~/.ssh/औथोरी

If you have several clients you want to connect to the server, you'll need to combine all the id_dsa.pub keys from each machine into one authorized_keys2 file. I would suggest that the best way to do this is to copy all the id_dsa.pub files into a temporary directory on the server, so that you have something like

Power-Mac:~/Desktop/ssh jamen$ ls
id_dsa.pub.1 id_dsa.2 id_dsa.3

Then, combine them like so:

Power-Mac:~/Desktop/ssh jamen$ cat id_dsa.pub.1 id_dsa.pub.2 id_dsa.pub.3 > authorized_keys2

cp authorized_keys2 ~/.ssh/authorized_keys2

Ok, you're ready to test your keys! Open a fresh terminal on your client and ssh to your server as above. It should ask you for the passphrase you provided for the key rather than the password of you account on the machine. The next step is to use SSHKeychain to hold this passphrase in the Apple Keychain.

Download SSHKeychain, mount the .dmg and drag sshkeychain to /Applications. Run SSHKeychain from the Finder and open its preferences. In the 'general' tab, set it to show in the Status Bar. In the 'security' tab, set 'On client connection' to 'Add keys to agent'. In the 'environment', tick 'Manage global environment variables'. From the menu bar Select 'Agent|Add All Keys'. Enter the passphrase you specified when you did ssh-keygen -t dsa and tick 'Add to keychain'.

Now, add /Applications/SSHKeychain to Login items in System Preferences -> Accounts.

Log out and back in to your account on the client, open a terminal and ssh to your server, it should not ask for a password!

Security

These steps aren't necessary to get ssh working, but they do help to harden your Mac against attack.

By default, you can use log in to any account on your Mac, but this can be changed. Use your favourite text editor to open /etc/sshd_config, for example:

sudo nano /etc/sshd_config

Add a line like this:

AllowUsers tom dick harry

Alternatively, you could format the line like this if you know the IPs that require remote access:

AllowUsers tom@194.202.218.1 dick@stocksy.co.uk harry@18.51.1.222

The ssh V1 protocol is not as secure as ssh V2, you can prevent ssh V1 logins by finding this line: #Protocol 2,1 and changing it to: Protocol 2.

You can insist that all logins must use a public key instead of password authentication, change: #PasswordAuthentication yes to: PasswordAuthentication no. If find this is especially useful to access family members' computers which I know have horribly unsecure passwords.

It's possible to add a login banner just to cover yourself. Create the banner as a plain text file, e.g. /etc/loginbanner, then add this line: Banner /etc/loginbanner. An example of an appropriate banner might be:

THIS IS A PRIVATE COMPUTER SYSTEM AND IS FOR AUTHORISED USE ONLY.



Any or all use of this system and all files on this system may be intercepted

and monitored.  Unauthorised or improper use of this system may result in

disciplinary and/or legal action.  By continuing to use this system you indicate

your awareness of and consent to these terms and conditions of use.



LOG OFF IMMEDIATELY if you are not an authorised user of this system or do not

agree to the conditions stated in this warning.

Do NOT write "Please log in" or some similar form of words that could be interpreted as consent to use the system.

Tunnelling unsecure protocols over ssh

If you're not familiar with it, VNC is a protocol used to view the desktop of a host using another host on a network. VNC is an unencrypted protocol. If you used it 'naked' over the Internet, somebody could sniff the packets and compromise your Mac. What's needed is an ssh tunnel to encrypt the VNC packets as they travel through the internet:

Setting up the tunnel is easy, you just need to know the IP address of the remote host and the port number that VNC is running on (usually 5900). The syntax of the command is:

ssh -L [local port]:127.0.0.1:[remote port] [user]@[remote.host]

So in this case it would be:

ssh -L 5900:127.0.0.1:5900 james@194.11.2.81

All you need do now is point your VNC client to 127.0.0.1:5900 and you can connect. If you wanted to allow other machines on your local network to access the remote host through your computer, use the -g switch:

ssh -L 5900:127.0.0.1:5900 -g james@194.11.2.81

Then other hosts on your network can connect to the remote host through [your.IP]:5900, just remember to open this port on your firewall.

I would suggest using OSXvnc as your VNC Server and Chicken of the VNC as your VNC client.

Forwarding file sharing over SSH

It's easy to encrypt Apple file sharing with SSH. The syntax is the same as it was for VNC:

ssh -L [local port]:127.0.0.1:[remote port] [user]@[remote.host]

Apple file sharing works on port 548, so in my case the command would be:

ssh -L 54854:127.0.0.1:548 james@194.11.2.81

So, your local machine is now serving your remote machine's files on 127.0.0.1:54854, go ahead and test it: In the finder, click 'Go|Connect to server' and type in afp://127.0.0.1:54854 - this should connect you to the remote Mac. As before, if you want your local Mac to act as a gateway to the remote Mac, use the -g switch and connect to afp://your.ip:54854 from the other Macs, but remember to open port 54854 on your local Mac.

It is vital to use a port such as 54854, since Personal File Sharing may have already bound port 548 on your machine, which will cause an error message.

One More

One last commonly used example, MySQL.

ssh -L 3306:127.0.0.1:3306 james@194.11.2.81

Now you can point a GUI like CocaMySQL at 127.0.0.1 port 3306 and work on your remote MySQL server.

Tunneling your Browsing

If you are connected to an untrusted network it would be desirable to encrypt and tunnel your machine's traffic to a trusted machine elsewhere. SSH can do this by acting as a SOCKS proxy by using the -D (dynamic) option:

ssh -D3333 james@192.2.0.22

Once this is done, configure your favourite browser to use 127.0.0.1 port 3333 as a SOCKS 5 proxy:

All web traffic is now sent through the tunnel to your remote machine before being decrypted and forwarded to the final destination. Note that whilst your web traffic is secured, your machine might still be sending DNS queries to the local DNS server. This could allow a third party on the untrusted network to determine which sites you've visited, but not read any information you've transmitted or received.

More Tricks

If you're on a low bandwidth connection, using the -C option enables compression which might help speed things up a bit.

If you have X11 installed, you can use the -Y option to display X11 applications from a remote machine on your own desktop. This is most useful when dealing with a remote Linux or UNIX box:

ssh -Y james@10.1.55.17
firefox &

would launch Firefox on the remote machine, but display the application locally.