The Alabama Geek

Ever wanted to have Safari open a filetype after downloading?

Well I was constantly downloading Word files at work and then having to navigate to my Downloads folder to open the file. I wanted Safari to behave *gasp* like IE in this regard. This seemed like an unnecessary step and and a disruption of my personal workflow, security concerns aside.

So if you are ok with the Security ramifications and want to do this, read on.

Navigate to your ~/Library/Preferences directory. Open, or create the following file, com.apple.DownloadAssessment.plist.

Add the following, i.e. to allow Safari to open a .doc file after it downloads:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>LSRiskCategorySafe</key>
<dict>
<key>LSRiskCategoryExtensions</key>
<array>
<string>doc</string>
</array>
</dict>
</dict>
</plist>

First off you have to configure Solaris 10 as a dev platform if it is not already:

1. Go to sunfreeware.com and download the latest gcc package and any dependent packages.
2. type “pkgadd -d gcc-package-name”
3. If you’re using bash as your shell, just add the following lines into your ~/.bashrc file, or modify any existing lines to include those shown. You should of course, adjust these paths to your system – but for most situations, these will be appropriate:

export PATH=/usr/local/bin:/usr/ccs/bin:$PATH
export LD_LIBRARY_PATH=/usr/local/lib:/usr/lib:/lib
export MANPATH=/usr/local/man:$MANPATH
export CPPFLAGS=”-I/usr/openwin/share/include/X11/extensions -I/usr/openwin/include”

4. Download the freeradius tarball.
5. Untar/unzip the file.
6. cd freeradius source directory
7. ./configure
8. ./make
9 ./make install

The find utility on linux allows you to pass in a bunch of interesting arguments, including one to execute another command on each file. We’ll use this in order to figure out what files are older than a certain number of days, and then use the rm command to delete them.

Command Syntax
        find /path/to/files* -mtime +5 -exec rm {} \;

Note that there are spaces between rm, {}, and \;

Explanation:

• The first argument is the path to the files. This can be a path, a directory, or a wildcard as in the example above. I would recommend using the full path, and make sure that you run the command without the exec rm to make sure you are getting the right results.
• The second argument, -mtime, is used to specify the number of days old that the file is. If you enter +5, it will find files older than 5 days.
• The third argument, -exec, allows you to pass in a command such as rm. The {} \; at the end is required to end the command.This should work on Ubuntu, Suse, Redhat, or pretty much any version of linux.

Yes, SSH has an escape sequence, much like telnet’s strl-] sequence. Remember those times when you, say, restart a daemon, go to log out of the server, but are left hanging? SSH escape sequence!

It’s tunable in /etc/ssh/ssh_config on the client-side, and of course in your ~/.ssh/config, but by default, the EscapeChar is the ~ key. So, if you ssh into a box. and type:
~?
 You’ll be presented with this list:

                Supported escape sequences:
                ~. – terminate connection
                ~B – send a BREAK to the remote system
                ~C – open a command line
                ~R – Request rekey (SSH protocol 2 only)
                ~^Z – suspend ssh
                ~#  - list forwarded connections
                ~& - background ssh (when waiting for connections to terminate)
                ~? – this message
                ~~ – send the escape character by typing it twice (Note that escapes are only recognized immediately after newline.)

You can use ~. to kill the connection… or ~^Z to suspend it.

A particularly interesting one is the command line option, or “~C”. With that, you can get an ssh command line, with the following options:

• -Lport:host:hostport    Request local forward
• -Rport:host:hostport    Request remote forward
• -KRhostport             Cancel remote forward

 That is, you can forward ports using your existing SSH connection, rather than starting up a new one. Cool!
 Another helpful way out of “locked” terminals is screen’s ctrl-a ctrl-k ☺

I’ve you’ve forgotten your Mac’s admin account password, don’t worry. Assuming you haven’t locked out OpenFirmware, it’s a pretty simple task to change your password back to something you know.
Here’s how:

• Hold Apple+S when booting to enter single user mode
• #sh /etc/rc
• #passwd yourusername
• #reboot

If you can’t recall your user name, you can either look in the /Users folder (the directories are named by user), or run “niutil -list . /users”.
Also, on older systems the /etc/rc script isn’t available, apparently. If that second step fails, try mounting and starting the base services manually:

• #/sbin/fsck -y
• #/sbin/mount -uw /
• #/sbin/SystemStarter

I’ve had to do this a couple of times for friends when they’ve bought a second hand machine, and once when I had a momentary brain lapse and forgot my own password. Works like a charm, though you’ll loose any passwords stored in your keychain.

Well I got an Ultra 10 and an Ultra 60 and wanted to “rehab” them with a little linux love. So after a little digging I discovered that Debian has the best support for UltraSPARC III processors.

So I quickly burned a Debian 4.0 (Etch) CD for SPARCs and put in in the drive to do the install. But I would get an illegal instruction error everytime. Turns out, you need to make sure the OpenBoot ROM version is 3.31. Mine was 3.23 on the Ultras. So here is how to update the ROM in a nutshell (you need a working Solaris install):

• Download the 106455-11 patch from sunsolve. The patch readme is here.
• Run the following command from the shell:
  #/usr/sbin/prtconf -V
• If your version is less than 3.31, continue.
• As root, copy the latest “flash-update” files from the directory containing the patch to the root directory as follows:
  # cp flash*latest /
  # chmod 755 /flash-update*
• As root, exit the OS such that the system returns to the PROM’s “ok” prompt:
  # halt ok
• Power off the system.
• Here’s where it gets fun, now unplug your Ultra from the AC.
• Open the case. The case is normally secured with one screw and a small block that prevents the cover from sliding off.
• Locate jumper J2703, for my Ultra 60, it was under the power supply so I had to slide the power supply out to access it. Ouch!
• Move the jumper from pins 1-2 to pins 2-3. This write-enables the PROM.
• Power on the system.
• Wait for the PROM’s banner to appear, and then:
  Use the Stop-A keys (or Break key, if running from a serial line) to abort the auto-boot sequence.
• The system should now display the PROM monitor’s “ok” prompt. Now boot the Flash update utility as given below:
  CAUTION: Do not boot/run revisions lower than the latest unless you are absolutely sure that that is what you want to do!
  ok boot disk /flash-update-Ultra60-latest
• Answer the questions as prompted by the utility.
  +++++++++++++++++++++ example Flash update follows ++++++++++++++++++++++++
  ++++++++ Note that this is an example only. Much of the information ++++++ ++++++++ which is displayed by your system will be different from ++++++ ++++++++ what is shown below. ++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

  Standalone Flash PROM Update Utility, Rev. 2.5
  Ultra(tm) 1
  Ultra(tm) 2
  Ultra(tm) 5/10
  Ultra(tm) 30
  Ultra(tm) 60 / E220R
  Ultra(tm) 80 / E420R
  Ultra(tm) Enterprise(tm) 250
  Ultra(tm) Enterprise(tm) 450

  This utility allows you to interactively update the firmware revisions in specific system Flash PROM components.

  Type h for help, q to quit, Return or Enter to continue:

  Every precaution should be taken to prevent the loss of system power during the Flash PROM programming process!

  Type h for help, q to quit, Return or Enter to continue:

  Firmware Release(s) Firmware Release(s)
  Currently Existing in the System Available for Installation / Install?
  —————————– ——————————————- OBP 3.1.2 1996/03/28 17:08 OBP 3.1.5 1996/08/27 16:13 no
  POST 3.1.4 1996/04/09 03:23 POST 3.1.5 1996/06/28 11:54 no

  Type sa if you wish to select all available firmware releases for installation. Type h for help, quit to exit, or cont to continue: sa

  Firmware Release(s) Firmware Release(s)
  Currently Existing in the System Available for Installation / Install?
  —————————– ——————————————- OBP 3.1.2 1996/03/28 17:08 OBP 3.1.5 1996/08/27 16:13 YES
  POST 3.1.4 1996/04/09 03:23 POST 3.1.5 1996/06/28 11:54 YES

  Type sa if you wish to select all available firmware releases for installation. Type h for help, quit to exit, or cont to continue: cont

  The Flash programming process is about to begin. Type h for help, q to quit, Return or Enter to continue:

  Erasing the top half of the Flash PROM.
  Programming OBP into the top half of the Flash PROM.
  Verifying OBP in the top half of the Flash PROM.
  Erasing the bottom half of the Flash PROM.
  Programming OBP into the bottom half of Flash PROM.
  Verifying OBP in the bottom half of the Flash PROM.
  Erasing the top half of the Flash PROM.
  Programming POST into the top half of Flash PROM.
  Verifying POST in the top half of the Flash PROM.
  Programming was successful. Resetting …
  Restoring previous NVRAM environment settings…
  #power-cycles = 10 auto-boot? = false security-#badlogins = 0
  OK Resetting …

Once your PROM is up-to-date, you can install Debian by following the direction on the SPARC Debian CD.

If you want to serve AFP (Apple Filing Protocol) shares from an OpenSolaris box you need to install netatalk. However, it doesn’t seem to get maintained any more (I’m writing this in June 2008) and the code doesn’t compile cleanly on OpenSolaris. These instructions talk about getting netatalk 2.0.3 to compile on OpenSolaris 2008.5.

We need to do install two packages: the Berkeley DB and netatalk. I decided to use BDB 4.2.x because netatalk talks about supporting only 4.1.x and 4.2.x and because I wanted to reuse existing data from my former Linux server.
Preparations

These instructions assume you are a user that can call pfexec to get root access. I use a directory $HOME/src in which I will compile everything. So, let’s first create that directory:

mkdir -p $HOME/src

We will install our stuff into the /usr/local tree because that’s exactly what this directory tree is for: stuff compiled and installed by the admin. If not already done you need to add /usr/local/lib to the dynamic linker search path:

pfexec crle -u -l /usr/local/lib
Install the Berkeley DB

Of course you need to download the BDB first. Grab version 4.2.52 with AES support.

These are the steps to compile and install the BDB:

* cd $HOME/src
* Unpack the BDB:
gzcat /path/to/db-4.2.52.tar.gz | tar xf -
* The BDB doesn’t want to get compiled in its source directory, we need a separate directory:
mkdir -p $HOME/src/db-build
cd $HOME/src/db-build
* Now let’s run configure. Normally configure already defaults to /usr/local, but not the one from BDB so we need to explicit about it:
../db-4.2.52/dist/configure –prefix=/usr/local
* Compile it:
make
* Install it:
pfexec make install

While compiling, it can happen that you see the following error message:

cc -o .libs/db_archive .libs/db_archive.o .libs/util_sig.o ./.libs/libdb-4.2.so@ -R/usr/local/lib
ld: fatal: file ./.libs/libdb-4.2.so@: open failed: No such file or directory
ld: fatal: File processing errors. No output written to .libs/db_archive

If so, you need to fix libtool: edit the file libtool and search for the comment “test EBCDIC or ASCII”. Replace the line “A) # EBCDIC based system” with “foo)” and save. Then run “make” again.
Install netatalk

Now it’s time for netatalk. Download it from SourceForge.

* Go to the source directory:
cd $HOME/src
* Unpack netatalk:
bzcat /path/to/netatalk-2.0.3.tar.bz2 | tar xf -
* Next, we need to edit some files to make it to compile correctly.
o In etc/atalkd/main.c line 14, etc/papd/main.c line 17 and etc/papd/lp.c line 57 replace “#if defined( sun ) && defined( __svr4__ )” with “#if 0″ so that the correct include line is active (#include ).
o The DDP kernel module won’t load correctly (and isn’t necessary anyway). It also doesn’t compile correctly without some patching, so we make sure it doesn’t get compiled in the first place. Edit sys/Makefile.in and remove the “solaris” from line 214 which reads “SUBDIRS = netatalk generic solaris netbsd sunos ultrix”.
* Run configure. We need to disable the DDP (Datagram Delivery Protocol, an AppleTalk network protocol) since the necessary kernel module won’t load and it’s not used by modern Macs anyway:
./configure –disable-ddp
* We’re ready to compile:
make
* If everything worked alright (which it should) then install (you need root privileges, so we use pfexec):
pfexec make install

That’s it ! Note that while everything got installed into /usr/local and the configuration files are thus in /usr/local/etc/netatalk the boot (rc) script got installed correctly in /etc/init.d. So to start the daemon you need to call “/etc/init.d/atalk start” and to stop it “/etc/init.d/atalk stop”. For instruction on how to configure netatalk, see netatalk’s online documentation.

As mentioned in other hints, diff can not only compare two files, it can, by using the -r option, walk entire directory trees, recursively checking differences between subdirectories and files that occur at comparable points in each tree. The trick is to use the -q option to suppress line-by-line comparisons in files that differ:

diff -rq dirA dirB

This command will provide a nice list of files that occur in dirA but not in dirB, files that occur in dirB, but not in dirA, and files that differ between dirA and dirB. Pipe the output through grep to remove mention of uninteresting files, and sort to tidy it up, e.g.:

diff -qr dirA dirB | grep -v -e ‘DS_Store’ -e ‘Thumbs’ | sort > diffs.txt

Sometimes tar does not have the -z switch depending on the system os you are on. In those cases, you can still do the tar.gz all in one command by using the format:

tar cvf – the_path_or_filelist | gzip > your.tar.gz

_ldap._tcp.pdc._msdcs. Domain
This provides the address of the Windows NT PDC for the domain.

_ldap._tcp.pdc._msdcs. DomainTree
Resolves the addresses of global catalog servers in the domain.

_ldap._tcp. site .sites.writable._msdcs. Domain
Provides list of domain controllers based on sites.

_ldap._tcp.writable._msdcs. Domain
Enumerates list of domain controllers that have the writable copies of the Active Directory data store.

_ldap._tcp. GUID .domains._msdcs. DomainTree
Entry used by MS Windows clients to locate machines using the global unique identifier.

_ldap._tcp. Site .gc._msdcs. DomainTree
Used by Microsoft Windows clients to locate the site configuration-dependent global catalog server.

Specific entries used by Microsoft clients to locate essential services for an example domain called quenya.org include:

_kerberos._udp.quenya.org Used to contact the KDC server via UDP. This entry must list port 88 for each KDC.

_kpasswd._udp.quenya.org Used to locate the kpasswd server when a user password change must be processed. This record must list port 464 on the master KDC.

_kerberos._tcp.quenya.org Used to locate the KDC server via TCP. This entry must list port 88 for each KDC.

_ldap._tcp.quenya.org Used to locate the LDAP service on the PDC. This record must list port 389 for the PDC.

_kpasswd._tcp.quenya.org Used to locate the kpasswd server to permit user password changes to be processed. This must list port 464.

_gc._tcp.quenya.org Used to locate the global catalog server for the top of the domain. This must list port 3268.

The following records are also used by the Windows domain member client to locate vital services on the Windows ADS domain controllers.

_ldap._tcp.pdc._msdcs.quenya.org

_ldap.gc._msdcs.quenya.org

_ldap.default-first-site-name._sites.gc._msdcs.quenya.org

_ldap.{SecID}.domains._msdcs.quenya.org

_ldap._tcp.dc._msdcs.quenya.org

_kerberos._tcp.dc._msdcs.quenya.org

_ldap.default-first-site-name._sites.dc._msdcs.quenya.org

_kerberos.default-first-site-name._sites.dc._msdcs.queyna.org

SecID._msdcs.quenya.org

Presence of the correct DNS entries can be validated by executing:

root# dig @frodo -t any _ldap._tcp.dc._msdcs.quenya.org

; > DiG 9.2.2 > @frodo -t any _ldap._tcp.dc._msdcs.quenya.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3072
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;_ldap._tcp.dc._msdcs.quenya.org. IN ANY

;; ANSWER SECTION:
_ldap._tcp.dc._msdcs.quenya.org. 600 IN SRV 0 100 389 frodo.quenya.org.
_ldap._tcp.dc._msdcs.quenya.org. 600 IN SRV 0 100 389 noldor.quenya.org.

;; ADDITIONAL SECTION:
frodo.quenya.org. 3600 IN A 10.1.1.16
noldor.quenya.org. 1200 IN A 10.1.1.17

;; Query time: 0 msec
;; SERVER: frodo#53(10.1.1.16)
;; WHEN: Wed Oct 7 14:39:31 2004
;; MSG SIZE rcvd: 171