• Mac OS X

    Rerunning the Setup Assistant

    Often times you will want the Mac OS X Setup Assistant to run post the initial installation or imaging. Perhaps you bake an image into machines at a retail store, installing a number of software packages, or maybe you just want a shot at entering your credit card information because you used Command-Q to quit the Setup Assistant when you first unboxed your boxen. Either way, it’s a fairly straight forward task. Simply delete the .AppleSetupDone, stored in the /var/db directory.  Note that this file is hidden and owned by root, so use the following command to remove it: sudo rm /var/db/.AppleSetupDone It’s also worth noting that when doing a…

  • Mac OS X

    Changing Time Machine Backup Frequency

    Time Machine just does what it does and there’s not much controlin’ it aside from what’s in the System Preference pane.  Or is there?  Earlier, I covered how to disable the disk check feature, now let’s look at how to change the frequency of when backups occur.  Backups are initiated by com.apple.backupd-auto.plist, stored in /System/Library/LaunchDaemons.  The contents of this file are, by default: <?xml version=”1.0″ encoding=”UTF-8″?> <!DOCTYPE plist PUBLIC “-//Apple Computer//DTD PLIST 1.0//EN” “http://www.apple.com/DTDs/PropertyList-1.0.dtd”> <plist version=”1.0″> <dict> <key>Label</key> <string>com.apple.backupd-auto</string> <key>ProgramArguments</key> <array> <string>/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd-helper</string> <string>-auto</string> </array> <key>StartInterval</key> <integer>3600</integer> <key>RunAtLoad</key> <false/> <key>KeepAlive</key> <false/> </dict> </plist> The StartInterval integer controls the frequency with which backups occur, in seconds.  You can customize this by altering the…

  • Mac OS X

    Suppressing Time Machine on Disk Mount

    By default, when you are using Time Machine in Mac OS X, every time you insert a drive the system will ask you if you would like to use that drive as a Time Machine backup destination.  If you are like me and you swap drives around a lot then this can get annoying.  So to stop it you can actually just disable a launchd System Daemon, com.apple.backupd-attach.  To do so, simply move the /System/Library/LaunchDaemons/com.apple.backupd-attach.plist to another location and viola, on the next restart when you attach a disk Time Machine won’t ask you if you wish to add the disk to your Time Machine destinations. /System/Library/LaunchDaemons/com.apple.backupd-attach.plist While this is one…

  • Mac OS X

    The Cut, Copy & Paste Daemon in OS X

    Ever seen com.apple.pboard in a launchctl list?  Wondered what it did?  This is the infamous clipboard (aka – pasteboard, or on the iPhone the NSPasteboard server).  If you unload the pboard entry in launchctl then you will no longer be able to cut, copy and paste.  pboard relies on the existence of and the accessibility to the user that initiated pboard (ie – root) to have access to the /tmp folder.  Therefore, pboard will be wonky without /tmp and without pboard you won’t be able to paste things.  So, when troubleshooting cut, copy and paste issues, first verify that /tmp exists and then verify that pboard is running using the…

  • Mac OS X,  Mac Security

    Disable Disk Arbitration

    In Mac OS X, diskarbitrationd is the process that handles mounting disks when they are inserted into the computer (eg – firewire, USB, etc).  Diskarbitrationd runs in the background, is always on by default and is started by launchd.  New disks inserted into the computer are automatically mounted, which you might not want to happen (for example, if you are forensically imaging a system, investigating malware on a device, attempting to fix corruption, simply trying to keep users that don’t know how to manually mount a disk from accessing one, etc). There are  number of ways to stop diskarbitrationd.  One of the easiest (and least intrusive since it doesn’t require…

  • sites,  WordPress

    Bug in WordPress 2.8

    In WordPress there are tags, such as the ones you see at the bottom of this article.  You enter tags when you’re writing an article in the Post Tags section of the Add New Post page.  Prior to WordPress 2.8 you could enter a bunch of tags and just hit the Publish button, the tags would be committed automatically.  Now though, you enter the tags and hit the Publish button and they are not committed.  You have to use the Add button to commit the tags, then hit the Publish button.  This has always been a feature, but both used to work.  For me, breaking a third party plug-in is…

  • sites

    Boobies on Facebook

    Today I found a game/app in my Facebook feed called Vrais ou faux seins ? The application has blatantly exposed breasts.  I can’t speak French so I can’t tell what it is about, but the pictures sure seem to tell a pretty compelling story.  I’m sure that the good people at Facebook will end up finding the application and removing it soon enough.  But it brings up, again, the changes that the increasing globalization that the Internet has brought about. And in my standard Facebook feed… It’s not that I care.  I don’t.   It’s more just watching culture classes as they continue to emerge.  Much like Google’s Schmidt leveraging…

  • Mac OS X,  VMware

    Mass Deploy Parallels

    Sometimes it’s just that easy. Our good friends at Parallels have developed a special Mass Deploy package, available on their site. When you control-click on it and select Browse Contents you will see a license.txt.  You can paste your license into the license.txt file and then put your virtual machine into the root of the package. Once complete, you can push this package out at will.  Additionally, you can edit the postflight shell script in the Resources directory, throwing your own commands at the tail end of the file, adding more virtual machines, customizing settings, etc.  Good luck.

  • Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

    Shadow Mounting with hdiutil

    I recently put up a post on using hdiutil to create disk images in Mac OS X.  To take that a step further let’s look at leverage a shadow mount. A shadow mount allows you to mount a read only file system (from a dmg) as a read-write structure without altering the original image, similar to how NetBoot works. This is useful for a variety of instances, most of all, forensically. To mount an image is going to be similar to how we did so previously, simply use the It is possible the volume was dismounted dirty and Mac OS X needs to do a consistency check on the file…

  • personal

    The Blind Leading the Blind

    Please, please, please – if you think that something I do here will fix an issue you have, please confirm that we’re talking about the same things. Don’t run a command that will wipe out your whole Kerberos database if you’re having an issue opening a single file. Don’t demote a single Open Directory Master with no replicas when you have hundreds of users that should be logged into the OD structure at any given time. Don’t wipe out the LUN of that NetApp. Don’t rm something recursively that shouldn’t be rm’d. I realize that “Google-fu” is a great skill to have, but it is also a danger to you…