Managing Google SafeBrowsing in Firefox for Mac

Firefox describes their malware posture at which heavily leverages Google SafeBrowsing, as do many a browser. Settings for SafeBrowsing are set in the browser.safebrowsing.downloads.remote.enabled pref. To lock this pref, you would need to create an autoconfig.js file in 

/Applications/ that points to a firefox.cfg file with a lock pref in it. To do so, create the autoconfig.js file and paste in these settings:

// Configure SafeBrowsing
pref("general.config.filename", "firefox.cfg");
pref("general.config.obscure_value", 0);

Then create the firefox.cfg file and paste in these settings:

// Configuring SafeBrowsing
lockPref("browser.safebrowsing.downloads.remote.enabled", TRUE)

Live Firefox preferences can be seen at /Users/charles.edge 1/Library/Application Support/Firefox/Profiles/*.default. Because SafeBrowsing is enabled by default, you shouldn’t see it listed unless it’s been disabled. But you can confirm it’s doing its thing by parsing the contents of these settings:

user_pref("browser.safebrowsing.provider.google4.lastupdatetime", "1537457871853");
user_pref("browser.safebrowsing.provider.google4.nextupdatetime", "1537459685853");
user_pref("browser.safebrowsing.provider.mozilla.lastupdatetime", "1537457872202");
user_pref("browser.safebrowsing.provider.mozilla.nextupdatetime", "1537461472202");

Package Manager Like apt-get For Windows 10

In Windows 10, Microsoft has finally baked a package manager called OneGet into Windows. It works similarly to apt-get and other package managers that have been around for decades in the Linux world; just works in PowerShell, rather than bash. So let’s take a quick peak. First, import it as a module from a PowerShell prompt: Import-Module -Name OneGet Next, use Get-Command to see the options for the OneGet Module: Get-Command -Module OneGet This will show you the following options: Find-Package Get-Package Get-PackageProvider Get-PackageSource Install-Package Register-PackageSource Save-Package Set-PackageSource Uninstall-Package Unregister-PackageSource Next, look at the repositories of package sources you have: Get-PackageSource You can then add a repo to look at, using Register-PackageSource. Or, we’ll just fire away at locating our first package, Acrobat: Find-Package -Name AdobeReader Or you could pipe that output to the Install-Package option: Find-Package -Name AdobeReader | Install-Package Or Firefox, verbosely: Install-Package -Name Firefox -Verbose Or ASP.NET MVC silently (using -Force): Install-Package Microsoft.AspNet.Mvc -Force In some cases, you can also use the -Version option to define a specific version, which is why I ended up writing this in the first place – swapping between versions of asp has been a bit of a pain since the introduction of its first update, it seems… PowerShell logo

Access Qlogic Switches & Other Java Apps From OS X

Qlogic fibre channel switches are about the most common I see in Xsan environments. A common frustration when managing a Qlogic switch is that the Java runtime used to manage the switch is blocked from most OS X systems by default. But it’s pretty easy to get into them with a couple of minor adjustments. To get started, first download and install the latest Java from here. Once installed, open System Preferences on your Mac and then open the Java Preferences. Here, click on the Security tab. Screen Shot 2014-03-17 at 10.43.11 AM Click Edit Site List… In the pop-up, click Add and enter http:// followed by the name or IP address of your switch. Screen Shot 2014-03-17 at 10.42.45 AM Click on OK to commit your changes. Then access the switch address from Firefox (what I use for these) or whatever browser you prefer. Because the switch has a self-signed certificate, you’ll be prompted with a  security warning. Here, click the checkbox for “I accept the risk and want to run this application” and then click on the Run button. Screen Shot 2014-03-17 at 10.40.21 AM You’ll then be prompted by another Security Warning dialog. This one is indicating that the Java applet is potentially unsafe. Because we somewhat trust Qlogic, click Don’t Block. You’ll have to click this one every time you access the switch. Screen Shot 2014-03-17 at 10.43.48 AM The switch interface then opens and you can manage your switch as needed. Screen Shot 2014-03-17 at 10.45.20 AM Enjoy.

Deploying and Managing Firefox Part 2: Working with Munki

A special thanks to Nick McSpadden for his third submission to With all the new changes in OS X/Server I haven’t even had time to write as many in such a span!!!
This is a follow up post to the Firefox Management guide. Knowing how to use the CCK to manage Firefox, the next big question is: how do we get this into Munki? It’s unfortunately not as cut and paste as we’d hope, because, with all things, Firefox tends to make us do a bit of work to get what we want from it. Importing Firefox 10.0.10 ESR (current version as of writing time) into Munki is easy. You can add whatever other stuff you need to the pkginfo, but it tends to take care of itself. Importing the CCK into Firefox is where this gets fun. Luckily, some very smart people have figured this out, thanks to the MacEnterprise mailing list. See the conversation here: Credit goes to Nate Walck for the script and Greg Neagle for the advice. If you are deploying the CCK into the internal Firefox application distribution directory, then you may notice that a vanilla install of Firefox does not have the directories. We’ll have to create them as part of the install process. If you want to put the Firefox CCK files somewhere other than inside Firefox, you’d need to change the add-on scopes for Firefox to load it. This isn’t really ideal either, because it requires micromanaging the Firefox install, which means that every time you import a new Firefox update, you have to do a lot of manual labor to make sure all these preferences get included. One solution is to repackage Firefox with the CCK itself and deploy that as one. It works just fine, but it’s a lot of work – especially with Firefox’s release schedule. You’d have to rebundle it for Munki every six weeks. Pox on that, I say. But editing Firefox preferences is also undesirable for the extra work it generates. Greg’s suggestion: a symlink! Throw the CCK anywhere, such as /Library/Application Support/FirefoxCCK/, and then create a symlink into Firefox’s bundles directory.  In this post, I’ll be using the example CCK configuration named “” as in my last post. There are a few pieces to this we need to incorporate:
  1. A postinstall script for Firefox that guarantees the establishment of the symbolic link between the CCK location and the internal Firefox bundles directory.
  2. A package for the CCK itself that drops the items in the location you want, with the appropriate installs key to ensure it reinstalls if deleted.
  3. The CCK package should also establish a symbolic link to itself if one does not already exist.
  4. A guaranteed reinstall of Firefox, should it be deleted, that also incorporates the re-establishment of the symbolic link.
We can accomplish part of this in a postinstall script for Firefox in Munki:
mkdir -p -m 755 /Applications/
mkdir -p -m 755 /Library/Application Support/FirefoxCCK/
if [ ! -L /Applications/ ];
 ln -s /Library/Application Support/FirefoxCCK/ /Applications/
The if statement above is potentially unnecessary, since it’s unlikely there would be a situation in which Firefox would install but somehow the internal contents of /Contents/MacOS/distribution/bundles/ is preserved, but I figure the extra check won’t hurt. You can also set this same script to be a postinstall_script for the CCK package, so that if you ever have to add more addons to Firefox, you can guarantee that the symbolic link will be established. To guarantee the sanctity of our CCK, we’d have to add an installs item to check that the unpacked CCK exists. We check the CCK’s path, and that the CCK’s md5 matches the expected one (so that we can guarantee it hasn’t been changed). The CCK’s existence and its md5 should be installs keys for the CCK itself.  In this case, I do not explicitly call for an installs check on the symlink itself, on the basis that it’s extremely unlikely someone will delete the symbolic link but not  Unless the user has administrative privilege, they can’t delete either of them anyway.  If your users have administrative privileges, then it doesn’t really make sense to manage Firefox for them. The installs keys for Firefox:
The installs keys for the CCK package (obviously you’ll need to change your checksum accordingly):
 <string>/Library/Application Support/FirefoxCCK/</string>
 <string>/Library/Application Support/FirefoxCCK/</string>
We do it this way to guarantee that the CCK is always linked to the correct place in Firefox, even if Firefox is updated, or installed separately. Since Firefox always creates the symlink as part of its install, we don’t have to worry about it breaking if the user deletes Firefox, or Firefox gets updated to a new version (which won’t have the directories or symlink inside it by default). The CCK will only get reinstalled if it’s missing from the /Library/Application Support/ folder (or wherever you initially stashed it). This way, as long as the CCK is listed as an update-for for Firefox, you’ll always guarantee that the correct Firefox management is installed.  The only thing you need to remember to do is copy the postinstall_scripts to each new version of the Firefox and CCK pkginfos (although the CCK pkginfo will need a new checksum if you make changes).

Deploying and Managing Firefox: The Rough Guide

Another Great Article Submitted From Nick McSpadden:
After working with this for a bit, I’ve come up with a step by step installation process for Firefox 10 ESR + CCK deployment on Mac OS. Firefox CCK Guide – Part I Most of the information about add-ons that you’ll need is in Mike Kaply’s blog: 1) Install CCK Wizard in Firefox 10 ESR 2) Run and configure CCK Wizard the way you want 3) Save the CCK data into a “CCK” folder anywhere you’d like.  This folder will contain:
  • cck.config
  • cck.xpi
  • xpi/ directory
4) When done, open up CCK/xpi.config 5) Copy the contents of the id=<name> key – this is the name you provided when configuring the CCK addon.  In my example, it is “”. 6) Rename “xpi” folder into the ID key from Step 5 7) Inside Firefox, create: 8) Move renamed xpi folder from Step 6 into 9) Launch Firefox, enjoy CCK! Now, this is means that Firefox needs to be specially packaged and distributed during deployment. While this is easy for first-time deployment, it does mean that future versions of Firefox will also require repackaging. If you want to avoid this, it means you’ll have to change Firefox’s addon scopes. If you’re already repackaging Firefox for the CCK as above, then it isn’t a big deal, use the instructions in Mike Kaply’s blog: Firefox Changing Add-On Scopes – Part II 1) Make a text file named whatever you want as long as it ends in .js, such as “scopes.js” 2) Add these two lines to the file:
pref("extensions.autoDisableScopes", 0);
pref("extensions.enableScopes", 15);
3) This file needs to be saved in (the blog suggests it should be defaults/preferences/, but for me /prefs/ was already created) 4) Now user scopes are changed to the settings above. However, if you want to avoid repackaging Firefox completely every time an update or a change to your CCK configuration comes out, or you want to have different CCK settings for each user on the system, you’ll need to change things up a bit. One way or the other, you’ll need to change the Addon Scopes, because FF10’s defaults lock out the extra directories. If you don’t want to rebundle/repackage Firefox 10, you can use any script to add in the preferences you need into You can do it simply with echo:
$ echo -e "pref("extensions.autoDisableScopes", 0);npref("extensions.enableScopes", 15);" > /Applications/
(obviously double check to make sure the .js file can be read by Firefox, although I didn’t have to do anything for it to work) Doing this allows Firefox to use any of its valid locations for extensions, listed here: In other words, you’ll want to move and rename the “xpi” folder from the CCK Guide Step 6 into this location if you want it to affect all users: /Library/Application Support/Mozilla/Extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ This unpacked folder (from CCK Guide Step 4) contains the xpi contents:
  • plugins/
  • modules/
  • install.rdf
  • defaults/
  • components/
  • chrome.manifest
  • chrome
  • cck.config
…and so forth. Use this location if you want it to affect individual users only: ~/Library/Application Support/Mozilla/Extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ (i.e. /Users/…/Library/…) To summarize: I. For an individual user, I’d need to change Firefox’s addon scopes, and I’d need the unpacked xpi contents located here: ~/Library/Application Support/Mozilla/Extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ II. For all users, but not packaged within the application itself, I’d need to change Firefox’s addon scopes, and put the unpacked xpi contents here: /Library/Application Support/Mozilla/Extensions/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ III. For all users, who will be unable to disable or even see the add-on, inside the bundle itself, I don’t need to change addon scopes. I just need to put the unpacked xpi contents here: /Applications/{ec8030f7-c20a-464f-9b0e-13a3a9e97384}/ That’s how you get the CCK configured and installed in its various permutations on Mac OS X. I hope that helps anyone who was struggling or thinking about adopting the Firefox 10 Extended release into their deployment strategy, as the CCK is a great tool for preconfiguring Firefox to suit your enterprise’s needs. “But wait!” you might say.  “How do I perform an enterprise-level deployment with this method?”  See my post here for details on incorporating this into Munki:

My Top 10 List of Firefox Add-ons

Here is a quick list of my favorite 10 Firefox Add-ons:
  1. AdBlock Plus – Block annoying advertisements
  2. AppTabs – Allows you to shrink your Firefox tabs by right-clicking on them and clicking on AppTab, showing just the address bar icon (favicon) of the site.
  3. BabelFish – Automatically translate pages you visit.
  4. Better Gmail – Useful add-ons specifically geared to Gmail users.
  5. ColorfulTabs – Allows you to assign a color to a tab.
  6. Firebug – Edit CSS, HTML, JavaScript, etc.
  7. GreaseMonkey – Customize how pages appear to you.
  8. ShortURL Generator – Shorten URLs without going to a special page.
  9. SiteDelta – Get informed when your favorite sites change.
  10. Xmarks – Synchronizes bookmarks between computers (and browsers for that matter).
  11. R-kiosk – I know I said 10, but this one for special cases – when you need to build a kiosk. I love the add-on, but only use it in certain circumstances!
What are your favorite Add-ons?

Using Tor with Mac OS X

Tor is a tool that can be used to proxy your online communications between multiple, randomly selected, global providers effectively anonymizing your Internet traffic. Tor is a free anonymizing service, but doesn’t also encrypt your traffic. Privoxy is a non-caching proxy that also has a certain amount of filtering built into it. Many may use privoxy to do adware removal. But it can also be used to filter information for Tor. Installers are available at Once you have installed privoxy you can access the configuration page at Because privoxy is a command line tool, you can also access the help page for that using the following command (using privoxy as your working directory): privoxy –help By default privoxy will install the following files on your system:
  • /usr/sbin/privoxy
  • /etc/privoxy/config
  • /etc/privoxy/match-all.action
  • /etc/privoxy/default.action
  • /etc/privoxy/user.action
  • /etc/privoxy/default.filter
  • /etc/privoxy/user.filter
  • /etc/privoxy/trust
  • /etc/privoxy/templates/*
  • /var/log/privoxy/logfile
But you don’t have to install any of that.  Or use it manually – you can, but you don’t have to.  You can download the Vidalia Tor installer bundle, which will install privoxy, Vidalia, Tor and the Torbutton extension for Firefox. The installer package can be run choosing all of the defaults and then will need a reboot. Once complete, open Firefox (the first time it will install the extension, quit Firefox and then reopen it to activate it) and you’ll see Tor Disabled in the lower right hand corner of Firefox. You’ll then be able to click on it to switch over to using Tor from within Firefox. Click on it again and it will disable Tor again. Overall, this is a nice and sleek design for obtaining anonymous web communications. Obviously, if you use it to log into your Twitter account, that’s not anonymous. But browsing and posting to sites does not link back to your IP address, which is one key aspect of Tor. You’re also still connecting over standard protocols. Again, Tor does nothing to encrypt data – it is a service dedicated to anonymity.

Sync Bookmarks Between IE, Firefox & Safari

If you are a Safari user and you have a MobileMe account then you can already synchronize Safari bookmarks between multiple Macintosh computers.  But what if you want to synchronize to that corporate sanctioned Windows XP machine in the office that runs only Internet Explorer?  What if you also want to synchronize to Firefox, running on another machine?  All three can synchronize together in one harmonious bookmarking ménage à trois.  How is all of this made possible?Xmarks. Formerly Foxmarks, Xmarks now supports more browsers and runs on more platforms. You store a backup of your bookmarks in the Xmarks cloud (which, yes, means that you’ll need to create an account) and then you sync it down to whichever platform you wish. A great solution for anyone who has to jump between browsers on a routine basis, or anyone who doesn’t have a MobileMe account and wants to keep their bookmarks backed up! Also great if you’re having trouble migrating bookmarks between platforms for OS switchers.