Tiny Deathstars of Foulness

May 6th, 2016

Posted In: Mac OS X, Mac OS X Server

Tags: , , , , , , ,

A number of systems require you to use complex characters in passwords and passcodes. Here is a list of characters that can be used, along with the name and the associated unicode:
  •    (Space) U+0020
  • ! (Exclamation) U+0021
  • ” (Double quotes) U+0022
  • # (Number sign) U+0023
  • $ (Dollar sign) U+0024
  • % (Percent) U+0025
  • & (Ampersand) U+0026
  • ‘  (Single quotes) U+0027
  • ( (Left parenthesis) U+0028
  • ) (Right parenthesis) U+0029
  • * (Asterisk) U+002A
  • + (Plus) U+002B
  • , (Comma) U+002C
  • – (Minus sign) U+002D
  • . (Period) U+002E
  • / (Slash) U+002F
  • : (Colon) U+003A
  • ; (Semicolon) U+003B
  • < (Less than sign) U+003C (not allowed in all systems)
  • = (Equal sign) U+003D
  • > (Greater than sign) U+003E (not allowed in all systems)
  • ? (Question) U+003F
  • @ (At sign) U+0040
  • [ (Left bracket) U+005B
  • \ (Backslash) U+005C
  • ] (Right bracket) U+005D
  • ^ (Caret) U+005E
  • _ (Underscore) U+005F
  • ` (Backtick) U+0060
  • { (Left curly bracket/brace) U+007B
  • | (Vertical bar) U+007C
  • } (Right curly bracket/brace) U+007D
  • ~ (Tilde) U+007E

April 29th, 2016

Posted In: iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , , , ,

Use the following keys to do fun things when typing a command in bash (mostly keybindings):
  1. Use the up arrow to run the previous command
  2. Continue using the arrow to scroll to commands further in the history
  3. Use Control-r to search through your command history
  4. Control-w deletes the last word
  5. Control-u deletes the line you were typing
  6. Control-a moves the cursor to the beginning of the line
  7. Control-e moves the cursor to the end of the line
  8. Control-l clears the screen
  9. Control-b moves the cursor backward by a character
  10. Control-u moves the cursor forward by a character
  11. Control-_ is an undo
  12. “man readline” shows the bash keybindings (ymmv per OS)
  13. Tab completes an argument
  14. !! repeats the last command. Useful when using sudo in front of the last line from bash
  15. !$ repeats the last argument for a command
  16. $_ shows the last word from the previous command
  17. “cd -” is like a back button
  18. !!:p outputs the last command with arguments
  19. cd !!:* cd into the argument from the previous command
  20. Escape-. expands the argument from the last command
  21. pbcopy and pbpaste accesses the clipboard from Terminal
  22. Use ; to separate commands in a single line
  23. Use | to pipe output to another command
  24. Use > to send output to a new file, or >> to append output to the end of a file or < to bring input from a file
  25. “Open .” opens the current working directory in a Finder window

March 21st, 2016

Posted In: Mac OS X, Mac OS X Server, Programming

Tags: , , , ,

There are two defaults keys that can be used to manage the recent places options in the OS X Finder. Both are in the .GlobalPreferences. The first is NSNavRecentPlaces and the second is NSNavRecentPlacesLimit. The NSNavRecentPlacesLimit key limits the number of items that are stored in the list. To increase the default to, let’s say, 20, use the defaults command to set the NSNavRecentPlacesLimit key to an integer of 20: defaults write .GlobalPreferences NSNavRecentPlacesLimit -int 20 Then use defaults to read the setting: defaults read NSNavRecentPlacesLimit You’ll need to “killall Finder” in order to see this in a Finder Save dialog. You can also inject items into the RecentPlaces array, called NSNavRecentPlaces, or delete the objects in the array. The array appears as follows: NSNavRecentPlaces =     ( "~/Desktop", "/Users", "~/Desktop/Work", "~/Documents", "~/Desktop/Daneel" ); You can set these using defaults write as well, writing the NSNavRecentPlaces as a list of quoted and comma separated values (note the ‘): defaults write NSNavRecentPlaces = '("/test","/test2","/test3")'; Or, if you only want to clear the recent places list, delete the key: defaults delete .GlobalPreferences NSNavRecentPlaces

March 11th, 2016

Posted In: Mac OS X, Mass Deployment

Tags: , , , , , , , ,

The LDIFDE utility exports and imports objects from and to Active Directory using the ldif format, which is kinda’ like csv when it gets really drunk and can’t stay on one line. Luckily, ldif can’t drive. Actually, each attribute/field is on a line (which allows for arrays) and an empty line starts the next record. Which can make for a pretty messy looking file the first time you look at one. The csvde command can be used to export data into the csv format instead. In it’s simplest form the ldifde command can be used to export AD objects just using a -f option to specify the location (the working directory that we’re running the ldifde command from if using powershell to do so or remove .\ if using a standard command prompt): ldifde -f .\ADExport.ldf This exports all attributes of all objects, which overlap with many in a target Active Directory and so can’t be imported. Therefore, you have to limit the scope of what you’re exporting, which you can do in a few ways. The first is to only export a given OU. To limit, you’ll define a dn with a -d flag followed by the actual dn of the OU you’re exporting and then you’d add a -p for subtree. In the following example we’ll export all of the objects from the sales OU to the SalesOUExport.ldf file: ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -f .\SalesOUExport.ldf Restoring objects still results in an error that the server is “Unwilling To Perform” the import because “The modification was not permitted for security reasons.” Basically, this just means “hey I’m not going to import into some of the fields that I know I have to reserve for objects managed by the system, such as creation date (whencreated), last changed date (whenchanged), etc. So we can take some of these and omit them from our export. You can use ADMT or just look at an ldif or csv file to determine which attributes from the schema that you think need to be omitted, but at a minimum it should include objectguid, uSNCreated, uSNChanged, whencreated and when changed (and a lot of the Exchange attributes if you’ve extended the schema for your forest). To omit use the -o and enclose the omitted attributes in parenthesis. In the following example, we’ll export to the SalesOUExportO.ldf file, and add the -o flag to the previous command: ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -f .\SalesOUExportO.ldf You can also omit using the -m flag, which includes only the essential attributes, so we’ll add that to the command as well: ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -m -f .\SalesOUExportO.ldf Use the -l option to limit the attributes being exported to only those specified. The -r option restricts the export to a given category or class. For example, if we only wanted to export users, we can restrict to objectClass-User ldifde -d "OU=sales,DC=krypted,DC=local" -p subtree -r "(objectClass=user)" -o "objectguid,uSNCreated,uSNChanged,whencreated,whenchanged" -m -f .\SalesOUExportOM.ldf Now I’m feeling like we have a good restricted set of data that we’re moving. Let’s go ahead and give importing a shot on a target server. To do so, we’ll just use -i to specify this is an import, followed by -k to say “don’t stop if you have a problem with just one record”, -f to define a file and -j to write a log. We’ll use the working directory for the file path and the log path, assuming this is being done by calling the .exe from within powershell: ldifde -i -k -f .\SalesOUExportOM.ldf -j .\ Once complete, the exported objects should appear once you close and re-open Active Directory Users and Computers. You can also export one object, then programmatically create objects in an ldif file as needed by importing them into Active Directory using ldifde.

February 27th, 2016

Posted In: Active Directory

Tags: , , , , , , , ,

So you’re ready to write some software? Or test some cool stuff. Or build something awesome. You can use the CREATE DATABASE statement to get started, by creating a database. To do so is pretty easy, simply run that statement followed by a name for the database (called Customers): CREATE DATABASE Customers; Once you’ve created a database, it’s time to create tables, which can be done using the CREATE TABLE statement. The Syntax of that statement looks something like this, defining a set of columns, their data type and the size of the column (in the form of a maximum length), all wrapped in parenthesis with each column separated by a comma: CREATE TABLE nameoftable ( column datatype(size), column datatype(size), ); So to create the Customers table that we’ve been using through these articles, we’ll use the following SQL Statement: CREATE TABLE Customers ( ID integer(255), Site varchar(255), Contact varchar(255), Address varchar(255), City varchar(255), Zip integer(255), Country varchar(255), ); Columns are created with data types. In the previous example, we named columns of integers and varchars. The available data types include the following:
  • CHARACTER: A string of characters using a defined length
  • VARCHAR: A variable length string of characters using a maximum length
  • BINARY: A binary string
  • VARBINARY: Binary string in a variable length, with a defined maximum length
  • INTEGER: A number with no decimals
  • SMALLINT: A 5 digit or less number with no decimals
  • BIGINT: A 19 digit or less number with no decimals
  • DECIMAL: Number with decimals
  • FLOAT: Floating number in base 10
  • REAL: Number
  • DOUBLEPRECISION: Approximate number
  • DATE: Year, month, and day in separated values
  • TIME: Hour, minute, and second in separated values
  • TIMESTAMP: Time in the form of year, month, day, hour, minute, and second
  • INTERVAL: A period of time
  • ARRAY: Ordered collection of data
  • MULTISITE: Unordered collection of data
  • XML: Stores XML

February 15th, 2016

Posted In: SQL

Tags: , , , , , , , , , , , , , , ,

Linux and OS X come with the makekey command installed, usually in /usr/libexec/makekey. You can use this binary to create /etc/passwd file entries of hashed passwords. To use the command, simply pipe some text into the command. Here, we’ll echo testpassword into makekey: echo testpassword | /usr/libexec/makekey And we’ll get a simple output, such as: woNH11o4mqvAc There are certainly other ways to do something like this, but when writing a script you may use in either a Linux or OS X environment, this is one place where you should have a modicum of success crossing platforms.

January 9th, 2016

Posted In: Mac OS X, Mac OS X Server, Mac Security

Tags: , , ,

Pretty much every script I’m working on these days must be run as root. Checking what user is running something is pretty straight forward, as there’s a built-in shell variable for $USER that contains the user running a script. To see this real quick, simply run the following: echo $USER You can then put this into your scripts. I’ve been using the same block of code for decades, which can be run in a script by itself if you’d like to paste this into one. if [[ $USER != "root" ]]; then echo "This script must be run as root" else echo "You are root" exit 1 fi Note: Keep in mind that the built-in $USER variable is case sensitive. Obviously, most people won’t keep the lines that contain the else and you are root echo statements. You can just remove these or replace them with the meat of your script that requires elevated privileges to run. Enjoy.

December 21st, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Unix

Tags: , , , , , , , ,

Spotlight just kinda’ works. Except when it doesn’t. Which is luckily pretty rare, for the use cases that Spotlight was designed for. But when it doesn’t work, you have a few tools that I’ve highlighted over the years to help you out, including articles on shared volumes, manually indexing, disabling Spotlight, and a few others. But what if you need to go in more depth to isolate an issue? For this, Apple has provided us with a tool called mddiagnose, in /usr/bin. In the following command, we’ll run an mddiagnose to dump a bunch of system statistics that we can then look at. Here, we’ll do that to a folder called test in our current working directory: /usr/bin/mddiagnose -f test The output is then test.mdsdiagnostic, a directory with a CrashReporter, spindump, Samples, DiagnosticReports, a few system.log exports, and a diagnostic.log. You can then view your log using the more command (or cat or less or whatevers) more ~/test.mddiagnostic/diagnostic.log Here, you’ll see the output of a bunch of scripts that were run. I find that this is the most informational aspect of what I get from the mddiagnose output. Every time I’ve actually fixed an issue here, it’s been with this output. The other aspect of mddiagnose that I’ve found useful is checking permissions and paths. Here, you can answer the simple question of whether mdutil has permissions to check a path. We’ll do so using the -p option: mddiagnose -p /Library/Application\ Support/Appifitizer Enjoy! Screen Shot 2015-12-09 at 11.11.01 AM

December 15th, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment

Tags: , , , , , , ,

« Previous PageNext Page »