Sometimes it can be really useful to have an SSH connection into your AppleTV. If I need to explain why then you probably won’t want to do it. Unless of course, you’re just after getting something like Boxee running, which we’ll look at as well. Before we get into doing anything to your AppleTV, when we’re done I do not know how Apple will feel about your warranty moving forward, so do this stuff at your own risk (but that’s pretty much true for many articles on this site)…
So first up, let’s install SSH. To get started, plug in a jump drive you don’t mind reformatting. Then run the df command and look at which filesystem that the jump drive was mounted as. In most cases this should be /dev/disk1s1 or /dev/disk2s1 or something like that. Note this location and while you’re at it, double-check that the data is trivial to you and that you really don’t mind reformatting the jump drive.
Next, let’s download atvusb-creator, a little utility that will generate a new patchstick based on that jump drive (a patchstick being the term applied to usb sticks that will hax0r an AppleTV). Once downloaded, run the tool. Select ATV-Patchstick in the Choose an Installation dialog, and then select the version of the AppleTV OS you have (if you’re fully software updated then as of the date of this writing that would be 3.x). Next, choose ssh tools from the 3rd field in the Installation Options section, making sure that the box is checked. If you are just trying to get XBMC or Boxee running then you can check the boxes for those as well at this point.
ATV USB Creator
Next, set the USB Target Device field to be the filesystem you selected earlier and then click the Create Using button and wait for the process to finish. Once the patchstick has been created, plug it into your AppleTV and reboot the unit. You’ll see a bunch of code, similar to starting Mac OS X into verbose mode. When the screen tells you that you’re done, unplug the patchstick and reboot the device. Upon reboot it will be running SSH with a username and password of frontrow. If you’re not using a static IP address then if you open iTunes and connect to the device you’ll have an entry in your arp table for it. You can run arp and find the IP fairly easily. Once found, use the SSH command to connect to the device. For example, if mine is on an IP address of 10.0.0.100 then I would use the following command to connect to it:
ssh frontrow@10.0.0.100
Now you have an AppleTV running SSH. Even though this article isn’t meant to be about Boxee or XBMC, you can then install those by going to the new Launcher menu and then to Downloads and downloading those applications (otherwise if you try to access them you’ll get an error that the .app bundle can’t be found). Once those are in place it should open pretty easily.
Now that you’re running SSH, let’s look at one of the uses. I want a web browser on the AppleTV (even though typing a URL in it is pretty painful unless you install a keyboard too). For this instance, I’m going to use CouchServer, ’cause I like the way the keyboard works and because there’s a silverlight that kinda’ sorta’ works with it. First, download the files for CouchSurfer here. Then copy the files that were downloaded up to the device (assuming the filename is CouchSurfer-Lite.tar) from your client computer:
scp ~/Desktop/CouchSurfer-Lite.tar frontrow@10.0.0.100:~
Next, SSH into the AppleTV and extract the tar file:
tar -xvpf CouchSurfer-Lite.tar
Then move the extracted data into the PlugIns directory (which will display the appliance similar to how Launcher would be displayed at this point:
sudo mv CouchSurfer.frappliance /System/Library/CoreServices/Finder.app/Contents/PlugIns/
(your password will be frontrow in case you have hard core add and have forgotten it already)
We’re gonna’ give ownership to wheel:
sudo chown -R root:wheel /System/Library/CoreServices/Finder.app/Contents/PlugIns/CouchSurfer.frappliance
Then reboot the AppleTV. Upon reboot, you will then have a shiny new web browser making your AppleTV even more like a full fledged Mac with Front Row. Now you’re in pretty good shape. You’ve pretty much put more stuff on your AppleTV than you can possibly use, but you still probably just want NetFlix to work on it. For that, you’ll need to get Silverlight working with CouchSurfer and just browse to the movies in the web browser at Netflix.com as the Boxee implementation for AppleTV doesn’t yet work with NetFlix and there aren’t any native Plug-Ins that work with it yet either (that I’m aware of). Also, if you’re going to use any of the 3rd party media browsers, keep in mind that they’re sitting on top of the OS layer and that their resource utilization seems pretty poor compared to the native media browser on the device (given the abstraction there, it seems logical it would be so no complaints).
BTW, another fun little app (to help make your AppleTV more like your iPad):
http://code.google.com/p/weatherfront
And the most intriguing one that I haven’t actually gotten to work yet (haven’t had time to get past the second or third step – busy) is:
http://www.appletvhacks.net/2007/04/02/install-asterisk-on-apple-tv/#more-41
What I’d like to see – the ability to run my AppleTV as a Zwave controller… Or iPad… Or Newton… 
Archive
WordPress and Spam Bots
There are a number of ways that you can protect your WordPress site from spam bots. The first is to only allow authenticated users to post comments. Doing so can still be a bit unwieldy, but this feature is built into WordPress and so pretty straight forward to use. Some, who deal with large amounts of spam bots then choose to completely disable the commenting feature outright (Settings -> Discussion -> Uncheck Allow people to post comments on new articles), but comments can still be made on existing articles and commentary is one of the best features of WordPress for many. To stop comments on older articles, also disable commenting on older articles (same page but also choose the Automatically close comments on articles older than option as well).
No site should have to disable comments or bend to the will of a spam bot. You can also then choose (same page again) to email the administrator when a comment is made and then choose to not publish comments until the administrator approves them. But spam bots will still attack, and now you’ll just get a ton of junk email. So many will turn to plug-ins for WordPress. There are a few of those that I like a lot. One is called Invisible Defender. Invisible Defender adds a couple of fields that are suppressed using the style sheets. These invisible comment fields, because they’re not displayed to a browser should then never be filled out. Therefore, if a field is filled out, it had to have been done by a bot. Those comments are then automatically blocked.
Then there’s the ability to force captcha (shows you funny garbled letters and you type them into a verify field). Captcha for account creation means that all but the most sophisticated bots will fail. This form of forcing an additional form of verification that a visitor is a real human can then be circumvented by users of OpenID, FaceBook and other services, using plug-ins that allow those users to be authenticated through the third party (typically requires a little theme customization).
Then there are the antispambee and akismet plug-ins, which look at the actual comments and attempt to determine which ones are spam. These make a good layer of defense but should not be the only layer used. Regrettably, any time you have user generated content on a web site you are going to have automated bots attempting to do a number of things, most likely sell black market pharmaceuticals and other items of questionable origin.
There are also bots that attempt to exploit the login page of the WordPress admin (<DOMAIN>/wp-admin.php or /wp-login.php. These are defeated an entirely different way. One of the best strategies is to lock out those who have attempted a number of invalid attempts that exceeds a threshold that you define. Amongst those is Login Lockdown WordPress Security. Another layer for protecting the administrative side of the site is to add an .htaccess file to provide an additional layer of security on top of WordPress. You can also change the URLs of your login page, which I usually use a plug-in called Stealth Login for.
Finally, I like to back up WordPress in an automated fashion. There are a lot of plug-ins to do this, but I’ve always used WordPress Database Backup. Why? Because it works every time I tested it. I haven’t even bothered to test a good backup and restore for another software package because WordPress Database Backup always works, backs up data to another server I have, and it hasn’t failed me yet. I always test the restores of data that I’m backing up and I recommend that you test this (mileage may vary) if you choose to put it into production as well (false senses of security are in many cases worse than no security).
Share: