Monday, November 5, 2007

TerminalColors in Leopard

TerminalColors is a Mac OS X InputManager (built on SIMBL) which lets you set Terminal's ANSI colors to whatever you see fit, giving you a sweet Color Picker of freedom. Which is great, because the standard blue is unreadable against a black background. Making that blue readable makes a huge difference when you spend a long day snuggled up with Terminal.

Upgrading to Leopard broke TerminalColors. InputManagers (meaning all SIMBL plugins) are newly constrained in Leopard, seemingly breaking SIMBL, and Leopard's Terminal changed enough to break TermainlColors.

Luckily a couple of folks found a way to make it work. Ciaran Walsh modified TerminalColors for Leopard, and Allan Odgaard figured out how to get SIMBL (which TerminalColors requires) to run in Leopard. Many thanks to both of them.

Instructions exist to install this stuff, but they're spread across several pages. Here's my baked-down instructions:

  • Download SIMBL.
  • Unzip SIMBL and run it's installer, SIMBL.pkg. Install SIMBL.
  • Open Terminal and:
% rm -rf ~/Library/InputManagers (WARNING: DELETES your local input managers)
% sudo chmod -R go-w /Library/InputManagers
% sudo chown -R root:admin /Library/InputManagers
% mkdir -p ~/Library/Application\ Support/SIMBL/Plugins
  • Download TerminalColours.
  • Unzip it, place TerminalColours.bundle in ~/Library/Application Support/SIMBL/Plugins.
  • Restart Terminal.
  • Open Preferences->Settings->Text and hit the "More..." button and set your colors.
Enjoy!

Saturday, November 3, 2007

OS X Twitter Clients

I started surveying OS X twitter clients, and found the following. At first glance there's a lot of choices, but most of them look pretty crappy. It actually becomes a pretty simple choice, because there is no real choice.

The best Twitter client on Mac OS X is Twitterrific. It's the only client worth using, really.

Twitterific is free, although the developers would like some $, and jam an ad into your stream once an hour if you choose not to pay (use Little Snitch to block the ad graphics, etc). Works on 10.5. It's not perfect, but its tolerable. I haven't dived in deep yet, but to be honest Twitterrific looks like the ONLY non-vomit-inducing client around. It even has Growl support. Sexytime!

Use Twitteriffic unless you prefer a dashboard client. Although they sadly lack any notification options, which makes them less usefull.

Other desktop clients:
  • Celly some kinda tomagotchi thing. Novelty more than client. Works on 10.5. Blech.
  • TwitterPod feature-rich, but insane. Non-standard UI. Controls and text are small, which is nice on a MacBook. Works on 10.5. Has growl support. Doesn't have the polish of Twitteriffic. Some UI elements are clearly experimental (the weird screensavery mode, the drawer, etc). Almost cool.
  • TwitterPost really stupid ui. Too bad, looks like a lot of work went into it. Growl support, etc.
  • Tweetr requires Adobe AIR, blech. Having used a lot of adobe stuff, including server-side products, I want nothing to do with this just yet. Haven't tried it.
  • Spaz another Adobe Air client. Gah.
  • TinyTwitter java client. Code footprint looks tiny, but I couldn't instantly get it to work, so I gave up. Probably worth looking at if you have a java'd phone.

Dashboard clients
  • Twitgit tolerable. Works on 10.5. Has a big fat "undefined" at the top of the window though. Also, wastes some UI room. Could be great if cleaned up.
  • Twitterlex nice compact UI... I think. Doesn't work under 10.5. Too bad.
  • Twidget posts, but doesn't display tweets. Pointless in this day and age.

Quasi-clients that shoot crap like your current itunes track to twitter (blech):
This probably isn't an exhaustive list, but it's all I could tolerate.

Friday, November 2, 2007

OS X 10.5 (Leopard) Secure Installation Notes

This is not a complete report on 10.5, just my personal notes on the installation process. This will give you a totally sweet and at least vaguely secure configuration. You'll need to be a real nerd though. And following along with these notes WILL wipe your system. You've been warned.

Backup
First, before you do anything, back up your machine. Use SuperDuper!. SuperDuper! can create a bootable clone of your boot drive, and its the only thing that really works. Make TWO backups, onto two separate drives, just in case.

Reboot from your backups to ensure they're good. Then restart from your primary drive and disconnect the backup drives.

Note that SuperDuper! is NOT YET 10.5 compatible. Once you upgrade you'll be unable to use SuperDuper! until the dude finishes his 10.5 build. This is almost reason enough not to upgrade.


Clean Install
Disconnect any external drives. Especially the drives you backed up to.

Run the installer (and wait for media check). Select "Erase and Install". The upgradey options kinda work, but will leave your system broken or problematic. DO NOT upgrade. I repeat, select "Erase and Install". It'll WIPE YOUR DISK, but you have two different backups on two different disks, right? 

When presented with the choice, choose Customize. Ditch all or most of the "Language Translations". Ditch the extra fonts (unless you need them for foreign languages). There's gigs n gigs of printer drivers, too, so if you don't wander the earth bumming printer time, just install what you need. Install X11 (duh). Let the install run.

Admin User Account
When prompted to set up a user account, don't set up your normal user account. Instead, set up an admin user. You will do admin stuff from the admin account. Your day-to-day work will be done as a normal user with no special privileges. If any special permissions are needed, say to change something systemy or install some crappy software, you will first have to authenticate as the admin user when prompted for authentication. This is not hard. You just type your admin user name instead of your own. Heck, you can even make your admin and standard accounts have the same password. But do use an admin account. This is a significantly more secure way to operate your system. YOU MUST DO THIS.

When the install is complete, registration is done, etc, you'll eventually be logged in as your admin user. 

Finish the initial installation by installing the developer tools. They're on the install DVD.

Administrative Setup
Open System Preferences->Software Update and run Software Update. There are a few updates you need to install. Install em.

Open System Preferences->Network and set up your network locations, etc. It's new and improved. Nice.

Open System Prefereces->Sharing and turn on any services you use like SSH, Printer Sharing, etc. The UI has been overhauled, but it makes sense.

Open System Preferences->Security
General tab
  • require password to wake this computer from sleep
  • disable automatic login
  • use secure virtual memory (you also need to wipe free space periodically)
  • disable remote control infrared receiver (pair it up if you must use one)

FileVault tab
  • set master password. Don't write it down. Memorize it.
  • Turn on FileVault for your admin user. And later when you su to your admin user, drop the "-" and just "su [admin]" so that it inherits your path. Otherwise your path will lack your beloved macports at /opt/local and you will suffer.

Firewall tab
  • Set access for specific services and applications (SSH, etc), or set to Block all incoming if you really have no incoming connections.
There's been a lot of hubbub about Leopard's firewall. It's sounding like FUD, but it may require redress in the near future.

Open Software Update->Accounts. Set up your user account with Standard user permissions. Do NOT give it admin perms.

Log out of admin account.

User Setup

Log into user account.

System Preferences->Security, FileVault tab. Turn on FileVault for your user account.

System Preferences->Keyboard, Modifier Keys... set Caps Lock to No Action.

Open Safari. Open preferences(CMD-,) and deselect "Open 'safe' files after downloading."

Setup Media Dirs

The preferred media setup is a little different in a FileVaulted account. Store movies and music (mp3's, Greg The Bunny Episodes, etc) that you don't need to secure under /Users/Shared, which is not FileVaulted. This makes your FileVaulted home dir smaller, and makes incremental backups quicker (maybe MUCH quicker). 

First, we're going to create itunes and movies dirs. We'll also make an alias to the Movies dir, which is a little complicated.  Open Terminal and:
% mkdir /Users/Shared/Movies
% mkdir /Users/Shared/iTunes\ Music
% su - [admin-user-id]
% sudo bash
% cd /Users/[your user account]
% rm -rf Movies (better not have crap in here)
% exit (exiting root shell)
% exit (exiting admin user)
% ln -s /Users/Shared/Movies ~/Movies
% rmdir ~/Music/iTunes/iTunes\ Music
% exit
Now for the copying:
  • Mount one of your backup disks.
  • Launch iTunes, select Preferences->Advanced tab->iTunes music folder location->Change... and select /Users/Shared/iTunes.
  • Mount a backup disk, drag music onto iTunes (the application), and voila, iTunes copies the files to /Users/Shared/iTunes. 
  • Copy your movies into your movies dir.
  • Copy the rest of your home directory contents; Documents, Pictures, etc.
  • Copy your dot files: .zshrc, .bashrc, .ssh/, .unison/, etc.
  • Safari bookmarks, located at ~/Library/Safari/Bookmarks.plist
Migrate your Keychain
To get your keychain from your 10.4 instance, do the following:
  • cp [10.4 disk user home dir]/Library/Keychains/login.keychain ~/Library/Keychains/[username].keychain
  • open /Applications/Utilities/Keychain Access
  • From main menu, select Edit->Keychain List
  • Click the "+"  and add your [username].keychain
  • In the Keychains list, select your new [username].keychain and unlock it by clicking the padlock icon
  • With the [username].keychain still selected, select File->Make Keychain "[username]" Default
  • Select Keychain Access->Keychain First Aid just to make sure everything's aiight.
Migrate Address Book
  • Quit address book if it's running.
  • Select all files in your backup at ~/Library/Application Support/AddressBook
  • Drag-copy into your new AddressBook directory
  • Open Address Book and make sure the data made it
Import Mail
Set up your mail accounts. Then select File->Import Mailboxes... and navigate to ~/Library/Mail/Mailboxes. Select mailboxes you want to suck in on the following screen.

Secure Safari
Open Safari->Preferences. In the General preferences tab, make sure 'Open "Safe" files after downloading' is unchecked. Leaving it checked is a serious security hole.

Secure Terminal
Open Terminal, select "Secure Keyboard Entry" from the Terminal menu. This prevents other applications from reading when you're typing into Terminal.

Install Apps
Assuming you're on a single user machine, don't install applications into /Applications. mkdir ~/Applications and install apps there. This is superior.

Install the following:
  • Quicksilver.
  • Macports. Build whatever packages you need. Subversion compiles, but it requires two passes. One of the deps fails the first time. Synergy compiles. Note that ocaml does not build, so unison (via macports) is a no go (sucks big time).
  • A unison binary and drop it into ~/bin. If you're using unison against a cygwin'd windows machine, then grab version 2.27. That version is available on cygwin, and the binary works on Leopard.
  • Intellij IDEA 7.0.1
  • Colloquy.
  • Groovy 1.1 rc2. Groovy 1.0 tries to fiddle with ulimit, which borks. If you must have 1.0, you can hack startGroovy.
  • Little Snitch 2.0 beta. There's a public beta license key, after it expires you pay.
  • Microsoft's RDC 2.0 beta
  • Firefox Safari is SO fast now, haven't used it much.
  • TextMate
  • Cisco VPN
  • iStat menus
Backups
This sucks at the moment, since there's no SuperDuper!. At a minimum, log in as your admin user and cp your standard user's .sparseimage file, then rsync /Users/Shared dir (your mp3's and movies are there, remember?).

Coming soon - Lock Your Firmware