From Segfault
Jump to: navigation, search

64-bit Support

Check if 64-bit is even supported on your Mac:

$ ioreg -l -p IODeviceTree | grep firmware-abi
  | |   "firmware-abi" = <"EFI64">

Check if 64-bit is currently enabled:

$ system_profiler -detailLevel mini | grep 64-bit
    64-bit Kernel and Extensions: No

Enable 64-bit permanently:

$ sudo vi /Library/Preferences/SystemConfiguration/
   <key>Kernel Flags</key>

Enable 64-bit permanently by modifying the PRAM:

$ sudo nvram boot-args="arch=x86_64"

Enable 64-bit permanently via systemsetup(8):

$ sudo systemsetup -setkernelbootarchitecture x86_64

CDROM checksum

An inserted CDROM looks something like this:

$ diskutil list disk2
  #:                       TYPE NAME                    SIZE       IDENTIFIER
  0:        CD_partition_scheme             *761.9 MB   disk2
  1:     Apple_partition_scheme              663.5 MB   disk2s1
  2:        Apple_partition_map                1.0 KB   disk2s1s1
  3:                  Apple_HFS Foo          663.1 MB   disk2s1s2

To access of the data part of this CD, use {r,}disk2s1. In order to calculate the checksum, something like this would do:

$ openssl sha512 /dev/disk2s1
SHA512(/dev/disk2s1)= a12ba91d1cb4115cd10e[...]

This checksum should be the same as the image used to create this CDROM.


Under MacOS X, it's DYLD_LIBRARY_PATH instead of LD_LIBRARY_PATH[1]:

$ /opt/pacparser/bin/pactester
dyld: Library not loaded: /usr/lib/libpacparser.1.dylib
  Referenced from: /opt/pacparser/bin/pactester
  Reason: image not found
Trace/BPT trap: 5

$ otool -L /opt/pacparser/bin/pactester
       /usr/lib/libpacparser.1.dylib (compatibility version 0.0.0, current version 0.0.0)
       /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 159.1.0)

$ DYLD_LIBRARY_PATH=/opt/pacparser/lib /opt/pacparser/bin/pactester -v


Disable the Application Layer Firewall (ALF):

defaults write /Library/Preferences/ globalstate -int 0           # Enable with "1"

Now restart ALF:

launchctl unload /System/Library/LaunchAgents/
launchctl unload /System/Library/LaunchDaemons/

launchctl load /System/Library/LaunchDaemons/
launchctl load /System/Library/LaunchAgents/

Import .ogg into iTunes

According to the internet[2], this should be possible:

...and then it should "just work". Unfortunately, these components have been abandoned, current (2013) installations if iTunes may not work with this package and continue to fail to import/play .ogg files :-\

Keyboard shortcuts

  • Alt-Tab not working as expected? Try Apple-Tab to switch through applications and Apple-` to switch through windows.
  • To generate a screenshot, press Apple-Shift-3 (or -4 to choose a certain area). The screenshot can be usually found on your ~/Desktop, last I tried it generated a .tiff image :-\
  • Break into OpenFirmware when booting: press Apple-O-F
  • Boot into Single-User mode when booting: press Apple-S
  • Boot from CDROM when booting: just press C

Malware checker

Mac OS X v10.6 Snow Leopard and later checks for malware, and stores visited URLs in an SQLite database. The database is located under:

$ DB=~/Library/Preferences/

Example queries go like this:

sqlite3 $DB "select LSQuarantineDataURLString from LSQuarantineEvent" 
sqlite3 $DB "select LSQuarantineAgentName, LSQuarantineDataURLString, \
        date(LSQuarantineTimeStamp + 978307200, "unixepoch") as downloadedDate \
        from LSQuarantineEvent order by LSQuarantineTimeStamp' | sort | grep '|' --color

The schema

$ sqlite3 $DB ".schema LSQuarantineEvent"
CREATE TABLE LSQuarantineEvent (  LSQuarantineEventIdentifier TEXT PRIMARY KEY NOT NULL,  \
        LSQuarantineTimeStamp REAL,  LSQuarantineAgentBundleIdentifier TEXT,  \
        LSQuarantineAgentName TEXT,  LSQuarantineDataURLString TEXT,  LSQuarantineSenderName TEXT, \
        LSQuarantineSenderAddress TEXT,  LSQuarantineTypeNumber INTEGER,  LSQuarantineOriginTitle TEXT, \
        LSQuarantineOriginURLString TEXT,  LSQuarantineOriginAlias BLOB );
CREATE INDEX LSQuarantineEventIndex  ON LSQuarantineEvent (  LSQuarantineEventIdentifier );

Deleting all records from the database:

sqlite3 $DB "delete from LSQuarantineEvent"
sqlite3 $DB "vacuum"


Memory usage in MacOS X:[3]

$ top -l 1 -ncols 10 -u -n 5 
Processes: 104 total, 3 running, 101 sleeping, 603 threads 
2015/10/18 06:45:48
Load Avg: 0.00, 0.03, 0.00 
CPU usage: 4.0% user, 24.0% sys, 72.0% idle 
SharedLibs: 3076K resident, 4700K data, 0B linkedit.
MemRegions: 21778 total, 1211M resident, 15M private, 105M shared.
PhysMem: 314M wired, 1132M active, 500M inactive, 1946M used, 99M free.
VM: 241G vsize, 1039M framework vsize, 528377(0) pageins, 139918(0) pageouts.
Networks: packets: 32360004/10G in, 28534578/9332M out.
Disks: 13866258/105G read, 18379279/376G written.

87-    hwmond      0.0  18:43:04 4/1  1   93+    122+   58M+  644K+
18411  firefox     0.0  10:45:29 36   1   252+   8105+  176M+ 50M+ 
77     servermgrd  0.0  08:10:46 6    2   109+   275+   18M+  13M+ 
0      kernel_task 0.0  06:26:26 60/5 0   2+     1096+  20M+  0B   
1      launchd     0.0  04:56:41 3    0   136+   64+    892K+ 476K+
  • Wired - Memory in RAM that cannot be swapped out
  • Active - Memory in RAM that has recently been used.
  • Inactive - Memory in RAM that isn't actively used but was recently used. For example, when an application is closed its memory contents are marked inactive before being released entirely. However, despite being inactive, memory will be given to other programs if needed.
  • Used - Total amount of RAM used.
  • Free - The amount of RAM not being used.

Mount DMG images in Linux

Not really MacOS specifig, but here you go: DMG files are usually compressed, like this:

$ file foo.dmg
foo.dmg: bzip2 compressed data, block size = 100k

However, uncompressing via bzip2 won't work without errors, although the result looks kinda promising:

$ bzip2 -dc foo.dmg > foo.dmg.uncompressed
bzip2: foo.dmg: trailing garbage after EOF ignored
$ file foo.dmg.uncompressed 
foo.dmg.uncompressed: Apple Driver Map, blocksize 512, blockcount 157500, devtype 0, devid 0, descriptors 0, contains[@0x200]: Apple Partition Map, map block count 3, start block 1, block count 63, name Apple, type Apple_partition_map, contains[@0x400]: Apple Partition Map, map block count 3, start block 64, block count 157432, name disk image, type Apple_HFS, contains[@0x600]: Apple Partition Map, map block count 3, start block 157496, block count 4, type Apple_Free

We'll use dmg2img[4][5] to decompress the .dmg:

$ dmg2img foo.dmg foo.dmg.uncompressed
opening partition 0 ...             100.00%  ok
opening partition 1 ...             100.00%  ok
opening partition 2 ...             100.00%  ok
Archive successfully decompressed as foo.dmg.uncompressed

Now we will be able to mount the image:

$ sudo mount -t hfsplus -o ro foo.dmg.uncompressed /mnt/disk
$ mount | tail -1
/tmp/foo.dmg.uncompressed on /mnt/disk type hfsplus (ro,relatime,umask=22,uid=0,gid=0,nls=utf8)


The following messages came up in syslog:

CalendarAgent[305]: CFNetwork SSLHandshake failed (-9836)
CalendarAgent[305]: NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9836)
CalendarAgent[305]: [] 
     [Rectifying principal path either because of an error 
     (Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection 
      to the server cannot be made." UserInfo={_kCFStreamErrorCodeKey=-9836, 
      NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, 
      NSUnderlyingError=0x7fb030e470c0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 
      "An SSL error has occurred and a secure connection to the server cannot be made." 

The server presented a self-signed certificate that was unknown to MacOS's trust store. After this was fixed, we can use nscurl to verify that MacOS can successfully communicate with the server:

$ nscurl --verbose --ats-diagnostics
Starting ATS Diagnostics
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
Default ATS Secure Connection
ATS Default Connection
ATS Dictionary:
Result : PASS


As an easy example[6], let a smarthost handle all our mails:

$ postconf -e smtp_use_tls=yes

$ grep ^relayhost /etc/postfix/
relayhost =

Make sure aliases are set up too:

$ grep ^root /etc/postfix/aliases

Regenerate /etc/aliases.db:

$ newaliases

Now mailx(1) or any other MUA can be used and mail should be delivered to the smarthost.


MacOS StartupItems have been deprecated for a long time[7] and MacOS 10.10 eventually removed[8] the[9] entry.

To still use StartupItems like rc.local, we'll create our own[10] LaunchDaemon:[11]

$ cat /Library/LaunchDaemons/local.localhost.startup.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "">
<plist version="1.0">
    <key>Label</key>             <string>local.localhost.startup</string>
    <key>Disabled</key>          <false/>
    <key>RunAtLoad</key>         <true/>
    <key>KeepAlive</key>         <false/>
    <key>LaunchOnlyOnce</key>    <true/>

Create our /etc/rc.local and make sure it's executable:

$ ls -l /etc/rc.local 
-rwxr-xr-x  1 root  wheel  42 Oct 16 16:43 /etc/rc.local

$ cat /etc/rc.local
date >> /tmp/foo

Replace the command with something useful :-)

Enable the .plist with:

sudo launchctl load -w /Library/LaunchDaemons/local.localhost.startup.plist

Note: the dreaded "Could not find domain for" error[12] may appear if this is run in a headless session. Once the executing user logs in locally (or via screen sharing), the error should go away.

Rearrange Menu Bar Items

Hold down the COMMAND key and drag the icon around.


Putting the computer to sleep with pmset:

pmset sleepnow

With osascript:

osascript -e 'tell application "System Events" to sleep'

With shutdown:

sudo shutdown -s now


List wireless networks:

$ /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport -s
        SSID BSSID            RSSI CHANNEL HT CC SECURITY (auth/unicast/group)
      mywlan 1a:1b:1c:1d:1e:1f -91  3       Y  -- WPA2(PSK/AES/AES)
     wifi123 2a:2b:2c:2d:2e:2f -83  11      Y  TW NONE
       wrlss 3a:3b:3c:3d:3e:3f -81  2       Y  US WPA(PSK/AES,TKIP/TKIP) WPA2(PSK/AES,TKIP/TKIP)
 SSID  -- Service Set Identifier
 BSSID -- Basic Service Set Identifier
 RSSI  -- Received Signal Strength Indicator
 HT    -- Hight Throughput (aka Greenfield mode
 CC    -- Country Code

There's also /System/Library/CoreServices/Wi-Fi, a GUI to analyze WiFi networks.