What’s in the Time Machine Update?

Here’s the meat of what gets updated: backup daemon helper & file vault image tool, loginwindow.app, Broadcom and Aetheros wireless kexts. Lotsa System.kexts: BSD, IOKit, Libkern, MAC Framework, Mach. The AFP filesystem plugin, metadata framework, the backupd launch daemon plists, and the DiskImages framework.

 

/System/Library/CoreServices/SystemVersion.plist

/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd-helper

/System/Library/CoreServices/backupd.bundle/Contents/Resources/fvimagetool

/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow

/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AirPortAtheros.kext/Contents/MacOS/AirPortAtheros

/System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AppleAirPortBrcm4311.kext/Contents/MacOS/AppleAirPortBrcm4311

/System/Library/Extensions

/System.kext/PlugIns/BSDKernel.kext/BSDKernel

/System/Library/Extensions

/System.kext/PlugIns/IOKit.kext/IOKit

/System/Library/Extensions

/System.kext/PlugIns/Libkern.kext/Libkern

/System/Library/Extensions

/System.kext/PlugIns/MACFramework.kext/MACFramework

/System/Library/Extensions

/System.kext/PlugIns/Mach.kext/Mach

/System/Library/Extensions

/System.kext/PlugIns

/System6.0.kext/kernel.6.0

/System/Library/Extensions

/System.kext/PlugIns/Unsupported.kext/Unsupported

/System/Library/Filesystems/AppleShare/afpfs.kext/Contents/MacOS/afpfs

/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mds

/System/Library/LaunchDaemons/com.apple.backupd-attach.plist

/System/Library/LaunchDaemons/com.apple.backupd-auto.plist

/System/Library/LaunchDaemons/com.apple.backupd-wake.plist

/System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/DiskImages/usr/share/man/man1/tmdiagnose.1

Here’s hoping that the update in tandem with the Airport/Time Capsule fixes some of the problems people have had with using a hard drive as an Airport disk on the Airport Extremes. For me it wasn’t even about Time Machine, the real pain was transfers were SLOW even over the 100Mb/s Ethernet (dangit I jumped the gun and didn’t get the GigE model) and sometimes the Airport Disk couldn’t be mounted on my computers until the Airport was restarted. Also with the update the ever mysterious Wide Area Bonjour prefs are still around, they are in the Name-Edit… button now.One more thing…/usr/share/man/man1/tmdiagnose.1: Hmmm, is this a Time Machine diagnostics tool?Let’s have a look at the man page or this one:tmdiagnose(1) BSD General Commands Manual tmdiagnose(1)NAME tmdiagnose, Other_name_for_same_program(), Yet another name for the same program. — This line parsedfor whatis database.

tmdiagnose(1)             BSD General Commands Manual            tmdiagnose(1) 

NAME

     tmdiagnose, Other_name_for_same_program(), Yet another name for the same program. — This line parsed

     for whatis database.

SYNOPSIS

     tmdiagnose, [-abcd] [-a path] [file] [file …] arg0 arg2 …

DESCRIPTION

     Use the .Nm macro to refer to your program throughout the man page like such: tmdiagnose, Underlining

     is accomplished with the .Ar macro like this: underlined text.

     A list of items with descriptions:

     item a   Description of item a

     item b   Description of item b

     A list of flags and their descriptions:

     -a       Description of -a flag

     -b       Description of -b flag

FILES

     /usr/share/file_name                          FILE_1 description

     /Users/joeuser/Library/really_long_file_name  FILE_2 description

SEE ALSO

     a(1), b(1), c(1), a(2), b(2), a(3), b(3)

Darwin                           April 2, 2008                          Darwin

 

 Only a dummy man page. And no executable to be found. Its origins though are from the BSD package (see /Library/Receipts/boms/com.apple.pkg.BSD.bom) No change has been made to this man page since 10.5 but yet it is included with this update? Odd. My guess is that there is an Apple internal tool in use but not something for the general public. I mean why would the ‘Rest of Us’ need to diagnose Time Machine?!It’ just works right? ;)

Office 2008 fonts

A postscript to fonts (hehe), I wanted to mention how Office 2008 will replace your Apple supplied fonts with Microsoft fonts, placing them in /Library/Fonts Disabled. Well I like my Apple fonts just fine thank you, so for posterity here’s a list of the fonts that get bumped:

Tiger and Leopard Conflicts:

Andale Mono
Arial
Arial Black
Arial Narrow
Arial Rounded Bold
Brush Script
Comic Sans MS
Georgia
Impact
Times New Roman
Trebuchet MS
Verdana

Leopard Only Conflicts:

Tahoma
Wingdings 2
Wingdings 3

Also, just so you know there is set of fonts that Microsoft calls it’s ClearType Font Collection these fonts can be found on Vista and Windows Office 2007 (and Office 2008) they are:

Calibri Bold Italic.ttf
Calibri Bold.ttf
Calibri Italic.ttf
Calibri.ttf
Cambria Bold Italic.ttf
Cambria Bold.ttf
Cambria Italic.ttf
Cambria.ttf
Candara Bold Italic.ttf
Candara Bold.ttf
Candara Italic.ttf
Candara.ttf
Consolas Bold Italic.ttf
Consolas Bold.ttf
Consolas Italic.ttf
Consolas.ttf
Constantia Bold Italic.ttf
Constantia Bold.ttf
Constantia Italic.ttf
Constantia.ttf
Corbel Bold Italic.ttf
Corbel Bold.ttf
Corbel Italic.ttf
Corbel.ttf

All named C, like when parents name all there kids by the same letter, which is a bizarre practice I’ve never understood. I have yet to do more testing, but in an attempt to find out what the bare minimum fonts required are this seems like a good place to start.

And what the hey, here’s the rest of the Office 2008 fonts minus the conflicts and the ClearType Collection:

Abadi MT Condensed Extra Bold
Abadi MT Condensed Light
Baskerville Old Face
Batang.ttf
Bauhaus 93
Bell MT
Bernard MT Condensed
Book Antiqua
Bookman Old Style
Bookshelf Symbol 7.ttf
Braggadocio
Britannic Bold
Calisto MT
Century
Century Gothic
Century Schoolbook
Colonna
Cooper Black
Copperplate Gothic Bold
Copperplate Gothic Light
Curlz MT
Desdemona
Edwardian Script ITC
Engravers MT
Eurostile
Footlight Light
Franklin Gothic Book Italic.ttf
Franklin Gothic Book.ttf
Franklin Gothic Medium Italic.ttf
Franklin Gothic Medium.ttf
Garamond
Gill Sans MT Bold Italic.ttf
Gill Sans MT Bold.ttf
Gill Sans MT Italic.ttf
Gill Sans MT.ttf
Gill Sans Ultra Bold
Gloucester MT Extra Condensed
Goudy Old Style
Gulim.ttf
Haettenschweiler
Harrington
Imprint MT Shadow
Kino
Lucida Blackletter
Lucida Bright
Lucida Calligraphy
Lucida Console.ttf
Lucida Fax
Lucida Handwriting
Lucida Sans
Lucida Sans Typewriter
Lucida Sans Unicode.ttf
Marlett.ttf
Matura Script Capitals
Meiryo Bold Italic.ttf
Meiryo Bold.ttf
Meiryo Italic.ttf
Meiryo.ttf
Mistral
Modern No. 20
Monotype Corsiva
Monotype Sorts
MS Gothic.ttf
MS Mincho.ttf
MS PGothic.ttf
MS PMincho.ttf
MS Reference Sans Serif.ttf
MS Reference Specialty.ttf
MT Extra
News Gothic MT
Onyx
Perpetua Bold Italic.ttf
Perpetua Bold.ttf
Perpetua Italic.ttf
Perpetua Titling MT
Perpetua.ttf
Playbill
PMingLiU.ttf
Rockwell
Rockwell Extra Bold
SimSun.ttf
Stencil
Tw Cen MT Bold Italic.ttf
Tw Cen MT Bold.ttf
Tw Cen MT Italic.ttf
Tw Cen MT.ttf
Wide Latin
Wingdings

order abilify online
acai
accutane withdrawal
aciphex online pharmacy
acomplia
buy actonel without prescription
price of actos
order aleve online
buy allegra online
order alli
altace with no prescription
purchase antibiotics
aricept
arimidex canada
ashwagandha canada
astelin cost
atacand online
atarax rx
generic augmentin
avandia mg
price of avapro
purchase avodart
bactrim tablets
order benadryl online
cheapest benicar
biaxin online pharmacy
no prescription buspar
cardizem online
celebrex overnight
celadrin
cephalexin drugs
cialis canada
cipro cost
cla discounted
cheap clarinex
claritin online
buying clomid
clonidine overnight
colchicine information
coreg with no prescription
online coumadin
cozaar vs
creatine
buy crestor without a prescription
cymbalta mg
cytotec no prescription
order depakote
price of diclofenac
differin medication
diflucan mg
diovan overnight no rx
doxycycline delivery
effexor
flagyl
flomax product
buy glucophage without prescription
hair loss
hangover
cheapest hoodia
keppra
lamictal no prescription
lamisil canada
prices lasix
levaquin vs
no prescription levitra
buy lexapro without a prescription
cost of lipitor
prices lisinopril
melatonin tablets
metformin
methotrexate
micardis tablets
order mobic online
motrin coupon
msm
neurontin withdrawl
nexium order online shipping
purchase nizoral online
nolvadex tablets
omnicef no prescription
cost of paxil
penis extender product
phentermine
phosphatidylserine
plan b online
cost of plavix
pravachol vs
prednisone medication
order premarin
purchase prevacid online
prometrium delivery
propecia delivery
provera withdrawal
order prozac online
generic reglan
reminyl
rimonabant no rx
buy risperdal without prescription
cheap rogaine no prescription
seroquel pills
singulair cost
cheap skelaxin
generic stop smoking
strattera tablets
discount stress relief
synthroid coupon
tetracycline
buy topamax online
toprol
price of toradol
tramadol pills
trazodone
tricor order online shipping
trileptal vs
ultracet no prescription
valtrex online pharmacy
cheapest viagra
voltaren tablet
price of vytorin
weight loss drugs
wellbutrin
yohimbe
zantac canada
buy zetia online
zestoretic medication
buy zithromax without prescription
no prescription zoloft
order zovirax online
cheap zyban
zyprexa overnight no rx
purchase zyrtec online
cheap zyvox no prescription

Office 2008 12.01 Update almost does it

So the Office 2008 12.01 updater came out, it’s got a whole lot of packages for each app and component with postflight scripts written in Python to clean up all the permissions:

Mar 12 15:33:00 brunerd runner[8556]: postflight[8773]: setting ownership/permissions
Mar 12 15:33:00 brunerd runner[8556]: postflight[8773]: fixing setuid flags
Mar 12 15:33:00 brunerd runner[8556]: postflight[8773]: clearing ACLs
Mar 12 15:33:00 brunerd runner[8556]: postflight[8773]: sanitizing receipts

Doing an ls -lRFG in /Applications/Microsoft Office 2008 won’t leave you seeing red, they’ve cleaned that all up quite nicely.

Anyway, call me picky, but it forgets just one thing, the /Library/Fonts/Microsoft folder, it leaves that and its contents owned by 502 and they’re all marked executable. (Fonts don’t really need to be executable.) And as paranoid as it is — it’s still not quite right. So after you’ve put your tinfoil hat on, run 12.01, you can do this to finish it up:

#take away all users’ execute permissions
chmod a-x /Library/Fonts/Microsoft/*
#recursively own all fonts as root and admin group
sudo chown -R root:admin /Library/Fonts/Microsoft

Update: Or you can go into the update using Show Package Contents then navigate to Contents/Packages and run Office2008_en_fonts_12.0.1.incremental.pkg again, that’ll do the trick.

Applescript Language Guide for Leopard Released (Finally)

So just today I was this close to going on the Applescript mailing list to find out why the Apple Script Language guide for Leopard had yet to be released, despite being touted as “the essential guide for scripters and developers” on the Apple website, the old version from 1999 was all that could be found since Leopard’s release last year.

But today, with as little fanfare as possible, it was released.

Now go forth and…

tell Safari
get all documents containing “Applescript 2.0”
end tell

ARD Security Awareness (Standard User can run root commands)

Did you know a Standard user can run commands as root via ARD?
This seems really odd doesn’t it? Why would this be necessary? The thing that gets me is how in Tiger you had to explicitly grant each user the privileges after starting the ARD service. But in Leopard, when you start the service All Users is the default.

So let’s take a walkthrough of what I was looking into this Friday evening:
Find a Mac running Leopard
Turn on Remote Management (yes you do have to be admin to do this)
Notice the default is for All Users to have access.
Create a Standard user in Leopard
Great, now go get a machine with ARD on it.
Add the computer to your ARD list using the standard user’s credentials
Send it a Unix Command to run as root (touch /HaxorWasHere, in this case)
Notice the new file owned by root in a place where no standard user can put things.

Interestingly, perhaps because I had done this a number of times, and Leopard got confused after a while, I tried deleting through Finder (while logged in as ‘test’ but authenticating as administrator) and got this message

OK that oddity aside, here’s another: You don’t need to have everything checked in ARD’s preferences to accomplish this, here’s the bare minimum :

  • Generate reports
  • Open and quit applications
  • Change settings
  • Delete and replace items
  • Restart and shut down
  • Copy items
  • Page 66 of the ARD manual does go into detail what needs to be turned on to run a Unix command, but why not just have a check box: Run Unix Command? Also, Generate Reports isn’t listed as one of them, but unless it was checked I got this?

    Now I’m not saying this is an out and out security breach, no, because it requires admin privileges to turn on the service and add the user, but it does show how simply checking a check box as an admin could open your up your Mac to Bad Things™ if a standard user on your family computer has a weak password and someone else has ARD in a dark alley… well, you know what I mean. This just doesn’t seem right. Standard users should only be able to do standard user things, even in the magical world of ARD.

    See the ARD manual pages 65-68 for Apple’s wording on the Remote Management Preference pane permissions. See if it seems clear that Standard users given ‘administrator’ (ARD administrator in this case) privileges can run as root. Leave a comment and let me know what you think, thanks.

    10.5.1 Install Media Fixes Disk Utility Bug

    So I waited until the last minute to do the Leopard Up-to-Date program for my mac mini. One because the dang website wouldn’t recognize my mini’s serial number since December (and never did, they made me fill out the manual form — no phone orders!), but also because I wanted to make sure I got newer media. Unfortunately 10.5.2 is still in the oven, but 10.5.1 fixes this annoying bug in Disk Utility:
    10.5.0 Disk Utility Error
    “Unable to create “filename“. (Read-only file system)

    This would happen when you attempted to make a disk image of your hard drive and save it to another device (like an external drive), it said it was read only. I tried going through Terminal running mount -uw /Volumes/volumename to make sure it was read/write it would still balk in Disk Utility. And this was a useful thing to do before, say, upgrading to a new OS or just saving a machine image for restore/deployment like I do at work. Not a big deal since I could use a retail Tiger disc (for PPC machines) or the 10.4 (intel) install media that came with the intel machines to make backups, but I really wanted to get a Universal disc that could boot Intel and PPC and do what I wanted it to do.

    Well, 10.5.1 fixes this. If you have a 10.5.0 disc, it ain’t gonna work. I was considering taking my 10.5.0 media back for an exchange, but I expensed it for work and the finance dept. has swallowed up my receipt (in a box in a warehouse Indiana Jones style, I’m sure) and I didn’t get it emailed to me as they usually do, but I think they were in a bit of a hurry since I got it on release day. C’est la vie. Besides what I really want is a 10.5.2 DVD anyway… this will be a keeper. The version that should have come out as 10.5.0 but you know they had to hit that Holiday shopping window.

    Best Prices on Viagra
    abilify bipolar
    accutane perscription
    aciphex costs
    acomplia diet pills
    actonel dosage
    actos ambien
    cheap aleve
    cheap online allegra
    buy alli cheap walmart
    cheap altace no prescription
    antibiotics online without a prescription
    drug aricept
    arimidex discount prices
    ashwagandha information
    30 ml astelin purchase
    atacand drug
    order atarax
    augmentin 875mg
    avandia diabetic drug
    generic avapro
    avodart
    cheap bactrim
    benadryl pet dosage
    discount benicar
    biaxin antibiotic
    online buspar
    online cardizem
    celebrex cancer
    cephalexin 500mg
    discount cialis levitra viagra
    cipro xr
    cla 95
    buy clarinex
    allergy claritin
    clomid and no presciption
    clonidine side effects
    natural colchicine
    cheap coreg
    coumadin side effects
    cozaar
    order creatine online
    crestor side effects
    cymbalta for anxiety
    depakote + toddler
    75mg diclofenac
    cheap online differin
    diflucan alternative
    diovan hct
    order doxycycline
    order effexor
    flagyl and alcohol
    8mg flomax
    glucophage dosage
    hair loss vitamin
    jason collett hangover days
    is the hoodia diet safe
    lamictal price
    lamisil product
    dog cough lasix
    buy levaquin online
    cialis vs levitra
    buy lexapro
    Lipitor 2b Generic
    lisinopril wean off
    online melatonin
    MICARDIS HCT BUY ONLINE
    mobic high blood pressure
    order motrin
    neurontin medication
    Nexium Side Effects
    nizoral 7oz
    nolvadex clomid
    omnicef dosage
    anxiety cr paxil
    vesco penis extender traction
    cheap 37 5 phentermine
    cheap plan b
    Risk of surgery with plavix
    Bontril Pravachol Paxil Index Php
    prednisone for dogs
    order premarin
    buy prevacid
    prometrium miscarriage
    headache pain propecia relief viagra
    depo provera mis carry
    potatoes not prozac
    Incidence of seizures with Reglan and Tramadol
    risperdal + dimentia
    rogaine woman
    Seroquel Be Used for Anxiety
    singulair and rash
    skelaxin problems
    online stop smoking
    ATOMOXETINE STRATTERA
    how to relief your stress
    online synthroid
    topamax and methadone
    changing from atenolol to toprol
    toradol
    Cheap Tramadol Cod
    Tricor chemistry SAR analog
    oxcarbazine, chemical, trileptal
    172hydrocodone vs ultracet
    valtrex and breast feeding
    viagra levitra sexual health
    Voltaren Emugel Side Affects
    vytorin report
    weight loss dietary supplements
    wellbutrin withdrawal anger
    coryanthe yohimbe
    zantac babies side effects
    zantac and zetia interactions
    zithromax pregnant
    zoloft effects
    Acyclovir Zovirax
    Zyban Xr
    zyprexa overdose
    Side Effects to Taking Zyrtec
    Cost of Zyvox

    Office 2008 for the ‘executive’

    Last night, while groggily honing in on the Office 2008 installer package UID problems, I missed another glaringly obvious defect: All the files are set executable, yes those files owned by 502 are also set executable. Take a look again at the lsbom dump you’ll see this everywhere: 100775. For the first two: the 10 means it’s a file, 40 is a directory. The last three (775) are significant: 7 is 4+2+1 (4:read, 2:write, 1:execute) and 5 is… that’s right: 4+1, read and execute privileges.

    Now tell me does… /Microsoft Office 2008/Read Me.html need to be executable for you to look at it? Tick, tick, tick, *ding*! No. It does not let’s do another!
    Does this god awful GIF bullet? /Microsoft Office 2008/Office/Media/Clipart/Bullets.localized/Red Swirl No. But it is.
    Ok. One more: /Microsoft Office 2008/Office/Media/Sounds/Yeehaw? Yeah, you’re getting it. No.

    The only things that needs execute privileges are directories (that’s application bundles too) and executables such as: Microsoft Word.app/Contents/MacOS/Microsoft Word

    And can you remove this execute bit in Finder? No. You have 3 choices, Read & Write, Read Only, and No Access, flip through them all and the x will still be there. You’ll need to chmod it from the terminal, but be careful, not all of them… or just give chmod -R ugo-x * a whirl, then slowly go through and chmod go+x the executables one by one and see if it still works, might be faster than the inverse… but I haven’t tested anything yet, that’s for work tommorrow… and the next day… in the mean time…

    Try this: ls -lFGR /Applications/Microsoft\ Office\ 2008

    You’ll be seeing red. :D

    BTW: Just in case, the media I am using is Part No: X13-64625-03, I hope MS can fix this and re-press this for Volume License customers — my day job! And speaking of just in case, thanks ‘justincase’ of the Clix forums for pointing out the glaringly obvious.

    Office 2008, 502, and you

    So… I got a free copy of Office 2008 Digital Media Edition for free at MacWorld 2008! W00t! All because IDG double booked a room and the session I wanted got bumped until later. I instead went to see what’s new at the “Office2008:Form Meet Function” session, cute sounding eh? Within the first minute or two, to ensure our rapt attention I’m sure, our lady MC told us that we were all going to receive a free copy of Office 2008. Except, without the same flair as Oprah (she should have tried stretching it out: “You’re all getting Awwwwwww-Fiiiiiiiiiiiiiiiiice!!!”) Oh well, it still felt nice to win something, especially something as pricey as the Digital Media Edition which runs $467 at CDW! I got back yesterday and after debating whether I’d sell this bad boy or install it, I went with carnal knowledge of the beast.

    First things first: They’ve moved to Apple’s Package Maker (.pkg) installer files, good news for the enterprise rollouts? Well, unfortunately they’ve created all the packages to install most all of the files with the owner set to 502.

    So let’s say, Mr. IT installs this on a user’s machine where the first user is the admin (501) and the standard user is Joes User (502), well, when after all’s installed, it will give Joe User (502) ownership of these folders and their installed contents:

    /Library/Automator/ (if it doesn’t exist already)
    /Library/Fonts/Microsoft
    /Library/Application Support/Microsoft
    /Applications/Microsoft Office 2008

    Hmmm, that’s not good now is it? Because A) Joe User will find a way to screw it up and B) those are security holes IT does not want to have. Oh, if only they’d taken a peek at p. 1060 of Cocoa Programming, which basically says, if you let root own the file but the person installing isn’t root, it will assign that user’s id to the installed files, that’s how it should be. Instead if UID 502 doesn’t exist on your system when you install it will still assign that UID as the file’s owner anyway. D’oh!

    I think I feel a chown’ing script (or an Iceberg repackaging) coming on and an uninstaller script too. “But, there’s an Uninstaller!”, you say? Yes there is and it does a lovely job of moving the Microsoft Office 2008 folder to the Trash, but it kinda misses the Application Support folder, the fonts folder (and moving the disabled fonts back), and all 97 automator actions… tsk tsk. Still, it was free!

    Morning Update: It was late, I was tired (and sick), and I totally didn’t think of this one: “Fix Permissions”. If you do get your ownership fixed on all those files, make sure to delete all the Office2008* files from your /Library/Receipts folder, lest you reverse it all with one click of “Fix Permissions” in Disk Utility. And no, you can’t use awk, sed, or some other readily apparent way to modify the bom files… that’s someting for the MOAB crew ;)

    MyMacWorld Calendar, Outlook Compatible

    So, the MyMacWorld site made by BDMetrics has an “Export to PDA” function that supports Outlook and not iCal. Try and import the ics file into iCal and you’ll get:"This calendar file is unreadable. No events have been added to your iCal calendar"Guh!? Let’s go back and read the description of what this exporting will get you:

    This exports all your scheduled items in a single, iCalendar or vCalendar file. You may then import this file into any iCalendar-compliant system such as OutlookTM, then subsequently synch to your PDA.

    Oh super, Outlook. That’s great for the PC manager who gets sent to MacWorld to see what this Mac hullaballoo is all about, but it’s useless for 95% of MacWorld’s attendees. Are you serious BDMetrics?

    Update:
    OK After spending way too long looking at Apple’s iCal specs and messing with the tags and blogging the whole thing (and using ♥ in my URL, so the thing broke on every other browser besides Safari!) I have the solution. But first the reason they don’t work:

  • iCal will only read VERSION:2.0 tagged files, MyMacWorld is VERSION:1.0
  • The iCalendar spec call for CRLF ending, they use an LF only
  • HA! Of course a spec written in 1998 by an MS employee calls for CRLF line endings! Of course, it makes sense now!

    OK so here’s the code. Get thee to a Terminal, cd to where your ics file is, and copy and paste following onto one line, and you’ll be good to go
    perl -p -e 's/VERSION:1.0/VERSION:2.0/g' ShowCalendar.ics | perl -p -e 's/(\r\n|\n|\r)/\r\n/g' > newShowCalendar.ics