Determining the current console user in macOS

There’s a few methods floating out on the web, but I’d just like to point out a quick and reliable way to get the current console user on macOS using stat. This works great with Fast User Switching and if the mac is at the login screen it will return root as the user

consoleUser=$(stat -f %Su /dev/console)

There you go! Now go forth and script.

Also, if you are using backticks ` to capture output (a.k.a. command substitution) then consider using the more modern and nest-able $(…) method, here’s a good reason why: Why is $(…) preferred over `…` (backticks)?

Install macOS High Sierra, HFS Compression, and OS X 10.8

If you have downloaded Install macOS High on a non-macOS 10.8 machine then copy said installer to a 10.8 Mac, the installer will be unusable. Why? HFS Compression. It seems Install macOS High uses HFS compression on numerous files and it seems 10.8 has issues with that and will not “see” those files.

To quickly demonstrate which files are compressed, we will use stat and examine the st_flags attribute, 0=no compression, 32=compression (thanks ghost of Mac OS X Hints!)

IFS=$'\n\t'; for file in $(find /Applications/Install\ macOS\ High\ -type f); do echo "$(stat -f %f "$file"): $file)"; done

You’ll see many files with 32 as the flag, these will not be readable in 10.8

The trick is to copy the file and do away with the HFS compression, we can use ditto for this:

ditto --nopreserveHFSCompression /Applications/Install\ macOS\ High\ [destination folder]

This will produce an installer compatible with 10.8… sure you could have downloaded it via the Mac App Store by now on a 10.8 machine, but now you know.

XProtect Plugin Checker

Are you a system administrator or power user who needs a quick way to check if your Flash or Java plugins have been blocked by Apple? Like so:XProtectPluginChecker Menu 2

Then XProtectPluginChecker is the status menu app for you!

XProtect Plugin Checker iconClick to download.

Written in BASH, sprinkled with PlistBuddy/awk/sed-Fu with a dash of mdfind magic, and wrapped with Platypus, the aim is for XProtect Plugin Checker to be able to dynamically accommodate any additions Apple might make to the Plugin Blacklist, although only Flash and Java seem to be in their crosshairs right now, who knows? Silverlight might be next, given its lack of updates (going on 10 months).

A bonus idea for making this more useful is to make a launchd script that watches the XProtect plist file(s) then fires off the XProtectPluginChecker script when they change, emailing the results to you, because knowing is half the battle!

If you find this useful or if you have some hiccups with it, let me know. UPDATE: Now with comments enabled! :]

Also related, myXProtectStatus is a similar style menu status script that lists the malware threats Apple is blocking.

Restore previous Safari version from .SafariArchive.tar.gz

Did that new Safari update break something? Want your old version back?
Simple. Thanks to Apple’s prescient yet secretive engineers, there’s a way.
Let me show you.

When Safari does an upgrade it saves the previous version in this location:
/Library/Application\ Support/Apple/.SafariArchive.tar.gz

To restore we just need to tell tar to expand the archive to the root folder:
sudo tar -xvf /Library/Application\ Support/Apple/.SafariArchive.tar.gz -C /

To be complete, delete the receipt from /var/db/receipts, in this case it is Safari 5.1
sudo rm -rf /private/var/db/receipts/*

Reboot. (since we’ve just replaced a whole bunch of public and private frameworks the OS uses)

(Whew. This will fix the early Safari 5.1 adopters at work who now can’t use our Java based timesheet app since upgrading!)

A new start…

OK, I’ve upgraded my WordPress install, as well as trying the WP_Spamfree plugin.

You know I had 3,500 Spam trackbacks awaiting moderation? That my WP install had been hacked AGAIN, and my cryptograph plugin disabled? Sheesh. I really would like to allow comments and trackback, but the spam is horrendous (literally, quite the vilest stuff you can imagine), Anyway, here’s hoping it works. Going to give it a day or two and see how it goes.

I’ve got some good stuff planned to share. #1 being how to make standard pkg files for Acrobat Reader and CS3 and CS4… w00t.

10.4.11 DNS results from

The results are in for my iBook G4 running 10.4.11 with Security patch 2008-005 when using the DNS checker at doxpara

Your name server, at, appears to be safe, but make sure the ports listed below aren’t following an obvious pattern (:1001, :1002, :1003, or :30000, :30020, :30100…).

Requests seen for TXID=31583 TXID=27344 TXID=35665 TXID=50022 TXID=63897


There’s some who say things aren’t all right, but the patch from Apple seems to be satisfying the the tool of the researcher who found the bug, and ncircle doesn’t provide the command line or tool that they used to obtain these results. So for me I feel confident in this patch as-is, especially since BIND isn’t turned on anyway and I’m not using my DNS anyway (and the vast majority of Mac owners aren’t either) I’m using my DSL provider AT&T’s DNS server for resolution, so it’s them who I hope have patched all their routers. And I’m sure they did, Tuesday before last

What’s in the MacBook, MacBook Pro Software Update 1.0?

Well they forgot to enable Journalling so they just have to turn it back on with this update. And after it runs the .dist file and makes sure you have the right machine, it runs this command:
/System/Library/Filesystems/hfs.fs/hfs.util -J /
You’ll find it in the postflight file. Besides that it installs a blank dummy file in /var/tmp, because otherwise a package will complain that it didn’t have anything to do!

Anyhoo, to check to see if you have Journalling installed, there are many ways, but here’s the Terminal way:
/System/Library/Filesystems/hfs.fs/hfs.util -I /