Sysadmin on galvanist

macOS JavaScript for Automation (JXA) Notes

Sat, 28 Mar 2020 18:28:48 +0100

Overview

There is a macOS feature called the Open Scripting Architecture (OSA) which provides an infrastructure for intercommunication and automation of macOS software. One of the officially supported OSA languages is JavaScript and its use in this context is called “JavaScript for Automation” which is often abbreviated to “JXA”.

The idea is that instead of using AppleScript, you can program & automate macOS using a more modern language like JavaScript. This gives the programmer access to the enormous ecosystem of javascript libraries and tools in addition to all the modern optimizations and language features of ES6-ish JavaScript. JXA also provides access to a built-in Objective-C bridge that enables access to the file system and the ability to call into the Cocoa frameworks and plain C functions. JXA can basically do anything native code can. It’s a bit like node without needing to install node.

Security Resources for Your New Website

Wed, 11 Mar 2020 23:32:43 +0100

Establishing a reasonable amount of security for a website is a non-trivial unending job. Here are some notes and resources that I find helpful.

Web Server Config

Start with TLS

All public-facing websites need to be protected by Transport Layer Security (TLS). TLS is a technology which allows web traffic to be encrypted and this encryption helps to protect the privacy and security of the users of a site.

Deploying a site with TLS can be accomplished in a free and automated fashion. Services like Let’s Encrypt and the issuance features of large cloud providers (for example AWS Certificate Manager) encourage more secure defaults and automatic management. For more information, check out the Let’s Encrypt Getting Started Guide or your hosting provider’s documentation.

Non-privileged Python Package Installs on OS X

Wed, 10 Dec 2014 04:35:00 +0000

Sometimes a virtualenv isn’t what you want. I often want my account to have a particular python package (like bpython), but I also like to keep things clean and compartmentalized. One answer is installing the package to a standard place within your user account’s home folder. Python is already setup for this, as you can see if you run python -m site.

sys.path = [
    '/Users/someuser',
    '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python27.zip',
    '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7',
    '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/plat-darwin',
    '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/plat-mac',
    '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/plat-mac/lib-scriptpackages',
    '/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python',
    '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-tk',
    '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-old',
    '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-dynload',
    '/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/PyObjC',
    '/Library/Python/2.7/site-packages',
]
USER_BASE: '/Users/someuser/Library/Python/2.7' (doesn't exist)
USER_SITE: '/Users/someuser/Library/Python/2.7/lib/python/site-packages' (doesn't exist)
ENABLE_USER_SITE: True

You’ll see that python is looking for USER_BASE and USER_SITE directories in particular locations. Let’s create them:

Strip Time Machine ACLs

Tue, 12 Aug 2014 19:55:57 +0000

To strip ACLs from all files in the current working directory, run this:

chmod -R -N .

You might want to do this kind of thing if you’ve restored files from a Time Machine backup by hand, preserving permissions. By default Time Machine backup files have this ACL for everyone:

deny write,delete,append,writeattr,writeextattr,chown

Don’t change your Time Machine volume, just use this to strip the ACLs of files you copied from it.

What Processes Are Listening On Your Ports?

Sun, 13 Apr 2014 22:18:21 +0000

lsof

On OS X you wanna use sudo lsof -nP -iTCP -sTCP:LISTEN. The output looks like this:

$ sudo lsof -nP -iTCP -sTCP:LISTEN
COMMAND     PID   USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
launchd       1   root   23u  IPv6 0xf01241af1b915325      0t0  TCP *:5900 (LISTEN)
launchd       1   root   24u  IPv4 0xf01241af1b91732d      0t0  TCP *:5900 (LISTEN)
launchd       1   root   28u  IPv6 0xf01241af1b914ee5      0t0  TCP [::1]:631 (LISTEN)
launchd       1   root   29u  IPv4 0xf01241af1b916b45      0t0  TCP 127.0.0.1:631 (LISTEN)
launchd       1   root   31u  IPv6 0xf01241af1b914aa5      0t0  TCP *:22 (LISTEN)
launchd       1   root   32u  IPv4 0xf01241af1b91f32d      0t0  TCP *:22 (LISTEN)
mtmfs        55   root    4u  IPv4 0xf01241af1b91eb45      0t0  TCP 127.0.0.1:49152 (LISTEN)
mtmfs        55   root    6u  IPv4 0xf01241af1d38cb45      0t0  TCP 127.0.0.1:49153 (LISTEN)
ssh       45193 username    5u  IPv6 0xf01241af1b9128a5      0t0  TCP [::1]:8000 (LISTEN)
ssh       45193 username    6u  IPv4 0xf01241af2405eb45      0t0  TCP 127.0.0.1:8000 (LISTEN)

netstat

On many types of Linux you can use lsof, but also sudo netstat -tulpn. The output looks like this:

Fixing bpython's delete

Fri, 21 Feb 2014 00:21:00 +0000

A guy named Shironoo found one solution (which I read in english) to a problem I’d been having with bpython over SSH. Namely that using the delete key ruins the world, or at least kills the current line.

My slightly modified (temporary) solution is to make this change:

in bpython/cli.py:
- in def p_key(self, key):
  - replace if platform.system() == 'Windows':
  - with if platform.system() in ('Windows', 'Linux'):

You can find your bpython install with this kinda thing:

Your Mac's Serial Number via the Command Line

Thu, 20 Feb 2014 23:54:40 +0000

Here’s my first (admittedly ugly) attempt:

system_profiler SPHardwareDataType | grep 'Serial' | sed 's/^.*\:\ //'

Here’s a better one from stack exchange:

system_profiler SPHardwareDataType | awk '/Serial/ {print $4}'

Check your warranty status:

Update: Within a year or two of this post, Apple disabled direct URL links to hardware warranty checks, so the following no-longer works.

open "https://selfsolve.apple.com/agreementWarrantyDynamic.do?sn=$(system_profiler SPHardwareDataType | awk '/Serial/ {print $4}')&locale=en_US&caller=sp"

/Users/Shared/adi

Thu, 07 Nov 2013 22:28:00 +0000

This is one for the search engines.

If you’re running Mac OS X ~v10.8 (or later), you’ve probably got a folder at the path /Users/Shared/adi. Like me, you might be wondering what it is. I did some googling and got nothing. I dug a little further and found (part of) the answer: It is used by the Mac App Store and the new iBooks app.

In case you’re interested, here are the steps I took to arrive at this answer:

Direct SMTP Nagios Notifications

Mon, 16 Sep 2013 22:13:18 +0000

If you want nagios email notifications but don’t want to run a local MTA (like postfix, exim, qmail, or sendmail), you’ll need a command-line SMTP client. Such a program can connect to an SMTP server, authenticate, and generate a message based on input arguments and file handles. One such program is sendEmail (note, not “sendmail”).

I found myself wanting to use sendEmail with nagios, and I found these helpful resources: