OSX

Using the Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and software

October 4, 2018 by Simon

This post aims to show you how you can use a Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and other software and services.

Background

Although I am a developer I do like security related topics and I try and do as much as I can to secure my systems and applications. Reading the Multi-Factor Authentication Wikipedia page has all the details on Multi-Factor authentication.

I have been a big fan of 1Password to generate strong and unique passwords for separate accounts for a while now. Read my guide on upgrading from a standalone 1Password licence to a 1Password subscription. I love generating unique and complex passwords with 1Password.

But what happens if someone gets access to my 1password vault? Yubico has a catalogue of support services that I can use Yubikeys with to have, 1password is one supported service 🙂

I want to add Yubico protections with these services.

macOS Logins (DONE)
macOS Screensavers (DONE)
1Password (DONE)
Dropbox (DONE)
Twitter (DONE)
Google (DONE)
Google GSuite (DONE, WAITING TO VERIFY)
Google GMail (DONE)
Google Analytics and AdSense (DONE)
Github (DONE)
Thunderbird Email (DONE)
Debian servers in the cloud (SSH) (DONE)
Ubuntu servers in the cloud (SSH) (DONE)
Securing WordPress (DONE)

Etc

Final Warning

Do not attempt to activate Two Factor Authentication on a system unless you…

A) Have backups of your data
B) Have backup methods of getting into your account(s)

Murphy’s Law: “Anything that can go wrong will go wrong”

You never know when a Two Factor Authentication Key may die or an Authenticator app or a Mac/PC may stop working so always have a backup method just in case.

General

General Yubico YubiKey Setup guides https://www.yubico.com/setup/

Buying a Yubico YubiKey

International visitors can buy a YubiKey from the official store here. Australian readers can buy a key locally here. I grabbed 2x YubiKey YubiKey Neo 4 (with NFC) for $50 USD (about $75 AUD) each.

This blog post will aim to show how you can set up a primary key and backup key for use on macOS and other apps to add hardware-based two-factor authentication to logins.

Authenticator Apps

You can use Google Authenticator, Yubico Authenticator or freeOTP from https://freeotp.github.io

Plugging the YubiKey into macOS Mojave

First I read this guide: https://www.yubico.com/works-with-yubikey/catalog/macos/

1) I plugged in my Yubico Neo key into my USB slot.
2) I closed the Keyboard setup window that appeared (I guess the YubiKey is a kind of a keyboard to allow inserting of challenge-response character streams into apps and websites).

3) I followed the basic troubleshooting page and confirmed that the key was being detected (yes it was.)

4) I followed this guide to test U2F functionality and this guide to test OTP functionality. Web pages and Google Chome can talk to the plugged-in YubiKey(s).

I was prompted to register a UTF deice (and create an account)

I was prompted to (insert) and touch my Yubico key.

Google Chome asked for some permissions first.

FYI: Chrome 67 is recommended to securely allow the reading of UbiKey’s from web pages. Only allow sites you trust access to your USB devices and use a modern browser.

Success, Chrome could now see my YubiKey and my device was now verified.

Technical data is available to let you know what is going on in the background. I am not going to break down how this works but Yubico has in-depth whitepapers and documentation if you are interested.

Nice

Configuring OSX

I logged into my Mac with the account that I was going to secure.

I performed a complete time machine backup before proceeding. If you lock yourself out you will need to restore OSX from a Time Machine backup.

I Read the “Using Yubico Pluggable Authentication Module (PAM) with Challenge-Response” login guide: https://www.yubico.com/wp-content/uploads/2016/07/yubico_YubiKeyMacLoginGuide_en.pdf

I downloaded the Download the YubiKey Manager

I downloaded the yubikey-manager from here so I could configure the keys to use “HMAC-SHA1 Challenge-Response”.

Oops, I downloaded the wrong tool, good to know this one exists though.

I will update what this tool does in future (update firmware?)

I Downloaded the Yubikey Personalization Tool

I went back to the Yubico download page and downloaded the Personalization tool.

Many options are available here.

It’s time to configure a primary and backup (duplicate YubiKey) for use with macOS etc.

Enable Challenge-Response

I opened the YubiKey Personalization Tool, Inserted my primary key, clicked the Settings tab, and in the Logging Settings group, selected Log configuration output and Yubico format.

I then clicked on the Challenge Response Tab, clicked the HMAC-SHA1 button, selected Configuration Slot 2, ticked “Program Multiple YubiKeys“, changed the “Parameter Generation Scheme = Same for all Keys“, Selected “Fixed 64 byte input” under “HMAC-SHA1 Parameters” and generated a new key (wrote it down).

Under “Configuration Protection” then I selected Enable Protection” I then visited here and generated a 6 digit string to convert to hex array (with spaces (e.g: “70 61 73 73 77 64”)).

Warning: If you set an access code and later forget it, you cannot make any programming changes to this YubiKey. You would need to buy another YubiKey.

I clicked on Write Configuration

If you chose Configuration Slot 1 you will receive a warning about not saving over Configuration Slot 1 due to Yubico VIP/Symantec, I personally do not trust Symantec or the https://vip.symantec.com/ service due to Symantec issuing non-compliant certificates for use on websites. Yubico allows you to swap configuration slots if want to keep the configuration data.

On the output of the first write, I was prompted to save a file. I saved this to “secretkey.csv” onto the Desktop.

When the write to my primary key was successful, I ejected it then inserted my backup key and wrote the same configuration data to it too (on Configuration Slot 2).

Testing the HMAX-SHA1 Challenge

I open the YubiKey Personalization Tool, then click the Tools tab and click Challenge Response. Choose Configuration Slot 2, I selected HMAC-SHA1. I typed a sample input challenge (e.g “hello world”) and clicked Perform.

I noticed the Yubico key touch panel was flashing. I pressed the button, then a response appeared below the input textbox. I copied this response text then insert your second key and perform the same test so I could compare the responses (they should be the same). They were.

If the responses don’t match rewrite the configuration to your primary and secondary keys and ensure the same key and secret was used for both keys.

FYI: I rewrote configuration a few times until I got it right.

Installing the Pluggable Authentication Module (PAM) on macOS

I re-read the Mac login guide here as I don’t want to lock myself out of my Mac.

I opened the Yubico Software Download page here and clicked Computer Login Tools and downloaded the PAM for Mac.

I installed the PAM package and verified the package installation with this command.

ls -al /usr/local/lib/security

Output:

Text Output:

> drwxr-xr-x 3 root wheel 96 9 Oct 10:29 .

> drwxrwxr-x 74 simon admin 2368 9 Oct 10:29 ..

> -rwxr-xr-x 1 root wheel 143172 20 Apr 21:13 pam_yubico.so

Backup macOS

Again I ensured my Mac was backed up with Time Machine.

I logged in to my Mac with the account I wanted to be protected with the Yubico YubiKeys.

I ran the following command in terminal

mkdir –m0700 –p ~/.yubico

I double checked that my Yubico key(s) were set up for challenge response (above).

I inserted my Uubico key and ran this command

ykpamcfg -2

Feel free to read the “ykpamcfg” manual here. The yubico-pam source code is located here.

Output:

The contents of “/Users/simon/.yubico/challenge-#######” looked like (I replaced 232 random chars with #’s below). The filename ended with my keys serial number.

v2:########################################################################################################################################################################################################################################:10000:2

Next, I was supposed to copy the challenge output from ykpamcfg to /var/root/.yubico/challenge-[YUBIKEY SERIAL NUMBER] with this command..

sudo cp /var/root/.yubico/challenge-[YUBIKEY SERIAL NUMBER] /Users/[USERNAME]/.yubico

But I had this error.

No such file or directory

Weird as the source file existed?? macOS issues?

I Opened /Users/[USERNAME]/.yubico/challenge-[YUBIKEY SERIAL NUMBER] in the nano editor (sudo elevated process) and saved the file to /var/root/.yubico/challenge-[YUBIKEY SERIAL NUMBER].

I reopened my terminal and verified the contents of /var/root/.yubico/challenge-[YUBIKEY SERIAL NUMBER]. The file is now there.

Permissions on the file is “-rw——-“. Good.

I inserted my second backuP key and re-ran “ykpamcfg -2” and copied the file to “/Users/simon/.yubico”

I verified the file contents

sudo cd /var/root/.yubico/
ls -al

Output

Text Output:

> drwxr-xr-x 4 root wheel 128 9 Oct 09:50 .
> drwxr-x— 12 root wheel 384 9 Oct 09:39 ..
> -rw-r–r– 1 root wheel 244 9 Oct 09:50 challenge-#######
> -rw-r–r– 1 root wheel 244 9 Oct 09:42 challenge-#######

Snip from: https://www.yubico.com/wp-content/uploads/2016/07/yubico_YubiKeyMacLoginGuide_en.pdf

“Program at least two YubiKeys when implementing a requirement for authentication with a YubiKey on your Mac. If you configure only one YubiKey and something happens to the YubiKey, you must restore the Mac from a Time Machine backup that you created before editing the authorization file before you can log back in to your account. ”

Reading the guide regarding multiple accounts (setting up a Key for each login). I have 5 logins on my Mac but when this works I will disable the other accounts from logging in.

Enable the use of the Yubico key when the screensaver is deactivated on macOS

I opened a terminal and edited “/etc/pam.d/screensaver ” (I use the easier nano editor)

sudo nano /etc/pam.d/screensaver

I added this line

auth       required       /usr/local/lib/security/pam_yubico.so mode=challenge-response

auth[7 spaces]required[7 spaces]/usr/local/lib/security/pam_yubico.so mode=challenge-response

I saved the file ( [CTRL+O], [CTRL+X] ) and exited nano.

I tested my screensaver and no extra protection was provided (the screensaver just exited).

I rebooted, still no change?

I reinstalled the PAM module.

Silly me, I needed to enable the password on the screensaver to then activate the /etc/pam.d/screensaver entries.

I enabled the screensaver passwords

I am now prompted to enter my password and inset and tap my Yubico Key on screensaver exit (on both keys). Awesome.

Next, I need to enable this at macOS login.

Enable the use of the Yubico key at macOS Login

I edited /etc/pam.d/authorization file with nano in the terminal

sudo nano /etc/pam.d/authorization

I added the same line as was added to the file /etc/pam.d/screensaver

auth       required       /usr/local/lib/security/pam_yubico.so mode=challenge-response

auth[7 spaces]required[7 spaces]/usr/local/lib/security/pam_yubico.so mode=challenge-response

I saved the file ( [CTRL+O], [CTRL+X] ) and exited nano.

Now let’s log out and test this.

It’s working.

Excellent

Add Two Factor Authentication to 1Password

Here is a guide on using the Yubico YubiKey with 1Password. This directed me to https://support.1password.com/yubikey/

I downloaded the Yubico Authenticator app on macOS and installed it.

After I inserted my primary Key I received a “No Credentials Found”message.

I logged into https://my.1password.com/signin and clicked My Profile.

I clicked More Actions then Turn On Two-Factor Authentication

I added the generated QR code details to the Android Authenticator and macOS Yubico Authenticator app. At first, I could not scan the QR code in macOS (was Mojave blocking this?), I manually entered the details (after confirming them from the Android app QR code scan).

Details:

Issuer: 1Password
Account Name: my.1password.com
Secret Key: ###################
Time: 30
Algorithm: SHA-1
Period: 30
Digits: 6

Now, 1Password web and the desktop app are asking for the 2-factor code (generated in the Yubico Authenticator app after I insert my YubioKey).

Nice

I logged off and I was not prompted for my Two Factor code?

Snip from: https://support.1password.com/two-factor-authentication/

“Your 1Password account is now protected by two-factor authentication. From now on, you’ll need to enter a six-digit authentication code from your authenticator app when you sign in to 1Password on a new device.”

I logged in to 1Password from Google Chrome on Android and indeed I was prompted for a two-factor auth code form the Yubico Authenticator app (with a KubiKey inserted).

Add Two Factor Authentication to Dropbox
I read https://www.yubico.com/works-with-yubikey/catalog/dropbox-personal/. Dropbox also has setup instructions here.

I logged into Dropbox and went to Settings then Security then clicked Add next to Security Keys

I started the Wizard, entered my Dropbox password, then inserted my YubiKey.

Name the Key

I added my Primary and Backup Key(s)

I logged out and back in and no Security Key prompt?

I am using Chrome and had cleared past browsers from the Dropbox list of web browsers at https://www.dropbox.com/account/security

I discovered that I need to set the primary authentication method to Use Mobile App (My Bad, it would be nice if Dropbox set this as default after I added the keys).

I added the Dropbox QR code to the Yuboico Authenticator app

I was asked to enter a 6 digit code from my Yubico Authenticator app to verify the working link. I inserted my YubiKey into my machine to show the code.

Now Dropbox is configured 🙂

Success

I now have to insert my primary key when logging into Dropbox

I need to find a way to copy my Authenticator credentials to my Backup Key from my Primary key

Add Two Factor Authentication to Twitter

I read https://www.yubico.com/works-with-yubikey/catalog/twitter/ (Setup Instructions)

1) Login to Twitter

2) Open your Settings and Look For Security

3) Click Start

4) Enter Your Password

5) Accept and enter any SMS codes if you set up SMS Two Factor codes via SMS

6) Click “Review your login verification methods”

7) Click “Setup Key”

8) Insert Your YubiKey and follow the prompts to activate it.

9) Now the key will be requoted to log in to Twitter

Testing Two Factor Login to Twitter

I logged out of and back into Twitter but the SMS Two Factor Authentication method was still active?

I tried to disable the SMS method in Twitter but two factor was disabled altogether and the registered key was deleted. I re-added my key 🙁

I solved this by choosing “Choose a different verification method” when logging in then choosing “Use your security key“, Twitter then accessed my YubiKey and further login attempts used the key instead of SMS 🙂 I could use an Authenticator code but they YubiKey touch method is quicker.

Done

It would be nice if Twitter allowed multiple keys to be used to log in?

Add Two Factor Authentication to Google, Google cloud, Gsuite etc

I read https://www.yubico.com/works-with-yubikey/catalog/google-accounts (Instructions https://myaccount.google.com/).

Adding two Factor authentication details to Google was not easily accessible at Google so I Googled (lol) this https://support.yubico.com/support/solutions/articles/15000006418-using-your-yubikey-with-google

I loaded: https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome

I clicked Get Start

I clicked Choose Another Option (not SMS Two factor)

Clicked Security Key

As prompted I inserted my key and allowed access to it.

I named the Key

I repeated the steps and added my 2nd key.

Done

I logged out my https://myaccount.google.com and logged back in and I was prompted to insert my YubiKey

Nice

I did try and login to my google GSuite account at https://admin.google.com but it did not prompt me to insert a key. I will do this next.

Add Two Factor Authentication to GSuite

I logged into the GSuite admin interface at https://admin.google.com/ I generated some backup codes in case I need them in the future.

I checked my main admin user account and I could see the 2 google security keys synced through from Google.

I then searched GSuite for “Two Factor” and loaded the “Enforcement” Page

I enabled “Turn On Enforcement Now”

I enabled “Only Security Keys”

I logged out and back into https://gsuite.google.com/ TWICE and no security key prompt.

Silly me: I forgot to click save at the bottom of the screen and it appears there is a 24-hour delay?

Add Two Factor Authentication to GMail

This is already done (above), GSuite email takes up to 24 hours to become active, GMail is instant.

Add Two Factor Authentication to Google Analytics

I can’t see an option to turn Two Factor Auth on in Google Analytics 🙂

I did send feedback to the Google Analytics team.

Add Two Factor Authentication to Google Adsense

I can’t see an option to turn Two Factor Auth on in Google Adsense either 🙂

I did send feedback to the Google AdSense team.

Add Two Factor Authentication to Github

I logged into Github, opened my Settings and clicked Security then Enable two-factor authentication

Click Setup using an app save the recovery codes.

Open the Yubico Authenticator app (ensure you can see the QR Code in GitHub)

In the Yubico Authenticator, App click File then Scan QR Code

The GitHub details should be added to the Authenticator

Two Factor via authenticator tokens is enabled and now I can see a Keys options,

I clicked Add next to security keys then Register New Device, I gave the key a name then clicked Add.

I added both keys then I Logged out and back in and two factor was enabled by YubiKey 🙂

Add Two Factor Authentication to Debian servers in the cloud (SSH)

Read Setup two-factor authenticator protection at login on Ubuntu or Debian

Add Two Factor Authentication to Ubuntu servers in the cloud (SSH)

Read Setup two-factor authenticator protection at login on Ubuntu or Debian

YubiKey Support

There are loads of Yubico support articles here: https://support.1password.com/yubikey/

Yubico Developer Info

A GitHub repository of source code is located here: https://github.com/Yubico

Other developer related pages here

Securing WordPress

Read this guide on Securing WordPress with 2FA (YubiKey insertion or Authenticator app).

I found a good WordPress plugin to handle 2FA logn methods.

I am prompted to insert my YubiKey after logging into WordPress.

Nice

Java Code to use the Yubico YubiKey in software (challenge mode)

todo: I will add this section soon.

Yubico has Java repository that contains a Java library with an accompanying demo server, as well as a JAAS module, to validate YubiKey OTP’s (One-Time Passwords).

https://developers.yubico.com/yubico-java-client/

PHP Code to use the Yubico YubiKey in software (challenge mode)

todo: I will add this section soon.

Yubico has PHP library ad source code but it has not been updated in 3 years. I cannot get this working on PHP 7.2.

https://github.com/Yubico/php-yubico

Using Yubico YubiKeys as 2fA with one-time Passwords.

The YubiKeys can be used to store and generate one time passwords.

Is OSX Mojave on a 2014 MacBook Pro slower or faster than High Sierra

October 1, 2018 by Simon

This is a quick post to see if OSX Mojave runs slower on a Mid 2014 Mac Book Pro than High Sierra

Aside

If you have not read my previous posts I have now moved my blog to the awesome UpCloud host (signup using this link to get $25 free UpCloud VM credit). I compared Digital Ocean, Vultr and UpCloud Disk IO here and UpCloud came out on top by a long way (read the blog post here). Here is my blog post on moving from Vultr to UpCloud.

Buy a domain name here

Now on with the post.

New Mac Operating System (Mojave)

I have always been hesitant before upgrading to a new Apple operating system (or performance-impacting patch).

My Mid-2012 Macbook will not be able to install the next 2019 operating system (as it is now considered too old).

MacBook Thermal Cooling

My MacBook is already running at the limit of the stock thermal cooler (read more here). I replaced the thermal paste on my Mid-2012 Mac Book to help lower thermal temps. I often run fans at 100% with TG Pro.

Stock MacBook thermal paste (needs replacing).

OSX Mojave

What’s new in OSX Mojave: https://help.apple.com/macOS/mojave/whats-new/

Dark Mode
Folder Stacks
Finder Enhancements
Quick Look Enhancements
New Screen gran
iOS to Mac camera.
New News App
Stocks App
Voice Memos
Home Control
Better Safari Privacy and Security
New Mac App Store
Take the tour

I currently have High Sierra Installed.

High Sierra – Black Magic Disk Speed Test 3.1 Speed Test Results

Write: 340.5 MB/s

Read: 348.1 MB/s

High Sierra – Novabench 4.01 Benchmark Scores

GPU: 0 (known issue)

RAM: 136

GPU: 243

DISK: 57

Downloading Mojave

Mojave is available for download in the App Store.

Instaling Mojave

A quick wizard and Mojave in ready to install.

Installation took about 2 hours to install over High Sierra.

Mojave Dark Mode

Dark mode is certainly very pretty, all stock apps on OSX are not optionally available in dark colour themes.

Mojave – Black Magic Disk Speed Test 3.1 Speed Test Results

Write: 348.5 MB/s (8MB/s faster than High Sierra)

Read: 348.1 MB/s (27.1MB/s faster than High Sierra)

Nice

FYI, The first 2 days of Mojave did seem a bit sower but this may because of background indexing.

My home MacBook has a 512GB Apple SSD hard drive. I recently upgraded to Mojave on a 2014 27 iMac that had a Hybrid SSD (128GB SSD + 1TB drive) and it runs really slowly.

High Sierra – Novabench 4.01 Benchmark Scores

GPU: 0 (known issue)

RAM: 136 (same as High Sierra)

GPU:251 (8 higher than High Sierra)

DISK: 57 (same as High Sierra)

Reboot Time in seconds (time taken to reboot and log back into an interactive desktop)

WOW: Reboot average times were 212 seconds in High Sierra but only 124 seconds in Mojave, that’s an 88-second improvement.

That totally made upgrading to Mojave worth it.

Screen Capture and save speed

Often I screenshot the desktop (or apps), Below is a time in seconds to capture the desktop and open the file in Photoshop on High Sierra and Mojave.

Mojave is a lot faster (even with a wait for the file to be saved to the desktop)

IntelliJ

Does Mojave make IntelliJ slower?

Note: Sorry, the scale in the chart zoomed in by default, I am not sure how to reset the scale on the left to starts at 0.

4-second improvement. Nice.

Time to opening Adobe CS Premiere Pro in Mojave v High Sierra

How does Adobe Premiere Pro handle Mojave?

Note: Sorry, the scale in the chart zoomed in by default, I am not sure how to reset the scale on the left to starts at 0.

2 seconds slower (I expect updated from Adobe soon)

More to come soon.

I hope this guide helps someone.

Please consider using my referral code and get $25 UpCloud VM credit if you need to create a server online.

https://www.upcloud.com/register/?promo=D84793

Ask a question or recommend an article

[contact-form-7 404 "Not Found"]

Revision History

v1.0 Initial Post

How I upgraded from a standalone 1Password 6.x licence to 1Password (7+) cloud subscription on OSX

May 27, 2018 by Simon

This is how I upgraded from my standalone 1Password 6.x family licence to a 1Password 7 cloud subscription on OSX. I am not reviewing 1Password here.

This is NOT a paid endorsement, this is output from my legitimate quest from upgrading an old stand-alone family licence to a cloud subscription. I have been using 1Password for the past 5 years and have recommended it to everyone I know.

Always backup your data before updating (things can go wrong), good luck. At the time of writing 1Password 7 was not out of beta.

Why

I have a number of guides on moving away from CPanel, Setting up VM’s on UpCloud, AWS, Vultr or Digital Ocean and let’s say 1Password has helped me store everything from service invoices, SSH password service passwords etc. I did have a stroke last year (caused by the flu (a cough) and luckily all is OK ) and I now realise that having everything out of my brain and in a secure vault is a good idea (touch wood).

Reasons why I use 1Password – Password Manager.

It is a good idea to use a password manager.
It has allowed me to have a different password on every site I use.
I managed to stop using my old “same” password on every site I used since the 1990’s.
I am paranoid (check out https://howsecureismypassword.net/, https://haveibeenpwned.com/ and google “sites hacked” or “passwords exposed”).
It’s a good idea.

1Password 7 News

1Password 7 has been hitting my twitter timeline, should I upgrade? Here is the official upgrade guide.

Security Researcher Troy Hunt’s – https://haveibeenpwned.com/ is now a feature in 1Password 7

@1Password just keeps getting better and better. Ping: @troyhunt pic.twitter.com/qTtE6XyoXb
— Grant Harrington (@harringg) May 22, 2018

I wrote a PHP implementation to check a password exposure level with Troy Hunt’s pwned passwords API and know it’s a good idea.

Also, there are loads of great features in 1Password 7.

Anything that can help create secure passwords is a good idea.

86% of Passwords are Terrible (and Other Statistics) https://t.co/pSqbb7IV0g by @troyhunt
— Particular Software (@ParticularSW) May 25, 2018

1Password Twitter Support Shoutout

Before I begin I would like to acknowledge the patient 1Password support team on twitter. They answered well over 20 questions from me and handled my frustrations of there not being a clear standalone family licence, I suspected a plot to force people onto a cloud subscription at first.

In an ideal world upgrading, 1Password should be an easy process (1Password Twitter Support indicated)

Load’s of 1 Password activity on Twitter

Phew! ? 1Password 7 for Mac has generated a lot of excitement! If you have any questions, be sure to check out our forums to see if they’ve been answered. Our team is always here. https://t.co/Xixe8e80yY
— 1Password (@1Password) May 23, 2018

Before I downloaded the latest 1Password 7 I fired heaps of questions at the twitter support. I hope 1Password give them a raise or bonus.

I did spend way too long reading past the negative 1Password support posts on “where is the standalone licence”, “beta discounts are gone”, “why so expensive” and “how can I upgrade from 1password 6 and still use dropbox” etc.

I ended up logging a support ticket (looking for the unicorn beta tester discount/stand-alone licence, I think I was too late to join the beta program).

I backed up my 1Password 6 data

Always take backups of your data before upgrading anything.

Open your existing 1Password 6

Click File, Export, All Items

Choose a File Name and press Save

Verify Data (open Finder)

I also backed up the 1Password file in Dropbox before upgrading. Simply drag it to your desktop.

I visited https://1password.com/extlink/signin/ and…

Signed in (create an account if you don’t have one), I had one from a previous support ticket I logged.
I chose “Individual” account type.
Specified my Email Address
Verified My Email

Then I..

Added my Name
Skipped the Credit card option (to activate the trial)
Generated a master key (this is combined with your password)
Created a new password for a new password vault
Logged in
Saved my Emergency Recover PWF (with details)

I did have a peek at the 1Password SSL certificate strength and other tools and they came up all good (I don’t want to use an insecure service).

You too can test SSL on sites with https://dev.ssllabs.com/ssltest/

The only concern I have is TLS 1.3 is not an option yet. I use it on my blog’s web server (guide here) also a few SSL labs identified weak cyphers are presented as available from the server (Is this an issue)?

I also had a look at Google Chrome’s developer console to see if anything out of the ordinary was popping up? The console appears a little chatty? TLS 1.2 was in force securing the client/server communications so that’s nice.

Now that I am logged into my cloud 1Password (trial) account I can…

Add/View/Edit/Delete items in my vault.
Download desktop/mobile apps.
Import data to vaults.
Turn on Two Factor authentication.
Create/Edit/Delete a password vault (or set as default).
Update billing details (if you wish to subscribe)
Contact Support

Now I can connect my new 1Password cloud account to my local 1Password 6 installation by.

Open 1 Password (on my Mac)
Open the Preferences and go to the Account tab
Click on Scan the account details
Move the scan window over a QR Code (Setup Code) in a logged in 1password.com screen (login detail like login server, master key and username are auto-entered).
Enter my vault password.

Now I am prompted to import my local 1Password data into the cloud account from my local 1Password.

When the import completed I was prompted to delete the local vault (I said yes because I backed it up).

Tip: 1Password 6 on my Mac did not appear to delete the Dropbox data so I deleted this manually.

After a few minutes, I noticed Dropbox was still syncing files?

Troubleshooting: I had to set my new cloud vault as the primary vault to save to and not the old vault that was syncing via Dropbox. I also deleted all links to Dropbox on iOS and Android devices.

I did notice that 1Password was 6.8.9 (I thought 1password 7 was the latest?, I did try the update button). I ended up ticking “Include beta builds” and then 1Password 7.0 is a download option (maybe this will change in the next few days)?

I opened 1Password 7 on my local desktop.

I had a quick look around in 1Password 7 for the https://haveibeenpwned.com/ feature. I opened an existing account I added to 1Password. It look’s nice.

Some nice alerts and features I noticed when viewing my data in 1 Password 7.

Aside: I had to opt into beta builds on Windows to get 1Password 7 too.

Summary

When I set out and wanted a stand-alone licence but it appears I would need to pay for a licence on Windows and Mac and portable devices.

I overlooked an earlier DM from 1Password (that provided the purchase links) so I decided to go with a subscription (I think I missed the BETA program too, no reply from the hockey app email when opting into beta on Windows).

Buy standalone licences

Buy Mac Licence ($39 in BETA or $64.99 RRP)
Buy Windows Licence ($39 in BETA or $64.99 RRP)

From what I could see standalone licences only work via Dropbox (or locally) and not via the 1Password cloud.

However, the subscription does away with the requirement to buy multiple licences (all apps are free once you subscribe). I am not sure when 1Password 8 is coming out so I think it is wiser to go with a yearly subscription (that’s about 10.8c a day in Australian peso’s).

Time to Subscribe

I pulled the trigger and subscribed 🙂

One nice thing is the trial time is added on to the subscription length so if you have 30 days left in the trial it add’s on to the yearly subscription length (13 months), that’s nice.

Update: June 2019

1Password now allow you to setup 2FA (authenticator app or YuiKey leys (or both)) authentication on your 1Password login. Read the official post here.

Goto https://my.1password.com/profile/2fa to setup 2FA.

You can setup 2FA (authapp and or hardware keys)

You will be notified by email if a 2FA method is setup.

You will need to sign out and back into your apps web, Desktop and Mobile).

Web Signin

You will need to insert and press your hardware key.

And enter your 2FA code

Mobile app login

I used my YubiCo Authenticator app to get the temporary OTP.

You can remove previous logged in devices from accessing your data or force them to require 2FA at next login

Nice

Conclusion

Happy = Yes (they are shooting fish in a barrel)

Could have been easier to upgrade from 1 password = Yes

I hope this guide helps someone.

Find out more about 1Password at http://1password.com/

Ask a question or recommend an article

[contact-form-7 404 "Not Found"]

Revision History

v1.4 Added 2fA Info

v1.3 Fixed typo in the title/url.

v1.2 Added Links

v1.1 Added Conclusion

v1.0 Initial post

Open a Windows 10 Boot Camp Installation on OSX in Parallels (like a VM)

April 29, 2018 by Simon

This guide will show you how you can open a Windows 10 Boot Camp Installation on OSX in Parallels (like a VM).

Installing Parallels on a Mac allows you to install Windows in A VM, this is handy but you may want to install Windows on a Mac drive with Boot camp (guide here) for better performance.

Can you load this VM-less Windows install in OSX rather than reboot it, the answer is YES (with Parallels v13).

Setup your Windows Bootcamps (see my guide here).

Create a new VM image in Parallels (Select Boot Camp)

Click Continue

Confirm the reaction warning.

Name the VM and choose a location

Set desired memory etc.

Choose your desired clipboard and disk access settings.

Done, now Parallels will prepare your VM (Really Boot Camp)

Preparing

Parallel tools will be automatically installed.

Done, you will now be able to load your Apple Bootcamp partition as it is was a VM inside OSX (or boot it)

yes, the VM file is pointing to the Boot Camp partition.

I hope this guide helps someone.

Ask a question or recommend an article

[contact-form-7 404 "Not Found"]

Revision History

v1.0 Initial post

How to install Windows 10 Pro alongside an OSX partition with Apple Boot Camp

April 20, 2018 by Simon

This guide will show you how to install Windows 10 Pro alongside an OSX partition with Apple Boot Camp.

I have a number of guides on moving away from CPanel, Setting up VM’s on UpCloud, AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. I use OSX to develop and occasionally need to use Windows to achieve some development tasks, this is how you can install Windows on an Apple PC.

Apple Boot Camp

Apple Bootcamp software can be found here: https://support.apple.com/en-au/HT201468

Bootcamp Steps.

You can download a Windows 10 ISO here: https://www.microsoft.com/en-au/software-download/windows10

You will need to plug in a 16GB or larger USB key to use as an install medium.

Download Boot Camp

Download AppBoot Camp here: https://support.apple.com/en-au/boot-camp

Start Apple Boot Camp, click Continue, Tick all options, select the Windows 10 ISO file (beware Bootcamp will select the first ISO file it finds, ensure your USB is selected, Click Continue (tip: You may need to er format and prepare the USB key 10 times, Apple Bootcamp is not the most reliable program), It may take 6 hours to copy files pre Window Setup).

Choose your Windows partition size (at least 200GB is ideas)

When the Bootcamp Wizard is complete you can reboot into Windows (automatic at the end of the wizard)

Enter the desired details in each step (e.g Local, Windows Key, Windows Version, Partition and Country etc)

Loads more steps like Keyboard Layout, Domain, Microsoft Account, Password and Cortana and Privacy etc.

Windows is now installed, Apple Bootcamp will set up appropriate drivers for your Mac,

While this is happening I will install Google Chrome Canary.

Bootcamp has now finished setting up drivers.

Windows 10 Start menu (I prefer OSX’s simplicity)

You can set up your prefered Startup disk in the Apple System Preferences or press the Option key on startup and choose a partition to boot.

Update: Open a Windows 10 Boot Camp Installation on OSX in Parallels (like a VM)

Read this guide will show you how you can open a Windows 10 Boot Camp Installation on OSX in Parallels (like a VM).

I hope this guide helps someone.

Ask a question or recommend an article

[contact-form-7 404 "Not Found"]

Revision History

v1.1 Added Open Bootcams as VM

v1.0 Initial post

Using Cloudflare DNS servers to speed up the internet and add privacy on OSX

April 2, 2018 by Simon

Below is how I setup my OSX to use Cloudflare’s new DNS servers to speed up internet browsing and add privacy on OSX

Cloudflare has launched a DNS service: https://blog.cloudflare.com/announcing-1111/

DNS Performance

You can view worldwide DNS performance by viewing https://www.dnsperf.com/#!dns-providers

I check the DNS at my router, I am using ISP provided DNS servers.

Cloudflare DNS

On April Fools 2018 Cloudflare Released a DNS server service.

Snip from here: “DNS: Internet’s Directory Nearly everything on the Internet starts with a DNS request. DNS is the Internet’s directory. Click on a link, open an app, send an email and the first thing your device does is ask the directory: Where can I find this? Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it target you with ads.”

https://1.1.1.1/

Set Cloudflare Nameservers using OSX

Open the Apple System Preferences, click Network, click on your Network (Wifi or ethernet), Click Advanced then DNS and add 1.1.1.1 and 1.0.0.1

Alternatively, you can manually set your DNS servers in OSX by editing the /etc/resolv.conf, by default SX will inherit DNS settings from our router.

cat /etc/resolv.conf
#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
domain home
nameserver 1.1.1.1
nameserver 1.0.0.1

Troubleshooting: Clear DNS Cache

sudo killall -HUP mDNSResponder

Debug DNS Data

scutil --dns
DNS configuration

resolver #1
  search domain[0] : home
  nameserver[0] : 1.1.1.1
  nameserver[1] : 1.0.0.1
  flags    : Request A records
  reach    : 0x00000002 (Reachable)

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300000

resolver #3
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300200

resolver #4
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300400

resolver #5
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300600

resolver #6
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300800

resolver #7
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 301000

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : home
  nameserver[0] : 1.1.1.1
  nameserver[1] : 1.0.0.1
  if_index : 7 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)

Confirm Cloudflare DNS from the OSX Comand line

nslookup www.fearby.com
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	www.fearby.com
Address: 104.27.154.69
Name:	www.fearby.com
Address: 104.27.155.69

Privacy

I am not sure if Cloudflare is any more private than using ISP DNS but I’ll happily use it.

Several people have asked me about Cloudflare’s new 1.1.1.1 privacy DNS service. To be clear: it DOES NOT stop your ISPs from collecting your browsing history. ISPs can still see the sites you’re connecting to — even if the site is over HTTPS. You will still send a hostname.
— Zack Whittaker (@zackwhittaker) April 2, 2018

Speed

I can’t tell if DNS is faster, I did ping my ISP DNS before switching and it was about the same (sub 25ms), time will tell.

Conclusion

I have used https://www.opendns.com/ before and loved the dashboards, I hope Cloudflare add dashboard options too.

I hope this guide helps someone.

Ask a question or recommend an article

[contact-form-7 404 "Not Found"]

Revision History

v1.0 Initial post

Backing up OSX or an Ubuntu server with Backblaze B2 Cloud Storage from the Command Line

March 14, 2018 by Simon

This computer will show you can back up computer or server with Backblaze B2 Cloud Storage from the Command Line n OSX and Ubuntu.

This post is still being written. I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Also, I have blogged about how you can add block storage to a Vultr server, backup and restore snapshots , syncing files with rsync along with using GitHub and Bitbucket but what do you do if you need to backup large amounts of data?

Backblaze has a Cloud storage solution that costs as low as $0.005c a GB (a month), The first 10G is free. Backblaze say “From bytes to petabytes Backblaze B2 is the lowest cost high-performance cloud storage in the world. ”

Back Blaze have open sourced internal drive enclosure designs and drive failure stats and it’s time I gave them a try.

Goto https://www.backblaze.com

Create or sign in.

After you login got the dashboard.

Click Backblaze B2 Cloud Storage

Create a Bucket

Name the bucket (long names with a GUID are good).

You can rename the bucket here and change public/private and or upload/download files manually.

The first thing I did was limit the versions of files under the lifecycle settings for the bucket.

Now I created a series of subfolders to store files from different servers (I could have used many buckets but one bucket will do).

I can upload files via the Backblaze bucket GUI if I needed to.

Back Blaze has a command line tool for uploading: https://www.backblaze.com/b2/docs/quick_command_line.html

Install Steps

Backblaze state “The B2 command-line tool is available from the Python Package Index (PyPI) using the standard pip installation tool. Your first step is to make sure that you have either Python 2 (2.6 or later) or Python 3 (3.2 or later) installed.”

I have Python 2.7 installed

python --version
Python 2.7.10

Install PIP

sudo easy_install pip
Password:
Searching for pip
Best match: pip 1.5.6
Processing pip-1.5.6-py2.7.egg
pip 1.5.6 is already the active version in easy-install.pth
Installing pip script to /usr/local/bin
Installing pip2.7 script to /usr/local/bin
Installing pip2 script to /usr/local/bin

Using /Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg
Processing dependencies for pip
Finished processing dependencies for pip

I ran into issues updating b2 CLI

sudo pip install --upgrade b2
Requirement already up-to-date: b2 in /Library/Python/2.7/site-packages
Requirement already up-to-date: arrow>=0.8.0 in /Library/Python/2.7/site-packages (from b2)
Requirement already up-to-date: logfury>=0.1.2 in /Library/Python/2.7/site-packages (from b2)
Requirement already up-to-date: requests>=2.9.1 in /Library/Python/2.7/site-packages (from b2)
Requirement already up-to-date: six>=1.10 in /Library/Python/2.7/site-packages (from b2)
Requirement already up-to-date: tqdm>=4.5.0 in /Library/Python/2.7/site-packages (from b2)
Requirement already up-to-date: futures>=3.0.5 in /Library/Python/2.7/site-packages (from b2)
Downloading/unpacking python-dateutil from https://pypi.python.org/packages/bc/c5/3449988d33baca4e9619f49a14e28026399b0a8c32817e28b503923a04ab/python_dateutil-2.7.0-py2.py3-none-any.whl#md5=5a86a548fe776cc079bf4a835473e3f8 (from arrow>=0.8.0->b2)
  Downloading python_dateutil-2.7.0-py2.py3-none-any.whl (207kB): 207kB downloaded
Installing collected packages: python-dateutil
  Found existing installation: python-dateutil 1.5
    Uninstalling python-dateutil:
Cleaning up...
Exception:
Traceback (most recent call last):
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/basecommand.py", line 122, in main
    status = self.run(options, args)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/commands/install.py", line 283, in run
    requirement_set.install(install_options, global_options, root=options.root_path)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1431, in install
    requirement.uninstall(auto_confirm=True)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 598, in uninstall
    paths_to_remove.remove(auto_confirm)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1836, in remove
    renames(path, new_path)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/util.py", line 295, in renames
    shutil.move(old, new)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 299, in move
    copytree(src, real_dst, symlinks=True)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 208, in copytree
    raise Error, errors
Error: [('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/zoneinfo-2010g.tar.gz', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/zoneinfo-2010g.tar.gz', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/zoneinfo-2010g.tar.gz'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil'")]

Storing debug log for failure in /Users/simon/Library/Logs/pip.log

I tried installing via the alternative method (with no luck)

git clone https://github.com/Backblaze/B2_Command_Line_Tool.git
Cloning into 'B2_Command_Line_Tool'...
remote: Counting objects: 5084, done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 5084 (delta 1), reused 1 (delta 0), pack-reused 5076
Receiving objects: 100% (5084/5084), 1.25 MiB | 689.00 KiB/s, done.
Resolving deltas: 100% (3622/3622), done.

cd B2_Command_Line_Tool/

I tried running the setup script (with no luck)

sudo python setup.py install
setuptools 20.2 or later is required. To fix, try running: pip install "setuptools>=20.2"

Upgrading setup tools also failed

sudo pip install "setuptools>=20.2"
Downloading/unpacking setuptools>=20.2
  Downloading setuptools-38.5.2-py2.py3-none-any.whl (490kB): 490kB downloaded
Installing collected packages: setuptools
  Found existing installation: setuptools 18.5
    Uninstalling setuptools:
Cleaning up...
Exception:
Traceback (most recent call last):
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/basecommand.py", line 122, in main
    status = self.run(options, args)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/commands/install.py", line 283, in run
    requirement_set.install(install_options, global_options, root=options.root_path)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1431, in install
    requirement.uninstall(auto_confirm=True)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 598, in uninstall
    paths_to_remove.remove(auto_confirm)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1836, in remove
    renames(path, new_path)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/util.py", line 295, in renames
    shutil.move(old, new)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 299, in move
    copytree(src, real_dst, symlinks=True)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 208, in copytree
    raise Error, errors
Error: [('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.pyc', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.py', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.py', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.py', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.py', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.pyc', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib'")]

Storing debug log for failure in /Users/simon/Library/Logs/pip.log

Backing up a Mac via command line with B2

More to come when I can get B2 CLI Installed.

Backing up an Ubuntu machine via command line with B2

More to come when I can get B2 CLI Installed.

Update

My ticket with Backblaze was automatically closed with this note “If the issue is persisting, it may be easiest to map the installation to the user folder, rather than the system level.”

No ideas how but something to research.

Ask a question or the recommend an article

[contact-form-7 404 "Not Found"]

Revision History

V1.1 ticket closed

v1.0 Initial post

OSX speed tested before applying Spectre and Meltdown patches in 10.13.2

January 16, 2018 by Simon

Below is a quick post of how OSX speed fairs before and after application of the OSX 10.13.2 update (that fixed Spectre and Meltdown CPU issues).

I read of up to 30% speed drops with Redis after Spectre and Meltdown patches and was curious how OSX faired.

Here’s what happened last night to one of our busier redis servers before and after patching for meltdown. Using the same 200k/12 minute axes on both: down from ~145k ops/sec to ~95ks ops/sec, or about 35% slower. pic.twitter.com/H6sM0C5i1V
— Nick Craver (@Nick_Craver) January 12, 2018

News

Apple Confirms ‘Meltdown’ and ‘Spectre’ Vulnerabilities Impact All Macs and iOS Devices, Some Fixes Already Released [Updated]

MacOS High Sierra 10.13.2 Update Released with Bug Fixes

Patches

macOS High Sierra 10.13.2 Combo Update + Supplement Update

Benchmarks (before applying patches)

Here are Cinebench R15 benchmarks on OSX 10.13.1 before upgrading to 10.13.2 on a 2-year-old core i5 based iMac.

High Sierra 10.13.1, Cinebench R15 and TG Pro running in the background.

CPU: 490 cb points.

Now time to test the GPU in Cinebench…

GPU: 79.33 fps.

Now time to run a Geekbench CPU benchmark.

Here is a breakdown of the scores (2 mins after a fresh reboot and the best of three runs).

Geekbench Single-Core Score: 4433

Geekbench Multi-Core Score: 13,005

Here is a breakdown of advanced GeekBench tests…

I tried to update to 10.3.2 via the software updates but my network was having troubles (human error, my firewall was too aggressive)

I downloaded the manual 10.13.2 update from Apple (not realising my firewall was blocking the app updates (I blocked app updated as soon as spectre news hit so I could write this post)).

I downloaded and opened the 2.8GB 10.13.2 update.

PKG was extracted from the DMG.

10.13.2 Installation Wizard.

I solved my networking issues (disable my firewall) and was able to verify the installation of the 10.13.2 patch and download further 10.13.2 supplemental updates.

I verified all 10.13.2 updates were downloaded and installed and rebooted three times.

2 Minutes after a reboot I ran the same Cinebench R15 CPU benchmark.

CPU: 484 cb

Cinebench R15 CPU dropped about 6 points (about a 1.22448979591837% drop, not massive)

Geek bench Single CPU scores fell from 4433 to 4194 (about 5.436498984886081% slower, not as bad as I expected).

Geek Bench Multi CPU scores fell from 13,005 to 12,868 (about 1.053440984236832% slower, not as bad as I expected).

Versions of Software

Cinebench R15

Geek Bench

Results

Cinebench CPU

Graphs are unfortunately zoomed in (I could not find out how to tell Excel to zoom out). I will update when I find out how to zoom out results.

Green/Left = OSX 10.3.1.

Blue/Right = OSX 10.3.2 (post Spectre/Meltdown Patch).

Cinebench GPU

Green/Left = OSX 10.3.1.

Blue/Right = OSX 10.3.2 (post Spectre/Meltdown Patch).

Geekbench Single CPU

Green/Left = OSX 10.3.1.

Blue/Right = OSX 10.3.2 (post Spectre/Meltdown Patch).

Geekbench Multi CPU

Green/Left = OSX 10.3.1.

Blue/Right = OSX 10.3.2 (pst Spectre/Meltdown Patch.

Geekbench Other

Green= OSX 10.3.1.

Blue = OSX 10.3.2 (post Spectre/Meltdown Patch).

Note: Most results were slightly slower but some were faster post patch.

Conclusion

It looks like performance falls 1-5% on a 2 year old system, not as bad as I was expecting.

Donate and make this blog better

Ask a question or recommend an article

[contact-form-7 404 "Not Found"]

Revision History
v1.0 Initial Draft

Hope this helps someone.

Adding HTTPS to Apache on OSX High Sierra

December 18, 2017 by Simon

This guide will help you create and install a self-signed SSL certificate in Apache on OSX (High Sierra) to aid local SSL/HTTPS development.

UPDATE: Nov 21st 2018 – This works on OSX Mojave too.

I usually force HTTPS traffic on everything I develop (see code below in PHP). This PHP code will direct all HTTP requests to HTTPS.

if ($_SERVER['SERVER_NAME'] == "www.yourserver.com") {
	  if (! isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == 'off' ) {
	          $redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
	          header("Location: $redirect_url");
	          exit();
	  }
}

Also, you can deny non-https traffic in NGINX with online servers by editing your/etc/nginx/sites-available/default file

sudo nano /etc/nginx/sites-available/default

Add this to your Nginx sites available file (above) to force SSL at the web server.

if ($scheme != "https") {
     return 301 https://$host$request_uri;
}

You can also deny port 80 connections in your firewall and NGINX if you don’t trust the directive(s) above.

Apache Configuration (sor https)

Edit httpd.conf

sudo nano /private/etc/apache2/httpd.conf

Uncomment lines with these text strings in httpd.conf

"socache_shmcb_module" (

or “LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so”

)
"ssl_module" (

or “LoadModule ssl_module libexec/apache2/mod_ssl.so”

I had to find my and “httpd.conf” file

sudo find / -name "httpd.conf"
/private/etc/apache2/httpd.conf

Find your “httpd-ssl.conf” file

sudo find / -name "httpd-ssl.conf"
/private/etc/apache2/original/extra/httpd-ssl.conf

Copy the config file (just in case a future update overwrites it).

sudo cp /private/etc/apache2/original/extra/httpd-ssl.conf /private/etc/apache2/original/extra/httpd-ssl-localhost.conf

Now go back and edit the “httpd.conf” file

sudo nano /private/etc/apache2/httpd.conf

Add the following line (to the end of the file, on a new line) so the new SSL config file loads.

Include /private/etc/apache2/original/extra/httpd-ssl-localhost.conf

You can have a look at the file “httpd-ssl-localhost.conf”. Take note of paths in the VirtualHost node.

# General setup for the virtual host
DocumentRoot "/Library/WebServer/Documents"
ServerName www.example.com:443
ServerAdmin [email protected]
ErrorLog "/private/var/log/apache2/error_log"
TransferLog "/private/var/log/apache2/access_log"

# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. Keep in mind that if you have both an RSA and a DSA certificate
# you can configure both in parallel (to also allow the use of DS ciphers, etc.) Some ECC cipher suites (
# http://www.ietf.org/rfc/rfc4492.txt) require an ECC certificate which can also be configured in parallel.

SSLCertificateFile "/private/etc/apache2/server.crt"

#SSLCertificateFile "/private/etc/apache2/server-dsa.crt"
#SSLCertificateFile "/private/etc/apache2/server-ecc.crt"

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
# ECC keys, when in use, can also be configured in parallel

SSLCertificateKeyFile "/private/etc/apache2/server.key"

#SSLCertificateKeyFile "/private/etc/apache2/server-dsa.key"
#SSLCertificateKeyFile "/private/etc/apache2/server-ecc.key"

# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convenience.
#SSLCertificateChainFile "/private/etc/apache2/server-ca.crt"

# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath "/private/etc/apache2/ssl.crt"
#SSLCACertificateFile "/private/etc/apache2/ssl.crt/ca-bundle.crt"

# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded).
# The CRL checking mode needs to be configured explicitly
# through SSLCARevocationCheck (defaults to "none" otherwise).
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.

#SSLCARevocationPath "/private/etc/apache2/ssl.crl"
#SSLCARevocationFile "/private/etc/apache2/ssl.crl/ca-bundle.crl"
#SSLCARevocationCheck chain

# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.

#SSLVerifyClient require
#SSLVerifyDepth 10

# TLS-SRP mutual authentication:
# Enable TLS-SRP and set the path to the OpenSSL SRP verifier
# file (containing login information for SRP user accounts).
# Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for
# detailed instructions on creating this file. Example:
# "openssl srp -srpvfile /private/etc/apache2/passwd.srpv -add username"

#SSLSRPVerifierFile "/private/etc/apache2/passwd.srpv"

# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />

Generating a Key and Certificate

Generate a Key (I prefer filenames start with “localhost” so future updates to not overwrite it).

sudo cd /private/etc/apache2/ 
sudo openssl genrsa -out localhost.key 2048
sudo openssl req -new -x509 -key ./localhost.key -out ./localhost.crt -days 3650 -subj /CN=localhost

Check that file files ” localhost.crt” and ” localhost.key” were outputted to “/private/etc/apache2/”

pwd
/private/etc/apache2
192-168-1-200:apache2 simon$ ls -al
total 208
drwxr-xr-x   13 root  wheel    416 18 Dec 00:33 .
drwxr-xr-x  128 root  wheel   4096 16 Dec 19:41 ..
...
-rw-r--r--    1 root  wheel   1318 18 Dec 00:33 localhost.crt
-rw-r--r--    1 root  wheel   1708 18 Dec 00:33 localhost.key
...

Open “/private/etc/apache2/original/extra/httpd-ssl-localhost.conf” and replace the following text.

sudo nnao /private/etc/apache2/original/extra/httpd-ssl-localhost.conf

Replace the following text:

“server.crt” with “localhost.crt”
“server.key” with “localhost.key”

Changes shoud have been made to the following values in “<VirtualHost _default_:443>”

SSLCertificateFile “/private/etc/apache2/localhost.crt”
SSLCertificateKeyFile “/private/etc/apache2/localhost.key”

Check your apache conf

sudo apachectl configtest

I had the following error

AH00526: Syntax error on line 1 of /private/etc/apache2/original/extra/httpd-ssl-localhost.conf:
Invalid command '\xe2\x88\x91#', perhaps misspelled or defined by a module not included in the server configuration

I removed the invalid first line (I must have inserted something while searching using nano (I must have presses Option+W instead of Control+W to find in Nano)).

I ran the Apache config check again and received the following error.

sudo apachectl configtest
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using REMOVED ISP Static IP. Set the 'ServerName' directive globally to suppress this message
Syntax OK

I added my domain but with a 2 on the end for later use via local DNS.

<VirtualHost _default_:443>
...
ServerName https://www.mydomainname2.com:443
...

TIP: This will not by default allow you to load this address locally without, not without DNS changes (to be added soon).

Restart Apache (you may still receive a warning about the ServerName (I Ignored it)).

Restart Apache

sudo apachectl -k restart
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using REMOVED ISP Static IP. Set the 'ServerName' directive globally to suppress this message

Loading Your Site

You can now load the website localhost in your browser (it will show as insecure).

Click “Proceed to localhost (unsafe)”

The reason for no trust is the self-signed cert is not trusted by OSX or browsers.

OSX Certificate Trust (Key Chain Access)

Let’s tell OSX we trust this certificate (by adding it to the keychain)

sudo cd  /private/etc/apache2/
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /private/etc/apache2/localhost.crt

Restart Apache

sudo apachectl -k restart

TIP: Check your certificate date in your browser, and clear your cache if older certificates are loading from cache.

Results

Great, Safari uses the SSL cert (and obeys Keychain’s Trust)

Google Chrome reports the Cert has issues (even though it is trusted locally). I will investigate and update this post soon.

I suspect that Chrome will need to trust this cert fully to allow AJAX and API calls to be made.It’ss weird that Google Chrome has detected it is trusted by all users but does not trust it.

This is my next link to research a solution.

More

Read Useful OSX Terminal Commands or Useful OSX Linux Commands and Securing an Ubuntu VM with a free LetsEncrypt SSL certificate in 1 Minute first.

Hope this helps someone.

Donate and make this blog better

Ask a question or recommend an article

[contact-form-7 404 "Not Found"]

Revision History

v1.4 Nov 208 – Works on Mojave

v1.3 Small Edits, Added link to investigate Chrome issue (Current Version)

v1.2 Added More Explanations

v1.1 Reworded

v1.0 Initial Version

Useful OSX Terminal Commands

December 11, 2017 by Simon

Following on my from Useful Linux Terminal Commands here is my Useful OSX Terminal Commands. This guide is handy for setting up a development OSX installation (e.g Apache, PHP, MySQL etc). I will update this post when I find new commands.

First, read my Useful Linux Terminal Commands post.

Normally I set up Ubuntu servers in the cloud on Vultr (read my guide here) or Ubuntu Servers on Digital Ocean (read my guide here) but this is how I can quickly set up a development environment locally on OSX.

Useful OSX Commands

Prevent your Mac from falling asleep

caffeinate

Prevent your Mac from falling asleep (for 1 minute)

caffeinate -t 60

Check Path

$PATH
/Library/Frameworks/Python.framework/Versions/3.4/bin:/opt/local/bin:/opt/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/X11/bin:/Library/Frameworks/Mono.framework/Versions/Current/Commands

Compare files

opendiff index1.html index2.html

Show hidden files in Finder

defaults write com.apple.finder AppleShowAllFiles -bool TRUE

Find file on OSX

sudo find / -name "httpd-ssl.conf"

Find all listening ports

sudo lsof  | grep LISTEN
Password:
launchd      1               root   34u     IPv6 0xcd261b413removed        0t0        TCP *:afpovertcp (LISTEN)
launchd      1               root   35u     IPv4 0xcd261b413removed        0t0        TCP *:afpovertcp (LISTEN)
launchd      1               root   37u     IPv6 0xcd261b413removed        0t0        TCP *:afpovertcp (LISTEN)
launchd      1               root   38u     IPv4 0xcd261b413removed        0t0        TCP *:afpovertcp (LISTEN)
prl_pm_se  116               root   14u     IPv4 0xcd261b413removed        0t0        TCP *:55656 (LISTEN)
kdc        124               root    5u     IPv6 0xcd261b413removed        0t0        TCP *:kerberos (LISTEN)
kdc        124               root    7u     IPv4 0xcd261b413removed        0t0        TCP *:kerberos (LISTEN)
mysqld     127             _mysql   28u     IPv6 0xcd261b413removed        0t0        TCP *:mysql (LISTEN)
Dropbox    434              simon  127u     IPv6 0xcd261b413removed        0t0        TCP *:17500 (LISTEN)
Dropbox    434              simon  128u     IPv4 0xcd261b414removed        0t0        TCP *:17500 (LISTEN)
Dropbox    434              simon  150u     IPv4 0xcd261b414removed        0t0        TCP localhost:17600 (LISTEN)
Dropbox    434              simon  154u     IPv4 0xcd261b414removed        0t0        TCP localhost:17603 (LISTEN)
2BUA8C4S2  520              simon   12u     IPv4 0xcd261b414removed        0t0        TCP localhost:6258 (LISTEN)
2BUA8C4S2  520              simon   13u     IPv6 0xcd261b413removed        0t0        TCP localhost:6258 (LISTEN)
2BUA8C4S2  520              simon   14u     IPv4 0xcd261b414removed        0t0        TCP localhost:6263 (LISTEN)
2BUA8C4S2  520              simon   15u     IPv6 0xcd261b413removed        0t0        TCP localhost:6263 (LISTEN)
Adobe\x20  590              simon    9u     IPv4 0xcd261b414removed        0t0        TCP localhost:15292 (LISTEN)
node       640              simon   14u     IPv4 0xcd261b414removed        0t0        TCP localhost:49249 (LISTEN)
prl_clien 3428              simon   47u     IPv4 0xcd261b413removed        0t0        TCP localhost:51476 (LISTEN)
cupsd     3656               root    5u     IPv6 0xcd261b413removed        0t0        TCP localhost:ipp (LISTEN)
cupsd     3656               root    6u     IPv4 0xcd261b414removed        0t0        TCP localhost:ipp (LISTEN)
plugin_ho 5331              simon   26u     IPv4 0xcd261b415removed        0t0        TCP localhost:52698 (LISTEN)
iTunes    5478              simon   17u     IPv4 0xcd261b415removed        0t0        TCP *:daap (LISTEN)
iTunes    5478              simon   32u     IPv6 0xcd261b413removed        0t0        TCP *:daap (LISTEN)

Find process listening on port 80

sudo lsof -n -i4TCP:80 | grep LISTEN
Password:
httpd     8748 root    4u  IPv6 0xcd261b416removed      0t0  TCP *:http (LISTEN)
httpd     8752 _www    4u  IPv6 0xcd261b416removed      0t0  TCP *:http (LISTEN)
httpd     8763 _www    4u  IPv6 0xcd261b416removed      0t0  TCP *:http (LISTEN)
httpd     8869 _www    4u  IPv6 0xcd261b416removed      0t0  TCP *:http (LISTEN)

Find a Process

which httpd
/usr/sbin/httpd

Find A File (e.g httpd.conf)

sudo find / | grep 'httpd.conf'
/private/etc/apache2/httpd.conf~previous
/private/etc/apache2/httpd.conf
/private/etc/apache2/original/httpd.conf
/private/etc/apache2/httpd.conf.pre-update
...

Note: OSX Apache Index file location is…

/Library/WebServer/Documents/index.html.en~orig

To edit the default HTML file

sudo nano /Library/WebServer/Documents/index.html.en~orig

Built-In Apache

Disable built-in OSX apache daemon

sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist

Restart built-in Apache daemon

sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist

View other startup daemons

sudo ls -al /System/Library/LaunchDaemons/

View All Startup Daemons

sudo launchctl list
Password:
Sorry, try again.
Password:
PID	Status	Label
-	0	com.apple.storedownloadd.daemon
7245	-44	com.apple.CoreAuthentication.daemon
189	0	com.apple.coreservicesd
-	0	com.apple.touchbarserver
-	0	com.apple.avbdeviced
289	0	com.apple.cvmsServ
-	0	com.apple.FontWorker
-	-44	com.apple.applessdstatistics
-	0	com.apple.hdiejectd
-	0	com.apple.corestorage.corestoraged
-	0	com.apple.storagekitd
-	0	com.apple.EmbeddedOSInstallService
-	0	com.apple.wifid
-	0	com.apple.storereceiptinstaller
-	0	com.macpaw.CleanMyMac3.Agent
-	0	com.apple.seld
-	0	com.apple.emond
-	-44	com.apple.iconservices.iconservicesagent
-	0	com.apple.logkextloadsd
-	0	com.apple.bluetoothReporter
68	0	com.apple.syslogd
-	0	com.apple.symptomsd-diag
258	0	com.apple.WindowServer
-	0	com.apple.NetworkSharing
-	0	com.apple.afpfs_checkafp
-	0	com.parallels.mobile.kextloader.launchdaemon
-	0	com.apple.AppleFileServer
117	0	com.apple.securityd
8529	0	com.apple.auditd
...

Force network drives to automatically connect after each login (instead of manually connecting)

Go to System Preferences > Users & Groups (click your account on left) > Drag connected network drives (from your desktop) to the Login items list box.

More: https://www.tekrevue.com/tip/automatically-connect-network-drive/

Set PHP as default Web Server delivered file in local Apache

sudo nano /private/etc/apache2/httpd.conf

Set…

DirectoryIndex index.php

Install PHP 7.0 on to OSX

FYI: 7.1 and 7.2 are out but I find 7.0 is more stable with WordPress (read more here).

More: https://php-osx.liip.ch/

sudo curl -s https://php-osx.liip.ch/install.sh | bash -s 7.0
****
[WARNING]
Detected macOS High Sierra 10.13. As this is quite new, there may be issues still. Your mileage may vary.
****
Get packager.tgz
Unpack packager.tgz
Please type in your password, as we want to install this into /usr/local
Start packager (may take some time) using /usr/bin/python2.7
downloading https://s3-eu-west-1.amazonaws.com/php-osx.liip.ch/install/7.0-10.10-frontenddev-latest.dat
downloading https://s3-eu-west-1.amazonaws.com/php-osx.liip.ch/install/7.0-10.10/frontenddev/7.0-10.10-frontenddev-7.0.24-20171002-092027.tar.bz2

Installing package 7.0-10.10-frontenddev into root /
./pkg/pre-install
pkg/pre-install
Skipping existing directory 
Skipping existing directory usr/
Skipping existing directory usr/local/
Extracting usr/local/php5-7.0.24-20171002-092027/
Extracting usr/local/php5-7.0.24-20171002-092027/bin/
Extracting usr/local/php5-7.0.24-20171002-092027/entropy-php.conf
Extracting usr/local/php5-7.0.24-20171002-092027/etc/
Extracting usr/local/php5-7.0.24-20171002-092027/include/
Extracting usr/local/php5-7.0.24-20171002-092027/info/
Extracting usr/local/php5-7.0.24-20171002-092027/lib/
Extracting usr/local/php5-7.0.24-20171002-092027/libphp7.so
...
removed
...
Extracting usr/local/php5-7.0.24-20171002-092027/bin/tsql
Extracting usr/local/php5-7.0.24-20171002-092027/bin/uconv
Extracting usr/local/php5-7.0.24-20171002-092027/bin/vacuumdb
Extracting usr/local/php5-7.0.24-20171002-092027/bin/wrjpgcom
Extracting usr/local/php5-7.0.24-20171002-092027/bin/xgettext
Extracting usr/local/php5-7.0.24-20171002-092027/bin/xslt-config
Extracting usr/local/php5-7.0.24-20171002-092027/bin/xsltproc
Executing post-install script /tmp/7.0-10.10-frontenddev-post-install
Create symlink /usr/local/php5/entropy-php.conf /etc/apache2/other/+php-osx.conf
Restarting Apache
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using removed.removed.com.au. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Finished.

Create a diag file in your OSX Default Apache root

Edit your default index file

sudo nano /Library/WebServer/Documents/index.php

Contents

<?php

// Show all information, defaults to INFO_ALL
phpinfo();

// Show just the module information.
// phpinfo(8) yields identical results.
phpinfo(INFO_MODULES);

?>

Now load the file

Install MySQL on OSX

Download: https://dev.mysql.com/downloads/mysql/

Help: https://dev.mysql.com/doc/refman/5.7/en/osx-installation-pkg.html

Uninstall MySQL OSX
Read: https://community.jaspersoft.com/wiki/uninstall-mysql-mac-os-x

Add MySQL to PATH

export PATH=$PATH:/usr/local/mysql/bin

Reboot and Check the MySQL Service

Check MySQL Version

/usr/local/mysql/bin/mysql --version
/usr/local/mysql/bin/mysql  Ver 14.14 Distrib 5.7.20, for macos10.12 (x86_64) using  EditLine wrapper

Login to MySQL from the Command Line

/usr/local/mysql/bin/mysql -u root -p;
Enter password: 
...
mysql>

Set a new root password (after logging in as root)

mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('nUp!KGFi=*FI"2p:7mC3W<%bA_`}6Tcm^\*mS1VYp[d]dup16U\t5removed,
');
Query OK, 0 rows affected, 1 warning (0.01 sec)

fyi: You can obtain a good password here.

Bonus: Install MySQL (PHP) management tool (in Apache)

Download: https://www.adminer.org/#download Save the file to /Library/WebServer/Documents/adminer.php

Load Adminer in your browser and log in with your root password

Login to Adminer (via Apache/PHP)

Creating MySQL Tables in Adminer (via Apache/PHP)

Adminer allows you to fully manage your MySQL (create databases, users, run queries, alter objects etc)

Adding Records to MySQL with Adminer

Remove MySQL:

Get your Mac Processor Name

sudo sysctl -n machdep.cpu.brand_string
Password:
Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz

Show All OSX System Settings

Command:

sysctl -a

Show Live File System Usage

sudo fs_usage

Show last 10 lines of the system log

tail -f /var/log/system.log
Dec 11 22:07:35 192-xxx-xx-xxx Wireless Network Utility[568]: Model -ioClassRef error
Dec 11 22:08:05 --- last message repeated 11 times ---
Dec 11 22:08:05 192-xxx-xx-xxx Wireless Network Utility[568]: Model -ioClassRef error
Dec 11 22:08:05 192-xxx-xx-xxx Wireless Network Utility[568]: Model -ioClassRef error
Dec 11 22:08:14 --- last message repeated 2 times ---
Dec 11 22:08:14 192-xxx-xx-xxx syslogd[68]: ASL Sender Statistics
Dec 11 22:08:16xxx-xx-xxx Wireless Network Utility[568]: Model -ioClassRef error
Dec 11 22:08:46 --- last message repeated 11 times ---
Dec 11 22:08:46 192-xxx-xx-xxx Wireless Network Utility[568]: Model -ioClassRef error
Dec 11 22:08:46 192-xxx-xx-xxx Wireless Network Utility[568]: Model -ioClassRef error
Dec 11 22:09:03 --- last message repeated 6 times ---

Get Your Local WAN IP Address

ipconfig getifaddr en0
192.x.x.x

Get your Public IPV4 Address

curl icanhazip.com; echo
60.xxx.xx.xxx

More to come.

Hope this helps someone.

Donate and make this blog better

Ask a question or recommend an article

[contact-form-7 404 "Not Found"]

Revision History

v1.2 Find file (current version)

v1.1 Removed system info chunk (too big to format)

Personal Development Blog...

Coding for fun since 1996, Learn by doing and sharing.

Buy a domain name, then create your own server (get $25 free credit)

View all of my posts.

OSX

Using the Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and software

Is OSX Mojave on a 2014 MacBook Pro slower or faster than High Sierra

Open a Windows 10 Boot Camp Installation on OSX in Parallels (like a VM)

How to install Windows 10 Pro alongside an OSX partition with Apple Boot Camp

Using Cloudflare DNS servers to speed up the internet and add privacy on OSX

OSX speed tested before applying Spectre and Meltdown patches in 10.13.2

Adding HTTPS to Apache on OSX High Sierra

UPDATE: Nov 21st 2018 – This works on OSX Mojave too.

Useful OSX Terminal Commands

Popular

Security

Code

Tech

Wordpress

General

OSX

UPDATE: Nov 21st 2018 – This works on OSX Mojave too.

Footer

Popular

Security

Code

Tech

Wordpress

General