• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • Create a VM ($25 Credit)
  • Buy a Domain
  • 1 Month free Back Blaze Backup
  • Other Deals
    • Domain Email
    • Nixstats Server Monitoring
    • ewww.io Auto WordPress Image Resizing and Acceleration
  • About
  • Links

IoT, Code, Security, Server Stuff etc

Views are my own and not my employer's.

Personal Development Blog...

Coding for fun since 1996, Learn by doing and sharing.

Buy a domain name, then create your own server (get $25 free credit)

View all of my posts.

  • Cloud
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • How to buy a new domain and SSL cert from NameCheap, a Server from Digital Ocean and configure it.
    • Setting up a Vultr VM and configuring it
    • All Cloud Articles
  • Dev
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • How to setup pooled MySQL connections in Node JS that don’t disconnect
    • NodeJS code to handle App logins via API (using MySQL connection pools (1000 connections) and query parameters)
    • Infographic: So you have an idea for an app
    • All Development Articles
  • MySQL
    • Using the free Adminer GUI for MySQL on your website
    • All MySQL Articles
  • Perf
    • PHP 7 code to send object oriented sanitised input data via bound parameters to a MYSQL database
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • Measuring VM performance (CPU, Disk, Latency, Concurrent Users etc) on Ubuntu and comparing Vultr, Digital Ocean and UpCloud – Part 1 of 4
    • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
    • Setting up a website to use Cloudflare on a VM hosted on Vultr and Namecheap
    • All Performance Articles
  • Sec
    • Using the Qualys FreeScan Scanner to test your website for online vulnerabilities
    • Using OWASP ZAP GUI to scan your Applications for security issues
    • Setting up the Debian Kali Linux distro to perform penetration testing of your systems
    • Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare
    • PHP implementation to check a password exposure level with Troy Hunt’s pwnedpasswords API
    • Setting strong SSL cryptographic protocols and ciphers on Ubuntu and NGINX
    • Securing Google G Suite email by setting up SPF, DKIM and DMARC with Cloudflare
    • All Security Articles
  • Server
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • All Server Articles
  • Ubuntu
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • Useful Linux Terminal Commands
    • All Ubuntu Articles
  • VM
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • All VM Articles
  • WordPress
    • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
    • Installing and managing WordPress with WP-CLI from the command line on Ubuntu
    • How to backup WordPress on a host that has CPanel
    • Moving WordPress to a new self managed server away from CPanel
    • Moving a CPanel domain with email to a self managed VPS and Gmail
    • All WordPress Articles
  • All

OSX

Using the Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and software

October 4, 2018 by Simon

This post aims to show you how you can use a Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and other software and services.

Background

Although I am a developer I do like security related topics and I try and do as much as I can to secure my systems and applications. Reading the Multi-Factor Authentication Wikipedia page has all the details on Multi-Factor authentication.

I have been a big fan of 1Password to generate strong and unique passwords for separate accounts for a while now. Read my guide on upgrading from a standalone 1Password licence to a 1Password subscription. I love generating unique and complex passwords with 1Password.

Screenshot of the 1Password.com software generating a complex password with 63 chars

But what happens if someone gets access to my 1password vault? Yubico has a catalogue of support services that I can use Yubikeys with to have, 1password is one supported service 🙂

I want to add Yubico protections with these services.

  • macOS Logins (DONE)
  • macOS Screensavers (DONE)
  • 1Password (DONE)
  • Dropbox (DONE)
  • Twitter (DONE)
  • Google (DONE)
  • Google GSuite (DONE, WAITING TO VERIFY)
  • Google GMail (DONE)
  • Google Analytics and AdSense (DONE)
  • Github (DONE)
  • Thunderbird Email (DONE)
  • Debian servers in the cloud (SSH) (DONE)
  • Ubuntu servers in the cloud (SSH) (DONE)
  • Securing WordPress (DONE)

Etc

Final Warning

Do not attempt to activate Two Factor Authentication on a system unless you…

  • A) Have backups of your data
  • B) Have backup methods of getting into your account(s)

Murphy’s Law: “Anything that can go wrong will go wrong”

You never know when a Two Factor Authentication Key may die or an Authenticator app or a Mac/PC may stop working so always have a backup method just in case.

General

General Yubico YubiKey Setup guides https://www.yubico.com/setup/

Buying a Yubico YubiKey

International visitors can buy a YubiKey from the official store here. Australian readers can buy a key locally here. I grabbed 2x YubiKey YubiKey Neo 4 (with NFC) for $50 USD (about $75 AUD) each.

This blog post will aim to show how you can set up a primary key and backup key for use on macOS and other apps to add hardware-based two-factor authentication to logins.

Authenticator Apps

You can use Google Authenticator, Yubico Authenticator or freeOTP from https://freeotp.github.io

Plugging the YubiKey into macOS Mojave

First I read this guide: https://www.yubico.com/works-with-yubikey/catalog/macos/

1) I plugged in my Yubico Neo key into my USB slot.
2) I closed the Keyboard setup window that appeared (I guess the YubiKey is a kind of a keyboard to allow inserting of challenge-response character streams into apps and websites).

Picture of macOS Mojave wrongly detecting the eYubiKey as a keyboard device type.

3) I followed the basic troubleshooting page and confirmed that the key was being detected (yes it was.)

macOS device list showing the Yubico YubiKey was detected

4) I followed this guide to test U2F functionality and this guide to test OTP functionality. Web pages and Google Chome can talk to the plugged-in YubiKey(s).

I was prompted to register a UTF deice (and create an account)

Register a Device

I was prompted to (insert) and touch my Yubico key.

picture of the browser asking me to insert my YubiKey

Google Chome asked for some permissions first.

FYI: Chrome 67 is recommended to securely allow the reading of UbiKey’s from web pages. Only allow sites you trust access to your USB devices and use a modern browser.

Picture of Google Chrome browser asking for permissions to read the inserted YubiKey

Success, Chrome could now see my YubiKey and my device was now verified.

Picture showing YubiKey registration success in a browser

Technical data is available to let you know what is going on in the background. I am not going to break down how this works but Yubico has in-depth whitepapers and documentation if you are interested.

Nice

Configuring OSX

I logged into my Mac with the account that I was going to secure.

I performed a complete time machine backup before proceeding. If you lock yourself out you will need to restore OSX from a Time Machine backup.

I Read the “Using Yubico Pluggable Authentication Module (PAM) with Challenge-Response” login guide: https://www.yubico.com/wp-content/uploads/2016/07/yubico_YubiKeyMacLoginGuide_en.pdf

I downloaded the Download the YubiKey Manager

I downloaded the yubikey-manager from here so I could configure the keys to use “HMAC-SHA1 Challenge-Response”.

Oops, I downloaded the wrong tool, good to know this one exists though.

Screenshot of the Yubikey Manager Software showing firmware update and OTP configuration settings

I will update what this tool does in future (update firmware?)

I Downloaded the Yubikey Personalization Tool

I went back to the Yubico download page and downloaded the Personalization tool.

Picture of the Yubico Personalisation tool showing it's available software options

Many options are available here.

It’s time to configure a primary and backup (duplicate YubiKey) for use with macOS etc.

Enable Challenge-Response

I opened the YubiKey Personalization Tool, Inserted my primary key, clicked the Settings tab, and in the Logging Settings group, selected Log configuration output and Yubico format.

I then clicked on the Challenge Response Tab, clicked the HMAC-SHA1 button, selected Configuration Slot 2, ticked “Program Multiple YubiKeys“, changed the “Parameter Generation Scheme = Same for all Keys“, Selected “Fixed 64 byte input” under “HMAC-SHA1 Parameters” and generated a new key (wrote it down).

Under “Configuration Protection” then I selected Enable Protection” I then visited here and generated a 6 digit string to convert to hex array (with spaces (e.g: “70 61 73 73 77 64”)).

Warning: If you set an access code and later forget it, you cannot make any programming changes to this YubiKey. You would need to buy another YubiKey.

I clicked on Write Configuration

If you chose Configuration Slot 1 you will receive a warning about not saving over Configuration Slot 1 due to Yubico VIP/Symantec, I personally do not trust Symantec or the https://vip.symantec.com/ service due to Symantec issuing non-compliant certificates for use on websites. Yubico allows you to swap configuration slots if want to keep the configuration data.

YubiCo Prompt asking for permissions to overwrite slot 1

On the output of the first write, I was prompted to save a file. I saved this to “secretkey.csv” onto the Desktop.

Screenshot of save configuration to CSV

When the write to my primary key was successful, I ejected it then inserted my backup key and wrote the same configuration data to it too (on Configuration Slot 2).

Screenshot of a list view showing the successful Write of information to two keys

Testing the HMAX-SHA1 Challenge

I open the YubiKey Personalization Tool, then click the Tools tab and click Challenge Response. Choose Configuration Slot 2, I selected HMAC-SHA1. I typed a sample input challenge (e.g “hello world”) and clicked Perform.

I noticed the Yubico key touch panel was flashing. I pressed the button, then a response appeared below the input textbox. I copied this response text then insert your second key and perform the same test so I could compare the responses (they should be the same). They were.

If the responses don’t match rewrite the configuration to your primary and secondary keys and ensure the same key and secret was used for both keys.

FYI: I rewrote configuration a few times until I got it right.

Installing the Pluggable Authentication Module (PAM) on macOS

I re-read the Mac login guide here as I don’t want to lock myself out of my Mac.

I opened the Yubico Software Download page here and clicked Computer Login Tools and downloaded the PAM for Mac.

Screenshot of the YubiCo PAM Module download page

I installed the PAM package and verified the package installation with this command.

ls -al /usr/local/lib/security

Output:

Screenshot of the PAM Module Installed (ls on a folder)

Text Output:

> drwxr-xr-x 3 root wheel 96 9 Oct 10:29 .

> drwxrwxr-x 74 simon admin 2368 9 Oct 10:29 ..

> -rwxr-xr-x 1 root wheel 143172 20 Apr 21:13 pam_yubico.so

Backup macOS

Again I ensured my Mac was backed up with Time Machine.

Screenshot of backing up my Mac with Time Machine

I logged in to my Mac with the account I wanted to be protected with the Yubico YubiKeys.

I ran the following command in terminal

mkdir –m0700 –p ~/.yubico

I double checked that my Yubico key(s) were set up for challenge response (above).

I inserted my Uubico key and ran this command

ykpamcfg -2

Feel free to read the “ykpamcfg” manual here. The yubico-pam source code is located here.

Output:

Screenshot of the output of ykpamcfg -2

The contents of “/Users/simon/.yubico/challenge-#######” looked like (I replaced 232 random chars with #’s below). The filename ended with my keys serial number.

v2:########################################################################################################################################################################################################################################:10000:2

Next, I was supposed to copy the challenge output from ykpamcfg to /var/root/.yubico/challenge-[YUBIKEY SERIAL NUMBER] with this command..

sudo cp /var/root/.yubico/challenge-[YUBIKEY SERIAL NUMBER] /Users/[USERNAME]/.yubico

But I had this error.

No such file or directory

Weird as the source file existed?? macOS issues?

I Opened /Users/[USERNAME]/.yubico/challenge-[YUBIKEY SERIAL NUMBER] in the nano editor (sudo elevated process) and saved the file to /var/root/.yubico/challenge-[YUBIKEY SERIAL NUMBER].

I reopened my terminal and verified the contents of /var/root/.yubico/challenge-[YUBIKEY SERIAL NUMBER]. The file is now there.

Permissions on the file is “-rw——-“. Good.

I inserted my second backuP key and re-ran “ykpamcfg -2” and copied the file to “/Users/simon/.yubico”

I verified the file contents

sudo cd /var/root/.yubico/
ls -al

Output

ls -al output of /var/root/.yubico/

Text Output:

> drwxr-xr-x 4 root wheel 128 9 Oct 09:50 .
> drwxr-x— 12 root wheel 384 9 Oct 09:39 ..
> -rw-r–r– 1 root wheel 244 9 Oct 09:50 challenge-#######
> -rw-r–r– 1 root wheel 244 9 Oct 09:42 challenge-#######

Snip from: https://www.yubico.com/wp-content/uploads/2016/07/yubico_YubiKeyMacLoginGuide_en.pdf

“Program at least two YubiKeys when implementing a requirement for authentication with a YubiKey on your Mac. If you configure only one YubiKey and something happens to the YubiKey, you must restore the Mac from a Time Machine backup that you created before editing the authorization file before you can log back in to your account. ”

Reading the guide regarding multiple accounts (setting up a Key for each login). I have 5 logins on my Mac but when this works I will disable the other accounts from logging in.

Enable the use of the Yubico key when the screensaver is deactivated on macOS

I opened a terminal and edited “/etc/pam.d/screensaver ” (I use the easier nano editor)

sudo nano /etc/pam.d/screensaver

I added this line

auth       required       /usr/local/lib/security/pam_yubico.so mode=challenge-response

auth[7 spaces]required[7 spaces]/usr/local/lib/security/pam_yubico.so mode=challenge-response

editing /etc/pam.d/screensaver added auth required /usr/local/lib/security/pam_yubico.so mode=challenge-response

I saved the file ( [CTRL+O], [CTRL+X] ) and exited nano.

I tested my screensaver and no extra protection was provided (the screensaver just exited).

I rebooted, still no change?

I reinstalled the PAM module.

Silly me, I needed to enable the password on the screensaver to then activate the /etc/pam.d/screensaver entries.

I enabled the screensaver passwordsEnable screensaver password in macOS

I am now prompted to enter my password and inset and tap my Yubico Key on screensaver exit (on both keys). Awesome.

Next, I need to enable this at macOS login.

Enable the use of the Yubico key at macOS Login

I edited /etc/pam.d/authorization file with nano in the terminal

sudo nano /etc/pam.d/authorization

I added the same line as was added to the file /etc/pam.d/screensaver

auth       required       /usr/local/lib/security/pam_yubico.so mode=challenge-response

auth[7 spaces]required[7 spaces]/usr/local/lib/security/pam_yubico.so mode=challenge-response

/etc/pam.d/authorization

I saved the file ( [CTRL+O], [CTRL+X] ) and exited nano.

Now let’s log out and test this.

It’s working.

Excellent

Add Two Factor Authentication to 1Password

Here is a guide on using the Yubico YubiKey with 1Password. This directed me to https://support.1password.com/yubikey/

I downloaded the Yubico Authenticator app on macOS and installed it.

Authenticator app

After I inserted my primary Key I received a “No Credentials Found”message.

No Credentials Found

I logged into https://my.1password.com/signin and clicked My Profile.

I clicked More Actions then Turn On Two-Factor Authentication

Enable 1Password Two Factor Auth

I added the generated QR code details to the Android Authenticator and macOS Yubico Authenticator app. At first, I could not scan the QR code in macOS (was Mojave blocking this?), I manually entered the details (after confirming them from the Android app QR code scan).

Details:

  • Issuer: 1Password
  • Account Name: my.1password.com
  • Secret Key: ###################
  • Time: 30
  • Algorithm: SHA-1
  • Period: 30
  • Digits: 6

Add 2nd Factor Details

Now, 1Password web and the desktop app are asking for the 2-factor code (generated in the Yubico Authenticator app after I insert my YubioKey).

Nice

2 Factor Auth enabled on 1password

I logged off and I was not prompted for my Two Factor code?

Snip from: https://support.1password.com/two-factor-authentication/

“Your 1Password account is now protected by two-factor authentication. From now on, you’ll need to enter a six-digit authentication code from your authenticator app when you sign in to 1Password on a new device.”

I logged in to 1Password from Google Chrome on Android and indeed I was prompted for a two-factor auth code form the Yubico Authenticator app (with a KubiKey inserted).

2nd Factor prompted on new devices

Add Two Factor Authentication to Dropbox
I read https://www.yubico.com/works-with-yubikey/catalog/dropbox-personal/. Dropbox also has setup instructions here.

I logged into Dropbox and went to Settings then Security then clicked Add next to Security Keys

Dropbox 2 factor auth

I started the Wizard, entered my Dropbox password, then inserted my YubiKey.

Add YubiKey to Dropbox

Name the Key

Name the YubiKey

I added my Primary and Backup Key(s)

Added Two Keys

I logged out and back in and no Security Key prompt?

I am using Chrome and had cleared past browsers from the Dropbox list of web browsers at https://www.dropbox.com/account/security

I discovered that I need to set the primary authentication method to Use Mobile App (My Bad, it would be nice if Dropbox set this as default after I added the keys).

Set Primary Method of Two Factor Auth

I added the Dropbox QR code to the Yuboico Authenticator app

Add Dropbox Two Factor Auth to Authenticator

I was asked to enter a 6 digit code from my Yubico Authenticator app to verify the working link. I inserted my YubiKey into my machine to show the code.

Now Dropbox is configured 🙂

Dropbox is configured

Success

I now have to insert my primary key when logging into Dropbox

Dropbox now demands a YubiKey is inserted
I need to find a way to copy my Authenticator credentials to my Backup Key from my Primary key

Authenticator Credential not on both keys

Add Two Factor Authentication to Twitter

I read https://www.yubico.com/works-with-yubikey/catalog/twitter/ (Setup Instructions)

1) Login to Twitter

2) Open your Settings and Look For Security

Twitter Security

3) Click Start

Start Wizard

4) Enter Your Password

5) Accept and enter any SMS codes if you set up SMS Two Factor codes via SMS

6) Click “Review your login verification methods”

Review Login Methods

7) Click “Setup Key”

Setup Key

8) Insert Your YubiKey and follow the prompts to activate it.

Insert Key

9) Now the key will be requoted to log in to Twitter

Activated Key

Testing Two Factor Login to Twitter

I logged out of and back into Twitter but the SMS Two Factor Authentication method was still active?

SMS Two Factor Still Activated

I tried to disable the SMS method in Twitter but two factor was disabled altogether and the registered key was deleted. I re-added my key 🙁

I solved this by choosing “Choose a different verification method” when logging in then choosing “Use your security key“, Twitter then accessed my YubiKey and further login attempts used the key instead of SMS 🙂 I could use an Authenticator code but they YubiKey touch method is quicker.

Alternate Two Factor Options

Done

It would be nice if Twitter allowed multiple keys to be used to log in?

Add Two Factor Authentication to Google, Google cloud, Gsuite etc

I read https://www.yubico.com/works-with-yubikey/catalog/google-accounts (Instructions https://myaccount.google.com/).

Adding two Factor authentication details to Google was not easily accessible at Google so I Googled (lol) this https://support.yubico.com/support/solutions/articles/15000006418-using-your-yubikey-with-google

I loaded: https://myaccount.google.com/signinoptions/two-step-verification/enroll-welcome

I clicked Get Start

Add Two Factor to Google Get Started

I clicked Choose Another Option (not SMS Two factor)

Add Other Two Factor

Clicked Security Key

Add Security Key

As prompted I inserted my key and allowed access to it.

Insert Key

I named the Key

Name the key

I repeated the steps and added my 2nd key.

Add 2nd Key

Done

I logged out my https://myaccount.google.com and logged back in and I was prompted to insert my YubiKey

Insert YubiKey

Nice

I did try and login to my google GSuite account at https://admin.google.com but it did not prompt me to insert a key. I will do this next.

Add Two Factor Authentication to GSuite

I logged into the GSuite admin interface at https://admin.google.com/ I generated some backup codes in case I need them in the future.

I checked my main admin user account and I could see the 2 google security keys synced through from Google.

Check Securiy Keys

I then searched GSuite for “Two Factor” and loaded the “Enforcement” Page

I enabled “Turn On Enforcement Now”

I enabled “Only Security Keys”

I logged out and back into https://gsuite.google.com/ TWICE and no security key prompt.

Silly me: I forgot to click save at the bottom of the screen and it appears there is a 24-hour delay?

Don't forget to press save

Add Two Factor Authentication to GMail

This is already done (above), GSuite email takes up to 24 hours to become active, GMail is instant.

Gmail two factor auth working.

Add Two Factor Authentication to Google Analytics

I can’t see an option to turn Two Factor Auth on in Google Analytics 🙂

I did send feedback to the Google Analytics team.

Adsense Feedback

Add Two Factor Authentication to Google Adsense

I can’t see an option to turn Two Factor Auth on in Google Adsense either 🙂

I did send feedback to the Google AdSense team.

No AdSense 2FA

Add Two Factor Authentication to Github

I logged into Github, opened my Settings and clicked Security then Enable two-factor authentication

GitHub

Click Setup using an app save the recovery codes.

Open the Yubico Authenticator app (ensure you can see the QR Code in GitHub)

In the Yubico Authenticator, App click File then Scan QR Code

The GitHub details should be added to the Authenticator

Authenticator App

Two Factor via authenticator tokens is enabled and now I can see a Keys options,

Add Keys

I clicked Add next to security keys then Register New Device, I gave the key a name then clicked Add.

Add 2 Keys

I added both keys then I Logged out and back in and two factor was enabled by YubiKey 🙂

Two Factor Enabled

Add Two Factor Authentication to Debian servers in the cloud (SSH)

Read Setup two-factor authenticator protection at login on Ubuntu or Debian

Add Two Factor Authentication to Ubuntu servers in the cloud (SSH)

Read Setup two-factor authenticator protection at login on Ubuntu or Debian

YubiKey Support

There are loads of Yubico support articles here: https://support.1password.com/yubikey/

Yubico Developer Info

A GitHub repository of source code is located here: https://github.com/Yubico

Other developer related pages here

      • https://developers.yubico.com/FIDO2/
      • https://developers.yubico.com/OTP/
      • https://developers.yubico.com/U2F/
      • https://developers.yubico.com/OATH/
      • https://developers.yubico.com/PGP/
      • https://developers.yubico.com/PIV/
      • https://developers.yubico.com/YubiHSM2/
      • https://developers.yubico.com/Software_Projects/

Securing WordPress

Read this guide on Securing WordPress with 2FA (YubiKey insertion or Authenticator app).

I found a good WordPress plugin to handle 2FA logn methods.

Set all desired 2FA login methods

I am prompted to insert my YubiKey after logging into WordPress.

Nice

Java Code to use the Yubico YubiKey in software (challenge mode)

todo: I will add this section soon.

Yubico has Java repository that contains a Java library with an accompanying demo server, as well as a JAAS module, to validate YubiKey OTP’s (One-Time Passwords).

https://developers.yubico.com/yubico-java-client/

PHP Code to use the Yubico YubiKey in software (challenge mode)

todo: I will add this section soon.

Yubico has PHP library ad source code but it has not been updated in 3 years. I cannot get this working on PHP 7.2.

https://github.com/Yubico/php-yubico

Using Yubico YubiKeys as 2fA with one-time Passwords.

The YubiKeys can be used to store and generate one time passwords.

Read more about 2fa here

  • twofactorauth.org
  • turnon2fa.com/tutorials

Here is a good plugin to tell you what sites use 2fa as you browse: https://2fanotifier.org

I have used my YubuKeys to store dozens of 2fa One time password son sites

e.g Namecheap

Namecheap enable 2fa

I enabled 2fa OTP (over phone/SMS 2fa) at Namecheap

2fa enabled at namecheap

Recovery info and backup

Always setup, and obtain backup access codes (or set alternate two-factor login methods) to software and know how you can disable YubiKey 2FA logins if needed.

Read more on YubiKey data backup policy here.

Copy Yubico Authenticator credentials to my Backup Key from my Primary Key

My Primary and Secondary YubiKeys have different Authenticator credentials (I need to sync them)

Authenticator Credential not on both keys

Set a YubKey Password (Yubico Authenticator App)

You can set a YubiKey Password so limit access to Two Factor Linked Accounts in the Yubico Authenticator. Nice.

      1. Open the Yubico Authenticator App
      2. Insert your YubiKey
      3. Open the File then Set Password Menu
      4. Click Set Password

Now when you insert the YubiKey you will be prompted for a password Before Two Factor tokens are displayed.

Set Yubico Password

Find a YubiKey Device Quiz

Use this quiz to find the right YubiKey for you: https://www.yubico.com/quiz/

Final Warning

Do not attempt to activate Two Factor Authentication on a system unless you…

  • A) Have backups of your data
  • B) Have backup methods of getting into your account(s)

Murphy’s Law: “Anything that can go wrong will go wrong”

You never know when a Two Factor Authentication Key may die or an Authenticator app or a Mac/PC may stop working so always have a backup method just in case.

Issue(s)

Thunderbird email on Google Chrome (accessing GSuite) is not accepting the key.

It is prompting…

Thunderbird prompting for the key

But it is not recognising the key (no matter how many times I insert or press the key)?

Key not detecting in Thunderbird

It appears Thunderbird 52 may not support keys yet, May have to wait until release 60.

I installed Thunderbird 63 (BETA) from https://www.thunderbird.net/en-US/channel/

Installed Thunderbird 63 BETA

After I installed Thunderbird it asked for my Security Key, accepted it and asked for further permissions.

Thunderbord a63 beta asking for permissions

I can now read my email in Thunderbird with my YubiKey

Update: June 2019

1Password now allow you to setup 2FA (authenticator app or YuiKey leys (or both)) authentication on your 1Password login. Read the official post here.

Goto https://my.1password.com/profile/2fa to setup 2FA.

You can setup 2FA (authapp and or hardware keys)

1Password set 2fa

You will be notified by email if a 2FA method is setup.

Email alert about 2fa

You will need to sign out and back into your apps web, Desktop and Mobile.

Web Signin

desktop Signin

You will need to insert and press your hardwre key.

Press 2FA Key

And enter your 2FA code

Enter 2fa otp code

Mobile app login

Enter 2fa code on mobile app loginb]

I used my YubiCo Authentocator app to get the temporary OTP.

Get OTM from auth app

You can remove previous logged in devices from accessing your data or force them to reqire 2FA at next login

de Auth existing defices

Nice

Links

YubiCo Device Comparison Chart: https://www.yubico.com/products/yubikey-hardware/compare-yubikeys/

Email Subscription form YubiCo: https://pages.yubico.com/email_subscription.html

Conclusion

Thunderbird issues (solved by installing a BETA).

Not all apps have the same method (some have Authenticator App only) and some have YubiKey Insert/Touch, some allow one key or multiple keys.

The only issue is my Huawei Mate 9 phone is a little flakey at reading NFC (fixed: I just have to tap for 5 seconds)

I have attached the YubiKeys to a dog chain’s and they live around my neck.

dog_clains

Version History

v1.1 Added authenticator/Namecheap 2fa info.
v1.0.1 YubiKey Backup Policy and comparison chart
v1.0.0 WordPress
v0.8.1 authenticator apps
v0.8.0 Draft: Debian/Ubuntu and many other changes
v0.7.0.1 Draft: Issue – Thunderbird Issue Solved
v0.7.0 Draft: Issue – Thunderbird Issue
v0.6.9 Draft: Protected GitHub
v0.6.9 Draft: Unable to Protect Google AdSense and Analytics
v0.6.8 Draft: Protected Google Gmail (https://gmail.com)
v0.6.7 Draft: Protected Google GSuite (https://gsuite.google.com/ and https://admin.google.com/)
v0.6.6 Draft: Protected Google (https://myaccount.google.com/)
v0.6.5 Draft: Protected Twitter
v0.6 Draft: Set a YubKey Password (Yubico Authenticator App)
v0.5 Draft: Sync Authenticator credentials?
v0.4 Draft: Protected Dropbox
v0.3 Draft: Protected 1Password
v0.2 Draft: Protected macOS Login
v0.1 Draft: Protected macOS Screensaver

Filed Under: 2FA, Auth, MFA, NFC, Security Tagged With: and, authentication, device, hardware-based, improve, logins, NEO, OSX, software, the, to, two-factor, Using, Yubico, YubiKey

Is OSX Mojave on a 2014 MacBook Pro slower or faster than High Sierra

October 1, 2018 by Simon

This is a quick post to see if OSX Mojave runs slower on a Mid 2014 Mac Book Pro than High Sierra

Aside

If you have not read my previous posts I have now moved my blog to the awesome UpCloud host (signup using this link to get $25 free UpCloud VM credit). I compared Digital Ocean, Vultr and UpCloud Disk IO here and UpCloud came out on top by a long way (read the blog post here). Here is my blog post on moving from Vultr to UpCloud.

Buy a domain name here

Domain names for just 88 cents!

Now on with the post.

New Mac Operating System (Mojave)

I have always been hesitant before upgrading to a new Apple operating system (or performance-impacting patch).

My Mid-2012 Macbook will not be able to install the next 2019 operating system (as it is now considered too old).

MacBook Thermal Cooling

My MacBook is already running at the limit of the stock thermal cooler (read more here). I replaced the thermal paste on my Mid-2012 Mac Book to help lower thermal temps. I often run fans at 100% with TG Pro.

Stock MacBook thermal paste (needs replacing).

Stock Paste

OSX Mojave

What’s new in OSX Mojave: https://help.apple.com/macOS/mojave/whats-new/

  • Dark Mode
  • Folder Stacks
  • Finder Enhancements
  • Quick Look Enhancements
  • New Screen gran
  • iOS to Mac camera.
  • New News App
  • Stocks App
  • Voice Memos
  • Home Control
  • Better Safari Privacy and Security
  • New Mac App Store
  • Take the tour

I currently have High Sierra Installed.

High Sierra About Screen

High Sierra – Black Magic Disk Speed Test 3.1 Speed Test Results

Write:  340.5 MB/s

Read:  348.1 MB/s

Hig Sierra Disk Benchmark

High Sierra – Novabench 4.01 Benchmark Scores

GPU: 0 (known issue)

RAM: 136

GPU: 243

DISK: 57

High Sierra Nova Bench

Downloading Mojave

Mojave is available for download in the App Store.

Download Mojave

Instaling Mojave

A quick wizard and Mojave in ready to install.

Download Mojave

Installation took about 2 hours to install over High Sierra.

OSX Mojave About Screen

Mojave Dark Mode

Dark mode is certainly very pretty, all stock apps on OSX are not optionally available in dark colour themes.

OSX Mojave dark mode

Mojave – Black Magic Disk Speed Test 3.1 Speed Test Results

Write:  348.5 MB/s (8MB/s faster than High Sierra)

Read:  348.1 MB/s (27.1MB/s faster than High Sierra)

Nice

FYI, The first 2 days of Mojave did seem a bit sower but this may because of background indexing.

My home MacBook has a 512GB Apple SSD hard drive. I recently upgraded to Mojave on a 2014 27 iMac that had a Hybrid SSD (128GB SSD + 1TB drive) and it runs really slowly.

High Sierra – Novabench 4.01 Benchmark Scores

GPU: 0 (known issue)

RAM: 136 (same as High Sierra)

GPU:251 (8 higher than High Sierra)

DISK: 57 (same as High Sierra)

Nova Bench on Mojave

Reboot Time in seconds (time taken to reboot and log back into an interactive desktop)

WOW: Reboot average times were 212 seconds in High Sierra but only 124 seconds in Mojave, that’s an 88-second improvement.

Mojave faster reboots

That totally made upgrading to Mojave worth it.

Screen Capture and save speed

Often I screenshot the desktop (or apps), Below is a time in seconds to capture the desktop and open the file in Photoshop on High Sierra and Mojave.

Capture Desktop Speed

Mojave is a lot faster (even with a wait for the file to be saved to the desktop)

IntelliJ

Does Mojave make IntelliJ slower?

Note: Sorry, the scale in the chart zoomed in by default, I am not sure how to reset the scale on the left to starts at 0.

Time to open IntelliJ

4-second improvement. Nice.

Time to opening Adobe CS Premiere Pro in Mojave v High Sierra

How does Adobe Premiere Pro handle Mojave?

Note: Sorry, the scale in the chart zoomed in by default, I am not sure how to reset the scale on the left to starts at 0.

Mojave Opening Premiere Pro

2 seconds slower (I expect updated from Adobe soon)

More to come soon.

I hope this guide helps someone.

Please consider using my referral code and get $25 UpCloud VM credit if you need to create a server online.

https://www.upcloud.com/register/?promo=D84793

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.0 Initial Post

Filed Under: Apple, High Sierra, Mojave, OS, OSX Tagged With: faster, Installing, mojave, or, OSX, slower, speed

How I upgraded from a standalone 1Password 6.x licence to 1Password (7+) cloud subscription on OSX

May 27, 2018 by Simon

This is how I upgraded from my standalone 1Password 6.x family licence to a 1Password 7 cloud subscription on OSX. I am not reviewing 1Password here.

This is NOT a paid endorsement, this is output from my legitimate quest from upgrading an old stand-alone family licence to a cloud subscription. I have been using 1Password for the past 5 years and have recommended it to everyone I know.

Always backup your data before updating (things can go wrong), good luck. At the time of writing 1Password 7 was not out of beta.

Why

I have a number of guides on moving away from CPanel, Setting up VM’s on UpCloud, AWS, Vultr or Digital Ocean and let’s say 1Password has helped me store everything from service invoices, SSH password service passwords etc. I did have a stroke last year (caused by the flu (a cough) and luckily all is OK ) and I now realise that having everything out of my brain and in a secure vault is a good idea (touch wood).

Reasons why I use 1Password – Password Manager.

  • It is a good idea to use a password manager.
  • It has allowed me to have a different password on every site I use.
  • I managed to stop using my old “same” password on every site I used since the 1990’s.
  • I am paranoid (check out https://howsecureismypassword.net/, https://haveibeenpwned.com/ and google “sites hacked” or “passwords exposed”).
  • It’s a good idea.

1Password 7 News

1Password 7 has been hitting my twitter timeline, should I upgrade? Here is the official upgrade guide.

Security Researcher Troy Hunt’s – https://haveibeenpwned.com/ is now a feature in 1Password 7

@1Password just keeps getting better and better. Ping: @troyhunt pic.twitter.com/qTtE6XyoXb

— Grant Harrington (@harringg) May 22, 2018

I wrote a PHP implementation to check a password exposure level with Troy Hunt’s pwned passwords API and know it’s a good idea.

Also, there are loads of great features in 1Password 7.

1 Password site showing 1Password 7

Anything that can help create secure passwords is a good idea.

86% of Passwords are Terrible (and Other Statistics) https://t.co/pSqbb7IV0g by @troyhunt
— Particular Software (@ParticularSW) May 25, 2018

1Password Twitter Support Shoutout

Before I begin I would like to acknowledge the patient 1Password support team on twitter. They answered well over 20 questions from me and handled my frustrations of there not being a clear standalone family licence, I suspected a plot to force people onto a cloud subscription at first.

In an ideal world upgrading, 1Password should be an easy process (1Password Twitter Support indicated)

NBN Support

Load’s of 1 Password activity on Twitter

Phew! ? 1Password 7 for Mac has generated a lot of excitement! If you have any questions, be sure to check out our forums to see if they’ve been answered. Our team is always here. https://t.co/Xixe8e80yY

— 1Password (@1Password) May 23, 2018

Before I downloaded the latest 1Password 7 I fired heaps of questions at the twitter support. I hope 1Password give them a raise or bonus.

1Password Twitter DM's

I did spend way too long reading past the negative 1Password support posts on “where is the standalone licence”, “beta discounts are gone”, “why so expensive” and “how can I upgrade from 1password 6 and still use dropbox” etc.

1Password Forum Searches

I ended up logging a support ticket (looking for the unicorn beta tester discount/stand-alone licence, I think I was too late to join the beta program).

1Password Forum Support

I backed up my 1Password 6 data

Always take backups of your data before upgrading anything.

  • Open your existing 1Password 6
  • Click File, Export, All Items
  • Choose a File Name and press Save
  • Verify Data (open Finder)

Backup Existing 1Password 6 Vaults

I also backed up the 1Password file in Dropbox before upgrading. Simply drag it to your desktop.

Backup Dropbox Vault

I visited https://1password.com/extlink/signin/ and…

  1. Signed in (create an account if you don’t have one), I had one from a previous support ticket I logged.
  2. I chose “Individual” account type.
  3. Specified my Email Address
  4. Verified My Email

1Password signin process

Then I..

  1. Added my Name
  2. Skipped the Credit card option (to activate the trial)
  3. Generated a master key (this is combined with your password)
  4. Created a new password for a new password vault
  5. Logged in
  6. Saved my Emergency Recover PWF (with details)

Account Details

I did have a peek at the 1Password SSL certificate strength and other tools and they came up all good (I don’t want to use an insecure service).

You too can test SSL on sites with https://dev.ssllabs.com/ssltest/

Check 1Password SSL

The only concern I have is TLS 1.3 is not an option yet. I use it on my blog’s web server (guide here) also a few SSL labs identified weak cyphers are presented as available from the server (Is this an issue)?

I also had a look at Google Chrome’s developer console to see if anything out of the ordinary was popping up? The console appears a little chatty? TLS 1.2 was in force securing the client/server communications so that’s nice.

1Password Website Debug Output

Now that I am logged into my cloud 1Password (trial) account I can…

  1. Add/View/Edit/Delete items in my vault.
  2. Download desktop/mobile apps.
  3. Import data to vaults.
  4. Turn on Two Factor authentication.
  5. Create/Edit/Delete a password vault (or set as default).
  6. Update billing details (if you wish to subscribe)
  7. Contact Support

Get 1 Password Apps

Now I can connect my new 1Password cloud account to my local 1Password 6 installation by.

  1. Open 1 Password (on my Mac)
  2. Open the Preferences and go to the Account tab
  3. Click on Scan the account details
  4. Move the scan window over a QR Code (Setup Code) in a logged in 1password.com screen (login detail like login server, master key and username are auto-entered).
  5. Enter my vault password.

Loud Account

Now I am prompted to import my local 1Password data into the cloud account from my local 1Password.

Import Old Items

When the import completed I was prompted to delete the local vault (I said yes because I backed it up).

Remove Old Vault

Tip: 1Password 6 on my Mac did not appear to delete the Dropbox data so I deleted this manually.

After a few minutes, I noticed Dropbox was still syncing files?

1Password is still using Dropbox

Troubleshooting: I had to set my new cloud vault as the primary vault to save to and not the old vault that was syncing via Dropbox. I also deleted all links to Dropbox on iOS and Android devices.

I did notice that 1Password was 6.8.9 (I thought 1password 7 was the latest?, I did try the update button). I ended up ticking “Include beta builds” and then 1Password 7.0 is a download option (maybe this will change in the next few days)?

Opt Into Beta

I opened 1Password 7 on my local desktop.

1Password 7 instaled

I had a quick look around in 1Password 7 for the https://haveibeenpwned.com/ feature. I opened an existing account I added to 1Password. It look’s nice.

Vulnerable Passwords Feature

Some nice alerts and features I noticed when viewing my data in 1 Password 7.

Some 1 Password features noticed

Aside: I had to opt into beta builds on Windows to get 1Password 7 too.

Windows 1Password Instaled

Summary

When I set out and wanted a stand-alone licence but it appears I would need to pay for a licence on Windows and Mac and portable devices.

I overlooked an earlier DM from 1Password (that provided the purchase links) so I decided to go with a subscription (I think I missed the BETA program too, no reply from the hockey app email when opting into beta on Windows).

Standalone

Buy standalone licences

  • Buy Mac Licence ($39 in BETA or $64.99 RRP)
  • Buy Windows Licence ($39 in BETA or $64.99 RRP)

From what I could see standalone licences only work via Dropbox (or locally) and not via the 1Password cloud.

However, the subscription does away with the requirement to buy multiple licences (all apps are free once you subscribe). I am not sure when 1Password 8 is coming out so I think it is wiser to go with a yearly subscription (that’s about 10.8c a day in Australian peso’s).

Time to Subscribe

I pulled the trigger and subscribed 🙂

Subscribe

One nice thing is the trial time is added on to the subscription length so if you have 30 days left in the trial it add’s on to the yearly subscription length (13 months), that’s nice.

Subscribed

Update: June 2019

1Password now allow you to setup 2FA (authenticator app or YuiKey leys (or both)) authentication on your 1Password login. Read the official post here.

Goto https://my.1password.com/profile/2fa to setup 2FA.

You can setup 2FA (authapp and or hardware keys)

1Password set 2fa

You will be notified by email if a 2FA method is setup.

Email alert about 2fa

You will need to sign out and back into your apps web, Desktop and Mobile).

Web Signin

desktop Signin

You will need to insert and press your hardware key.

Press 2FA Key

And enter your 2FA code

Enter 2fa otp code

Mobile app login

Enter 2fa code on mobile app loginb]

I used my YubiCo Authenticator app to get the temporary OTP.

Get OTM from auth app

You can remove previous logged in devices from accessing your data or force them to require 2FA at next login

de Auth existing defices

Nice

Conclusion

Happy = Yes (they are shooting fish in a barrel)

Could have been easier to upgrade from 1 password = Yes

I hope this guide helps someone.

Find out more about 1Password at http://1password.com/

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.4 Added 2fA Info

v1.3 Fixed typo in the title/url.

v1.2 Added Links

v1.1 Added Conclusion

v1.0 Initial post

Filed Under: Password Manger Tagged With: 1Password 6.x, 1Password 7+, a, cloud, form, How, I, licence, on, OSX, standalone, subscription, to, upgraded

Open a Windows 10 Boot Camp Installation on OSX in Parallels (like a VM)

April 29, 2018 by Simon

This guide will show you how you can open a Windows 10 Boot Camp Installation on OSX in Parallels (like a VM).

Installing Parallels on a Mac allows you to install Windows in A VM, this is handy but you may want to install Windows on a Mac drive with Boot camp (guide here)  for better performance.

Can you load this VM-less Windows install in OSX rather than reboot it, the answer is YES (with Parallels v13).

Setup your Windows Bootcamps (see my guide here).

Create a new VM image in Parallels (Select Boot Camp)

New Image

Click Continue

Use Windows Bootcamp

Confirm the reaction warning.

Before You Proceed

Name the VM and choose a location

Location

Set desired memory etc.

Choose your desired clipboard and disk access settings.

Options

Done, now Parallels will prepare your VM (Really Boot Camp)

Created

Preparing

Creating VM

Parallel tools will be automatically installed.

Configuring

Done, you will now be able to load your Apple Bootcamp partition as it is was a VM inside OSX (or boot it)

Windows

yes, the VM file is pointing to the Boot Camp partition.

VM File

I hope this guide helps someone.

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.0 Initial post

Filed Under: Bootcamp, Development, OSX, VM, Windows Tagged With: 10, a, Boot, Camp, in, Installation, like a VM, on, Open, OSX, Parallels, windows

How to install Windows 10 Pro alongside an OSX partition with Apple Boot Camp

April 20, 2018 by Simon

This guide will show you how to install Windows 10 Pro alongside an OSX partition with Apple Boot Camp.

I have a number of guides on moving away from CPanel, Setting up VM’s on UpCloud, AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. I use OSX to develop and occasionally need to use Windows to achieve some development tasks, this is how you can install Windows on an Apple PC.

Apple Boot Camp

Apple Bootcamp software can be found here: https://support.apple.com/en-au/HT201468

Bootcamp

Bootcamp Steps.

BootStrap Steps

You can download a Windows 10 ISO here: https://www.microsoft.com/en-au/software-download/windows10

Download ISO

You will need to plug in a 16GB or larger USB key to use as an install medium.

Download Boot Camp

Download AppBoot Camp here: https://support.apple.com/en-au/boot-camp

Start Apple Boot Camp, click Continue, Tick all options, select the Windows 10 ISO file (beware Bootcamp will select the first ISO file it finds, ensure your USB is selected, Click Continue (tip: You may need to er format and prepare the USB key 10 times, Apple Bootcamp is not the most reliable program), It may take 6 hours to copy files pre Window Setup).

Bootstrap Steps

Choose your Windows partition size (at least 200GB is ideas)

Partition

When the Bootcamp Wizard is complete you can reboot into Windows (automatic at the end of the wizard)

Windows Booting

Enter the desired details in each step (e.g Local, Windows Key, Windows Version, Partition and Country etc)

Windows Setup Options

Loads more steps like Keyboard Layout, Domain, Microsoft Account, Password and Cortana and Privacy etc.

Windows Setup Options

Windows is now installed, Apple Bootcamp will set up appropriate drivers for your Mac,

Instaling

While this is happening I will install Google Chrome Canary.

Chrome

Bootcamp has now finished setting up drivers.

Bootstrap Done

Windows 10 Start menu (I prefer OSX’s simplicity)

Windows Strart Menu

You can set up your prefered Startup disk in the Apple System Preferences or press the Option key on startup and choose a partition to boot.

Bootup Options

Update: Open a Windows 10 Boot Camp Installation on OSX in Parallels (like a VM)

Read this guide will show you how you can open a Windows 10 Boot Camp Installation on OSX in Parallels (like a VM).

Windows

I hope this guide helps someone.

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.1 Added Open Bootcams as VM

v1.0 Initial post

Filed Under: Bootcamp, Windows Tagged With: alongside, an, Apple, Boot Camp, How, install, OSX, partition, pro, to, Windows 10, with

Using Cloudflare DNS servers to speed up the internet and add privacy on OSX

April 2, 2018 by Simon

Below is how I setup my OSX to use Cloudflare’s new DNS servers to speed up internet browsing and add privacy on OSX

Cloudflare has launched a DNS service: https://blog.cloudflare.com/announcing-1111/

DNS Performance

You can view worldwide DNS performance by viewing https://www.dnsperf.com/#!dns-providers

DNS Performance

I check the DNS at my router, I am using ISP provided DNS servers.

Review DNS

Cloudflare DNS

On April Fools 2018 Cloudflare Released a DNS server service.

Snip from here: “DNS: Internet’s Directory Nearly everything on the Internet starts with a DNS request. DNS is the Internet’s directory. Click on a link, open an app, send an email and the first thing your device does is ask the directory: Where can I find this? Unfortunately, by default, DNS is usually slow and insecure. Your ISP, and anyone else listening in on the Internet, can see every site you visit and every app you use — even if their content is encrypted. Creepily, some DNS providers sell data about your Internet activity or use it target you with ads.”

https://1.1.1.1/

Set Cloudflare Nameservers using OSX

Open the Apple System Preferences, click Network, click on your Network (Wifi or ethernet), Click Advanced then DNS and add 1.1.1.1 and 1.0.0.1

Alternatively, you can manually set your DNS servers in OSX by editing the /etc/resolv.conf, by default SX will inherit DNS settings from our router.

cat /etc/resolv.conf
#
# macOS Notice
#
# This file is not consulted for DNS hostname resolution, address
# resolution, or the DNS query routing mechanism used by most
# processes on this system.
#
# To view the DNS configuration used by this system, use:
#   scutil --dns
#
# SEE ALSO
#   dns-sd(1), scutil(8)
#
# This file is automatically generated.
#
domain home
nameserver 1.1.1.1
nameserver 1.0.0.1

Troubleshooting: Clear DNS Cache

sudo killall -HUP mDNSResponder

Debug DNS Data

scutil --dns
DNS configuration

resolver #1
  search domain[0] : home
  nameserver[0] : 1.1.1.1
  nameserver[1] : 1.0.0.1
  flags    : Request A records
  reach    : 0x00000002 (Reachable)

resolver #2
  domain   : local
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300000

resolver #3
  domain   : 254.169.in-addr.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300200

resolver #4
  domain   : 8.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300400

resolver #5
  domain   : 9.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300600

resolver #6
  domain   : a.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 300800

resolver #7
  domain   : b.e.f.ip6.arpa
  options  : mdns
  timeout  : 5
  flags    : Request A records
  reach    : 0x00000000 (Not Reachable)
  order    : 301000

DNS configuration (for scoped queries)

resolver #1
  search domain[0] : home
  nameserver[0] : 1.1.1.1
  nameserver[1] : 1.0.0.1
  if_index : 7 (en0)
  flags    : Scoped, Request A records
  reach    : 0x00000002 (Reachable)

Confirm Cloudflare DNS from the OSX Comand line

nslookup www.fearby.com
Server:		1.1.1.1
Address:	1.1.1.1#53

Non-authoritative answer:
Name:	www.fearby.com
Address: 104.27.154.69
Name:	www.fearby.com
Address: 104.27.155.69

Privacy

I am not sure if Cloudflare is any more private than using ISP DNS but I’ll happily use it.

Several people have asked me about Cloudflare’s new 1.1.1.1 privacy DNS service. To be clear: it DOES NOT stop your ISPs from collecting your browsing history. ISPs can still see the sites you’re connecting to — even if the site is over HTTPS. You will still send a hostname.

— Zack Whittaker (@zackwhittaker) April 2, 2018

Speed

I can’t tell if DNS is faster, I did ping my ISP DNS before switching and it was about the same (sub 25ms), time will tell.

Conclusion

I have used https://www.opendns.com/ before and loved the dashboards, I hope Cloudflare add dashboard options too.

I hope this guide helps someone.

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.0 Initial post

Filed Under: DNS Tagged With: add, and, Cloudflare, DNS, internet, on, OSX, privacy, servers, speed, the, to, up, Using

Backing up OSX or an Ubuntu server with Backblaze B2 Cloud Storage from the Command Line

March 14, 2018 by Simon

This computer will show you can back up computer or server with Backblaze B2 Cloud Storage from the Command Line n OSX and Ubuntu.

This post is still being written. I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Also, I have blogged about how you can add block storage to a Vultr server, backup and restore snapshots , syncing files with rsync along with using GitHub and Bitbucket but what do you do if you need to backup large amounts of data?

Backblaze has a Cloud storage solution that costs as low as $0.005c a GB (a month), The first 10G is free. Backblaze say “From bytes to petabytes Backblaze B2 is the lowest cost high-performance cloud storage in the world. ”

Back Blaze have open sourced internal drive enclosure designs and drive failure stats and it’s time I gave them a try.

Goto https://www.backblaze.com

Backblaze

Create or sign in.

Backblaze Login

After you login got the dashboard.

B2 Cloud

Click Backblaze B2 Cloud Storage

Activate B2 Cloud

Signup

Create a Bucket

Create Bucket

Name the bucket (long names with a GUID are good).

Name the Bucket

You can rename the bucket here and change public/private and or upload/download files manually.

Manage Bucket

The first thing I did was limit the versions of files under the lifecycle settings for the bucket.

Version Settings

Now I created a series of subfolders to store files from different servers (I could have used many buckets but one bucket will do).

Folders

I can upload files via the Backblaze bucket GUI if I needed to.

Upload and Download

Back Blaze has a command line tool for uploading: https://www.backblaze.com/b2/docs/quick_command_line.html

Install Steps

Backblaze state “The B2 command-line tool is available from the Python Package Index (PyPI) using the standard pip installation tool. Your first step is to make sure that you have either Python 2 (2.6 or later) or Python 3 (3.2 or later) installed.”

I have Python 2.7 installed

python --version
Python 2.7.10

Install PIP

sudo easy_install pip
Password:
Searching for pip
Best match: pip 1.5.6
Processing pip-1.5.6-py2.7.egg
pip 1.5.6 is already the active version in easy-install.pth
Installing pip script to /usr/local/bin
Installing pip2.7 script to /usr/local/bin
Installing pip2 script to /usr/local/bin

Using /Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg
Processing dependencies for pip
Finished processing dependencies for pip

I ran into issues updating b2 CLI

sudo pip install --upgrade b2
Requirement already up-to-date: b2 in /Library/Python/2.7/site-packages
Requirement already up-to-date: arrow>=0.8.0 in /Library/Python/2.7/site-packages (from b2)
Requirement already up-to-date: logfury>=0.1.2 in /Library/Python/2.7/site-packages (from b2)
Requirement already up-to-date: requests>=2.9.1 in /Library/Python/2.7/site-packages (from b2)
Requirement already up-to-date: six>=1.10 in /Library/Python/2.7/site-packages (from b2)
Requirement already up-to-date: tqdm>=4.5.0 in /Library/Python/2.7/site-packages (from b2)
Requirement already up-to-date: futures>=3.0.5 in /Library/Python/2.7/site-packages (from b2)
Downloading/unpacking python-dateutil from https://pypi.python.org/packages/bc/c5/3449988d33baca4e9619f49a14e28026399b0a8c32817e28b503923a04ab/python_dateutil-2.7.0-py2.py3-none-any.whl#md5=5a86a548fe776cc079bf4a835473e3f8 (from arrow>=0.8.0->b2)
  Downloading python_dateutil-2.7.0-py2.py3-none-any.whl (207kB): 207kB downloaded
Installing collected packages: python-dateutil
  Found existing installation: python-dateutil 1.5
    Uninstalling python-dateutil:
Cleaning up...
Exception:
Traceback (most recent call last):
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/basecommand.py", line 122, in main
    status = self.run(options, args)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/commands/install.py", line 283, in run
    requirement_set.install(install_options, global_options, root=options.root_path)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1431, in install
    requirement.uninstall(auto_confirm=True)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 598, in uninstall
    paths_to_remove.remove(auto_confirm)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1836, in remove
    renames(path, new_path)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/util.py", line 295, in renames
    shutil.move(old, new)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 299, in move
    copytree(src, real_dst, symlinks=True)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 208, in copytree
    raise Error, errors
Error: [('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/zoneinfo-2010g.tar.gz', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/zoneinfo-2010g.tar.gz', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/zoneinfo-2010g.tar.gz'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/__init__.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/easter.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tzwin.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil'")]

Storing debug log for failure in /Users/simon/Library/Logs/pip.log

I tried installing via the alternative method (with no luck)

git clone https://github.com/Backblaze/B2_Command_Line_Tool.git
Cloning into 'B2_Command_Line_Tool'...
remote: Counting objects: 5084, done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 5084 (delta 1), reused 1 (delta 0), pack-reused 5076
Receiving objects: 100% (5084/5084), 1.25 MiB | 689.00 KiB/s, done.
Resolving deltas: 100% (3622/3622), done.
cd B2_Command_Line_Tool/

I tried running the setup script (with no luck)

sudo python setup.py install
setuptools 20.2 or later is required. To fix, try running: pip install "setuptools>=20.2"

Upgrading setup tools also failed

sudo pip install "setuptools>=20.2"
Downloading/unpacking setuptools>=20.2
  Downloading setuptools-38.5.2-py2.py3-none-any.whl (490kB): 490kB downloaded
Installing collected packages: setuptools
  Found existing installation: setuptools 18.5
    Uninstalling setuptools:
Cleaning up...
Exception:
Traceback (most recent call last):
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/basecommand.py", line 122, in main
    status = self.run(options, args)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/commands/install.py", line 283, in run
    requirement_set.install(install_options, global_options, root=options.root_path)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1431, in install
    requirement.uninstall(auto_confirm=True)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 598, in uninstall
    paths_to_remove.remove(auto_confirm)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1836, in remove
    renames(path, new_path)
  File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/util.py", line 295, in renames
    shutil.move(old, new)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 299, in move
    copytree(src, real_dst, symlinks=True)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 208, in copytree
    raise Error, errors
Error: [('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.pyc', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.py', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.py', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.py', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.py', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.pyc', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib', '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib', "[Errno 1] Operation not permitted: '/tmp/pip-8Vu7xp-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib'")]

Storing debug log for failure in /Users/simon/Library/Logs/pip.log

Backing up a Mac via command line with B2

More to come when I can get B2 CLI Installed.

Backing up an Ubuntu machine via command line with B2

More to come when I can get B2 CLI Installed.

Update

My ticket with Backblaze was automatically closed with this note “If the issue is persisting, it may be easiest to map the installation to the user folder, rather than the system level.”

No ideas how but something to research.

Ask a question or the recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

V1.1 ticket closed

v1.0 Initial post

Filed Under: Backup Tagged With: an, B2, backblaze, Backing, cloud, command, from, line, or, OSX, server, storage, the, ubuntu, up, with

OSX speed tested before applying Spectre and Meltdown patches in 10.13.2

January 16, 2018 by Simon

Below is a quick post of how OSX speed fairs before and after application of the OSX 10.13.2 update (that fixed Spectre and Meltdown CPU issues).

I read of up to 30% speed drops with Redis after Spectre and Meltdown patches and was curious how OSX faired.

Here’s what happened last night to one of our busier redis servers before and after patching for meltdown. Using the same 200k/12 minute axes on both: down from ~145k ops/sec to ~95ks ops/sec, or about 35% slower. pic.twitter.com/H6sM0C5i1V

— Nick Craver (@Nick_Craver) January 12, 2018

News

Apple Confirms ‘Meltdown’ and ‘Spectre’ Vulnerabilities Impact All Macs and iOS Devices, Some Fixes Already Released [Updated]

MacOS High Sierra 10.13.2 Update Released with Bug Fixes 

Patches

macOS High Sierra 10.13.2 Combo Update + Supplement Update

Benchmarks (before applying patches)

Here are Cinebench R15 benchmarks on OSX 10.13.1 before upgrading to 10.13.2 on a 2-year-old  core i5 based iMac.

High Sierra 10.13.1, Cinebench R15 and TG Pro running in the background.

osx-speculative-001-before-cinebench-cpu

CPU: 490 cb points.

Now time to test the GPU in Cinebench…
osx-speculative-002-before-cinebench-cpu-gpu

GPU: 79.33 fps.

Now time to run a Geekbench CPU benchmark.

Here is a breakdown of the scores (2 mins after a fresh reboot and the best of three runs).
osx-speculative-003-before-geekbench-simple

Geekbench Single-Core Score: 4433

Geekbench Multi-Core Score: 13,005

Here is a breakdown of advanced GeekBench tests…
osx-speculative-004-before-geekbench-detailed

I tried to update to 10.3.2 via the software updates but my network was having troubles (human error, my firewall was too aggressive)
osx-speculative-005-update-failed

I downloaded the manual 10.13.2 update from Apple (not realising my firewall was blocking the app updates (I blocked app updated as soon as spectre news hit so I could write this post)).

I downloaded and opened the 2.8GB 10.13.2 update.
osx-speculative-006-manual-update-002osx-speculative-006-manual-update-001

PKG was extracted from the DMG.

osx-speculative-006-manual-update-003

10.13.2 Installation Wizard.

osx-speculative-006-manual-update-004

I solved my networking issues (disable my firewall) and was able to verify the installation of the 10.13.2 patch and download further 10.13.2 supplemental updates.
osx-speculative-006-manual-update-005

I verified all 10.13.2 updates were downloaded and installed and rebooted three times.
osx-speculative-006-manual-update-006

2 Minutes after a reboot I ran the same Cinebench R15 CPU benchmark.
osx-speculative-007-after-cinebench-cpu

CPU: 484 cb 

osx-speculative-008-after-cinebench-cpu-gpu

Cinebench R15 CPU dropped  about 6 points (about a 1.22448979591837% drop, not massive)

osx-speculative-009-after-geekbench-simpleb

Geek bench Single CPU scores fell from 4433 to 4194 (about 5.436498984886081% slower, not as bad as I expected).

osx-speculative-009-after-geekbench-advanced

Geek Bench Multi CPU scores fell from 13,005 to 12,868 (about 1.053440984236832% slower, not as bad as I expected).

Versions of Software

Cinebench R15

osx-speculative-010-after-cinebench-about

Geek Bench

osx-speculative-010-after-geekbench-about

Results

Cinebench CPU

Graphs are unfortunately zoomed in (I could not find out how to tell Excel to zoom out).  I will update when I find out how to zoom out results.

Green/Left = OSX 10.3.1.

Blue/Right = OSX 10.3.2 (post Spectre/Meltdown Patch).

osx-speculative-011-cinebench-results-cpu

Cinebench GPU

Green/Left = OSX 10.3.1.

Blue/Right = OSX 10.3.2 (post Spectre/Meltdown Patch).

osx-speculative-012-cinebench-results-gpu

Geekbench Single CPU

Green/Left = OSX 10.3.1.

Blue/Right = OSX 10.3.2 (post Spectre/Meltdown Patch).

osx-speculative-013-geekbench-results-single-cpu

Geekbench Multi CPU

Green/Left = OSX 10.3.1.

Blue/Right = OSX 10.3.2 (pst Spectre/Meltdown Patch.

osx-speculative-014-geekbench-results-multi-cpu

Geekbench Other

Green= OSX 10.3.1.

Blue = OSX 10.3.2 (post Spectre/Meltdown Patch).

Note: Most results were slightly slower but some were faster post patch.

osx-speculative-015-geekbench-results-detailed

Conclusion

It looks like performance falls 1-5% on a 2 year old system, not as bad as I was expecting.

Donate and make this blog better

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History
v1.0 Initial Draft

Hope this helps someone.

Filed Under: Speed Tagged With: 10.13.2, and, applying, before, in, Meltdown, OSX, patches, Spectre, speed, tested

Adding HTTPS to Apache on OSX High Sierra

December 18, 2017 by Simon

This guide will help you create and install a self-signed SSL certificate in Apache on OSX (High Sierra) to aid local SSL/HTTPS development.

UPDATE: Nov 21st 2018 – This works on OSX Mojave too.

I usually force HTTPS traffic on everything I develop (see code below in PHP).  This PHP code will direct all HTTP requests to HTTPS.

if ($_SERVER['SERVER_NAME'] == "www.yourserver.com") {
	  if (! isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == 'off' ) {
	          $redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
	          header("Location: $redirect_url");
	          exit();
	  }
}

Also, you can deny non-https traffic in NGINX with online servers by editing your/etc/nginx/sites-available/default file

sudo nano /etc/nginx/sites-available/default

Add this to your Nginx sites available file (above) to force SSL at the web server.

if ($scheme != "https") {
     return 301 https://$host$request_uri;
}

You can also deny port 80 connections in your firewall and NGINX if you don’t trust the directive(s) above.

Apache Configuration (sor https)

Edit httpd.conf

sudo nano /private/etc/apache2/httpd.conf

Uncomment lines with these text strings in httpd.conf

"socache_shmcb_module" (

or “LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so”

)
"ssl_module" (

or “LoadModule ssl_module libexec/apache2/mod_ssl.so”

)

I had to find my and “httpd.conf” file

sudo find / -name "httpd.conf"
/private/etc/apache2/httpd.conf

Find your “httpd-ssl.conf” file

sudo find / -name "httpd-ssl.conf"
/private/etc/apache2/original/extra/httpd-ssl.conf

Copy the config file (just in case a future update overwrites it).

sudo cp /private/etc/apache2/original/extra/httpd-ssl.conf /private/etc/apache2/original/extra/httpd-ssl-localhost.conf

Now go back and edit the “httpd.conf” file

sudo nano /private/etc/apache2/httpd.conf

Add the following line (to the end of the file, on a new line) so the new SSL config file loads.

Include /private/etc/apache2/original/extra/httpd-ssl-localhost.conf

You can have a look at the file “httpd-ssl-localhost.conf”. Take note of paths in the VirtualHost node.

<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/Library/WebServer/Documents"
ServerName www.example.com:443
ServerAdmin [email protected]
ErrorLog "/private/var/log/apache2/error_log"
TransferLog "/private/var/log/apache2/access_log"

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate. If the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again. Keep in mind that if you have both an RSA and a DSA certificate 
#   you can configure both in parallel (to also allow the use of DS ciphers, etc.) Some ECC cipher suites (
#   http://www.ietf.org/rfc/rfc4492.txt) require an ECC certificate which can also be configured in parallel.

SSLCertificateFile "/private/etc/apache2/server.crt"

#SSLCertificateFile "/private/etc/apache2/server-dsa.crt"
#SSLCertificateFile "/private/etc/apache2/server-ecc.crt"

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#   ECC keys, when in use, can also be configured in parallel

SSLCertificateKeyFile "/private/etc/apache2/server.key"

#SSLCertificateKeyFile "/private/etc/apache2/server-dsa.key"
#SSLCertificateKeyFile "/private/etc/apache2/server-ecc.key"

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convenience.
#SSLCertificateChainFile "/private/etc/apache2/server-ca.crt"

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#   Note: Inside SSLCACertificatePath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCACertificatePath "/private/etc/apache2/ssl.crt"
#SSLCACertificateFile "/private/etc/apache2/ssl.crt/ca-bundle.crt"

#   Certificate Revocation Lists (CRL):
#   Set the CA revocation path where to find CA CRLs for client
#   authentication or alternatively one huge file containing all
#   of them (file must be PEM encoded).
#   The CRL checking mode needs to be configured explicitly
#   through SSLCARevocationCheck (defaults to "none" otherwise).
#   Note: Inside SSLCARevocationPath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.

#SSLCARevocationPath "/private/etc/apache2/ssl.crl"
#SSLCARevocationFile "/private/etc/apache2/ssl.crl/ca-bundle.crl"
#SSLCARevocationCheck chain

#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.

#SSLVerifyClient require
#SSLVerifyDepth  10

#   TLS-SRP mutual authentication:
#   Enable TLS-SRP and set the path to the OpenSSL SRP verifier
#   file (containing login information for SRP user accounts). 
#   Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for
#   detailed instructions on creating this file. Example:
#   "openssl srp -srpvfile /private/etc/apache2/passwd.srpv -add username"

#SSLSRPVerifierFile "/private/etc/apache2/passwd.srpv"

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#<Location />

Generating a Key and Certificate

Generate a Key (I prefer filenames start with “localhost” so future updates to not overwrite it).

sudo cd /private/etc/apache2/ 
sudo openssl genrsa -out localhost.key 2048
sudo openssl req -new -x509 -key ./localhost.key -out ./localhost.crt -days 3650 -subj /CN=localhost

Check that file files ” localhost.crt” and ” localhost.key” were outputted to “/private/etc/apache2/”

pwd
/private/etc/apache2
192-168-1-200:apache2 simon$ ls -al
total 208
drwxr-xr-x   13 root  wheel    416 18 Dec 00:33 .
drwxr-xr-x  128 root  wheel   4096 16 Dec 19:41 ..
...
-rw-r--r--    1 root  wheel   1318 18 Dec 00:33 localhost.crt
-rw-r--r--    1 root  wheel   1708 18 Dec 00:33 localhost.key
...

Open “/private/etc/apache2/original/extra/httpd-ssl-localhost.conf” and replace the following text.

sudo nnao /private/etc/apache2/original/extra/httpd-ssl-localhost.conf

Replace the following text:

  • “server.crt” with “localhost.crt”
  • “server.key” with “localhost.key”

Changes shoud have been made to the following values in “<VirtualHost _default_:443>”

  • SSLCertificateFile “/private/etc/apache2/localhost.crt”

  • SSLCertificateKeyFile “/private/etc/apache2/localhost.key”

Check your apache conf

sudo apachectl configtest

I had the following error

AH00526: Syntax error on line 1 of /private/etc/apache2/original/extra/httpd-ssl-localhost.conf:
Invalid command '\xe2\x88\x91#', perhaps misspelled or defined by a module not included in the server configuration

OSX SSL

I removed the invalid first line (I must have inserted something while searching using nano (I must have presses Option+W instead of Control+W to find in Nano)).

I ran the Apache config check again and received the following error.

sudo apachectl configtest
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using REMOVED ISP Static IP. Set the 'ServerName' directive globally to suppress this message
Syntax OK

I added my domain but with a 2 on the end for later use via local DNS.

<VirtualHost _default_:443>
...
ServerName https://www.mydomainname2.com:443
...

TIP: This will not by default allow you to load this address locally without, not without DNS changes (to be added soon).

Restart Apache (you may still receive a warning about the ServerName (I Ignored it)).

Restart Apache

sudo apachectl -k restart
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using REMOVED ISP Static IP. Set the 'ServerName' directive globally to suppress this message

Loading Your Site

You can now load the website localhost in your browser (it will show as insecure).

Insecure localhost

Click “Proceed to localhost (unsafe)”

The reason for no trust is the self-signed cert is not trusted by OSX or browsers.

Cert Details

OSX Certificate Trust (Key Chain Access)

Let’s tell OSX we trust this certificate (by adding it to the keychain)

sudo cd  /private/etc/apache2/
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /private/etc/apache2/localhost.crt

Restart Apache

sudo apachectl -k restart

TIP: Check your certificate date in your browser, and clear your cache if older certificates are loading from cache.

Results

Great, Safari uses the SSL cert (and obeys Keychain’s Trust)

Safari

Google Chrome reports the Cert has issues (even though it is trusted locally). I will investigate and update this post soon.

Chrome

I suspect that Chrome will need to trust this cert fully to allow AJAX and API calls to be made.It’ss weird that Google Chrome has detected it is trusted by all users but does not trust it.

This is my next link to research a solution.

More

Read Useful OSX Terminal Commands or Useful OSX Linux Commands and Securing an Ubuntu VM with a free LetsEncrypt SSL certificate in 1 Minute first.

Hope this helps someone.

Donate and make this blog better

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.4 Nov 208 – Works on Mojave

v1.3 Small Edits, Added link to investigate Chrome issue (Current Version)

v1.2 Added More Explanations

v1.1 Reworded

v1.0 Initial Version

Filed Under: Local SSL Tagged With: Adding, Apache, High, HTTPS, on, OSX, Sierra, to

Useful OSX Terminal Commands

December 11, 2017 by Simon

Following on my from Useful Linux Terminal Commands here is my Useful OSX Terminal Commands. This guide is handy for setting up a development OSX installation (e.g Apache, PHP, MySQL etc). I will update this post when I find new commands.

First, read my Useful Linux Terminal Commands post.

Normally I set up Ubuntu servers in the cloud on Vultr (read my guide here) or Ubuntu Servers on Digital Ocean (read my guide here) but this is how I can quickly set up a development environment locally on OSX.

Useful OSX Commands

Prevent your Mac from falling asleep

caffeinate

Prevent your Mac from falling asleep (for 1 minute)

caffeinate -t 60

Check Path

$PATH
/Library/Frameworks/Python.framework/Versions/3.4/bin:/opt/local/bin:/opt/local/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/opt/X11/bin:/Library/Frameworks/Mono.framework/Versions/Current/Commands

Compare files

opendiff index1.html index2.html

Show hidden files in Finder

defaults write com.apple.finder AppleShowAllFiles -bool TRUE

Find file on OSX

sudo find / -name "httpd-ssl.conf"

Find all listening ports

sudo lsof  | grep LISTEN
Password:
launchd      1               root   34u     IPv6 0xcd261b413removed        0t0        TCP *:afpovertcp (LISTEN)
launchd      1               root   35u     IPv4 0xcd261b413removed        0t0        TCP *:afpovertcp (LISTEN)
launchd      1               root   37u     IPv6 0xcd261b413removed        0t0        TCP *:afpovertcp (LISTEN)
launchd      1               root   38u     IPv4 0xcd261b413removed        0t0        TCP *:afpovertcp (LISTEN)
prl_pm_se  116               root   14u     IPv4 0xcd261b413removed        0t0        TCP *:55656 (LISTEN)
kdc        124               root    5u     IPv6 0xcd261b413removed        0t0        TCP *:kerberos (LISTEN)
kdc        124               root    7u     IPv4 0xcd261b413removed        0t0        TCP *:kerberos (LISTEN)
mysqld     127             _mysql   28u     IPv6 0xcd261b413removed        0t0        TCP *:mysql (LISTEN)
Dropbox    434              simon  127u     IPv6 0xcd261b413removed        0t0        TCP *:17500 (LISTEN)
Dropbox    434              simon  128u     IPv4 0xcd261b414removed        0t0        TCP *:17500 (LISTEN)
Dropbox    434              simon  150u     IPv4 0xcd261b414removed        0t0        TCP localhost:17600 (LISTEN)
Dropbox    434              simon  154u     IPv4 0xcd261b414removed        0t0        TCP localhost:17603 (LISTEN)
2BUA8C4S2  520              simon   12u     IPv4 0xcd261b414removed        0t0        TCP localhost:6258 (LISTEN)
2BUA8C4S2  520              simon   13u     IPv6 0xcd261b413removed        0t0        TCP localhost:6258 (LISTEN)
2BUA8C4S2  520              simon   14u     IPv4 0xcd261b414removed        0t0        TCP localhost:6263 (LISTEN)
2BUA8C4S2  520              simon   15u     IPv6 0xcd261b413removed        0t0        TCP localhost:6263 (LISTEN)
Adobe\x20  590              simon    9u     IPv4 0xcd261b414removed        0t0        TCP localhost:15292 (LISTEN)
node       640              simon   14u     IPv4 0xcd261b414removed        0t0        TCP localhost:49249 (LISTEN)
prl_clien 3428              simon   47u     IPv4 0xcd261b413removed        0t0        TCP localhost:51476 (LISTEN)
cupsd     3656               root    5u     IPv6 0xcd261b413removed        0t0        TCP localhost:ipp (LISTEN)
cupsd     3656               root    6u     IPv4 0xcd261b414removed        0t0        TCP localhost:ipp (LISTEN)
plugin_ho 5331              simon   26u     IPv4 0xcd261b415removed        0t0        TCP localhost:52698 (LISTEN)
iTunes    5478              simon   17u     IPv4 0xcd261b415removed        0t0        TCP *:daap (LISTEN)
iTunes    5478              simon   32u     IPv6 0xcd261b413removed        0t0        TCP *:daap (LISTEN)

Find process listening on port 80

sudo lsof -n -i4TCP:80 | grep LISTEN
Password:
httpd     8748 root    4u  IPv6 0xcd261b416removed      0t0  TCP *:http (LISTEN)
httpd     8752 _www    4u  IPv6 0xcd261b416removed      0t0  TCP *:http (LISTEN)
httpd     8763 _www    4u  IPv6 0xcd261b416removed      0t0  TCP *:http (LISTEN)
httpd     8869 _www    4u  IPv6 0xcd261b416removed      0t0  TCP *:http (LISTEN)

Find a Process

which httpd
/usr/sbin/httpd

Find A File (e.g httpd.conf)

sudo find / | grep 'httpd.conf'
/private/etc/apache2/httpd.conf~previous
/private/etc/apache2/httpd.conf
/private/etc/apache2/original/httpd.conf
/private/etc/apache2/httpd.conf.pre-update
...

Note: OSX Apache Index file location is…

/Library/WebServer/Documents/index.html.en~orig

To edit the default HTML file

sudo nano /Library/WebServer/Documents/index.html.en~orig

Built-In Apache

Disable built-in OSX apache daemon

sudo launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist

Restart built-in Apache daemon

sudo launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist

View other startup daemons

sudo ls -al /System/Library/LaunchDaemons/

View All Startup Daemons

sudo launchctl list
Password:
Sorry, try again.
Password:
PID	Status	Label
-	0	com.apple.storedownloadd.daemon
7245	-44	com.apple.CoreAuthentication.daemon
189	0	com.apple.coreservicesd
-	0	com.apple.touchbarserver
-	0	com.apple.avbdeviced
289	0	com.apple.cvmsServ
-	0	com.apple.FontWorker
-	-44	com.apple.applessdstatistics
-	0	com.apple.hdiejectd
-	0	com.apple.corestorage.corestoraged
-	0	com.apple.storagekitd
-	0	com.apple.EmbeddedOSInstallService
-	0	com.apple.wifid
-	0	com.apple.storereceiptinstaller
-	0	com.macpaw.CleanMyMac3.Agent
-	0	com.apple.seld
-	0	com.apple.emond
-	-44	com.apple.iconservices.iconservicesagent
-	0	com.apple.logkextloadsd
-	0	com.apple.bluetoothReporter
68	0	com.apple.syslogd
-	0	com.apple.symptomsd-diag
258	0	com.apple.WindowServer
-	0	com.apple.NetworkSharing
-	0	com.apple.afpfs_checkafp
-	0	com.parallels.mobile.kextloader.launchdaemon
-	0	com.apple.AppleFileServer
117	0	com.apple.securityd
8529	0	com.apple.auditd
...

Force network drives to automatically connect after each login (instead of manually connecting)

Go to System Preferences > Users & Groups (click your account on left) > Drag connected network drives (from your desktop) to the Login items list box.

More: https://www.tekrevue.com/tip/automatically-connect-network-drive/

Set PHP as default Web Server delivered file in local Apache

sudo nano /private/etc/apache2/httpd.conf

Set…

DirectoryIndex index.php

Install PHP 7.0 on to OSX

FYI: 7.1 and 7.2 are out but I find 7.0 is more stable with WordPress (read more here).

More: https://php-osx.liip.ch/

sudo curl -s https://php-osx.liip.ch/install.sh | bash -s 7.0
****
[WARNING]
Detected macOS High Sierra 10.13. As this is quite new, there may be issues still. Your mileage may vary.
****
Get packager.tgz
Unpack packager.tgz
Please type in your password, as we want to install this into /usr/local
Start packager (may take some time) using /usr/bin/python2.7
downloading https://s3-eu-west-1.amazonaws.com/php-osx.liip.ch/install/7.0-10.10-frontenddev-latest.dat
downloading https://s3-eu-west-1.amazonaws.com/php-osx.liip.ch/install/7.0-10.10/frontenddev/7.0-10.10-frontenddev-7.0.24-20171002-092027.tar.bz2

Installing package 7.0-10.10-frontenddev into root /
./pkg/pre-install
pkg/pre-install
Skipping existing directory 
Skipping existing directory usr/
Skipping existing directory usr/local/
Extracting usr/local/php5-7.0.24-20171002-092027/
Extracting usr/local/php5-7.0.24-20171002-092027/bin/
Extracting usr/local/php5-7.0.24-20171002-092027/entropy-php.conf
Extracting usr/local/php5-7.0.24-20171002-092027/etc/
Extracting usr/local/php5-7.0.24-20171002-092027/include/
Extracting usr/local/php5-7.0.24-20171002-092027/info/
Extracting usr/local/php5-7.0.24-20171002-092027/lib/
Extracting usr/local/php5-7.0.24-20171002-092027/libphp7.so
...
removed
...
Extracting usr/local/php5-7.0.24-20171002-092027/bin/tsql
Extracting usr/local/php5-7.0.24-20171002-092027/bin/uconv
Extracting usr/local/php5-7.0.24-20171002-092027/bin/vacuumdb
Extracting usr/local/php5-7.0.24-20171002-092027/bin/wrjpgcom
Extracting usr/local/php5-7.0.24-20171002-092027/bin/xgettext
Extracting usr/local/php5-7.0.24-20171002-092027/bin/xslt-config
Extracting usr/local/php5-7.0.24-20171002-092027/bin/xsltproc
Executing post-install script /tmp/7.0-10.10-frontenddev-post-install
Create symlink /usr/local/php5/entropy-php.conf /etc/apache2/other/+php-osx.conf
Restarting Apache
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using removed.removed.com.au. Set the 'ServerName' directive globally to suppress this message
Syntax OK
Finished.

Create a diag file in your OSX Default Apache root

Edit your default index file

sudo nano /Library/WebServer/Documents/index.php

Contents

<?php

// Show all information, defaults to INFO_ALL
phpinfo();

// Show just the module information.
// phpinfo(8) yields identical results.
phpinfo(INFO_MODULES);

?>

Now load the file

Debug Info

Install MySQL on OSX

Download: https://dev.mysql.com/downloads/mysql/

Download MySQL

Help: https://dev.mysql.com/doc/refman/5.7/en/osx-installation-pkg.html

Uninstall MySQL OSX
Read: https://community.jaspersoft.com/wiki/uninstall-mysql-mac-os-x

Add MySQL to PATH

export PATH=$PATH:/usr/local/mysql/bin

Reboot and Check the MySQL Service

Service Status

Check MySQL Version

/usr/local/mysql/bin/mysql --version
/usr/local/mysql/bin/mysql  Ver 14.14 Distrib 5.7.20, for macos10.12 (x86_64) using  EditLine wrapper

Login to MySQL from the Command Line

/usr/local/mysql/bin/mysql -u root -p;
Enter password: 
...
mysql> 

Set a new root password (after logging in as root)

mysql> SET PASSWORD FOR 'root'@'localhost' = PASSWORD('nUp!KGFi=*FI"2p:7mC3W<%bA_`}6Tcm^\*mS1VYp[d]dup16U\t5removed,
');
Query OK, 0 rows affected, 1 warning (0.01 sec)

fyi: You can obtain a good password here.

Bonus: Install MySQL (PHP) management tool  (in Apache)

Download: https://www.adminer.org/#download Save the file to /Library/WebServer/Documents/adminer.php

Load Adminer in your browser and log in with your root password

Login to Adminer (via Apache/PHP)

Adminer

Creating MySQL Tables in Adminer (via Apache/PHP)

Create Table

Adminer allows you to fully manage your MySQL (create databases, users, run queries, alter objects etc)

Adding Records to MySQL with Adminer

Adding Records

Remove MySQL:

Read more here: https://community.jaspersoft.com/wiki/uninstall-mysql-mac-os-x

Get your Mac Processor Name

sudo sysctl -n machdep.cpu.brand_string
Password:
Intel(R) Core(TM) i7-3720QM CPU @ 2.60GHz

Show All OSX System Settings

Command:

sysctl -a

Show Live File System Usage

sudo fs_usage

Show last 10 lines of the system log

tail -f /var/log/system.log
Dec 11 22:07:35 192-xxx-xx-xxx Wireless Network Utility[568]: Model -ioClassRef error
Dec 11 22:08:05 --- last message repeated 11 times ---
Dec 11 22:08:05 192-xxx-xx-xxx Wireless Network Utility[568]: Model -ioClassRef error
Dec 11 22:08:05 192-xxx-xx-xxx Wireless Network Utility[568]: Model -ioClassRef error
Dec 11 22:08:14 --- last message repeated 2 times ---
Dec 11 22:08:14 192-xxx-xx-xxx syslogd[68]: ASL Sender Statistics
Dec 11 22:08:16xxx-xx-xxx Wireless Network Utility[568]: Model -ioClassRef error
Dec 11 22:08:46 --- last message repeated 11 times ---
Dec 11 22:08:46 192-xxx-xx-xxx Wireless Network Utility[568]: Model -ioClassRef error
Dec 11 22:08:46 192-xxx-xx-xxx Wireless Network Utility[568]: Model -ioClassRef error
Dec 11 22:09:03 --- last message repeated 6 times ---

Get Your Local WAN IP Address

ipconfig getifaddr en0
192.x.x.x

Get your Public IPV4 Address

curl icanhazip.com; echo
60.xxx.xx.xxx

More to come.

Hope this helps someone.

Donate and make this blog better

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.2 Find file (current version)

v1.1 Removed system info chunk (too big to format)

Filed Under: OSX Tagged With: commands, OSX, terminal, Useful

  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Primary Sidebar

Poll

What would you like to see more posts about?
Results

Support this Blog

Create your own server today (support me by using these links

Create your own server on UpCloud here ($25 free credit).

Create your own server on Vultr here.

Create your own server on Digital Ocean here ($10 free credit).

Remember you can install the Runcloud server management dashboard here if you need DevOps help.

Advertisement:

Tags

2FA (9) Advice (17) Analytics (9) App (9) Apple (10) AWS (9) Backup (21) Business (8) CDN (8) Cloud (49) Cloudflare (8) Code (8) Development (26) Digital Ocean (13) DNS (11) Domain (27) Firewall (12) Git (7) Hosting (18) HTTPS (6) IoT (9) LetsEncrypt (7) Linux (20) Marketing (11) MySQL (24) NGINX (11) NodeJS (11) OS (10) PHP (13) Scalability (12) Scalable (14) Security (44) SEO (7) Server (26) Software (7) SSH (7) ssl (17) Tech Advice (9) Ubuntu (39) Uncategorized (23) UpCloud (12) VM (44) Vultr (24) Website (14) Wordpress (25)

Disclaimer

Terms And Conditions Of Use All content provided on this "www.fearby.com" blog is for informational purposes only. Views are his own and not his employers. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. Never make changes to a live site without backing it up first.

Advertisement:

Footer

Popular

  • Backing up your computer automatically with BackBlaze software (no data limit)
  • How to back up an iPhone (including photos and videos) multiple ways
  • Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App
  • Setup two factor authenticator protection at login on Ubuntu or Debian
  • Using the Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and software
  • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
  • Add Google AdWords to your WordPress blog

Security

  • Check the compatibility of your WordPress theme and plugin code with PHP Compatibility Checker
  • Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App
  • Setup two factor authenticator protection at login on Ubuntu or Debian
  • Using the Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and software
  • Setting up DNSSEC on a Namecheap domain hosted on UpCloud using CloudFlare
  • Set up Feature-Policy, Referrer-Policy and Content Security Policy headers in Nginx
  • Securing Google G Suite email by setting up SPF, DKIM and DMARC with Cloudflare
  • Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare
  • Using the Qualys FreeScan Scanner to test your website for online vulnerabilities
  • Beyond SSL with Content Security Policy, Public Key Pinning etc
  • Upgraded to Wordfence Premium to get real-time login defence, malware scanner and two-factor authentication for WordPress logins
  • Run an Ubuntu VM system audit with Lynis
  • Securing Ubuntu in the cloud
  • No matter what server-provider you are using I strongly recommend you have a hot spare ready on a different provider

Code

  • How to code PHP on your localhost and deploy to the cloud via SFTP with PHPStorm by Jet Brains
  • Useful Java FX Code I use in a project using IntelliJ IDEA and jdk1.8.0_161.jdk
  • No matter what server-provider you are using I strongly recommend you have a hot spare ready on a different provider
  • How to setup PHP FPM on demand child workers in PHP 7.x to increase website traffic
  • Installing Android Studio 3 and creating your first Kotlin Android App
  • PHP 7 code to send object oriented sanitised input data via bound parameters to a MYSQL database
  • How to use Sublime Text editor locally to edit code files on a remote server via SSH
  • Creating your first Java FX app and using the Gluon Scene Builder in the IntelliJ IDEA IDE
  • Deploying nodejs apps in the background and monitoring them with PM2 from keymetrics.io

Tech

  • Backing up your computer automatically with BackBlaze software (no data limit)
  • How to back up an iPhone (including photos and videos) multiple ways
  • US v Huawei: The battle for 5G
  • Check the compatibility of your WordPress theme and plugin code with PHP Compatibility Checker
  • Is OSX Mojave on a 2014 MacBook Pro slower or faster than High Sierra
  • Telstra promised Fibre to the house (FTTP) when I had FTTN and this is what happened..
  • The case of the overheating Mac Book Pro and Occam’s Razor
  • Useful Linux Terminal Commands
  • Useful OSX Terminal Commands
  • Useful Linux Terminal Commands
  • What is the difference between 2D, 3D, 360 Video, AR, AR2D, AR3D, MR, VR and HR?
  • Application scalability on a budget (my journey)
  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Why I will never buy a new Apple Laptop until they fix the hardware cooling issues.

Wordpress

  • Replacing Google Analytics with Piwik/Matomo for a locally hosted privacy focused open source analytics solution
  • Setting web push notifications in WordPress with OneSignal
  • Telstra promised Fibre to the house (FTTP) when I had FTTN and this is what happened..
  • Check the compatibility of your WordPress theme and plugin code with PHP Compatibility Checker
  • Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App
  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Upgraded to Wordfence Premium to get real-time login defence, malware scanner and two-factor authentication for WordPress logins
  • Wordfence Security Plugin for WordPress
  • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
  • Installing and managing WordPress with WP-CLI from the command line on Ubuntu
  • Moving WordPress to a new self managed server away from CPanel
  • Moving WordPress to a new self managed server away from CPanel

General

  • Backing up your computer automatically with BackBlaze software (no data limit)
  • How to back up an iPhone (including photos and videos) multiple ways
  • US v Huawei: The battle for 5G
  • Using the WinSCP Client on Windows to transfer files to and from a Linux server over SFTP
  • Connecting to a server via SSH with Putty
  • Setting web push notifications in WordPress with OneSignal
  • Infographic: So you have an idea for an app
  • Restoring lost files on a Windows FAT, FAT32, NTFS or Linux EXT, Linux XFS volume with iRecover from diydatarecovery.nl
  • Building faster web apps with google tools and exceed user expectations
  • Why I will never buy a new Apple Laptop until they fix the hardware cooling issues.
  • Telstra promised Fibre to the house (FTTP) when I had FTTN and this is what happened..

Copyright © 2023 · News Pro on Genesis Framework · WordPress · Log in

Some ads on this site use cookies. You can opt-out if of local analytics tracking by scrolling to the bottom of the front page or any article and clicking "You are not opted out. Click here to opt out.". Accept Reject Read More
GDPR, Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT