The world is a bridge; pass over it, but build no houses upon it.
—Attributed to Jesus on the Buland Darwaza
What is contentment? To renounce all craving for what is not obtained unsought and to be satisfied with what comes unsought, without being elated or depressed even by them—this is contentment. As long as one is not satisfied in the self, he will be subjected to sorrow. With the rise of contentment the purity of one's heart blooms. The contented man who possesses nothing owns the world.
Jesus said, "Be passersby."
—The Gospel of Thomas, Logion 42
/misc | Dec 08, 2024
Adobe's 8-step guide on How to flatten a PDF file ends with the instruction to "Print document"; sadly, this feature is missing in the macOS version:
Printing to PDF missing: "The Mac OS dropped the ability to print directly to a PDF several versions ago."
Print to PDF: "The Adobe PDF printer is not available on Mac."
Here's a 3-step alternative:
Tools → Print Production → Preflight (or use the keyboard shortcut Cmd+Shift+X to save a few clicks)
In PDF Fixups, double-click Flatten annotations and form fields
Save the new PDF when prompted
and similarly-concise console approach:
Press Cmd+J to open the JavaScript Debugger console
Enter this.flattenPages();
and press Cmd+Return
Save the PDF as desired
this.flattenPages();
applies to the current PDF. To flatten all open PDFs, use Thom Parker's script: app.activeDocs.forEach(oDoc=>oDoc.flattenPages());
Both commands generally display "undefined" when run, since the flattenPages()
method does not produce any return value.
However, you might encounter the error "NotAllowedError: Security settings prevent access to this property or method" for protected documents; check File → Properties → Security → Changing the Document.
Tested in Adobe Acrobat Pro 2024
Sanity-preserver: View → Disable new Acrobat
/mac | Oct 18, 2024
with IOPaint's erase models:
Install: pip3 install iopaint
(see Quick Start for GPU instructions)
Run: iopaint start --model=lama --device=cpu --port=8080
Access: open http://localhost:8080 in your web browser
Seated Buddha, courtesy of The Cleveland Museum of Art
Besides watermark/object removal, IOPaint also supports inpainting, outpainting, paint-by-example, and text generation.
Photographer Files $1 Billion Suit Against Getty for Licensing Her Public Domain Images
The macOS Photos app has a retouching tool that can remove objects or touch up portrait photos.
/nix | Sep 28, 2024
Twocanoes (developer of Winclone) has updated DFU Blaster Pro, which reduces the process of entering DFU mode on a Mac to a single click. After connecting to the target Mac's DFU port, simply press the "DFU Mode" button on the host Mac. The tool can also retrieve the target Mac's model type, serial number, and ECID.
/mac | Sep 25, 2024
See update below for important change in macOS 15.1.
The widely-reported "foo is requesting to bypass the system private window picker and directly access your screen and audio" prompt in Sequoia (which Apple has moved from daily to weekly to monthly (though for some apparently it is minute-by-minute)) can be disabled by quitting the app, setting the system date far into the future, opening and using the affected app to trigger the nag, clicking "Allow For One Month", then restoring the correct date.
Tested by setting the date to 1/1/2040 then clicking "Allow For One Month"; no amount of changing to dates before 1/1/2040 triggered the nag, while setting the date to a month after 1/1/2040 or anytime thereafter triggered it again.
Apple's latest security enhancement defeated by a "hack" from the '90s shareware scene?
skrrtww: "Failing to respond to the prompt…does not even revoke the existing permission."
nox101: "AFAICT, Apple excludes all their own apps."
angulardragon03: "[T]he mechanism seems like it's primarily for shaming developers that don’t use the new API"
kranner: "I'm getting this alert even for code that uses only the new ScreenCaptureKit framework, specifically the SCScreenshotManager class introduced in WWDC23. Hopefully this is a bug and Apple meant to show this only for apps that still use deprecated functions like CGWindowListCreateImage."
skrrtww: "Any material use of ScreenCaptureKit that doesn't involve that content sharing picker specifically will trigger this prompt. That means asking for SCShareableContent, or a couple other generic uses I forget.
Jeff Johnson credits Ricci Adams with discovering that ~/Library/Group Containers/group.com.apple.replayd/ScreenCaptureApprovals.plist stores screen capture approval dates. He reports that the file is protected by TCC and suggests granting Full Disk Access to Terminal, using defaults
to read and modify the file, then logging off and on to permanently disable the prompt. In testing, I was able to edit ScreenCaptureApprovals.plist in both PlistEdit Pro and BBEdit without granting Full Disk Access or any other special permissions. Rather than logging off, I force-quit replayd
via Activity Monitor, and macOS automatically restarted the process. Thanks to both for the tip!
Amnesia by Jordi Bruin "allows you to disable the monthly reminders for Screen Capture Access on an app by app basis."
Luke Hamburg's macOS 15 screencapture nag remover Bash script is a FOSS alternative to Amnesia, which also takes Apple's latest shenanigans into account:
macOS 15.1 made a change to replayd whereby upon each invocation of an app that requests ScreenCapture permission, the timestamp in the plist is overwritten with the current date/time. The net effect is that if you use an app once, and then don't use it again for >30 days, you will be nagged again, even if you had previously disabled the nag.
v1.3.0 of this script added a workaround for this: an option to install a LaunchAgent which runs every 24h and keeps the timestamps updated. This ensures that nags are kept hidden even as apps are used or if your system clock abruptly changes.
Luke also points out that Apple has provided a workaround for business customers to disable the nag:
macOS 15.1 introduces a new method for suppressing these alerts across the board. This leverages a configuration profile which must be provisioned by an MDM server (e.g. Jamf, Addigy, Mosyle, etc). Apple unfortunately prohibits self-installing configuration profiles for certain TCC settings, ScreenCapture being one of them.
/mac | Sep 18, 2024
// This script automates the removal of all shared links from your Dropbox account. // Navigate to https://www.dropbox.com/share/links, open the browser console, and paste the JavaScript code below. // Optional: To delete only specific types of links (i.e., View or Edit links), // edit the `deleteLinkTexts` array to include only the types of links you want to remove. // By default, the script will target both "Delete view link" and "Delete edit link" options. // Script source: https://www.dropboxforum.com/t5/Create-upload-and-share/remove-all-shared-links/m-p/710562/highlight/true#M73731async function pause(ms) { return new Promise(resolve => { setTimeout(() => { resolve(); }, ms); }); } async function deleteLinks() { const deleteLinkTexts = ["Delete view link", "Delete edit link"];
// Both optionslet items = document.querySelectorAll('.share-page-row-actions [data-testid="open-menu-button"]'); for (let i = 0; i < items.length; i++) { items[i].click();
// Click the submenu button to open the menuawait pause(1000);
// Adjust the pause duration as needed// Find and click the appropriate delete link option const deleteLinkOption = Array.from(document.querySelectorAll('.dig-Menu-row-title')).find(item => deleteLinkTexts.includes(item.textContent)); if (deleteLinkOption) { deleteLinkOption.click();
// Click the delete link optionawait pause(1000);
// Adjust the pause duration as needed// Find and click the delete button const deleteButton = document.getElementsByClassName("dbmodal-button"); if (deleteButton.length > 0) { deleteButton[0].click(); await pause(1000);
// Adjust the pause duration as needed} } items = document.querySelectorAll('.share-page-row-actions [data-testid="open-menu-button"]');
// Refresh items} } deleteLinks();
List shared links:
% tbx dropbox file sharedlink list
...
| tag | url | name | expires | path_lower | visibility |
|--------|----------------------------|---------|---------|-----------------|------------|
| file | https://www.dropbox.com... | foo.jpg | | /photos/foo.jpg | public |
| file | https://www.dropbox.com... | bar.jpg | | /photos/bar.jpg | public |
| folder | https://www.dropbox.com... | Baz | | /baz | public |
The report generated: /Users/user/.toolbox/jobs/20240913-094617.OPY/report/shared_link.csv
The report generated: /Users/user/.toolbox/jobs/20240913-094617.OPY/report/shared_link.json
The report generated: /Users/user/.toolbox/jobs/20240913-094617.OPY/report/shared_link.xlsx
The command finished: 2.16s
Delete a single shared link:
% tbx dropbox file sharedlink delete -path /photos/foo.jpg
Removing link `https://www.dropbox.com...` that point to `/photos/foo.jpg`
| status | reason | input.tag | input.url | input.name | input.expires | input.path_lower | input.visibility | result |
|---------|--------|-----------|----------------------------|------------|---------------|------------------|------------------|--------|
| Success | | file | https://www.dropbox.com... | foo.jpg | | /photos/foo.jpg | public | |
...
or all shared links by extracting the paths from the path_lower
column in shared_link.csv with awk
and feeding them to tbx
via xargs
:
% awk -F ',' 'NR>1 {print $5}' shared_link.csv | xargs -I {} tbx dropbox file sharedlink delete -path "{}"
(tbx
includes a dropbox team sharedlink delete links
command to batch delete shared links for Teams accounts.)
From the How to manage your default sharing settings section of How to manage your Dropbox file and folder sharing permissions:
Log in to dropbox.com.
Click your avatar (profile picture or initials) in the top right.
Click Settings.
Click the Sharing tab.
Choose your default settings.
Use Who has access to manage who can open your shared links.
Anyone with the link: All the links you share are public. Anyone can open them.
Only people invited: Only people you invite can access your files and folders. If someone who wasn’t invited receives the link, they can’t open it.
Team members: Only other members on your team account can access your files and folders.
Use What people can do to manage whether people can edit the files and folders you share.
Can edit: Anyone who can open the shared link can edit the file.
Can view: Anyone who can open the shared link can view and comment on the file, but not edit it.
Note: These settings won’t apply when you share from a mobile device, or when you copy and paste a link from the address bar. The changes you make to default sharing settings won’t be applied to existing shared links. Only new links will use this setting.
/misc | Sep 14, 2024
Tried the native Screenshot.app, Shottr, CleanShot X, Flameshot, ksnip, Skitch, Xnapper, among others to no avail.
Snagit 2024's Capture Multiple Areas on the Screen did the trick:
In the Capture window, select the All-in-One tab (rather than the usual Image for screenshots)
Enable Capture Cursor and 5 Second Delay:
Click the Capture button or press Control+Shift+C
When the orange crosshairs appear, position your cursor over the main application window and click to capture it, including any context menus, drop-downs, or other elements that appear within the frame
Click the camera icon in the popup menu to edit or save the screenshot
/mac | Sep 08, 2024
(Spent way too much time in UTM's Drives → New… and mucking about in config.plist before this brain-wave):
Create a new blank image in Disk Utility (Cmd+N)
Set filename, size, format, etc. as desired
Select the VM in UTM's sidebar → click the "Edit selected VM" button in the toolbar
Under "Drives" click New… → check "Removable" → click "Create" then "Save" to close the settings window
In the VM's main pane, scroll down to the "External Drive" dropdown menu (which has now appeared) → select Browse… → double click the DMG file created in step 2
/mac | Sep 07, 2024
(without hack workarounds) via RDP shadowing.
Warning: Do not proceed without fully understanding the steps involved and how to secure your network.
System Properties (sysdm.cpl) → Remote
Enable "Allow remote connections to this computer" → OK
Group Policy Editor (gpedit.msc) → Local Computer Policy → Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Connections
Double click "Set rules for remote control of Remote Desktop Services user sessions" → select "Enabled" → set "Options:" to "Full Control without user's permission" → OK
Windows Defender Firewall with Advanced Security (wf.msc) → check "File and Printer Sharing (SMB-In)" and "Remote Desktop - Shadow (TCP-In)" are enabled for LAN connections (see Restrict Windows Remote Desktop connections to LAN only)
If the local and remote credentials differ, store the remote username and password in Windows Credential Manager:
cmdkey /add:
<hostname|IP> /user:
<remote_user> /pass:
<remote_pass>
Retrieve the remote user's session ID (will generally be "1" or "2" on single-user systems):
qwinsta /server:
<hostname|IP>
Connect:
mstsc.exe /shadow:
<sessionID> /v:
<hostname|IP> /noconsentprompt /control
Modify and save this batch file, then run it to automatically retrieve the user session ID and establish a connection:
@echo off setlocal enabledelayedexpansion :: Set your remote username and hostname or IP address set remote_user=
<USERNAME>set remote_host=
<HOSTNAME|IP>:: Get the session ID for the specified username where the session state is Active for /f "tokens=2,3,4" %%a in ('qwinsta /server:%remote_host% ^| findstr /R "^ %remote_user%"') do ( if "%%c"=="Active" ( set session_id=%%b ) ) :: If an active session ID was found for the specified user, connect automatically if defined session_id ( start "" mstsc /v:%remote_host% /shadow:%session_id% /control /noConsentPrompt ) else ( echo No active session found for user "%remote_user%". ) exit
Errors:
Long delay on initial login followed by "Shadow Error: This computer name is invalid" – Resolved by enabling the "File and Printer Sharing (SMB-In)" and "Remote Desktop - Shadow (TCP-In)" rules in the server's firewall settings.
"Shadow Error: Access is denied" – Fixed by saving remote credentials in the Credential Manager using cmdkey
. Alternatively, you can use the /prompt
flag with mstsc.exe
to manually enter credentials. However, this option isn't available for qwinsta.exe /server:
or query.exe
<username|session> /server:
, so they will return Error [5]: Access is denied
unless local and remote credentials match.
"Shadow Error: The session identification does not specify a valid session." – For manual login, this is resolved by retrieving the correct session ID on the server with query user
. The batch script automatically finds the correct session ID, so no manual intervention is needed.
In Microsoft's Remote Desktop lexicon, the terms "local session", "interactive session", and "console session" all refer to the session in which the user is physically present at the computer.
View stored credentials via cmdkey /list
and delete them with cmdkey /delete:
<hostname|IP>. Both actions can also be performed through the Credential Manager GUI (control keymgr.dll
).
Viewing a Remote User’s Desktop Session with Shadow Mode in Windows
Windows Server 2008 R2 Remote Desktop Services Resource Kit; "Shadowing a User Session" in the "Providing Help with Remote Control" section of Chapter 11, "Managing Remote Desktop Sessions"
Shadow Remote Desktop Session (RDS) Without Permission Prompt
Spying on users using Remote Desktop Shadowing - Living off the Land
How to perform RDP shadowing from Win10 Pro to another Win10 Pro
How to Shadow (Remote Control) a User’s RDP session on Windows Server RDS
/windows | Sep 04, 2024
TightVNC Service Configuration → Access Control
Click Add… → set "First matching" and "Last matching IP" values to cover desired LAN range (e.g., 192.168.0.1 and 192.168.0.254) → set "Action" to Allow → click OK
Click Add… → set "First matching" to 0.0.0.0 and "Last matching IP" to 255.255.255.255 → set "Action" to Deny → click OK
Click Apply
Optionally adjust local and remote IP address scope for TightVNC's default inbound rule in Windows Defender Firewall with Advanced Security; see Restrict Windows Remote Desktop connections to LAN only.
/windows | Aug 31, 2024