tinyapps.org / blog


whois terminal command not returning registrant contact info #

At some point in recent history, whois stopped returning registrant contact info for a number of TLDs, including .com*. In Why is 'whois' showing no registrant information?, bu11etpr00f explains that the specific registrar whois server must now be queried directly in order to get registrant contact information, i.e.,

$ whois reddit.com
...
Registrar WHOIS Server: whois.markmonitor.com
...
$ whois -h whois.markmonitor.com reddit.com
...
Registrant Name: Domain Administrator
Registrant Organization: Reddit Inc.
Registrant Street: 548 Market St.,
...

Rather than running two commands, I cobbled together this oneliner:

$ whois -h $(whois reddit.com | grep 'Registrar WHOIS Server:' | cut -f2- -d:) reddit.com

but quickly realized that I use whois often enough to create a bash function for it.

So I saved this in ~/.bash_profile:

function w2 {
  whois -h $(whois $1 | grep 'Registrar WHOIS Server:' | cut -f2- -d:) $1
}

then ran source ~/.bash_profile to reload.

Much easier now:

$ w2 reddit.com
...
Registrant Name: Domain Administrator
Registrant Organization: Reddit Inc.
Registrant Street: 548 Market St.,
...

* Thanks to Guy at easyDNS for kindly informing me of the difference between thick and thin WHOIS registries. See also Anthony Geoghegan's reply to Why do some domain names have extremely truncated whois information? for more information.

/nix | Nov 14, 2017

Demi-decennial coworking update* #

WeWork "transforms buildings into beautiful, collaborative workspaces." 237 buildings in 56 cities, for teams of 1 to 500+.

Previously: 2005, 2010

*Yes, this installment is running slightly behind schedule.

/misc | Oct 26, 2017

Windows 10: Restore classic blue solid color Desktop background #

In Windows 2000 and XP, the default solid color Desktop background was a serene shade of blue:

Windows 2000 and XP blue solid color Desktop background

Hue: 141
Sat: 115
Lum: 105

 

Red: 58
Grn: 110
Blu: 165

 

Hex: #3A6EA5

The "Windows Classic" theme in Windows 7 used the same color, but there was a slightly darker blue default color available in the Solid Colors menu, which was still available in Windows 8.1:

Windows 7 and 8.1 blue solid color Desktop background

Hue: 142
Sat: 203
Lum: 60

 

Red: 10
Grn: 59
Blu: 118

 

Hex: #0A3B76

Inexplicably, Windows 10 not only removed these calming blue tones and replaced them with 24 largely garish colors, but also failed to provide any option for customizing colors in the main Settings menu (right click Desktop > Personalize > Background: Solid Color). Happily, the classic Desktop Background applet is accessible via Run > control /name Microsoft.Personalization /page pageWallpaper. Not only can you select the Windows 7 darker blue, but you can also create custom colors by clicking "More...".

UPDATE: The day after this post, Microsoft released Windows 10 Fall Creators Update, which includes a "Custom color" option in the main Background settings window. Click "More" to enter RGB, HSV, or hex values.

/windows | Oct 16, 2017

macOS: Export Contacts to CSV #

While Contacts.app does not include an explicit CSV export option, one can be easily effected by:
  1. highlighting desired contacts,
  2. dragging them into a new Numbers spreadsheet, and
  3. exporting the spreadsheet to CSV

/mac | Oct 16, 2017

Taking screenshots in macOS Recovery Mode or within a bootable installer #

  1. Boot into Recovery Mode (Cmd+R) or via a USB bootable install disk
  2. Utilities > Terminal
  3. If you have access to the existing macOS install, you can use the copy of screencapture located at /Volumes/Macintosh\ HD/usr/sbin/screencapture for the following. Otherwise, copy /usr/sbin/screencapture from another macOS install to a USB flash drive (e.g., SANDISK) and run from there.
  4. Open desired application(s) from the Terminal, e.g.,
  5. Open another tab in Terminal and run /Volumes/SANDISK/screencapture /Volumes/SANDISK/screenshot.png

References:

/mac | Oct 01, 2017

High Sierra's Disk Utility does not recognize unformatted disks #

unless you click View > Show All Devices, quit Disk Utility, then relaunch it (thanks to xenadu02 for the workaround!)

macOS 10.13's Disk Utility 17.0 (1626) does not recognize raw drives. Here is an example while booted from the installer, attempting to prepare a new internal drive:

high_sierra_disk_utility_before

However, as seen in the blue Terminal window, diskutil does recognize the drive. We'll use it to perform a quick, cursory format (e.g., diskutil eraseDisk JHFS+ NewDisk GPT disk0) to make the disk appear in Disk Utility, where further modifications can more easily be made:

high_sierra_disk_utility_after

Plugging in an unformatted external drive produces the usual alert, "The disk you inserted was not readable by this computer. Initialize... | Ignore | Eject", but clicking Initialize just opens Disk Utility without the disk appearing:

High Sierra Disk Utility

As shown above, clicking View > Show All Devices does not cause the raw disk to appear.

UPDATE: Fans of Disk Utility's last classic version (13 (606) from OS X 10.10 Yosemite) have got it running in El Capitan and Sierra:

Disk Utility version 13 was the last to support:

However, in light of APFS and other changes, it may be wiser to simply use diskutil and hdiutil instead.

/mac | Oct 01, 2017

Breathing new life into a 2006 MacBook #

/mac | Sep 17, 2017

Menu bar firewall status indicator #

BitBar (open source) can be used to display an emoji of choice in the menubar depending on the built-in Application Firewall's state: off (0), on for specific services (1), or on for essential services (aka stealth mode) (2):

Firewall status in menubar via BitBar

  1. Install and launch BitBar
  2. Create a new directory (e.g., ~/bitbar/) to store plugins when prompted
  3. Save the following Bash script as ~/bitbar/firewall_status_indicator.10s.sh and make it executable (chmod +x firewall_status_indicator.10s.sh):
    #!/bin/bash
    
    state=$(defaults read "/Library/Preferences/com.apple.alf" globalstate);
    
    if [ "$state" -eq 2 ]; then
      echo "🔒"
    elif [ "$state" -eq 1 ]; then
      echo "❗️"
    else
      echo "‼️"
    fi
    
    echo "---"
    echo "Open Firewall preference pane| href='x-apple.systempreferences:com.apple.preference.security?Firewall'"
    

GeekTool (free) can display a tiny red or green status LED on the desktop or in the menubar to indicate the firewall status:

Firewall status in menubar via GeekTool

TextBar ($2.99) can be used to display a shield icon and the firewall state (0, 1, or 2 as explained above) in the menu bar:

Firewall status in menubar via TextBar

  1. Install and launch TextBar
  2. Disable the default items
  3. Click the plus symbol to add a new item
  4. Replace echo 'Hello' with defaults read /Library/Preferences/com.apple.alf globalstate
  5. Check the far left box to enable and select the shield image

/mac | Sep 10, 2017

Particulars: BgInfo for OS X / macOS #

Sysinternals' BgInfo has been around for ages, displaying key system info on the Windows Desktop for convenience (especially handy for admins supporting remote users).

Glencode's Particulars offers similar functionality for Mac users, including a lab mode to help ease mass deployment.

/mac | Sep 10, 2017

Recovering saved macOS user passwords #

Users who have (inadvisedly) enabled automatic login often forget the password. It is merely encoded with an XOR cipher and stored in /etc/kcpassword.

A number of sites suggest this Ruby one-liner to recover it:

sudo ruby -e'key=[125,137,82,35,210,188,221,234,163,185,31];IO.read("/etc/kcpassword").bytes.each_with_index{|b,i|break if key.include?(b);print [b^key[i%key.size]].pack("U*")}'

However, only the first four characters were returned in my limited testing.

Joaquin Moreno Garijo's Python script, kcpass.py, did the trick:

  1. Copy /etc/kcpassword via target disk mode, single-user mode, etc.
  2. curl -O https://raw.githubusercontent.com/jjarava/mac-osx-forensics/master/kcpass.py
  3. chmod +x kcpass.py
  4. ./kcpass.py $(xxd -p /path/to/kcpassword)
        Kcpasswd: 0x09e03c5ab3ccad998dd66d1a89b165ae7e8912b851f8f0ff.
        Magic Xor: 0x7d895223d2bcddeaa3b91f.
        Used Magic Xor: 0x7d895223d2bcddeaa3b91f7d895223d2bcddeaa3b91f7d895223d2bcddeaa3b91f.
    
        The password is: "tinyapps.org".
    

See also:

/mac | Sep 07, 2017


Subscribe or visit the archives