tinyapps.org / blog

Breathing new life into a 2006 MacBook #

/mac | Sep 17, 2017

Menu bar firewall status indicator #

BitBar (open source) can be used to display an emoji of choice in the menubar depending on the built-in Application Firewall's state: off (0), on for specific services (1), or on for essential services (aka stealth mode) (2):

Firewall status in menubar via BitBar

  1. Install and launch BitBar
  2. Create a new directory (e.g., ~/bitbar/) to store plugins when prompted
  3. Save the following Bash script as ~/bitbar/firewall_status_indicator.10s.sh and make it executable (chmod +x firewall_status_indicator.10s.sh):
    state=$(defaults read "/Library/Preferences/com.apple.alf" globalstate);
    if [ "$state" -eq 2 ]; then
      echo "🔒"
    elif [ "$state" -eq 1 ]; then
      echo "❗️"
      echo "‼️"
    echo "---"
    echo "Open Firewall preference pane| href='x-apple.systempreferences:com.apple.preference.security?Firewall'"

GeekTool (free) can display a tiny red or green status LED on the desktop or in the menubar to indicate the firewall status:

Firewall status in menubar via GeekTool

TextBar ($2.99) can be used to display a shield icon and the firewall state (0, 1, or 2 as explained above) in the menu bar:

Firewall status in menubar via TextBar

  1. Install and launch TextBar
  2. Disable the default items
  3. Click the plus symbol to add a new item
  4. Replace echo 'Hello' with defaults read /Library/Preferences/com.apple.alf globalstate
  5. Check the far left box to enable and select the shield image

/mac | Sep 10, 2017

Particulars: BgInfo for OS X / macOS #

Sysinternals' BgInfo has been around for ages, displaying key system info on the Windows Desktop for convenience (especially handy for admins supporting remote users).

Glencode's Particulars offers similar functionality for Mac users, including a lab mode to help ease mass deployment.

/mac | Sep 10, 2017

Recovering saved macOS user passwords #

Users who have (inadvisedly) enabled automatic login often forget the password. It is merely encoded with an XOR cipher and stored in /etc/kcpassword.

A number of sites suggest this Ruby one-liner to recover it:

sudo ruby -e'key=[125,137,82,35,210,188,221,234,163,185,31];IO.read("/etc/kcpassword").bytes.each_with_index{|b,i|break if key.include?(b);print [b^key[i%key.size]].pack("U*")}'

However, only the first four characters were returned in my limited testing.

Joaquin Moreno Garijo's Python script, kcpass.py, did the trick:

  1. Copy /etc/kcpassword via target disk mode, single-user mode, etc.
  2. curl -O https://raw.githubusercontent.com/jjarava/mac-osx-forensics/master/kcpass.py
  3. chmod +x kcpass.py
  4. ./kcpass.py $(xxd -p /path/to/kcpassword)
        Kcpasswd: 0x09e03c5ab3ccad998dd66d1a89b165ae7e8912b851f8f0ff.
        Magic Xor: 0x7d895223d2bcddeaa3b91f.
        Used Magic Xor: 0x7d895223d2bcddeaa3b91f7d895223d2bcddeaa3b91f7d895223d2bcddeaa3b91f.
        The password is: "tinyapps.org".

See also:

/mac | Sep 07, 2017

Veganism in a nutshell #

If we could live happy and healthy lives without harming others... why wouldn't we?

-- Pam Ahern of Edgar's Mission

/misc | Sep 03, 2017

Cracking Microsoft Office password protection #

A new guide has been added to the dusty docs section: Cracking Microsoft Office password protection via hashcat, locally or in the cloud. Enjoy!

/nix | Aug 22, 2017

Proving the existence and content of a webpage #

ICanProve generates "digitally signed screenshots and session logs for legal evidence, proofs and discovery".

It uses a "remote controlled browser to create screenshots with extended logging of user actions and data transfer to create a timestamped and digitally signed document to give a very reliable proof of the website contents while allowing to selectively exclude sensitive information and transparently decoding ssl (https) sessions".

Would the generated files hold up in court? No idea. I am not a lawyer (thank heavens), this is not legal advice, etc, etc. It may be prudent to have an actual notary (or twelve) verify and notarize as well (after conferring with a phalanx of attorneys, of course).


/misc | Aug 16, 2017

OS X: Undelete iMessage messages #

/mac | Jul 17, 2017

Download Windows and Office ISOs from Microsoft #

quickly and easily with Jan Krohn's Microsoft Windows and Office ISO Download Tool:
"This tool allows an easy and comfortable way to download genuine Windows 7, Windows 8.1 and Windows 10 disk images (ISO) directly from Microsoft's servers, as well as Office 2007, Office 2010, Office 2013, Office 2016, and Office 2011 for Mac.*

"In the past Microsoft provided disk images for many of their products through their subcontractor "Digital River". These downloads were pulled in early 2014. Afterwards, Microsoft made a limited selection of downloads available on their TechBench site. Our tool accesses that TechBench site, and unlocks a large number of hidden download files on it."

*In my testing, only Windows 8.1, Windows 10, Insider Preview, Office 2013, Office 2016, and Office 2016 for Mac were available. However, there is this promising note on Jan's website:

"Removal of Windows 7 and Office in Version 5.00: These downloads have been blocked by Microsoft. We're working on an update."

/windows | Jun 03, 2017

Incremental disk image backups with auto-pruning, encryption, and more #

Veeam Endpoint Backup was recently upgraded and renamed to Veeam Agent for Microsoft Windows. The freeware edition is even more powerful than before; here are just some of the features:



Recovery Media



/windows | May 31, 2017

Encrypt and decrypt files in GPG without keys; #

that is, using only a symmetric cipher:

Create an encrypted copy of foo, saving it as foo.gpg in the current directory:

$ gpg --symmetric --cipher-algo AES256 foo
Enter passphrase:
Repeat passphrase:

Create a decrypted copy of foo.gpg, saving it as foo in the current directory:

$ gpg --output foo --decrypt foo.gpg
gpg: AES256 encrypted data
Enter passphrase:
gpg: encrypted with 1 passphrase

Create an encrypted copy of foo, saving it as foo.asc in the current directory in ASCII-armored format (suitable for pasting into email, etc):

$ gpg --symmetric --armor --cipher-algo AES256 foo
Enter passphrase:
Repeat passphrase:

Same as above, but send output to stdout instead of saving as foo.asc:

$ gpg --symmetric --armor --cipher-algo AES256 --output - foo
Enter passphrase:
Repeat passphrase:
Version: GnuPG v1


Decrypt foo.asc, sending output to stdout:

$ gpg --decrypt foo.asc
gpg: AES256 encrypted data
Enter passphrase:
gpg: encrypted with 1 passphrase
hello, world!


/nix | May 30, 2017

Renaming files in OS X for Windows or Unix compatibility #


While the above approaches should cover most use case scenarios, none of them address all of the possible naming issues in Windows.


/mac | May 16, 2017

Apple Keyboard (A1243) - Function Keys Not Working #

The Apple Keyboard (A1243) was introduced in 2007 and rechristened Apple Keyboard with Numeric Keypad in 2009. Almost a decade later, it is still sold under the same name and model number.

However, there have been two different order numbers for this keyboard with separate system requirements:

The only cosmetic difference between the MB110LL/A and MB110LL/B is the icons on the F3 and F4 keys:

MB110LL/A F3 & F4 keys MB110LL/B F3 & F4 keys

/mac | Apr 29, 2017

OS X: Rich text editor with regex #

Bean has been under constant development for years; it's been listed on the OS X page since version 0.94 (current version is 3.2.9). In addition to supporting a host of file formats (rtf, rtfd, plain text, webarchive, doc, docx, and odt), Bean is the only rich text editor I have found for OS X which also supports regex find/replace.

/mac | Apr 27, 2017

Saving colorized output from Bash #

even from programs like testdisk, in which output may span many separate screens:

Text-based output:

  1. Install aha: $ sudo apt install aha
  2. $ sudo testdisk | tee >(aha --black>output.html)
  3. After quiting testdisk, type exit on the command line. Find output.html in the current directory.

Graphic-based output:

  1. $ sudo apt install imagemagick ttyrec gcc x11-apps
  2. $ git clone https://github.com/icholy/ttygif.git
  3. $ cd ttygif
  4. $ make && sudo make install
  5. $ ttyrec
  6. Run desired command(s), e.g., $ sudo testdisk
  7. Type exit when finished
  8. Convert ttyrec's output file (ttyrecord by default) to tty.gif in the current directory: $ ttygif ttyrecord

Sources & More

/nix | Mar 05, 2017

Resetting an HP OfficeJet 5740 #


Support and Engineering main menu entries

Support Menu (Press Back/Return 4 times)

Some potentially useful/interesting options:

Engineering Menu (Press Home, Back, Home, Home)

Some potentially useful/interesting options:


/misc | Mar 04, 2017

Windows keeps reverting to high contrast mode #

If Windows keeps changing back to high contrast mode despite repeated attempts to change in Control Panel > All Control Panel Items > Personalization and disabling all options under "Choose a High Contrast theme" in Control Panel > All Control Panel Items > Ease of Access Center > "Make the computer easier to see", head to the Lock Screen > Ease of Access icon at bottom left > and turn off High Contrast.

/windows | Mar 01, 2017

Preparing a Mac for resale or donation (Sierra edition) #

  1. Deauthorize Mac in iTunes, turn off Find My Mac, sign out of iCloud, and sign out of iMessage.
  2. Securely erase internal storage, install macOS, create temporary admin account (e.g., tempuser), install apps and updates, etc.
  3. Log in normally as tempuser and run:
    $ sudo dscl . -delete /Groups/admin GroupMembership tempuser
    $ sudo dscl . -delete /Users/tempuser
  4. Restart in Single User Mode and run:
    # fsck -fy
    # mount -uw /
    # rm -R /Users/tempuser
    # rm /var/db/.AppleSetupDone
    # shutdown -h now


Regarding iLife and iWork apps

/mac | Feb 18, 2017

Reset Safari 10 in OS X 10.11 El Capitan #

Turn this:

Safari junk

into this:

Safari clean


# Reset Safari 10 for current user. Developed and tested under OS X 10.11.6 El Capitan.

# Backup bookmarks to Desktop, exiting if unsuccessful
cp -v ~/Library/Safari/Bookmarks.plist ~/Desktop/Bookmarks-`date +%Y%m%d%H%M%S`.plist
if [[ $? -ne 0 ]]; then exit 1; fi

# Delete main Safari data directory
rm -rfv ~/Library/Safari

# Delete caches
rm -rfv ~/Library/Caches/com.apple.Safari
rm -rfv ~/Library/Caches/com.apple.Safari.SearchHelper
rm -rfv ~/Library/Caches/com.apple.safaridavclient
rm -rfv ~/Library/Caches/com.apple.WebKit.PluginProcess
rm -rfv ~/Library/Caches/Metadata/Safari
rm -rfv ~/Library/Caches/SafariNotificationAgent
rm -rfv ~/Library/Caches/com.apple.commerce.safari/SafariLibrary

# Delete cookies
rm -rfv ~/Library/Cookies/Cookies.binarycookies
rm -rfv ~/Library/Cookies/com.apple.safari.cookies
rm -rfv ~/Library/Cookies/com.apple.CaptiveNetworkAssistant.binarycookies
rm -rfv ~/Library/Cookies/com.apple.Safari.SafeBrowsing.binarycookies
rm -rfv ~/Library/Cookies/com.apple.Safari.SearchHelper.binarycookies

# Delete preferences
rm -rfv ~/Library/Preferences/com.apple.Safari.LSSharedFileList.plist
rm -rfv ~/Library/Preferences/com.apple.Safari.RSS.plist
rm -rfv ~/Library/Preferences/com.apple.Safari.plist
rm -rfv ~/Library/Preferences/com.apple.Safari.Extensions.plist
rm -rfv ~/Library/Preferences/com.apple.WebFoundation.plist
rm -rfv ~/Library/Preferences/com.apple.WebKit.PluginHost.plist
rm -rfv ~/Library/Preferences/com.apple.WebKit.PluginProcess.plist
rm -rfv ~/Library/Preferences/com.apple.commerce.safari.plist

# Delete saved state
rm -rfv ~/Library/Saved\ Application\ State/com.apple.Safari.savedState

# Delete RSS feeds subscribed in Safari or Mail
# More info on PubSub database and command:
# http://krypted.com/mac-os-x/managing-mail-and-safari-rss-subscriptions-from-the-command-line/
rm -rfv ~/Library/PubSub/Database

# Delete yet more Safari data (cannot find any definitive documentation on this directory)
rm -rfv ~/Library/WebKit/com.apple.Safari

# Delete SharedFileList
rm -rfv ~/Library/Application Support/com.apple.sharedfilelist/com.apple.LSSharedFileList.ApplicationRecentDocuments/com.apple.safari.sfl

# Delete LSOs / Flash cookies
rm -rfv ~/Library/Caches/Adobe/Flash\ Player

# Clear file quarantine database (i.e., list of downloaded files)
# More info: http://osxdaily.com/2012/07/12/list-download-history-mac-os-x/
sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV* 'delete from LSQuarantineEvent'

# Delete QuickTime cache
rm -rfv ~/Library/Caches/QuickTime

printf "\n\n\033[1;32mSafari cleanup complete.\n\n\033[1;31mThe contens of /Library/Internet Plug-Ins and ~/Library/Internet Plug-Ins\nwill appear below after pressing Enter. Check output for unwated plugins.\nPreserve Quartz Composer.webplugin & Default Browser.plugin at a minimum.\033[0m\n\n"

read -p "Press Enter to continue."

# List contents of /Library/Internet Plug-Ins and ~/Library/Internet Plug-Ins
ls -A /Library/Internet\ Plug-Ins ~/Library/Internet\ Plug-Ins


  1. Testing with fs_usage and File Buddy in a clean VM.
  2. completely reset Safari 9
  3. How to reset safari 9.0.3
  4. Reset Safari from command line
  5. Reset Safari doesn't really clean all the cookies of Safari web browser
  6. History in Safari
  7. Aborting a shell script if any command returns a non-zero value?
  8. In a bash script, how can I exit the entire script if a certain condition occurs?
  9. guapolo's answer to How to get osx shell script to show colors in echo

/mac | Feb 11, 2017

Still using Yahoo Mail? #

/misc | Feb 10, 2017

List all files on disk #

Even as root, ls and find produced too many errors ("Permission denied", "Not a directory", "directory causes a cycle", "Input/output error", etc) when attempting to list all files on disk. Tree worked a treat:

$ tree -a -i -f / > filesystemlist.txt

 -a All files are listed.
 -i Don't print indentation lines.
 -f Print the full path prefix for each file.
See also Tree for Windows and LINUX Recursively list all files in a directory including files in symlink directories.

/nix | Feb 06, 2017

Migrating from Mail.app to Thunderbird #

* In Mail.app, you can highlight multiple mailboxes > "Export Mailbox..." > Options > Export all subfolders > Choose, but the resulting mbox files are all named "mbox".

/mac | Feb 05, 2017

Batch remove all tiles from Windows 10 Start Menu #

Well, almost all tiles; the few that remain after running the script below (save as unpin.ps1 then right click and "Run with PowerShell") can be removed manually (right click tile > "Unpin from Start").

/windows | Feb 04, 2017

Convert asciidoc to markdown #

  1. Install pandoc and asciidoc

    $ sudo apt install pandoc asciidoc

  2. Convert asciidoc to docbook

    $ asciidoc -b docbook foo.adoc

    foo.xml will be output into the same directory as foo.adoc

  3. Convert docbook to markdown

    $ pandoc -f docbook -t markdown_strict foo.xml -o foo.md

  4. Unicode symbols were mangled in foo.md. Quick workaround:

    $ iconv -t utf-8 foo.xml | pandoc -f docbook -t markdown_strict | iconv -f utf-8 > foo.md

  5. Pandoc inserted hard line breaks at 80 characters. Removed like so:

    $ iconv -t utf-8 foo.xml | pandoc -f docbook -t markdown_strict --wrap=none | iconv -f utf-8 > foo.md

/nix | Jan 24, 2017

3 Mac file-related apps #

from a blog post (and related comments) on Robservatory:

/mac | Jan 23, 2017

Objections to veganism #

Vegan Sidekick has a handy guide to justifications for harming and exploiting animals. TL;DR: this comic covers much of it.

/misc | Jan 23, 2017

Subscribe or visit the archives