Entries by David

Connect to Windows 7 file shares from Windows 3.11

Overview

I found that the easiest way to copy files onto a Windows 3.11 VM (in my case, running inside VMware Fusion) is to use a Windows 7 file share, but before Windows 3.11 can talk to its younger sibling, a few changes need to be made.

The LM hash was the primary hashing function used by Windows LAN Manager in versions prior to Windows NT.  Windows 2000 and later retained support for it but disabled it by default as of Windows Vista.  Since NTLM (and NTLMv2) hashes are not backwards compatible, LM hashes must be enabled on the host for Windows 3.11 to be able to make a connection.

Configuring Windows 7

  1. Enable LM hashes.
    This puts your account password at risk since LM hashes are easily brute forced.  Avoid doing this outside safe network environments and do not choose a password that you use anywhere else.

    • Run mmc and add the Group Policy Object Editor snap-in.  Select Local Computer when prompted.
    • Browse to Computer Configuration Windows SettingsSecurity SettingsLocal PoliciesSecurity Options.
    • Change Network security: LAN Manager authentication level to Send LM & NTLM – use NTLMv2 session security if negotiated.
    • Change Network security: Do not store LAN Manager hash value on next passwordchange to Disabled.
    • Change your password to generate the LM hash.  Your password must be 14 characters or fewer.  You can change it twice to get your original choice back.
  2. Enable advanced file sharing.
    Not required but makes the following steps simpler.

    • Open Windows Explorer.
    • Select ToolsFolder OptionsView tab.
    • Uncheck Use Sharing Wizard (Recommended) near the bottom.
  3. Share the folder you want to use for transferring files.
    • Avoid sharing any folder with confidential data.
    • Use a username without spaces, ideally matching the network username you set in Windows 3.11.  Create a dummy account if that is simpler.  If you elect to rename your existing account, remember to log off and on after the rename.
    • Share the folder read-only unless otherwise required.
  4. Ensure your Windows 7 computer name is NetBIOS compliant.
    This means 15 characters or fewer.
  5. Ensure your Windows 7 VM is on the same subnet as the Windows 3.11 VM.
    I found a Bridged network connection to be simplest on both.

Connecting from Windows 3.11

  1. Ensure the proper network adapter driver is installed.
    VMware’s website has a useful article on the subject.
  2. Install TCP/IP-32 for Windows 3.11.
    While entirely option, it is also entirely cool.
  3. Ensure your Windows 3.11 network username matches a valid username on the Windows 7 share.
    To my knowledge, the net command in Windows 3.11 does not support the /user flag and always attempts to connect as the currently authenticated user.
  4. Connect!
    net use z: \\computer\share
    win311-mapdrive
  5. Launch File Manager.
    Copy your files in style.
    win311-transfer

Caveats

  • I used a Windows 7 VM because I already had one configured.  For OS X users, it seems entirely possible for Samba to be configured with LM hashes (labelled, simply, NTLM in Samba), negating the need for a second VM.  I haven’t explore this far yet but may in the future.
  • Since TCP/IP-32 is readily available, you may elect to use FTP instead.  I found it far more satisfying to fire up File Manager and to drag files over using a GUI from 1990.  On the other hand, if you don’t have proper install media for it, using LanMan may actually be simpler.
  • You can initialise the network stack from DOS using net init and net start full but I had mixed results.  Connections seemed far more reliable when I let Windows 3.11 perform the initialisation.

Permanently prevent OS X Mail from inserting attachments at the end of emails

OS X Mail defaults to including all attachments at the end of emails.  While useful for some file types (ZIP archives, programs, etc.), I still prefer that images be embedded exactly where I paste them in a message.

This insert-at-the-end behaviour can be disabled by unchecking an option in the Edit/Attachments menu:

Unfortunately, the option always reverts to being checked again for subsequent emails, with no obvious way to disable this behaviour permanently.  As it turns out, the solution is simple:

If you disable this option while editing an email, it will remain disabled for that message only. If you disable this option from the main window, it will remain disabled for all future messages.

Tangentially, the option to “Send Windows-Friendly Attachments” can only be toggled when you are not editing an email.  When you have a message screen open, the option is greyed out.

These options seem like perfect candidates for Mail’s Preferences menu.  Why they exist solely as menu options and why they behave this way remains a mystery to me.

Changing nginx’s worker process user on OS X

nginx defaults to running its master process as root and all workers as nobody.

You can tell nginx to run worker processes under different credentials by setting the user directive in nginx.conf.

On OS X, you need to specify a valid group as well, since nginx will default to looking for a group that doesn’t exist. You will see “nginx – getgrnam()” in the error log when this happens. The easiest solution I found is to assign the OS X staff group:

user userid staff

It probably bears mentioning that changing the runtime credentials won’t negate the need for sudo if you run your web server on port 80, since OS X (and all Unixes) will not allow nginx to use that port unless it runs as root.

Group similar apps in OS X dock with spacer tiles

OS X’s dock allows the addition of spacer tiles, blank objects that occupy the same space as an application icon.  Spacer tiles are quite helpful for organising applications into logical groups.

Adding spacer tiles is relatively simple:

  1. Launch Terminal (from Applications/Utilities).
  2. Cut and paste the following into the command line, once for each tile you want to add.  (Need 4 tiles?  Run it 4x.)
    defaults write com.apple.dock persistent-apps -array-add '{tile-data={}; tile-type="spacer-tile";}'
  3. Restart the dock:
    killall Dock

Spacer tiles behave like normal application icons: they can be dragged into any position, or dragged out of the dock completely to remove them.

Quitting Terminal app in Lion when the last console session ends

Lion’s Terminal app and its tabbed full-screen mode is a huge improvement for me. One thing that became a minor annoyance, however, is Terminal’s failure to quit when the last console session ends: Cmd-Q is still required to quit the app completely.

The workaround I chose takes advantage of existing muscle memory.  I had already configured an alias for exit, allowing me to type x to end a console session.

To solve the Terminal app problem, I repurposed x as a function in my ~/.bash_profile:
function x {
[ "$(w -h | grep "^$(whoami) *s[^ ]* *-"|wc -l)" -le 1 ] && osascript -e 'tell application "Terminal" to quit' || exit
}

The function checks for the number of active console sessions. When x is called and only one session remains, osascript is invoked to quit the Terminal app completely.

Hold Calls on iPhone 4/4S

The Hold button was replaced with FaceTime on iPhone 4′s call menu.
You can still place calls on hold: just tap and hold Mute for 2 seconds.

List all Facebook friends who use iPhones

Facebook’s iPhone app seems to integrate with the Facebook Platform using the same rules that other applications must follow. After you sign in to the iPhone app for the first time, a corresponding Facebook app, Facebook for iPhone, is automatically granted access to your profile.

There is nothing unusual about this; Facebook is merely playing by their own rules. But there is an interesting side effect.

Facebook is a social platform, so all application pages allow you to list other friends using that app. Facebook for iPhone, the Facebook counterpart for the iPhone app, is no different.

These are all your Facebook friends who use (or once used)…

It is worth noting that the Facebook for iPhone app remains in your profile until you explicitly remove it, so results may be misleading.  (After all, how would Facebook know that your iPhone fell into the toilet, when you may simply not have run their app for a long time?)

If any of this bothers you, breathe deeply… then get off the internet.

And my lawn.

Access OS X clipboard from CLI

Accessing the OS X clipboard (or “pasteboard”) from the CLI is made simple with the pbcopy and pbpaste commands:

cat ~/ confidential_information.txt | pbcopy
pbpaste > confidential_information.txt

The pbcopy/pbpaste manpages have more detailed information about their use.

An interesting footnote to OS X’s clipboard system is that there are actually four pasteboards, each assigned to its own, unique purpose. The Find clipboard is particularly useful because it enables search queries to be saved automatically between applications. To test this, enter a string in (for example) Firefox’s search box. Don’t copy it to the clipboard. Now open your text editor and start a new search. The same string should already be in the dialog box…

Permanently disable Google Software Update on OS X

UPDATE

Parsa Fatehi kindly points out below that Google now has a simpler solution:
http://www.google.com/support/installer/bin/answer.py?answer=100386


As many have noted, recent Google software releases for OS X now include Google Software Update, a background daemon that checks for and installs updates to Google software with no user intervention and no option for disabling it.

In theory, GSU is removed automatically when the last Google software to utilise it is uninstalled from your computer… but this assumes that you use the uninstallers bundled by Google, and don’t attempt to remove the software by hand.

I’ll save my disappointment for another editorial.
Instead, here is a workaround:
sudo rm /Library/LaunchAgents/com.google.keystone.agent.plist
sudo rm /Library/LaunchDaemons/com.google.keystone.daemon.plist
sudo rm /Library/LaunchDaemons/com.google.keystone.daemon4.plist

sudo touch /Library/LaunchAgents/com.google.keystone.agent.plist
sudo touch /Library/LaunchDaemons/com.google.keystone.daemon.plist
sudo touch /Library/LaunchDaemons/com.google.keystone.daemon4.plist

sudo chmod 000 /Library/LaunchAgents/com.google.keystone.agent.plist
sudo chmod 000 /Library/LaunchDaemons/com.google.keystone.daemon.plist
sudo chmod 000 /Library/LaunchDaemons/com.google.keystone.daemon4.plist

This hint does not uninstall GSU – it only “disables” the launchd entries that would run GoogleSoftwareUpdateAgent.app at boot time.

We first remove each entry (sudo rm …) and create empty files (sudo touch …) in their place.  We then change their POSIX permissions (sudo chmod) to deny any access to these files (000) for all accounts except root.

Creating inaccessible dummy files is important.  Without them, the launchd entries can simply be replaced whenever Google software is run.  But with these steps taken, no Google app can reinstall the GSU launchd entries, unless they:

  • ask for your username and password (to authenticate as root),
  • use different filenames, or
  • create local launchd entries (~/Library/Launch[…])

This hint is easily adapted for each of these cases. You can also use this technique to remove GSU completely.

Enable local search on Leopard Server

By default, Leopard Server disables Spotlight indexing on its system drive.

I assume that this decision was made to avoid confusion when administrators search the global catalog for system files on other machines. However, I find this to be a hassle when I need to locate a file on the server itself.

You can easily include a server’s local drives in its Spotlight index using mdutil:

sudo mdutil -i on /

The same command can be reissued with the off parameter to reverse the change.