Have you ever logged into OSX at gotten a message about needing updates although you are sure you have applied them already? How about a message saying that you need to accept certain packages like iPhoto in the update manager but when you try you are told they have been purchased with another account and you need to login with that one to install them? Looking at the Apple OSX support forums across a number of sites I can tell you don't bother answering, I know it is a rhetorical question. These errors happen to a lot of people and all the time. Eventually some other forum user will suggest some bit of command line trickery that has nothing to do with the problem and the errors go away.
Showing posts with label OSX. Show all posts
Showing posts with label OSX. Show all posts
Monday, June 03, 2013
Thursday, February 21, 2013
Ruby on OSX 10.8 followup
After a ton of comments privately about using Homebrew instead of Macports I decided to try it out. I did a clean install on my Macbook Pro and here are the steps I followed.
1. Install Xcode 4.6 and command line tools.
2. Open terminal and run command:
\curl -L https://get.rvm.io | bash -s head --ruby
3. Enjoy ruby.
That is much easier. So much easier! Apparently rvm head will install Homebrew, all the required dependencies, and build a working copy of ruby. The #rvm channel on freenode helped me with this. I am now upset at the time I wasted trying to get the other way to work.
This may be old news to some but I wanted to throw this up because I spent a ton of time Googling and did not find a good solution, I hope this helps others. Now I am going to build the ultimate post reinstall script for setting up OSX for security people!
1. Install Xcode 4.6 and command line tools.
2. Open terminal and run command:
\curl -L https://get.rvm.io | bash -s head --ruby
3. Enjoy ruby.
That is much easier. So much easier! Apparently rvm head will install Homebrew, all the required dependencies, and build a working copy of ruby. The #rvm channel on freenode helped me with this. I am now upset at the time I wasted trying to get the other way to work.
This may be old news to some but I wanted to throw this up because I spent a ton of time Googling and did not find a good solution, I hope this helps others. Now I am going to build the ultimate post reinstall script for setting up OSX for security people!
Tuesday, February 12, 2013
Ruby 1.9.3 on OSX Mountain Lion with Mac Ports and RVM
I the latest generation of Macbook Pro for most of my development and testing. A good way to work with Ruby is a requirement for my daily tasks. I usually use RVM to manage everything. After a fresh install of OSX I kept getting stopped doing an install of 1.9.3. The errors are mostly related to integer conversion or linking. After several days of pulling teeth, running debuggers, and read script code I finally have a working Ruby install. For reference my exact steps are:
I am not saying all of these steps are required, its just what I found to work. Why Mountain Lion ships with ancient versions of tools like Ruby and curl is beyond me. I left out a few steps from the clean install to the current running version but they were cosmetic changes (Terminal coloring), a Firefox install, and a TextMate install that didn't have any impact on the Ruby installation.
1. Clean install of OSX.And I got:
2. Apply all current updates (bringing my system to 10.8.2)
3. Install Xcode (version 4.6) and command line tools
4. Install MacPorts (2.1.3 10.8)
5. sudo port selfupdate -v
6. sudo port upgrade outdated
7. sudo port install apple-gcc42
8. sudo port install gmake
9. sudo port install gpatch
10. sudo port install binutils
11. sudo ln -s /opt/local/bin/gcc-apple-4.2 /opt/local/bin/gcc
12. sudo ln -s /opt/local/bin/gmake /opt/local/bin/make
13. sudo ln -s /opt/local/bin/gpatch /opt/local/bin/patch
14. sudo port install curl
15. curl -L https://get.rvm.io | bash -s stable
16. Add "source ~/.profile" to top of .bash_profile
17. Reboot ("Reopen windows after reboot" is unchecked)
18. rvm install 1.9.3 in Terminal
Davids-MacBook-Pro:~ dmaynor$ rvm install 1.9.3
Searching for binary rubies, this might take some time.
No binary rubies available for: osx/10.8/x86_64/ruby-1.9.3-p385.
Continuing with compilation. Please read 'rvm mount' to get more information on binary rubies.
Fetching yaml-0.1.4.tar.gz to /Users/dmaynor/.rvm/archives
######################################################################## 100.0%
Extracting yaml to /Users/dmaynor/.rvm/src/yaml-0.1.4
Configuring yaml in /Users/dmaynor/.rvm/src/yaml-0.1.4.
Compiling yaml in /Users/dmaynor/.rvm/src/yaml-0.1.4.
Installing yaml to /Users/dmaynor/.rvm/usr
Installing Ruby from source to: /Users/dmaynor/.rvm/rubies/ruby-1.9.3-p385, this may take a while depending on your cpu(s)...
ruby-1.9.3-p385 - #downloading ruby-1.9.3-p385, this may take a while depending on your connection...
######################################################################## 100.0%
ruby-1.9.3-p385 - #extracting ruby-1.9.3-p385 to /Users/dmaynor/.rvm/src/ruby-1.9.3-p385
ruby-1.9.3-p385 - #extracted to /Users/dmaynor/.rvm/src/ruby-1.9.3-p385
ruby-1.9.3-p385 - #configuring
ruby-1.9.3-p385 - #compiling
ruby-1.9.3-p385 - #installing
Retrieving rubygems-1.8.25
######################################################################## 100.0%
Extracting rubygems-1.8.25 ...
Removing old Rubygems files...
Installing rubygems-1.8.25 for ruby-1.9.3-p385 ...
Installation of rubygems completed successfully.
Saving wrappers to '/Users/dmaynor/.rvm/bin'.
ruby-1.9.3-p385 - #adjusting #shebangs for (gem irb erb ri rdoc testrb rake).
ruby-1.9.3-p385 - #importing default gemsets, this may take time ...
Install of ruby-1.9.3-p385 - #complete
Davids-MacBook-Pro:~ dmaynor$
I am not saying all of these steps are required, its just what I found to work. Why Mountain Lion ships with ancient versions of tools like Ruby and curl is beyond me. I left out a few steps from the clean install to the current running version but they were cosmetic changes (Terminal coloring), a Firefox install, and a TextMate install that didn't have any impact on the Ruby installation.
Monday, November 05, 2007
http://docs.info.apple.com/article.html?artnum=306896
Crap. 5 remote code execution vulnerabilities in Quicktime alone. Can anybody tell me how to enable ASLR in 10.5, I don't want to get owned by any of these.
http://docs.info.apple.com/article.html?artnum=61798 5 updates for Quicktime this year alone? That seems a bit high.
Crap. 5 remote code execution vulnerabilities in Quicktime alone. Can anybody tell me how to enable ASLR in 10.5, I don't want to get owned by any of these.
http://docs.info.apple.com/article.html?artnum=61798 5 updates for Quicktime this year alone? That seems a bit high.
Friday, February 02, 2007
Bill Gates fights back against an evil corp?!?!
UPDATE: For a response to John Gruber check here. For more discussion on the lack of security features in OSX, check here.
http://apple.slashdot.org/apple/07/02/02/1940232.shtml
The Mac community is up in arms. Bill Gates gave an interview where his fights back against some Apple’s misleading and deceptive marketing.
As a side note those commercials are what lead me to do security research in Apple. Also the quote that is quite often attributed to me about “cigarettes in mac users eyes” is a misquote as I actually said “cigarettes in the eyes of the actors in the commercials”. But I digress.
"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine."
Oh the Mac fans are upset. *rabble*rabble*.
http://www.limited-exposure.org/2007/02/02/hey-bill-keep-up-will-ya/
http://www.securityfocus.com/archive/142/458920/30/0/threaded
http://daringfireball.net/2007/02/lies_damned_lies_and_bill_gates
The limited exposure guy even went as far as to count the MoBB bugs to prove how insecure Windows is. He forgot to mention how many of the affect Windows Vista and IE7 (HINT: not 25, that’s for sure).
Take a seat, hold your hats because I am about to make a declaration: Windows Vista is more secure than OSX 10.4.8. Anybody that tells you anything different should immediately be treated with the same disdain as finding a parking ticket on your car. This hasn’t been a popular thing to say and it’s not often said, but I am here to stand my ground on this. It sure won’t win me any karma on Slashdot.
Why do I think this? One new exploitation methods have to be developed to take advantage of a Vista vulnerability. Let’s look at why:
Stack overflows are gone. Don’t think this is just because of NX, or Non-eXecutable stacks. NX just means I can’t execute code on the stack but return-to-libc attacks still work. With things like ASLR (which is implemented on Vista and not OSX) breaks return-to-libc attacks because the system libraries are loaded at different, random addresses every time. Count how many of the Month of Apple Bug exploits were stack overflows. The most dangerous one, MoAB #1, was.
Heap Overflows are pretty broken is not eradicated. With heap randomization, metadata elements and function pointers being XORed with random numbers it would be next to impossible to exploit a heap overflow on Vista in the traditional way. OSX doesn’t have any similar protection.
Tom Ptacek even comments on the lack of advanced security features in OSX here.
What does this mean? In order for attacks to continue in the same way there will have to be some MAJOR evolutions in vulnerability and exploit technology as almost all of the widespread flaws you have heard of take advantage of these methods. Blaster, Sasser, Slammer, Zotob, all those big worms have relied on either a stack or heap based overflow.
Don’t believe me? Prove me wrong. Now don’t get me wrong, you can still email executables to people and then trick them into running it…you can do that on OSX as well.
Of course this won’t do anything to calm the swell of zealots or people stuck in the belief that Microsoft hasn’t changed since 1998. Its kinda like when explaining, in-depth, a black Ferrari is a better car than a red Honda civic to a teenage girl. The same logic that would lead the teenage girl to say “but I like this one better because its red and goes with my lipstick” is the same logic a Mac zealot will use when they say “I don’t care about the facts, I KNOW OSX is more secure”. Know I can’t comment on usability or any of that jazz, that’s not my area of expertise. I’ve never had a problem setting up and running either.
The thing that really upsets me about the Mac community going off on Bill Gates is that Apple does the same exact thing. Their "we don't have security problems" commericals are the same thing as what Bill Gates said. If you want to be mad at Bill then hold Steve accountable for the same actions as well. The arrogant commericals Apple runs has done nothing but win them alot of researchers who are breaking their systems that would not have otherwise given them a second look.
I’ll leave you with my favorite Mark Twain quote:
“It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so.”
UPDATE: Please understand that I'm not referring to the average Mac user that just wants a safe, reliable computing experience. I'm taking exception with zealots who place those users at risk by giving them a false sense of security. OS X is pretty safe today for the average user, but the platform is definitely NOT as fundamentally secure as Vista. Microsoft only changed when users demanded better security, and it's only when the Mac community calls for similar protections that Apple will include them in products. I use my macbook on a daily basis. I write code on it, I watch movies on it, I chat with people on it. Just becasue I don't think highly of the security in OSX doesn't mean I am not a Mac user.
http://apple.slashdot.org/apple/07/02/02/1940232.shtml
The Mac community is up in arms. Bill Gates gave an interview where his fights back against some Apple’s misleading and deceptive marketing.
As a side note those commercials are what lead me to do security research in Apple. Also the quote that is quite often attributed to me about “cigarettes in mac users eyes” is a misquote as I actually said “cigarettes in the eyes of the actors in the commercials”. But I digress.
"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine."
Oh the Mac fans are upset. *rabble*rabble*.
http://www.limited-exposure.org/2007/02/02/hey-bill-keep-up-will-ya/
http://www.securityfocus.com/archive/142/458920/30/0/threaded
http://daringfireball.net/2007/02/lies_damned_lies_and_bill_gates
The limited exposure guy even went as far as to count the MoBB bugs to prove how insecure Windows is. He forgot to mention how many of the affect Windows Vista and IE7 (HINT: not 25, that’s for sure).
Take a seat, hold your hats because I am about to make a declaration: Windows Vista is more secure than OSX 10.4.8. Anybody that tells you anything different should immediately be treated with the same disdain as finding a parking ticket on your car. This hasn’t been a popular thing to say and it’s not often said, but I am here to stand my ground on this. It sure won’t win me any karma on Slashdot.
Why do I think this? One new exploitation methods have to be developed to take advantage of a Vista vulnerability. Let’s look at why:
Stack overflows are gone. Don’t think this is just because of NX, or Non-eXecutable stacks. NX just means I can’t execute code on the stack but return-to-libc attacks still work. With things like ASLR (which is implemented on Vista and not OSX) breaks return-to-libc attacks because the system libraries are loaded at different, random addresses every time. Count how many of the Month of Apple Bug exploits were stack overflows. The most dangerous one, MoAB #1, was.
Heap Overflows are pretty broken is not eradicated. With heap randomization, metadata elements and function pointers being XORed with random numbers it would be next to impossible to exploit a heap overflow on Vista in the traditional way. OSX doesn’t have any similar protection.
Tom Ptacek even comments on the lack of advanced security features in OSX here.
What does this mean? In order for attacks to continue in the same way there will have to be some MAJOR evolutions in vulnerability and exploit technology as almost all of the widespread flaws you have heard of take advantage of these methods. Blaster, Sasser, Slammer, Zotob, all those big worms have relied on either a stack or heap based overflow.
Don’t believe me? Prove me wrong. Now don’t get me wrong, you can still email executables to people and then trick them into running it…you can do that on OSX as well.
Of course this won’t do anything to calm the swell of zealots or people stuck in the belief that Microsoft hasn’t changed since 1998. Its kinda like when explaining, in-depth, a black Ferrari is a better car than a red Honda civic to a teenage girl. The same logic that would lead the teenage girl to say “but I like this one better because its red and goes with my lipstick” is the same logic a Mac zealot will use when they say “I don’t care about the facts, I KNOW OSX is more secure”. Know I can’t comment on usability or any of that jazz, that’s not my area of expertise. I’ve never had a problem setting up and running either.
The thing that really upsets me about the Mac community going off on Bill Gates is that Apple does the same exact thing. Their "we don't have security problems" commericals are the same thing as what Bill Gates said. If you want to be mad at Bill then hold Steve accountable for the same actions as well. The arrogant commericals Apple runs has done nothing but win them alot of researchers who are breaking their systems that would not have otherwise given them a second look.
I’ll leave you with my favorite Mark Twain quote:
“It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so.”
UPDATE: Please understand that I'm not referring to the average Mac user that just wants a safe, reliable computing experience. I'm taking exception with zealots who place those users at risk by giving them a false sense of security. OS X is pretty safe today for the average user, but the platform is definitely NOT as fundamentally secure as Vista. Microsoft only changed when users demanded better security, and it's only when the Mac community calls for similar protections that Apple will include them in products. I use my macbook on a daily basis. I write code on it, I watch movies on it, I chat with people on it. Just becasue I don't think highly of the security in OSX doesn't mean I am not a Mac user.
Subscribe to:
Posts (Atom)