Wednesday, July 5, 2017

Blog revived

I'm moving from workpress blog I was running under my own domain to this.  More posts will appear shortly...

Saturday, June 30, 2012

Mac Address book not saving custom phone formats

I wanted to setup phone number formats in my Address Book but they wouldn't save.  Its not a permissions problem and there was some weird behaviour where I could add one row but not a second.

Like any good hacker / developer / software engineer I went under the hood and changed the preferences directly.

  • Close AddressBook
  • Open a terminal (I recommend iTerm if you get into the terminal often)
  • cd ~/Library/Preferences
  • Open
  • You'll need XCode installed as this is where the .plist editor is now
  • Navigate to ABPhoneFormat-PhoneFormatter
  • Click the '+' to add a row (or right-click and choose 'Add Row')
  • Type the format.  For Australia I added the following:
  • 1. 04## ### ###
  • 2. 0# #### ####
  • Open AddressBook, go to Preferences.. and under Phone you should see your new formats

Sunday, February 6, 2011

Connecting to my Hover IMAP email from work which blocks ports


My work blocks ports so I cannot access my personal email except through my provider's ridiculous webmail. Specifically I use Thunderbird and want all the features such as nostalgy to easily move my email to folders.

  1. Well there is the major "work blocks ports" issue. You need to setup an ssh tunnel to a trusted server that forwards traffic to the IMAP (or POP3 if that's your thing) ports. That trusted server for me was my home server. In the example below its my home server and I'm super aware of security threats which may not be an issue with an external server.
  2. Hover, my domain name and email provider uses a mechanism where you point your IMAP client to with the login being user@domain and it redirects to mail.<domain>. This prevents easily setting up SSH tunnels as I don't know how to setup an ssh tunnel that handles this redirection. Looking through Hover's management console for my domain, I found that the forwarded to address is mail.<domain>.com.cust.<secret>.com

  1. Open external ports on home network that map to port 22 ssh (internal). Typically do not use 22 as your external port as it is a security hole, but use a port in the thousands such as 5555. You may actually want to decide on the ports and not open them until you've determined your work's gateway IP address and configured your network to restrict (only ssh) traffic to be from there. You open ports through your modem and router.
  2. Find out your home WAN static ip address (if you have dynamic IP I haven't thought about the solution for this as I believe your work network admins need to be able to specify an IP address rather than a DNS. If it is the latter then you could use Dynamic DNS).
  3. Request work to open their network to allow connections to your WAN IP and the ports you have opened (or will open). Tell them you run ssh servers at home. Request from them the work gateway IP address you will be connecting from.
  4. As security measures at home, update your hosts.allow, hosts.deny and sshd_config (unix, linux, macosx - don't know about Windows) to only allow:
  1. At work open an ssh tunnel for your IMAP traffic - you'll need to type your home ssh login password. Use a *nix/Mac OS X terminal or Putty under Windows:
  2. ssh -T -N -L 3993:mail.<domain>.com.cust.<secret>.com:993 @ -oPort=5555
  3. This is saying to connect to <home wan ip>:5555. The local port at your local site (work) is 3993 and it maps to the remote port 993 at mail.<domain>.com.cust.<secret>.com. This local (3993) to provider's port 993 is done via your ssh server at home (ie. ssh tunnel).
  4. Set your email client (I use Thunderbird) to use the local port you setup as your IMAP (or POP3) port - I used 3993 in my example.
Comments and questions welcome.

Monday, March 15, 2010

Mac OS X, ssh and X11 forwarding

Well it was my turn to go through this struggle. Once you have problems you'll see that so many others have had problems with getting ssh public key ("no password") connections and then X11 forwarding working. Next I'll get port forwarding through ssh working. That can be the subject of a later post.

Here are my notes for problem solving.

  • Permission on ~/.ssh/authorized_keys OR ~/.ssh/authorized_keys2 needs to be 0600
Found at,
  • Permission on ~/.ssh needs to be 0700
Found at

X11 forwarding
  • I had to remove the references in home.bashrc that sets $DISPLAY as the sshd does that
Found at

Thursday, August 6, 2009

Local machine, hostname, ssl / https would hang

I am trying to put lessons I've investigated and learnt up, not only as a record for myself, but also to help others. The web has solved so many of my problems and I want to pass on anything i know that can help.

I am a Mac user (Mac Mini running Mac OS X 10.5.7 currently).

I run JSPWiki WebApp through the Tomcat server and have the security policy set to https (SSL) for logins and editing. My server is kanga.local (Bonjour) and it has the IP address of

When I connect from any other local machine I'd log in straight away (go to http address and 'login' and 'pw' form would come up immediately). When I connected to it via the server using the server name (kanga.local) the browser would sit there saying "connecting to kanga.local" and sometimes eventually got there to the login screen (over https). It was unusable like this. If I put in localhost instead it would get to the login screen but logging in (post OK) then would revert to kanga.local and once again it would take forever.

Things I tried to work out what was going on (aswell as Google):
  • dscacheutil (Directory Services) showed me that Kanga.local had multiple IP addresses

bsmith@kanga RCS $ dscacheutil -q host -a name kanga.local
name: kanga.local
ipv6_address: fe80:8::21c:42ff:fe00:9
ipv6_address: fe80:8::225:ff:fef8:3034

name: kanga.local

  • traceroute - returned a result instantly and showed it took 1 hop so didn't help me at all

bsmith@kanga RCS $ traceroute -p 8443 kanga.local
traceroute to kanga.local (, 64 hops max, 40 byte packets
1 ( 0.403 ms 0.057 ms 0.081 ms

bsmith@kanga RCS $ ifconfig
lo0: flags=8049 mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010 mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863 mtu 1500
ether 00:25:4b:b3:d6:20
media: autoselect status: inactive
supported media: none autoselect 10baseT/UTP 10baseT/UTP 10baseT/UTP 10baseT/UTP 100baseTX 100baseTX 100baseTX 100baseTX 1000baseT 1000baseT 1000baseT
en1: flags=8863 mtu 1500
inet6 fe80::225:ff:fef8:3034%en1 prefixlen 64 scopeid 0x5
inet netmask 0xffffff00 broadcast
ether 00:25:00:f8:30:34
media: autoselect status: active
supported media: autoselect
fw0: flags=8863 mtu 4078
lladdr 00:25:4b:ff:fe:b3:d6:20
media: autoselect status: inactive
supported media: autoselect
en2: flags=8963 mtu 1500
inet6 fe80::21c:42ff:fe00:8%en2 prefixlen 64 scopeid 0x7
inet netmask 0xffffff00 broadcast
ether 00:1c:42:00:00:08
media: autoselect status: active
supported media: autoselect
en3: flags=8963 mtu 1500
inet6 fe80::21c:42ff:fe00:9%en3 prefixlen 64 scopeid 0x8
inet netmask 0xffffff00 broadcast
ether 00:1c:42:00:00:09
media: autoselect status: active
supported media: autoselect

  • iStat Menus is a system monitoring tool that shows Network Interfaces. I noticed that it shows the interfaces that ifconfig shows. And when I bring an interface down it can no longer be seen in the iStat menu.

What I wondered was why the Network System Preference didn't do the same as ifconfig. Then I realised it does!. This would have saved me alot of time if I'd realised it.

Go to Network Preferences and you'll see listed down the left-hand, what are ultimately network interfaces. This picture shows the en2 interface active:

Now select the interface you want to turn off and select 'off' in the Configure drop-down.

And it will be disabled. It seems to take a couple minutes to ripple through the system. And I had to close the current Firefox tab and open a new one.

If this doesn't work then you'll need to use ifconfig to turn off the network interfaces as per Disable your network interfaces (Mac Tricks and Tips blog):

sudo ifconfig en2 down
sudo ifconfig en3 down

Saturday, July 25, 2009

JSPWiki RCSFileProvider exception

I've been using JSPWiki for atleast 5 years now. One problem I've had which I've just worked out is an RCS exception (when using the RCSFileProvider to version pages) that frankly pissed me off! It seemed to come up and for no reason. It looks like:

JSPWiki has detected an error

Error Message
RCS checkin failed
Place where detected
com.ecyrd.jspwiki.providers.RCSFileProvider.putPageText(), line 430

If you have changed the templates, please do check them. This error message may show up because of that. If you have not changed them, and you are either installing JSPWiki for the first time or have changed configuration, then you might want to check your configuration files. If you are absolutely sure that JSPWiki was running quite okay or you can't figure out what is going on, then by all means, come over to and tell us. There is more information in the log file (like the full stack trace, which you should add to any error report).

And don't worry - it's just a computer program. Nothing really serious is probably going on: at worst you can lose a few nights sleep. It's not like it's the end of the world.

The problem for me was that I was previously running Tomcat as root and since then have started running it as user www (a user that has no admin rights to any other part of the server thus reducing likelihood of security issues). And root had the page locked. The solution is simple.

* For page do the following when you try and edit and save a page and the above error is shown.
** For example the page is "useful_commands" which has the corresponding RCS file "useful_commands.txt,v"

$ cd /where/wiki/pages/are/attachments
$ sudo rcs -u useful_commands.txt,v # this unlocks the page owned by root - use sudo -u if not root (see next)
$ sudo -u www rcs -l useful_commands.txt,v # this locks the page as www (tomcat running as www)
Now hit refresh in your browser and the changes made should be saved

Alternatively you could unlock any files locked by root with an:

sudo rcs -u *v

But I've not tried this. I assume on files not owned by root it will do nothing. I leave the verification to you as an exercise!

Saturday, July 18, 2009

GNUPG / Pinentry-mac paste problem

This caught me out after installing Mac GPG 2 which includes pinentry (as in pin entry). I could not paste my passphrase into it. I googles for ages and tried installing pinentry separately. I looked for configuration files.

Hours later I found out you can right-click to paste!