Tag Archives: mac

Fedora Linux and OSX Dual Boot on Mid-2010 (6,2) 15″ MacBook Pro Laptop

Posted on by

As part of the transition from a contractor to a full-time employee of Cox Media Group Digital & Strategy (check out our github), I’ve been issued a Mid-2010 (6,2) 15″ MacBook Pro laptop, to replace my current Early-2008 (3,1) MacPro desktop. The desktop is currently running Fedora 17, dual-boot with with Mac OS X (left in place for firmware updates and emergencies) using the rEFInd boot manager to choose between the two OSes. It took me two days to get this working right on my desktop, but it had been my plan to duplicate this setup on my laptop. I found a lot of conflicting information online, but I decided to give it a try.

Well, I have Fedora 18 and OS X 10.8 dual-booting on the laptop, but not as planned. After a day and a half of research, troubleshooting and re-installs, here’s what I found to actually work, in the hope that nobody else will go through the ordeal I went through. Following that are some notes about the new Fedora 18 installer (Anaconda 18), especially important for anyone who’s used Linux for a while. To those who are new to Linux, don’t be dissuaded by the above. Most of the frustration I experienced is because I’ve been using Linux for a relatively long time (about 10 years), had my own ideas about exactly how I wanted things setup (which are decidedly not supported by Fedora), and had some assumptions about the installation process based on earlier versions.

How to get it working:

Forget about rEFInd. This had been the original advice from Matthew Garrett, @mjg59, kernel coder, contributor to the Anaconda project, and all-around authority on booting Linux on EFI/UEFI hardware. My advice, and the method that worked for me:

  1. Shrink your Mac partitions and leave as much free space as you want for Fedora. using the Disk Utility tool in OS X (I also created an 8GB VFAT partition that both OSes can read/write to).
  2. Download Fedora 18 64-bit DVD image, I chose the KDE version. Verify the sha256 sum if you want (they don’t have a readily visible link to the checksum file. Copy the download link, paste it into your address bar and remove the filename. You should get a directory index that includes a -CHECKSUM file.
  3. Per the Installation Guide’s Making Fedora USB Media page, use liveusb-creator to setup the installation image on the USB flash drive (I needed to start it with the --reset-mbr option). You can also use other tools (dd if you’re not on a Fedora-based distro), or a DVD, but this is the method I chose.
  4. Due to a bug in liveusb-creator, you may need to manually edit /EFI/boot/grub.cfg on the created USB stick if grub gives you a file not found error. If that happens, please see my bug report above for the action to take (in short, you need to mount the USB stick, chmod u+w /EFI/boot/grub.cfg then edit that file and replace every occurrence of “isolinux” with “syslinux” and every occurrence of “root=live:LABEL=Fedora-18-x86_64-Live-KDE.iso” with “root=live:LABEL=LIVE”).
  5. Boot the USB drive (use the alt key when you turn on the laptop to select the USB drive) and just install Fedora normally, letting it do its thing. Select a boot disk and let it put GRUB2 on the EFI partition.

When you boot, it will boot to GRUB. There will be some options for Mac OS there, but they don’t work (more on that below). If you want to boot Mac, hold down the alt/option key when you power on the laptop, which will bring you to the boot disk selector and you can pick the Mac disk. I know it’s not pretty or ideal, but it’s the best option right now.

Making it Better:

GRUB2 tries to automatically detect other OSes and configure them in the boot loader (this is done through /etc/grub.d/30_os-prober, commonly just referred to as os-prober). It tries to boot Mac directly through the xnu_kernel64 module, which not only isn’t installed on the boot partition by default, but just doesn’t work with at least Mountain Lion (10.8). So getting GRUB to boot Mac means either having the bugs in the xnu module fixed, or figuring out how to setup a chainloader to boot from GRUB to Mac. The latter is probably the method I’ll investigate, but for now, since I rarely use Mac, I’m happy having to use the alt key at boot to get there. To remove the annoying, broken Mac OS options from the grub screen, run the following commands as root (they assume you have your EFI partition mounted at /boot/efi which I believe Fedora should do by default:

cp /boot/efi/EFI/fedora/grub.cfg /boot/efi/EFI/fedora/grub.cfg.bak
echo 'GRUB_DISABLE_OS_PROBER="true"' >> /etc/default/grub
grub2-mkconfig > /boot/efi/EFI/fedora/grub.cfg

Thoughts on the Fedora 18 Anaconda Installer

I found a couple of issues with the new Anaconda 18 installer that were either unweildy or confusing for someone who’s been installing Linux for a long time. Overall, the new installer is very nice. It has a clean, even elegant UI, a relatively nice flow from start to completion, and is certainly beginner-friendly. It has fewer options than any Linux installer I’ve ever used before – not even options for package selection, firewall or SELinux configuration, etc. – but I guess this is in line with the goal of making Fedora a desktop OS for the masses. I would have appreciated an “advanced mode” installer that was more like Fedora 17 (or even much older versions), but I guess I’m an edge case, at least in the Fedora community. However, I did find two things especially difficult, both related to the fact that my laptop has two main drives (a 500GB hard drive and a 120GB SSD):

First, the installer prompted me to select a “boot disk”. I guess I should have read the installation guide, but I assumed that nomenclature translated to either “which disk should the automatic partitiioning put yout /boot partition on” or “which disk should I set the bootable flag on in the partition table”. In fact, it means “which disk should I put GRUB on the EFI partition of”. I installed, rebooted, and was shocked – and somewhat distressed – to boot directly to GRUB2 instead of the rEFInd installation I had setup. The installer didn’t have any of the previously-customary “warning: this will overwrite your MBR/EFI boot partition” notices, so I felt safe letting it continue. It turned out that this was the way I ended up going, and it also turns out that there’s a bug in Anaconda that makes it fail installation if you tell it not to write a bootloader to disk (though it’s patched by one line of Python code). But I was deeply distressed that – contrary to the experience of every, admittedly more complicated, Linux installer I’d used before – the Fedora 18 installer overwrote my EFI bootloader (analogous to overwriting the MBR on a BIOS boot machine) without ever warning me or asking for a confirmation.

Secondly, the partitioning tool is clearly designed for only one destination disk. The overview screen lists configured partitions by label and mount point, but not by physical device, so figuring out which partitions are on which physical disks takes a click on each and every partition to view that information in the detail panel. When you create a new partition, it’s automatically put in a LVM volume group spanning all disks. Changing the target of the automatically created volume group requires a few clicks, as does changing the physical disks backing any new volume groups. To assign a newly created partition to a specific disk, you have to click on an unlabeled “tool” icon under the list of partitions, far away from the information on the partition in question. It’s a nice interface for someone who clicks the “partition automatically” button, or who just knows they want to add “an extra partition”, but for anyone who has a specific layout in mind (like having /, /boot and /var, specifically sized, on the SSD and /home on the rotating disk) it takes about 4-5 more clicks and dialogs to add a partition than the last Fedora installer did. Mainly, it’s lacking any sort of Advanced Mode for partitioning that allows the user to quickly and accurately layout a more complex partitioning scheme.

Below are some screenshots from the Fedora 17 and Fedora 18 Installation Guides, which contrast both the overview of all partitions and the individual partition settings:

Fedora 18 Overview, from 9.13. Creating a Custom Partition Layout:

Fedora 17 Overview, from 9.14. Creating a Custom Layout or Modifying the Default Layout:

Fedora 18 Partition Creation/Editing, from 9.13.3. Create LVM Logical Volume:

Fedora 17 Partition Creation/Editing, from 9.14.2. Adding Partitions:

How to Find Network Settings in various operating systems

Posted on by

Since I’m occasionally asked these things, here’s how to find some commonly needed network information in various operating systems – for now, Windows, Mac OS X and Linux, as well as Android and iOS (iPhone/iPad/etc.). My assumption is that the people running BSD, Solaris, etc. (and yes, all of those have visited my blog) know this stuff. I won’t go into descriptions of what these “strange” things are.

First off, I know that most desktop computer users are used to doing everything graphically. If you know what you want to do, the command line is a lot faster. There’s no reason to fear it. Watching a cooking show might be wonderful if you have no idea how to cook a meal, but it’s not very efficient if you just need the list of ingredients.

First off, how to get a command prompt:

  • Windows: For XP and before, Start -> Run -> type “cmd”, click Ok. For Vista, Start -> type “cmd”, click it.
  • Mac OS X:Applications -> Utilities -> Terminal
  • Linux/Unix: Konsole, Xterm, whatever else you use, or just drop to command line/runlevel 3

In the following examples, anything in monospace font should be typed exactly as is at the command prompt. Note: some of this may need to be run as Administrator/root. If you’re using Windows Vista or newer, once “cmd” appears under Programs, right-click it and select Run as Administrator. On Mac or Linux, you may have to run as sudo, and you may have to specify an absolute (full) path.

Default Gateway – on a simple home network, this is the IP address of your router.

  • Windows: route PRINT, look for the line beginning with “Default Gateway:”
  • Mac OS X: route get default, look for the “gateway:” line.
  • Linux: sudo /sbin/route, look for the line beginning with “default”, it will be the in the “Gateway” column. If your system uses iproute2, ip route show.

MAC Address – The (more or less) globally unique address of your computer’s network adapter. Each network adapter (wired, wireless, etc.) has its own. Looks like xx-xx-xx-xx-xx-xx or xx:xx:xx:xx:xx:xx or xxxxxx:xxxxxx where each “x” is a number from 0 to 9 or a letter from a to f.

  • Windows: ipconfig /all, look for the name of your network connection and then the indented line starting with “Physical Address”.
  • Mac OS X: ifconfig, look for your network adapter (en0 is wired ethernet, en1 is your AirPort), the address will be on a line after “ether”.
  • Linux: ifconfig, look for “HWaddr” for the right interface.

WAN (Internet or External) IP Address) – Go to whatismyip.jasonantman.com.

Ping another host – A ping test shows (simple explanation) how long it takes packets to get from your computer to another. (For you Warcraft players, this isn’t the same as the ping times shown in-game, and you can’t ping the realm servers).

  • Windows: ping -t IPaddress, the -t makes it run until you type Control-C to stop it.
  • Everything else: ping IPaddressCtrl-C (or whatever your OS uses) to stop it.

I’ll update this with more when I get time…

Managing Ubiquiti Networks MAC ACLs from a script

Posted on by

I have a small web-based tool for allowing members of an organization to register their wireless MAC addresses, and then automatically adding them to the MAC ACL on Ubiquiti AirOSv2 APs. It’s a pretty quick hack, along with a simple and ugly web-based tool, but it gets the job done for a non-profit with only 25 people. After posting about it on the Ubiquiti forum and getting a request from someone for the code, I decided to put it out there for anyone who wants it. The script is mostly based on SCPing configs to and from the AP and SSHing in to run commands, and will need passwordless public key auth to the AP.

The code itself is in subversion at http://svn.jasonantman.com/misc-scripts/ubiquiti-mac-acl/. It’s composed of four files:

  • updateAPconfigs.php.inc – the main PHP file with three functions for working with the APs
  • wirelessTools.php – My PHP page for users to add MACs. It’s pretty rough and is mostly based on handling our LDAP authentication/group framework, but it gives a fair example of how I store MACs in a MySQL table and then rebuild a given AP config file with the current list of MACs. I doubt it will be useful to anyone else as more than an example.
  • wireless.sql – The schema for the SQL database I use to store MACs.
  • README.txt – Readme file including some warnings on the lack of error checking in the functions.

Hopefully this will be of some use to someone. I should probably mention two important things here. First, the AP only accepts up to 32 MAC addresses, so if you feed the makeNewConfigFile() function an array with more than 32, it will just stop at the 32nd. Also, be aware, this SCPs a config file to the AP, runs cfgmtd and the reboots the AP. If you send it a bad config file, who knows what will happen. If you allow your users to add MAC addresses, your APs will reboot every time someone adds one.

All I ask is that if you use this, leave a comment to thank me, and if you make any changes/additions/bugfixes, please send them back to me.

Also, I have some Nagios check scripts that are useful for Ubiquiti APs.

How to make software distribution secure

Posted on by

We were seeing some strange behavior with Mac client machines on the network lately, specifically with DNS queries (I’d guess that a lot of it has to do with Bonjour), but the discussion touched on the DNS Changer trojan for Mac. I’d really never heard about it before, and after some basic reading, it really got me thinking about the state of software packaging, updates, and distribution. Granted, some of my observations would require sweeping changes to how packaging is handled (even on the *nixes), and would require buy-in from more than just the vendor and distributor (well, I guess MS can probably pressure ISVs to do whatever they want), but seems to be the only way to keep appliancization from becoming the solution to security issues. I’ve written about this before, and a while ago in respect to Linux, but here’s my current take on what needs to be done to software packaging to allow our machines to stay secure, no matter what OS they run.

  1. Allow packages to be installed as a user. This is a mammoth task under Windows or Mac, but still an issue under Linux. The DNS Changer trojan is a case in point – there’s no reason a “video codec” would need to be installed system-wide, and if that were simply installed user-specific, the malicious installer would never have the privileges to change system-wide DNS settings. This is also a big issue under Linux. Yum, apt, rpm, etc. should (if run as a non-root user) install packages in a user-local path under /home by default. Of course, this would mean many things would need to change in order to cope – perhaps even a change to the LSB spec.
  2. Warn about inconsistencies on package installation. The package installation program should warn a user (whether installing packages system-wide or local to a user) if the package is going to modify system-wide files, i.e. files not specifically placed by that package and that package only.
  3. Real package management for Windows and Mac It’s about time that Apple and Microsoft admit that people without billions in funding can come up with good ideas. Get rid of these Installer programs (the many many different ones). Each OS should pick a package format, develop a yum-like (or, even better, zypper-like) package management program that understands repositories. I don’t know how they’d cope with the pervasive license keys and DRM in the non-nix world, but I’m sure they could figure out a way that still allowed sane package management. The idea here is that vendors run repositories and are responsible for their GPG keys, so trojans claiming to be an update to a given vendor’s software would be rejected. Also, isn’t it about time that you can update all your software on Windows or Mac through one tool?
  4. Filesystem-based IDS for Windows and Mac Assuming it will take a while to get everyone onboard with the packaging idea, and noting that users of these OSes like installing applications from arbitrary sources, there should be an OS-level feature to audit all filesystem changes made by untrusted/unsigned applications, and a way to alert the user to these changes if they appear suspisious (essentially what Spybot Search & Destroy / TeaTimer do, but builtin to the OS).
  5. Vendor support of packaging/repositories – Along with the idea of repositories, vendors should have a trust or signing system for ISVs signing keys. If users are installing arbitrary software, making them trust an arbitrary key won’t do anything to improve security. Microsoft and Apple need to run a CA that signs the package signing keys of their ISVs. The also – and here’s the big one – need to have a parallel framework for “independent developers”. I.e. something that doesn’t cost any money for the packagers, and allows them to at least give a “this person is who they say they are” message.
  6. Finally, Make package management pervasive – Have a real push to apply the packaging and signing keys standard to all software for the OS.

On a final note, applicable to both the current state of Linux packaging and my ideas about Mac and Windows… DNS is the ideal method of key distribution (granted, yes, this just means that the security of the packager’s DNS records, and their servers and signing key, is just more of an issue). But even with Yum and Zypper, it seems to me to be logical that the packager’s public key should be stored in a DNS record (or at a URL stored in a DNS TXT record). That way, it wouldn’t be up to an end user to import and trust a key, they’d just have to trust the repository (i.e. software.adobe.com) and the package manager would pull down the key and verify that package X in software.adobe.com is, in fact, signed by the software.adobe.com key.

PC vs Mac

Posted on by

Begin shameless rant…

When I read the “system requirements” for hardware these days, and see “PC or Mac”, I cringe. Surely someone who’s developing the hardware should understand the horrible inaccuracy of this.

The term “PC”, or Personal Computer, is used to refer to any hardware that is (at this point, a derivative of) an IBM PC architecture clone. This generally means Intel x86 (compatible) systems.

In 2005, Apple discontinued their PowerPC systems and made the move to Intel-based computers. Since 2005, all Apple (Mac, iMac, MacBook, etc.) computers have been PCs.

Similarly, PC refers just to the hardware, not the operating system. An Intel-based computer running Linux is a PC.

If you mean “Requires Microsoft Windows or Mac”, say that. I don’t know whether it’s more disturbing to see this on the box of a piece of (I assume, engineered) hardware or in a tutorial or how-to supposedly written by someone who knows something about technology.

New MacBook Pro; Dual boot with Linux

Posted on by

So in the first bit of good news lately, after four years as a part-timer, this Monday I start my full-time position at Rutgers as a Linux SysAdmin. Not really anything different – same office, same work, just another day a week and a pay bump (plus benefits and all that). My only real change on the first day will be a 3-hour HR orientation and moving my workstation to public address space. But, on the positive side, my new laptop just came in – a shiny new 13″ MacBook Pro, 2.4GHz Core2 Duo, 4GB RAM, 250GB HDD. Every time I see Mac packaging, I remember why they cost so much – the box must be half the price!

MacBook Pro

If all goes well, I’ll have the machine setup to dual-boot OSX and Linux (specifically OpenSuSE 11.2. I’ll post notes when I have it done.

The list of things I have to figure out beyond just getting both OSes running:

  • Do I want to use Mac for more than a select few apps that require it (i.e. possibly as another day-to-day OS)? If so, I need to figure out file sharing between the OSes, what I want unified from my profiles/homedirs, Firefox profile sharing, etc.
  • How to do a simple shared partition?
  • FUSE/SSHFS on the Mac side.
  • Is there a way to select the boot OS (rEFIt) from Linux?

Stay tuned…

Mac to TTF font conversion

Posted on by

I know i haven’t posted in a while.

I’m working on a friend’s web site, and needed a specific font for the title graphic. I couldn’t find it *anywhere* as a free TTF download for my Linux machine. However, after asking a friend who’s a Mac user, I got a .dfont file as an email attachment.

After some quick Googling, I came by the fondu project on SourceForge. I didn’t look into it in depth, but I just grabbed the i386 RPM, installed it, and – magic! The in the directory with my .dfont I now also had .ttf fonts for all of the variants!