Bookmark this site!


Block Microsoft messenger on Speedtouch router

Blocking tcp traffic from two ranges of IP addresses on ports 80 and 1863 prevents MSN messengerlogin and initialisation.

You can input the following via telnet login to your speedtouch (telnet -l <user> for temporary use—to revert to saved configuration use system reboot, save or add it to the firewall section of user.ini for a permanent block. (View source to see lines split here.)

firewall chain create chain=nomsn

firewall rule create chain=nomsn prot=tcp srcport=1863 src= action=drop
firewall rule create chain=nomsn prot=tcp srcport=1863 src= action=drop

firewall rule create chain=nomsn prot=tcp srcport=80 src= action=drop
firewall rule create chain=nomsn prot=tcp srcport=80 src= action=drop

firewall assign hook=input chain=nomsn


See CLI reference for your model.

*                             ______ 
*                         ___/_____/\
*                        /         /\\ Alcatel, Speed Touch 510 ADSL modem
*                  _____/__       /  \\ 
*                _/       /\_____/___ \   Version R3.7.2.1 
*               //       /  \       /\ \ 
*       _______//_______/    \     / _\/______ Copyright (c) 1999-2001 Alcatel 
*      /      / \       \    /    / /        /\
*   __/      /   \       \  /    / /        / _\__ 
*  / /      /     \_______\/    / /        / /   /\
* /_/______/___________________/ /________/ /___/  \ 
* \ \      \    ___________    \ \        \ \   \  /
*  \_\      \  /          /\    \ \        \ \___\/
*     \      \/          /  \    \ \        \  /
*      \_____/          /    \    \ \________\/
*           /__________/      \    \  /
*           \   _____  \      /_____\/
*            \ /    /\  \    /___\/
*             /____/  \  \  /
*             \    \  /___\/
*              \____\/


ClamAV an open-source anti-virus toolkit

Clam AntiVirus (ClamAV) is an open-source anti-virus toolkit for UNIX, released under GPL. It provides a number of utilities including a flexible and scalable multi- threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.

ClamAV is included in both Fink and DarwinPorts, or can be downloaded directly from sourceforge


You have to edit the configuration files. See the manual pages for details:

man freshclam.conf
man clamd.conf

You have to edit both files. On a Fink install, you'll find them in /sw/etc/. For other setups, locate clam.conf should find them.


clamconf -n tells you what non-defaults are set in your configuration.
clamscan -r directory recursively scans a directory.
freshclam updates your virus definitions.

man clamconf
man clamdscan
man clamscan
man freshclam

I added the following line to /sw/etc/anacrontab

   1       25        clamscan         nice /sw/bin/freshclam -quiet

When you check your imported software (for a Fink installation, do this by running the command sudo clamscan -r /sw) you should find a few ''infected'' files. For example:
/sw/src/clamav-0.91.2.tar.gz: ClamAV-Test-File FOUND
There are a few more examples in /sw/share/doc/clamav/test/. If you don't find these test cases, check your configuration.

The malware I have found is exclusively in spam mail and cached java applets.

clamdscan ˜/Library/Caches/Java\ Applets
clamdscan ˜/Library/mail\ Downloads
You can remove offending files by hand, or use the --remove option when calling clamdscan.


X11 on Leopard won't launch for me - a quick google tells me that others have the same problem.

The idea under Leopard is that X11 will launch automatically as required, so just typing xterm in a Terminal window will launch a xterm window.

But for me this didn't work, since I had set DISPLAY = 0:0

To check, type echo $DISPLAY if the response is 0:0 (as you might expect) you need to remove the entry for DISPLAY from environment.plist (double-click on the file and the property list editor should open). On the other hand something bizarre:

mfourman$ echo $DISPLAY
seems to be fine!

Note that some applications may set the DISPLAY variable on startup. I had to retire sshLogin (a Mac port of sshAskPass) because it insists on doing this. So I'm back to using ssh-add from the terminal to set up my ssh identity before launching xterm.

Connecting via ssh from the xterm then sets up an X11 connection so that remote X applications can use your Mac screen. Use ssh -X to forward X11 connections, or set this up, for hosts you trust, in your ssh configuration.

Your ssh configuration depends on various files in ˜/.ssh:

authorized_keys config identity  known_hosts

You can set your ˜/.ssh/config on a per-host basis: for example

# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
Host trusted.local
     ForwardX11 yes 
     ForwardX11Trusted yes
     Compression yes
     Cipher blowfish
     ForwardX11 yes 
     User alias 
Host *
     ForwardX11 no
     ForwardX11Trusted no
Note X11 forwarding should be enabled with caution.

User Specifies the user to log in as, useful when you have a different user name on different machines.

The default configuration file (see /private/etc/ssh_config) includes a list of common settings. The configuration files contain sections separated by ``Host'' specifications, and that section is only applied for hosts that match one of the patterns given in the specification. (Lines starting with `#' are comments. Copy this template, remove `#' and edit values as desired. For details see man ssh_config)

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   GSSAPIKeyExchange no
#   GSSAPITrustDNS no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no



Dave Matthews's polyml is my implementation of choice for Standard ML (my language of choice).

The latest release (version 5.1) compiles on Leopard. The download should be unpacked automatically by Stuffit Expander—otherwise use gtar xvzf polyml.5.1.tar.gz.

cd polyml.5.1
sudo make install

You should get the message:

Libraries have been installed in:

If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
   - add LIBDIR to the `DYLD_LIBRARY_PATH' environment variable
     during execution

See any operating system documentation about shared libraries for
more information, such as the ld(1) and manual pages.

You can also download later development versions of the source from the cvs repository on sourceforge:

cvs co polyml
cd polyml
cvs update -Pd
chmod +x install-sh
sudo make install


Safari Crash; Firefox Crash; Applet Crash!

Leopard and Java 6 don't mix!

I didn't know this and used Java preferences to set Java 6.0 as my preferred version (I had earlier installed the developer preview, under Tiger)


Apple confesses

The solution is to expunge all traces of Java 6, then reinstall Java.

Javablog has the answer:

Move or remove all of the following


and all your Java 6 installation receipts from /Library/Receipts/.

Then re-install Java from the Leopard DVD with the commands

open /Volumes/Mac\ OS\ X\ Install\ DVD/System/Installation/Packages/Java.pkg
open /Volumes/Mac\ OS\ X\ Install\ DVD/System/Installation/Packages/JavaTools.pkg 


Kerberos for Leopard

For the avoidance of doubt, install Mac OSX Kerberos Extras—some say this is changed for Leopard (OS X 10.5) others hint that it's just as the same as it was for 10.4.

Add X509 Anchors to Keychain Access (found in /Applications/Utilities/). (It was there by default in 10.4, but it appears not in Leopard. Select Add Keychain from the File menu. In the file selection dialog, navigate to /System/Library/Keychains. You should find X509 Anchors there.

Install the University Certificate in X509 Anchors— drag-and-drop.

For me Keberos works for IMAP access to, but not to, nor for SMTP access to either.

Here's what support have to say:

I've run this past a few people who might know and the consensus is that Apple may have broken something. There's a strange looking message in one of the log files - Token header is malformed or corrupt

This is probably not the whole story, as staffmail does work with Leopard's Kerberos. Time to switch to staffmail...


Fink "Can't fix GCC after Repair Permissions"

I'm now working with Leopard aka OS X v10.5; this is a Leopard problem

Chasing around to see what could be wrong, I find two contradictory bits of information:

In Apple's version of GCC, both cc and gcc are actually symbolic links to a compiler named like gcc-version; which compiler is linked to may be changed using the command gcc_select.

% locate gcc_select

% gcc_select -l
This version of gcc_select can be used only on MacOS X 10.4.

It seems this may be connected to the CHUD problem of the previous post.

Here's what worked for me:

  1. Remove gcc_select (it says it doesn't work with 10.5).
  2. Remove /Developer (XCode Tools didn't install properly anyway).
  3. Reinstall XCode — make sure you install the Unix Developer Support option.
  4. Run Fink: Selfupdate, then Update-all

Everything worked smoothly.

I still have some problems with Keychain and Kerberos, but I still like Leopard. Cover Flow is helping me clean up my desktop.


Leopard - a spotty start

Added later: See the following post (above) for solution!

First, the good news. I have Leopard up-and-running, and it is great. It feels faster (maybe it is faster, who knows) it looks great.

Installation is supposed to be straigtforward. Put the CD in the drive and follow the instructions. We got to the place where you are supposed to select a disk on which to install Leopard - no disk appears. Wait,... Wait some more,... Make a cup of tea, ... Still a blank.

Go back, and look for an exit button - there is none. Try Disk Utility as suggested to select startup drive - no drive appears. Despair begins. I did back up my important files before starting this process, but restoring them will be a hassle - and what about the unimportant ones (I have a long tail, lots and lots of not very important files, but if they all go, that will feel quite important).

I try various incantations of keys (escape, eject, command-Q, even ctrl-alt-del) nothing works.

In desperation, I plug in an external drive to see if I can perhaps escape this nightmare by installing Leopard on that. The drive appears, but I'm not allowed to install on that drive. I'm about to do a hard reset (well forced power-down by pressing the button until it gives up). Then, my hard drive appears as a possible selection.

I select the drive, hit continue, and leopard installs without further hitch (it takes almost two hours).

It looks just the same - it just feels better, and faster. Of course, if you look closely, it isn't the same, but the changes are subtle, it feels entirely familiar, but better.

Now to install XCode Tools... This time, everything starts fine, but then fails at the end telling me that CHUD installation has failed, and I should contact the software manufacturer (that would be Apple).


securityd memory hogging

Mac running slow, Keychain keeps telling me Google Desktop has changed and asks for authentication. Do I have a virus, or is something wrong with keychain?

Activity Monitor tells me that securityd is using 1.5GB of memory; something is wrong.

Googling suggests that /var/db/CodeEquivalenceDatabase may be corrupted. Furthermore, it seems that it can rebuild itself, so the lizard's tail treatment is suggested: remove the offending part.

I did the following:

cd /var/db
sudo rm -rf CodeEquivalenceDatabase

sudo rm -rf is serious magic, and can get you in serious trouble; be careful (long ago, I once did cd /dev ; rm -rf mouse * — where I meant mouse* — don't try this at home) ... the faint-of-heart could take a copy of the file instead and remove it later:
mv CodeEquivalenceDatabase CodeEquivalenceDatabase.old

In any case, this seemed to work. After a restart keychain asks me to authenticate access for various apps: SystemUIServer, GoogleDesktopAgent, Mail, ... I do this. Everything seems normal, and securityd is using "only" 28MB of memory (back in the old days, we used to run serious theorem provers in less).

Google Desktop Search for Mac OSX

Google Desktop
Search your Mac.

Faster than spotlight; integrates with web search


gmail IMAP access UK

I was delighted to see Google's announcment of IMAP access to gmail, then disappointed to find that my gmail settings page didn't provide the IMAP option.

Google evidently don't know how to say "IMAP" in english english!

Solution: Log in to Gmail. Go to your settings page. Change your language setting to English (US); Save Changes and the option appears: Forwarding and POP/IMAP. Use this tab to enable IMAP access, then you can go back to English (UK).


iSync with a Google calendar

First you have to subscribe to the Google calendar from iCal.

You look under Calendar Details on; you want the iCal format. Google tells you, Please use the following address to access your calendar from other applications.

Right-click to Copy Link Location. Then, in iCal, under the Calendar menu, select Subscribe..., and paste in the URL.

This works - but note that iCal stores the link as

Now you can set up iSync to synchronise this calendar with your phone. Launch iSync, add the phone as a device if you haven't already done so. Select the phone icon and select which calendars to synchronise. Note that this is really copy, from Google Calendar to your phone, rather than sync, since events modified on your phone (or in iCal) don't change on Google Calendar. Maybe the iPhone will do better?


pdftk doesn't rotate pdfs

pdftk - A handy tool for manipulating PDF

Highly recommended: I use it for concatenating pdf documents, or selecting a subset of pages. I get it via fink, but you can also find it online. Unfortunately, pdftk doesn't allow you to rotate pages. lets you rotate and save pdfs: ⌘-L, ⌘-R, or use the menu—to rotate a single page, hold the option (alt) key while doing this.


Skype Out? Use Gizmo or Jajah!

Error in Skype’s Software Shuts Down Phone Service

Never mind!

Gizmo works just like Skype—free calls to other Gizmo users, cheap calls to landlines and mobiles worldwide. Unlike Skype it uses open standards (SIP), so it is compatible with other VoIP tools, such as Asterisk.

Jajah uses a different model—cheap or free calls between landlines or mobiles worldwide, set up from the internet. You can set calls up from any browser, or your symbian phone can set up the call via a GPRS/EDGE data connection or SMS message, giving cheap calls from your mobile to POTS numbers worldwide.

In any case, Skype may cost more than you bargained for.


dependent dylib is not prebound

Is your Mac sluggish and running slow?

Are your Office apps refusing to run?

Your automated prebinding updates may be failing.

Run the command
sudo update_prebinding -debug -root / -force
If you get the following error:

dyld: re-prebound: 0x90bee000 /usr/lib/libgcc_s.1.dylib
update_prebinding: error: dependent dylib is not prebound
update_prebinding: error 256 running update_prebinding_core
then edit the update-prebinding-paths file (this has the list of files to prebind: the one that fails is immediately after the last one to succeed)
sudo emacs /var/db/dyld/update-prebinding-paths.txt
Search for libgcc_s.1.dylib, and comment out the next line (by adding the #) so it reads
#/Applications/Utilities/Java/Java Web \
Save the file, then try updating the prebindings again. For me, the next (and final) failure was after libjsound.jnilib. So I comment out the following line
On the next try everything else went through. My Powerbook is much snappier.

It seems that you may need to reinstall Flash Player after doing this. Try the Adobe Shockwave and Flash player test to check. First uninstall previous versions. Shockwave will still only work if you run your browser under Rosetta. Flash is Universal


Repairing your laptop startup disk

The easiest way is to find another Mac running OSX. Restart your laptop in Target Disk Mode (either via system preferences, or hold the T key down while restarting). Connect the two machines by firewire, and run Disk Utility on the other Mac.

Repairing the disk may take some time - so don't rely on battery operation, connect to mains power.

Repairing the disk may fail, so backup a copy of crucial files before starting the repair.

Microsoft Office 2004 broken: dead as a parrot

Quicktime 7.2 update breaks Office 2004 on Intel Powerbook

For solution, see below

If you haven't yet installed QT7.2, my advice is to wait!

Here's what happened to me:

  • Office Update 11.3.6 refuses to launch.
  • MS Word refuses to launch!
  • MS Powerpoint refuses to launch.
  • MS Excel refuses to launch.
  • decide to remove Office, and reinstall!
  • MS Office refuses to install—the installer won't run.
  • Remove all traces of Office in preferences etc.!
  • MS office installer won't run.
  • !

macfixit has some suggestions these didn't work for me.

It seems that the prebinding of the java libraries is at fault!

Steps to Fix:

Remove Java 6

> su Administrator
> cd /Library/Receipts/JavaSE6Release1.pkg/Contents
> lsbom -s -f > /tmp/file-list
Edit /tmp/file-list to replace all " " with "\ " and all "./" with "rm /" (I use emacs for this.)

> sudo bash /tmp/file-list
> rm -r /Library/receipts/JavaSE6Release1.pkg
> sudo update_prebinding

I removed the following

sudo rm -r /Library/Receipts/JavaForMacOSX10.4Release5.pkg
and installed it again. (From



The following Macs have the 802.11n hardware built-in:

  • * MacBook Pro with Intel Core 2 Duo
  • * MacBook with Intel Core 2 Duo
  • * Mac Pro with AirPort Extreme option
  • * iMac with Intel Core 2 Duo (except the 17-inch, 1.83GHz iMac)

However, you will have to upgrade the firmware.

The CD that comes with your new airport extreme base station contains the AirPort Extreme 802.11n enabler, which updates the firmware on your airport card to enable 802.11n high-speed WiFi:

  • 74 - 248 Mbit/s
  • 70 - 160 metres range

If you buy a third-party 802.11n base station, you can get the enabler from the Apple store for $1.99

Zip it up

To zip a directory:
Select the folder in the Finder.
From the File menu, select Create Archive of "<foldername>"
that's all!
Leopard update:
In Leopard the menu entry reads Compress "<foldername>"

You have created a zip archive <foldername>.zip

To unzip, double-click the file <foldername>.zip


MacBookPro with Cinema Display - Sleep and Wake

I have an Intel MacBook Pro.

In my office I have a 30" Cinema Display, wireless keyboard and USB mouse (attached to the display). I have a spare power block next to the display.

In theory I should just arrive, switch on the keyboard, plug everything in to the MacBook(video, usb and firewire connections from the display, power and ethernet from the wall), and go!

In practice, sometimes it worked, and sometimes the MacBook would refuse to talk to the display. Worse still, it would refuse to wake up if I disconnected everything, and tried to run stand-alone. Until I found the secret, I had to force a reboot with the power key.

The secret is, connect the power first!

Connect the power, plug in video, usb, firewire, ethernet. The computer wakes and the display comes to life. Turn on the keyboard, type a few characters (type them somewhere non-critical). A couple of characters may get lost initially, but once the connection is established, everything is fine.


Airport Extreme WDS daisy chain

I've added two airport extreme 802.11n base stations to my WDS network. Mostly this was straightforward. The basic procedure is just as described earlier for the previous Airport models. The UI of the new Airport Utility app is clearer than the previous version.

However, I found the two Airport Extreme base stations got confused when I used DHCP to link them into the network. Instead, I've given them manually assigned IP addresses - in the same range as I use for DHCP. My Alcatel Speedtouch DSL modem acts as a DHCP server, and I've set it to distribute addresses above — which leaves me plenty of addresses below this to allocate manually.

The network is now something like this (with some base stations running the full range of protocols, 802.11b,g,n, and othersonly one of these, as shown):

     airport(b)  express(g) = speakers
            \    /
    disk = extreme(b,g,n) - airport(g) - express(g)
           /                                 \         
       = extreme(b,g,n) = printer          express(g) = speakers
       = airport(b,g)

Here, "airport" means an old conical airport extreme; express is the small block airtunes gizmo; extreme is the new 802.11n-capable mini-sized device.

To insert a new base station into my existing network, I first set its MAC address (aka airport ID) as the WDS main value for each of its children; then I configured the new base station with the children's MAC addresses in the WDS remotes list.

To configure the new devices I found it easiest to switch off the other base stations, and connect wirelessly to the new device. If you click on the name of a setting shown under the Summary tab, you are taken directly to the tab where you can edit the value. You want Wireless Mode: Participate in a WDS network. You should also set the Channel: and Network Name: to match the other base stations. Then you can set IP Address:. (As described above, DHCP confuses my two new Express base stations, so I set Configure IPv4: Manually. You can find the subnet mask and router address from the configuration of another base station. You may want to try Configure IPv4: Use DHCP first, as this is simpler.) For WDS relay and remotes you want Connection Sharing: Off (Bridge Mode). This is also correct for the WDS root if your modem acts as a DHCP server; otherwise you may need the WDS root to act as DHCP server (Distribute a range of IP addresses).


OSX Alarm Clock

Stuck away from home with a dead mobile phone battery, I needed an alarm clock—no sign of it in Date and Time.

The solution: use iCal on the MacBook. Set an event at the time you want the alarm. Set up an alarm action to open a suitably noisy audio file (which will open with iTunes if you have the default setup).

Make sure you set the alarm to go off on date (not 15 minutes beforehand as I first did). Make sure the volume is set high, headphones removed. Leave the lid open and, preferably, power connected. The alarm will wake the laptop from sleep, and play your song.

Update 2009-02-15 In Leopard 10.5.6 the alarm does not wake your computer from sleep :-( In System Preferences >> Energy Saver >> Schedule, set your computer to wake a couple of minutes before the alarm goes off.

If you subscribe to any external calendars, set iCal offline — otherwise any alerts complaining that some calendar is unreachable will prevent the alarm from sounding.


Live video from an iSight camera

How can you use your iSight camera without iChat? You can capture live video from your iSight camera directly into iMovie HD.

You must have iChat AV on your computer. If you have a stand-alone iSight camera, turn it on by opening the privacy shutter.

  • If iChat AV launches automagically, quit it.
  • Start iMovie HD.
  • Click the mode switch to set iMovie HD to camera mode.
  • Click the camera icon to the left of the mode switch and choose iSight or Built-in iSight from the pop-up menu—you also have the option to make a time-lapse recording.
  • Click the Record With iSight button at the bottom of the iMovie monitor.
  • The video you see in the iMovie monitor is recorded as a clip in the Clips pane.
  • Click Record With iSight again to stop recording.

For still photography with iSight, use Photo Booth.


Missing Google Spreadsheets

I've recently started using Google Apps for various collaborative tasks. These are great!

5 March 2007: Panic over—spreadsheets returned a few days ago!

But a few days ago, all my spreadsheets disappeared; replaced by the following message.

Sorry! We are experiencing technical difficulties and can only show word processing documents. Try again

I've now found the relevant help article. The third suggestion works for me: get into spreadsheets by creating a new spreadsheet, then use File>Open... from the menus.

My spreadsheets are missing. What do I do?

If you're having problems finding your spreadsheets, these suggestions might help:

- Make sure that you are logged in to Google Docs & Spreadsheets with the address you formerly used to sign in to Google Spreadsheets. Although you may be able to sign in to Google Docs & Spreadsheets with other Google Accounts, only the email/password combo formerly associated with Google Spreadsheets will allow you access to your spreadsheets.

- Near the top right corner of the active documents and spreadsheets page, click on "Browse Docs & Spreadsheets," then click on "All." This will show every document and spreadsheet associated with the account you're signed in with.

- If you're still unable to find your spreadsheets, click on the "New Spreadsheets" link from the document and spreadsheets list page. Once this opens, click on "File" > "Open." If listed, you can access your missing spreadsheets from this menu.

- If you have used the "move old documents" feature, and are missing your spreadsheets after this move, log in to the account from which these documents were moved. You should see your spreadsheets in this account. From here, you can add your new account as a collaborator on each of the spreadsheets, and consolidate your documents and spreadsheets in this way."

If none of these suggestions help you find and access your spreadsheets, please contact us so that we can investigate the situation further.


LATEX Equation Editor

La TeX Equation Editor
In an earlier post I mentioned LATEXiT, by Pierre Chatelier. The LATEX Equation Editor is similar in function—and not entirely dissimilar in appearance.
I'm not sure yet which I prefer. Both are free—try both. If you already downloaded LATEXiT last year, make sure you try the latest version.
If you have a Fink tetex installation, you must set the preferences for LATEX Equation Editor to specify that LATEX is in /sw/bin/ and ghostscript in /sw/share.
LaTeX Equation Editor prefences See also mimetex and LATEX render.

iRecordMusic-record streaming audio as mp3 or mp4 (AAC)

Supports broadcasts in RealAudio and WindowsMedia, the preferred audio formats of many radio stations. Records to a variety of formats. This US$25 program lets you record clips from BBC Radio Player. Free demo version limits recordings to 15 minutes maximum. Radiotastic is a Dashboard widget for listening live and real-time recording of Internet audio.