f



Mac OS X 10.8.2's firewall not enabled by default?

Hello.

Is it me or is Mountain Lion's firewall not enabled by default? I didn't 
check in the preinstalled 10.7.x before I upgraded to it. I find that 
weird and puzzled why Apple did that if that was by design.

Thank you in advance. :)
-- 
"What do ants and bees use for cattle?" --Tom
    /\___/\         Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
   / /\ /\ \                Ant's Quality Foraged Links: http://aqfl.net
  | |o   o| |
     \ _ /        If crediting, then use Ant nickname and AQFL URL/link.
      ( )         If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.
0
ant (886)
9/22/2012 10:57:57 PM
comp.sys.mac.system 33446 articles. 2 followers. jfmezei.spamnot (9455) is leader. Post Follow

32 Replies
1133 Views

Similar Articles

[PageSpeed] 39

In article <krOdndiGo_nr38PNnZ2dnUVZ_qadnZ2d@earthlink.com>,
 Ant <ant@zimage.comANT> wrote:

> Hello.
> 
> Is it me or is Mountain Lion's firewall not enabled by default? I didn't 
> check in the preinstalled 10.7.x before I upgraded to it. I find that 
> weird and puzzled why Apple did that if that was by design.
> 
> Thank you in advance. :)

To the best of my knowledge no version of Mac OS X has enabled the 
firewall by default.

But then again, by default Mac OS X does not enable ANY ports, so 
there is nothing for the firewall to protect.

Keep in mind that the Firewall focuses on incoming connections, 
and if there are not open ports, there is nothing to protect.

If you start enabling System Preferences -> Sharing services, then 
you will be opening ports.  If you are concerned about those 
services being a risk, then enable your Firewall.

Be aware that sometimes the Firewall interferes with stuff you 
expect to work.  So if some of your network stuff is giving you 
problems, try disabling your Firewall as an experiment, and if 
things get better start looking at the Firewall setup to see if 
there something you need to change.
0
9/22/2012 11:48:04 PM
On 9/22/2012 4:48 PM PT, Bob Harris typed:

> To the best of my knowledge no version of Mac OS X has enabled the
> firewall by default.
>
> But then again, by default Mac OS X does not enable ANY ports, so
> there is nothing for the firewall to protect.
>
> Keep in mind that the Firewall focuses on incoming connections,
> and if there are not open ports, there is nothing to protect.
>
> If you start enabling System Preferences -> Sharing services, then
> you will be opening ports.  If you are concerned about those
> services being a risk, then enable your Firewall.
>
> Be aware that sometimes the Firewall interferes with stuff you
> expect to work.  So if some of your network stuff is giving you
> problems, try disabling your Firewall as an experiment, and if
> things get better start looking at the Firewall setup to see if
> there something you need to change.

Thanks. I thought older versions did like in 10.5.x. :)
-- 
"... Ooh, we haven't done that in a long time. I love picnics. I'll 
bring my ant jar." --The Berenstain Bears (unknown episode)
    /\___/\         Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
   / /\ /\ \                Ant's Quality Foraged Links: http://aqfl.net
  | |o   o| |
     \ _ /        If crediting, then use Ant nickname and AQFL URL/link.
      ( )         If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.
0
ant (886)
9/23/2012 12:03:50 AM
In article <krOdndiGo_nr38PNnZ2dnUVZ_qadnZ2d@earthlink.com>,
 Ant <ant@zimage.comANT> wrote:

> Hello.
> 
> Is it me or is Mountain Lion's firewall not enabled by default? I didn't 
> check in the preinstalled 10.7.x before I upgraded to it. I find that 
> weird and puzzled why Apple did that if that was by design.
> 
> Thank you in advance. :)

I upgraded from Lion to Mountain Lion and my Firewall is turned on, so 
the upgrade didn't change anything it only retained the same settings 
that I had under Lion.
0
once2 (93)
9/23/2012 12:53:10 AM
On 2012.09.22 18:57 , Ant wrote:
> Hello.
>
> Is it me or is Mountain Lion's firewall not enabled by default? I didn'=
t
> check in the preinstalled 10.7.x before I upgraded to it. I find that
> weird and puzzled why Apple did that if that was by design.

If you're behind a router with a firewall activated I'd leave the Mac=20
firewall off unless there are specific "trust" issues within that LAN's=20
user population.  Some services (file sharing, printer sharing, screen=20
sharing) become flaky when the firewall is on.

Don't use "WiFi Protected Setup" - disable it at the WiFi.

If it's a portable, then don't forget to enable the firewall before=20
connecting to hotel/airport/caf=E9 WiFi's ...

--=20
"There were, unfortunately, no great principles on which parties
  were divided =96 politics became a mere struggle for office."
                                           -Sir John A. Macdonald

0
alan.browne (4546)
9/23/2012 1:08:22 AM
On 9/22/2012 6:08 PM PT, Alan Browne typed:

 > If you're behind a router with a firewall activated I'd leave the Mac
> firewall off unless there are specific "trust" issues within that LAN's
> user population.  Some services (file sharing, printer sharing, screen
> sharing) become flaky when the firewall is on.
>
> Don't use "WiFi Protected Setup" - disable it at the WiFi.
>
> If it's a portable, then don't forget to enable the firewall before
> connecting to hotel/airport/caf� WiFi's ...

Yes, this MBP will be used for travelling on various WAPs. I am 
surprised Apple doesn't enable it for security.
-- 
"Did the ant fall off the toilet seat because she was pissed off?" --unknown
    /\___/\         Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
   / /\ /\ \                Ant's Quality Foraged Links: http://aqfl.net
  | |o   o| |
     \ _ /        If crediting, then use Ant nickname and AQFL URL/link.
      ( )         If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.
0
ant (886)
9/23/2012 3:00:49 AM
In message <krOdndiGo_nr38PNnZ2dnUVZ_qadnZ2d@earthlink.com> 
  Ant <ant@zimage.comANT> wrote:
> Hello.

> Is it me or is Mountain Lion's firewall not enabled by default? I didn't 
> check in the preinstalled 10.7.x before I upgraded to it. I find that 
> weird and puzzled why Apple did that if that was by design.

OS X has never had the firewall enabled by default.

-- 
I do believe Marsellus Wallace, my husband, your boss, told you to take
*me* out and do *whatever I wanted*. Now I wanna dance, I wanna win. I
want that trophy, so dance good.
0
g.kreme (3671)
9/23/2012 12:34:33 PM
In article <3-CdnVKBjaX85sPNnZ2dnUVZ_hKdnZ2d@earthlink.com>,
 Ant <ant@zimage.comANT> wrote:

> On 9/22/2012 6:08 PM PT, Alan Browne typed:
> 
>  > If you're behind a router with a firewall activated I'd leave the Mac
> > firewall off unless there are specific "trust" issues within that LAN's
> > user population.  Some services (file sharing, printer sharing, screen
> > sharing) become flaky when the firewall is on.
> >
> > Don't use "WiFi Protected Setup" - disable it at the WiFi.
> >
> > If it's a portable, then don't forget to enable the firewall before
> > connecting to hotel/airport/caf� WiFi's ...
> 
> Yes, this MBP will be used for travelling on various WAPs. I am 
> surprised Apple doesn't enable it for security.

again, Apple does not ship Mac OS X with ANY ports open, so there 
is nothing to protect out of the box.

The Firewall does not protect out-going traffic, only unsolicited 
connections, and if there is nothing to connect to, then there is 
nothing to protect.

In addition, the current Mac OS X network services you can enable, 
do not have known security issues.
0
9/23/2012 11:54:49 PM
On 09-23-2012 19:54, Bob Harris wrote:
> again, Apple does not ship Mac OS X with ANY ports open, so there
> is nothing to protect out of the box.

Bonjour must be open, no?

-- 
Wes Groleau

   “Two things are infinite, the universe and human stupidity.
    But I'm not so sure about the universe.”
                                — Albert Einstein

0
news31 (6772)
9/24/2012 12:59:19 AM
In article 
<nospam.News.Bob-556421.19544923092012@news.eternal-september.org>,
 Bob Harris <nospam.News.Bob@remove.Smith-Harris.us> wrote:

> In article <3-CdnVKBjaX85sPNnZ2dnUVZ_hKdnZ2d@earthlink.com>,
>  Ant <ant@zimage.comANT> wrote:
> 
> > On 9/22/2012 6:08 PM PT, Alan Browne typed:
> > 
> >  > If you're behind a router with a firewall activated I'd leave the Mac
> > > firewall off unless there are specific "trust" issues within that LAN's
> > > user population.  Some services (file sharing, printer sharing, screen
> > > sharing) become flaky when the firewall is on.
> > >
> > > Don't use "WiFi Protected Setup" - disable it at the WiFi.
> > >
> > > If it's a portable, then don't forget to enable the firewall before
> > > connecting to hotel/airport/caf� WiFi's ...
> > 
> > Yes, this MBP will be used for travelling on various WAPs. I am 
> > surprised Apple doesn't enable it for security.
> 
> again, Apple does not ship Mac OS X with ANY ports open, so there 
> is nothing to protect out of the box.
> 
> The Firewall does not protect out-going traffic, only unsolicited 
> connections, and if there is nothing to connect to, then there is 
> nothing to protect.
> 
> In addition, the current Mac OS X network services you can enable, 
> do not have known security issues.

I personally like running the Firewall (or ipfw) with logging turned on 
so I can see what's trying to connect to my system.

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...
[I filter all Goggle Groups posts, so any reply may be automatically ignored]


0
vilain2 (2187)
9/24/2012 3:14:52 AM
In message <k3ob98$sdc$1@dont-email.me> 
  Wes Groleau <Groleau+news@FreeShell.org> wrote:
> On 09-23-2012 19:54, Bob Harris wrote:
>> again, Apple does not ship Mac OS X with ANY ports open, so there
>> is nothing to protect out of the box.

> Bonjour must be open, no?

Not in the way you are thinking, no.

-- 
'Why are our people going out there?' said Mr Boggis of the Thieves'
Guild. 'Because they are showing a brisk pioneering spirit and seeking
wealth and... additional wealth in a new land,' said Lord Vetinari.
'What's in it for the Klatchians?' said Lord Downey.  'Oh, they've gone
out there because they are a bunch of unprincipled opportunists always
ready to grab something for nothing,' said Lord Vetinari. [...] The
Patrician looked down again at his notes. 'Oh, I do beg your pardon,' he
said. 'I seem to have read those last two sentences in the wrong order.
0
g.kreme (3671)
9/24/2012 9:50:48 AM
On 09-24-2012 05:50, Lewis wrote:
> In message <k3ob98$sdc$1@dont-email.me>
>    Wes Groleau <Groleau+news@FreeShell.org> wrote:
>> On 09-23-2012 19:54, Bob Harris wrote:
>>> again, Apple does not ship Mac OS X with ANY ports open, so there
>>> is nothing to protect out of the box.
>
>> Bonjour must be open, no?
>
> Not in the way you are thinking, no.

Recent events make it doubtful anyone knows what I am thinking.
In this thread, "open ports" has been used to mean two things:
  - allowed incoming connections
  - listening to a particular report.

For bonjour to work, it has to be listening on that port, and the 
devices to be discovered must be able to connect through that port.


0
news31 (6772)
9/25/2012 12:30:55 AM
In message <k3qu02$i8t$1@dont-email.me> 
  Wes Groleau <Groleau+news@FreeShell.org> wrote:
> On 09-24-2012 05:50, Lewis wrote:
>> In message <k3ob98$sdc$1@dont-email.me>
>>    Wes Groleau <Groleau+news@FreeShell.org> wrote:
>>> On 09-23-2012 19:54, Bob Harris wrote:
>>>> again, Apple does not ship Mac OS X with ANY ports open, so there
>>>> is nothing to protect out of the box.
>>
>>> Bonjour must be open, no?
>>
>> Not in the way you are thinking, no.

> Recent events make it doubtful anyone knows what I am thinking.
> In this thread, "open ports" has been used to mean two things:
>   - allowed incoming connections
>   - listening to a particular report.

> For bonjour to work, it has to be listening on that port, and the 
> devices to be discovered must be able to connect through that port.

No, you are wrong. There is no connection made.

There is a difference between an open TCP port and UDP. A TCP port is
used to make a connection between two processes, think of it as a wire
from point a to point b. UDP is more like having a loudspeaker and
hoping someone has a microphone near enough to hear you. Bonjour used
UDP and multicast, not TCP, not connections.

When people talk about 'open ports' they generally mean TCP ports, not
UDP ports, because in order to establish a connection, you need TCP (UDP
is connectionless, unordered, and ACKless).

-- 
There are strange things done in the midnight sun/By the men who moil
for gold; The Arctic trails have their secret tales/That would make you
blood	run cold; The Northern Lights have seen queer sights,/But the
queerest they ever did see Was the night on the marge of Lake Lebarge/
When I cremated Sam McGee
0
g.kreme (3671)
9/26/2012 12:10:51 AM
On 09-25-2012 20:10, Lewis wrote:
> When people talk about 'open ports' they generally mean TCP ports, not
> UDP ports, because in order to establish a connection, you need TCP (UDP
> is connectionless, unordered, and ACKless).

When I talk about open ports, I mean open ports.

Did anyone mention connection before this post?

No one said "Mac has never has any open ports except ..."

http://www.youtube.com/watch?v=ExWfh6sGyso

-- 
Wes Groleau

   Is it an on-line compliment to call someone a Net Wit ?

0
news31 (6772)
9/26/2012 1:13:11 AM
On 09-25-2012 21:13, Wes Groleau wrote:
 > http://www.youtube.com/watch?v=ExWfh6sGyso

Let's repeal Godwin's Law and replace it with
"When someone posts a Monty Python video, the thread is over."  :-)

-- 
Wes Groleau

   Is it an on-line compliment to call someone a Net Wit ?

0
news31 (6772)
9/26/2012 1:14:55 AM
In message <k3tkra$rr7$1@dont-email.me> 
  Wes Groleau <Groleau+news@FreeShell.org> wrote:
> On 09-25-2012 20:10, Lewis wrote:
>> When people talk about 'open ports' they generally mean TCP ports, not
>> UDP ports, because in order to establish a connection, you need TCP (UDP
>> is connectionless, unordered, and ACKless).

> When I talk about open ports, I mean open ports.

UDP ports are not 'open' in the way that TCP ports are. If you want to
misunderstand what is going on, that is up to you. At this point it
seems like you are chosing willful ignorance, so I'm done trying to
explain it to you.

> Did anyone mention connection before this post?

If you are talking about a firewall to protect your computer you are
protecting it from *connections*.

-- 
Instant karma's going to get you!
0
g.kreme (3671)
9/26/2012 12:15:52 PM
Lewis <g.kreme@gmail.com.dontsendmecopies> writes:
> Wes Groleau <Groleau+news@FreeShell.org> wrote:
>> On 09-25-2012 20:10, Lewis wrote:

>>> When people talk about 'open ports' they generally mean TCP ports,
>>> not UDP ports, because in order to establish a connection, you need
>>> TCP (UDP is connectionless, unordered, and ACKless).
>>
>> When I talk about open ports, I mean open ports.
>
> UDP ports are not 'open' in the way that TCP ports are. If you want to
> misunderstand what is going on, that is up to you. At this point it
> seems like you are chosing willful ignorance, so I'm done trying to
> explain it to you.

I'm not sure what you think the relevant distinction is.  It's true that
there are API- and wire-level differences in detail between
connectionful and connectionless transport protocols but if you're
trying to control whether and how an external actor can communicate with
an application process, they're not very relevant.

>> Did anyone mention connection before this post?
>
> If you are talking about a firewall to protect your computer you are
> protecting it from *connections*.

That's not true at all.  An attack may use either a connectionful or a
connectionless protocol.

-- 
http://www.greenend.org.uk/rjk/
0
rjk (534)
9/26/2012 1:34:13 PM
Richard Kettlewell <rjk@greenend.org.uk> wrote:

> Lewis <g.kreme@gmail.com.dontsendmecopies> writes:
> > Wes Groleau <Groleau+news@FreeShell.org> wrote:
> >> On 09-25-2012 20:10, Lewis wrote:
> 
> >>> When people talk about 'open ports' they generally mean TCP ports,
> >>> not UDP ports, because in order to establish a connection, you need
> >>> TCP (UDP is connectionless, unordered, and ACKless).
> >>
> >> When I talk about open ports, I mean open ports.
> >
> > UDP ports are not 'open' in the way that TCP ports are. If you want to
> > misunderstand what is going on, that is up to you. At this point it
> > seems like you are chosing willful ignorance, so I'm done trying to
> > explain it to you.
> 
> I'm not sure what you think the relevant distinction is.  It's true that
> there are API- and wire-level differences in detail between
> connectionful and connectionless transport protocols but if you're
> trying to control whether and how an external actor can communicate with
> an application process, they're not very relevant.
> 
> >> Did anyone mention connection before this post?
> >
> > If you are talking about a firewall to protect your computer you are
> > protecting it from *connections*.
> 
> That's not true at all.  An attack may use either a connectionful or a
> connectionless protocol.

Agreed. As one example, the latest batch of Apple's security updates
includes these two:

[begin quote]

BIND
Available for:  OS X Lion v10.7 to v10.7.4,
OS X Lion Server v10.7 to v10.7.4
Impact:  A remote attacker may be able to cause a denial of service
in systems configured to run BIND as a DNS nameserver
Description:  A reachable assertion issue existed in the handling of
DNS records. This issue was addressed by updating to BIND 9.7.6-P1.
This issue does not affect OS X Mountain Lion systems.
CVE-ID
CVE-2011-4313

BIND
Available for:  OS X Lion v10.7 to v10.7.4,
OS X Lion Server v10.7 to v10.7.4,
OS X Mountain Lion v10.8 and v10.8.1
Impact:  A remote attacker may be able to cause a denial of service,
data corruption, or obtain sensitive information from process memory
in systems configured to run BIND as a DNS nameserver
Description:  A memory management issue existed in the handling of
DNS records. This issue was addressed by updating to BIND 9.7.6-P1 on
OS X Lion systems, and BIND 9.8.3-P1 on OS X Mountain Lion systems.
CVE-ID
CVE-2012-1667

[end quote]

If you had your computer set up to act as a DNS server, it was
vulnerable to these issues. The packet which could have potentially
triggered them would have come in via a connectionless protocol (UDP),
using port 53, so if your firewall was only blocking incoming TCP
connections, it would not help.

Of course, having a firewall block all access to the DNS server you are
running would defeat the purpose of running the server in the first
place, but a selective firewall which reduced the potential sources of
DNS packets would have reduced the risk of striking this issue.

There could easily be other issues with UDP-based conectionless
protocols, such as Bonour (multicast DNS), but I didn't spot any Apple
has fixed in the last couple of years (since I started getting Apple's
security notifications via e-mail).

-- 
David Empson
dempson@actrix.gen.nz
0
dempson (3825)
9/27/2012 12:46:40 AM
In message <1kr2rk3.1ntjykx1yi3vtzN%dempson@actrix.gen.nz> 
  David Empson <dempson@actrix.gen.nz> wrote:
> Richard Kettlewell <rjk@greenend.org.uk> wrote:

>> Lewis <g.kreme@gmail.com.dontsendmecopies> writes:
>> > Wes Groleau <Groleau+news@FreeShell.org> wrote:
>> >> On 09-25-2012 20:10, Lewis wrote:
>> 
>> >>> When people talk about 'open ports' they generally mean TCP ports,
>> >>> not UDP ports, because in order to establish a connection, you need
>> >>> TCP (UDP is connectionless, unordered, and ACKless).
>> >>
>> >> When I talk about open ports, I mean open ports.
>> >
>> > UDP ports are not 'open' in the way that TCP ports are. If you want to
>> > misunderstand what is going on, that is up to you. At this point it
>> > seems like you are chosing willful ignorance, so I'm done trying to
>> > explain it to you.
>> 
>> I'm not sure what you think the relevant distinction is.  It's true that
>> there are API- and wire-level differences in detail between
>> connectionful and connectionless transport protocols but if you're
>> trying to control whether and how an external actor can communicate with
>> an application process, they're not very relevant.
>> 
>> >> Did anyone mention connection before this post?
>> >
>> > If you are talking about a firewall to protect your computer you are
>> > protecting it from *connections*.
>> 
>> That's not true at all.  An attack may use either a connectionful or a
>> connectionless protocol.

> Agreed. As one example, the latest batch of Apple's security updates
> includes these two:

> [begin quote]

> BIND

Bind uses a TCP port AND it's privileged (port 53). Section 4.2 of RFC1035

The Internet supports name server access using TCP [RFC-793] on server
port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
port 53 (decimal).

And a firewall wouldn't help you at all. If you were running a DNS
server, ou would necessarily have port 53 open. Not only that, but BIND
is disabled by default and is rather difficult to enable (at least in
terms of the normal user) without using OS X Server.

> Of course, having a firewall block all access to the DNS server you are
> running would defeat the purpose of running the server in the first
> place,

You would have punched port 53 TCP/UDP open, so a firewall would have
done exactly nothing.

but a selective firewall which reduced the potential sources of
> DNS packets would have reduced the risk of striking this issue.

That's not how firewalls generally work, and is not at all how OS X's
firewall works. Either it blocks a port, or it doesn't; it doesn't block
a port depending on where the request comes from.

-- 
If a pig loses its voice, is it disgruntled?
0
g.kreme (3671)
9/27/2012 1:22:59 AM
On 09-26-2012 21:22, Lewis wrote:
>    David Empson <dempson@actrix.gen.nz> wrote:
>> Richard Kettlewell <rjk@greenend.org.uk> wrote:
>>> Lewis <g.kreme@gmail.com.dontsendmecopies> writes:
>>>> Wes Groleau <Groleau+news@FreeShell.org> wrote:
>>>>> On 09-25-2012 20:10, Lewis wrote:
>>>
>>>>>> When people talk about 'open ports' they generally mean TCP ports,
>>>>>> not UDP ports, because in order to establish a connection, you need
>>>>>> TCP (UDP is connectionless, unordered, and ACKless).
>>>>>
>>>>> When I talk about open ports, I mean open ports.
>>>>
>>>> UDP ports are not 'open' in the way that TCP ports are. If you want to
>>>> misunderstand what is going on, that is up to you. At this point it
>>>> seems like you are chosing willful ignorance, so I'm done trying to
>>>> explain it to you.
>>>
>>> I'm not sure what you think the relevant distinction is.  It's true that
>>> there are API- and wire-level differences in detail between
>>> connectionful and connectionless transport protocols but if you're
>>> trying to control whether and how an external actor can communicate with
>>> an application process, they're not very relevant.
>>>
>>>>> Did anyone mention connection before this post?
>>>>
>>>> If you are talking about a firewall to protect your computer you are
>>>> protecting it from *connections*.
>>>
>>> That's not true at all.  An attack may use either a connectionful or a
>>> connectionless protocol.
>
>> Agreed. As one example, the latest batch of Apple's security updates
>> includes these two:
>
>> [begin quote]
>
>> BIND
>
> Bind uses a TCP port AND it's privileged (port 53). Section 4.2 of RFC1035
>
> The Internet supports name server access using TCP [RFC-793] on server
> port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
> port 53 (decimal).
>
> And a firewall wouldn't help you at all. If you were running a DNS
> server, ou would necessarily have port 53 open. Not only that, but BIND
> is disabled by default and is rather difficult to enable (at least in
> terms of the normal user) without using OS X Server.

I don't know whether it's difficult in 10.8 but it wasn't difficult in 
10.3.  (to enable it, that is.  Took me an hour to get my definition 
files correct.

>> Of course, having a firewall block all access to the DNS server you are
>> running would defeat the purpose of running the server in the first
>> place,
>
> You would have punched port 53 TCP/UDP open, so a firewall would have
> done exactly nothing.
>
> but a selective firewall which reduced the potential sources of
>> DNS packets would have reduced the risk of striking this issue.
>
> That's not how firewalls generally work, and is not at all how OS X's
> firewall works. Either it blocks a port, or it doesn't; it doesn't block
> a port depending on where the request comes from.

Again, I don't know about 10.8 but in 10.5 and earlier, I used ipfw 
which most certainly (like most firewalls) allows blocking based on
port, IP, protocol, direction, interface, etc.And in fact, it DID block 
according to "where the request comes from"--it allowed everything to or 
from other hosts within my LAN, blocked ALL from non-LAN IPs (except 
connections established from inside), and blocked most _to_ non-LAN IPs.

If 10.8 doesn't allow ipfw or ipfilters or some other _real_ firewall, 
then Apple gets one more demerit in my book.

-- 
Wes Groleau

    There are more Baroque musicians than any other kind.

0
news31 (6772)
9/27/2012 4:02:18 AM
In article <k40j4d$7e1$1@dont-email.me>,
 Wes Groleau <Groleau+news@FreeShell.org> wrote:

> On 09-26-2012 21:22, Lewis wrote:

> > And a firewall wouldn't help you at all. If you were running a DNS
> > server, ou would necessarily have port 53 open. Not only that, but BIND
> > is disabled by default and is rather difficult to enable (at least in
> > terms of the normal user) without using OS X Server.
> 
> I don't know whether it's difficult in 10.8 but it wasn't difficult in 
> 10.3.  (to enable it, that is.  Took me an hour to get my definition 
> files correct.

I did it on 10.4.  I had already got some working definition files for 
my VMS system so it wasn't hard at all.  I did have the DNS & BIND
O'Reilly book to help me.  There was at the time an OS X app available 
to configure those files for you, but it was something like 30 bucks.

> >> Of course, having a firewall block all access to the DNS server you are
> >> running would defeat the purpose of running the server in the first
> >> place,
> >
> > You would have punched port 53 TCP/UDP open, so a firewall would have
> > done exactly nothing.
> >
> > but a selective firewall which reduced the potential sources of
> >> DNS packets would have reduced the risk of striking this issue.
> >
> > That's not how firewalls generally work, and is not at all how OS X's
> > firewall works. Either it blocks a port, or it doesn't; it doesn't block
> > a port depending on where the request comes from.
> 
> Again, I don't know about 10.8 but in 10.5 and earlier, I used ipfw 
> which most certainly (like most firewalls) allows blocking based on
> port, IP, protocol, direction, interface, etc.And in fact, it DID block 
> according to "where the request comes from"--it allowed everything to or 
> from other hosts within my LAN, blocked ALL from non-LAN IPs (except 
> connections established from inside), and blocked most _to_ non-LAN IPs.
> 
> If 10.8 doesn't allow ipfw or ipfilters or some other _real_ firewall, 
> then Apple gets one more demerit in my book.

ipfw is certainly there on 10.8 Server, and looking at its date it 
appears to have arrived on my system with the client version of 10.8.

On the Server side of things, there's something called 30-ipfwmigrator 
down in the bowels of Server.App.

-- 
Paul Sture
0
nospam9740 (2260)
9/27/2012 12:24:40 PM
In message <k40j4d$7e1$1@dont-email.me> 
  Wes Groleau <Groleau+news@FreeShell.org> wrote:
> On 09-26-2012 21:22, Lewis wrote:
>>    David Empson <dempson@actrix.gen.nz> wrote:
>>> Richard Kettlewell <rjk@greenend.org.uk> wrote:
>>>> Lewis <g.kreme@gmail.com.dontsendmecopies> writes:
>>>>> Wes Groleau <Groleau+news@FreeShell.org> wrote:
>>>>>> On 09-25-2012 20:10, Lewis wrote:
>>>>
>>>>>>> When people talk about 'open ports' they generally mean TCP ports,
>>>>>>> not UDP ports, because in order to establish a connection, you need
>>>>>>> TCP (UDP is connectionless, unordered, and ACKless).
>>>>>>
>>>>>> When I talk about open ports, I mean open ports.
>>>>>
>>>>> UDP ports are not 'open' in the way that TCP ports are. If you want to
>>>>> misunderstand what is going on, that is up to you. At this point it
>>>>> seems like you are chosing willful ignorance, so I'm done trying to
>>>>> explain it to you.
>>>>
>>>> I'm not sure what you think the relevant distinction is.  It's true that
>>>> there are API- and wire-level differences in detail between
>>>> connectionful and connectionless transport protocols but if you're
>>>> trying to control whether and how an external actor can communicate with
>>>> an application process, they're not very relevant.
>>>>
>>>>>> Did anyone mention connection before this post?
>>>>>
>>>>> If you are talking about a firewall to protect your computer you are
>>>>> protecting it from *connections*.
>>>>
>>>> That's not true at all.  An attack may use either a connectionful or a
>>>> connectionless protocol.
>>
>>> Agreed. As one example, the latest batch of Apple's security updates
>>> includes these two:
>>
>>> [begin quote]
>>
>>> BIND
>>
>> Bind uses a TCP port AND it's privileged (port 53). Section 4.2 of RFC1035
>>
>> The Internet supports name server access using TCP [RFC-793] on server
>> port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
>> port 53 (decimal).
>>
>> And a firewall wouldn't help you at all. If you were running a DNS
>> server, ou would necessarily have port 53 open. Not only that, but BIND
>> is disabled by default and is rather difficult to enable (at least in
>> terms of the normal user) without using OS X Server.

> I don't know whether it's difficult in 10.8 but it wasn't difficult in 
> 10.3.

Did it involve using the Terminal? Then it is out of the comfort zone
for the vast majority of Mac users.

>> That's not how firewalls generally work, and is not at all how OS X's
>> firewall works. Either it blocks a port, or it doesn't; it doesn't block
>> a port depending on where the request comes from.

> Again, I don't know about 10.8 but in 10.5 and earlier, I used ipfw 

And again, if we are talking about ipfw we are not really talking about
"OS X's firewall" which would be understood to be the GUI switch in
system preferences. ipfw is out of the comfort zone of an even vaster
majority of Mac users.

-- 
'Ah... I see that the new traffic division is having the desired
effect.' He indicated a large pile of paper. 'I am getting any amount of
complaints from the Carters' and Drovers' Guild. Well done. Do pass on
my thanks to sergeant Colin and his team.' 'I will, sir.' 'I see in one
day they clamped seventeen carts, ten horses, eighteen oxen and one
duck.' 'It was parked illegally, sir.'
0
g.kreme (3671)
9/27/2012 4:42:03 PM
>>> >>That's not how firewalls generally work, and is not at all how OS X's
>>> >>firewall works. Either it blocks a port, or it doesn't; it doesn't block
>>> >>a port depending on where the request comes from.

>> >Again, I don't know about 10.8 but in 10.5 and earlier, I used ipfw

> And again, if we are talking about ipfw we are not really talking about
> "OS X's firewall" which would be understood to be the GUI switch in
> system preferences.

So because OS X has a dumbed down imitation of a firewall in addition to 
a _real_ firewall, you generalize the inadequacies of the GUI version to 
"how firewalls generally work"

-- 
Wes Groleau

    “A man with an experience is never
     at the mercy of a man with an argument.”
                       — Ron Allen

0
news31 (6772)
9/28/2012 4:48:52 AM
In article <slrnk690er.d26.g.kreme@mbp55.local>,
 Lewis <g.kreme@gmail.com.dontsendmecopies> wrote:

> Did it involve using the Terminal? Then it is out of the comfort zone
> for the vast majority of Mac users.

WaterRoof is supposed to be a good GUI for ipfw and the price is right.

<http://www.macupdate.com/app/mac/23317/waterroof>

-- 
And It's Just That Easy�
0
fmoore (1430)
9/28/2012 3:17:17 PM
In message <k43a7n$o82$1@dont-email.me> 
  Wes Groleau <Groleau+news@FreeShell.org> wrote:

>>>> >>That's not how firewalls generally work, and is not at all how OS X's
>>>> >>firewall works. Either it blocks a port, or it doesn't; it doesn't block
>>>> >>a port depending on where the request comes from.

>>> >Again, I don't know about 10.8 but in 10.5 and earlier, I used ipfw

>> And again, if we are talking about ipfw we are not really talking about
>> "OS X's firewall" which would be understood to be the GUI switch in
>> system preferences.

> So because OS X has a dumbed down imitation of a firewall in addition to 
> a _real_ firewall, you generalize the inadequacies of the GUI version to 
> "how firewalls generally work"

Most firewalls block incoming connections based on ports, not on where
the connection is coming from. And this is a *Mac* group, talking abut
*Mac* software. If you want to talk about ipfw, you need to specify that
up front.

-- 
Major Strasser has been shot. Round up the usual suspects.
0
g.kreme (3671)
9/29/2012 1:49:10 AM
On 09-28-2012 21:49, Lewis wrote:
> Most firewalls block incoming connections based on ports, not on where
> the connection is coming from. And this is a *Mac* group, talking abut
> *Mac* software. If you want to talk about ipfw, you need to specify that
> up front.

ipfw is Mac software, and it does what any decent firewall does.

NO firewall is worth anything if it can't tell the difference between 
inside and outside.  That's the very minimum and that is based on 
destination and/or source.

The first commercial firewall "monitored the protocol, source and 
destination addresses and ports" according to "A History and Survey of 
Network Firewalls" (Inham & Forrest, 2002), later republished in a book:
<books.google.com/books?id=9qdytv-eKyQC&pg=PA9>

Port, protocol, source, destination, and a lot of other things are 
equally easy to read in the packet headers.  And most firewalls have 
done so from the first.

-- 
Wes Groleau

   Words of the Wild Wes
   http://Ideas.Lang-Learn.us/WWW

0
news31 (6772)
9/29/2012 3:10:23 AM
On 09-28-2012 11:17, Fred Moore wrote:
> In article <slrnk690er.d26.g.kreme@mbp55.local>,
>   Lewis <g.kreme@gmail.com.dontsendmecopies> wrote:
>
>> Did it involve using the Terminal? Then it is out of the comfort zone
>> for the vast majority of Mac users.
>
> WaterRoof is supposed to be a good GUI for ipfw and the price is right.
>
> <http://www.macupdate.com/app/mac/23317/waterroof>

At the moment, it is unavailable.  Developer's website is down.

-- 
Wes Groleau

   He that complies against his will is of the same opinion still.
                   — Samuel Butler, 1612-1680

0
news31 (6772)
9/29/2012 3:15:52 AM
In message <k45or2$so7$1@dont-email.me> 
  Wes Groleau <Groleau+news@FreeShell.org> wrote:
> On 09-28-2012 21:49, Lewis wrote:
>> Most firewalls block incoming connections based on ports, not on where
>> the connection is coming from. And this is a *Mac* group, talking abut
>> *Mac* software. If you want to talk about ipfw, you need to specify that
>> up front.

> ipfw is Mac software, and it does what any decent firewall does.

> NO firewall is worth anything if it can't tell the difference between 
> inside and outside.  That's the very minimum and that is based on 
> destination and/or source.

You meant internal and external? I thought you meant "Block port 1234
from IP addresses in the range 2.0.0.0-17.255.255.255, but otherwise
leave it open." While possible, this is not normal.

-- 
'Life's like a beach. And then you die.' --Small Gods
0
g.kreme (3671)
9/29/2012 2:56:56 PM
On 09-29-2012 10:56, Lewis wrote:
> In message <k45or2$so7$1@dont-email.me>
>    Wes Groleau <Groleau+news@FreeShell.org> wrote:
>> On 09-28-2012 21:49, Lewis wrote:
>>> Most firewalls block incoming connections based on ports, not on where
>>> the connection is coming from. And this is a *Mac* group, talking abut
>>> *Mac* software. If you want to talk about ipfw, you need to specify that
>>> up front.
>
>> ipfw is Mac software, and it does what any decent firewall does.
>
>> NO firewall is worth anything if it can't tell the difference between
>> inside and outside.  That's the very minimum and that is based on
>> destination and/or source.
>
> You meant internal and external? I thought you meant "Block port 1234
> from IP addresses in the range 2.0.0.0-17.255.255.255, but otherwise
> leave it open."  While possible, this is not normal.

You know exactly what I meant, and that's why you chose to snip to 
pretend I meant something else.

It is normal and has been since before the first commercial firewall a 
couple of decades ago.

It's one thing to be misinformed.

Being dishonest is something else.

Good-bye.

-- 
Wes Groleau

   “Two things are infinite, the universe and human stupidity.
    But I'm not so sure about the universe.”
                                — Albert Einstein

0
news31 (6772)
9/29/2012 11:32:21 PM
In message <k480e6$5aq$1@dont-email.me> 
  Wes Groleau <Groleau+news@FreeShell.org> wrote:
> On 09-29-2012 10:56, Lewis wrote:
>> In message <k45or2$so7$1@dont-email.me>
>>    Wes Groleau <Groleau+news@FreeShell.org> wrote:
>>> On 09-28-2012 21:49, Lewis wrote:
>>>> Most firewalls block incoming connections based on ports, not on where
>>>> the connection is coming from. And this is a *Mac* group, talking abut
>>>> *Mac* software. If you want to talk about ipfw, you need to specify that
>>>> up front.
>>
>>> ipfw is Mac software, and it does what any decent firewall does.
>>
>>> NO firewall is worth anything if it can't tell the difference between
>>> inside and outside.  That's the very minimum and that is based on
>>> destination and/or source.
>>
>> You meant internal and external? I thought you meant "Block port 1234
>> from IP addresses in the range 2.0.0.0-17.255.255.255, but otherwise
>> leave it open."  While possible, this is not normal.

> You know exactly what I meant,

No, I explained what I thought you were talking about.

-- 
++?????++ Out of Cheese Error. Redo From Start.
0
g.kreme (3671)
9/30/2012 12:48:03 AM
In article <k45p5c$tvo$1@dont-email.me>,
 Wes Groleau <Groleau+news@FreeShell.org> wrote:

> On 09-28-2012 11:17, Fred Moore wrote:
> > In article <slrnk690er.d26.g.kreme@mbp55.local>,
> >   Lewis <g.kreme@gmail.com.dontsendmecopies> wrote:
> >
> >> Did it involve using the Terminal? Then it is out of the comfort zone
> >> for the vast majority of Mac users.
> >
> > WaterRoof is supposed to be a good GUI for ipfw and the price is right.
> >
> > <http://www.macupdate.com/app/mac/23317/waterroof>
> 
> At the moment, it is unavailable.  Developer's website is down.

This is up and I managed a download:

<http://www.hanynet.com/waterroof/>

The GUI comes up, but it's going to take some time to explore its 
features.

-- 
Paul Sture
0
nospam9740 (2260)
11/4/2012 7:51:12 PM
On 11-04-2012 14:51, Paul Sture wrote:
 > This is up and I managed a download:
>
> <http://www.hanynet.com/waterroof/>
>
> The GUI comes up, but it's going to take some time to explore its
> features.

The page seems to agree with Apple's claim that PF is better than ipfw.

So I downloaded the icefloor app instead

-- 
Wes Groleau

     It seems a pity that psychology should have
destroyed all our knowledge of human nature.
                     — G. K. Chesterton

0
news31 (6772)
11/5/2012 2:29:01 AM
Hello, I'm the developer of WaterRoof and IceFloor.
Yes, pf on OS X 10.8 is much better than ipfw, no doubts. 
pf, like ipfw, is used to filter (and optionally log) both inbound and outbound connections; those connections are managed independently. 
Network firewalls are not used to open ports. Ports are open when a server needs it. Network firewalls are used to close or filter ports.
Mac OS X System Preferences (from version 10.5) allows the configuration of ALF, which is an "application firewall", not a "network firewall".
Mac OS X 10.7 and OS X 10.8 features 3 firewalls: ipfw, pf, alf. 
ipfw is deprecated but fully functional with one exception being OS X 10.8 with Server.app installed. In this case sysctl net.inet.ip.fw.enable must be manually set to 1 in order for ipfw to work.
Just to be clear.
0
hanymac (1)
12/17/2012 11:35:56 PM
Reply:

Similar Artilces:

Are Mac OS X 10.5.8's iLife programs safe to use in Mac OS X 10.7.x and 10.8.x?
Hi. Someone told me that Mac OS X 10.7.x and 10.8.x do not come with iLife like the older Mac OS X versions (e.g., 10.5.x). I did not know this! Since my client uses iPhoto that came preinstalled on his old 2008 MacBook Pro's Mac OS X 10.5.x (10.5.8 right now), can he use the old one from 10.5.8? Or will he need a third party replacement (needs to import/copy the old image files) or buy a new iPhoto version for his photo(graph)s? I recalled he did not like iPhoto and wonder if the new one is any better. Thank you in advance. :) -- Quote of the Week: "Every ruler sleeps on an anthill." --Afghani /\___/\ Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / Please nuke ANT if replying by e-mail. If crediting, ( ) then please kindly use Ant nickname and AQFL URL/link. On 2012-09-21 3:05 PM ANTant@zimage.com (Ant) wrote: > Hi. > > Someone told me that Mac OS X 10.7.x and 10.8.x do not come with iLife > like the older Mac OS X versions (e.g., 10.5.x). I did not know this! > Since my client uses iPhoto that came preinstalled on his old 2008 > MacBook Pro's Mac OS X 10.5.x (10.5.8 right now), can he use the old one > from 10.5.8? Or will he need a third party replacement (needs to > import/copy the old image files) or buy a new iPhoto version for his > photo(graph)s? I rec...

Mac OS X 10.8.5's App Store v1.2.2 (129.16) does not see the updated iTunes v11.3?
Hello. I noticed there is a newer iTunes at v11.3, but for some reason my Mac OS X 10.8.5's AppStore v1.2.2 (129.16) does not see it. However, iTunes v11.2.2 (64-bit; 3) detected an update and offered me to get it (went to App Store which doesn't see it)? What's up? My Mac OS X 10.7.5 and 10.9.4 machines did not have this problem. Did anyone else run into this especially in 10.8.5? Thank you in advance. :) -- Quote of the Week: "Stan, are you OK?" --Francine; "Yeah. Hey, you look like ants from down here. Wait, wait, those are just ants on my eyes..." --Stan from American Dad's S3E15 (Stanny Slickers 2: The Legend of Ollie's Gold) deleted scene /\___/\ Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / Please nuke ANT if replying by e-mail. If crediting, ( ) then please kindly use Ant nickname and AQFL URL/link. In comp.sys.mac.system Ant <ANTant@zimage.com> wrote: > I noticed there is a newer iTunes at v11.3, but for some reason my Mac > OS X 10.8.5's AppStore v1.2.2 (129.16) does not see it. However, iTunes > v11.2.2 (64-bit; 3) detected an update and offered me to get it (went to > App Store which doesn't see it)? What's up? I don't know, but I'm at iTunes 11.2.1, and the App Store hasn't done anything about that s...

Did Mac OS X 10.5.8's Airport Update reset anyone's AP to use?
Hello! I was doing big updates in Mac OS X 10.5.8 through its Software Update earlier on a client's MacBook Pro. After the required reboot, I noticed it went to an open AP (titled Linksys, duh) instead of the protected AP I was on earlier. I had to re-enter the datas and stuff even though it has a history of previous APs. Weird that it forgot the one it was just on! Did anyone experience that too with the latest Airport update? Thank you in advance. :) -- "An ant may work its (her) heart out, but it (she) can't make money." --unknown /\___/\ / /\ /\ \ Phil/Ant @ http://antfarm.ma.cx (Personal Web Site) | |o o| | Ant's Quality Foraged Links (AQFL): http://aqfl.net \ _ / Nuke ANT from e-mail address: philpi@earthlink.netANT ( ) or ANTant@zimage.com Ant is currently not listening to any songs on his home computer. ...

Your Mac won't start up in Mac OS X (Mac OS X 10.3.9 or earlier)
Your Mac won't start up in Mac OS X (Mac OS X 10.3.9 or earlier) Nothing can be more frustrating than turning on your Mac only to find that it won't start up. Instead of seeing the Finder, you see a blue or gray screen, an icon of a broken folder, a kernel panic, a flashing question mark, or a computer that just sits there. What can you do? Don't worry. It could be a simple issue that you can fix yourself. Note: This article applies to Mac OS X 10.3.9 or earlier. Tip: If your computer won't start at all, skip to "You see a blank, gray screen" below. The first step to help your Mac start up again is to identify which symptom you see. Once you know what the symptom is, you can try to fix it. Here's a list of the most common things you might see if your Mac turns on but doesn't start up. Click the link for the symptom you see, then follow the steps to fix it. You see an empty, blue screen. You might also see a progress indicator, which looks like a colored pinwheel or spinning disc. A "broken folder" icon, a prohibitory sign, or "kernel panic" message appears. Sam Walker Apple Specialist You see a blank, gray screen. A flashing question mark appears. None of the above happens, but your Mac doesn't start up. You see an empty, blue screen. You might also see a progress indicator, which looks like a colored pinwheel or spinning disc There are several different things you can try to fix this symptom. Go through eac...

Access Apple Mac OS X 10.5.8's Time Machine backups from non-Apple Mac machines?
Hello. Is it possible to access an external USB HDD's data, that is used for Apple Mac OS X 10.5.8's Time Machine backups, on non-Apple Mac machines (Windows and Linux)? Or can it be only be accessed with a Mac? I use multiple computers and OSes. Thank you in advance. :) -- "In a battle between elephants, the ants get squashed." --Thailand /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / If crediting, then use Ant nickname and AQFL URL/lin...

Access Apple Mac OS X 10.5.8's Time Machine backups from non-Apple Mac machines?
Hello. Is it possible to access an external USB HDD's data, that is used for Apple Mac OS X 10.5.8's Time Machine backups, on non-Apple Mac machines (Windows and Linux)? Or can it be only be accessed with a Mac? I use multiple computers and OSes. Thank you in advance. :) -- "I have to sit up with a sick ant." --unknown /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / If crediting, then use Ant nickname and AQFL URL/link. ( ) ...

Mac OS X 10.8.5's App Store keeps offering the free 10.10 Mavericks...
Hello. Mac OS X 10.8.5's App Store keeps offering the free 10.10 Mavericks when I manually check for updates. I right clicked and hid this update to make it go away. After I exit App Store and recheck for updates, it returns. Why is it not hiding? I don't want it! :( Thank you in advance. :) -- "Are you slower than an ant?" --Sai Yuk from The Legend of Fong Sai Yuk movie (English subtitles) /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | ...

3/Three usability issues in Mac OS X 10.8.5: Re(storing/covering) huge files from its Trash bin, renamed Time Machine's disk drive, and bring back Finder's sidebar external USB HDD icons?
Hi again. I just ran into a weird/an odd usability issue that bugged me in an updated Mac OS X 10.8.5 earlier: I tossed a huge 4.5 GB folder into Mac OS X 10.8.5's Trash bin. I decided to restore it back to the same exact place by dragging the folder back to the same place in Finder. However, it did a copy. Shouldn't it be a move? Isn't there a restore to the back place option? 2. I renamed an external HDD's name that was used for Time Machine (TM) back up. When I went to back up, it told me it couldn't. So, I looked at TM settings. I noticed it was looking for the old name even though it was the same exact disk. I told it to reuse the renamed disk to resume. Why is it that picky on my renamed disk drive? 3. Also, how do I get back Finder's sidebar icon for mounted external USB HDD? I accidently removed it. Unmounting and remounting doesn't make it come back. Thank you in advance. :) -- "Don't step on ants... they're people too." --a quote from ANTZ movie. /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / If crediting, then use Ant nickname and AQFL URL/link. ( ) If e-mailing, then axe ANT from its address if needed. Ant is currently not listening to any songs on this computer. In article <07edndf9S_Q_FszPnZ2dnUVZ_sqdnZ2d@earthlink.com>...

Study: Apple's Mac OS X 'world's safest and most secure' operating system
http://www.macdailynews.com/comments.php?id=P3766_0_1_0 AeoN wrote: > > http://www.macdailynews.com/comments.php?id=P3766_0_1_0 Taking after windopes in more ways than one. 1. Its not GNU/Linux and therefore nothing to do with Linux. 2. Its not free and you have to pay. 3. Its closed source. 2. I can't count. It is clearly world's safest and most secure operating system (not - only 80 holes fixed that last time they did a patch, so if there were 81 bugs, you are fscked now! - clever ain't it?) 5. So what happened when they started claiming their PCs were the...

Panther: A Switcher's Guide to What's New in Mac OS X 10.3
http://www.theideabasket.com/modules/news/article.php?storyid=76&page=0 Interesting article... Some quotes from the conclusion: "Panther isn't perfect, but it's damn close. It's overall the best operating system I have ever used. I might have said the same thing back when I first became a Switcher, but that was partially due to the fact that I was sick to death of dealing with Windows problems and I was sick to death of Microsoft's shady business practices." "The fact is that Apple, far from being a niche player in a race that it lost long ago, is healthier than it's been for years. The company is poised for growth, and most industry analysts agree that the overriding need to stick with the Windows platform is rapidly dissipating. The Microsoft monopoly may still be in full swing, but there's definitely a way out. So far, to the best of my knowledge, the Macintosh is the only computer platform that can fully compete head-on with the "Wintel" juggernaut, and I heartily encourage anyone living near a computer store carrying the latest Mac models (particularly an Apple Store if possible) to go there soon and, with an open mind, evaluate the latest and greatest from Apple. Who knows? You just might discover that, despite what you may have heard to the contrary, there's some real substance behind the style after all." Snit wrote: > http://www.theideabasket.com/modules/news/article.php?storyid=76&page=0 >...

Uninstalling PinePico-4.58-SSL-10.2.pkg on Mac OS X 10.2.8
How to uninstall PinePico-4.58-SSL-10.2.pkg on Mac OS X 10.2.8? I could not find such information at <http://www.washington.edu/pine/faq/index.html>. Please, note that I do not know about Unix commands. I am just a Mac user. I have downloaded it from <http://www.apple.com/downloads/macosx/unix_open_source/> and then <http://www.apple.com/downloads/macosx/unix_open_source/pinepico.html>. I have seen <http://www.washington.edu/pine/> I installed it thinking that it was a client eMail application that would allow me to check with a true Mac OS X Aqua interface my eMail...

Lock Mac OS X 10.5.8's dock icons?
Hi! Once in a while, my client and I accidently drag an icon while clicking on it to make it go away. Is there a way to lock these dock icons so they won't move and vanish? Yes, our hands aren't steady since we're old. :( Thank you in advance. :) -- "In a battle between elephants, the ants get squashed." --Thailand /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / If crediting, then use Ant nickname and AQFL URL/link. ( ) I...

Deleting specific files in Mac OS X 10.5.8's Trash?
Hello. In Windows and Linux/Debian's Gnome v2.30.2, I can highlight specific file(s) to delete from its recycle bin. Can I do the same in Mac OS X 10.5.8's trash? It seems like I have to empty everything or restore the one(s) to keep first before emptying it. Thank you in advance. :) -- "Since the world began, we have never exterminated. We probably shall never exterminate as much as one single insect species. If there was ever an example of an insect we cannot destroy, the fire ant is it." --an entomologist quote mentioned by Leonard Nimoy on In The Search Of: Dead...

How to delete/remove DigiNotar in Mac OS X 10.5.8's Safari?
Hello. I noticed Apple never released an update to delete/remove DigiNotar in Mac OS X 10.5.8 since I have all updates. I was able to tell Keychain to untrust it from http://fairerplatform.com/2011/09/how-to-disable-diginotar-ssl-certificate/article, but it won't let me delete it. Mac OS X just beeps at me when I hit delete key on this Intel MacBook Pro (from October 2008). I tried dragging it to the trash can, but that didn't do anything. Am I missing something? I did unlock this Keychain screen and was able to untrust. Thank you in advance. :) -- "Busy as ants hurrying...

2 Mac OS X 10.5.9's iPhoto newbie questions.
Hello. I have two newbie questions in Mac OS X 10.5.8's iPhoto version (I assume v6?) with a client: 1. How does one zoom in/out a specific area in an image? Not zoom in/out the whole image. Just an area like the face. 2. How does one use the red eyes removal feature? We played with it, but it gave us big black eyes. Now, we can't remove/undo them too! Thank you in advance. :) -- "The tiny ant dares to enter the lion's ear." --Armenian /\___/\ Phil./Ant @ http://antfarm.ma.cx (Personal Web Site) / /\ /\ \ Ant's Quality ...

Connect an old parallel HP LaserJet 6P printer to MacBook Pros (Mac OS X 10.5.8 and 10.8.2)?
Hello. My client would like to know if it is possible to connect his very old parallel HP LaserJet 6P printer to his MacBook Pros since inkjet printers' inks are expensive compared to old reliable and cheaper laser. I assume it would require an USB+parallel adapter to physically connect. Also, there are HP drivers for Mac OS X 10.5.x and older, but none for the newer ones like 10.8.2. :( Thank you in advance. :) -- "The ambitious one makes friends with the elephant, then tramples upon the ant." --Indian /\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / If crediting, then use Ant nickname and AQFL URL/link. ( ) If e-mailing, then axe ANT from its address if needed. Ant is currently not listening to any songs on this computer. In message <BI2dnW0DCvEIkhvNnZ2dnUVZ_tGdnZ2d@earthlink.com> Ant <ant@zimage.comANT> wrote: > Hello. > My client would like to know if it is possible to connect his very old > parallel HP LaserJet 6P printer to his MacBook Pros since inkjet > printers' inks are expensive compared to old reliable and cheaper laser. > I assume it would require an USB+parallel adapter to physically connect. It would be cheaper to buy a decent laser printer, and you'd get a scanner and duplex and faxing <spit> in the bargin. Oh, and...

Re: Subject: Building ACE 5.3.1 on Mac OS X (Tiger) 10.4.2 was [ace-users] Building ACE on Mac OSX 10.4 #2
Hi Jason, >> I know it isn't the most recent version available, but this version >> is used extensively across the corporation. Changing the version of >> ACE all these products used will cause the architect's heads to >> explode ;) >> >> Is it your opinion that 5.3.1 is hopeless cause on Tiger? It'll take some work, but companies like Riverace, Remedy, and OCI can help out with this stuff if staying with 5.3.1 is essential. Please see http://www.cs.wustl.edu/~schmidt/commercial-support.html for help with this stuff. >> > http://cvs.doc.wustl.edu/ >> I will try it out, and let you know how it works. Great - if there are any problems please let us know quickly so that we can get the fixes into the x.4.8 beta. Thanks, Doug -- Dr. Douglas C. Schmidt Professor and Associate Chair Electrical Engineering and Computer Science TEL: (615) 343-8197 Institute for Software Integrated Systems WEB: www.dre.vanderbilt.edu/~schmidt Vanderbilt University, Nashville TN, 37203 NET: d.schmidt@vanderbilt.edu ...

RE: Subject: Building ACE 5.3.1 on Mac OS X (Tiger) 10.4.2 was [ace-users] Building ACE on Mac OSX 10.4 #2
Hi Jason, > > >> ACE VERSION: 5.3.1 > > > > This version of ACE is ANCIENT. The forthcoming ACE 5.4.8 > beta should > > work "out of the box" for Mac OS X Tiger. If you want a preview, > > please download the version in our CVS repo at > > I know it isn't the most recent version available, but this > version is used > extensively across the corporation. Changing the version of > ACE all these > products used will cause the architect's heads to explode ;) ;-) Right - this is where the value of commercial support providers comes into play. DOC's research efforts continue to march on as they should, while commercial product efforts are best served by sticking with a version of ACE over time. Companies such as Riverace can make a 5.3-base version work on Mac OS X Tiger, for instance, as well as make sure that when your product is ready for an upgrade, the new version of ACE won't surprise you. I'd be happy to discuss further how we can help you and your architects - we don't want any heads to explode :-) -Steve -- Steve Huston, Riverace Corporation Helping you succeed with ACE See http://www.riverace.com/support.htm ...

Mac OS X 10.9 (Mavericks)'s App Store v1.3 (201)'s "Updates installed ..." section.
Hello. I have a couple questions with the new Mavericks OS (clean install): 1. Is there a way to hide this "Updates Installed In The Last 30 Days" section? It keeps confusing me that these are new updates available to download and install until I read the section's title. :P I like how Windows does its update history hidden at first and then I can view them when I want to. 2. Is there a way to show more than 30 days when Mavericks' release is over 30 days old? Thank you in advance. :) -- Quote of the Week: "A centipede is an ant made to Canadian/government specs." --unknown /\___/\ Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / Please nuke ANT if replying by e-mail. If crediting, ( ) then please kindly use Ant nickname and AQFL URL/link. Ant wrote: > Hello. > > I have a couple questions with the new Mavericks OS (clean install): > > 1. Is there a way to hide this "Updates Installed In The Last 30 Days" > section? It keeps confusing me that these are new updates available to > download and install until I read the section's title. :P I like how > Windows does its update history hidden at first and then I can view them > when I want to. > > 2. Is there a way to show more than 30 days when Mavericks' release is > over 30...

Backup versus/vs. Sync in Mac OS X 10.8.3's iTunes with an iPhone 4S?
Hello. Are iTunes' backup and sync with an iPhone 4S, two different things? I noticed last night, backing up did not copy iPhone 4S' data to MacBook Pro's Mac OS X 10.8.3 softwares. However, Sync did. I thought they were the same like Sync only synchronize and backups did full iPhone backups with personal data to MacBook Pro. Note that iTunes is configured to not to overwrite iPhone's datas since updating/editing/creating on MacBook Pro is very rare. Thank you in advance. :) -- Quote of the Week: "Bother," said Winnie the Pooh, as he stepped on an ant. /\___/\ Ant(Dude) @ http://antfarm.home.dhs.org (Personal Web Site) / /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net | |o o| | \ _ / Please nuke ANT if replying by e-mail. If crediting, ( ) then please kindly use Ant nickname and AQFL URL/link. In article <YNednU8SepcycRrMnZ2dnUVZ_tKdnZ2d@earthlink.com>, Ant <ANTant@zimage.com> wrote: > Hello. > > Are iTunes' backup and sync with an iPhone 4S, two different things? yes, and they can be done separately. > I noticed last night, backing up did not copy iPhone 4S' data to MacBook > Pro's Mac OS X 10.8.3 softwares. yes it did, to the backup folder. > However, Sync did. I thought they were > the same like Sync only synchronize and backups did full iPhone backups > with personal data to MacBook Pro. N...

Mac OS X 10.2.8 worse then 10.1
I "upgraded" my G3 PowerMac from Mac OS X 10.1 to 10.2.8, mainly because I was able to get the install CDs extremely cheap and it means I can use a slightly newer web browser and newsreader. It's not noticeably any faster nor slower, but 10.2.8 is definitely a lot buggier. :-( - The display goes to sleep for no reason and the only way to get it back is to force a reboot. (I haven't had time to work out whether it only happens after using Classic, but does happen even if I have quit Classic.) - FileMaker Pro (under Classic) now duplicates objects when dragging them, rather than moving the original. Apparently a known bug that FileMaker Inc never bothered to fix. - Using the Finder's duplicate command to create an copy of an Illustrator document names the copy as "{original name}.ai copy.ai" rather than just "{original name} copy.ai" and weirdly only seems to happen with Illustrator documents! - Opening the duplicate file, even after manually renaming it, in Illustrator (under Classic) gives an error message about it being a corrupt PDF, but at least the document still works fine. And those are just the most frequent issues off the top of my head. There were never any issues using Mac OS X 10.1, other than a VERY occassional system feeze / crash. On 10/19/2013 10:01 PM PT, Your Name typed: > I &quo...

Installing gnuplot 4.2.2 on Mac G4 under Mac OS X 10.4.11
In attempting to install gnuplot 4.2.2 on a Mac G4 running Mac OS X v. 4.2.2, I got several error messages before the installation failed. The error messages asked that I report these messages to the gnuplot lists, so the excerpt below contains the transcript of the installation. Any suggestions as to how to install gnuplot 4.2.2? Starfighter. Last login: Wed Nov 21 03:22:17 on ttyp1 Welcome to Darwin! dsl092-239-159:/ samueldupree$ tar -xzf gnuplot-4.2.2.tar.gz dsl092-239-159:/ samueldupree$ ls dsl092-239-159:/ samueldupree$ cd gnuplot-4.2.2 dsl092-239-159:/gnuplot-4.2.2 samueldupree$ ./configure --prefix=/usr/ local checking for a BSD-compatible install... /usr/bin/ginstall -c checking whether build environment is sane... yes checking for gawk... gawk checking whether make sets $(MAKE)... yes checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ANSI C... none needed checking for style of include used by make... GNU checking dependency style of gcc... gcc3 checking for function prototypes... yes checking how to run the C preprocessor... gcc -E checking for egrep... grep -E checking for ANSI C header files... yes ...

Mac file dialog extensions [2.8.1, Mac OS-X, xCode 2.4.1]
------_=_NextPart_001_01C755D2.E5708505 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi Looking at the code in Mac/Carbon/FileDlg.cpp, at NavEventProc, in response to the kNavCBPopupMenuSelect event, I noticed that the code takes the LAST extension from the filter and attaches it to the file. I find this a bit strange, and I would expect the FIRST extension of each file type to be the most dominant one, so that it's used as the default extension if none is supplied. Is there any reason for using the last extension (o...

MacPython 2.2 on Mac OS X 10.3.8
I have a user who is is having trouble getting MacPython on his OS X 10.3.8 system. When he runs ConfigurePythonCarbon, he gets this error: [terminated] 'import site' failed; use -v for traceback traceback )most recent call last): File "Moes:SWdev:Jack:Python2.2:Mac:script:configurePython.py", line 11 , in ? Import error: No module named os I have had no trouble on my system (same version). What can cause this? -Paul Paul Miller wrote: > I have a user who is is having trouble getting MacPython on his OS X > 10.3.8 system. > > When he runs Configure...

Web resources about - Mac OS X 10.8.2's firewall not enabled by default? - comp.sys.mac.system

Endian Firewall - Wikipedia, the free encyclopedia
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. , a non-profit organization.

China’s firewall cracks: Facebook allowed in free-trade zone of Shanghai
... out that China looks quite dark. That may change soon. According to the South China Morning Post , Beijing is lifting the Internet firewall ...

NSA Firewall - Don't be spied on! on the App Store on iTunes
Get NSA Firewall - Don't be spied on! on the App Store. See screenshots and ratings, and read customer reviews.

Great Firewall of China - Flickr - Photo Sharing!
... has blocked access to all images on Flickr in China. http://www.flickr.com/help/forum/41998/ Oops! My blog too! http://www.greatfirewallofchina.org/ ...

"Firewall" (Say NO to #SOPA and #Protect-IP) - YouTube
Music and Lyrics by Leah Kauffman Visit http://www.voteforthenet.com and http://www.stopcensorship.org to save the internet! Buy single on iTunes ...

Security appliances are riddled with serious vulnerabilities, researcher says - firewalls, Citrix, antispam ...
The majority of email and Web gateways, firewalls, remote access servers, UTM (united threat management) systems and other security appliances ...

Google encrypts China searches, defying Great Firewall
Google has begun routinely encrypting web searches conducted in China, posing a bold new challenge to that nation's powerful system for censoring ...

Forget the firewall, it's time to cosy up to your data
Businesses must go beyond the ‘perimeter’ approach to security and focus on understanding the nature of their data and managing access accordingly. ...

FBI director: Forget firewalls, Sabu proves attribution wins domestic cyber war
In a call to arms aimed at the private sector, the FBI’s director of 11 years Robert S. Mueller has declared that war on the new 'terror', cyber, ...

Great Firewall 'upgrade' hits China internet users
... access to internet disrupted. Chinese authorities who have long sought to limit access to information have reinforced the so-called Great Firewall ...

Resources last updated: 3/10/2016 5:09:25 PM