OSX Automator and Python – for mac address conversion

Recently I wrote a python script for converting mac addresses (which you can download from github) and the reason I wrote it is because I receive emails like this…

email_with_mac

The background is, I’m working on an 802.1x project, I need to find the printer, the quickest solution in this case is to look in the ARP cache of the router/switch on site.

The irritant is that in the email the MAC is in EUI format, but routers/switches are in Cisco’s. To Further irritate, Cisco ISE and ACS use EUI format so if someone sends you a MAC address from a switch or their windows machine then you need to convert it, I’ve spent a lot of time replacing dots and dashes :D

Today, I realised that I could use Apple’s Automator to grab text from somewhere… I could then parse it through my python scripts and have the results in my clip board… ready for pasting!

Below is my automator workflow

Automator_-_Convert_to_EUI_MAC

In the python field you can’t see the full text… paste in this…

import sys

addr=str(sys.argv[1])

if "." in addr:
	delimiter = "."
elif ":" in addr:
	delimiter = ":"
elif "-" in addr:
	delimiter = "-"

# Eliminate the delimiter
m = addr.replace(delimiter, "")

# Normalise Case
m = m.lower()
u = m.upper()

eui= ":".join(["%s%s" % (m[i], m[i+1]) for i in range(0,12,2)])

print eui

If you’ve having issues creating a new automator service from the screenshot I have uploaded my Convert to EUI MAC.workflow save it to ~/Library/Services

Once you’re all setup, you’ll be able to right click any mac address and convert it. I’ve also created a Convert to Cisco MAC.workflow if you need it in router/switch format.

OS X: Sync’ing keychains in the iCloud

Keychains hold passwords, certificates and general secret stuff – only do this if you understand the Apple will have access to this…. well assuming they can crack your keychain password (which they probably can).

Synchronising a keychain across macs could be useful, for example, having a dedicated keychain for WiFi credentials.

I stumbled across this link (dated Nov 2011) and found that this still works!

The ~Library/Mobile Documents/ folder is pushed to all iCloud enabled computers, so I have created a new folder, and copied my WiFi keychain into it:

$ mkdir ~/Library/Mobile\ Documents/com~linickx~icloud
$ cp ~/Library/Keychains/wifi.keychain ~/Library/Mobile\ Documents/com~linickx~icloud/

If you only have one keychain login.keychain, consider splitting out the really secret stuff and only sync’ing the stuff you want to share with apple.

Now open “Keychain Access”, delete the original keychain and add/open the iCloud copy. On any other Mac, add/open the iCloud keychain. Once complete, any change to the keychain will be pushed to all Macs, simplifying password changes :)

I’m also using this to sync dotfiles!

You could use dropbox for this, one reason to use dropbox is that iCloud sync seems to be a bit hit n miss; however Dropbox already have enough of my secrets, I’m not suggesting that iCloud is more secure, it’s just better to have many baskets.

FOOTNOTE: If your mobile documents folder isn’t sync’ing, see this post by SteveX.

OS X: anonymous ftp directory on Mountain Lion

Pretty much every google search I tried landed me on a mountain lion server page, given I’m using normal mountain lion on a macbook the results were not much use!

I use FTP to transfer images to various appliances, firewalls, proxies etc so for speed and simplicity I need anonymous ftp. The default home directory on 10.8 for anonymous FTP is /var/empty which is a special directory which I didn’t want to tamper with, once I found the right stuff in the man page changing the home of thr anonymous FTP user wasn’t actually that hard…

To get started, in case you need it, the command to start the FTP service is:

sudo launchctl load /System/Library/LaunchDaemons/ftp.plist

and to stop:

sudo launchctl unload /System/Library/LaunchDaemons/ftp.plist

The config file is /etc/ftpd.conf, mine looks like this:

# match umask from Mac OS X Server ftpd
umask all 022
chroot GUEST /Users/linickx/ftp
modify guest off
umask  guest 0707
upload guest on

As you can see, I have changed the home directory of my anonymous user to a folder called ftp inside my home directory.

Now, there’s some special security stuff you can do to that folder, see man ftpd for full details, but this should do you as a minimun

~ftp Make the home directory owned by “root” and unwritable by anyone.

~ftp/pub This directory and the subdirectories beneath it should be owned by the users and groups responsible for placing files in them, and be writable only by them (mode
755 or 775). They should not be owned or writable by ftp or its group.

~ftp/incoming This directory is where anonymous users place files they upload. The owners should be the user “ftp” and an appropriate group. Members of this group will be
the only users with access to these files after they have been uploaded; these should be people who know how to deal with them appropriately. If you wish anony-
mous FTP users to be able to see the names of the files in this directory the permissions should be 770, otherwise they should be 370.

The following ftpd.conf(5) directives should be used:
modify guest off
umask guest 0707
upload guest on

This will result in anonymous users being able to upload files to this directory, but they will not be able to download them, delete them, or overwrite them, due
to the umask and disabling of the commands mentioned above.

Happy FTP Everyone!

wireshark xquartz osx (mountain lion) – crash on start

If (like me) you have just installed wireshark and and xquartz at the same time you’ll notice that after completing both installations wireshark will crash and not start up properly.

The wireshark forum shows that if you run wireshark from the command line you get this error..

(process:1234): Gtk-WARNING **: Locale not supported by C library.
    Using the fallback 'C' locale.

(wireshark-bin:1234): Gtk-WARNING **: cannot open display:

… for which there are a couple of work arounds, such as setting your display variable or opening wireshark from within an xquartz terminal window.

The actual fix was found here, notice the log out after installing… by simply logging out and back in again my wireshark now loads without any nasty work arounds.

Hope that helps!

OS X: Mediatomb (luanchd) .plist file for automatic start up.

Inspired by this, but better ;)

So now I have got mediatomb working, I’ve started on my own StartupItem so that it loads at boot time. The reason it is better is because you can start and stop mediatomb via launchctl.

I saved the below (the more) as /Library/LaunchDaemons/com.linickx.mediatomb.plist.

To start:

sudo launchctl load /Library/LaunchDaemons/com.linickx.mediatomb.plist

To stop:

sudo launchctl unload /Library/LaunchDaemons/com.linickx.mediatomb.plist

Happy Days!

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>  
	<key>Label</key>
	<string>com.linickx.mediatomb</string>
	<key>ProgramArguments</key>
	<array> 
		<string>/usr/local/bin/mediatomb</string>
		<string>-e</string>
		<string>en0</string>
		<string>-P</string>
		<string>/Users/nick/.mediatomb/mediatomb.pid</string>
		<string>-p</string>
		<string>49152</string>
	</array>
	<key>UserName</key>
	<string>nick</string>
	<key>ServiceDescription</key>
	<string>Run MediaTomb at boot</string>
	<key>RunAtLoad</key>
	<true/>
	<key>Nice</key>
	<integer>20</integer>
	<key>KeepAlive</key>
	<true/>
	<key>StandardErrorPath</key>
	<string>/Users/nick/.mediatomb/error.log</string>
	<key>StandardOutPath</key>
	<string>/Users/nick/.mediatomb/output.log</string>
</dict>
</plist>

OS X: PS 3 Media Server service for start at boot (launchd)

Given the popularity of the Playstation 3 Media Server (PSM) I’m a bit confused to why I struggled to find a good solution to this…PSM does does not come with an mac service for running it a boot time, there is a windows service and some stuff for linux if you google but the best effort I could find for OS X was a bodge via SSH!

This is my best effort so far, it’s not perfect but it’s a start. Below the more link, is a launchd .plist file which if you place in /Library/LaunchDaemons/ will start PSM at boot time, well kinda.

The catch is that a user needs to log in, any user will do, the process will run as the user defined in the .plist file but since PSM requires some kind of windowing libraries it simply will not start until a user logs in!

Continue reading

OS X: Converting videos but keeping the timestamp

I got a new computer, w00t! My family like to use the point-and-click camera for adhoc videos whilst we’re out and about, the thing is it’s very old and records in a rubbish AVI format which consumes massive amounts of disk space, b000!

After a bit of googling I wrote the below, it’ll search through your disk and find AVI files, check that the file extension is .AVI and then convert it to .mp4; for bonus points it’ll change the timestamp of the mp4 to match the avi so that it’ll import into iPhoto albums nicely.

#!/bin/bash
export IFS=$'\n'
for i in $(find ./ -type f -name '*.AVI') 
	do 
		if [ ${i: -4} == ".AVI" ]
			then
			echo "Converting $i"
			ffmpeg -i "$i" -s 480x320 -aspect 4:3 -b 768k -ab 64k -ar 22050 -r 30000/1001 "${i%.AVI}.mp4"
			sleep 5
			TSTAMP=`gls -l --time-style=+%Y%m%d%H%m "$i" | awk '{print $6}'`
			touch -mt $TSTAMP "${i%.AVI}.mp4"
			sleep 5 
			rm -f "$i"
		fi
	done

Quick Note: gls is the GNU version of ls not the built in BSD-MAC version, you get it via homebrew (brew install coreutils)

PHP to solve problems

PHP make you think of web app’s right? … well, did you know you can run it from the CLI to?

Recently I’ve been doing a lot of spreadsheet and sub-netting type stuff, whilst doing this mundane work I’ve realised that I can get scripts to work for me. I’ve started to post a few PHP network functions to github which I’ve been using.

Here’s an example: I have a nokia firewall, the routing table in voyager is shown in the following format -

Network / CIDR Mask , Gateway
10.0.0.0 / 8 , 10.0.0.1

I need that same routing in a Cisco ASA format -

Network , Mask , Gateway
10.0.0.0, 255.0.0.0, 10.0.0.1

Now this is not a problem for a few routes but the firewall I’m looking at now has 177 static routes, which I don’t want to convert manually.

Roll in PHP!
Save the original routing table as a .csv file. ColA = ip/mask , ColB = gateway.

Save this a route_conv.php

<?php

	/**

		Change the below to your CSV File.

	**/

	$firewall_csv = "./routes_cdr.csv"; 

	/**

		Function to convert CIDRs such as "23" to decimall dotted like "255.255.254.0"
		I've got more of these: https://gist.github.com/1309388

	**/

	function cidr2mask($netmask) {

		$netmask_result="";
		for($i=1; $i <= $netmask; $i++) {
		  $netmask_result .= "1";
		}

		for($i=$netmask+1; $i <= 32; $i++) {
		    $netmask_result .= "0";
		}

		$netmask_ip_binary_array = str_split( $netmask_result, 8 );

		$netmask_ip_decimal_array = array();
		foreach( $netmask_ip_binary_array as $k => $v ){
		    $netmask_ip_decimal_array[$k] = bindec( $v ); // "100" => 4
		}

		$subnet = join( ".", $netmask_ip_decimal_array );

		return $subnet;

	}

	ini_set('auto_detect_line_endings', true); // detect CR

	if (file_exists($firewall_csv)) {

		$file = fopen($firewall_csv, 'r');

		$counter = 0; // array counter

		while (($data = fgetcsv($file)) !== FALSE) {
			
			list($ip, $netmask) = split( "/", $data[0] ); // SPLIT Col A into IP & Mask

			$netmask = cidr2mask($netmask); // Covert Mask

			$gateway = $data[1]; // Col B

			/**
				This echo is the CSV style output, but you could change this to echo "route add $ip $mask $ gateway \n" for unix style output.
			**/

			echo $ip . "," . $netmask . "," . $gateway . "\n";

		}

		fclose($file);

	} else {
		
		echo "404: $firewall_csv \n"; // FILE NOT FOUND.

	}
?>

from your CLI run “php route_conv.php” and enjoy the output!

Unread Gmail on your OSX Desktop

1) Install GeekTool
2) Run this script….


USERNAME="me@gmail.com"
PASSWORD="password"

EMAIL=`curl -u $USERNAME:$PASSWORD --silent "https://mail.google.com/mail/feed/atom" | tr -d '\n' | awk -F '<entry>' '{for (i=2; i<=NF; i++) {print $i}}' | sed -n "s/<title>\(.*\)<\/title.*name>\(.*\)<\/name>.*/\2 - \1/p"`

if [ -n "$EMAIL" ]
	then

	echo "INBOX:"
	echo "-----------------------------------------"

	IFS=$'\n'
	for i in $EMAIL
	do
		len=${#i}
		if [ "$len" -gt 40 ]
			then
			echo ${i:0:37} "..."
		else
			echo $i
		fi
	done
fi

3) smile

F5 BigIP LTM VE works in Virtual Box

Something I discovered ages ago (so long ago that my trial license expired) but forgot to post is that you can get an LTM VE to work in Virtual Box.

To get started download the ESX image from the F5 VE Trial Page, when you get the download import the OVA into virtualbox.

The only thing I needed to tweak after the import was the interface settings, you need two intels and a PCNet, the PCNet is the management interface. Set the PCNet to host only networking, give your laptop/pc an ip address on the host only network a 192.168.1 address and you’re good to go!

You may experience HIGH CPU issues after boot, but since these boxes are based on linux, you can use the divider=10 centos trick.

Enjoy your virtual load balancing!

Lowing VirtualBox priorities

One of the things I’d really like is process priorities for virtual box. In the forum I posted a couple of shell commands that I regularly type… which gets a bit tedious, following a recent article on lifehacker reviewing mac text expanding I’ve been prompted to automate a few things… below is a little shell script to lower the priority (renice) of all running virtual machines.

The advantage of doing this is that your host machine stays snappy, responsive and won’t get too over-loaded by jobs on your VMs!

#!/bin/bash
ps -xo pid,command | grep -v grep | grep startvm | while read line ;
do
        procID=`echo $line | awk '{print $1}'`
        sudo renice +10 -p $procID
done

The above code works on a mac; although I haven’t tested it, I recon to get it running on Linux you need to update the PS command, by swapping the x for an e… like this….

#!/bin/bash
ps -eo pid,command | grep -v grep | grep startvm | while read line ;
do
        procID=`echo $line | awk '{print $1}'`
        sudo renice +10 -p $procID
done

Have fun, suggestions and improvements welcome.

Xcode for WordPress Plug-in Developers

This post is an extension to this excellent article except with a subtle difference, I’m not interested in hacking the WP core, I’m writing a plug-in :)

I’m going to assume that you’ve requested access to WordPress.org’s SVN repository, and you’ve found the admin panel and want to get your Xcode goodness hooked up to the WP SVN.

To get started create a new Empty Xcode project.

Screenshot of Xcode project chooser Empty XCode waiting for LINICKX LifeStream
Xcode project chooser Empty Project

From the menu bar select SCM then Configure Repositories, the window select the + to add a new repo, the username & password pair are your wordpress.org credentials, you can find the URL to your SVN repo on the wordpress.org site.

WordPress dot org Admin Interface
The WP.org admin interface

Next from the menu bar select SCM then Repositories, highlight the repo you’ve just created and choose checkout; you’re going to be asked for a folder to “save” the contents of the repo to, I chose inside my Xcode project folder.

Checking out with Xcode
Repo’ Config Code Checkout

You now need to add those “checked out” files to you project, in the tree on the left, right/control click the blue project icon at the top and select add existing files, accept the defaults and the repo should be imported.

Code imported
Imported Code

These files now in the project need to be associated with the repo, this is done by highlighting the blue project icon and clicking the “Info” button, then click “Configure Roots & SCM”; click the + button and choose your repo folder (again)… the dropdown on the right should automatically select the correct SCM.

Project LINICKX LifeStream Info WP Xcode Edit Project Root
Project Properties Project Roots

If you now change a file / add / delete / etc it will appear under the SCM tree, you can right/control click and commit to the repo…. job done :)

WP Xcode readme txt changed
Yay it works!

Very quickly you’re going to find out that you want to test your changes prior to commiting them, to do this you may want to copy your files upto a webserver…. I get Xcode to do that for me, using macfuse to mount my webroot via ssh but for this example I’ll create a directory on the desktop … you also need to create any subdirectories you may need.. I have to create “admin”.

To copy the files we’re use an Xcode target, from the menu bar choose Project then New Target then Copy Files Target, I called my new target CopyFile. Using the info button change the absolute path of the copy – e.g. /Users/Nick/Desktop/LL … now here I ran into a problem (suggestions welcome)… next I created extra copy build phases for each subdirectory. Control/right click your Target ( i.e CopyFiles) then choose Add, New Build Phase, New Copy Files Build Phase… I then set the absolute path of this “sub target” to /Users/nick/Desktop/LL/admin/ to represent my admin subdirectory.

Finally DRAG down the files into their correct target, all being well and a fair wind clicking “BUILD” will cause your files to be copied into your directory. You can now make changes, click build to test, and then commit them to subversion when you’re happy :)

WP Xcode - Finished
Finished!

The red sweater post that inspires this now talks about creating a RUN shortcut to automatically open a web browser for testing, however mine didn’t work… I got this error “The program being debugged is not being run“… suggestions to fix welcome!