If you have any technical issues, please submit a support request.
This section is a list of current issues and news of note.
A week ago we were experiencing ssh attacks that were preventing login and slowing our server dramatically.
Most likely the attack was from compromised machines running software bots looking for weak passwords.
This is not normally an issue for us as none of the FTP users have shell access (they can not login via SSH or terminal) and the root user account can not SSH in either. In fact there is only one account that has ssh login permission. Yet the machine was running dog slow and no users could login via FTP and we couldn't login via ssh at all. Most worrying for a while.
I logged in via remote desktop and a quick check of the logs showed constant reports of failed login attempts - ah ha.
The problem was that when the ssh daemon was confronted with an incorrect password, it was checking against the password database multiple times, which was overwhelming the password services. A better explanation from [1] is "every time the attacking machine tried another key/password, it would spawn a new sshd process, which had to communicate with the password services (com.apple.SecurityServer) in order to validate the password. Eventually what ended up happening is that there were so many requests to the password services that they basically ended up just hanging, and anything that required a password: ssh, ftp, etc, just stopped working."
Firstly I changed the default /etc/sshd_config file [1], un-commenting this line and changing yes to no.
ChallengeResponseAuthentication no
This edit does not stop attackers from trying but it does protect the password services from the attack.
Next I installed the most excellent sshdfilter [2] - a perl daemon that actively monitors ssh logins and detects signs of intrusion attempts and then blocks the attacking IP addresses. Blocked addresses are saved in between reboots and the he startup script is here:
/Library/LaunchDaemons/net.jonbell.sshdfilter.plist
(this runs /etc/sshdfilterLoad.sh which runs /etc/firewallrules)
To receive email notifications for each block, edit the /etc/sshdfilterrc file (the mail= and mail policy sections - there are comments in the policy).
"The default setting is to block most failed logins after 5 attempts, some common invalid logins after 0 attempts, incorrect root logins after 2 attempts, and logins to non-existent accounts after 3 attempts. Counters are reset upon a valid login. These thresholds can be modified in the sshdfilterrc file if desired. It is not currently setup to expire the blocks (even if you set it here in the configuration file, they will remain in the persisting file)."
[1] http://www.slicksurface.com/blog/2008-06/ssh-attack-and-password-problems-on-os-x
[2] Mac OS X sshdfilter Installer:
http://projects.seas.columbia.edu/sshdfilter/sshdfilter_mac.zip
sshdfilter Project Home:
http://www.csc.liv.ac.uk/~greg/sshdfilter/
28 Jan 10 by Adam Dennis
Coretech Font Management Notes
- Feb 2006
- Updated March and April 2007.
The material in this document was in large part sourced from the three PDFs listed below as well as Apple and Adobe Technotes plus over 15 years of experience troubleshooting Mac problems.
1. Consolidate All Your Fonts Into One Folder::
Move all fonts out of the /Users/[username]/Library/Fonts folder.
Move all fonts out of the /Library/Fonts folder.
Move most fonts out of /System/Library/Fonts except:
Geneva
LastResort
Monaco
Keyboard
LucidaGrande
AquaKanaBold.otf
AquaKanaRegular.otf
(Keep Helvetica and Helvetica Neue if you do not have PostScript or OpenType versions of these. Make sure that these two fonts are in your startup (permanent) activation set if you do remove them. See more on these two below.)
If you are using classic, take everything out of /System Folder/Fonts except Charcoal, Chicago, Geneva, and Monaco.
Remember that if you are using your older Type 1 Postscript fonts you still need the screen (bitmap) font suitcase and the outline (postscript) font. (In Mac OS X, font suitcases look and behave like other font files: You can't open them by double-clicking the file as you can in Mac OS 9. Use Font Doctor or Smasher to edit these font suitcases if required.)
It is also advised that you remove everything from program specific folders in the /Library/Application Support and ~/Users/[username]/Library/Application Support folders. This includes font folders for Microsoft products, Adobe, and Macromedia.
Adobe puts fonts here:
~user/Library/Application Support/Adobe/Fonts
/Library/Application Support/Adobe/Fonts
The exception is the Adobe/Fonts/Reqrd folder. Don't delete this file, or you'll break your adobe apps.
NOTE: iCal and a few other programs require Helvetica and/or Helvetica Neue. You don't necessarily have to use the version installed by default in OSX (dFont) - you can replace these with other TrueType or PostScript versions that you use for publishing.
If you use the dFont version of either of these fonts, you may find the type in your older jobs is reflowing. If you had a PostScript or TrueType version of these fonts installed before going to OS X, you should choose to install that version instead of the dFont. Programs that require these fonts will work correctly no matter what version of these fonts is installed.
2. Delete the Myriad Font Caches:
If you see garbled font display or your applications are crashing or freezing then a likely cause is a corrupt font cache.
Under OS 9 the system would read and write to font files directly. If a crash happened at the wrong moment it was (remotely) possible for the font file to become corrupt, which could lead to all sorts of crashes. In OS X, instead of opening the original font, everything is copied into a
cache. This protects the original from damage, but unfortunately, the cache files seem to become corrupt much more often under OSX than the fonts themselves became corrupt under OS9. (from link #2)
Adobe uses it's own font caching technology (of course) to delete all the Adobe font caches do a find for "AdobeFnt" and delete everything that it finds with a .lst extension (e.g AdobeFnt.lst, AdobeFnt08.lst etc). Warning - do not delete the AdobeFnt.DB files.
You can use an app to delete all your font caches (see links below) or do it manually.
There's a number of files and folders to delete - in all cases, delete the object listed:
/Users/[username]/Library/Preferences/com.apple.ATS.plist
/System/Library/Caches/fontTablesAnnex
/Library/Caches/com.apple.ATS (this is a FOLDER, not a file)
/Library/Preferences/Microsoft/ (Office Font Cache)
Adobe Font Caches: any file that starts with AdobeFnt and ends with a .lst extension
/System/Library/Caches/All.files.whose.names.include.ATS or font. The com.apple.ATS.System.fcache and com.apple.ATSServer.FODB_System files are the most important ones to delete. But it doesn't hurt to delete of all of them.
Whichever method you choose, restart your Mac after deleting the cache files. That’s the best way to make sure OS X immediately and correctly creates new files. If a corrupt font is actually causing your problem, eliminating the cache files won’t help – but cleaning out your font caches is often effective and certainly easy.
3. Clean Up Your Font Library.
Run FontDoctor or Font Agent over all the collected fonts to remove corrupt, orphaned, duplicate and unnecessary screen fonts.
Normally you do not want dFont duplicates of any PostScript or OpenType fonts - especially the Helvetica, Times, Symbol and Zapf dFonts.
Once you've cleaned up all your fonts (Font Doctor does a nice job of putting them all in lovely alphabetised order) then you can use your font mangement utility to activate and deactivate as required. Don't have too many fonts activating at startup - let them auto-activate when possible and make sure the auto-activated fonts are set to deactivate on restart.
4. Burn a Master CD
We recommend burning a CD (or DVD if your font library is huge) to keep as a known good copy of all your fonts. Copy this CD to each workstation's hard drive and use Suitcase, Font Agent Pro or Font Explorer X to open and close them. If your font library changes regularly, burn the collection to a CD-RW. Try to enforce a strict font management policy - only one or two people in the studio should be able to add fonts to the company library.
5. Garbled Fonts in Safari, Mail
A common cause of this problem can be activating multiple versions of Helvetica. Mac OS X comes with a Helvetica.dfont already installed in the system. Activating another version of Helvetica can trigger this problem.
(Also, if you have the font Helvetica Fractions in your font collection, this can potentially trigger this problem as well. See above.)
FYI: Font Load Order (Hierarchy) under OS X
Mac OS X will use the fonts in the highest location first - later duplicates will not be loaded.
1. Application Font Folders
(eg /Applications/Microsoft Office 2004/Office/Fonts/ and /Applications/Adobe Indesign CS/Fonts)
2. Application Support Folders (in /Library or /Users/[username]/Library)
3. /Users/[username]/Library/Fonts
4. /Library/Fonts
5. /Network/Library/Fonts
6. /System/Library/Fonts
7. /System Folder/Fonts (if Classic is used)
Additional Resources::
1 A great PDF put together by J.S. McCarthy Printers, in Maine. You can find it as issue #3 on this page:
http://www.jsmccarthy.com/technical_tips.asp
2. The top link on this page is also an excellent PDF on font management with OS X:
http://www.ideastraining.com/DownloadAndTips/DownloadsAndTips.html
3. Extensis Font Management Best Practices Guide
http://www.adobe.com/products/indesign/pdfs/fonts_osx.pdf
Font Management Utilities::
FontFinangler (US$10) -- Font Cache Cleaner.
http://homepage.mac.com/mdouma46/fontfinagler/
FontDoctor (US$70) -- Coretech techos won't leave home without this wonderful software.
http://www.morrisonsoftdesign.com/with_fl/index.html
Smasher (US$50) -- a mix of Font Doctor and FontFinangler, also lets you edit font suitcases.
http://www.insidersoftware.com/SM.php
16 Apr 07 by adam dennis
The built-in fax in MacOS 10.3 & 10.4 is convenient, but Apple left some useful functionality out. In particular, sending a fax generates an ugly, plain vanilla coverpage. This is a HOWTO for customizing your coverpages:
http://members.cox.net/18james/panther-fax.html
14 Nov 06 by Adam Dennis
(Or, How to Drive Sales and Win Elections.)
Symantec and Intego have announced a new Mac virus. But fear not my fellow travellers - it appears to be nothing more than a marketing scare. Ahhh fear - such a powerful tool. The virus has been called OSX.Macarena by Symantec and Intego but is really called Machoman and first appeared as a Mac virus tutorial released on halloween (happy birthday Mike) by a member of the well known 29A group. This group with the uber-nerd name (29A is hexadecimal for 666) have written quite a few viruses - some of them very "successful" like Slammer and others innovative like Cabir - the first viable mobile phone virus. If you're really interested the source is here: http://vx.netlux.org/src_view.php?file=machoman.zip - it took quite a while to find this link. :)
In summation: There is no reliable delivery vector for this virus; it was only released as a source file and has to be compiled to work; it only runs on an Intel Mac and even the writer admits that it is "really very buggy." All this so-called virus really proves is that nasty nerds are focusing more intensely on mac now. But that's OK, unix viruses have been around for over 20 years and besides you've got Coretech as one of your watchmen.
A good article from Amit Singh discusses the "bullshit" here:
http://www.osxbook.com/blog/2006/11/05/on-mac-os-x-viruses/
By the way, Amit Singh is a generally considered a Mac OS X guru - one day I might even finish his weighty tome entitled "Mac OS X Internals". Then I'll focus on actually understanding it. One day.
09 Nov 06 by adam dennis
Serial Number Ranges:
CK539xxxxxx - CK608xxxxxx
G8539xxxxxx - G8608xxxxxx
YM539xxxxxx - YM608xxxxxx
RM539xxxxxx - RM608xxxxxx
Applies to Power Mac G5 (Late 2005) models sold between October 2005 and August 2006 and feature Dual 2GHz, 2.3GHz or Quad 2.5GHz G5 processors that have power-related issues as described below. This REP covers affected Power Mac models for up to two (2) years from the original date of purchase. I have heard that this program only applies for G5's with a 1000 watt power supply from a particular manufacturer.
Symptoms Exhibited:
• System will not start up after the power button is pressed
• No LED activity
07 Nov 06 by adam dennis