I maintain an archive of videos, especially documentaries from public media libraries from tv channels etc. on my NAS. Whilst I can use youtube-dl for the most part, it’s rather difficult for sites that use HTTP live streaming (HLS) to stream their content. In the most cases this is even AES-128 encrypted, which makes it difficult to download it. But since there’s players that support playback, it’s obviously possible to decode the stream on the client side.
Even though there are like one million guides on how to secure macOS properly, I decided to throw in my 5c on this topic. In contrast to many other guides, I’d just like to provide you with the best practices that I also use. This one is about the essential things that I always do when getting a new Mac to provide better security while preserving almost all macOS features like iCloud document saving or Time Machine usage.
As it turns out, the Apple Time Capsule only uses SMB protocol version 1 and NTLM for authentication. While this works with macOS without any changes, it often creates problem when trying to mount the the Time Capsule’s SMB share on a Linux system. With this parameters, mounting should work out of the box, given you have the cifs-utils (Debian/Ubuntu) installed:
sudo mount.cifs //10.0.0.1/Data /mnt/timecapsule/ -o password='yourpw',sec=ntlm,uid=<local user>,vers=1.0 If you have any problems or further insights, feel free to leave a comment.
Current macOS versions are weird… Often when I connect my MacBook Pro to the two screens on my desk, the wallpaper on one of that guys is either gone or changed to a different one.
After many attempts to search them in my bunch of 2k wallpapers, I eventually gave up and wrote a script that sets the wallpaper on all my screens like this:
osascript -e 'tell application "System Events" to set picture of every desktop to ("/some/path/wallpaper.
Just as a short update: Starting from the newest AirPods update, they also finally work as a headset on the Mac. Before there was a issue that caused audio quality to drop when using the AirPods both as headphones and microphones at the same time.
macOS has the osascript command line tool that allows you to run embedded AppleScript right from within shell scripts. As AppleScript also has capabilities to show notifications, you can utilize this to show messages in the macOS Notification Center.
Here is an example:
osascript -e 'display notification "Something happened" with title "Test"' If you have any further tips that will help people supercharge their shell scripts on macOS, feel free to leave them as a comment.
After finishing with the hardware and software parts of my new NAS, I decided to append another little project which is aimed to provide a simplified control panel for macOS in the menu bar on the upper right of the screen.
Objective What I wanted to achieve is a possibility to mount my various shares with one click as well as having controls for power on/off and SSH. Additionally the control should indicate whether the NAS is currently powered on or not.
UPDATE 2018-06-02: I’ve created a new version of this article called “Securing macOS” available here: https://www.davd.eu/securing-macos/
While building my new NAS, I came across the question how to provide a Time Machine backup solution for my OS X clients.
As I run OS X on all my machines I want to back up all data to my NAS.
netatalk allows to create file shares for OS X
to provide a simple solution for system backups.