3.27.2016

Accessing nginx on firewall OS X from the network.

Short Version:

In your nginx.conf file, put this directive near the top (under the 'user' directive, for example):
daemon off;
Enable the OS X firewall for the executable, and you're done. No pfctl, No sysctl, No ipfw (for older OS X).

___

I use OmniFocus to track tasks, and due to company policy, run a private webdav server on my Mac to sync between my MacBookPro and iPhone.

I use macports so it was simple enough to load nginx as a webdav server as follows:
sudo port install nginx +dav +davext
Assuming you have a valid nginx.conf file for your configuration, there are two more things you need to do to be able to access nginx from outside your Mac's firewall.

First, at the top of your nginx.conf file (under something 'user _www') insert
daemon off;
This is the critical step to being able to access nginx from the network (not just your machine).

Secondly, you need to tell the Mac Firewall that you want access to nginx outside your MacBookPro.  You can either simply answer yes to the pop-up 'Do you want to allow access to nginx' when you start nginx, or add it to the firewall: System Preferences->Security->Firewall->Options, select the '+' sign, and navigate to and select /opt/local/sbin/nginx. (When you select the '+' sign, you may have to select cmd-shift-g to navigate to /opt/local/sbin.)

If you've installed via macports, then the following will load and start nginx:
sudo launchctl load -w /opt/local/etc/LaunchDaemons/org.macports.nginx
This will start nginx every time you restart your Mac.

I wasted HOURS reading various 'fixes' to let the outside world into my nginx instance. For reasons I don't understand, a process started by daemondo (macports configurations and others) need the executable, nginx in this case, to run in non-daemon mode. This is accomplished as above by setting the 'daemon' directive in nginx.conf to 'off.'

Futzing with sysctl, pfctl, etc is NOT NEEDED.

1.07.2015

Upgrading early 2008 MacBook Pro with SSD - UPDATE - JANUARY 2015

UPDATE January 7th, 2015
Here in January of 2015 I'm still using my modified SSD Enabled '08 and Crucial  M4-CT256M4SSD2, 256.06 GB modified MacBook Pro. Here's my original post. It is STILL performing well, However, after a botched AFP file transfer that yielded over 242,000 0 byte entries for one file in the Document directory - I noted some behavioral problems, like Spotlight stuck indexing a lot of nuthin'. BUT The end result is Good News.

Disk Utility suggested reformatting my SSD as it was unable to repair the filesystem properly after I botched the attempt to delete the spurious files. So I
  1. Turned 'Trim Enable' to off, re-enabling Kext protection (this was of no account)
  2. Backed up the root drive via SuperDuper to a partition I keep for the purpose. This also was unnecessary (except perhaps for my peace of mind).
  3. Rebooted and entered recovery mode, reformatted the Crucial SSD and recovered from Time Machine. This turned out to be the fastest fix for a not completely clear problem.
  4. Downloaded Crucial's latest (070H) version of the firmware for Mac OS. It's an ISO file you burn to CD (or DVD). I did this with my original SuperDrive that lives in the case I got From MCE (original post).
  5. Rebooting and holding down 'C' before the Apple logo appeared, I followed the onscreen directions to update my Crucial's firmware. Reboot again.
  6. Verified via (Apple)->About this Mac->System Report->ATA SATA that the update was being reported to Mac OS X
  7. Re-enabled Trim Enabler 3.0 which took two re-boots - one to disable Kext signature verification (Apple doesn't allow signing any longer of 3rd party Kext's), and the other to turn on Trim Enabler.
I've been using Crucial memory and SSD since '06 - and have been VERY HAPPY. Cindori has kept updates of Trim Enabler up to date through Apple versions. It has proved to be highly reliable and transparent software. The 750GB drive from MCE Technologies with which I replaced this machine's original SuperDrive likewise has been reliable and unproblematic. And Apples TIME MACHINE has been a reliable and unobtrusive partner in keeping my files, even when I didn't know I needed them. I've made 3 (intended) platform restores from Time Machine - and having done systems for a LONG time - have to say it reflects why I buy Apple. Trouble free and easy. Crucial even get's points for a Mac bootable CD for upgrading my SSD Firmware. (Hint to Crucial - make a USB bootable image, eh?)

My machine is again running smoothly - fast as ever - even if it'll be 7 years old in a few months. In computer years about Nine-Hundred and Eighty. Almost Biblical.

Cheers!

~r

PS - Sorry for gushing - but a great experience should give credit to whom and where due. I have not received or sought any consideration (or acknowledgement) from any of the mentioned vendors. But each has provided me with great product, and made my life a lot better.

2.24.2013

Federal Sequester - Who's fooling Whom?

$85B - Annual impact of 'Sequester' on US Government Spending.
$85B - Monthly 'purchase' of US Treasury Bonds ($40B) and Mortgage backed securities ($45)

The sequester doesn't touch 80% of US Federal Government deficit spending this year or any year to follow.

And how does the government 'pay' for that deficit? The Federal Government simply issues IOU's in the form of US Treasury Bonds, Bills, and Notes. Because of the eroding confidence in the US Treasury's ability or desire honor those debts - the Federal Reserve Bank buys what the market won't with 'money' ingeniously and simply created on it's own balance sheet.

Sequester? Killing the economy? If a less than 20% cut in the unfunded or deficit spending trigger's a new recession, it's not sequestration that caused it. We need look no further than the chickens of massive Federal Reserve money creation machine coming home to roost, coupled with profligate Federal spending.

Let's get real. Who's fooling whom?

2.18.2013

Data breach, are you prepared?


I witnessed an exchange between a senior level corporate executive charged with his company’s data security, and a security practitioner who asked him as a briefing opener, “What are your company’s plans for addressing a data breach?” The executive replied “Working at my local gas station.” The speaker dutifully chuckled and then said “No, really - what is your corporate breach procedure?” The executive responded “That’s not an option. I have a friend who owns a gas station not far from my house, and should my company be breached, I’ll be working for him the following day.”

You may be thinking (as did I at the time) that our hapless security officer was just trying to lighten the mood. And like me, you'd be wrong. I won’t elaborate as did this executive, but suffice it to say he appeared completely serious providing entirely too much information about his exit strategy, should it come to that. Since then I’ve thought long and hard about the issue.

Those in our business who’s job it is to identify the signs of breach and provide technology to mitigate it know that breach is not necessarily (and usually is not) catastrophic. But ignoring the skull and cross-bones on the bottle won’t make the poison any less deadly. Pretending breach can’t happen is likely only to exacerbate it’s effects.

To protect our businesses and systems against breach with human and technical measures is table stakes. To prepare to respond to data breach is the same as any other contingency or business continuity planning - is simply best practice. It's unfortunate the lack of the latter remains 'the unthinkable' to so many - evidenced by the following ground-hog's day scenario:

  • Week 1 (Company Spokesman) “The system compromised was an ancillary system containing no personally identifiable information."  
  • Week 4 (Company Spokesman) “We've determined that a small number of email addresses were leaked and we've notified the affected individuals. There is no evidence of further compromise."
  • Week 8 (Company Spokesman) "Our authentication system was apparently compromised and we've reset the affected accounts and notified account holders. Our systems are now secure." 
  • Week 10 (New spokesman) "Acme Inc. deplores the illegal and criminal theft of user accounts and business data, and is recommending it's customers and business partners reset their passwords and contact our hotline should they notice any unusual account activity."  
  • Week 12 (a Business Journal) "Acme Inc. shares continue to fall on further reports revealing the scope of last quarter's data breach and it's management's apparent inability to address the fallout in an open, timely, and forthright manner.

The bottom line is aptly articulated by Brian Lapidus, COO of the Cybersecurity & Information Assurance practice of Kroll:

“Establish a comprehensive breach preparedness plan that will enable decisive action and prevent operational paralysis when a data breach occurs.”

Not quite the head-in-the-sand approach of our executive friend.


That data breaches occur is unsurprising. The trend indicates they will increase in both frequency and magnitude. Does your disaster recovery plan include a defined procedure to classify and deal with data breach? Has it been tested? Do you perform at least annual 'dry-runs?' If so, thank you. If not, why not?

Here is but a sampling of practice guidelines to help you get started:
http://www.krollcybersecurity.com/resources/data-security-resources/data-breach-prevention-tips.aspx
http://www.diskagent.com/resources/Data_Breach_Incident_Response_Workbook_by_Debix.pdf
http://usa.visa.com/download/merchants/cisp_responding_to_a_data_breach.pdf
http://www.experian.com/assets/data-breach/brochures/response-guide.pdf
http://www.americanbar.org/content/dam/aba/administrative/litigation/materials/sac_2012/22-15_intro_to_data_security_breach_preparedness.authcheckdam.pdf
http://www.justice.gov/opcl/breach-procedures.pdf
http://www.ibm.com/developerworks/library/cl-hipaa/index.html

~r

1.21.2013

After 26 Years - Questions: A Farewell to Congress



Excessive government has created such a mess it prompts many questions:
  • Why are sick people who use medical marijuana put in prison?
  • Why does the federal government re- strict the drinking of raw milk?
  • Why can’t Americans manufacture rope and other products from hemp?
  • Why are Americans not allowed to use gold and silver as legal tender as mandated by the Constitution?
  • Why do our political leaders believe it’s unnecessary to thoroughly audit our own gold?
  • Why can’t Americans decide which type of light bulbs they can buy
  • Why is the TSA permitted to abuse the rights of any American traveling by air?
  • Why should there be mandatory sen- tences—even up to life for crimes without victims—as our drug laws require?
  • Why is Germany concerned enough to consider repatriating their gold held by the FED for her in New York? Is it that the trust in the U.S. and dol- lar supremacy is beginning to wane?
  • Why have we allowed the federal government to regulate commodes in our homes?
  • Why is it political suicide for anyone to criticize AIPAC ?
  • Why haven’t we given up on the drug war since it’s an obvious failure and violates the people’s rights? Has nobody noticed that the authorities can’t even keep drugs out of the pris- ons? How can making our entire so- ciety a prison solve the problem?
  • Why do we sacrifice so much getting needlessly involved in border dis- putes and civil strife around the world and ignore the root cause of the most deadly border in the world—the one between Mexico and the U.S.?
  • Why does changing the party in pow- er never change policy? Could it be that the views of both parties are es- sentially the same?
  • Why did the big banks, the large cor- porations, and foreign banks and for- eign central banks get bailed out in 2008 and the middle class lost their jobs and their homes?
  • Why do so many accept the deeply flawed principle that government bu- reaucrats and politicians can protect us from ourselves without totally de- stroying the principle of liberty?
  • Why do so many in the government and the federal officials believe that creating money out of thin air creates wealth?
  • Why does Congress willingly give up its prerogatives to the Executive Branch?
  • Why can’t people understand that war always destroys wealth and lib- erty?
  • Why did we ever give the govern- ment a safe haven for initiating vio- lence against the people? 
  • Why is patriotism thought to be blind loyalty to the government and the politicians who run it, rather than loyalty to the principles of liberty and support for the people? Real patrio- tism is a willingness to challenge the government when it’s wrong.
  • Why do some members defend free markets, but not civil liberties?
  • Why do some members defend civil liberties but not free markets? Aren’t they the same?
  • Why is there so little concern for the Executive Order that gives the Presi- dent authority to establish a “kill list,” including American citizens, of those targeted for assassination?
  • Why don’t more defend both eco- nomic liberty and personal liberty?
  • Why is it claimed that if people won’t or can’t take care of their own needs, that people in government can do it for them?
  • Why are there not more individuals who seek to intellectually influence others to bring about positive chang- es than those who seek power to force others to obey their commands?
  • Why do we allow the government and the Federal Reserve to dissemi- nate false information dealing with both economic and foreign policy?
  • Why is democracy held in such high esteem when it’s the enemy of the minority and makes all rights relative to the dictates of the majority?
  • Why should anyone be surprised that Congress has no credibility, since there’s such a disconnect betweenwhat politicians say and what they do?
  • Why does the use of religion to sup- port a social gospel and preemptive wars, both of which requires au- thoritarians to use violence, or the threat of violence, go unchallenged? Aggression and forced redistribution of wealth has nothing to do with the teachings of the world great re- ligions.
  • Is there any explanation for all the deception, the unhappiness, the fear of the future, the loss of confidence in our leaders, the distrust, the an- ger and frustration? Yes there is, and there’s a way to reverse these atti- tudes. The negative perceptions are logical and a consequence of bad policies bringing about our prob- lems. Identification of the problems and recognizing the cause allow the proper changes to come easy. 

11.07.2012

Obama Nation - Four More Years

US Federal deficit spending continues unabated, real gross domestic product continues to decline, the population of employed workers has declined to 2005 levels in less than 4 years despite an 8% increase in the overall US population and its potential workforce. The current unemployment rate (11/2012) has been exceeded only twice since 1948.



US Annual Federal Budget Deficit. This graphs represents annual deficit spending. At the same time, the total US Government debt (outstanding obligations of the United States) has increased 64% in 4 years, with no end in sight. Any wonder the Fed is forcing interests rates low?




%GDP Growth 1969-2011 - US Bureau of Economic Analysis. GDP growth continues to trend down with both the ‘highs’ and the ‘lows’ getting lower.




US Employment vs Population. Over the period 2002-2011, the population grew just shy of 1% per year or 8% in aggregate. The absolute number non-farm employment as of October 2012 has declined since the Q3 2008 to the level of May 2005.



US Unemployment Rate (Bureau of Labor Statistics). October 2012’s rate is 7.9%, an uptick from last month and about the same as when Obama took office.



References:

US Bureau of Economic Analysis - Published 10.25.2012 http://www.bea.gov//national/nipaweb/
US Bureau of Labor Statistics - http://data.bls.gov

10.30.2012

Central Health Tax Ratification: Travis County - Proposition 1.


Prop 1 represents a 63% increase in the taxes for health services Travis County is permitted by law to collect from you, if you’re a homeowner.

The real cost  to Travis county tax payers is on average $278/Homeowner/Year, not the $9/months ($108/yr) political ads promote. Its not about funding healthcare - its about a 63% increase in the amount the County can collect because like the Federal government, they can’t seem to live within a budget.

 Read the text of the proposition here.

Prop 1 grants the County the right to collect property taxes of 12.9 cents per $100 dollars of real estate evaluation. This represents a 63% increase above current statutory limits.

Carole Keeton Strayhorn is on the air three times an hour to assure voters that ‘It’s a conservative investment’ and that it will reap ‘hundreds of millions of dollars’ back to the county.  She tells us it will only cost the average homeowner $9/month, or $108/year.

Really?

If this were true, that would mean the median price of a home in Travis County is only $83,700. The fact is that Strayhorn in only counting the amount (63%) over what the County can collect today without the voter approval. The true cost of Prop 1 is on average $278/year per home.  To be fair - the County is going to collect the first $170 from each of us next year anyway. Prop 1 is about whether we’re going to give them another $108 on top of that. (This is based an average home price of 216,000 and the tax rate of 12.9 cents/$100 evaluation).

Prop 1’s advertising with sad stories about people having to drive to Houston for medical care because we don’t have the services here are both disingenuous and misleading.  Why is it that political ads need to lie about actual costs to the taxpayer? If Prop 1 is such a tremendous benefit to Travis County residents - why obscure the real cost? What else haven’t Prop 1 proponents told us?

Prop 1 is simply about raising taxes because Travis County, not unlike the federal government, can’t seem to operate within a budget. Unlike the Federal government - Texas state law requires the County obtain your permission before it can legally overspend.

I'm going to vote ‘AGAINST’ Proposition 1.

We have to live within our budgets. So can Travis County.