Post

Replies

Boosts

Views

Activity

Reply to How to modify the launchctl config to start Postfix?
In fact the solution was much easier than I thought. I had to fully disable the "System" starting of the 2 postfix related daemons: launchctl disable system/com.apple.postfix.master launchctl disable system/com.apple.postfix.newaliases And check it is correctly registered as disabled: launchctl print-disabled system And finally create my own one inside: /Library/LaunchDaemons which is: org.postfix.master.plist containing: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>org.postfix.master</string> <key>Program</key> <string>/usr/libexec/postfix/master</string> <key>ProgramArguments</key> <array> <string>master</string> </array> <key>QueueDirectories</key> <array> <string>/Library/Server/Mail/Data/spool/maildrop</string> </array> <key>AbandonProcessGroup</key> <true/> <key>KeepAlive</key> <true/> <key>RunAtLoad</key> <true/> </dict> </plist>
Topic: App & System Services SubTopic: Core OS Tags:
3w
Reply to `cp` ( & friends ) silent loss of extended attributes & file flags
[quote='873105022, DTS Engineer, /thread/761587?answerId=873105022#873105022'] I don't know what your specific needs/requirements are here… [/quote] I am a system engineer on Unixes and a security expert. Most of my work is not in my home directory, but in the configuration of macOS so as to conform to a validation process in term of quality and security. This work represent from one to three weeks of configuration testing and validation ( network accesses, servers configuration, encryption, encryption problems recovery… ) for each update or upgrade of any OS. This is the most valuable part of my work. Then this is the part I am routinely backuping on any OS I had the luck to work on since 40 years ( I started on Unix on Cray 1 ). The usual method I professionally validated is a complete clone copy of the / FS, which in case of problem on this FS or on the whole OS, permits an immediate restart of activity with the validated system configuration. Thus avoiding for example a restart of a macOS with a netbiosd server open toward the Internet side of my network ( which could be a total security damage ). One of the tool I used and validated in this process on macOS was the highly known and tested CCC ( aka Carbon Copy Cloner ). I use a very similar shell script based on rsync on other serious Unixes. By serious I mean an OS a good will engineer can secure to a high level easily, and is helped in this task by the architecture of the OS and its admin tools.
Topic: App & System Services SubTopic: Core OS Tags:
Feb ’26
Reply to Where is macOS server for Sequoia?
Thank you for the information. I understand better why I felt that stupid about not being able to find such a basic software, and wasting half an hour searching. Will this version of macOS server for Monterey permit to manage: bootpd, natpmpd, paquet filter. My core problem is to set correctly all the security settings around /usr/libexec/InternetSharing and paquet filter ( /etc/pf.anchors ). ( I am working on a firewall able to protect against DDOS with 0 impact. ) For the other services I will be able to manage them through usual open sources servers, just the cc inside Xcode + a few hours of basic work.
Jan ’26
Reply to `cp` ( & friends ) silent loss of extended attributes & file flags
[quote='799318022, DTS Engineer, /thread/761587?answerId=799318022#799318022'] What problem(s) are these missing files actually causing? [/quote] Sorry for the late answer and a lot of unsuccessful work around this problem ( still a blocking one, only on macOS ). Thank you for your nice answer. It's now very difficult to make a perfect copy, of a macOS core filesystem. One on which it would be possible to restart in case of a failure within less than a few minutes, i.e. a clone copy.
Topic: App & System Services SubTopic: Core OS Tags:
Jan ’26
Reply to What explains the APFS sibling volumes architecture ( / & Data )
[quote='798802022, DTS Engineer, /thread/761331?answerId=798802022#798802022'] The "/" volume should include NO user information AT ALL and, ideal, should minimize any kind of "configuration specific" data. [/quote] This is perfectly achieved with a simple directory /var inside / volume (RO ) and a bucket of symbolinc links ( the traditionnal one ) pointing to directories inside the var volume ( RW ) mounted on /var, as exposed in my OQ. As a concrete example, there is a need to clearly separate system applications ( RO ) and user installed applications ( RW ), this is achieved throught the use of 2 different clearly distinct directories and one preconfigured symbolic link inside / ( RO ⇒ non modifiable ): User visible path real path to volume ------------------------------------------------ /Applications /Applications / /local/Applications /var/Applications /var And that's all folks! Thus my OQ stands: why didn't Apple choose such a basic, simple and efficient construct with just 2 basic volumes? Real life teach us everyday that complexity is one of the biggest enemy of performance and security.
Topic: App & System Services SubTopic: Core OS Tags:
Aug ’24
Reply to I am getting wifi error -3905, what does this mean?
This is neither a user, nor a developer issue. This is a kernel issue. I am working on this one, and I would like to understand it. Back to the initial question, where is documented the error code -3905? I got it repeatedly in an environment of work after about 6 days of full load of the Wi-Fi network with 4 clients moving. Here is the typical track I get once the network is unusable for everyone end Wi-Fi Logging turned to on on one of the client Mac. Notably, iPhones and another Mac cannot reach anymore the network once this error appear. Sun May 22 10:45:37.994 Driver Event: <airportd[246]> _bsd_80211_event_callback: APPLE80211_M_ROAM_START (en0) Sun May 22 10:45:37.994 Info: <airportd[246]> Roaming started on interface en0 Sun May 22 10:45:37.994 Info: <airportd[246]> PRIORITY LOCK ADDED [client=airportd, type=4, interface=en0, priority=5] Sun May 22 10:45:37.995 Info: <airportd[246]> SUSPEND AWDL for interface en0, timeout=10.0s, reason=Roam, token=166 Sun May 22 10:45:37.995 Info: <airportd[246]> RESUME AWDL for interface en0, reason=Roam token=165 Sun May 22 10:45:37.995 Roam: <airportd[246]> Unschedule roam RSN handshake timeout, received ROAM_START Sun May 22 10:45:41.106 Info: <airportd[246]> PRIORITY LOCK REMOVED [client=airportd, type=4, interface=en0, priority=7] Sun May 22 10:45:41.106 Info: <airportd[246]> RESUME AWDL AFTER TIMEOUT for interface en0, timeout=10.0s, reason=Assoc token=163 Sun May 22 10:45:42.056 Info: <airportd[246]> RESUME AWDL AFTER TIMEOUT for interface en0, timeout=10.0s, reason=Assoc token=164 Sun May 22 10:45:42.513 Driver Event: <airportd[246]> _bsd_80211_event_callback: SCAN_CACHE_UPDATED (en0) Sun May 22 10:45:42.539 <kernel> en0: Terminating supplicant. Sun May 22 10:45:42.539 <kernel> RSNSupplicant: Releasing authenticator for 00:00:00:00:00:00 Sun May 22 10:45:42.540 Assoc: <airportd[246]> <en0> Auto-join association timed out on network ••••• ••• , returned error code -3905 ***** Sun May 22 10:45:42.540 Info: <airportd[246]> Failed to associate to Wi-Fi network ••••• ••• on interface en0, returned error code -3905 *****
May ’22
Reply to Shared file access location with write permission for all users on Mac
Why wouldn't you create such a folder: /Library/Application Support/application_name like this: _App_dir_name="/Library/Application Support/application_name" /usr/bin/sudo mkdir ${_App_dir_name} /usr/bin/sudo chmod 2766 ${_App_dir_name} This is the way many application are managing their globally used files. Look for example at: /Library/Application Support/Apple/Photos/Print Products
Topic: App & System Services SubTopic: Core OS Tags:
Aug ’21
Reply to How to modify the launchctl config to start Postfix?
In fact the solution was much easier than I thought. I had to fully disable the "System" starting of the 2 postfix related daemons: launchctl disable system/com.apple.postfix.master launchctl disable system/com.apple.postfix.newaliases And check it is correctly registered as disabled: launchctl print-disabled system And finally create my own one inside: /Library/LaunchDaemons which is: org.postfix.master.plist containing: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>org.postfix.master</string> <key>Program</key> <string>/usr/libexec/postfix/master</string> <key>ProgramArguments</key> <array> <string>master</string> </array> <key>QueueDirectories</key> <array> <string>/Library/Server/Mail/Data/spool/maildrop</string> </array> <key>AbandonProcessGroup</key> <true/> <key>KeepAlive</key> <true/> <key>RunAtLoad</key> <true/> </dict> </plist>
Topic: App & System Services SubTopic: Core OS Tags:
Replies
Boosts
Views
Activity
3w
Reply to `cp` ( & friends ) silent loss of extended attributes & file flags
[quote='873105022, DTS Engineer, /thread/761587?answerId=873105022#873105022'] I don't know what your specific needs/requirements are here… [/quote] I am a system engineer on Unixes and a security expert. Most of my work is not in my home directory, but in the configuration of macOS so as to conform to a validation process in term of quality and security. This work represent from one to three weeks of configuration testing and validation ( network accesses, servers configuration, encryption, encryption problems recovery… ) for each update or upgrade of any OS. This is the most valuable part of my work. Then this is the part I am routinely backuping on any OS I had the luck to work on since 40 years ( I started on Unix on Cray 1 ). The usual method I professionally validated is a complete clone copy of the / FS, which in case of problem on this FS or on the whole OS, permits an immediate restart of activity with the validated system configuration. Thus avoiding for example a restart of a macOS with a netbiosd server open toward the Internet side of my network ( which could be a total security damage ). One of the tool I used and validated in this process on macOS was the highly known and tested CCC ( aka Carbon Copy Cloner ). I use a very similar shell script based on rsync on other serious Unixes. By serious I mean an OS a good will engineer can secure to a high level easily, and is helped in this task by the architecture of the OS and its admin tools.
Topic: App & System Services SubTopic: Core OS Tags:
Replies
Boosts
Views
Activity
Feb ’26
Reply to How to add new PF rules everytime InternetSharing is started?
The best tool I found and tested thus far is: Murus Sorry, I cannot include the correct URL here ( because of internal security policy ).
Replies
Boosts
Views
Activity
Jan ’26
Reply to Where is macOS server for Sequoia?
Thank you for the information. I understand better why I felt that stupid about not being able to find such a basic software, and wasting half an hour searching. Will this version of macOS server for Monterey permit to manage: bootpd, natpmpd, paquet filter. My core problem is to set correctly all the security settings around /usr/libexec/InternetSharing and paquet filter ( /etc/pf.anchors ). ( I am working on a firewall able to protect against DDOS with 0 impact. ) For the other services I will be able to manage them through usual open sources servers, just the cc inside Xcode + a few hours of basic work.
Replies
Boosts
Views
Activity
Jan ’26
Reply to `cp` ( & friends ) silent loss of extended attributes & file flags
[quote='799318022, DTS Engineer, /thread/761587?answerId=799318022#799318022'] What problem(s) are these missing files actually causing? [/quote] Sorry for the late answer and a lot of unsuccessful work around this problem ( still a blocking one, only on macOS ). Thank you for your nice answer. It's now very difficult to make a perfect copy, of a macOS core filesystem. One on which it would be possible to restart in case of a failure within less than a few minutes, i.e. a clone copy.
Topic: App & System Services SubTopic: Core OS Tags:
Replies
Boosts
Views
Activity
Jan ’26
Reply to What explains the APFS sibling volumes architecture ( / & Data )
[quote='798802022, DTS Engineer, /thread/761331?answerId=798802022#798802022'] The "/" volume should include NO user information AT ALL and, ideal, should minimize any kind of "configuration specific" data. [/quote] This is perfectly achieved with a simple directory /var inside / volume (RO ) and a bucket of symbolinc links ( the traditionnal one ) pointing to directories inside the var volume ( RW ) mounted on /var, as exposed in my OQ. As a concrete example, there is a need to clearly separate system applications ( RO ) and user installed applications ( RW ), this is achieved throught the use of 2 different clearly distinct directories and one preconfigured symbolic link inside / ( RO ⇒ non modifiable ): User visible path real path to volume ------------------------------------------------ /Applications /Applications / /local/Applications /var/Applications /var And that's all folks! Thus my OQ stands: why didn't Apple choose such a basic, simple and efficient construct with just 2 basic volumes? Real life teach us everyday that complexity is one of the biggest enemy of performance and security.
Topic: App & System Services SubTopic: Core OS Tags:
Replies
Boosts
Views
Activity
Aug ’24
Reply to I am getting wifi error -3905, what does this mean?
This is neither a user, nor a developer issue. This is a kernel issue. I am working on this one, and I would like to understand it. Back to the initial question, where is documented the error code -3905? I got it repeatedly in an environment of work after about 6 days of full load of the Wi-Fi network with 4 clients moving. Here is the typical track I get once the network is unusable for everyone end Wi-Fi Logging turned to on on one of the client Mac. Notably, iPhones and another Mac cannot reach anymore the network once this error appear. Sun May 22 10:45:37.994 Driver Event: <airportd[246]> _bsd_80211_event_callback: APPLE80211_M_ROAM_START (en0) Sun May 22 10:45:37.994 Info: <airportd[246]> Roaming started on interface en0 Sun May 22 10:45:37.994 Info: <airportd[246]> PRIORITY LOCK ADDED [client=airportd, type=4, interface=en0, priority=5] Sun May 22 10:45:37.995 Info: <airportd[246]> SUSPEND AWDL for interface en0, timeout=10.0s, reason=Roam, token=166 Sun May 22 10:45:37.995 Info: <airportd[246]> RESUME AWDL for interface en0, reason=Roam token=165 Sun May 22 10:45:37.995 Roam: <airportd[246]> Unschedule roam RSN handshake timeout, received ROAM_START Sun May 22 10:45:41.106 Info: <airportd[246]> PRIORITY LOCK REMOVED [client=airportd, type=4, interface=en0, priority=7] Sun May 22 10:45:41.106 Info: <airportd[246]> RESUME AWDL AFTER TIMEOUT for interface en0, timeout=10.0s, reason=Assoc token=163 Sun May 22 10:45:42.056 Info: <airportd[246]> RESUME AWDL AFTER TIMEOUT for interface en0, timeout=10.0s, reason=Assoc token=164 Sun May 22 10:45:42.513 Driver Event: <airportd[246]> _bsd_80211_event_callback: SCAN_CACHE_UPDATED (en0) Sun May 22 10:45:42.539 <kernel> en0: Terminating supplicant. Sun May 22 10:45:42.539 <kernel> RSNSupplicant: Releasing authenticator for 00:00:00:00:00:00 Sun May 22 10:45:42.540 Assoc: <airportd[246]> <en0> Auto-join association timed out on network ••••• ••• , returned error code -3905 ***** Sun May 22 10:45:42.540 Info: <airportd[246]> Failed to associate to Wi-Fi network ••••• ••• on interface en0, returned error code -3905 *****
Replies
Boosts
Views
Activity
May ’22
Reply to How to debug "The application Preview is not open anymore"?
[empty answer to replace the missing function: delete answer.]
Topic: App & System Services SubTopic: Core OS Tags:
Replies
Boosts
Views
Activity
Aug ’21
Reply to How to debug "The application Preview is not open anymore"?
What is highly strange is that this function LSOpenURLsWithRole is marked as deprecated ending on version 10.10 ( Yosemite ) developer LSOpenURLsWithRole documentation How is it possible that the application Preview.app might use it on a version of MacOS which is the 10.13 ( High Sierra: because this is the one on which the incident is under debugging )?
Topic: App & System Services SubTopic: Core OS Tags:
Replies
Boosts
Views
Activity
Aug ’21
Reply to Many "orphan omap mappings found" after 3rd party app crash - way to repair?
I advise you to run Disk Utility in recovery mode. Thus there will be one uniq process running on your disk. It is safer and faster.
Topic: App & System Services SubTopic: Core OS Tags:
Replies
Boosts
Views
Activity
Aug ’21
Reply to Shared file access location with write permission for all users on Mac
Why wouldn't you create such a folder: /Library/Application Support/application_name like this: _App_dir_name="/Library/Application Support/application_name" /usr/bin/sudo mkdir ${_App_dir_name} /usr/bin/sudo chmod 2766 ${_App_dir_name} This is the way many application are managing their globally used files. Look for example at: /Library/Application Support/Apple/Photos/Print Products
Topic: App & System Services SubTopic: Core OS Tags:
Replies
Boosts
Views
Activity
Aug ’21