OS X 10.8 App Installation and Gatekeeper

OS X 10.8 Mountain Lion is here with us and so is a new security feature called Gatekeeper, which allows a user to only install applications that came from Mac App Store or from sources that have a certificate from Apple.

Gatekeeper options can be displayed by heading over to Settings > Security and Privacy

App Store is great but not so much for Enterprise as it is not realistic to expect in-house developed code to go through Apple every time. So, Developers who signed up with Apple get a Developer ID Certificate that can be used to sign the installation packages. Details of this process are explained here on the Official Apple pages and also here on 'unreleased notes' in layman terms.

If an application is not signed and is not available in the App Store, then Gatekeeper 'may' get in the way in its default form (Mac App Store + identified developers) but there are 'gotchas'.

Should I disable Gatekeeper?
You may be tempted to select 'Anywhere' option in Gatekeeper to avoid the hassle but consider this
Gatekeeper will "only" block the installation of applications downloaded from web.

You will still be allowed the installation of unsigned, non-flat packages:

  • if you already have a package repository on a network or USB etc. and copying from there
  • if you use tools like curl that does not set 'quarantine' flag (see below)
  • if you control click and choose open in Finder.
  • If you launch Installer App (`sudo /System/Library/CoreServices/`) and browse to the downloaded application
  • If you use command line as in `sudo installer -pkg /path/to/package -target /`
So, there are plenty of ways to let Gatekeeper work for you without disabling it.

Quarantine attribute on Downloaded Applications:
When you download any install package from Web with, let's say, Safari, a hidden '' attribute will be added to it.  You can use `ls -l@` to display those attributes. When you try to install such files, Gatekeeper will block the application!

You can use the following command to remove the quarantine attribute:
'xattr -d -r /path/to/downloaded/package'

This will stop the prompts that tells you what you may already know: "ApplicationName" is from an unidentified developer. Are you sure you want to open it?


Must watch this!

I had a blog post about time-less articles that I came across on Internet. TED is full of incredibly powerful speeches. Today, I watched some of them and decided to post the links here. This post will serve as a place holder for future video links.

Jill Bolte Taylor talks about 'brain'. It's very moving and enlightning

Alain de Botton talks about 'success'. What we mean by it now and realities of western-life

Alain de Bottom discusses shortcomings of secular life and what it can borrow from religion


Using Mac as the primary machine and fixing Synergy

I had this zen moment the other day, and realized that there is very little reason that's keeping me from using a Mac as my primary machine right now. Although I had my mac up on the second monitor, I realized that I was using it less, as it was not connected to my primary screen.

So, I swapped my Mac and PC. Now, my mac is connected solely to the primary screen in front of me (Samsung SyncMaster 245BW at 1980x1200) with a displayPort to DVI adapter. Unfortunately, that meant that my PC had to be connected using a VGA as that was the only other input. 

My PC is also connected to the 20" ViewSonic VP2030b (1600x1200) on my right via DVI.  I have dual ATI Radeon HD 5700 in CrossFire setup (4xDVI out), so I would like to get a monitor that supports dual DVI input but there does not seem to be many options out there that I like. In fact, I like Dell UltraSharp U2412 the most at this point but still trying to decide.

Anyway,  I did not want to use multiple keyboards and mouses anymore, so I wanted to try the latest version of Synergy (v1.4.9 as of this writing). I used Synergy at work on 10.7 for some time but quickly had to give up on it when I upgraded one of my Macs to 10.8. 

I set it up so that My Windows 7 x64 would be the 'server' and Mac OS X 10.8 Mountain Lion as the 'client'. Setting it up is not really difficult, there is a single synergy.conf file that has to be common to both client and server (see mine below). 

The biggest trouble was that back and forward buttons of my mouse stopped working on Mac side. That was really annoying when browsing web sites and after some google'ing I found out that this was an issue that has been experienced by several others.

Some posts in that google code link put me into the right direction and after some trial and error, I figured out that using 'Windows + [' key was like hitting back button key, and 'Windows + ]' key was acting as forward key.

I solved the problem by mapping mousebutton(4) to keystroke(Meta+BracketL) and mouse(button5) to keystroke(Meta+BracketR). The whole config file is shown below:

section: screens
                halfDuplexCapsLock = false
                halfDuplexNumLock = false
                halfDuplexScrollLock = false
                xtestIsXineramaUnaware = false
                switchCorners = none
                switchCornerSize = 0
                halfDuplexCapsLock = false
                halfDuplexNumLock = false
                halfDuplexScrollLock = false
                xtestIsXineramaUnaware = false
                switchCorners = none
                switchCornerSize = 0

section: aliases

section: links
                right = AHMac
                left = AHPC

section: options
        relativeMouseMoves = false
        screenSaverSync = false
        win32KeepForeground = true
        switchCorners = none
        switchCornerSize = 0


There be dragons

Here is a good one... I happened to be checking one of my yahoo addresses which I rarely use and noticed the following message from 'Blizzard'.

Language is off. You can tell from the first sentence that message is suspicious. Plus, I had never given my yahoo address to Blizzard, so clearly this was a scam. If you hover over the first link, it really points to the Blizzard but the second one was pointing a phishing site they want the person to go. Chrome actually recognizes the site as warns you about it.

Here is the lesson: NEVER click any link without checking the actual URL it's pointing to by looking at the status bar.


We have already noted that you are trying to sell your personal World of Warcraft account (s). 
Terms of Use 

It will be ongoing for further investigation by Blizzard Entertainment's employees. 
If you wish to not get your account suspended you should immediately verify your account ownership. You must complete the steps below to secure the account and your computer. 

We now provide a secure website for you to verify that you have taken the appropriate steps to secure the account, your computer, and your email address. Please go to this site and follow the instructions: (points to the site in the picture. Link removed)

We will contact you with further instructions once we have received and processed your submission. If you do not receive a reply within 48 hours of submitting this form, please resend it from the address listed above. 

Please be aware that if unauthorized access to this account, it may lead to further action against the account. 


Game Master Dunarthra 
Customer Services 
Blizzard Entertainment

Update: I actually saw at least 5 different variations in my e-mail box all trying to entice me to phishing sites. Some of the subjects are below:
Mists of Pandaria Beta Test Invitation WoW MoP Beta
Mists of Pandaria Beta Test Invitation
World of Warcraft Mount: Heart of the Aspects (lol on this one)

Fixing pepper flash issue(?) on latest chrome

 The latest version of Chrome (v22.0.1221.0 - I am on dev-m channel) causes some playback issues with flash videos on my pc. Top part of the video is cut diagonally and keeps on flickering. Here is the link to my bug report.

Screenshot shows how it looks on my screen.

Possible Cause:
The new 'Pepper Flash', result of collaboration between Adobe and Google is supposed to be more secure. Latest release of Chrome has it set as the default flash player on my Windows 7 machines and it seems to be the cause of this issue.

Until a fix is available, disabling Pepper Flash seems to be an easy solution.
In my case, typing chrome://plugins showed that I had 3 Flash plug-ins:

  • The new Pepper Flash plug-in
  • The built-in Flash plug-in that comes with Chrome
  • And the Flash plug-in installed separately for IE and other browsers. 

Clicking the details on the right side of the screen and checking the "disable" link under Pepper Flash seems to have fixed the issue for me.

Note: I still see the same diagonal line if I hover over a link item on the page that would normally overlay a menu, so I am actually not so convinced that this is a PepperFlash issue as I originally suspected. See Chromium discussions for further details (link above).