Consultant’s Canary 2.7

Everybody lies...

The first thing you usually ask a person who’s complaining about their computer’s performance is “have you installed anything new recently?” The answer you receive is almost always “no,” even if their dock and menu bar are both overrun with colorful, continuously animating icons you know do not belong.

Like System Profiler, only useful...

Consultant’s Canary is a handy Python script which will ferret out much of the aftermarket malware (including app-specific QuickLook and Spotlight plugins!) which might plague a user's otherwise healthy system, saving you the trouble of having to ask the question in the first place. It doesn’t do anything to the filesystem since the heterogenous pedigree of OS X's hardware drivers make false positives rather common, but just getting a list of every potentially suspicious looking piece of code on a user’s machine can still save you hours of boring re-installation work and make you look smarter than you really are in the process. Sadly, it cannot make you look thinner or less bald, but one out of three ain’t bad.

Requires Leopard and Python 2.5. Run as superuser for maximum resultitude.

Consultant's Canary is free for everyone in the world except Apple employees and members of the Apple Consultant's Network. Licenses for commercial use are available at the rate of $500.00 per year. If this business model sounds ridiculous to you please remember that this script is chock full of "trade secrets" you could never hope to understand and therefore worth every penny.

Click here to purchase.

Download Now

nsho

This script performs a very basic BIND security audit by way of dig—which popular tools such as those located at the now highly commercialized dnsreport.com do not—testing for display of potentially exploitable version information and willingness to participate in anonymous zone transfer requests. Cricket Liu's vastly superior DNS Advisor does perform these checks, but using the free web-based version involves a lot of typing, clicking and waiting, and the standalone version only runs on Windows. Plus they spam you incessantly if you give them a real email address. Boo for Liu.

Just pass nsho your domain name and enjoy the lack of ads as you take a look at all the juicy information your nameservers are actively whoring out to the world.

Download Now

Look Who's Talking

A tiny little shell script which makes the multi-step process of tracing active network ports back to the on-disk binaries that opened them fast and easy. OK, it's actually not that fast since lsof is slower than frozen molasses traveling uphill, but it is easy, and it might just root out an undesirable little chatterbox lurking in the background.

Run with super user privileges for best results.

Download Now

Python AIM Status Module

A very basic Python module which makes getting a user’s AIM status a thought-free affair. It offers three separate methods which return varying degrees of information:

• fullstatus(username, presencekey, keys=tuple())
  
  Pass a list of keys you’re interested in obtaining status information on, or leave it blank to get the raw JSON data back from AOL.
• basicstatus(username, presencekey)
  
  Returns only basic status information such as online or offline.
• shortstatus(username, presencekey)
  
  Returns even more basic status information in two bytes or less. Ideal for use by AJAX pollers which check status frequently and waste precious bandwidth in doing so. 1 means online, 0 means offline and -1 means away or idle.

Obviously you’ll need to get a valid presence key from AOL directly before any of them will work.

Download Now

DOM Throbber

After spending a great deal of time attempting to implement a flicker-free Aqua style throbbing UI element in both the script.aculo.us and mootools frameworks it became obvious that neither products’ developers really wanted anyone to do this. Add to that the fact that they both introduce ridiculous amounts of bloat, doing it yourself becomes a no-brainer.

A brief summary of my Throbber class’ configuration options, all of which are optional and most can be specified at either instantiation or runtime.

• frameDelay: Milliseconds between frames. Defaults to 30.
• frequency: Cosine oscillation frequency. Defaults to 3.
• sampleRate: Number of sample points per wave period. Defaults to 15; higher rates are usually overkill.
• origOpacity: Initial element opacity. Defaults to whatever's current at the start of oscillation.
• targetOpacity: The opacity level the oscillation should stop at. Defaults to whatever's current at the start of oscillation.
• maxOpacity: The highest level of opacity the element should be drawn at during oscillation. Defaults to 100%.
• minOpacity: The lowest level of opacity the element should be drawn at during oscillation. Defaults to 0%.
• limit: Total number of cycles. 0 will yield infinite oscillation.
• stillborn: Set to true on instantiation if you want to start the throb manually in response to a DOM or AJAX event.

Download Now

CrapWAP

If you're anything like me, you've got a crappy old Bluetoothless cell phone, but you still want to deck it out with a bunch of jiggly movies and Gary Numan ringtones without giving your number to some unscrupulous fellows who think that this should cost you $5 per file. CrapWAP is a tiny little PHP script and .htaccess file which you can unzip on your web server and instantly create a cell phone browsable list of folders and files for download. There's nothing to configure (unless you want to), and you pay only for the data transfer according to your plan's rates.

Yes, there's a million scripts out there that do this, but I'll be darned if I could find one that wasn't written by a 12 year old and full of serious security holes. My little "me too" version requires nothing but PCRE support and I think it's fairly safe, but I'd definitely recommend a thorough audit before deploying it for anything other than light personal use.

Download Now

Seagate Date Code Calculator

Morphology... Longevity... Incept dates... It’s a shame no futuristic law enforcement agency actively “retires” crappy hard drives.

KHI Root Cert

Primarily of interest to KHI hosting clients who want to use our SSL/TLS enabled mail server, this certificate installer will make secure communications with all KHI network services a virtually hands-free affair. No mucking around with obscure keychain settings, just a simple standard installer package.

NOTE: Some stupid Mac blog sites are linking to this package just because they compulsively link to everything they come across. Make no mistake, this particular utility will do ABSOLUTELY NOTHING for you if you are not currently a KHI client. It won't hurt anything, either, but seriously, why bother?

Download Now

KHI Mud Surgeon

A set of continuously evolving and completely undocumented Photoshop® actions I've developed (i.e. pieced together from various sources and experimentation) over the years which I use to make muddy shots suck less non-destructively. Actions include:

• Intelligent edge masking
• Saturation masking
• Tone masking
• Selective contrast boost
• Texture brushes
• Velvia Voodoo
• More sharpening methods than you can shake a stick at

This is not a simple pushbutton solution however, so if you're not a hardcore DIY type who likes feel of dirt under your nails you should probably just play it safe and go throw some money at Fred Miranda or something instead. He makes good training wheels.

Download Now

Dominion Day TextMate Theme

It’s no secret that your average computer nerd can barely dress himself let alone put together a harmonious color scheme, and as such, looking at the vast majority of the TextMate themes available for download—like looking at your average computer nerd—has a tendency to make your eyes bleed fire. A neon color here, an unnecessary italic there, and pretty soon every letter on the screen is screaming for your attention so loudly that you just reflexively tune them all out and reach for the Advil.

In keeping with the regal purpleness of the TextMate brand identity, I crafted this theme to draw the user’s eye to the things that I feel are most important while allowing other elements to fall into the background. It’s a little too dark for most laptop monitors, but I think it looks just peachy on a properly calibrated display (that means an accurate D65 whitepoint and 2.2 [or L*/CIECAM] gamma for those keeping score) and it’s been fairly well tuned for HTML, CSS, PHP, JavaScript, Ruby and Python.

Download Now

Python Language Bundle

TextMate is fun, but nobody who works on the thing uses Python, so its support in this department is notably lacking. In the interest of providing more meaningful syntax highlighting, I hot-rodded the stock Python bundle with the following changes:

• Removed the bizarre dotted-name definition which interfered with more things than you could ever want to shake a stick at.
• Removed classmethod and staticmethod from the list of "support" keywords so that they correctly show up as function decorators when used as such.
• Added self and cls to the list of language keywords (yes, I know that they aren't actually keywords, but it looks better.
• Removed all code-folding markers. They don't work because regular expressions don't work as language parsers. Period. Stop wasting time trying, guys.
• Greatly simplified meta.function-call.python so that it correctly matches actual function calls and not the entire accessor path plus parentheses.
• Fixed automatic block commenting so it no longer screws up your code's indentation. This is kinda important since Python blocks are defined by friggin' indentation.

Maybe you'll like these modifications, maybe you won't. I personally think it makes Python code look better, especially when used in conjunction with my deep purple-y theme Dominion Day which colors all these things in real purdy like.

Download Now

DelayedAckHack

10.5.2 breaks a lot of things in the stupidest way imaginable, but I believe its most annoying anti-feature is the manner in which it slows and/or stops AFP LAN traffic on Intel machines for no apparent reason. It was reported on the once-relevant MacFixit that issuing the following command:

sysctl -w net.inet.tcp.delayed_ack=0

solved this issue for many people, but who wants to type that in every time they login?

I put together a little installer that will utilize the power of launchd to run this command on your behalf automatically. Whether or not it actually fixes anything for you is something of a crapshoot, but it's worth a shot. Just remember to pull it out of /Library/LaunchDaemons if and when Apple fixes their flaky auto-tuning TCP nonsense. Until then, the only response you'll get out of them is "file a bug report."

Download Now