Tag: osx

Apple posted their new TV spots on their website, including the one regarding Mac's immunity to viruses.

Thought I'd post a couple corrections to my previous post.

First, Mac Guy isn't wearing a suit, he's just a laid back dude. Second, if you pay attention to the verbeage, you'll note that it doesn't actually claim immunity - it just points out that there were over 114,000 viruses for PC last year, not mac, and that Mac Guy won't catch PC Guy's virus. While this is probably true, I still stand by my original opinion that this was a horrendous move on Apple's part. The TV spot is clearly designed to hype OS X's immunity to such ailments, and that's going to come back to bite them in the ass as soon as someone releases something into the wild that makes you lose your data.

Using a Mac doesn't make your data secure. It probably makes it more secure than it would be on a Windows box - simply due to differing architectures and out of the box configurations - but regardless of your platform of choice, you must be aware of the threats and be proactive about them in order to avoid problems later.

They have a few more commercials, most of which are pretty funny - in particular the one about restarting. In the years I've been using a Mac, I've only ever had to restart one due to a crash about a half-dozen times. Many of those crashes were caused by me overrunning a graphics buffer while doing poorly thought out work in my Computer Graphics course back in the day, and only maybe two due to unexplainable circumstances.

It's worth noting further than when the Mac does crash, it does so in a manner that does not terrify... a simple message is displayed with a transparent background stating that something unexpected happened, and you must restart your computer; whereas Windows prompts you with the BSoD filled with hex code, memory addresses, and other data that might be relevant to the crash, but which no user would ever find informative.

I was mortified last night on behalf of the tech-savvy Apple user community. Much to my horror, I actually saw a commercial on TV for Mac and OS X starring two two men in business suits, one of whom represented Mac and the other PC (anyone else find Anthropomorphism humorous?); PC man was afflicted by a common cold. Mac man touts his prowess as being generally immune to such viruses.

Now, as a Mac user of several years and counting, I've never encountered a computer virus. However, with the media and tech communities all abuzz with proof-of-concept viruses, and making statements that Apple has been lax in implementing appropriate measures to ensure their OS is virus free, running a 30 second commercial proclaiming your immunity is the dumbest thing you can do.

Apple's OS X is, in my opinion, generally more secure than Windows in an out-of-box configuration simply because of it's roots in the BSD world. However, no operating system or computer installation could ever be immune to viruses. The simple fact of the matter is if you don't want to get a computer virus, you must take the following precautions:

• Never connect your computer to the internet.
• Never insert media into your computer from a third party.
• Never allow a computer that has ever violated either of these rules to be networked to your computer in any way.

Further, I'd like to point out that many viruses in the world take advantage of flaws in the software you run on top of your operating system - not the operating system itself. Therefore, even if it were valid to state that an operating system is entirely immune, it's still a completely meaningless statement! We all run software on our computers, and virtually every piece of software you run will expose some level of security threat to your computer.

What Apple needs to do is step down from their high horse and openly admit what the tech community already knows; no computer is safe. OS X tends to be safer for a variety of reasons, the most significant being lack of interest in attacking the platform. With the ever growing popularity of OS X, though, that level of interest in the malware community is going, and will continue, to grow... attacks will be made, viruses written, and our computers will be compromised... OS X, Windows or otherwise.

It's also worth noting that in all the time I've used Mac OS X and not gotten a virus, I've also been using PC's running either Linux or Windows and have never been comprimised on those platforms either. It's all about taking good precautions, running virus scanning software, sitting behind a firewall (built into most network routers you can pick up at the local Best Buy, Office Max, Staples, etc), and updating your software with the latest security patches.

So to close, I repeat, someone should be fired for approving that ad. It was a terrible idea, and will only further peak the interest of those who now wish to do harm to the platform that's touted as immune among the naive.

This guide will walk you through installing Apache2 and SVN using Fink on OS X 10.4. You should be able to follow the same instructions for 10.3; however, there is not currently a stable release of SVN in the fink repository for OS X 10.2 and earlier.

Fink is a package management system for OS X based on Debian Linux's apt-get system. Since it compiles packages from source, you'll need to have Apple's Developer Tools installed. The latest version of the developer tools will install the necessary compilers - GCC 4.0 and GCC 3.3.

Installation

Fink

You can download Fink at fink.sourceforge.net. Currently, the latest stable release is 0.8.0 for OS X 10.4, 0.7.2 for OS X 10.3 and 0.6.4 for OS X 10.2. You should download the latest available stable release for your platform.

Once you've installed Fink you should update it. Open a Terminal window and run:

sudo fink self-update

This will cause Fink to check for updates to itself, as well as download the latest package information. You may be asked to provide information about how Fink should be configured, and in most circumstances you'll be fine to just accept the defaults.

Apache2

We'll install Apache 2 with SSL support first. This will allow us to configure Subversion to work through secure http connections.

sudo fink install apache2-ssl

You'll be prompted by Fink to satisfy a virtual dependency:

fink needs help picking an alternative to satisfy a virtual dependency. The candidates:
(1)     apache2-ssl-mpm-worker: Apache2 Server Binary - [MPM WORKER]
(2)     apache2-ssl-mpm-perchild: Apache2 Server Binary - [MPM PERCHILD *EXPERIMENTAL*]
(3)     apache2-ssl-mpm-prefork: Apache2 Server Binary - [MPM PREFORK]
(4)     apache2-ssl-mpm-leader: Apache2 Server Binary - [MPM LEADER *EXPERIMENTAL*]
(5)     apache2-ssl-mpm-threadpool: Apache2 Server Binary - [MPM THREADPOOL *EXPERIMENTAL*]

Unless you have a preference in mind already, choose the default (1) to install MPM Worker. You may be prompted again to satisfy a second dependency:

fink needs help picking an alternative to satisfy a virtual dependency. The candidates:
(1)     db43-ssl: Berkeley DB embedded database
(2)     db43: Berkeley DB embedded database - non crypto

And again, unless you have a preference in mind, choose the default.

Fink will prompt you with the list of dependant packages that will be installed, simply press enter to accept, and let Fink work its magic.

Next we'll install the mod_ssl module for Apache2, by executing:

sudo fink install libapache2-ssl-mod-ssl

When it's done, you'll be able to start Apache2 by executing:

/sw/sbin/apachectl start

And stop it using:

/sw/sbin/apachectl stop

Subversion

Installing Subversion with Fink is equally simple. svn-ssl installs the SVN server utilities, and svn-client installs the SVN client software; we'll install the SSL enabled versions of both these packages.

sudo fink install svn-ssl
sudo fink install svn-client-ssl

If you're prompted to satisfy dependencies, the defaults will usually do. Simply sit back and and let Fink work its magic.

WebDAV

The final package we'll install is libapache2-ssl-mod-svn which enables serving respositories using WebDAV.

sudo fink install libapache2-ssl-mod-svn

Configuration

SSL

Now that we have everything installed, we'll configure Apache2 for SSL support. Most of the work has already been done for us by Fink, but we still need to create and install our own self signed RSA certificate. See my guide to creating an apache2 SSL certificate to create a private key file and self signed public key certificate, and then do the following to install it into Apache2:

sudo mkdir /sw/etc/apache2/ssl.key
sudo mkdir /sw/etc/apache2/ssl.crt 
sudo cp ~/server.key /sw/etc/apache2/ssl.key/
sudo cp ~/server.crt /sw/etc/apache2/ssl.crt/

chmod 0400 /sw/etc/apache2/ssl.key/server.key
chmod 0400 /sw/etc/apache2/ssl.crt/server.crt

Now, when you start Apache, you'll be prompted for your private key's password; this is because it is encrypted for security reasons. This can be a nuissance, but it's recommended that you keep it this way. If you decide not to, however, here's the steps to decrypt it so you're not prompted anymore:

cd /sw/etc/apache2/ssl.key
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key

Creating SVN Repositories

Choose a location on your hard drive under which all your SVN repositories will reside. I'll use /opt/repositories, but the location really doesn't matter. We'll create a new "test" repository in this directory:

mkdir /opt/repositories/
mkdir /opt/repositories/test

svnadmin create /opt/repsitories/test

I like to set the file system permissions on it such that only Apache2 can write to it:

sudo chown -R www /opt/repositories/test
sudo chmod -R 0700 /opt/repositories/test

You should substitute the name of the user you run Apache2 as for "www".

WebDAV Access and Authentication

Finally, we'll enable WebDAV access to your SVN repository in Apache and set up user authentication. Add the following to your /sw/etc/apache2/ssl.conf file:

<Location /svn>
        DAV svn
        SVNParentPath /opt/repositories

        AuthType BASIC
        AuthName "Subversion Repository"
        AuthUserFile /sw/etc/apache2/svn-auth-file

        Require valid-user
</Location>

We'll then create the /sw/etc/apache2/svn-auth-file using htpasswd. You'll use this file to maintain the list of users and passwords that can access your repositories.

sudo htpasswd -cm /sw/etc/apache2/svn-auth-file 

This will create a new user file and add the specified user to it. You can use htpasswd to add, remove and edit users from this file as you see fit.

Conclusion

You'll now have a secure SVN server accessible through Apache2 using WebDAV.