Skip to content, skip to search, or skip to navigation

UC Berkeley Astronomy: Mac FAQ

$LastChangedDate:: 2015-02-18#$ $Author: webowner $

Mac OS X and UNIX Related Frequently Asked Questions or Frequently Useful Comments and Knowledge:

  1. Accessing Departmental Printers
    1. Setting duplex printing as the default
  2. What is Mac OS X?
  3. How can I add or update this FAQ?
  4. I'm an astronomer, what can I do with my Mac OS X box?
    1. AIPS Classic
    2. CASA (AIPS++)
    3. IDL
    4. Image Manipulation
    5. IRAF
    6. ISIS
    7. LaTeX
    8. Matlab
    9. MIRIAD
    10. Scisoft OSX
    11. Supermongo
    12. Other FAQ's
  5. Email/
    1. Is there a local Berkeley Astronomy mail list for mac users?
    2. Can I use Mail (
    3. Trouble sending email via SBC Yahoo DSL
    4. Deleting emails from calmail
  6. How do I access journals (library proxy services)?
  7. Other software resources (Open Source/Third Party Payware)
    1. MacPorts
    2. Fink
    3. Academic pricing on Microsoft, Adobe, ... products (TRC)
  8. X Window System on Mac OS X
    1. Using dtmail, xdvi, X Error of failed request: BadAtom (invalid Atom parameter)
    2. Focus follows mouse under X11 and
  9. SSH and Mac OS X/UNIX
    1. OpenSSH and Commercial SSH
    2. OpenSSH Configuration
    3. Creating and Mixing SSH Keys
    4. Restricting Access when using Pass-phraseless Keys
    5. Adding SSH Keys to the Mac OS X Keychain
    6. What is this "scp: warning: Executing scp1." about?
    7. SSH and X11 forwarding
    8. SSH and (Un)Trusted X11 Clients
  10. Copying files/data (local/network)
    1. Mounting Disks to your Mac (Using AFP and SSH tunneling)
    2. Mounting Astro Disks to your Mac (Using Samba)
    3. Mounting Astro Disks to your Mac (Using MacFusion)
    4. Copying Files Using Fugu
    5. Changing your Samba password
    6. Carbon Copy Cloner, Retrospect and others
    7. rdiff-backup
    8. rsync
  11. Mac OS X System and Application Troubleshooting
    1. Check the logs
    2. Freeing up diskspace
    3. Preferences Corruption (plist files, XML)
    4. Repairing Permissions
    5. Removing Cache Files
    6. Boot into safe mode
    7. My disk is failing
  12. Software Development
    1. What's a good C++ Book?
    2. Tools for Optimizing Code
    3. Hand tuned libraries for numerical analysis (Accelerate)
    4. IBM's Fortran compiler (xlf)
    5. (Re)Installing Fortran (g77)
    6. c++filt, no such file or directory
    7. Stack Size and Dynamic Memory Allocation in C/C++/f77/f90
  13. Obtaining and installing Emacs
  14. Managing Spotlight
  15. Automater and GetPath for files in Finder
  16. Mathematica Fonts
  17. Testing your Mac with benchmarks
  18. How do I swap keyboard keys (in software)?
  19. How do I create movies?
  20. Older Macintosh Programs (Mac OS 9, Mac OS X/Classic Environment)
  21. Creating/Annotating postscript figures

  1. What is Mac OS X?
    (freshness: 10/04/05)

    Mac OS X is the trademarked name of a computer operating system or OS. It is usually refered to as Mac (Maaac) OS (aaaah-S) 10 (ten). It is published by Apple Computer and is intended for use on Apple computers. This OS is fundamentally different from previous Mac OS's, in that it is UNIX based and has a different interface.

    Apple computer merged with a company called NeXT Computer in 1997. NeXTSTEP was the operating system written and sold by NeXT Computer since 1989. It is NeXTSTEP from which Mac OS X is derived.

    Mac OS X is based on a flavor of the Berkeley System Distribution (BSD) UNIX system. The specific distribution is called OpenDarwin and is considered to be an Open Source Project. This basically means that anyone can contribute to, or modify and use the base source code that defines the OpenDarwin system.

    However, there are proprietary pieces of Mac OS X that are not open source that include Aqua, Core Image, Core Audio and applications that Apple writes such as Mail, iCal, iTunes, Quicktime and so on...

    The open source parts of Mac OS X share common ancestry with Linux and in some cases are activitly supported and developed by Apple (the GNU compilers and tools, gcc/g++/etc. NeXT Computer added Objective-C support to gcc starting in 1988 and provides general bug fixes that get back into the source base for gcc along with contributing to the general design). These are the same GNU tools that are on Linux and can be installed on Solaris, AIX, etc... This means that Mac OS X is highly compatible with other open source UNIX systems, "out of the box".

    If you are already familiar with UNIX systems and/or you are insanely curious, following are links to more indepth information about the history of Mac OS X and commands that are specific to it:

  2. Also, did you know that the first web browser and server was developed using the NeXTSTEP development tools in 1990 over the span of a few months? Why should you care? Because Mac OS X is the direct decendant of the NeXTSTEP OS and the same development tools are part of Mac OS X and are still as useful today.

  3. How can I add or update this FAQ?
    (freshness: 03/29/07)

    This FAQ is kept in a subversion repository and can be edited by the webmaster and members of the macfaq group. If you do not have access, please forward your requests to webmaster@astro...

    Once you have access, you can check out a copy of the repository via:

    svn co svn+ssh://

    If you have not set up a system to handle ssh key's without having to type in your password for login to, this will require you to enter your password several times. If you're going to interact with the repository via ssh, you may want to explore setting up a pass-phraseless key pair, using ssh-agent or SSHKeychain

  4. I'm an astronomer, what can I do with my Mac OS X box?

    "Back off man, I'm a _Scientist_."

    Here are links and information for Astronomy, signals processing and generally useful related software on Mac OS X.

    1. AIPS Classic
      (freshness: 06/06/05)

      Astronomical Image Processing System (AIPS) can be built/installed on Mac OS X.

      See the NRAO AIPS FAQ for more information about this software project started in 1978.

      Suggested by John Dreher.

    2. CASA (AIPS++)
      (freshness: 06/06/05)

      Common Astronomy Software Applications (CASA) is the child of what was once the AIPS++ code base. This how to on installing CASA currently works for Panther and probably will work on Tiger, so long as you include the gcc 3.3 SDK package from the XCode development folder on your Tiger DVD installation disk. (note: these instructions focus on using MacPorts

    3. IDL
      (freshness: 02/15/08)

      IDL for Mac OS X can be downloaded from ITT Visual Information Solutions (formerly RSI). There are departmental licenses available for use by students, researchers and professors. Contact central@astro to find out more information. Also see the Setting Up Your IDL Environment page. Note: Image display problems resulting in a bus error message can be remedied under OS X 10.5 by installing the IDL 6.4.1 patch to IDL 6.4 for Mac.

    4. Image Manipulation
      (freshness: 08/15/05)

      Adobe Photoshop is free for UCB users thanks to a license agreement. Details at Alternatively, you can choose Gimp (Gimp is also available for Linux).

      A payware version of Gimp is also available.

      Contributed by Franck Marchis, Saurabh Jha

    5. IRAF
      (freshness: 02/15/08)

      Image Reduction and Analysis Facility (IRAF) is the product of a software group supported by the National Optical Astronomy Observatories (NOAO). Follow these IRAF and MacOS X instructions to install it. Alternatively, you can install the Scisoft OS X package, which includes IRAF.

      Mate Adamkovics suggested adding this to the FAQ with the following info:

      I just had to install IRAF to work on a bit of public Deep Impact data, [the install instructions] went smoothly.
      The only trick was that today [July 5th 2005] the NOAO ftp site seems to be sluggish or offline and I used a web mirror.

    6. ISIS
      (freshness: 09/13/05)

      Katey Alatalo wrote to the macusers list:

      Does anyone know if ISIS (Alard's image subtraction procedure) works on Mac OS X? I have tried to install it following the directions provided on the website
      (, with no luck. Thanks a lot!

      And Saurabh Jha followed up with:
      Change short.h to:
      #define short_type unsigned short
      #define swap_flag 0
      #define DATA_TYPE double
      Change the following line in install.csh:
      setenv COPTS -O2
      setenv COPTS "-I/usr/include/malloc -O3"
      and then run ./install.csh

    7. LaTeX
      (freshness: 12/12/07)

      You write papers, you use LaTeX. Here's a list of what people in the department use:

      1. MacTeX - several users now
        The package contains the complete TeX Live 2007 distribution of TeX, Ghostscript, ImageMagick, and the following front end programs : TeXShop, LaTeXiT, BibDesk, Excalibur, and i-Installer. Definitely the easiest way to go!
      2. TeXShop - Jim Gibson
      3. TeX on Mac OS X (using i-Installer) - Darren Croton
        This package has a useful point by point run down of installing and using LaTeX on OSX.
      4. Aquaemacs

    8. Matlab
      (freshness: 02/15/08)

      Astronomy has a matlab license server. Download the Matlab client software from Mathworks and ask central@astro about configuring the license server.

    9. MIRIAD
      (freshness: 06/06/05)

      Instructions for building MIRIAD on Mac OS X.

    10. Scisoft OSX
      (freshness: 02/22/06)

      From the Scisoft main page:

      Scisoft is a project started at the European Southern Observatory. It was created to provide a uniform software distribution of astronomical data reduction and analysis software at all of ESO's observatories. Scisoft OSX, while not an ESO project, is similar in spirit. It is meant to be a quick way to install many of the most used data reduction packages on a new Mac running Mac OSX. The core packages included in Scisoft OSX are IRAF, Pyraf, MIDAS, Python and Python extensions. Scisoft OSX is free and anyone can download it and install it.
      Scisoft OSX - James Graham

    11. Supermongo
      (freshness: 08/29/05)
      These build instructions for Supermongo work on 10.2, 10.3 and 10.4.
      mkdir /usr/local/sm
      cd /usr/local/sm

      Then get a copy of the latest version of sm and unpack it:

      scp username@astron:/apps1/sm/sm2_4_13.tar.gz
      zcat sm2_4_13.tar.gz | tar xvf -

      This will create the directory sm2_4_13. You then enter:

      cd sm2_4_13

      set_opts will ask you several questions and then configure sm for your system. Take the default choice for everything. You'll have to enter: X11 when prompted for what device to use.

      When you are done, edit src/options.h as set_opts warns you to do, deleting the first 7 lines (thus accepting licensing terms) and then enter:

      make install

      A note about 10.4, if you have installed the Apple version of X11, you will need to modify the file src/Makefile, change:

      XLIB11 = -lX11
      XLIB11 = -L/usr/X11R6/lib -lX11
      If instead you have installed the Fink version of X11, you will need:
      XLIB11 = -L/sw/lib -lX11
      Contributed by Dan Plonsey, modified for 10.4 by Colby and Ramach

    12. Other FAQ's

    Question and Answers contributed to by Marshall Perrin, refinements: Colby Gutierrez-Kraybill, Mike Fitzgerald.

  5. Email/

    Email deserves its own section...

    1. Is there a local Berkeley Astronomy mail list for mac users?
      (freshness: 02/27/08)

      Yes. To post to the list, use To subscribe to the list, do the following:

      1. In a web browser, open
      2. Under List Address type: astromacuser and click Search
      3. Enter your email address and other information and click Subscribe

    2. Can I use Mail (
      (freshness: 03/29/07)

      Yes, you can. You can use the department IMAP server or the campus email service called CalMail, or a combination of the two. CalMail has had some problems with filtering spam, although filtering has been recently improved. CalMail's user interface does not permit fine tuning of spam filtering, whereas the department's system does.

    3. Trouble sending email via SBC Yahoo DSL
      (freshness: 09/01/05)

      Macusers list participant Linda Strubbe writes:

      I just solved a problem other people might experience as well so I thought I'd share -- I wasn't able to send outgoing mail from the Mac Mail program when at home using SBC Yahoo DSL. This article explains what the problem is and how to fix it:

      SBC Yahoo apparently filters Port 25 which you need to send email, but you can fill out an online form to opt out of this filtering.

      This is similar to hotels filtering outbound connections on port 25 to prevent spamming. I've caught wind of other ISPs filtering port 25 by default. It turns out that there have been changes to the Simple Mail Transfer Protocol (SMTP, see ESMTP) that make port 25 the server to server only communication port. The correct port for unencrypted transport is now 587 ( used to support using port 587. The CalMail administrators are enforcing the use of encrypted email sending authentication, see Saurabh's message below for more info about switching ports).

      Saurabh Jha adds:

      This is because SBC blocks port 25, which is used to send mail. There are two solutions, one is to change your Mail settings to use a different port that SBC doesn't block. Instructions can be found here:

      It looks slightly outdated because it doesn't have a line for Mail for 10.4, but you should be able to figure out where you change "25" to "465". This method should still let you send email from campus, etc.

      The other solution is to ask SBC to remove the port 25 block on your account. Go to

      and "opt out" or the port 25 block. You will need to reboot your DSL modem after they lift the block (it's automated, you'll get an email.)

    4. Deleting emails from calmail
      (freshness: 07/29/05)

      If you have configured Mail to use Calmail with IMAP, you may notice that when you delete messages, they are not immediately removed, but held by the server with a special "deleted" tag.

      It is possible to configure Mail to store deleted email in a special folder of your chosing (either on the Calmail server or on your local disk and then have this data deleted as it ages.

      To configure this go into Mail, Preferences->Accounts->Mailbox Behaviors. At the bottom of this panel you should see a section for Trash (deleted emails) and what to do with them.

      Brad Hagan also offered this helpful advice:

      I made a rule (Preferences->Rules):

      if (ANY) of the following conditions are met:
      (DATE SENT) (IS GREATER THAN) (20) days old
      Perform the following actions:
      (MOVE MESSAGE) to mailbox: (OLD SENT MESSAGES)

      Where the caps stuff is what I entered/selected. "Old Sent Messages" is a mailbox that I created to reside on my Mac. I think this works fine; be careful that it doesn't conflict with other rules. I had to alter the above a little to make sure that a folder where I keep correspondence between me and my advisor didn't get affected.

  6. How do I access journals (library proxy services)?
    (freshness: 09/01/05)

    Being faculty, staff member, student or visitor means that you have mostly free access to hundreds of websites that normally charge for access. You may access these systems by using the Library Proxy Service.

    Full information about this service can be found on

    ATTENTION: A change on August 25th, 2005, affects how you use the library proxy service. In an effort to stop using SSN numbers as part of library access, the Berkeley library now requires you to use a new way of logging in.

    There are step by step instructions on the Berkeley Library pages for configuring your system to use the proxy.

    If you have a saved username/password in your web browser, you may need to remove it first.

    Colby writes:

    In safari, it should be in the keychain:

    Applications->Utilities->Keychain Access

    Once open, there's a list on the left called "Category" (this is under Tiger and I'm unsure if it's identical in previous versions).

    You should see a Password category, open it, then select Application and then you should see a set of identifiers in the list right. Under that you should find an application password for safari.

    In Firefox (ver 1.0.x), select Preferences->Privacy then open Saved Passwords on the right, click View Saved Passwords.

    Originally Submitted by Louis-Benoit Desroches, Marshall Perrin and Paul Kalas. Changes to login procedures brought to light by Imke de Pater, Franck Marchis and Colby.

  7. Other software resources (Open Source, Third Party Payware)
    (freshness: 06/09/05)

    The links above for astronomical software applications may have already led you to third party software porting efforts such as Fink. Here's a quick run down on these systems, including some best practices and other UNIX commands that are Darwin/Mac OS X specific.

    It is possible to use all of the following software updating systems on your Mac OS X machine, should you find that a mix of their strengths is better for your needs.

    1. MacPorts
      (freshness: 02/15/08)

      Another option is to use MacPorts (formerly known as DarwinPorts). This system was created by the same developers who maintain OpenDarwin. OpenDarwin is the open source UNIX (Darwin) system from which Apple has built Mac OS X. Therefore, packages from the MacPorts system are not quite as disconnected from the main system as Fink packages and libraries tend to be.

    2. Fink
      (freshness: 06/05/05)

      If you are familiar with Linux, you may recognize the term RPM. This tool allows Linux users to pass around pre-compiled binaries (and source code to build into binaries) with relative ease. There is also the Debian GNU/Linux package management tool (apt-get) and is highly popular amongst its users.

      There is a tool similar to the Debian apt-get called Fink that can be used to automatically retreive and compile packages (or download binaries directly if available) for Mac OS X. This has become the de facto standard third-party open source software distribution system for Mac OS X users, but it is by no means the only one.

      I consider it best practice to use the X11 binaries and development environment (required to build other X11 applications) from Apple and to not allow Fink to install its own copy of the X11 environment (it took about a day to compile all of X11 on my 15" 1.25GHz 1GB RAM powerbook). Saurabh Jha says that as long as you have both the X11 environment and the X11 SDK installed from the Apple OS X disc(s), and that you have installed the Fink "virtual" X11 package, Fink should not attempt to (re)compile it (See also: Where's X11 in Panther (10.3), Tiger (10.4), Leopard (10.5)? and Fink's FAQ #3.2 on Apple X11 Binaries)

      Saurabh recommends the following best practices for using Fink:

      Install fink

      Install and Use FinkCommander

      Regularly run "fink selfupdate-rsync" (there are two selfupdate methods, cvs and rsync, the latter seems to be preferred). The selfupdate is important because it will update the list of packages fink/FinkCommander knows about, and will show you which have become outdated, as well as automatically update the core fink packages.

      Install/update packages as necessary. (I don't ususally have great luck with the recommended "fink update-all" step, because it tries to update every outdated package at once and for some reason or another sometimes fails because of lots of mutual dependencies, etc. updating packages one or a few at a time works a lot better).

      Also, in FinkCommander, you can use the Binary installer for a package if it's available (and for Tiger, most of the packages you would like are binary available). There's an issue of trusting the person who compiled that package, but I suspect anything malicious would quickly be found out, so it doesn't bother me, and using the binaries is a lot quicker.

    3. Academic pricing on Microsoft, Adobe, ... products (TRC)
      (freshness: 06/09/05)

      UC Berkeley has licensing agreements with both Adobe and Microsoft so software (the Adobe Productivity Suite and Microsoft Office for Mac Home & Business) are free for download from and Besides Microsoft and Adobe, the UC system has negotiated special academic pricing for these major applications:

      • SQLServer, Access, Exchange, Virtual PC, ...
      • Dantz Retrospect

      This is not a comprehensive list, go to Software Central for more information on ordering.

  8. X Window System on Mac OS X
    (freshness: 06/06/05)

    The X Window System (a.k.a. X11), created at MIT, is available to run on your Mac OS X system. The user interface provided by Apple is called Aqua and is a collection of technologies, not immediately compatible with X11. You may have to install X11 on your own to get the libraries and binaries to use it. As of OS 10.5, X11 is installed by default.

    1. Using dtmail, xdvi, X Error of failed request: BadAtom (invalid Atom parameter)
      (freshness: 02/22/06)

      You see the following when starting dtmail and displaying it on your mac:

      X Error of failed request: BadAtom (invalid Atom parameter)
      Major opcode of failed request: 18 (X_ChangeProperty)
      Atom id in failed request: 0xc4
      Serial number of failed request: 13
      Current serial number in output stream: 14
      And a window pops up that says:

      Mailer: ToolTalk is not initialized. Mailer cannot run without
      Try starting /usr/dt/bin/ttsession

      This means that a program dtmail needs (ttsession) to function is not launching properly on the solaris machine. Apparently, this has to do with a change in OpenSSH 3.8 defaulting all X11 applications to not be "trusted" and therefore running in a more restrictive way. You can get around this by forcing ssh X11 tunneling to run in this trusted mode:

      See: SSH and (Un)Trusted X11 Clients

      You can also get around this by launching ttsession in a special way:

      ttsession -S -c

      This will open another shell, at which point, you can type dtmail and it should launch properly. That is, assuming you have X11 forwarding properly set up. This is one way to avoid defaulting to the FowardX11Trusted mode, a potentially dangerous security hole.

      John Johnson has also pointed out that this occurs with xdvi with the error

      X Error of failed request: BadAtom (invalid Atom parameter)
      Major opcode of failed request: 18 (X_ChangeProperty)
      Atom id in failed request: 0xe2
      Serial number of failed request: 221
      Current serial number in output stream: 223

      This answer prompted and then refined by Paul Kalas and Colby.

    2. Focus follows mouse under X11 and
    3. (freshness: 09/20/05)

      A frequently missed feature, when someone moves from a purely X11 desktop to Apple's Aqua (and X11) desktop, is having input focus follow the mouse pointer.

      You can have this behavior back for all of your X11 windows and for Terminal windows by modifying settings for these applications:

       colby@nadir ~ $ defaults write FocusFollowsMouse -string YES
      colby@nadir ~ $ defaults write wm_ffm true

      Another commonly asked for setting is how to have the first click in in an xterm window to be meaningful in the application clicked:

       colby@nadir ~ $ defaults write wm_click_through -bool true


  9. SSH and Mac OS X/UNIX
    (freshness: 06/06/05)

    Secure SHell is a replacement for telnet. It provides a cryptographically secure network connection to remote hosts. Use of ssh has been expanded to include tunnling of ports (X11 traffic tunneling can be made automatic) and copying of files over a standard ssh channel via scp and sftp. sftp is not a true ftp client (the protocol is different) but retains the name as  it does what it says (Secure File Transfer Program).

    1. OpenSSH and Commercial SSH
      (freshness: 06/06/05)

      There are two major versions of SSH programs in use today.

      • The "commercial" version, written and sold by SSH Communications Security (, free for academic use)
      • The open source version, OpenSSH (

      The ssh program installed on the Solaris and Linux computers maintained by central is the commercial ( derived version. Unfortunately, all Linux distributions and Mac OS X ship with the OpenSSH version. This creates an incompatibility between command-line parameters and ssh keys.

      For example, the command-line parameters for turning X11 forwarding on or off for the commercial version are "+x" and "-x". The parameters for OpenSSH are "-X" and "-x". This can lead to confusion when you are unsure which version of ssh you'll be executing or when you are writing shell programs that may use ssh.

      To determine which version of the ssh program you are using, you can specify the "-V" option on the command-line.

      Commercial SSH (pay no attention to the "non-commercial" part):

       $ ssh -V
      ssh: SSH Secure Shell (non-commercial version)
      on i686-pc-linux-gnu


       $ ssh -V
      OpenSSH_3.8.1p1, OpenSSL 0.9.7b 10 Apr 2003

      Both versions have had security flaws found and fixed. In general, it would be nicer if the Astronomy Solaris and Linux network defaulted to OpenSSH, as this is the default for most unix systems today.

      For more information, see the OpenSSH FAQ and the Wikipedia entry for Public Key Cryptography

    2. OpenSSH Configuration
      (freshness: 09/01/05)

      It's possible to store host specific configuration information for OpenSSH in a file called ~/.ssh/config.


      cipher blowfish
      protocol 2
      ForwardX11 yes
      ForwardX11Trusted yes
      host celestial
      user colby
      identityfile /Users/colby/.ssh/laptop
      host nadir
      user colby
      identityfile /Users/colby/.ssh/laptop
      user colby
      ForwardX11Trusted no
      identityfile /Users/colby/.ssh/cvs-acc-mmarray

      These are from my laptop and show default parameters (cipher, protocol version, Forwarding info) and three host configurations, nadir my desktop Mac OS X box; celestial, a Linux based machine connected to the Astronomy Solaris/Linux network; and, the CVS repository site for the CARMA source tree.

      With these host configurations in place, I can type "ssh nadir" or "ssh celestial" and all of the various parameters will be used to build a connection.

      I can also do CVS updates to my copy of the CARMA source tree using a different identity key that is passwordless, but is only used for my CVS access, and can only be used if I have logged into my laptop (using a local password).

      In particular, you should notice the "identityfile" parameter. One can specify a different identity file (private key) for each host specifier. This allows you to manage separate identity files for accessing various systems. By default, OpenSSH looks only at ~/.ssh/identity for your public key authorization. See the next section for more information about creating and using SSH keys.

    3. Creating and Mixing SSH Keys
      (freshness: 09/01/05)

      It may already be painfully obvious to you that OpenSSH keys are in a different format than Commercial SSH keys. Here's a quick how to on mixing these keys between systems.

      The most likely scenario:

      You want to create a public and private key pair on your Mac and use it when logging into a Solaris/Linux machine running the Commercial SSH in the Astronomy Department.

      Run ssh-keygen on your Mac OS X machine:

      colby@nadir ~/.ssh $ ssh-keygen -f astrokey -t rsa -b 1024
      Generating public/private rsa key pair.
      Enter passphrase (empty for no passphrase):
      Enter same passphrase again:
      Your identification has been saved in astrokey.
      Your public key has been saved in
      The key fingerprint is:
      WARNING: If you do not put in a pass-phrase, this will allow anyone who gains a copy of your private key to use it for access to any machine you've configured to accept your key. Please be careful as the risk is not only to your own personal data, but possibly the personal data and work of others on the Astronomy network.

      There will now be a private key (~/.ssh/astrokey) and a public key (~/.ssh/ The permissions on astrokey should always be unreadable by "other" or "group" (e.g. "-rw-------" or 400 in octal). The is the key you will copy to the remote system (Solaris/Linux) on the Astronomy network. You will first need to convert it into the format the Commercial version of SSH expects or "IETF SECSH" format.

      colby@nadir ~/.ssh $ ssh-keygen -f -e >

      As per the above explanation about the ~/.ssh/config file, create an entry for this new key pair:

      host astro
      user colby
      identityfile /Users/colby/.ssh/astrokey

      Now copy to ~/.ssh2/ on the Solaris/Linux computer. Then, add a key line to the file ~/.ssh2/authorization:

      colby@astron ~/.ssh2 % echo "key" >> authorization

      If the remote host is running OpenSSH, you can take the and add it to ~/.ssh/authorized_keys2 on the remote host.

      Advanced (train spotting) topics:

      It is useful to combine using ssh-agent with keys that have pass phrases. It allows you to initially type in a pass phrase, then for a configurable time period you will not be prompted for the pass phrase again if you try to log into same machine(s) using the same key.

      There is also now a program that integrates SSH keys into the standard Apple Mac OS X Keychain (SSHKeyChain).

    4. Restricting Access when using Pass-phraseless Keys
      (freshness: 07/15/05)

      If you have a pass-phraseless key that you want to use with a remote system running OpenSSH but you would like to restrict access for commands that are run (such as say, running a backup using rdiff-backup):

      Dean Gaudet has written an excellent HOWTO on using restricted command access with OpenSSH and rdiff-backup.

    5. Adding SSH Keys to the Mac OS X Keychain
      (freshness: 09/01/05)

      There is a very useful facility with ssh called ssh-agent. This allowed you, the user, to type in a passphrase for an SSH key, and then not bother you about inputing the passphrase each time you logged back into a remote host (depending on a timeout). However, using ssh-agent is a bit arcane and not easily setup, thus, SSHKeychain was born.

      There is already a Keychain Access utility in Mac OS X, but these are only related to website cryptographic keys. To use SSHKeychain, follow the directions for installing and use here:

      SSHKeychain install

    6. What is this "scp: warning: Executing scp1." about?
      (freshness: 06/06/05)

      As noted above, the Astronomy Solaris and Linux computers default to using the commercial version of ssh. When you attempt to use the OpenSSH version of scp (which is just a copy over an ssh encrypted login) to copy to or from a machine that is running the commercial version of SSH, you will see "scp: warning: Executing scp1." This happens because copying over an ssh channel is not a defined standard and is incompatible between the divergent development efforts of and

      You might see an error after the warning that looks like:

      scp: FATAL: Executing ssh1 in compatibility mode failed (Check that scp1 is in your PATH).

      So, the ssh daemon on the server is attempting to fulfill your copy request by falling back to an older version of scp (scp1) but is unable to find it. You should ask that a copy of scp1 be placed on the target machine so that the scp1 can continue. There is no security risk to this, as the underlying encryption layer will still be based on your uptodate ssh program.

    7. SSH and X11 forwarding
      (freshness: 06/06/05)

      If you wish to run X11 applications on a Solaris or Linux computer on the Astronomy network and have the windows open on your local display, you should use SSH tunneling. This improves the security of your system by only opening up authorization to the specific machine you have ssh'd to and by securing the actual X11 traffic sent on the network.

      You can use the command-line parameter "-X", e.g. "ssh -X hostname".

      By default X11 Forwarding is turned off in the ssh daemon and ssh client on your Mac OS X based computer. The daemon's default is okay, if you do not plan on running X11 applications on your local machine and displaying them on another. However, if you do wish to do this, you must enable your ssh daemon to allow this behavior.

      The Solaris and Linux computers on the network are configured to allow X11 forwarding.

      For OpenSSH (the vintage that ships with Mac OS X and Linux) you can change the default behavior of the ssh daemon by editing its configuration file "/etc/sshd_config". You can do the same for your ssh client by editing the file "/etc/ssh_config".

      Also, you can modify the ssh client configuration just for your account (i.e. not the global ssh_config file) by creating ~/.ssh/config and adding options to it.

      For the client, turn on X11 forwarding by default with:

      ForwardX11 Yes

      If you do this, you need not type "ssh -X host" to get ssh forwarding the X11 traffic.

      For the daemon, allow X11 forwarding by default with:

      X11Forwarding yes

      In Mac OS X, it's important to remember that you must be running ssh from a shell that is already "X aware". This means that you are either already executing ssh from within an xterm window, or that you have properly set your DISPLAY environment variable.

    8. SSH and (Un)Trusted X11 Clients
      (freshness: 07/06/05)

      When OpenSSH transitioned to 3.8, the default behavior of X11 forwarding was changed. As reported in the 3.8 release notes:

      "ssh(1) now uses untrusted cookies for X11-Forwarding. Some X11 applications might need full access to the X11 server, see ForwardX11Trusted in ssh(1) and xauth(1) for more information."

      What this means is, clients no longer have full access to all information on the root X display to which windows are opened (your desktop/laptop). This creates a problem with running ttsession (and thus dtmail) and also leads to the bad behavior of xterm crashing, as reported by Marshall Perrin. The bug manifests when pasting from a remotely opened xterm to a locally open one.

      To avoid these problems, you can add the following to either ~/.ssh/config or /etc/ssh_config:

      ForwardX11Trusted yes

      Or, you can run ssh with an extra command-line parameter "-Y":

      ssh -X -Y othermachine

      This is also referenced in the OpenSSH FAQ 3.13 - I upgraded to OpenSSH 3.8 and some X11 programs stopped working.

      Isn't this a security hole?

      Yes, it is. What this does is allow arbitrary programs that access your display full access to your root X display. If one of these programs has some malevolent intent, it could potentially sniff passwords (by monitoring all keystrokes) or lock up your X display server (not a really big deal).

      When you ssh to a remote host, it's possible for another person/computer to guess what your $DISPLAY is (ssh defaults to localhost:10.0 if it's available and then increases 10 to 11, and so on depending on if other people are already connected and tunneling X11 traffic.) Therefore, this is easily guessed information and someone with a login can trivially run a program to access your display. If you do not allow the tunnel to be "trusted" by default, then applications that attempt to sniff all keystrokes will not be able to construct a useful connection for doing so.

      It could be that some simple program on the remote machine was compromised in the past and silently is grabbing information off of displays when people run it (think, xclock, dtmail, etc...). How paranoid should you be about it? Probably enough to avoid using X11 at anytime you access any sensitive information you have on your local machine (banking accounts, personal identity information, etc).

  10. Copying files/data (local/network)
    (freshness: 09/01/05)

    Copying data to and from a Mac OS X machine can be straight forward. By default, you can use scp and sftp (the same tools that are on the Solaris and Linux computers).

    You should be aware that the default filesystem for Mac OS X (HFS+) holds meta-data that is not copied forward by some of the generic Unix tools such as tar, cp and rsync (this has changed in Tiger, 10.4, where the tools are aware of HFS+).

    1. Mounting Disks to your Mac (Using AFP and SSH tunneling)
      (freshness: 09/13/05)

      Josh Bloom sent this MINI-HOWTO to the macusers list on how to use Apple's own network file system sharing and SSH tunnels:

      I thought macusers would like to know how to mount their Mac laptop to a departmental G5. The basic idea is that you use SSH to tunnel through to the port that AFP^ uses. Here's my MINI-HOWTO for that.

      This MINI-HOWTO shows you how to connect to your desktop computer as if it was a cross-mounted disk remotely or from your desktop. We'll assume that you can tunnel through on port 22 (ssh) but that afp (port 548) traffic is blocked by your trusty netgear firewall. This is not VNC nor is it apple remote desktop, but it's pretty cool to be able to drag and drop directories and run stuff remotely from within an apple interface.

      Let's assume that your host computer sitting on your desk is called and you want to be able to run/see stuff from your laptop, from your home Mac, etc. One can imagine how handy this is for keeping calendars and mail in sync. Probably not recommended for keeping real juicy amounts of data in sync (use rysnc for that).

      • Set up file sharing on your desktop computer
        - go into apple menu -> system preferences->sharing
        - click to "on" personal file sharing in the left hand window
        You'll notice that it says you need to connect via afp:// or something like that. This will not work: because connections to port 548 are blocked. You need to ssh tunnel to that port

      • Remote machine: ssh tunnel to the desktop machine
        - open up a terminal on your laptop and type:
         ssh -c blowfish -X -L 10548:
        (you can obviously alias this command for later use)
        - you'll need to log in with your password. Keep that terminal open!
        (later you should shut if down with a ~& not a logout or exit)
      • on your local machine open the Finder -> Go -> connect to server afp://
      • You'll be asked for a password, this is just the one you use to log on on the remote machine.
      • When you want to stop your afp session, log out of the terminal gracefully by typing:
        instead of typing control D or exit or logout. This will allow the disk to cleanly unmount.

      That should do it. You should now be prompted to log in to the desktop computer. In principle, you could log in as another person provided that they have an account on the desktop machine (that is, you could tunnel with one name and afp with another).

      BTW, this tunneling also works well for viewing webpages (in this case, -L 10080: that you've developed on your G5.


      "The Apple File Protocol (AFP) remains the richest protocol for Macintosh file services and Mac OS X. It includes full support for any server running the AFP service over TCP/IP. The Internet Protocol (IP) makes it easy to connect to Macintosh file services running on Mac OS X Server, AppleShare IP and Windows 2000 servers."

      It's important to note that these instructions for SSH tunneling can be used to essentially tunnel anything, for example, you could tunnel login access to your laptop (or an arbitrary host), or web traffic as Josh noted.

      Also see on this page: SSH and Mac OS X/UNIX

    2. Mounting Astro Disks to your Mac (Using Samba)
      (freshness: 05/26/05)

      The Astronomy server named "irk" now supports remote mounting of disks via a system called Samba. It is based on a Windows File Sharing protocol and is understood by and interoperates with Mac OS X machines.

      To use this service, you will have to contact central for an account and password.

      Once you have an account for the Samba service, you can mount a disk from Irk by going to the finder, selecting "Go" from the top menu and drag down to "Connect to Server..." (or you can use the apple-K shortcut).

      This will open a dialog that looks like this:

      Fill in the "Server Address" field with "smb://". "a" is the disk mount on irk that my account resides on. I could also use "smb://" or another other disk that is mountable in the department (even though celestial1 is physically connected to my machine celestial). Then click on "Connect".

      A dialog box that should appear that looks like this:

      The default workgroup presented should be okay. Make sure the username is the one created for you by central. Then type in the password for this account. Et voila, the disk will be mounted! You can use the finder to access it, or, access it directly in a terminal window by navigating into /Volumes/a.

      You can also do this from within the terminal window by using "mount_smbfs". You could go so far as to create mount points in your / directory so that referencing files will look identical to how they are referenced on the Solaris and Linux network.

      e.g. I create a directory on my Mac called /celestial2. I then mount celestial2 onto that directory:

      mount_smbfs // /celestial2

      This answer contributed by Colby Gutierrez-Kraybill and refined by Mate Adamkovics

    3. Mounting Astro Disks to your Mac (Using MacFusion)

      This is slick new way to mount a remote volume using an SSH tunnel. The results are similar to the Samba method above, but no Samba server is required.

      In order to use MacFusion, you need to install, in this order:

      1. MacFuse package
      2. MacFusion GUI for MacFuse

    4. Copying Files Using Fugu
      (freshness: 02/15/08)

      Fugu is a simple, handy graphical front end for transferring files via ssh tunnel, or optionally using scp. This method does not require a Samba server.

    5. Changing your Samba password
      (freshness: 05/26/05)

      You can change your samba password by logging into "irk" and running the command "smbpasswd":

      $ ssh irk
      $ /usr/local/samba/bin/smbpasswd

    6. SuperDuper!, Carbon Copy Cloner, Retrospect and others
      (freshness: 09/20/05)

      If you're familiar with Carbon Copy Cloner, you may want to check some new software called SuperDuper!. This freeware software apparently provides the same features and then-some of CCC.

      Robert Crockett writes:

      In Panther and Jaguar, "Carbon Copy Cloner" did this [created bootable disk] nicely, but it does not work for Tiger yet. In the meantime, this page covers your options:

      There is also Retrospect from Dantz software, academic pricing is provided by the TRC.

    7. rdiff-backup
      (freshness: 05/26/05)

      For rolling your own backups, I recommend rdiff-backup. It is open-source and under the GPL.

      I've set up a system that backups both windows and macintosh data for the RAL using rdiff-backup (a python wrapper around rsync libraries). It provides incremental backups of the directories it is pointed at. It stores only the differences, making it nicely efficient and more flexible than using plain rsync.

      It's been working flawlessly since Apr 2004 and has saved the day twice for myself and more than a few times for other RAL members.

      It supports copying of the metadata forks in mac files. You can run it locally on your machine to an external drive, across a network via running it in a server mode (using ssh as the underlying transport layer, ensuring some privacy) or across smb/nfs mounts.

      Robert Crockett points out: "I believe that rdiff-backup does not create a bootable disk, which is nice if your drive fails and you'd like to be able to reboot your machine from the backup."

    8. rsync
      (freshness: 05/26/05)

      rsync is a useful way of copying files and it only transmits the differences it finds between files that are on each end of the copy (hence Remote Sync). rsync comes with Mac OS X 10.3 and 10.4 by default (unknown about 10.2...).

      The rsync that comes with 10.3 is unaware of HFS+ extentions. However, Saurabh Jha has pointed out that, "...on Tiger it is HFS+ aware if you use the -E option (highly recommended). Unfortunately it really only works reliably from a Tiger machine to another Tiger machine. To other machines you will need a patched rsync that is HFS+ aware."

  11. Accessing Departmental Printers
    (freshness: 11/12/14)

    The central-preferred method of printing from your Mac is using Samba. N.B.: You must have a samba account in order to use this method.  To get one, contact central@astro

    How to add a Samba shared printer

    Mac OS X 10.5.x - 10.10.x :

        1.    Open System Preferences > Print & Fax
        2.    Click on the + icon below the list of printers on the left hand side of the panel
        3.    A new panel appears. Control-click (or right click) on the title bar and select Customize Toolbar...
        4.    Drag the Advanced gear icon into the toolbar of the panel and click "Done"
        5.    Click on the Advanced icon in the toolbar
        6.    Click on the "Type" scrollbar and select Windows
        7.    In the URL field, use the following format to link to the printer:


                where queue_name is the name of the printer (see table below). For example, to add the printer p544, you would enter smb://

        8.    Enter a Name for the printer so you know which one it is. Location is optional.
        9.    For Print Using: choose Generic PostScript Printer In rare cases, the generic driver will not behave correctly. If this occurs, you can delete and re-add the printer, and at this step select: Select a driver to use... and choose the appropriate printer model. For example, for p544, you would choose "HP LaserJet 5200". N.B. you can type the printer model in the search bar (with the magnifier icon) to quickly find the appropriate driver. The later versions of Mac OSX do not include drivers for most HP printers. To add these, you need to go to the Apple site and search for "HP printer drivers".
        10.    Click Add
        11.    The first time you send a job to the new printer, a dialog box will appear asking for your username and password to print. You should check Connect as Registered User and enter your Samba username and password. If you do not want to be prompted for a password every time you print to this printer, you should check the box next to Remember this password...

    (for older versions of MacOS, see below)

    To enable duplex printing:
        1.    Return to the Print & Fax dialog. 
        2.    Highlight the printer you just added and click "Printer Setup..."  
        3.    Check the box labelled "Duplex Unit" and Apply the changes

    List of Department Printers:
    Queue Printer Model Location
    bw2 HP LaserJet P4015 outside 203 Campbell
    bw3 HP LaserJet 600 M602 outside 303 Campbell
    color2 HP Color LaserJet CP4525dn outside 303 Campbell
    colord HP Color LaserJet CP4525dn outside 455 Campbell
    p433 HP LaserJet 600 M602 outside 403 Campbell
    p544 HP LaserJet 5200 outside 501S Campbell
    p665 HP LaserJet 5200 605 Campbell
    poster HP DesignJet Z5200 PS outside 403 Campbell

    Mac OS X 10.3 and 10.4:

        1.    Open System Preferences > Print & Fax
        2.    Mac OS X 10.4.x users: With the Printing tab selected, click on the + icon below the list of printers.  
                    In the Printer Browser window, select the IP Printer icon, then hold the Option key while clicking the "More Printers" button.
               Mac OS X 10.3.x users: Hold the Option key down while choosing Add Printer from the Printers menu.
        3.    Choose Advanced from the first pop-up menu.
        4.    Choose Windows Printer via SAMBA from the Device pop-up menu.
        5.    In the Device Name field, type the name you would like to use for this printer in Mac OS X.
        6.    In the Device URI field, use the following format to link to the printer:


                where queue_name is the name of the printer, e.g., p544 (see table below)
                and user and password are your Samba username and password.
        7.    Choose the appropriate PPD or printer driver from the Printer Model pop-up menu.
        8.    Click Add.

    Contributors: Paul Kalas, Kelley MacDonald, Saurabh Jha, Marshall Perrin, Bill Boyd.


    1. Setting duplex printing as the default
      (freshness: 04/13/09)

      OS 10.5 and later:
            1.   Start to Print something with File>Print... or command-P
            2.   In the print dialog below Orientation, select Layout
            3.   Next to Two-Sided:, select Long-edge binding
            4.   Select Presets > Save As... (near top of dialog)
            5.   Name the preset "duplex" or similar
            6.   Print (print to PDF is sufficient)
            7.   Start to Print as in step 1.
            8.   In the print dialog choose Presets: Last Used Settings. You should now see "duplex" selected by default.

      OS 10.4: (requires Property List Editor {part of Developer Tools} to be installed)
            1.   Start to Print something with File>Print... or command-P
            2.   In the print dialog below Presets, select Layout
            3.   Next to Two-Sided:, check Long-edged binding
            4.   Select Presets > Save As... (near top of dialog)
            5.   Name the preset "duplex" or similar
            6.   Cancel the print dialog
            7.   In the Finder, navigate to <your_username>/Library/Preferences
            8.   Double click on the file to open it in Property List Editor
            9.   Click the triangle next to Root to expand the list.
            10.   Double-click the Value of and enter "duplex" or the name from step 5.
            11.   Save and Quit Property List Editor.


  12. Mac OS X System and Application Troubleshooting
    (freshness: 07/15/05)

    There are some Mac OS X specific trouble shooting methods that are useful when running into slow downs, crashes or generally unexplainable behavior of the system software or application software.

    It's worth while to try out these general trouble shooting procedures when one of the following occurs:

    • System/Application Crashes
    • Slower than Expected Responses from the System/Applications (SPINNING BEACHBALL HELL)
    • Funky menus/icon problems/odd behaviors

    There are many applications out there that present themselves as "general maintenance" tools. These tools try to perform some of the following procedures (cache cleaning for instance) as a method of avoiding potential problems. However, these are not general maintenance issues. For example, there is important information held in the caches area that, if deleted, interferes with using the system (e.g. asking to reapprove applications you have already approved for use).

    Here are some tips for dealing with common Mac OS X (10.2-10.4) problems.

    1. Check the logs
      (freshness: 07/15/05)

      Open the finder, go to Applications > Utilities > Console

      This application is a front end to the system logs. Click on the "Logs" button to see a list of logs to look at. Examine the most recent entries in console.log and system.log. If you see something that looks suspicious, google it to see if you can find out more information about the problem.

      System server crash logs can be found under /Library/Logs/CrashReporter while user application crash logs can be found in ~/Library/Logs/CrashReporter.

    2. Freeing up diskspace
      (freshness: 07/15/05)

      If there is not enough disk space for the system to use, your machine may exhibit erratic behaviors. Be sure that you leave at least 10% free diskspace on your system drive. This is a good rule of thumb for all forms of UNIX.

      Several areas that you can look to free up diskspace on your Mac OS X system are:

      • Log files - log files can build up over time and if you are squeezed for space, you can safely remove them. Generally, the system logs are cleaned up by cron scripts that run daily, weekly and monthly. However, if your machine is off during these times, the scripts won't run and logs may keep growing. You can clean them out by going to the finder, Applications->Utilities->Console. Click on the "Logs" menu item and start clearing.
      • Mail update (Tiger) - If you updated your OS without doing a fresh install, your email was imported into the newer version of Mail for Tiger. This has a side effect of leaving behind an extra copy of your mail folders that you no longer need. If you have a 1GB set of mail folders, this will lead to 2GB of disk usage (unnecessarily) after the update. Source:

        I strongly recommend that you make a backup of your ~/Library/Mail/Mailboxes directory before attempting to clean it up. This clean up procedure is *only* for Mail 2.0 (10.4+ or Tiger)

         $ cd ~/Library/Mail/Mailboxes
        $ find . -name mbox -exec rm {} \;

      Question/Answer: Paul Kalas, answer: Colby Gutierrez-Kraybill.

    3. Preferences Corruption (plist files, XML)
      (freshness: 07/15/05)

      Preferences for applications are mostly stored in XML files. These files can become "corrupted" or incorrectly formatted, either by your own edits directly to them, or when an application mangles one while updating it. These files can define menu layouts, icon information and other meta-data. If corrupted, applications can exhibit strange behaviors. These files have the suffix ".plist". They are primarily located in ~/Library/Preferences and /Library/Preferences. You can make sure they are properly laid out XML files by running a program called "plutil". This utility will only confirm that they are proper XML, not that the data inside them is accurate. You can do the following in Terminal:

       $ sudo plutil -s ~/Library/Preferences/*.plist
      $ sudo plutil -s /Library/Preferences/*.plist

      The sudo is included because sometimes preference files are owned by the system (mostly in the case of /Library/Preferences, but a few can also end up in ~/Library/Preferences).

      As stated, this does not prove that the content of these preference files is correct. If after trying this step, there are still problems with the system/application you're trouble shooting, you can make a backup copy of your ~/Library/Preferences directory, then removing everything in it and then logging out and logging back in. This will create new sets of preferences for your account and any applications you run will create new ones as well. If things improve, you may have now fixed it. If you're really curious, you could start copying back preferences, one by one.

      Sources: MacWorld (careful of the "maintenance" utilities list), Apple Site, Mac OS X: How to troubleshoot a software issue

    4. Repairing Permissions
      (freshness: 07/15/05)

      Mac OS X and UNIX in general has a complex relationship between applications, user access and the permissions for such access on the files on the system. It's easy to inadvertantly modify permissions and cause trouble for your access or your system's access to its own files. Apple addresses this problem by providing a utility to repair permissions. Disk Utility provides this mechanism (Open Finder, Applications->Utilities->Disk Utility). Click your startup disk, then select "Repair Disk Permissions".

      It's a good idea to do this on a regular basis (after updating the system or installing a few software packages.

      Note: The permissions information is stored in files located in /Library/Receipts. It's important to not delete these files, so that the above procedure will work.

      Source: Apple: Disk Utility Help

    5. Removing Cache Files
      (freshness: 07/15/05)

      The Mac OS X system and various applications keep cache files around to help speed up application launching and response. Ironically, these same cache files can end up slowing down applications if they grow so large that the application spends more time reading through them, than doing what you want it to do. Also, the caches may have incorrect information in them, again, leading to strange and incorrect behaviors.

      If you are worried that something seems more sluggish or an application is consistently crashing, you can start removing caches in this order (there's no particular need to back them up):

      1. ~/Library/Caches - holds login and application specific caches (Quicktime, Mail, Safari).
      2. /Library/Caches - more application layer caches (Font System, Software Update)
      3. /System/Library/Caches - system specific caches (Kernel)

      Source: Login Delays and Damaged Font Cache, Apple Site, Mac OS X: How to troubleshoot a software issue

    6. Boot into safe mode
      (freshness: 07/15/05)

      If you are familiar with Windows or other UNIX based systems, you have probably heard of "Safe mode" or "Single User Mode". Mac OS X offers something similar to these modes (infact, it offers both safe and single user modes).

      From the Apple Knowledge Database, "Starting up into Safe Mode does three things to simplify the startup and operation of your computer:

      • It forces a directory check of the startup volume.
      • loads only required kernel extensions (some of the items in /System/Library/Extensions).
      • It runs only Apple-installed startup items (some of the items in /Library/StartupItems and /System/Library/StartupItems - and different than login items).
      • Mac OS X 10.4 Tiger only: It disables all fonts other than those in /System/Library/Fonts .
      • Mac OS X 10.4 Tiger only: It moves to the Trash all font caches normally stored in /Library/Caches/ , where (uid) is a user ID number such as 501.
      • Mac OS X 10.4 Tiger only: It disables any Login Items."

      Also from the Apple Knowledge Database, "To start up into Safe Mode (to 'Safe Boot'), do this:

      1. Be sure the computer is shut down.
      2. Press the power button.
      3. Immediately after you hear the startup tone, press and hold the Shift key. Tip: The Shift key should be held as soon as possible after the startup tone but not before.
      4. Release the Shift key when you see the gray Apple and progress indicator (looks like a spinning gear).

      Single user mode is identical to the same feature of Solaris/Linux/Name A UNIX. This boots the machine without completing the startup file initializations, leaving the computer sitting in a single shell (clever naming). To boot into single user on your Mac OS X machine:

      1. Choose Apple menu > Restart or press the power button if the computer is turned off.
      2. Press the Command and S keys together as the computer starts up.

      Other useful startup key sequences are:

      • Command-V (Verbose, shows startup messages during boot)
      • Option (or "alt", boots into open firmware)

      Sources: Starting up in Safe Mode, What is Safe Boot, Safe Mode?, Starting up in single-user modeMagical Macintosh Key Sequences. Other (more comprehensive) troubleshooting pages:,

    7. My disk is failing
      (freshness: 07/15/05)

      Paul Kalas, ever the Mac OS X pioneer, has this to report about attempting to recover data from an apparently dead partition:

      I have a dead disk partition that I would like to recover, but so far Disk Warrior and Disk Utility haven't been able to fix the problem. Disk Warrior complained about a bad wrapper. And the scavenge mode in DW did not work.

      The dead disk partition is on an external firewire drive. It does not mount on the desktop, but both Disk Warrior and Disk Utility see that it exists. Thus it seems to me that all the data is still there, and it's just a few files that I do not have backups for. The problem seems to be related to mounting the disk and for the OS to recognize its format.

      Right now I am trying the following command:

      dd bs=512 if=/dev/rXX# of=/some_dir/foo.dmg conv=noerror,sync

      as discussed in:

      By the way, the corruption occured when I had the firewire drive connected to the front firewire port of a dual G5 2 GHz. The firewire drive was actually the boot device for OSX10.4.1. I then put an iShuffle into the adjacent USB port. iTunes opened up automatically, and soon after the OS crashed, and the firewire drive could not be mounted after restart. This actually happened twice - the first time I thought it was a random event, and the drive was easily fixed. However, it happened again in the same way, and the crash was different, and more severe.

      Paul continues later:

      The ending of this story is that the "dd" command didn't quite work and it is very slow for recovering data.

      However, a millisecond before I was about to give up, I ran across Data Rescue X by Prosoft Engineering. In about two hours it had scanned my dead, unmountable 20 GB drive and I could select files for recovery.

      The only quirk I found was that if you selected your entire drive for recovery it did not produce very many usable files, but if you selected a specific file, or a folder with a few files, everything was recovered perfectly.

      Just to summarize, with a dead drive one could probably use the following steps:

      1) Disk Warrior 3.0.3 (also try scavenger mode, press the option key) 2) Safe Boot (startup while pressing shift key) 3) Repair permissions (startup from CD or other drive) 4) Data Rescue X

      Prosoft also has Drive Genius, which seems more versatile than Disk Warrior.

      Key initial steps are to backup frequently, and to partition hard drives. In my case, the 20 GB dead drive was actually one partition on a 60 GB drive. The other partition was not affected by the disk corruption.

  13. Software Development
    (freshness: 10/04/05)

    There are a rich set of development tools that come with the Mac OS X system. The default tools are free and are enough to port/write UNIX applications. To install these tools see: Installing the Mac OS X Developer Tools on the Apple website.

    Owing to the NeXTSTEP heritage of Mac OS X, the developer tools are useful to novice and experienced programmer alike. Many programmers who learned Object Oriented patterns for programming in the late 1980's and early 90's, did so on NeXTSTEP computers or benefitted from the "Purple Platypus Book".

    That book, written by Timothy A. Budd, is still useful today when programming on the Mac OS X platform. The concepts presented have broad reach into why Object Oriented programming exists and why it has become the defacto standard methodology for developing robust software systems today.

    It is encouraging to see the astronomical community embrace Mac OS X and hopefully some of the more esoteric concepts will influence the future development of astronomical related software. This section covers some questions that have arisen on the macusers list, questions sent directly to me and others that I think ought to be brought to light:

    1. What's a good C++ Book?
      (freshness: 09/01/05)

      I recommend reading the Bruce Eckel series of books called Thinking in C++. These books are availabe free online as well as in printed form. When I was first learning C++, I found vol 1 to be valuable because I already had a firm footing in C programming. Bruce Eckel has also produced several books on Java and general Object Oriented programming.

    2. Tools for Optimizing Code
      (freshness: 10/03/05)

      Once you've written a program and you have proven to yourself that it works, it is time to work on optimization. Becoming aware of system bottlenecks or looping bottlenecks can help you increase the efficiency of your code. Using less time and resources for your code to run allows you to get results more quickly, or, increase the complexity of a simulation for better modeling. There are some tools available under Mac OS X that can help you optimizing your code on the mac, and then extend those optimizations to other platforms that are not CPU specific (in many cases, a change in data access patterns can increase performance across all platform types).

      Apple's developer tools (Xcode) ship with an application called Shark. In the simplest case, it's useful to figure out where your code is spending most of its time. Shark can provide this and from there also help you perform CPU specific optimizations. See: Optimizing with Shark: Big Payoff, Small Effort

      gprof is a tool that comes with every gcc installation (so it's on Linux/Mac OS X by default). Short for GNU Profiler, this program essentially does the same thing as Shark for determing where your code is spending its time, but, without the CPU specific targeting. See: Jay Fenlason's GNU gprof

    3. Hand tuned libraries for numerical analysis (Accelerate)
      (freshness: 09/13/05)

      Onsi Fakhouri wrote to the macusers list:

      This is for anyone interested in efficient numerical analysis stuff. I just found out (and this may be old news for some people) that apple has a framework called "Accelerate" It includes hand-tuned versions of several open source libraries like BLAS, LAPACK, and vDSP. This is one of apple's strengths: the apple engineers know exactly what kind of hardware their software will be running on, and they've optimized these libraries to run efficiently on G4s and G5s.

      To learn more, open a terminal and run "man Accelerate"

      From the Accelerate manpage, you might want to start with for AltiVec targeted programming (includes info about targeting SSE on Intel based Mac OS X machines).

    4. IBM's Fortran compiler (xlf)
      (freshness: 06/15/05)

      Yoram Lithwick has pointed out that there is a high performance fortran compiler published by IBM (XL Fortran Advanced Edition for Mac OS X).

      In Yoram's own words: "xlf is infinitely better than g77, and does fortran 90 as well." (He's probably correct)

      xlf is officially supported on 10.2 and 10.3. It is not officially supported on 10.4 (Tiger). However, I have installed it on my own tiger machine, and it is capable of turning out a runnable "Hello, World!" program. I would not recommend purchasing it outright without proper support, but if you get a demo version, it might be worth trying out.

    5. (Re)Installing Fortran (g77)
      (freshness: 01/17/07)

      Paul Kalas writes:

      "After installing Tiger (10.4) I had difficulty reinstalling a fortran compiler."
      Here are some edited notes on using the High Performance Computing (HPC) project version of the gcc/g77/g95 tools.

      First off, you can use the Fink port of g77 using the normal Fink installation procedure.


      You can use the HPC version of g77/g95:

      • Install XCodeTools 2.0 or 2.1. Select "Developer Tools Software", "gcc3.3" and "gcc4.0"
      • If you have an older version installed with Fink, make sure that you delete the older version
      • Download the g77 3.4 package from and follow the installation instructions. The HPC site also has the newer g95 compiler which might be of interest.
      • Make sure that you are running the right compiler. At a terminal prompt, you can type "which g77 f77 gcc". It should respond with the full path to each of these tools. If the path does not look okay, make sure you have followed the second step of removing any older installation of g77 in /sw (in the case of Fink).
      • If you get an error like: /usr/bin/ld:can't locate file for: -lcrt1.o, it means that /usr/lib/crt1.o is missing. Under Tiger, insert your Mac OS X system DVD, got to System/Installation/Packages and run DevSDK. The DevSDK is on the OS X MacBook Pro disc 1 under "/Xcode Tools/Packages".

    6. c++filt, no such file or directory
      (freshness: 06/24/05)

      Brad Hagan wrote to the macusers list:

      I'm trying to compile a fortran code using g77, but I'm running into issues. I have the version of g77 talked about before in this forum (the HPC compiler). I used to have fink's g77 (version 3.4.1) which worked fine. I deleted the binary (is there anything else I should do?), and installed the package from HPC which I installed after Tiger was installed.

      I think things went wrong when I installed XCode 2 (from the Tiger DVD), although I can't be sure. The creation of object files is no problem. When the compiler tries to write the executable, I get this error message:

      g77: installation problem, cannot exec `c++filt': No such file or directory

      Obviously, it can't find c++filt, a program that the linker pipes its output through. I am able to compile when I use the tag "-no-c++filt", but this frightens me a little. Nevertheless, the code seems to work fine when that tag is used. Does anyone else have this problem? Could it be because some fink stuff is still lurking around my machine and screws up something? (the compiler itself is NOT fink's; I verified this using the 'which' command)

      Colby's response:

      c++filt is part of the GNU Binutils (support files for gnu). It is part of a final linker step to demangle c++ and java named routines. An explanation of what name mangling is in c++ and java can be found here:

      In Tiger, this apparently does not get installed by default (I'm not sure I understand why, it's probably because of changes in gcc4 (which Tiger is now based on)).

      So, I think if you install the BSD.pkg from the Tiger install DVD, this will fix you up.

      On my system here, I find:

      $ lsbom /Library/Receipts/BSD.pkg/Contents/ | grep c++
      ./usr/bin/c++filt 100755 0/0 351836 3781245634
      ./usr/share/man/man1/c++filt.1 100644 0/0 8512 1617226393

      Also note, the gcc4 from Apple does not have g77 support, (gcc4 has introduced the name gfortran). My guess is that they'll include gfortran at some future date as part of the dev packages.

      I see chatter from fink users that are having similar troubles, it appears that some Tiger installations refuse to install the /usr/bin/c++filt from BSD.pkg no matter what. (I'll guess it's because the gcc3.4.pkg needs installing first).

      BSD.pkg apparently installed this just fine on two system I have running Tiger (one was a completely fresh install, the other, an upgrade).

      So, why does the fortran compiler even need to use a c++/java linker demangler? I think g77 is assuming you might just possibly link against c++ files. Unless g77 needs something that resides in libgcc, it seems like you needn't worry about having the -no-c++filt flag.

    7. Stack Size and Dynamic Memory Allocation in C/C++/f77/f90
      (freshness: 10/03/05)

      Astronomers tend to deal with large data sets. When writing programs, it is common to follow the generic way of declaring memory space for that data, e.g.:

      int stars[200000000];

      While the above is legal and will probably compile, it is a tricky problem that may not manifest immediately. Programs keep data in two areas while running, one is called the stack the other the heap. The stack is a section of memory reserved for data used by internals to a programs operation, function/method variables, passed parameters and return addresses. In the code above, the int array will be allocated on the stack as soon as the program is launched. Unfortunately, stack size limits and handling are different from OS to OS (Windows/VMS/MacOSX/Linux/Solaris/etc...).

      If there is a limit to the stack size, a program with the above initializer will cause a segmentation fault or a bus error.

      On many UNIX variants it's possible to set no limit on the stack size for programs by issuing a command called "ulimit". Looking at the man page for the particular system you're interested in will give you more information on how to use it. By unlimiting the amount of stack space made available to programs, it's possible to run a program with the large array above with no errors.

      However, Mac OS X does not allow an unlimited stack size, it is limited to 64MB. Instead of allocating stack space, it's better to use heap memory.

      The heap is a generic name for general data space used by programs. The heap can grow and shrink dynamically on UNIX systems and there are two ways to have your data allocated in these areas.

      static int stars[200000000];

      This is the easiest way. The static modifier tells the compiler that this memory will be reserved at run-time and that it should be put into a memory area that is accessable to all parts of the program (hence, on the heap space). This can be useful for small to medium complex programs, but it allows for patterns of programming that are difficult to read and maintain. If there are dozens of functions accessing this memory in various ways, it can be easy to trip up one function with the behavior of another. The other method of allocating heap space:

      int *stars = (int *)malloc( 200000000 * sizeof(int) );

      This is where you'll need to become familiar with using pointers in C and C++. They are indespensible when working with these langauges and are the source of their greatest strengths and greatest dangers. The above code snippet is dynamically allocating memory at the time of the call to malloc() instead of at the time the program starts to run. This allows for isolation of memory from separate parts of a program and if used properly can increase the efficiency of the program by only using memory when needed and releasing it when it no longer does.

      This section was inspired by a discussion on the macusers list between Colby and Darren Croton

      Anatoly Spitkovsky added:

      I've run into this problem countless times myself. However, I was using fortran 77 and there you don't have much option of how you declare arrays. If inside of a function I declare a sufficiently large fixed array, it would fail on one of the platforms/compilers, unless I play with stacksize. My fix was to switch to fortran 90 and use allocatable arrays everywhere (equivalent to your malloc), incurring the pain of not having a reliable free f90 compiler everywhere. Although technically there should be an option during compilation to allocate arrays on the heap by default, some platform/compilers just don't seem to do this correctly in my experience.

  14. Obtaining and installing Emacs
    (freshness: 02/22/06)

    Multiple versions of Emacs are available for Mac OS X:

    1. There is also a posh looking version called Aquaemacs that seems to also include LaTeX tools.
    2. An unembellished version of Emacs can be found here.
    3. Also a MacPorts package

  15. Managing Spotlight
    (freshness: 06/05/05)

    Spotlight is the name given to a new searching mechanism introduced with Mac OS X 10.4 (Tiger). This system is constantly indexing filesystem information and can be a drain on system CPU and disk resources. Paul Kalas points out that you can turn this indexing behavior on and off using a command line utility on a per disk basis:

    $ mdutil -i off /Volumes/NameOfDrive
    See the man pages for mdutil, mdfind and mdimport for more information.

  16. Automater and GetPath for files in Finder
    (freshness: 06/05/05)

    "I just got [a script] working that might be useful is a 'Get Path' command - just right click on any one file, select the command under 'Automator' (or dir) and it copies the path to your clipboard for easy pasting into IDL, X1, etc. You can get it at

    The guy says there are faster ways to do this with various freeware things, but I thought people might use this. You may have to create ~/Library/Workflows/Applications/Finder/ and ~/Library/Scripts to put it in."

    This answer contributed by Josh Goldston

    See also: Automator on Mac OS X and Automator, How it Works.

  17. Mathematica Fonts
    (freshness: 06/05/05)

    Get the latest Mathematica Fonts updates.

  18. Testing your Mac with benchmarks
    (freshness: 06/05/05)

    Paul Kalas writes:

    Here are four performance benchmarks that I've found useful:

      1. In OS9, run graphing calculator in full demo mode. It should loop through the demo indefinitely. If not, there's something wrong with the CPU.
      2. If you have IDL on either OS9 or OSX, run time_test2.
      3. On OS9 or OSX, time how long it takes to encode a .aiff file on your hardrive to an mp3 using the "better quality" setting in iTunes3.0.
      4. On OSX, download and run XBench 1.0.

    Are there any good reasons to try these, you ask? Well, say you have a 73 slide powerpoint presentation, and your computer freezes in the middle, right in front of 200 people, but it didn't happen in the office three days ago. Is it because the file was corrupted somehow, or is it the operating system or hardware that is crippled? The benchmarks could at least tell you if the operating system or hardware is crippled. A classic example is that you set the Energy Settings to "Longest Battery Life" while on the plane, but forget to switch it back to "Highest Performance" before your talk.

    I've had #1 show me that a brand new G4 desktop had a bad CPU, and #2-4 revealed to me that by fiddling with my operating system, I had reduced performance by 30%. Also, you could try these before and after installing new ram or installing new software.

    For a 1 GHz Ti Powerbook with 768 RAM, OS10.2.4 here is what I get:

    #2: Total time=1.5-2.5 seconds (astron=4.0 seconds)
    #3: 8:14 music file = 36 sec, 10:02 music file = 48 sec
    #4: Total score=87-91, CPU=108-114

  19. How do I swap keyboard keys (in software)?
    (freshness: 06/05/05)

    I'm trying to configure the keyboard for more convenient use with emacs. Has anyone successfully used xmodmap to swap the caps lock and control key on a G4 laptop running X11?

    "I tried long and hard to swap the function and control keys but ended up giving up. It came down to actually installing a kernel extension. I was using a program called DoubleCommand and I think, in your case, it should be sufficient.

    While we are on the topic of emacs what do you use for the meta key?

    The "Command" key (the one with the little apple on either side of the space bar) works as the meta key (so does ESC with limited functionality)."

    Joe Hall

    "I have used a program called uControl to modify keymaps. (In my case, I wanted to remap the "enter" key, not "caps lock".) Hope it helps."

    Robert Crockett

  20. How do I create movies?
    (freshness: 10/03/05)

    I recommend buying the "pro" version of quicktime if you find yourself regularly creating movies. The extra tools provided will make it easier to create publishable movies in a wide variety of formats. - Colby

    Andrew Youdin recommends: "QuickMovie (v1.5)can properly sort imported photos. If you want to try this program, which I recommend, go to the web site for Chaotic Software.

    The pros are that's it's simple, small, easy to use, supports many codecs, and the resolution seems fine. The con is that you can't do fancy things like have a variable frame rate (but you could do this creatively by adding copies of stills if you want it to go slower).

    Rejected possibilities

    • iMovie: bad idea since the jpeg quality is seriously degraded.
    • Still Life: This works, and it's what I'll (buy and) use if no one has any better suggestions. It's kind of unwieldy, hard to make changes (e.g. to frame rate) and impossible to preview. It's more intended for making "Ken Burns" style documentaries where you pan and move around a photo still."

    Joe Hall recommends:

    "I would use IDL. Here's a bit o' code that I used to make mpgs from plot windows (r3b = "restricted 3 body" problem)... it helps if the images are created in IDL but I think you could use it..."

  21. Older Macintosh Programs (Mac OS 9, Mac OS X/Classic Environment)
    (freshness: 08/20/05)

    To provide access to older (Pre-Mac OS X) applications, Apple has provided a separate runtime environment called "Classic".

    From Jon Arons:

    Classic is an environment in which you can run OS9 applications - once you open it, commands issued behave like an old fashioned Mac (including the inadequate memory management). Once you open a classic Window, from within that you can run OS9 applications.

    In OSX, open System Preferences and click on the Classic icon, in the System row. The resulting dialog pane lets you start Classic. The Classic application is any OS9 (or earlier) program you have installed on your disk - within Classic, you can access anyplace on the disk, thus find the program you want and run it.

    The classic environment is not installed by default in 10.2 and 10.3. The Classic system preference will ask you to install it when you first attempt to run it from there. In 10.4 (Tiger), you must install it from the DVD yourself.

  22. Creating/Annotating postscript figures
    (freshness: 10/03/05)

    Joe Hennawi wrote:

    Can someone recommend a program to use on Macs to annotate postscript images with vector graphics? I need to overlay text and arrows on a postscript image. I used to use illustrator for this, but the postscript it exports looks pretty crappy.

    Several responses followed:

    Josh Bloom,

    I use 1) keynote and 2) xfig. The former you need to buy (it's Apple's Powerpoint). The latter you can get by fink. The export (using fig2dev) from xfig will be a perfect PS ouput.

    Onsi Fakhouri

    My favorite program is "Omnigraffle."

    A lot of new Macs (my powerbook included) shipped with omnigraffle 3 preinstalled.

    I really think this is exactly what you are looking for. It actually has a feature-rich set of drawing tools. It knows how to export to eps, and it has a gorgeous user interface.

    I think the online demo isn't restricted (it's just time limited -- 30 days, I think) so you can do whatever you need to with it.

    Vivien Chen

    I use Canvas for postscript images. It can directly modify the graphs, for example, to make the contours thicker or different colors. It costs a few dollars though.