Office 2008 for the ‘executive’

brunerd 11 Comments

Last night, while groggily honing in on the Office 2008 installer package UID problems, I missed another glaringly obvious defect: All the files are set executable, yes those files owned by 502 are also set executable. Take a look again at the lsbom dump you’ll see this everywhere: 100775. For the first two: the 10 means it’s a file, 40 is a directory. The last three (775) are significant: 7 is 4+2+1 (4:read, 2:write, 1:execute) and 5 is… that’s right: 4+1, read and execute privileges.

Now tell me does… /Microsoft Office 2008/Read Me.html need to be executable for you to look at it? Tick, tick, tick, *ding*! No. It does not let’s do another!
Does this god awful GIF bullet? /Microsoft Office 2008/Office/Media/Clipart/Bullets.localized/Red Swirl No. But it is.
Ok. One more: /Microsoft Office 2008/Office/Media/Sounds/Yeehaw? Yeah, you’re getting it. No.

The only things that needs execute privileges are directories (that’s application bundles too) and executables such as: Microsoft Word.app/Contents/MacOS/Microsoft Word

And can you remove this execute bit in Finder? No. You have 3 choices, Read & Write, Read Only, and No Access, flip through them all and the x will still be there. You’ll need to chmod it from the terminal, but be careful, not all of them… or just give chmod -R ugo-x * a whirl, then slowly go through and chmod go+x the executables one by one and see if it still works, might be faster than the inverse… but I haven’t tested anything yet, that’s for work tommorrow… and the next day… in the mean time…

Try this: ls -lFGR /Applications/Microsoft\ Office\ 2008

You’ll be seeing red. :D

BTW: Just in case, the media I am using is Part No: X13-64625-03, I hope MS can fix this and re-press this for Volume License customers — my day job! And speaking of just in case, thanks ‘justincase’ of the Clix forums for pointing out the glaringly obvious.

Office 2008, 502, and you

brunerd 33 Comments

So… I got a free copy of Office 2008 Digital Media Edition for free at MacWorld 2008! W00t! All because IDG double booked a room and the session I wanted got bumped until later. I instead went to see what’s new at the “Office2008:Form Meet Function” session, cute sounding eh? Within the first minute or two, to ensure our rapt attention I’m sure, our lady MC told us that we were all going to receive a free copy of Office 2008. Except, without the same flair as Oprah (she should have tried stretching it out: “You’re all getting Awwwwwww-Fiiiiiiiiiiiiiiiiice!!!”) Oh well, it still felt nice to win something, especially something as pricey as the Digital Media Edition which runs $467 at CDW! I got back yesterday and after debating whether I’d sell this bad boy or install it, I went with carnal knowledge of the beast.

First things first: They’ve moved to Apple’s Package Maker (.pkg) installer files, good news for the enterprise rollouts? Well, unfortunately they’ve created all the packages to install most all of the files with the owner set to 502.

So let’s say, Mr. IT installs this on a user’s machine where the first user is the admin (501) and the standard user is Joes User (502), well, when after all’s installed, it will give Joe User (502) ownership of these folders and their installed contents:

/Library/Automator/ (if it doesn’t exist already)
/Library/Fonts/Microsoft
/Library/Application Support/Microsoft
/Applications/Microsoft Office 2008

Hmmm, that’s not good now is it? Because A) Joe User will find a way to screw it up and B) those are security holes IT does not want to have. Oh, if only they’d taken a peek at p. 1060 of Cocoa Programming, which basically says, if you let root own the file but the person installing isn’t root, it will assign that user’s id to the installed files, that’s how it should be. Instead if UID 502 doesn’t exist on your system when you install it will still assign that UID as the file’s owner anyway. D’oh!

I think I feel a chown’ing script (or an Iceberg repackaging) coming on and an uninstaller script too. “But, there’s an Uninstaller!”, you say? Yes there is and it does a lovely job of moving the Microsoft Office 2008 folder to the Trash, but it kinda misses the Application Support folder, the fonts folder (and moving the disabled fonts back), and all 97 automator actions… tsk tsk. Still, it was free!

Morning Update: It was late, I was tired (and sick), and I totally didn’t think of this one: “Fix Permissions”. If you do get your ownership fixed on all those files, make sure to delete all the Office2008* files from your /Library/Receipts folder, lest you reverse it all with one click of “Fix Permissions” in Disk Utility. And no, you can’t use awk, sed, or some other readily apparent way to modify the bom files… that’s someting for the MOAB crew ;)

MyMacWorld Calendar, Outlook Compatible

brunerd 6 Comments

So, the MyMacWorld site made by BDMetrics has an “Export to PDA” function that supports Outlook and not iCal. Try and import the ics file into iCal and you’ll get:"This calendar file is unreadable. No events have been added to your iCal calendar"Guh!? Let’s go back and read the description of what this exporting will get you:

This exports all your scheduled items in a single, iCalendar or vCalendar file. You may then import this file into any iCalendar-compliant system such as OutlookTM, then subsequently synch to your PDA.

Oh super, Outlook. That’s great for the PC manager who gets sent to MacWorld to see what this Mac hullaballoo is all about, but it’s useless for 95% of MacWorld’s attendees. Are you serious BDMetrics?

Update:
OK After spending way too long looking at Apple’s iCal specs and messing with the tags and blogging the whole thing (and using ♥ in my URL, so the thing broke on every other browser besides Safari!) I have the solution. But first the reason they don’t work:

  • iCal will only read VERSION:2.0 tagged files, MyMacWorld is VERSION:1.0
  • The iCalendar spec call for CRLF ending, they use an LF only

    • HA! Of course a spec written in 1998 by an MS employee calls for CRLF line endings! Of course, it makes sense now!

    OK so here’s the code. Get thee to a Terminal, cd to where your ics file is, and copy and paste following onto one line, and you’ll be good to go
    perl -p -e 's/VERSION:1.0/VERSION:2.0/g' ShowCalendar.ics | perl -p -e 's/(\r\n|\n|\r)/\r\n/g' > newShowCalendar.ics

    What’s (not) in the Quicktime 7.3 Update

    brunerd

    This one is weird…
    With the new Quicktime you get movie windows with no border on the left or right, you also get some new Automator actions…
    /System/Library/Automator/Enable or Disable Tracks.action
    /System/Library/Automator/Hint Movies.action
    /System/Library/Automator/New Audio Capture.action
    /System/Library/Automator/New Video Capture.action
    /System/Library/Automator/Pause Capture.action
    /System/Library/Automator/Play Movies.action
    /System/Library/Automator/Start Capture.action
    /System/Library/Automator/Stop Capture.action

    That is, if you are in Tiger. If you on Leopard, these files are copied down but are not added to Automator. If you do add them manually (drag them in, double click them, open from Terminal), they won’t do anything.

    Now if you look in an .action you will see its just a folder, like an app bundle. The meat of an action is in here /Contents/Resources/main.scpt and the Tiger and Leopard Quicktime actions are byte for byte the same (use md5 for a checksum)

    The only concern is though what string you find inside (these are “Run-Only” compiled Applescripts, so no plain text):
    01cd Tiger
    028b 'Tiger:Applications:QuickTime Player.app
    02E9 T i g e r

    Hmmm, is it just me or should the strings Tiger not be in a Leopard component? Especially when they have two seperate packages for the Tiger and Leopard version of Quicktime 7.3? Come on Quicktime 7.3.1!

    What’s in Hard Drive Update 1.0?

    brunerd

    So there’s a Hard Drive Update 1.0 update out from Apple! Put on your mining hats and let’s go spelunking… first stop the package .dist file has some strings of interest:
    if( model.match(/ST3500641AS/) )
    if( revision.match(/3.BTD/) )
    if( model.match(/ST3750640AS/) )
    if( revision.match(/3.BTF/) )

    This refers to Seagate’s 750GB & 500GB drives

    What else can we find? Once we open the archive.pax.gz there’s the actual Hard Drive Update 1.0 Cocoa app, which has a very scary sounding readme.rtf file inside the Contents/Resources/.lproj:

    Warning: It is strongly recommended that you back up the data on your hard drives to an external drive or removable media before running this update. Do not reset, shut down, or turn off power to your computer while performing this update. If an error occurs during the update process, your hard drive(s) may become unusable and all data could be lost. If you have not backed up your data, click Quit and do so now.

    As Count Floyd would say: “Oooh Scary

    Next up is the MacOS/Hard Drive Update 1.0 binary and a selection of strings:
    installEFIUpdater:
    %@/%@/hdfw.efi
    This computer is not connected to an AC power source.

    It uses an EFI application that will update the firmware on the drives (the AC line makes me chuckle, to think of what the battery life of a Mac Pro would be?! Obviously they used a template for this.)

    Inside hdfw.efi are strings that refer to Cygwin, interesting what platform they are using to develop this with: a Windows box emulating *nix
    C:\cygwin\home\Loki\Platform\Apple\Common\Application\ATAHDFWUtil\ATAHDFWUtil.c
    C:\cygwin\home\Loki\Platform\IntelMpg\AppleTools\Build\X64\ATAHDFWUtil.pdb

    Inside the Hard Drive Update 1.0.app/Contents/Resources/System/HDFW directory are hives of model names with single string files (FWAlias & FWCurrent) and the actual firmwares (FW01):
    ST3500641AS__P 3_BTD/FWAlias
    ST3500641AS__P 3_BTE/FWCurrent
    ST3500641AS__P_3_BTE/FW01
    ST3500641AS__Q 3_BTD/FWAlias
    ST3500641AS__Q 3_BTE/FWCurrent
    ST3500641AS__Q_3_BTE/FW01
    ST3750640AS_P 3_BTF/FWAlias
    ST3750640AS_P 3_BTH/FWCurrent
    ST3750640AS_P_3_BTH/FW01
    ST3750640AS_Q 3_BTF/FWAlias
    ST3750640AS_Q 3_BTH/FWCurrent
    ST3750640AS_Q_3_BTH/FW01

    Here’s an amusing edited list of strings :D
    0000000000000c96 Lube Event
    0000000000000d28 Virgin Sector Cleaned
    0000000000000e8f Enter DateOfBirth YYWW
    0000000000000eaa Enter 64Bit WorldWideName
    000000000000534c DRIVE HAS BEEN SET-STUFFED -%1
    00000000000058ca Invalid caller to SaveStuffToDisk()! Write not done! %x
    0000000000006c1a !! Going Offlimits !!
    0000000000006c31 Sleep?

    Sounds like a date gone wrong! You really should get the DOB before initiating a lube event on a virgin sector… *ahem* let me try and get back on track with a couple informative strings about the guts of the drive:
    0000000000012b4b Orig Code = BTG4H1 TONKA2_GX_4H1.0GC.0B9
    0000000000012e87 Built for GALAXY4D,PITKIN,Redback,TI1810 PreAmp,Agere7531 PreAmp,McKinleyDT,4Disk,220 Servos,7200RPM,8Pole,133MHz

    Well, enough spelunking I’m headed topside now.

    What’s in the Login & Keychain Update 1.0

    brunerd

    Login & Keychain Update 1.0

    The Login & Keychain Update 1.0 for Mac OS X 10.5 Leopard is recommended for all Leopard installations. It addresses issues you may encounter when:

      *Logging in with an account originally created in Mac OS X 10.1 or earlier that has a password of 8 or more characters.
      *Connecting to some 802.11b/g wireless networks.
      *Changing the password of a FileVault-protected account.

    What files does it affect?

    /System/Library/Extensions/IO80211Family.kext/Contents/PlugIns/AppleAirPortBrcm4311.kext/Contents/MacOS/AppleAirPortBrcm4311
    /System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/CodeResources
    /System/Library/PrivateFrameworks/DiskImages.framework/Versions/A/DiskImages
    /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/CodeResources
    /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices

    Brcm4311 meaning the Broadcom 4311 wireless chip
    I’m sure this is a stop-gap until 10.5.1

    What’s in the ATI Radeon X1900 XT Firmware Update?

    brunerd

    OK so there’s an update for the Radeon X1900 and we really don’t know what’s been improved…
    If you wanna know where the ROM is it’s here
    ATI Radeon X1900 XT Graphics Card Update.app/Contents/Resources/
    ATIFacelessFlash.app/Contents/Resources/R580Alopias_1.202_EBC.ROM

    And what’s in it? Pure binary. No symbol tables, no strings save for the the device number and copyrights….

    ATY,Alopias
    ATY,RadeonX1900
    113-A52027-202
    109-A52027-00
    01.00.202
    AMD Inc. All Rights Reserved. 2005-2007

    If we had the original ROM and this we could see what’s different then reverse engineer the binary! Whatcha think? :roll:

    Me thinks Apple and AMD/ATi should pimp themselves better for all their hard work…. unless it’s a bone headed bug they had to fix :lol:

    Mac Pro 10.4.10 AutoNegotiation Woes

    brunerd 2 Comments

    In case you didn’t know, MacPro’s with 10.4.10 are connecting at 10Mb speeds to 1000Mb switches and hubs… bummer :(

    So a kext is the culprit:
    /System/Library/Extensions/IONetworkingFamily.kext/
    Contents/PlugIns/AppleIntel8254XEthernet.kext

    In 10.4.9 it’s version is 1.1.7a3, in 10.4.10 it is 1.1.8a2, in 10.4.11 it is 1.1.8a6
    That doesn’t matter much really, but that’s the details.

    So you gotta roll back the kext:
    1. Get the 10.4.9 Intel Combo Updater
    2. Get OpenUp or Pacifist
    3. Open the DMG
    4. Show contents on the PKG
    5. Copy out the pax.gz file to the desktop
    6. un-Gzip the pax, and open that up (with Pacifist or OpenUp)
    7. Get the old IONetworkingFamily.kext
    8. Copy it into your /System/Library/Extentions

    Now, the ownership on the kext need to be changed to root:wheel or if you’re in Finder system:wheel
    Also, you should either delete the kernel caches or:
    sudo touch /System/Library/Extensions
    this changes the date stamp on the directory and OS X will recreate the kernel caches…

    And yes, the 10.4.11 seed update corrects this.

    Bonus Log files: These have been “prettied up” for readability, but you’ll see, 10.4.10’s driver is just spitting out Zer0s so the network switch/hub has no choice but to say “O K… I ‘ l l s p e a k s l o w e r t h e n…”

    10.4.9:
    Auto-Neg Advertise Reg (04d) = 0xde1,
    Link Partner Ability Reg (05d) = 0xc5e1,
    Gig Advertise Reg (09d) = 0xe00,
    Gig Link Partner Ability Reg (10d) = 0x7800

    10.4.10:
    Auto-Neg Advertise Reg (04d) = 0xde1,
    Link Partner Ability Reg (05d) = 0x0,
    Gig Advertise Reg (09d) = 0xe00,
    Gig Link Partner Ability Reg (10d) = 0x0

    10.4.11(seed, much prettier logging in this kext):
    Auto-Negotiation Advertisement Register (04d) = 0xde1
    Auto-Negotiation Link Partner Ability Register (05d) = 0xc5e1
    Auto-Negotiation Gigabit Advertisement Register (09d) = 0xe00
    Auto-Negotiation Gigabit Link Partner Ability Register (10d) = 0x7800
    PHY Specific Status Register (17d) = 0xaf48

    If this info from 10.4.11 is NDA well bite me, I think people should know it’ll be fixed in the future, right? :)

    What’s in the MacBook, MacBook Pro Software Update 1.0?

    brunerd 3 Comments

    Well they forgot to enable Journalling so they just have to turn it back on with this update. And after it runs the .dist file and makes sure you have the right machine, it runs this command:
    /System/Library/Filesystems/hfs.fs/hfs.util -J /
    You’ll find it in the postflight file. Besides that it installs a blank dummy file in /var/tmp, because otherwise a package will complain that it didn’t have anything to do!

    Anyhoo, to check to see if you have Journalling installed, there are many ways, but here’s the Terminal way:
    /System/Library/Filesystems/hfs.fs/hfs.util -I /