The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,571 other followers

Archive for the ‘Mac OS X / OS X / MacOS’ Category

Need to revisit osquery: SQL powered operating system instrumentation, monitoring, and analytics supports more platforms and also aggregates to central log locations

Posted by jpluimers on 2022/01/18

Almost two years ago, GitHub – facebook/osquery: SQL powered operating system instrumentation, monitoring, and analytics published from the automatic blog queue.

It was in the midst of my rectum cancer treatment, so I was glad the blog queue back then was still about 18 months deep.

This meant I looked into osquery in 2018, which I remember because I needed it on MacOS as I did not want to remember the syntax for MacOS specific commands on getting system information. It also coincides with how much my repository fork was behind: [Wayback: jpluimers/osquery commits/Archive: jpluimers/osquery commits].

Fast forward to now, the breath of systems I’m involved with has widened, so I was glad to see that Kristian Köhntopp mentioned it:

So time to try it again (:

The links he mentioned:

  • [Wayback/Archive] Welcome to osquery – osquery

    osquery is an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive.

  • [Wayback/Archive] Welcome to osquery – osquery: High Level Features
    The high-performance and low-footprint distributed host monitoring daemon, osqueryd, allows you to schedule queries to be executed across your entire infrastructure. The daemon takes care of aggregating the query results over time and generates logs which indicate state changes in your infrastructure. You can use this to maintain insight into the security, performance, configuration, and state of your entire infrastructure. osqueryd‘s logging can integrate into your internal log aggregation pipeline, regardless of your technology stack, via a robust plugin architecture.
    The interactive query console, osqueryi, gives you a SQL interface to try out new queries and explore your operating system. With the power of a complete SQL language and dozens of useful tables built-in, osqueryi is an invaluable tool when performing incident response, diagnosing a systems operations problem, troubleshooting a performance issue, etc.
  • [Wayback/Archive] osqueryd (daemon) – osquery
  • [Wayback/Archive] osqueryi (shell) – osquery
  • [Wayback/Archive] Aggregating Logs – osquery
  • [Wayback/Archive] AWS Logging – osquery

Main site: [Wayback/Archive] osquery | Easily ask questions about your Linux, Windows, and macOS infrastructure

Repository: [Wayback/Archive] osquery/osquery: SQL powered operating system instrumentation, monitoring, and analytics.


Posted in *nix, *nix-tools, Apple, Development, DevOps, Facebook, Infrastructure, Mac, Mac OS X / OS X / MacOS, Power User, SocialMedia, Software Development, Windows | Leave a Comment »

Patching ESXi so you can boot a MacOS virtual machine from it

Posted by jpluimers on 2022/01/13

This is totally opposite to yesterday’s Secure Boot post: [Wayback/] shanyungyang/esxi-unlocker: VMware ESXi macOS

macOS Unlocker V3.0.2 for VMware ESXi

1. Introduction

Unlocker 3 for ESXi is designed for VMware ESXi 6.5, 6.7 and 7.0

The patch code carries out the following modifications dependent on the product
being patched:

* Fix vmware-vmx to allow macOS to boot
* Fix libvmkctl to allow vSphere to control the guest

The code is written in Python as it makes the Unlocker easier to run and
maintain on ESXi.

| IMPORTANT:                                                                  |
| ==========                                                                  |
|                                                                             |
| Always uninstall the previous version of the Unlocker before using a new    |
| version. Failure to do this could render VMware unusable.                   |
|                                                                             |

2. Installation
Copy the distribution file to the ESXi host datastore using scp or some other
data transfer system. If you want to use the source version (i.e. from GIT) see
"5. Building" fist.

Decompress the file from the ESXi console or via SSH:

    tar xzvf esxi-unlocker-xxx.tgz

(xxx - will be the version number, for example, 300)

Run the command from the terminal:


Finally reboot the server.

3. Uninstallation
Open the ESXi console or login via SSH and change to the folder where the files were extracted.

Run the command from the terminal:


Finally reboot the server.

4. Notes
A. There is a command added called which can show if the patch is successful. It must be run from a
terminal or SSH session. The output should be:

smcPresent = true
custom.vgz     false   32486592 B

Note: The uncompressed size reported for custom.vgz will vary depending on the ESXi version.

B. The unlocker can be temporarily disabled during boot by editing the boot options and adding "nounlocker".

5. Building
If you want to use a version which is not availbale as a distribution (e.g. the code from "master" branch)
you need to first build the package.

Checkout the repository:

    git clone

(if you don't have git installed you can download ZIP archive from GitHub instead)

Enter the directory and build:
    cd esxi-unlocker

If everything went correctly the ouput should be:

    ESXi-Build for macOS

    Timestamping files...

    Creating unlocker.tgz...

    Creating esxi-unlocker-301.tgz...

The package you need to copy in the example above is esxi-unlocker-301.tgz (NOT unlocker.tgz!).

6. Thanks

Thanks to Zenith432 for originally building the C++ unlocker and Mac Son of Knife
(MSoK) for all the testing and support.

Thanks also to Sam B for finding the solution for ESXi 6 and helping me with
debugging expertise. Sam also wrote the code for patching ESXi ELF files and
modified the unlocker code to run on Python 3 in the ESXi 6.5 environment.

26/09/18 3.0.0 - First release
01/05/20 3.0.1 - Fix for ESXi 7.0
10/18/20 3.0.1 - Fix for ESXi 7.0 U1 (7.0.1)

(c) 2011-2018 Dave Parsons


Posted in Power User, VMware, Apple, VMware ESXi, Mac OS X / OS X / MacOS, Virtualization, ESXi6, ESXi6.5, ESXi6.7, ESXi7 | Leave a Comment »

I wish I had known “How to rename multiple files at once on Mac | iMore” ages ago

Posted by jpluimers on 2022/01/04

Coming from a Windows and Linux background, I was used that mass renaming files was a non-stock feature and getting it right usually a pain in the butt.

How glad I was to find out [Wayback] How to rename multiple files at once on Mac | iMore

Believe it or not, it used to be a real pain to batch-rename files on Mac. Times have changed and so have the names of those 15 files.

Prior to OS X Yosemite, there was no simple way to rename multiple files at the same time on the Mac. Some people set up Automator rules. Others tried workarounds to rename files in third-party apps. Finally, Apple realized our heartache and created a much simpler way to rename multiple files at once, and it’s only gotten easier as macOS updates continue. Here’s how to batch-rename files on your Mac.

The only mass-rename I regularly need is fixing typos or OCR errors in filenames: this means replacing certain text with another piece of text.

That’s this easy:

Read the rest of this entry »

Posted in Apple, Mac OS X / OS X / MacOS, macOS 10.12 Sierra, macOS 10.13 High Sierra, OS X 10.10 Yosemite, OS X 10.11 El Capitan, Power User | Leave a Comment »

Getting the primary IP address (plain and CIDR) on Linux and OS X, then nmap scan on the associated subnet

Posted by jpluimers on 2021/12/13

The below answer works on my Linux and OS X systems (each having multiple network adapters configured):

[WayBack] bash – How to get the primary IP address of the local machine on Linux and OS X? – Stack Overflow

ip route get 1 | awk '{print $NF;exit}'

For Linux, I have this bash function:

# note the ";exit" lists the first default route interface, as there can be multiple
function nmap-fingerprint_network_of_default_interface() {
        default_if=$(ip route list | awk '/^default/ {print $5;exit}')
        default_if_cidr=$(ip -o -f inet addr show $default_if | awk '{print $4}')
        nmap -sP $default_if_cidr

And for OS X this one:

# requires ipcalc
function nmap-fingerprint_network_of_default_interface() {
        default_if=$(route -q -n get default | awk '/interface:/ {print $2;exit}')
        default_if_address=$(ifconfig $default_if | awk '/inet / {print $2;exit}')
        default_if_netmask_hex=$(ifconfig $default_if | awk '/inet / {print $4;exit}')
        default_if_network_bit_count=$(ipcalc --nocolor --class $default_if_address $default_if_netmask_hex)
        default_if_cidr=$(echo "$default_if_address/$default_if_network_bit_count")
        nmap -sP $default_if_cidr

These are the variables used:

  • default_if: network interface of the default route
  • default_if_cidr: IPv4 CIDR of the network interface of the default route (see Classless Inter-Domain Routing: CIDR notation – Wikipedia)
  • default_if_address: IPv4 address of network interface of the default route
  • default_if_netmask_hex: hexadecimal IPv4 network mask of network interface of the default route
  • default_if_network_bit_count: number of set bits in the IPv4 network mask of the network interface of the default route

Links used to get the above functions:

I might have gotten away with a pure bash solution (see [WayBack] Bash script for calculating network and broadcast addresses from ip and netmask or CIDR Notation · GitHub or my post Getting your local IPv4 addresses, netmasks and CIDRs), but the above works and is way shorter, and easier to maintain.

In stead of ipcalc, subnetcalc can do the same calculations and also supports IPv6, so that is something for a future try:


Posted in *nix, *nix-tools, Apple, bash, Color (software development), Development, Mac, Mac OS X / OS X / MacOS, Power User, Scripting, Software Development | Leave a Comment » throwing ERR_CONNECTION_RESET and ERR_FAILED only on MacOS with Chrome (many versions)

Posted by jpluimers on 2021/11/22

This started somewhere towards the end of 2019, and the only solution that consistently is a full reboot.

Chrome (many versions) on MacOS High Sierra sometimes throws these errors only on

Failing solutions:

  • close and open new tab
  • kill and restart chrome

Searches tried, but no results yet:

This was not the cause: [WayBack] 913220 – Broken Gmail sign in with Chrome 71 and “Block third-party cookies” enabled – chromium – An open-source project to help move the web forward. – Monorail


Posted in Apple, Mac OS X / OS X / MacOS, Power User | Leave a Comment »

%d bloggers like this: