Trapped In The Terminal — Mac Geek Gab 901

This week John and Dave find themselves trapped in the Terminal. Will your two favorite geeks escape? Press play to find out as they dig through a few Terminal commands, new and old, invoke some Shortcuts, talk about self-service repairs, empty the Trash, solve a draining battery, and more! You’re guaranteed to learn five new things or your money back!

Power Usage and iPhone Terminal — Mac Geek Gab 888

Today is full of Cool Stuff Found, tips, and questions, with focuses on your charging and power usage as well as seeing behind the scenes of your iPhone. Of course, there’s always more with your two favorite geeks, including third-party AirTags, migrating email, and maintaining your Mac! Press play and join John and Dave in learning at least five new things!

Update to Command Line App ‘a-Shell’ Can Force iCloud Downloads

a-Shell is a terminal app for iOS and iPadOS that supports Python, Lua, Perl, C, C++, TeX, and all Unix utilities. It received an update recently with even more capabilities: New commands: ffmpeg, ffprobe, unrar; ffmpeg is compiled to Arm64 and uses hardware acceleration for fast conversion; iOS won’t idle while a-Shell is running a command (good for long running commands); If you open an iCloud directory with pickFolder, a-Shell will download all files in this directory; New commands: downloadFile and downloadFolder, to force downloading iCloud files; Shortcuts: You can run small python scripts or ImageMagick (convert) commands in extension; Improvements to lg2: lg2 merge –abort, lg2 reset –hard, documentation fixes.

Buffer Overflow Bug Found in SUDO Dubbed ‘Baron Samedit’

Tracked as CVE-2021-3156, a heap overflow bug found in sudo and dubbed “Baron Samedit” has been found recently. It allows an unprivileged user to gain root privileges on a vulnerable machine using a default sudo configuration.

The vulnerability itself has been hiding in plain sight for nearly 10 years. It was introduced in July 2011 (commit 8255ed69) and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1 in their default configuration.

2020-02-03: Looks like macOS is affected after all.

This Terminal Command Can Bypass Mac Privacy Protections

A UNIX command line tool called “ls” can be used to bypass Mac privacy protections like TCC (Transparency, Consent, and Control) and the sandbox. This provides unauthorized access to file metadata in directories that are supposed to be protected

I continue to believe that macOS “security” is mainly theater that only impedes the law-abiding Mac software industry while posing little problem for Mac malware. It doesn’t take a genius hacker to bypass macOS privacy protections: calling “ls” is a script kiddie level attack.

It affects macOS Big Sur, Catalina, and Mojave.

‘SW-DL’ Shortcut Brings YouTube-DL to iOS

YouTube-dl is a command line tool that lets you download videos from websites, although it’s commonly used for YouTube as the name suggests. With a-shell, a terminal emulator I covered, it’s possible to install the downloader on your iPad and iPhone. Someone also created a shortcut for youtube-dl (Reddit post here, shortcut link below). Note that it currently crashes on the iOS/iPadOS 14 betas. It’s possible to install youtube-dl in a-shell with the command “pip install youtube-dl.” Since I’m running the betas, I’m going to tinker with using a-shell.

Meet ‘a-Shell’, an iOS Terminal Emulator With Vim Built In

a-Shell is an iOS terminal emulator that includes Python, Luna, JavaScript, C, C++, TeX. Transfer files using scp and curl, edit them with vim and ed, process them using grep, awk, and sed. It can be controlled via Shortcuts, like running commands in order, processing files, outputting results to text, and transferring files to other apps. Thanks to iOS 13 you can run multiple instances of a-Shell at the same time with different commands and inside different directories. App Store: Free