Tuesday, December 14, 2010

How To Create Icons for Mac OS X

SkyHi @ Tuesday, December 14, 2010

Ever wondered how to make your own Mac icons? Have you ever created an icon and had trouble making the icons fully transparent? If you answer either of these questions with a yes, then this tutorial is for you.

To complete this tutorial, you will need Adobe Photoshop (or any other image editor that will export transparent TIFF files), Xcode and CandyBar installed on your Mac. Xcode is Apple’s free software development kit. You should be able to install Xcode from your computer’s install disk or download it off Apple’s Website. It’s also important to note that the newest version of Mac OS X, Leopard has moved to a maximum 512 pixel icon sizes. CandyBar allows you to organize your icons.

Designing The Icon

Designing the icon is up to you and your imagination. Here is a list though of things to keep in mind when designing your icon.

  • Apple Human Interface Guidelines Apple has there own set guidelines and rules to which they expect icons to be created by.
  • Plan Your Icon For Scale Like designing a logo, you need to be able to scale your icon from 16 x 16 pixels all the way now to 512 x 512 pixels with Leopard. For the 16 pixel icon you may want to take out elements. For example, for my RSS icon, I’m eliminating everything but the orange rss button.
  • Leave Margins for Your Icon You don’t want one icon to outwieght the others because of it’s size.

Exporting The Icon

RSS Icon Icon Template

I’ve create an easy to use Photoshop Template just for mapping out each icon size. This way you don’t have to bother creating multiple size documents and what not. Simply drag and drop the icon layer(s) onto the template and the duplicate and resize according to each size on the template. At this time you may want to sharpen icons at smaller sizes to give them more definition. Remember: you can use Fade controls (located under the Edit menu) after using the sharpen filter.

Now that you’ve completely resized your icons and are ready to make them into an icon, hide the back drop layer. Then go to File >> Save As. You want to format the document as a TIFF file with the options, “Layers” unchecked and “As A Copy” checked. A TIFF Options dialogue box should appear after hitting the save button. It’s important to have Compression set to “None” and “Save Transparency” checked. This way, the icon comes out exactly as you intended.

Tiff Options

Important TIFF Settings to getting the best looking icon

Now all you have to do is duplicate the TIFF file four / five times (one for each size), and crop the file to elimante all other icons. Knowing where to crop the documents should be simple because the guides still remain from the Photoshop document.

Using Icon Composer & CandyBar

Icon Composer is located in the Applications >> Utilities in the Xcode folder. Once you’ve opened the application, creating the icon is easy as dragging the TIFF files over their appropiate sizes. Agree to Extract Mask when asked. Save a fresh ICNS file. The icon shouldn’t yet appear as the actual icon on the document. This is where CandyBar comes in handy. Just drag the .icns file into CandyBar and then drag out the icon image show in the application.

Icon Composer

Icon Composer is as simple as dragging and dropping the TIFF files on to its appropriate spot.

Exporting a TIFF, and not a transparent PNG file from the Export to Web menu proved vital especially when exporting transparent images. This particular icon, when made into an icon using an exported PNG file will cause the smoke coming off the RSS to pixelate. This pixalation is fixed though when exported a TIFF file with tranparency.

RSS Final



Monday, December 13, 2010

SuPHP - .htaccess to parse HTML as PHP

SkyHi @ Monday, December 13, 2010
In order to parse html files as php, add the following line to your .htaccess file:
AddHandler x-httpd-php .html

This is different than:
AddType application/x-httpd-php .html .htm
(Which will not work with SuPHP)

This can also be done with CPanel using the Apache Handlers link. Add the following entry:
extension: .html
handler: x-httpd-php

Thanks to Ed at LP Support for help with this!


Installing and Configuring suPHP on CentOS 5.3

SkyHi @ Monday, December 13, 2010
I’m deviating from my SCAP posts a bit. I was looking at better ways to secure sites when I stumbled on this.

What is suPHP?

suPHP will execute php scripts as the user you specify. This enhances security by not running scripts as the web server user (nobody) or as root (really bad idea). So even if there is a vulnerable php script installed, it can at most execute with the permissions of the non-privileged user you choose for it to use.

How does it work?

PHP scripts are interpreted by suPHP and suPHP then calls the php interpreter as the specified user and interprets the scripts as that user.

Why am I writing this How-To?

I have found several guides that *almost* get it done, but then there are a few details that you have to go hunt for. Hopefully this guide is easy to use and can get you set up on the first try.

Installation and Configuration

First Steps

There is an suPHP package in the RPMForge repository. You will need this installed. Follow the guide on the CentOS Wiki: http://wiki.centos.org/AdditionalResources/Repositories/RPMForge
If you follow each step for CentOS 5, it will work. I guarantee it.
The RPMForge package you will need is called “mod_suphp” and as of this writing, here are the package details:
Name       : mod_suphp
Arch       : i386
Version    : 0.7.0
Release    : 1.el5.rf
Size       : 597 k
Repo       : rpmforge
Summary    : Apache module that enables running PHP scripts under different users

Install The Package

yum install mod_suphp
This will install a few configuration files:
/etc/suphp.conf – This is the configuration file for suPHP itself
/etc/httpd/conf.d/suphp.conf – This is the configuration file for the suPHP Apache module

Edit the suPHP Config file – /etc/suphp.conf

There are a few lines that need changd to make this work.


Depending on what user you run your web server as, you may need to change this line.


This line must be modified to put double quotes around the value. suPHP will not work without it. You must also change it to use the PHP commandline interpreter, php-cgi. It should look like this:


The same applies with this line. Put double quotes around the value, so it looks like this:

Edit the suPHP Apache Module Configuration File – /etc/httpd/conf.d/suphp.conf

This file loads the suPHP Apache module as well as sets global configuration for the module. On my server, different sites (VirtualHosts) on my server have files owned by different users. To allow each user/VirtualHost to run PHP as their user, we do not enable nor configure suPHP globally. To skip global configuration, I comment out every line in /etc/httpd/conf.d/suphp.conf except the LoadModule line.
Configuration of the suPHP module will be handled on a per-VirtualHost basis in the httpd.conf.

Edit the httpd config file to set up individual VirtualHosts – /etc/httpd/conf/httpd.conf

suPHP usage is defined per VirtualHost. An unchanged VirtualHost directive will still execute PHP, but as the web server user. You can change this so PHP will not execute at all unless it uses suPHP, but I don’t do that in my config.
Below is my unchanged VirtualHost directive for http://www.packetsense.net:
ServerName packetsense.net
ServerAlias www.packetsense.net
DocumentRoot /home/packetsense/www/
ScriptAlias /cgi-bin/ /home/packetsense/cgi-bin/
ScriptAlias /cgi-sys/ /home/packetsense/cgisys/
SetEnv PHPRC /home/packetsense/etc/
ErrorDocument 404 /404.html
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fchris@packetsense.net"
ServerAdmin chris@packetsense.net
php_admin_flag allow_url_fopen off
You may not have all those directives defined in your config, but that doesn’t really matter.
To set a VirtualHost to work with suPHP, you only need to add 4 lines.
suPHP_Engine on
suPHP_UserGroup username groupname
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php
In my case, my files are owned by User: packetsense, and Group: packetsense.
My modified VirtualHost directive now looks like this:
ServerName packetsense.net
ServerAlias www.packetsense.net
DocumentRoot /home/packetsense/www/
suPHP_Engine on
suPHP_UserGroup packetsense packetsense
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php
ScriptAlias /cgi-bin/ /home/packetsense/cgi-bin/
ScriptAlias /cgi-sys/ /home/packetsense/cgisys/
SetEnv PHPRC /home/packetsense/etc/
ErrorDocument 404 /404.html
php_admin_value sendmail_path "/usr/sbin/sendmail -t -i -fchris@packetsense.net"
ServerAdmin chris@packetsense.net
php_admin_flag allow_url_fopen off

Finally: All that’s left is to restart the web server service.

Now: Test It

To see which user your PHP is running as, create a file in your web directory called whoami.php. Include this code:
echo "Output of the 'whoami' command:

echo exec('/usr/bin/whoami');
You should see something like this: Output of the ‘whoami’ command: packetsense

Common Problems

500 Internal Server Error

Check your /var/log/httpd/error_log. You might see something like this:
[Sun Oct 11 11:27:47 2009] [error] [client] SoftException in Application.cpp:249:
File "/home/packetsense/www/whoami.php" is writeable by group
[Sun Oct 11 11:27:47 2009] [error] [client] Premature end of script headers: whoami.php
In this case, just chmod 644 the file you’re working with. Alternatively, you can adjust the tolerance for file permissions by editing the /etc/suphp.conf file. Look at this section:
; Security options
Change them to true. Another cause of the internal server error might be if you did not change the interpreter line in /etc/suphp.conf from: x-httpd-php=”php:/usr/bin/php” to x-httpd-php=”php:/usr/bin/php-cgi”

Your PHP source code displays in the browser in Plain Text

Check your /etc/suphp.conf for proper quote marks and the php-cgi interpreter specified.

Problems with Sessions

If your scripts use PHP sessions, you may run into failures when PHP attempts to write to the /var/lib/php/session directory. By default, it is chmod 770, and owner is root, group is apache. I recommend adding your users to a phpsession group and then to chgrp the /var/lib/php/session directory to the phpsession group. I ran into this problem when trying to run PHPMyAdmin REFERENCES http://www.chrisam.net/blog/2009/10/11/installing-and-configuring-suphp-on-centos-5-3/ Secure Web Server with SuPHP  The suPHP Apache module together with suPHP itself provides an easy way to run PHP scripts with different users on the same server. It provides security, because the PHP scripts are not run with the rights of the webserver's user. In addition to that you probably won't have to use PHP's "safe mode", which applies many restrictions on the scripts. For example, if you have a Joomla installation it is not necessary to enable the unsecure ftp layer or give 777 permissions in directories to install components/modules. This suPHP RPM package is using paranoid mode so you can use suphp per-virtualhost and assign per-user permissions. Note: suPHP should only be used if you are using no CGI scripts or if all CGI scripts are run using suExec. wget ftp://ftp.pbone.net/mirror/ftp.freshrpms.net/pub/freshrpms/pub/dag/redhat/el5/en/x86_64/dag/RPMS/mod_suphp-0.7.0-1.el5.rf.x86_64.rpm For i386 the location is: ftp://ftp.pbone.net/mirror/ftp.freshrpms.net/pub/freshrpms/pub/dag/redhat/el5/en/i386/dag/RPMS/mod_suphp-0.7.0-1.el5.rf.i386.rpm rpm -Uvh mod_suphp-0.7.0-1.el5.rf.x86_64.rpm Do the following changes in the 2 suPHP configuration files: In /etc/suphp.conf Change loglevel=info  to loglevel=warn   #Otherwise it will flood the suphp log file Change umask=0077  to umask=0022 Change x-httpd-php=php:/usr/bin/php to x-httpd-php=php:/usr/bin/php-cgi Change allow_file_group_writeable=false to allow_file_group_writeable=true Optional: Change allow_directory_group_writeable=false to allow_directory_group_writeable=true In /etc/httpd/conf.d/suphp.conf Comment out the following 2 lines: AddHandler x-httpd-php .php AddHandler x-httpd-php .php .php4 .php3 .phtml so they will look like: #AddHandler x-httpd-php .php #AddHandler x-httpd-php .php .php4 .php3 .phtml Uncomment: suPHP_AddHandler x-httpd-php    # (Remove the hash mark from the beginning of the line) In your httpd.conf you need to add 2 lines to the virtualhost you want to enable suphp: suPHP_Engine on suPHP_UserGroup username group #This has to be a local user in the system who will be managing his docroot. If you have a Joomla installation you have to chown (change ownersip) of the docroot to user:user and use the correct permissions: chown -R user:user /path/to/joomladir cd /path/to/joomladir find . -type f -exec chmod 644 {} \; find . -type d -exec chmod 755 {} \;  Be sure to restart apache. REFERENCES http://beginlinux.com/server_training/web-server/1253-secure-web-server-with-suphp http://markus.revti.com/2010/03/installing-suphp-on-centos-5/ http://forum.parallels.com/showthread.php?t=84867 http://longvnit.com/blog/?p=95