How to stop Amazon Music Helper from running in the background OSX

After installing Amazon Music on my mac, I noticed this background task “Amazon Music Helper” running. I tried to kill it, it came back.

The fix I used was to remove execute permission on that file:

chmod -x /Applications/Amazon\ Music.app/Contents/MacOS/Amazon\ Music\ Helper

Then kill the process again and it shouldn’t come back.

I have bought music since then and find that all the features (that I use) work fine. This thing isn’t even needed!

Start a screen session as another user at system startup

Came across this technique to get a screen session started as another non-root user on system startup. You could have this command in /etc/rc.local or any other location that runs on system startup as root.

Also, it doesn’t have to just be at system startup. These commands could be used at any time by the root user to start a screen session for another user.

This command must run as root. I had best luck when providing full paths to the executable and optional file arguments (like if you are passing a conf file)

su - username -c "/usr/bin/screen -dmS screenname ./executable"

So, for example, to get irssi started as chris in a screen session named irc, You could:

su - chris -c "/usr/bin/screen -dmS irc /usr/bin/irssi"

You can then log in to the box as chris and resume the screen session that root started.

Apache Proxy with CORS headers

Here is a nice trick to add a proxy that your HTML5 application can use to connect to any remote proxy. Apache can proxy the API request while also injecting the CORS header Access-Control-Allow-Origin to that remote API reponse.

Requirements:
Apache mod_proxy
Apache mod_headers

# Proxy for BaseServer
<LocationMatch "/api">
   ProxyPass http://remote-server.com:8000/api/
   Header add "Access-Control-Allow-Origin" "*"
</LocationMatch>

http://enable-cors.org/server_apache.html

A botnet of browsers – websocket command and control

A botnet of browsers

socket.io is an amazing library which makes it very easy to use websockets. This library gives us real-time communication ability in the browser with very little code.

In this article, I go into an example of a potential misuse of socket.io. I explain how to create a Linux router, then to modify that router to harvest clients into the socket.io network. One web page, the command and control, can see everything. It could send JavaScript to all the clients at once (which is executed on the client’s browser). Or JavaScript could be targeted to individual clients as well. Every connected client’s document object model (DOM) and JavaScript fully accessible from one webpage – in real time.

This article is written for people already familiar with Linux, and Internet networking and security concepts.

Continue reading