Sync Files Across Your Macs With Unison

Awhile ago I wrote about Bittorrent Sync, basically your own bittorrent network for syncing your files on your home network. I wrote about it because they included a PowerPC binary with their Linux downloads, but unfortunately their OS X client required Intel so if you wanted to use this on your PowerPC Macs, they all had to be running Linux.

This left me still out to sea. I use a mix of Tiger and Debian machines, so Bittorrent Sync ultimately wasn't for me (it's also closed source and unavailable for security auditing). So having tired of SFTPing my files around and expending brain power to keep all the versions straight, I went looking for another option, one like Bittorrent Sync where I could sync on my home network and without involving the cloud.

At first I looked at rsync, venerable I guess you'd call it, not old :), but that offers mirroring, not two-way syncing. Finally I stumbled upon Unison, an rsync-like utility that's exactly what I need, two-way syncing, and it's multi-platform--Windows, Linux, OS X, everything.

You can get Unison in command line form or as a GUI. The command line can be installed with Macports or Tigerbrew on OS X and is in the Debian repositories. Debian also has the GUI, unison-gtk. Does that leave OS X out of the GUI party? No sirree. Universal binaries for Tiger and Leopard have been made available here, and the thing to note is you need the same version on all computers. Meaning if you install 2.32 on Tiger from the previous link, you also must have 2.32 on every other system you're syncing with. Fortunately Debian makes multiple version available for just this situation, so now I have 2.32-12 on my Tiger laptop and 2.32-52-gtk on my Jessie system (the 12 and 52 don't matter).

Using Unison is as simple or as complex as you want it. You can start by using the GUI app and then graduate to the command line for more complex operations which you can automate with cron jobs. But for now I'll give you a quick rundown of getting started with the GUI.

First, it's recommended you move the folders you want to sync over to your target computer so you start out with identical folders. Then you start up the Unison GUI and create a profile. Here's an example for syncing my Tiger home folder with my Debian home folder on an iBook:



About the "Remote" part, note this is all done over SSH, so make sure you have Remote Login enabled in your OS X Sharing Preferences or have openssh-server running on Linux. Also note that SSH gives you rock-solid security (unless your password is "password"). For "Host", it could be xxx.xxx.x.xxx or your computer's hostname.

Now save it, but say you don't want to sync everything in your home folder. What if you only want Documents, Music, and Pictures synced? You could create a profile for each folder or mess around with symlinks, but a much better way is to edit your .prf file to define those paths. In OS X you'll find it in ~/Library/Application Support/Unison, and in Linux it's in ~/.unison. Here's a simple example of my "powerbook to icebook.prf":

# Unison preferences file
root = /Users/dan
root = ssh://dan@icebook.local//home/dan

# folders to sync
path = Documents
path = Music
path = Pictures

# filenames to ignore
ignore = Name .DS_Store
ignore = Name .localized

# save log file somewhere, anywhere but the home
# folder
logfile = /Users/dan/Library/Logs/unison.log

The first three lines were created when we saved the profile in the GUI, but the rest were added. In the second section, I define the paths of the specific folders I want synced (you don't have to write out the full path as the root is already defined in the first section), the third section tells Unison to ignore those hidden .DS_Store and .localized files in OS X, and the last section tells it where to save the log file (the default is your home folder).

The only trouble I had was with spaces in the folder names. Say if I wanted to enter "path = Pictures/vacation photos" it won't work. Adding \ or enclosing with quotes didn't work, either, so all I can think of is to add an underscore in those situations.

The procedure for all this is pretty much identical in the Debian GUI.

So now you want to get your sync on. So you start up Unison, double click your profile and perform the first syncing. Remember, you're starting out with identical folders, so the first sync is just Unison recording what's what. The only thing you have to note is the direction of the arrows. --> means local to remote and <-- means remote to local. Mark all changes by clicking the left-to-right arrow, then click the "Go" button and it should finish shortly. From then on Unison should only transfer the files that have been changed, and only the parts of those files that need updating. That way you're not uploading huge files when you just need to update small parts of them.

This is also really useful for syncing to a USB thumb drive. You wanna minimize the writes, right? When setting up a profile for that, you just use the "Local" option instead of "Remote" and enter the drive's path. There are a couple of cautions for us PowerPC users, though, in syncing to a USB drive formatted as FAT32. Unison will give you errors about permissions and resource forks, so you want to add the following lines to your thumb drive profile:

perms = 0
rsrc = false

These will tell Unison to leave out permissions and resource forks. And one more thing, when syncing make sure your drive is actually mounted, because if it isn't Unison will think the sync folder is empty and will attempt to delete your files. :o

Anyway, here are a few more links for further reading, including all about syncing more than two computers--star topology--and all that. Have fun!

Unison Manual
UNIX/Linux: HowTo Use unison File Synchronizer
File Synchronization with Unison
Unison - ArchWiki

A Debian Jessie Update

Since Wheezy turned stable, I've been running Jessie on a spare iBook with varying degrees of success/heartbreak, so I figured I'd throw in a progress report for those of you who are curious about upgrading (DON'T!!!!!!!!!!). I keeed.

It's actually been smooth running except for a few very slightly minor bugs. Like sound, for instance. Completely broken. I don't know if this affects every sound card, but mine isn't detected with the new kernel. Also, suspend to RAM has a very slight, minor bug. Also completely broken. I left two bug reports, No sound on PowerPC with Jessie upgrade and Suspend fails on iBook G3 Dual USB PowerPC, in case anyone wants to add to the crickets left by Debian's kernel maintainers.

Both of these problems can be dealt with, fortunately, by an easy workaround. If you upgraded from Wheezy to Jessie, you can boot into the previous kernel (3.2.0-4) by hitting tab at the second yaboot prompt and typing in "old". Afterward, sound and suspend should be back to normal. Incidentally, if you have several old kernels and need to boot into one specifically, the sixth post in this Ubuntu thread tells you how to edit /etc/yaboot.conf to achieve that.

I suppose those problems will be eventually fixed, but with the latest update I saw even worse news. Xserver-xorg-video-radeon was updated to a KMS-only version, meaning if you have a Radeon GPU and don't have KMS activated, it throws it back to the fbdev driver, meaning video playback will suck and you'll only see 8 bit colors. You can fix the 8 bit colors problem by passing the yaboot parameter "video=radeonfb:1024x24-32@60" at start up (replace 1024x768 with your native resolution). This is familiar to anybody who followed zen's guide to installing Lubuntu. However, this won't help you speed up video playback which, as mentioned, sucks with fbdev.

You can always activate KMS with the yaboot parameter "video=radeonfb:off", but there are downsides (along with the upside of enabling 3d). First, KMS breaks suspend on PowerPC and I found no indication work is being done to correct this. Also, your keyboard brightness keys may not work. But worst of all, when I tried enabling KMS on two of my machines, I got a black screen (iBook) and persistant system freezes after boot (Sawtooth). So KMS is totally unusable for me. So how do I get back my fast 2d desktop with decent video playback that I had with the old radeon driver?

Fortunately you can downgrade select packages. I'm sure there's a more elegant way by using dpkg, but here's my quick and dirty way of downgrading to the previous radeon driver. First, edit your /etc/apt/sources.list and change all the listings from jessie to wheezy. Then do a sudo aptitude update to update the repositories, then switch to a console and kill X with sudo /etc/init.d/yourloginmanager stop, and then (on one line):

sudo aptitude remove xserver-xorg-video-radeon

Aptitude told me it needed to remove two dependencies, xserver-xorg-video-all and xserver-xorg-video-ati as well, so I said fine and proceeded. Next, I reinstalled the drivers using the old wheezy repositories with (one line):

sudo aptitude install xserver-xorg-video-radeon xserver-xorg-video-all xserver-xorg-video-ati

There's one more step and that's to put a hold on the radeon driver, that is, to tell your package manager to keep it at that version and never upgrade it. I found the instructions for that at Not So Frequently Asked Questions, but it's basically:

sudo -s

to make yourself root. And then (on one line):

echo xserver-xorg-video-radeon hold | dpkg --set-selections

and to confirm the new setting:

dpkg --get-selections xserver-xorg-video-radeon

Finally you'll want to revert back to the Testing repositories by restoring your edits to /etc/apt/sources.list and running sudo aptitude update again.

Afterward when I did a full-upgrade to upgrade all my packages, the video-all and video-ati packages were upgraded, which I didn't care about, but the radeon package remained at its old version. Now when you startx or reboot, your desktop should be back to its old snappy self.

I should note here, you should be cautious about putting holds on packages. It's possible you can have a cascading amount of packages held back from upgrades as the dependencies on that original held package build up. But in this case with the radeon package it hasn't been a problem, but it's something to keep an eye on. I just made sure to save a note about how to hold and unhold packages from the above link.

One more snafu you should be aware of, the new gtk-3-0 update will break some themes causing gtk3 applications to quit immediately upon open. I'm not sure this is a bug that will ever be fixed since the problem is supposedly with the themes themselves. So if yours breaks, you can either wait for the theme maintainer to release an update or find a new theme (and given I hate all themes, except one which I find satisfactory but which is now broken, this is an unfortunate burden). --UPDATE: or you could take the gtk-3.0 folder out of your theme folder from ~/.themes and use gtk3 apps without a theme.

I didn't bother downgrading gtk-3-0 because it had too many dependencies. It would've gotten too weird.

So that's where Jessie is. I admit to being discouraged and depressed about it, especially on the graphics side. A few years ago I had this vision of Linux on PowerPC always getting better and better, but with support for older graphics cards being dropped left and right, and now this KMS-only business, it looks like we'll be patching together systems with sticks and chewing gum for the foreseeable future.

Maybe the Debian team can be convinced to realize they found perfection with Wheezy and to maintain it with security updates and backports for like the next ten years, or at least until our PATA hard drives burn out ;)

Protect Your Surfing Over Public Wifi

Welcome to Part Three in a series of posts on privacy and security. Before, we talked about Tor and email encryption to keep the NSA away, but today's post will deal with the threats hackers pose, and probably your biggest vulnerability point, surfing over public wifi. Anytime you take your shiny old Mac to a Starbucks and have people gawk at its heretofore undiscovered form factor, you're connecting to a public network susceptible to hackers sniffing for and grabbing all your clear text data. They can see your surf habits, grab passwords, email, or worse. But you still want to surf, right? The solution to all this is encapsulated in the phrase encrypt all the things.

Let's start with web traffic. The simplest and most basic thing you can do is install the Firefox add-on HTTPS Everywhere. This will enforce HTTPS encryption for all traffic on sites that support it. No more mixed encrypted/unencrypted pages. Your HTTPS sessions are fully protected.

Got email to send? Encrypt it, or you don't send it. It's really that simple.

If you're chatting, use OTR (off the record) encryption. Pidgin and Adium support it. There's also a Firefox add-on called Cryptocat that in theory looks awesome but suffered a slight scandal recently when it was revealed it had a huge security hole caused by a rookie mistake by the developers. So you may want to avoid that.

As long as we're talking about Mozilla browsers, TenFourFox and Iceweasel users might want to take steps to protect their passwords because, locally anyway, they're, um, completely unprotected. In a fit of jealousy and envy at your beautiful PowerPC Mac, some miscreant could steal it and have access to all your passwords with a simple trip to the Preferences. So go into Preferences --> Security and set a master password. We don't want to make it that easy for 'em.

All that's well and good, but what if you want all your web traffic encrypted, not just HTTPS supported sites? Here's where things get cool. If you have an old Mac lying around not doing anything, you could turn it into a headless SSH server. Then you can set up a SOCKS proxy and tunnel all your web traffic at Starbucks through an encrypted connection to your home server and then on to its ultimate destination. Hackers locked out.

Setting up a server is as simple as it gets. On Debian Linux, if it's not already installed, just install openssh-server and it should automatically run as a daemon. On OS X, go to System Preferences --> Sharing and click the checkbox next to Remote Login. And that's it! Your computer's now a server.

Now that that's set, let's open a tunnel from your obnoxiously chic coffee shop. In a terminal, enter:

ssh -CND 9999 user@hostname.com

where user is the username on the server machine and hostname.com is the server's ip address or a hostname you got from DynDNS or an alternative like No-IP or FreeDNS. You'll be prompted for the username's passphrase and you're in. It should be noted that for even better security, you can look into generating SSH public and private keys for passphrase-less login, but that's a bit beyond the scope here. Now leave the terminal window open and move on to configuring your browser.

Under Manual configuration, you'll want to set it to SOCKS host: 127.0.0.1, port 9999, SOCKS v5. Also, No Proxy For: localhost, 127.0.0.1. In TenFourFox, it looks like this (Preferences --> Advanced --> Network --> Settings):

(Note, to switch back click the "Use system proxy settings" button.)

To also prevent DNS leaks, go into about:config and change network.proxy.socks_remote_dns to "true." That way your DNS requests go through your proxy server as well. To plug DNS leaks in other applications, Privoxy is your best option.

In TenFourFox/Iceweasel, anyway, you're good to go. Or as hackers might see it, gvES R∆∂®456E Rkop∫∆®∂ßghZX∂ ≈߃®∆∆kj lytudGFø πµ˜ç√ß∂ß®dfew∫µˆ∆†¥ ƒƒçFGESR˚∆ƒ©ß®ƒç∫∆ NMFGçƒ∆¬∆˚FXgfgdzdx ∫√∂ƒ≈∂ƒGFFDRGHY©√ƒ∂ƒ©g

Encryption humor. Then when you want to terminate the session, hit ctrl-c in the terminal and you're out. To keep from having to switch your browser preferences every time, you can create a separate user profile or look into an add-on like FoxyProxy.

That takes care of encrypted web browsing, but what about encrypting all your traffic, HTTP, NNTP, Bittorrent, everything? For that you need to connect to a VPN (Virtual Private Network). There are some free ones, but for anything good you have to pay. On the client side, Tunnelblick still supports Tiger and PowerPC, so go over and download that if you want to give VPNs a try. On Linux, openvpn is both a client and server package from the command line. And there's gadmin-openvpn-client for a GUI.

And for the truly adventurous, you can eschew VPN paid services and set up your own VPN server on that headless Mac we were talking about. I tried to do this with OpenVPN, but so far I've struck out. If your kung fu is better than mine, you can install openvpn with Tigerbrew or MacPorts (the port is called openvpn2) on OS X or with your package manager on Linux. I'll leave some links on the subject that may be helpful or may just pull you in deeper.

Some Mac-centric instructions:
http://remonpel.nl/2012/02/set-up-an-openvpn-server-on-your-mac/

Get easy-rsa here:
https://github.com/OpenVPN/easy-rsa (the instructions in the above first link show easy-rsa is installed with openvpn, but in newer versions you have to install easy-rsa separately)

How to solve a certain error message:
https://ubuntuforums.org/showthread.php?t=2001055

Alternately, you can set up a VPN server on your DD-WRT router:
http://sriramk.com/ddwrt-pptp-vpn

OpenVPN's HowTo:
http://openvpn.net/index.php/open-source/documentation/howto.html

Apparently there's some extra setup to get OpenVPN to really really tunnel all traffic through the server:
http://blog.johnford.org/openvpn-tunnel-to-home-server/

Finally, on the theme of security, Cameron Kaiser passed on word of a jaw dropping security hole involving sudo in OS X. Fortunately the fix is simple, and you can read in his comments section on how to use vi or nano to do it. Seriously, you'll want to fix this.

Update on Tor Post

I just want to mention, I added an update with some important information to my Tor post below, in case you missed it.

And I'll just leave a link to my Encrypt Your Email on Your Mac post because for some reason Google won't index it. Conspiracy???

Encrypt Your Email on Your Mac

After you're done Torifying, as described in my last post, the next step in securing your online life is email encryption. As it's now common knowledge that our emails are basically government property, you'll want some technology on your side to keep your emails private when they absolutely have to be. The technology is called PGP, or Pretty Good Privacy. Most people can install it to work with their email clients relatively painlessly, but for PowerPC users, there are a few hoops to jump through first.

You're gonna need to install GnuPG. GPGTools used to be the go-to people for distributing OS X binaries, but they stopped developing for PowerPC, so we're gonna have to compile it ourselves, which requires XCode. You can then compile gnupg with Macports or Tigerbrew (see this Tigerbrew issue first), or roll your own following the easiest build instructions ever. Linux users can simply install gnupg with your package manager. Let me interject with a brief cautionary tale. If OS X users are thinking of installing gnupg2 instead, don't, unless you can work the command line to make gpg-agent play nice with Enigmail (UPDATE: Or maybe it's a pinentry problem. Hmmmm.). If you don't know what that means or don't care, stick with gnupg and you'll save yourself some serious hair-pulling.

Now that gnupg is nestled safe in one of our various /bins, it's time to start up our email client. This is where all of you are going to convert to Tenfourbird, you pissant holdouts, and use a client for grown-ups. You're gonna need the add-on Enigmail, but you can't install it the normal way 'cause it's not compiled for PowerPC. So you need to go to Tenfourbird's download page, pick up the Enigmail add-on for your processor, then install it by dragging it to Tenfourbird's Add-ons Manager (invoked by Tools --> Add-ons) or choosing "Install Add-on From File..." from the tool menu inside said Add-on Manager.

Linux users can simply install Enigmail with your package manager (I'm beginning to sense a pattern). If you're on Debian, you're using Icedove, and on Ubuntu it's Thunderbird, but Tenfourbird, Thunderbird, Icedove, they're all the same.

Now when you restart Tenfourbird, you'll see a new menu item, OpenPGP. This is where you create your public and private keys. You need one public key to share with your contacts and one private key to keep to yourself. Then you can start encrypting and decrypting like you're Julian Assange wanted by the world police. From the OpenPGP menu, select Preferences and make sure it's pointing to the correct gpg binary, whether it's in /opt/local/bin or /usr/local/bin or wherever. Close that, then from the OpenPGP menu, select Setup Wizard and from there it's pretty self-explanatory. By default it sets your keys to expire in five years, but you can change that later using gpg from the command line. In fact, you could do all this from the command line which would give you a better understanding of how all this stuff works. Anyhow, once the Setup Wizard generates your keys, you should export them to file for keeping in a safe place with OpenPGP --> Key Management and then right-clicking on your key and selecting Export Keys to File. It may also have been necessary to go into Tools --> Account Settings and select OpenPGP Security under your account to enable OpenPGP support, but I'm having a memory lapse.

In case of other memory lapses, check out this link and this one for more detailed instructions and with pictures, too. Of particular interest are how to exchange public keys and also how to revoke a key if you do something stupid like email your private key in an unencrypted attachment through a Gmail server (oops*).

Here I'll mention a few caveats. First, Tenfourbird had a GUI bug where the OpenGPG menu on the Compose window wouldn't show check marks by the "Encrypt Message" item after being selected, but the encrypt icon in the status bar illuminates and the "Encrypt Message" item in the main menu is correctly checked. So just be aware of that.

Also, Gmail users, or I guess IMAP users generally, will want to be very cautious of how your draft messages are saved. It should always prompt you to save a draft as encrypted, but if for some reason you hit the wrong button, your super-secret private message will end up unencrypted on a basically public server. Just to be safe, I have my client set to save all drafts locally like this (picture is of Tools --> Account Settings):

Also, some general Tenfourbird performance tips: checking "Enable Global Search and Indexer" in Preferences --> Advanced --> General will slow performance as it's indexing, so you can uncheck it if you don't want it. And if you don't want to download all your IMAP messages locally, uncheck "Keep messages for this account on this computer" from Account Settings --> Synchronization & Storage.

What about Mail.app, you ask? There's an old GPG plug-in you can download from Mediafire. GPGTools just revamped their website and took it down literally days ago. The plug-in won't work with the gpg binary in /opt/local, so you'd need to compile it yourself into /usr/local. In that case, you may need to generate your keys from the command line as I don't see a way to generate them through the plug-in. There's more on that from this page last modified in 2009, meaning it's very unsupported and you should probably move on.

For users who prefer a web mail interface, there's a couple of Firefox add-ons. One is WebPG which has "experimental" Gmail integration, and the other is Mailvelope which is in alpha, so alpha that you have to compile it yourself. But they both look very promising for the future.

All that said, I'm really impressed with Tenfourbird. I'd always clung to Mail.app when I was just downloading from a POP account, but when I started spawning several Gmail addresses, I made the switch and it handles everything great, including encryption. And you can even torify it with Jacob Appelbaum's TorBirdy add-on. And if you ever want to suppress the user agent from email headers, GHacks has a page about it right here.

*Lucky it was just practice.

Tor for Your PowerPC Mac

*UPDATE BELOW*

Awhile ago I wrote a post on Tor for Tiger, but since it's outdated it's time to update. In fact, I plan to follow this post with more privacy tips, including how to encrypt your email in Mail.app and TenFourBird. But for this post the focus will be on Tor.

Unless you've been under a rock, you know the NSA is collecting it all and seeking to keep permanent records of all your internet activity (cringe). While not alarming to most individuals in an immediate sense, just the awareness of all this cataloguing can have a chilling effect on how we think and act and can stifle a lot of the creativity and risk-taking that make a free society thrive. Unless you think East Germany was a model of creativity and innovation. Okay, they did use creative methods to win Olympic gold medals, but my larger point stands.

And it's not just the NSA. Many governments take a stalker's interest in what you're doing on the internet, and there are times when we need to protect ourselves. Case in point: bloggers. If you have something to say but are afraid of getting arrested (or sued), Tor will help you stay anonymous by running your traffic through proxies and masking your real identity, i.e. your IP address.

Normally the Tor Project recommends users download their browser bundle, which is the current Firefox ESR specially configured with Tor, but since they're no longer compiled for PowerPC, that puts us in a bit of a jam. Fortunately you don't need the bundle. You can just install Tor and configure your browser manually. On OS X you can install Tor with Tigerbrew or MacPorts. On Linux, just use apt-get or aptitude to install it.

For OS X, you start up Tor by entering tor in the terminal (you can also set it as a launch daemon on startup, though I've read tor has trouble regaining connections after OS X wakes from sleep). It'll give you a bunch of output messages as it establishes a connection, and once that's done, you can go to TenFourFox's Preferences-->Advanced-->Network and click the Settings button next to "Configure how TenFourFox connects to the internet". Select "Manual proxy configuration" (remember, to switch back click "Use system proxy settings") and for "SOCKS Host" enter 127.0.0.1 and 9050 for the port. Also, where it says "No Proxy for:" enter "localhost, 127.0.0.1".

Now you should be ready to browse anonymously, so go to https://check.torproject.org and it should say in bright green, "Congratulations. Your browser is configured to use Tor."

Good news, but it doesn't mean you're necessarily safe (see update below for additional information). There are certain precautions to take when using Tor, like running NoScript, which blocks all javascript by default. It was recently discovered that someone, presumably with the FBI or NSA, used a javascript hack to obtain Tor users' real IP addresses because they didn't have javascript disabled. That's fine for breaking up kiddie porn rings, but not so fine for the rest of us. So run NoScript. Also, do change your User Agent string. If it has Tiger or PPC in it, it'll make you stick out like a sore thumb. The default user agent for Tor Browser Bundle is currently "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/20100101 Firefox/17.0" and you can find how to change it in various browsers including Firefox here (or, more conveniently, there's the User Agent Switcher add-on). And one more thing, make sure Tor and your browser are updated.

On Linux, Tor automatically runs as a daemon after install, so you don't need to start it up in a terminal, but the TenFourFox instructions above apply to Iceweasel.

Also, you can set up OS X's Network Preferences to use Tor as a system-wide proxy for other applications by following steps 3 & 4 here, but I'm not sure how secure that is if the software we're talking about is no longer supported. You can torify TenFourBird by using the TorBirdy add-on instead.

Last thing I'll mention, if you don't want to use Tor all the time but want all your searches anonymous, one option is DuckDuckGo, but if you like Google better, there's Startpage. It gives you the same search results as Google, but it's done through a proxy so Google has no idea who you are. The plugin for your TenFourFox search bar is here, and many more search plugins are found here.

UPDATE: Apparently with the above TenFourFox/Iceweasel configuration, there is the threat of DNS leaks. The warning message is this:

[warn] Your application (using socks5 to port 443) is giving Tor only an IP address. Applications that do DNS resolves themselves may leak information. Consider using Socks4A (e.g. via privoxy or socat) instead. For more information, please see https://wiki.torproject.org/TheOnionRouter/TorFAQ#SOCKSAndDNS.

This can be corrected in TenFourFox and Iceweasel by going into about:config and changing network.proxy.socks_remote_dns to "true." This will force dns requests through the proxy and the warning will disappear. You could alternately install Privoxy and set it to use Socks4A like the warning recommends. This will protect you in applications other than your browser as well.

Incidentally, to avoid having to change all these preferences between Tor and non-Tor sessions, you can create a second profile in TenFourFox for just your Tor preferences/add-ons. I experienced a bug in the GUI Profile Manager, so I created a new profile in the command line with this:

/Applications/TenFourFox7450.app/Contents/MacOS/firefox-bin -CreateProfile Tor

where Tor is the name of my new profile, and TenFourFox7450.app is the name of the app in my Applications folder (yours may be different depending on your processor type). Now I have two profiles to choose from, default and Tor. To choose which one at startup, enter in the command line:

/Applications/TenFourFox7450.app/Contents/MacOS/firefox-bin -p

to bring up the Profile Manager window. Uncheck the "Don't ask at startup" box and the Profile Manager will appear every time you startup TenFourFox allowing you to choose.

There weren't any bugs in Iceweasel's Profile Manager, which you can simply invoke with iceweasel -p.

Make Animated Gifs on PowerPC

Since animated gifs are the weapon of choice in spreading internet memes around the world and aren't going away anytime soon, there's no reason for us PowerPC users to be left out in the cold. There are several applications that make animated gifs on Windows and Intel-only versions of OS X, but finding applications that do the job on PowerPC, particularly making gifs from video clips, is more daunting. Thankfully there are a couple of open source, cross-platform tools that we can combine to grab the video and then export as gifs, namely avidemux and GIMP.

First, download and install avidemux. On Debian, it's available in the deb-multimedia repositories. On OS X, you can download version 2.4.4 which works on Tiger from SourceForge (your choice of QT4 or GTK versions). Then follow the instructions on HOW-TO: Make an animated gif for using avidemux to extract a clip from a video file, specifically using the "A" and "B" buttons and then saving the selection as jpeg images. Hopefully you created a folder for them because it'll output dozens or even hundreds of jpegs.

Next step is to install GIMP if you haven't. On Debian it's in the official repositories, and Tiger and Leopard versions can be downloaded from this site. Then follow the instructions again from the above HOW-TO, using Open As Layers, maybe opening one out of every three or four frames, then do all the cropping and resizing you want, and export as an animated gif.

Done!

And for viewing gifs outside a web browser, there's Xee on OS X and GPicView on Linux.

Here's a quick sample I made. Feel free to repurpose: