Strange you mention Apple mail - my apple mail app under Leopard works just fine with no issues. dictionary is useless to me, as I have another app for that.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Other A proxy to fix HTTPS issues on old versions of OS X
- Thread starter Wowfunhappy
- Start date
- Sort by reaction score
If an email contains a photo from an https website, the photo won't appear. If this doesn't bother you, great! It bothered me a lot.
To this I can add that in M$ Office images in emails now appear most of the time. Not 100%, but still, a huge progress. Also iTunes, which had become unable to access and download a good number of podcasts, is now fixed in this respect.
I'm not keen at all on using Chromium (49.0.2623.112, which should be the last version to run under 10.6.8): to begin with, even when you launch it in Incognito mode, as I always do, it opens a non-incognito window in order to access its settings.
Take a look under "Advanced Settings/Privacy/Content settings.../Cookies/All cookies and site data…": you'll find a whole bunch of "Cache Storages" by Google that seem to depend on which countries you've ever used Chromium from (8, in my case). Press "Remove all", and then "Done". In the window you're back to, you may also check "Block sites from setting any data" and "Block third-party cookies and site data". Then go back to "All cookies and site data…", and, be surprised, you'll find that all of Google's “Cache Storages” are back in town as if you hadn't done anything whatsoever. Incidentally, while you're doing all of this, your firewall (Little Snitch, in my case) tells you that Chromium is madly attempting to access every Google URL under the sun. All of this without even having gone (browsed) anywhere.
Now, quit Chromium, then go to ~/Library/Caches/Chromium — you'll find one Default folder (1.6Mb in my case), and another folder named PnaclTranslationCache, with 5 files totaling 0.8Mb. Delete both folders, re-launch Chromium, repeat the procedure above, and you'll be interested to see that everything you had deleted is back in the Cache folder.
In other words, I don't dare to think what Chrome does to you, but Chromium is just as much of a Google tool — i.e. a tool at the service of Google. Which is why I use ArcticFox and SpiderWeb, with a VPN that has its own proxy settings: they let you decide what to keep and what to erase, and how much you feel like supporting external agencies spying on you.
I'm not keen at all on using Chromium (49.0.2623.112, which should be the last version to run under 10.6.8): to begin with, even when you launch it in Incognito mode, as I always do, it opens a non-incognito window in order to access its settings.
Take a look under "Advanced Settings/Privacy/Content settings.../Cookies/All cookies and site data…": you'll find a whole bunch of "Cache Storages" by Google that seem to depend on which countries you've ever used Chromium from (8, in my case). Press "Remove all", and then "Done". In the window you're back to, you may also check "Block sites from setting any data" and "Block third-party cookies and site data". Then go back to "All cookies and site data…", and, be surprised, you'll find that all of Google's “Cache Storages” are back in town as if you hadn't done anything whatsoever. Incidentally, while you're doing all of this, your firewall (Little Snitch, in my case) tells you that Chromium is madly attempting to access every Google URL under the sun. All of this without even having gone (browsed) anywhere.
Now, quit Chromium, then go to ~/Library/Caches/Chromium — you'll find one Default folder (1.6Mb in my case), and another folder named PnaclTranslationCache, with 5 files totaling 0.8Mb. Delete both folders, re-launch Chromium, repeat the procedure above, and you'll be interested to see that everything you had deleted is back in the Cache folder.
In other words, I don't dare to think what Chrome does to you, but Chromium is just as much of a Google tool — i.e. a tool at the service of Google. Which is why I use ArcticFox and SpiderWeb, with a VPN that has its own proxy settings: they let you decide what to keep and what to erase, and how much you feel like supporting external agencies spying on you.
I can test it later to see if it works.. from what i last saw a few months ago, Leo email was able to show the picture, and also Thunderbird.
I noticed that Squid doesn't start at login unless Dashboard is launched: both 10.7 and 10.9 are affected.
Last edited:
Huh, that's weird. If Squid isn't running that means the proxy isn't working, right? I haven't noticed that behaviour on my Lion machines (I also have Dashboard disabled on them), but I'll take a closer look later.
I always try not to write off reports but that really doesn’t make any sense, are you sure it’s not something else?
Pretty much. In Little Snitch Network Monitor I don't see the process "squid" right after login. 1 of the 2 scenarios occurs:
- I launch Dashboard which coincides with squid kicking in.
- In some hard cases, it won't launch at all until force restarted. With that in mind, I even created an Automator service (aka Quick Action) which uses the specific shell command.
How long have you waited before opening the Dashboard though? Remember that in addition to Squid’s own startup time and Apple launchd plumbing, there’s an additional, purposeful delay built into the LaunchAgent (which may need to be increased even further given your #2).
It far exceeds 15 sec time lapse. Also, later I discovered a command that can be used postponing shell command execution: it's called sleep. The basic usage is sleep 15. I doubt the pause is needed, though, at least in Lion.
man page
Less:
SLEEP(1) BSD General Commands Manual SLEEP(1)
NAME
sleep -- suspend execution for an interval of time
SYNOPSIS
sleep seconds
DESCRIPTION
The sleep command suspends execution for a minimum of seconds.
If the sleep command receives a signal, it takes the standard action.
IMPLEMENTATION NOTES
The SIGALRM signal is not handled specially by this implementation.
The sleep command will accept and honor a non-integer number of specified seconds
(with a `.' character as a decimal point). This is a non-portable extension, and its
use will nearly guarantee that a shell script will not execute properly on another
system.
EXIT STATUS
The sleep utility exits 0 on success, and >0 if an error occurs.
EXAMPLES
To schedule the execution of a command for x number seconds later (with csh(1)):
(sleep 1800; sh command_file >& errors)&
This incantation would wait a half hour before running the script command_file. (See
the at(1) utility.)
To reiteratively run a command (with the csh(1)):
while (1)
if (! -r zzz.rawdata) then
sleep 300
else
foreach i (`ls *.rawdata`)
sleep 70
awk -f collapse_data $i >> results
end
break
endif
end
The scenario for a script such as this might be: a program currently running is tak-
ing longer than expected to process a series of files, and it would be nice to have
another program start processing the files created by the first program as soon as it
is finished (when zzz.rawdata is created). The script checks every five minutes for
the file zzz.rawdata, when the file is found, then another portion processing is done
courteously by sleeping for 70 seconds in between each awk job.
SEE ALSO
nanosleep(2), sleep(3)
STANDARDS
The sleep command is expected to be IEEE Std 1003.2 (``POSIX.2'') compatible.
HISTORY
A sleep command appeared in Version 4 AT&T UNIX.
BSD April 18, 1994 BSD
Last edited:
I’m well aware of the sleep command; using osascript ensures that the system has booted up far enough that osascript can be executed (which does also mean it may take significantly longer than 15 seconds).
If anyone else can reproduce the problem, let me know, but for the moment I’m finding it very hard to imagine how the Dashboard could be involved, especially as Squid appears to be working for others who have the Dashboard disabled. 🤷♂️ But thanks for the report, as always!
If anyone else can reproduce the problem, let me know, but for the moment I’m finding it very hard to imagine how the Dashboard could be involved, especially as Squid appears to be working for others who have the Dashboard disabled. 🤷♂️ But thanks for the report, as always!
My question is why did Apple do this in the first place ? They could have kept active dictionary and dashboard.
...I think I can reproduce this, now that I've been on the road more often. Squid seems to get stuck sometimes after my laptop wakes from deep sleep, at which point it needs to be restarted.
Not entirely sure what to do about this at the moment, I'm not seeing a way to run a script after waking from sleep...
I eliminated that osascript delay command and it's been kicking in right away since. I'm not 100% sure it's the reason, though.
Ok, so the issue returned (Squid not running). I tried to relaunch Squid manually with
and got this:
I should add that usually happens after a hard restart. On Mavericks, the WiFi connection gets lost and for it to recover I have to turn it on/off, however, Squid's still dormant. The only solution is a soft restart which will then make Squid kick in. But I'd like to be able to do it manually in the event of the situation described in the 2 previous sentences.
Bash:
echo MYPASS | sudo -S /Library/Squid/squid -k restart
Bash:
2021/10/12 03:59:56| FATAL: getpwnam failed to find userid for effective user 'squid'
2021/10/12 03:59:56| Squid Cache (Version 4.15): Terminated abnormally.
CPU Usage: 0.011 seconds = 0.007 user + 0.004 sys
Maximum Resident Size: 14843904 KB
Page faults with physical i/o: 0I should add that usually happens after a hard restart. On Mavericks, the WiFi connection gets lost and for it to recover I have to turn it on/off, however, Squid's still dormant. The only solution is a soft restart which will then make Squid kick in. But I'd like to be able to do it manually in the event of the situation described in the 2 previous sentences.
Last edited:
And, on Lion Squid still filters traffic to iphone-services.apple.com despite being explicitly told not to both in the config file and Wi-Fi Proxy settings. Additionally, trying to restart it I get the warning about a non-configured hostname of my machine:
Also, is it normal that Activity Monitor shows 2 squid processes belong to my user?
Bash:
2021/10/20 04:06:08| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
2021/10/20 04:06:08| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
2021/10/20 04:06:08| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
2021/10/20 04:06:08| FATAL: getpwnam failed to find userid for effective user 'squid'
2021/10/20 04:06:08| Squid Cache (Version 4.15): Terminated abnormally.
CPU Usage: 0.032 seconds = 0.022 user + 0.010 sys
Maximum Resident Size: 18153472 KB
Page faults with physical i/o: 0Also, is it normal that Activity Monitor shows 2 squid processes belong to my user?
Last edited:
Yes.
I'm really trying to be mindful of the six stages of debugging (particularly stage 1 and 2), but at the moment I truly just can't imagine a lot of what you're seeing, it doesn't make any sense to me at all! That goes for this and the issue with Squid not restarting from the command line, etc.
Maybe I need to start compiling individual copies of Squid for each of the four major OS's (Snow Leopard, Lion, Mountain Lion, Mavericks) instead of just compiling on Snow Leopard? Perhaps trying to use MacPorts's Snow Leopard libcxx library on other OS's is causing super weird things to happen...
This issue drives me crazy and now even a system restart doesn't help. Go figure. These are configuration options:
Could you make smth out of them?
Code:
configure options: '--prefix=/opt/local' '--disable-dependency-tracking' '--mandir=/opt/local/share/man' '--sysconfdir=/Library/Squid' '--datadir=/Library/Squid'
'--localstatedir=/Library/Squid' '--libexecdir=/Library/Squid' '--with-swapdir=/Library/Squid/cache' '--with-pidfile=/Library/Squid/squid.pid' '--disable-strict-error-checking'
'--disable-loadable-modules' '--disable-arch-native' '--without-cppunit' '--without-gnugss' '--without-gnutls' '--without-libxml2' '--without-mit-krb5' '--without-heimdal-krb5'
'--without-nettle' '--enable-delay-pools' '--enable-follow-x-forwarded-for' '--enable-zph-qos' '--enable-removal-policies' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-log-daemon-helpers'
'--with-default-user=squid' '--disable-auth' '--disable-eui' '--with-openssl=/opt/local' '--enable-ssl-crtd' 'CC=/opt/local/bin/clang-mp-9.0' 'CFLAGS=-pipe -Os -arch x86_64 -arch i386'
'LDFLAGS=-L/opt/local/lib -Wl,-headerpad_max_install_names -arch x86_64 -arch i386' 'CPPFLAGS=-I/opt/local/include' 'CXX=/opt/local/bin/clang++-mp-9.0' 'CXXFLAGS=-pipe -Os -stdlib=libc++ -arch x86_64 -arch i386' --enable-ltdl-convenienceCould you make smth out of them?
Last edited:
This is output of the parsing parameter:
Code:
/Library/Squid/squid -k parse
2021/11/15 10:46:04| Processing Configuration File: /Library/Squid/squid.conf (depth 0)
2021/11/15 10:46:04| Processing: http_port 3128 ssl-bump generate-host-certificates=on cert=/Library/Squid/Certificates/squid.pem key=/Library/Squid/Certificates/squid-key.pem
2021/11/15 10:46:04| Processing: tls_outgoing_options cafile=/Library/Squid/Certificates/cacert.pem
2021/11/15 10:46:04| Processing: sslcrtd_program /Library/Squid/security_file_certgen
2021/11/15 10:46:04| Processing: acl local_addresses ssl::server_name_regex ^192\.[0-9]+\.[0-9]+\.[0-9]+$ ^10\.[0-9]+\.[0-9]+\.[0-9]+$ ^172\.(1[6-9]|2[0-9]|3[01])\.[0-9]+\.[0-9]+$
2021/11/15 10:46:04| Processing: acl loopback_addresses ssl::server_name_regex ^127\.[0-9]+\.[0-9]+\.[0-9]+$ ^::1$
2021/11/15 10:46:04| Processing: acl apple_domains ssl::server_name_regex ess\.apple\.com$ ^sw.*\.apple\.com$ myapps\.itunes\.apple\.com xp\.apple\.com iphone-services\.apple\.com comentarios\.apple\.com
2021/11/15 10:46:04| Processing: acl misc_domains ssl::server_name .pypi.org .pythonhosted.org
2021/11/15 10:46:04| Processing: acl excluded any-of local_addresses loopback_addresses apple_domains misc_domains
2021/11/15 10:46:04| Processing: ssl_bump splice excluded
2021/11/15 10:46:04| Processing: ssl_bump bump all
2021/11/15 10:46:04| Processing: acl fetched_certificate transaction_initiator certificate-fetching
2021/11/15 10:46:04| Processing: cache allow fetched_certificate
2021/11/15 10:46:04| Processing: http_access allow fetched_certificate
2021/11/15 10:46:04| Processing: sslproxy_cert_error deny all
2021/11/15 10:46:04| Processing: http_access allow localhost
2021/11/15 10:46:04| Processing: http_access deny to_localhost
2021/11/15 10:46:04| Processing: http_access deny all
2021/11/15 10:46:04| Processing: cache_log /dev/null
2021/11/15 10:46:04| Processing: access_log none
2021/11/15 10:46:04| Processing: logfile_rotate 0
2021/11/15 10:46:04| WARNING: MY_COMPUTER_NAME rDNS test failed: (22) Invalid argument
2021/11/15 10:46:04| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
2021/11/15 10:46:04| WARNING: MY_COMPUTER_NAME rDNS test failed: (22) Invalid argument
2021/11/15 10:46:04| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
2021/11/15 10:46:04| WARNING: MY_COMPUTER_NAME rDNS test failed: (22) Invalid argument
2021/11/15 10:46:04| WARNING: Could not determine this machines public hostname. Please configure one or set 'visible_hostname'.
2021/11/15 10:46:04| storeDirWriteCleanLogs: Starting...
2021/11/15 10:46:04| Finished. Wrote 0 entries.
2021/11/15 10:46:04| Took 0.00 seconds ( 0.00 entries/sec).
2021/11/15 10:46:04| FATAL: getpwnam failed to find userid for effective user 'squid'
2021/11/15 10:46:04| Squid Cache (Version 4.15): Terminated abnormally.
CPU Usage: 0.031 seconds = 0.022 user + 0.009 sys
Maximum Resident Size: 18317312 KB
Page faults with physical i/o: 4I think I might reconsider my earlier stance on this.Quick note that today, I found a program called Proxifier which say sit can send specific apps through the proxy, without applying it for the entire system. If it works, it would get rid of the remaining minor weirdness of using the proxy—namely that it can occasionally cause problems in apps that use their own certificate store instead of Keychain Access. Instead of adding the proxy to System Preferences, you'd add it only to problem apps that need it.
Proxifier Legacy Downloads
www.proxifier.com
Be aware that:
- As of this writing, I haven't tried it (need a free day)
- It costs $40 after a free trial
I'm sorry I haven't been more responsive. Whereas I had a lot of free time in 2020 and early 2021, I'm now enrolled in graduate school and somewhat buried by course work.
Can you think back through anything that has changed on your system? If the proxy was working fine before, and isn't now, something must be different. I'm afraid I don't have any idea what that could be.
Can you think back through anything that has changed on your system? If the proxy was working fine before, and isn't now, something must be different. I'm afraid I don't have any idea what that could be.
I'm not completely positive about the true cause making Squid falter but dare to suggest I figured out the reason why. The following considerations might be a helpful tip-off for others should they face the problem too:
On a different but related subject: iTunes 10 cannot connect to iTunes Store complaining about the Internet connection being inactive. Assuming Little Snitch readings are credible iTunes doesn't use a proxy by default. iTunes 10 makes connection to port 80 at ax.init.itunes.apple.com. Forcing iTunes to use a proxy with Proxifier made no difference whatsoever. Proxifier's log showed iTunes connecting through the proxy, however according to Little Snitch it still establishes a separate connection. However, pinging the domain in Network Utility showed my Mac is able to connect, it's just the app that isn't. Either they changed something so that the domain now rejects iTunes 10 requests, or (and this is an indirect consequence of the former, nonetheless), iTunes evades the proxy as Dictionary did before it was hacked to connect to Wiki servers, and the change barres me from access.
If there're iTunes 10 users, does its Store connect trouble-free?
- Make sure the ownership of squid.pid is you:wheel
- Make sure the ownership of /Library/LaunchAgents/com.wowfunhappy.squid.plist is root:wheel
- 15 seconds delay to start defined in the launch agent ⬆ is not necessary.
On a different but related subject: iTunes 10 cannot connect to iTunes Store complaining about the Internet connection being inactive. Assuming Little Snitch readings are credible iTunes doesn't use a proxy by default. iTunes 10 makes connection to port 80 at ax.init.itunes.apple.com. Forcing iTunes to use a proxy with Proxifier made no difference whatsoever. Proxifier's log showed iTunes connecting through the proxy, however according to Little Snitch it still establishes a separate connection. However, pinging the domain in Network Utility showed my Mac is able to connect, it's just the app that isn't. Either they changed something so that the domain now rejects iTunes 10 requests, or (and this is an indirect consequence of the former, nonetheless), iTunes evades the proxy as Dictionary did before it was hacked to connect to Wiki servers, and the change barres me from access.
If there're iTunes 10 users, does its Store connect trouble-free?
Last edited:
Squid still running w/out issue on my mini running snow leopard. As for itunes store it just recently broke on 10.5, 10.6 and 10.7 as well. Looks like apple made some changes unfortunately.
Cheers
Cheers
Interestingly, when going to ax.init.itunes.apple.com in Safari via http (which is what's implied by port 80 showing up in all network traffic control and monitor utilities such as Little Snitch and Proxifier) and got
Upon marking it as always trustable the connection is denied with the wording
Firefox Legacy outright blocks the access and won't offer any options to override at my disposal. Even adding the certificate to the list of exceptions in the certificate preferences won't allow it.
If it's all down to revoked certificates can it be hacked around to let the server think the peer uses a valid version of the certificate, I wonder?
When trying to open URL as "https" I get the certification trust alert
Upon marking it as always trustable the connection is denied with the wording
Firefox Legacy outright blocks the access and won't offer any options to override at my disposal. Even adding the certificate to the list of exceptions in the certificate preferences won't allow it.
If it's all down to revoked certificates can it be hacked around to let the server think the peer uses a valid version of the certificate, I wonder?