Finding a stolen PowerBook/iBook

Tue Jun 28 16:54:28 2005 EDT (-0400 GMT)

I made a post on Slashdot last night in response to a question about laptop security. The question was about Windows XP and I was only able to shared what I do on my UNIX based laptops (My PowerBook) — some how that got marked as a Troll. In any event, I got an eMail about my post:

I am curious, i’m soon to buy a Powerbook with interest of delving deeper into OSX than what the iMacs and Powermacs on my campus ( will allow me to do, and saw your blurb on the laptop security. I was hoping you’d give me a brief explaination of what’s goign on there, i understand you’re quietly appending a text file, but not sure with what and to what end. I would like to employ a similar setup with my system, that’s why i’m asking 🙂

Here’s what I had to share:

I got this running a few years ago, but I saw it in 2600 Magazine about 3 issues ago. The basic idea os your machine automatically calls up a web site with a unique name every hour. If your Laptop gets nicked you can hopefully check the logs on your server and trace it back to an ISP and hopefully they can tell you who has your laptop. That might not work so well, so what I would do is try to regain control over it while it’s online — I may not be able to get it come back to me like professor Frink’s autodialer, but I can at-least erase my files (another tip – turn on filevault) and use the say command to taunt the guy (you can type ‘ say go to hell ‘ in the terminal and the Mac will say whatever you tell it to).

OSX is the best part about a Mac, and one of it’s best features is it’s base of a UNIX-type operating system, named Darwin. UNIX/Linux/FreeBSD/Darwin all make use of a number of common, free, open source, tools for the basics of the operating system. One of these tools that all UNIXs share is a tool called cron that is used for scheduling tasks. Each user can schedule tasks, so long as they can edit their ‘crontab’ with the proper syntax. Here’s more info on cron:

One thing you will need, as the writer on Slashdot implied, is a web site with access to the logs. These logs show you who visited, the IP number, and what web browser they used. Without another machine with a web server, with logs you can read, this won’t work.

OK, so you’ve got your new shinny PowerBook setup and every thing else. Open the Terminal (Spotlight can find it for you) and type:

crontab -e

(for edit the crontab – in my example I fed in the -l for list my crontab )

Note – if there is no menu on the bottom read the *

Now you need to enter when this is to run, using the ancient standard for cron tabs: minute, hour, day of the month, month, day of the week. You can use wild cards like * to mean anything in this field is OK. So for the first minute of every hour forever enter:

1 * * * * 

after the time you need to enter in the command you want, in this case we want to use curl, a tool for getting files off the web. We want to tell it -s for be silent -f for fail silently and -A for append user agent, this is so you can have in your web server logs a user agent you’ll notice – like “My Laptop”, or in my case, “PowerMatt” and just to make this all REALLY silent, -o to send the output to the null device at /dev/null. You want this to execute silently so you don’t logs full of curl’s output. The last field is the URL to hit, so make someplace on your website that’ll be unique. That ONE line entry in your crontab should look like this now:

1 * * * *  curl -sfA    'My Laptop' -o /dev/null

Now hit ctl+X to quit, it’ll prompt you to save, say yes, and it should say that the crontab was installed successfully. Now just check those web logs and you should see your machine calling in once an hour.

In my example, I had

1 * * * * nice -n 19 curl -sfA    'PowerMatt' -o      /dev/null 

which was just an extra call to the nice application. It just tells the PC scheduler that this process is willing to play nice with others and allow them to go first, to the power of 19 (the max).

* If you don’t see an editor with a menu at the bottom then you don’t have nano as your default editor, you have vi. Which shouldn’t happen based on what I know about the default OSX setup, but just in case type :q to quit vi. Then type export EDITOR=nano. That’ll get you back on track — Google for the perminant fix.

Hope that helps, and thanks for the opportunity to share some knowledge.

One Response to “Finding a stolen PowerBook/iBook”

  1. Grobbers Says:

    hello. it’s a nice day for your ideas…