KSFetch Annoyance on Mac OS X 10.8 ML with ‘Hands Off’ or ‘Little Snitch’ Firewall.
来源:互联网 发布:奔富bin2 知乎 编辑:程序博客网 时间:2024/05/20 19:47
KSFetch Annoyance on Mac OS X 10.8 ML with ‘Hands Off’ or ‘Little Snitch’ Firewall.
So you have some firewall on your Mac OS X setup, and it nags about 4 times a day about wether you want to grant KSFetch access to the net. Thats the thing that has been bugging me for months and finally decided to figure out a way to sort out this little menace.
As it turns out, this is a common issue with an ongoing discussion in several places across the web, namely here and on here at google groups.
KSFetch is a process for autoupdating of any and all google products installed on your system. Chrome being one of the most popular. Unfortunately, KSFetch is recreated each time it wants to check for updates and placed in a new directory, part of which is randomised. The randomised part of it means your firewall won’t know of it every time a new one is created even though you may have selected ‘always allow’ or ‘always deny’ because its looking at the wrong directories due to the nature of the random string in each. This results in your firewall having a ridiculous list of KSFetch entries in it and a continual nagging from your firewall about wether to allow or deny.
Another aspect to the issue is that, not only can we not block programs that keep moving and re-spawning in new locations effectively in our firewalls but that it does it every single bloody hour as the default. Its insanity.
We have only but a few options. The first of which is to change the respawn time through a configuration option that is available for setting its spawn interval, the second option is to uninstall every single google product on your system. Great choice huh?
You cannot remove the updater apparantly because if you do, any installed google product you have will reinstall it. So basically your trusted google software is acting like a virus/malware. Awesome.
This is what you need to type into terminal to change the interval:
This one is for 24 hours.
$ defaults write com.google.Keystone.Agent checkInterval 604800
This one is for 7 days
$ defaults write com.google.Keystone.Agent checkInterval 4233600
The interval is measured in seconds, so thats the examples i gave above for some good defaults you could use, which should mitigate the annoyance and frustration of the issue. Ultimately though, google is at fault for implementing such a bizarre and incredibly annoying approach to solving a rather simple problem that stubbornly won’t play well with firewalls, won’t allow itself to be removed without removing all google products and that creates new instances of itself for each updater check.
Or, we use other solution in the following:
Little Snitch and ksfetch
Apparently a significant amount of Mac users has trouble with the Little Snitch firewall not understanding ksfetch. This is a different approach.
The ksfetch application is often associated with Google’s automatic updates when you are using (or previously used a version with a buggy uninstaller of) Chrome or Chromium. The trouble with this application is the following: it is placed in a subdirectory of the temporary directory, but each time this subdirectory is created, it has a different path name.
Little Snitch does not understand this. Because ksfetch has a different location every time, it assumes these occurrences of ksfetch are actually different applications, which all need their own set of firewall rules. The developers of Little Snitch could fix these problems by using application fingerprinting, but that’s probably not why you are here.
Now we know what the problem is, it’s actually easy to fix.
In the dialog box to add a new rule in Little Snitch, you enter the rule to deny all connections to any server on any port with any protocol. The application name is entered as “/tmp/*/ksfetch”. The asterisk is a wildcard, this actually tells Little Snitch: “Match all the applications called ksfetch, which are in any 1st level subdirectory of the top level directory tmp.”
This will probably only work using the newer versions of Little Snitch. If it doesn’t work: update!
Notice: this solution could still work for a lot of people, but support is discontinued because of time constraints. Leaving a comment is still possible. Solutions to common issues are:
- Updating Little Snitch.
- Updating Chrome.
You’re better off with Firefox anyways.
- KSFetch Annoyance on Mac OS X 10.8 ML with ‘Hands Off’ or ‘Little Snitch’ Firewall.
- Insert 10000 tuples with "SET AUTOCOMMIT OFF" or no ON ML
- MeeGo SDK on Mac OS X with VirtualBox
- OpenCV on Mac OS X
- OpenGL on Mac OS X
- Insert 100000 tuples with or without index on ML
- DML with or without Index on ML(use Random())
- Light on or off
- Compiling 64-bit FFmpeg on Mac OS X Lion or Snow Leopard
- Compiling 64-bit FFmpeg on Mac OS X Lion or Snow Leopard
- Fixing "There was a problem with the editor 'vi'" for Git on Mac OS X
- Installing JBoss Application Server 7.1 on Mac OS X with Eclipse Integration
- There was a problem with the editor 'vi' for Git on Mac OS X
- Mac OS X 10.8
- Driver development on Mac OS X (1)
- subversion 1.6.9 on Mac OS X
- dlopen memory leak on mac os x.
- IE on mac os x(snow leopard)
- 2013资格赛——桃花群岛
- AIDL初步
- 盒子游戏解题报告
- Java基础<十二>--->集合之map
- 大型商业网站的架构--淘宝网
- KSFetch Annoyance on Mac OS X 10.8 ML with ‘Hands Off’ or ‘Little Snitch’ Firewall.
- centos 6.4 更新源地址
- 动态规划——矩阵链相乘
- php文件的一些教程
- 根据jquery-file-upload简单写的一个工程(针对之前的简单实用指南)
- 分类器设计之线性分类器和线性SVM(含Matlab代码)
- 个人觉得,学习c语言,需要付出的努力,还真的要不少,只要懂基础,和学习那个思想,就成功了!
- 算法导论C语言实现: 分治策略 -- 最大子数组问题
- 找出字符串中最长的子串