Hacker News new | past | comments | ask | show | jobs | submit login
OS X Command Line Utilities (mitchchn.me)
517 points by AlexeyBrin on Aug 30, 2015 | hide | past | web | favorite | 202 comments

This article was nice, but it indicated that you need to change the system preferences in order to change the voice. It turns out that you can pass the -v flag to use a different voice, or "-v ?" to get a list of names.

So you can do

    say -v Samantha Help, I'm trapped in this castle!

    say -v Princess Help, I'm trapped in this castle!
But wait, it gets even better: The Mac comes with a number of voices for other languages, such as French, Hebrew, Chinese, and Arabic. And it turns out that the voices will work in English as well, using that country's accent. I just tried it with a few different languages, and was amazed by how well this worked, within reason:

    say -v Sin-ji  "Hello, I am Chinese.  What do you want to eat?"
    say -v Thomas  "Hello, I am French.  What do you want to eat?"
    say -v Carmit  "Hello, I am  Israeli.  What do you want to eat?"
And yes, I should get back to work...

Another fun one:

    say -v cellos dum dum dum dum dum dum dum he he he ho ho ho fa lah lah lah lah lah lah fa lah full hoo hoo hoo
Edit: 'In the Hall of the Mountain King' if anyone is curious.

There is also 'Pomp and Circumstance':

    say -v Good dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum
and Chopin's 'Funeral March':

    say -v Bad dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum dum

And yet another:

   say --voice='?' | perl -lane 'my $v = $F[0]; system("say -v $v \"Hi $ENV{'USER'}\"")'

Or just stay in the shell...

   for voice in `say --voice="?" | awk '{print $1}'`; do say -v $voice "Hello $USER, I'm $voice"; done

How do these work? Built-in patterns?

Those are awesome!

This is great, and the voices apparently only know how to speak English, and their own language!

That is, typing

    say -v Milena "Здравствуйте, меня зовут Milena.
Actually says, "Zdravstvuyte...", while typing

    say -v Bruce "Здравствуйте, меня зовут Milena.
Results in "Cyrillic capital letter 'Z'. Cyrillic small leter 'd'.", etc.

They don't actually know how to speak English. If you listen carefully, what they are doing is sounding out English using the pronunciation rules of their "native" language. It's not an accent at all, just a literal parsing using different rules.

That's precisely what ends up causing an accent, no? Using the sounds and pronunciation of your native language in another one, with different rules.

I don't think that Apple has created the World's Best Accent Impersonator here, but it's good for a few laughs.

An accent is when you do it occasionally and accidentally, not pervasively, the wrong way, every single time for every single sound. That's something else.

Two-part response.

1, the pedantic: technically none of them know how to speak English, or any other language - there's just a rule set for making phonemes based on characters out of waveforms.

2. Ignoring the pedantic response, I still don't think that's true - if that were the case, then Milena wouldn't be able to speak an English sentence!

    say -v Milena "Hello, I am Milena"
If they only speak their own language, then Milena should be saying "Прописная буква Х, строчная буква и", etc.

It's even more complicated than that: Some voices DO speak multiple languages, e.g. the German voice "Anna" (downloaded from System Preferences) speaks excellent German, English, Spanish, Italian, and French:

   say -v Anna 'über allen Wipfeln ist Ruh'
   say -v Anna '[[lang fr_FR]] que restet-il de nos amours'
   say -v Anna '[[lang it_IT]] chi nasce asino non muore cavallo'
   say -v Anna '[[lang es_SP]] nosotros tenemos mas influencia  con sus hijos que su tiene'
   say -v Anna '[[lang en_UK]] are we having fun yet?'

No, it doesn't speak Italian, for one 'chi' is pronounced like 'she' and not like 'ki'.

Hm, do you know how many speak languages that aren't "ascii"?

They actually do, but only if you also download the entire language packs for them.

It's not a question of handling languages but of handling scripts. I believe all voices can handle Latin, in addition to their native script (So Russian voices can handle Latin & Cyrillic, but English voices handle only Latin).

"Bruce" triggered the English response? That's a weird ML algorithm.

No, "-v Bruce" did (forcing the use of the "Bruce" voice, which is in English).

I must say...being a sysadmin with the ability to ssh into developers' laptops remotely in our domain...this is one of the more fun commands ;)

I hope that ssh'ing into anyone's laptop using your sysadmin credentials in order to play a prank is a fireable offense at your company.

Agree. Though until people never mess up their computers, we'll always need root. All super user interactions should be logged and audited, always. Not just "this was logged..." Which most people know means no one will ever look at it. But if everyone knew that was backed up with a call as to why that interaction happened with no associated case, etc.

You're in the minority then... My original comment has been downvoted quite a bit. It's strange to me that people think this is okay. If someone is willing to use that power for a prank, it seems to me more likely that they'll use it for... whatever.

I like a good prank. Leave your screen unlocked? You deserve the abuse you get. :) But accessing my laptop in this way is just creepy.

I don't agree with your logic and think you need a more nuanced sense of humor. Spying on someone remotely? Fireable offense. Remotely kicking off speech utils between people on a team once? Not so much.

Disclaimer: I have managed tech teams before. It is better to forgive then have knee jerk managerial reactions.

I guess I'll take the downvotes and somewhat agree with them; probably not as far as to say a fireable matter for the first offense. Definitely a strong and unambiguous warning/disciplinary action (repeat offender, however? Fired)

Sorry, I get office pranks but there's no reason to be doing anything on an end-user's workstation without their permission or consent that isn't maintenance or security related. I guess I lack a sense of humor, but I've also seen too many instances where a prank on someone's machine resulted in severely unintended consequences and breaches of trust that rippled through the team.

Just not worth it, IMO.

Sure, getting fired for doing it the first time would definitely be a bit strong. However, an admin who was regularly using his remote management capabilities to play pranks I would hope would be let go.

We agree on this.

...and jumping on someone's unlocked computer without authorization is different but OK? right...here's your sign

Jumping on an unlocked computer is more of an "equal opportunity" thing. Only a handful of people in a company (IT) have the ability to remotely manage employees workstations. That creates an imbalance of power that needs to be respected. Using it for pranks against people who don't have that power isn't really fair.

That said, I don't really find the whole "recursihoffing unlocked laptops" thing all that funny either, but it doesn't bother me as much.

Count me on your side (former admin--windows, alas). It always seemed to me to be kind of a bullying thing to do when the mark has less privileges as you. Seems like if they can't retaliate in kind, it's just not as fun. I'm sure there are people who have widely varying views on this, though.

> former admin--windows, alas.

Honest question, why the need to apologize for being a former Windows admin?

I, for one, neither wish ill will on people I don't know, nor do I wish a miserable workplace with uptight, excessively punitive policies on anyone.

I think you're right. But I also have the luxury to work in a company where not one except me has root on my work computer.

And I hope that I would get fired for a little rare, light-hearted humor as I wouldn't want to work there anyways. Chill out, winston.

> Chill out, winston

Please don't do this here. This comment would be fine with just the first sentence.

"Chill out, winston"

It's a British expression made popular by a movie. He is not calling out the guy by his first name.

Yes, I know. But telling someone to "chill out" is a jab and superfluous.

People do this kind of thing in online comments all the time, to make the other person look bad and rub in a little extra insult. Any one comment isn't much, of course, but they compound into a degraded discourse, and all of it goes against the civility we try to practice here.

Fair enough. I didn't want you to think he was doxing someone.

Ah, I see. Probably should've left Winston out of this :)

Imo the non-English voices speaking English aren't that useful as accented voices, because, at least for the Latin-alphabet ones, they're dominated by spelling-to-phonology mapping errors, like misreading diphthongs. It's an okay representation of someone who really speaks no English trying to sound out written English as if it were German, but it's not very similar to what a German accent in English sounds like, since a typical German accent isn't dominated by misreadings.

If it were open source you could probably get better results by hacking it up to parse in the "right" language and then only realizing the phonology in the "wrong" language, instead of both parsing and speaking in the "wrong" language.

just gonna leave this here...

  say -vjun "[[inpt TUNE]] h {D 100; P 233.08:0 233.08:100} OW {D 200; P 233.08:0 233.08:100} l {D 100; P 220:0 220:100} IY {D 200; P 220:0 220:100} f {D 100; P 233.08:0 233.08:100} AA {D 500; P 233.08:0 233.08:100} k {D 100; P 174.61:0 174.61:100} IY {D 500; P 174.61:0 174.61:100} n {D 50; P 174.61:0 174.61:100} g {D 50; P 174.61:0 174.61:100} S {D 100; P 155.56:0 155.56:100} IH {D 400; P 155.56:0 155.56:100} t {D 100; P 155.56:0 155.56:100} IH {D 200; P 233.08:0 233.08:100} t {D 100; P 233.08:0 233.08:100} s {D 100; P 233.08:0 233.08:100} AA {D 200; P 220:0 220:100} d {D 100; P 233.08:0 233.08:100} AY {D 500; P 233.08:0 233.08:100} n {D 100; P 174.61:0 174.61:100} OW {D 400; P 174.61:0 174.61:100} s {D 200; P 155.56:0 155.56:100} OW {D 500; P 155.56:0 155.56:100} r {D 200; P 155.56:0 155.56:100}"

This is how iPod Voiceover titles are recorded.

Which is rather lovely, because someone in Apple HQ has decided that the (London) band Saint Etienne must be French, and so Thomas faithfully reports that the current track is "Leek a Motorweh".

OMG the Dutch voice sounds perfect.

   say -v Xander "Ik houdt van appeltaart met slagroom in Scheveningen op zondag."

Except: s/dt/d/g


You can also use the voice from html5 but support is really shoddipy and buggy. Safari provided all the voices. Chrome not so much.


There's also some singing like voices.

`say` reminds me of the *SAY command that came with Superior Software's Speech! program for the BBC Micro. Software-only speech synthesis on an 8 bit micro with limited sound hardware was very impressive!

Awesome! I'll definitely use an American voice for recording a product video next time.

say -v Thomas "My English is very well."

pbpaste and pbcopy never really occur in ambiguous situations, so I wrote the following shell script:

  function clip { [ -t 0 ] && pbpaste || pbcopy }
This is easier to type and allows for the following:

  % echo hello | clip
  % clip

> function clip { [ -t 0 ] && pbpaste || pbcopy }

That's great! Would you please explain why that works? Are there any cases you know of where that doesn't work as expected?

Edit: btw you need a semicolon after pbcopy to make that function valid on one line.

I'm not the OP, but I'll give it a go.

`[` is a Bash built-in command also known as `test`. The `-t` parameter tells it to test if a file descriptor is open for `0`, which is also known as `STDIN`.

So if you're piping something into `STDIN` it will do `pbcopy`. If not -- it will do `pbpaste`.

from `man test`:

   -t FD  file descriptor FD is opened on a terminal
FD 0 is stdin I'd guess. Pretty clever!

In light of the recent interest in fish shell, the equivalent in fish is:

  function clip
    if not tty >/dev/null

Wow, that's really useful. For everyone who is as bad as me in bash, to actually use it put it like this in your bashrc:

function clip() { [ -t 0 ] && pbpaste || pbcopy }

I think you posted this because pasting the OP results in a syntax error. The problem is actually the list in the compound command needs to be terminated with a newline or semicolon. Both of the following are equivalent correct oneliners:

clip() { [ -t 0 ] && pbpaste || pbcopy;}

function clip { [ -t 0 ] && pbpaste || pbcopy;}

For Linux users, `xdg-open` is the equivalent of `open`. The latter exists on Linux, but it will open a socket.

There are a number of utilities that handle copy/paste, but `xclip` is probably the most widely used.

Screenshots can also be done a number of ways, but `scrot` is my favorite. The two most useful flags to pass with it are `-s` and `-d`.

As for `launchctl`, `systemctl` is what you want to use to do the same things.

Note that these equivalents all address the same functionality, but the syntax may be different.

I prefer maim [1] to scrot, you should maybe check it out if you didn't already know about it?

[1]: https://github.com/naelstrof/maim

Having discovered the usefulness of pbcopy/pbpaste on OSX, I'm simply amazed that the equivalent X utilities are not included by default on every major Linux distribution.

Different philosophy, partly motivated by the consideration that with a package manager the barrier to installing it really low. Personally I prefer to have as little installed as possible in the base system so that I can pick and choose what I want on top. Metapackages that install a large selection of stuff or distros that ship a ton of stuff by default drive me crazy. I don't mind it so much on a Mac as that's kind of part of the whole philosophy of OS X, but Linux (and friends) are in a different niche for me.

I'm sure some desktop distros do ship xclip by default though. Knowing the typical variety of Linux distros I expect there's probably even an Xclipbuntu, dedicated solely to showing off the latest xclip release (the users of which have a decade long feud with Xseldora).

I guess I should say I'm more surprised that something like xsel or xclip is not part of the standard x11-utils or what have you.

Oh yeah, I agree. Pretty sure the reason xsel or xclip isn't in x11-utils is that they are not part of the Xorg project. Obviously something with equivalent functionality should be there, but I guess the Xorg folks overlooked it and packagers don't want to stick in random stuff.

And for cygwin users, cygstart is the equivalent of open, getclip/putclip for copy/paste, and cygrunsrv is the closest equivalent to launchctl.

A key command is missing: textutil.

textutil is a general purpose front end to the core text engine and is one of the cleanest docx-to-html converters I've run across, with a bunch of file formats supported and charset encoding translations, metadata manipulation commands, and assorted juicy goodness for people who have to mess with word-processed text.

Ironically the only common-on-Apple document format it can't do anything with is that of Apple's Pages word processor ...

The followup post (evidently this was from last year) credits you with that addition.

(I was surprised by the lack of support for Pages, too.)

I would add caffeinate, which prevents the Mac from going to sleep. It can do this indefinitely, for a fixed period of time, or after a process is done running. You can even specify that process either as the PID of an existing process or by invoking it through caffeinate itself.

Recommend "Amphetamine" as an alternative. More features and kept up to date with bug fixes and improvements. I am not affiliated, just a happy user.

Can you explain why one might use this, versus just setting the machine to not sleep in System Preferences, in combination with not turning off hard disks, etc?

I still set my display to sleep, however. Am I missing something?

You may want your machine to go to sleep normally - e.g., when you leave it on your desk at home and go to sleep - but not when you're at a hackathon, and are running some process while you go and get a snack, or are presenting a video that requires no actual input from you.

ah, I see, a `selective` sleep. Makes sense, I am going to check this out. Thank you.

I found Hammerspoon effectively replaced this utility, and a host of others, with simple Lua scripts.


Thanks for that - I've been looking for something slightly more advanced than caffeine for a while and this is perfect!


I use this all the time, it's the GUI version presumably.

It uses the same underlying API. I use it too. It’s only on–off, though, so you have to remember to turn it off.

> It uses the same underlying API

I don't think so. For whatever reason Caffeine doesn't take a power assertion, as show by `pmset -g assertions`, whereas caffeinate does.

This is what prompted me to write Theine (https://github.com/lvillani/theine) to use the proper API for this task, since Caffeine would behave erratically with the lock screen active.

That’s odd. Do you have any idea what API they use?

`say` is one of my favorite little things about OS X. In a couple of my build script, I have throw in a couple random say commands if say is installed on the system. Everyonce in a while a Dev will ping me when their computer speaks to them.

I created a gist that says a random starwars quote in each of the systems supported voices.


I use it for reminders, too -- eg

    sleep 240 && say "tea done"
so I don't over steep my tea

This is a great intro. Here's my favorite OS X Terminal trick:

⌘. (command period) is a hotkey not defined in the menu for sending BREAK. This is automatically equivalent to ctrl+c in shells, ctrl+g in emacs and ESC in Vim. Similarly, ⌘K is short for clearing the screen. These are much more ergonomic than the standards on Mac laptops and wireless keyboards.

For those not already aware, cmd &. is the standard shortcut for "stop". Works for all sorts, from web page loads to Xcode builds.

How is cmd + K different from cmd + R and/or $ clear?

Using ⌘+K will not only clear the screen, but will also delete the scrollable history buffer in Terminal or iTerm2.

I find this useful before printing text that I want to search using ⌘+F.

$ clear is six characters, and you have to be on a new prompt first. ⌘R is a reset command, meaning it's for restoring a garbled terminal. ⌘K will keep your input on the line but clear other output, same as ⌃L but more pinky-friendly.

I can recommend using iTerm2 as the command line app. Apples Terminal has improved. But iTerm2 has a lot of handy features. A great terminal.


One nice application I've found of pbpaste is when I want to count things I find in a browser. For example, to count the (approximate) number of comments in this thread, you can copy all text using Cmd+A, Cmd+C, then run this:

pbpaste | grep ago | wc -l

In this case there are easier (and more accurate) ways, but in other situations you can use it to find the length of a list on the web where it would otherwise be harder.

pbpaste | grep -wc ago

is 0.3% faster and 1.7% more correct :-)

And if you'd like to use some of those utilities on GUI apps, don't forget the utility to bind them all: Automator.app. It'll let you interact with terminal and GUI apps in all sorts of interesting ways. For example, you could create a global keyboard shortcut to upload the selected text to a pastebin.

Remove unwanted formatting from text in the clipboard:

    alias pbclean='pbpaste | pbcopy'

I use Plain Clip for that: https://www.bluem.net/en/mac/plain-clip/. It’s a standalone Mac app that cleans the clipboard and then quits immediately. I can run it quickly with LaunchBar while I’m using a GUI app.

I wrote "write the clipboard to a temp file; open it in vim; when vim exits, if the temp file has been written, load it into the clipboard". Pretty convenient.

Also, (though not, I think, relevant to OS X), binding a key to move content between PRIMARY and CLIPBOARD on X Windows has been very nice.

Not exactly memorable, but glad that I discovered it eventually: "Shift + Option + Command - V" = Paste as Plaintext.

this is pretty cool, added it to my .bashrc

I'm surprised they didn't mention anything about the command line utilities to manage the mac's airport (scan for wireless networks, list network interface names, etc). I did a quick blog post about these a while back: http://blog.mattcrampton.com/post/64144666914/managing-wifi-...

my airport time machine backup often hangs and I have to restart the machine (via airport utility). I wonder... is there a way to tell it to restart via a similar type of command?

A nice complement to the command line "open" command is adding a shell launcher to OSX finder. I have some instructions how to do this here: http://www.win-vector.com/blog/2012/05/enhance-osx-finder/

Oh wow I've been looking EVERYWHERE for that. Thanks so much!

Also, a tip: an easier way to change the icon of any app/folder/anything:

1. Right click it -> Get Info.

2. Drag an app that has the icon you want onto the icon in top-left of the Info window. (e.g. drag the Terminal.app into the Info window and drop it on the icon: that script will now have the same icon as the Terminal.)

Nice commands. Also 'sips' for batch resizing images.

If you aren't on OSX you can try the following for a simple 'say' alternative. It has some great robotic/singing voices, too.


This was posted last year and did very well on HN [1]. I remember because it is literally the thing that got me interested in using the command-line as a power user...I'm embarrassed to say I hadn't really understood piping, but curling texts from Gutenberg into `say` was a fun introduction. Now I constantly use open, pbpaste, and pbcopy... learning about screencapture was also extremely helpful for my blogging and tutorial writing, as I've written a few wrappers around it to customize and optimize its output, including auto-uploading it and creating a snippet I can quickly paste into a blog post.

Great list!

[1] https://news.ycombinator.com/item?id=7747982

say -v cellos "Dum dum dum dum dum dum dum he he he ho ho ho fa lah lah lah lah lah lah fa lah full hoo hoo hoo"



I have a little local deploy script that runs this if it fails a smoke test:

say -v Bad "Deployment failed, server gave a bad response"

I have fond memories of discovering my college roommate's open SSH connection, and using "say" to great effect.

Back in the day you'd "telnet" into your friend's "Sun workstation" and cat an "aiff" to the "/dev/audio". How times have changed! :-)

The Sun 3/50's pixel buffer was world readable and writable by default, and in console mode had an area at the bottom not affected by scrolling. One could invert random horizontal bars across the screen, transpose the bitmap, or apply a sine wave to persuade the user the massive TV set on top of their workstation was broken. Or, fade text in and out as if the machine was commenting on the user's ineptitude. Much fun was had by all.

The first of these is easier as:

  open -a Safari

Agreed, I often use `open -a 'Google Chrome' ./index.html` or `open -a 'Google Chrome'`

I do the same so I aliased it to just "chrome", "firefox", etc.

I aliased Sublime to `sub`. Without args it opens the current folder as a project; with args it opens the file[s].

The officially-supported name is `subl`, by the way:


Huh. I clearly didn't research before I wrote my one-liner. This is certainly a little more ... documented. Thanks for the heads up!

mdfind also has a -name option that allows one to search for the query in the filename rather than contents.

Does anybody know of a good alternative to "at" on OS X? I know it's there but not enabled by default, I went through the paces required to activate it long ago but it something in Yosemite seems to have broken atrun and I can't find anything about it anywhere online.

Works for me. I would do an unload then load to see if it got messed up in the upgrade Yosemite.

  sudo launchctl unload -F /System/Library/LaunchDaemons/com.apple.atrun.plist

  sudo launchctl load -F /System/Library/LaunchDaemons/com.apple.atrun.plist
[edit: maybe check /var/at/at.allow]

Also dtrace and some of the included scripts like opensnoop are awesome.

Great list, some really useful commands.

One question: What's wrong with "locate"? It is really fast because the file system contents are indexed. As long as you understand that it's not going to pick up the latest new files without running "updatedb" (sudo/usr/libexec/locate.updatedb" in os x) first, it's much better than find if you're doing a quick search.

However, I didn't know spotlight has a CLI. Cool.

I prefer mlocate to locate, as it rebuilds the index in a flash by diffing and by paying attention to modification dates when traversing, so you can run its updatedb more frequently without a noticable penalty.

That said, mdfind is terrific -- it's index is, as you suggested, always upto date, and it doesn't just index file names, but also content.

I like to use mdfind for ack-style search over my whole system: https://gist.github.com/senderista/1246300

Given spotlight is getting more and more broken, I'd say give "locate" a try.

Oftentimes I'll have something on the clipboard, so pbpaste | grep is good. But sometimes the thing I want to search for is long, such that I don't want to type it for the grep.

Fortunately, pbpaste takes a -pboard flag for selecting a different buffer. So cmd-e some text to put it on the find pasteboard, then 'pbpaste | fgrep --color -i "`pbpaste -pboard find`"'

I usually have this aliased to 'pbg'

Sadly Xcode3's excellent merge tool seems inaccessible from the command line in Xcode4. Anyone have a fix? http://stackoverflow.com/questions/13163670/how-to-use-xcode...

    opendiff file1 file2
will invoke the merge tool.

It's also the default for git mergetool.

Non-case sensitive really bothers me with OS X

This is not actually an OS limitation, it is a default filesystem choice. The Mac supports multiple types of filesystems, including case-sensitive ones.

Having said that, I wouldn't reformat your boot drive to be case-sensitive because this isn't a common configuration and I'd expect 3rd-party apps to have problems.

What you can do is use Disk Utility to create a case-sensitive file system on a disk image, which gives you case-sensitive behavior when you really want it (and limited to activities on that disk).

Thank you I didn't know this. Then I will again asked why Apple is STILL on HFS+? If they actually moved to ZFS or any modern file format it really would help the developers world. Just seems that this is such a obvious need to be fixed that doesn't get any concern form Apple and most users/developers.

I'm not sure if there is an official explanation but a pretty good analysis of it is in John Siracusa's review of OS X 10.7 (Lion):



"Many a Linux power user has tried to use locate to search for files on a Mac and then quickly discovered that it didn’t work."

Rather, that it gives you instructions for getting it to work. How's a Linux power user getting by without following such instructions to turn on one of their favorite utilities?

I use: open vnc://myServer.local

It will open up the screen sharing app and connect for you :)

One of my favorite tricks when I learned it, because I was already in the terminal, no need to reach over for the mouse to remote into a wallboard via screen sharing.

Paging mods for headline change. I suggest, "OS X Command Line Utilities"

I would also change it, but your suggestion doesn't indicate if this is a comprehensive manual or a short introduction, apt for only-midly-technical folks.

I don't know if it would be worth the effort to enforce a more complete set of title guidelines, but having better titles would be nice.

I've documented many of these utilities here: http://ss64.com/osx/

Thank you for your site! When I first started using the shell, I found it useful for discovering new utilities. I still use it whenever I find myself on Windows and needing a cmd equivalent. :)

Anyone happen to know how he's getting archey output to be colour for the Apple logo? my iTerm and Terminal is just in white/black.

Probably using an alternate shell like zsh

bash (and others) can show terminal colors just fine, terminal colors are not zsh specific.

archey -c

thanks a lot, there was no man page for archery and --help didn't do a damn thing.

There is also `tmutil` to manage time machine backups, can be handy, especially in scripts.

#6 is the likes of what got us detentions in middle school

The "alphabetical list of all OS X commands" page this article links to is cute. :)

    say 'ay ay. ay ay. smoke weed. every day.'

I like do harmless pranks on coworkers who don't lock their computers

    yes "lock your computer, numbskull" | xargs say
Just repeats the phrase in a monotone computer voice over their headphones. I only do this to engineers, tried it on a PM once, never again.

Have you ever asked yourself if maybe you're just being annoying? I don't lock my computer. It'll time out and lock after an hour but I prefer to leave it unlocked.

That's pretty terrible opsec. It presents a risk to separation of roles / compartmentalization if a coworker can walk over to your workstation and have access to it, to say nothing of malicious access by somebody who shouldn't be in the office in the first place.

If locking your computer in the office is required opsec, then you have already lost. First, you shouldn't have random people walking around the office. Once someone has physical access the battle is already over. Second, rogue employees are still rogue employees, and an unlocked computer is the least of your worries.

With that said, I always lock my computer out of habit.

Not sure what size company you're working in nor what the requirements for opsec are their nor your privilege levels but it certainly does not mean you have already lost.

Security requires a threat model to rise above theatre. If there are operations threats to your organization, then you need opsec to mitigate those threats. Is China or someone else trying to steal your trade secrets?

If so, I would hope the responsibility for setting opsec policy isn't resting in one sysadmin.

> Is China or someone else trying to steal your trade secrets?

Or more prosaically, do you have any semi-confidential e-mail on your machine, that a coworker might fancy reading?

If you can't trust your coworkers not to go snooping on your machine while you're not there, then you should find a better job. Threat models balloon in complexity when you can't use tools like zones of trust and choke points.

I'd argue that the coworkers that are the most dangerous are the ones you do trust. :)

Then why have it lock at all? You must never have access to critical things like a bank account, source code, internal documentation of business ongoings. So basically if you have no sensitive information, by all means!

Sure I have. And so did everyone else in my group. If you can't trust the people who you work with... In the middle of the day someone will notice someone else using your computer. If no one does then the camera overhead will.

That's passive vs. active security. You can always go back and figure something out, but why allow for the potential at all? It's this type of attitude that continues to have developers ignore basic best practices around security when writing code.

It's all a series of defenses, the last one you should ever rely on is piecing together what happened by video camera... what happens when they install a root user, or ssh authorized key on your system and then do whatever they want at some other time?

"I don't lock my computer."

This is a fire-able offense where I work.

That's a metric I use to know when it's time to change jobs: if I can't trust the people around me not to mess with my computer (or there's too many people to trust the environment) then it's time to move on.

This seems like an insane metric. For any large enough organization that is difficult to identify who actually works for $company and who is there on "business" - and given that its rare for every developer to have a locked door, you can easily have a situation where a "guest" (maybe a software vendor, or partner, or friend of coworker) is on their way to the bathroom and decides to poke around on your machine.

Barring myself from working at an company with more than ~150 people (Dunbar's number) because I'm too pompous to lock my laptop doesn't seem like a metric one would be wise to follow.

> This seems like an insane metric. For any large enough organization that is difficult to identify who actually works for $company and who is there on "business" - and given that its rare for every developer to have a locked door, you can easily have a situation where a "guest" (maybe a software vendor, or partner, or friend of coworker) is on their way to the bathroom and decides to poke around on your machine.

This is like bricking up all your windows against thieves when you live in sleepy, low-crime suburbia.

Site security needs to have a balance between paranoia and practicality. For public-facing code, history has shown us that it's impossible to be too paranoid. If you work in national security, or your industry is known to be a target for industrial espionage, then certainly strong precautions are in order.

But if you're just building social media sites or whatever, and you're firing people because they failed to stand ever vigilant against the possibility that Bob the visiting vendor rep might stalk the corridors waiting for you to take a bathroom break so he can rifle through your code for exploits to sell to teh haxxorz, you are being absurd.

I agree. If you cannot trust your co-workers/employees to the point where every computer has to be locked when someone leaves their desk then it is time to move on. If there are rogue employees then the battle is already lost and a locked computer isn't going to slow anyone down.

I always make sure to change the operating system language to Chinese whenever somebody leaves the computer unlocked so that employees like you either leave the company or learn the basis of security.

That's a also metric I use when I choose service providers. If every employee is allowed to abuse any other employee's credentials to access my private data, move on.

On my team, you would surely say many things about ponies in our internal chat.

Seems like a harmless prank to me.

I think it's more fun with at...

What's with all the buzzfeed-level headlines making HN frontpage the past few days?

Not to say this isn't a useful list (for OSX users that is), but I can't possibly be the only one weirded out by this.

> buzzfeed-level headlines making HN frontpage the past few days

This is most likely random fluctuation a.k.a. sample bias, but if you know of any that didn't get corrected, please email them to us at hn@ycombinator.com so we can figure out why.

People post such titles all the time but we change them systematically. For example, we changed this one shortly after your comment. Normally we'd have replied to your comment then; probably the moderator didn't see it.

Users not in North American time zones do see more baity titles, though. We cover as broad a span of hours as we can, but it isn't 24.

Thanks - no, they all got corrected, you guys do great work :)

I think it's sample bias as well, just struck me because I rarely ever saw it before. Probably because they all get corrected very quickly.

Oh hi there! I'll probably get banned/downvoted for saying this, but what's up with the lazy web design? Ever think people might want to use your site on mobile? And have it be readable/be able to click upvote buttons?

The actual post is fantastic though. There are a million posts that give a one sentence description of the common unix utilities, but very few that actually give examples of when they are the most useful.

Check out http://bropages.org/ and https://github.com/tldr-pages/tldr

Both examples of community driven man pages with examples

This is great. Thanks for the link.

I'm assuming the HN post has been changed since your comment (it's now "OS X Command Line Utilities"). What was it before?

It was what the article's headline currently is on the site: Eight Terminal Utilities Every OS X Command Line User Should Know

HN is awesome in that way, allowing browsing the web without too many clickbait articles. I didn't even notice the blob post's headline cuz I came from HN.

Number 3 will BLOW YOUR MIND!

Great list, not a big fan of homebrew personally, or its creator who seems to be full of himself. I'd recommend pkg_src from joyent[0]. homebrew seems to have a lot of the hip webdev packages, but pkg_src and joyent's repository is the real deal when it comes to hardcore UNIX package management. Some friends have a nice bootstrap for pkg_src on OS X called saveosx[1], too.

[0]: https://pkgsrc.joyent.com/install-on-osx/

[1]: http://www.saveosx.org/

This seems to be somewhat ad hominem. Shouldn't software be judged by its own merits as opposed to those of its creator? (even if this is a big deal to you, Homebrew's creator seems to be not nearly as involved as he was initially).

I must disagree with your assessment that Homebrew is focused primarily on webdev. There is rarely any package (webdev-related or not) that I haven't been able to install with it. I'd venture to say that not once over the past 12 months have I had a single problem installing anything.

I'm also curious what pkg_src offers over Homebrew (and vice versa).

FWIW, I have no issues with homebrew, but I have used macports for many years and never had any issue. Especially now that it supports binary packages, I find it perfect for my usage.

I had tons of issues with macports over the years (e.g., emacs port was broken for months after 10.6 came out), but I think that was mostly a function of its smaller userbase and more difficult contribution system. Homebrew seems to have many more users and a far simpler way to contribute, so it's rare that I encounter a broken or old package.

Homebrew's creator hasn't been involved with Homebrew for nearly two years now.

I'd like to someday ssh into somebody's computer; run `say` with creepy texts. JFF.

Years ago at my old office we had a G4 tower that no one used. I set up SSH on it so I could use it for long running tasks without slowing down my local machine.

A coworker was on it doing the rare at the time Safari testing - usually only on client request. I sshed into it and ran 'say "Help, I'm stuck in the computer"'. My coworker was very very confused and I was cackling to myself. He still talks about it to this day.

As a longtime Mac user (as early as System 7) and aficionado of UNIX, I love OS X's CLI and its affordances. The linked article provides several well-packaged tidbits that might encourage users of other CLI-replete OS's to check out OS X.

More power.

However, I'm not a fan of the soft recommendation for Homebrew. I understand Homebrew places everything in `/usr/local` but software installs on Mac should generally conform to dragging and dropping bundles inside `/Applications`.

In my experience, requirements to install packages using Homebrew could be circumvented by searching for .dmg or .pkg equivalents. The benefit is that software so installed is much easier for intermediate users to track and maintain.

The /applications folder is for .app bundles; Homebrew mostly installs Unix binaries which are appropriately placed in /usr/local , just like many Apple-supplied binaries are in /usr. The two conventions work well side-by-side.

The vast majority of Homebrew packages are not available as .dmg or .pkg ; installing that way also is a huge PITA when dealing with a myriad of small developer tools that require dependencies, whereas brew manages all of that for you, including upgrades.

Though, wouldn't it be better if all software on Mac used the native package manner? Obviously in an ideal world...

If only the native package manager wasn't write-only for pkg installers. I use Homebrew for its `uninstall` command.

Wow, I had no idea... clearly I don't deploy software to my Mac often enough. NeXT had an uninstall, I assumed that carried over.

The pkg manager does track all the files it installs, so it's a trivial script to go "uninstall" them. Anyway, good reason to stick with Homebrew.

For the few formulas that create an app bundle (Homebrew deliberately avoids GUIs in general), "brew linkapps" symbolically links the bundle to /Applications; similar to the way it links things from /usr/local/Cellar/$formula/$version/bin to /usr/local/bin.

I think MacPorts is a much better tool than Homebrew with way more useful packages. It also installs itself into /opt/local by default so it doesn't conflict with other stuff in /usr/local and for actual OS X or X-Windows apps, it installs them in /Applications. Luckily, they can both live on one system if you're careful, as some people insist on providing only Homebrew copies of their software, which is a bit unfortunate considering that MacPorts is clearly the better system.

I found home-brew much more problematic and more significantly much slower when i last used it (a few years back now).

At this point I've given up on any of these "package managers" for OS X.

I've thought about starting a project (possibly with some support from my company, which focuses on Linux packaging) to provide a) a tool to download and install .pkg files, and b) a toolchain for more easily building .pkg files for the things that aren't available.

And I found Homebrew to be a "much better tool than MacPorts with way more useful packages" which to me is "clearly the better system" :) Been using it for the last 5 years and had many chances to compare both. See, it's all opinionated.

I thought that /usr/local was a widely accepted place on UNIX systems like OS X for user installation of UNIX applications and tools (which are usually command line utilities). /Applications on the other hand is where Mac-specific GUI apps are installed, right? You wouldn't clutter up /Applications with command line utilities like ffmpeg, ImageMagick, wget, youtube-dl, or sox, would you? Isn't this separation done by design?

Without something like Homebrew you don't get any current Unix tools (OSX shell is way out of date) or anyway to systematically update them. This is a big benefit that far outweighs any perceived benefit dropping bundles into /Applications. And you get some attempt at installation of dependencies.

What are current UNIX tools? OS X supports what is expected from a POSIX compliant OS.

I guess you mean BSD and GNU extensions to POSIX.

OS X ships outdated versions of Bash and Git for example. The 10.10.5 version ships Bash 3.2 and Git 2.3, while Homebrew gives you Bash 4.3+ and git 2.5+.

This is the usual mistake young generations do in regard to UNIX, neither bash nor Git are part of UNIX standard.

POSIX IEEE Std 1003.1, 2013 Edition defines sh as the shell.

There is no git in POSIX IEEE Std 1003.1, 2013 Edition.

Virtually every person who uses any modern Linux or OS X system expects bash to be installed and in the modern vernacular it can be completely and safely considered, in informal discussion, to be part of relevant Unixes. You knew exactly what he meant, but for some reason (and I won't speculate but it isn't a good look on you) you decided to be pedantic for the sake of being pedantic. You're not being helpful to anyone or anything and should stop, and you know it.

The majority of people who use Bash on OS X will not be using advanced features.

The people that are likely to use advanced features would also hopefully be aware of Bash's fragility/compatibility issues between minor versions, and thus wouldn't rely on it for anything like shell scripts.

So we're left with people who want to use advanced features and are doing so purely on machines they control.. So what stops them from either compiling their own bash, or using one of the third party package managers to install it?

It shouldn't be the job of a third-party package manager to do this. I want my vendors to stay up to date not just for feature purposes, but for security ones, too. (Remember how long it took Apple to get a Shellshock patch out there?)

But I have less of an interest in that than in discouraging jerkish pedantry.

A Unix derived operating system with a package manager (BSD Ports, Linux debian/apt or rpm) is way more powerful than one without. Half the time I am installing stuff I don't particularly like or want- but that is necessary to complete a project.

hahahaha I see you've never tried to use rsync on a Mac. Some (documented) command line options just DON'T work. They're in the manpage, but they don't do anything. There's lots of other little gotchas in other utils as well, especially when coming from Linux.

I don't like putting homebrew into /usr/local, because many other installers put stuff in there, often incorrectly, and it sort of acts as a bit of a dumping ground. I install to /homebrew and it works fine. homebrew bitches and moans about not being installed to /usr/local, but it's never been an issue for me -- probably because I use application level package managers (emacs cask, python, opam, &c.) rather than homebrew for those sorts of things.

I still hate homebrew, of course, because it doesn't handle dependencies well at all, but I'm not 100% ready to switch to nix. Maybe that can be my project for the week, actually.

I would expect that a significant percentage of unix packages would throw a fit if they had to live in their own subtree.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact