Jump to navigationJump to search


AAPL Apple macOS Mac OS X OS-X OSX Darwin darwin19 XQuartz Quartz Xcode



Install Xcode Command Line Tools.

xcode-select --install

Extended Attributes (xattr)

To see extended attributes in ls use the @ option.

ls -la@
xattr filename
xattr -l filename
xattr -c filename 

hidden files vs. hidden files vs. hidden files

The Finder in MacOS follows at least three different rules to hide files.

  1. The Finder will not display files that begin with a "." (dot).
  2. The Finder will not display files with their hidden flag set true.
  3. The Finder will not display files that have the hidden byte set in their extended attribute called

When MacOS creates systems directories such as ~/Library it will set both the hidden flag as well as creating a extended attribute with a hidden flag. It is unclear what the distinction is, but the Finder's behavior will be changed by either method.

You can get the Finder to show hidden folders by pulling down the Go drop down menu in Finder and holding down the option (alt) key. You may also configure the Finder to always show all files even if hidden by using the following command. Note, is an extended attribute on a file, whereas is a domain in the defaults system of macOS, so the defaults command below has nothing to do with extended attributes.

defaults write AppleShowAllFiles 1 && killall Finder

File flags are different than extended attributes. Use stat to show the file flags and chflags to change the flags.

$ stat -f '%#Xf %N' ~/Library
0x8000 /Users/nspurrier/Library
$ chflags nohidden ~/Library
$ stat -f '%#Xf %N' ~/Library
0 /Users/nspurrier/Library
$ chflags hidden ~/Library
$ stat -f '%#Xf %N' ~/Library
0x8000 /Users/nspurrier/Library

Use xattr to show extended attributes.

$ xattr -px ~/Library
00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

This turns off the hidden attribute. Then it turns it back on again. Then it copies the attribute from another file. It's tricky to set long, binary extended attributes like this, so often it's easier to simply copy the bytes from another file.

mkdir ~/Library-backup
xattr -wx "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" ~/Library-backup
xattr -wx "00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" ~/Library-backup
xattr -wx "$(xattr -px ~/Library)" ~/Library-backup

Follow this example to see how the Finder displays or hides files in various ways.

$ # Before starting this example you should have a Finder window open to your home directory.
$ #
$ # Library-backup will appear in Finder window.
$ mkdir ~/Library-backup
$ # Library-backup will disappear from Finder window.
$ xattr -wx "$(xattr -px ~/Library)" ~/Library-backup
$ # Library-backup will reappear in Finder window.
$ xattr -d ~/Library-backup
$ # Library-backup will disappear from Finder window.
$ chflags hidden ~/Library-backup
$ # Note that only "hidden" flag is set, not the '''''' extended attribute,
$ #     yet the Finder will not display the folder in the window.
$ stat -f '%#Xf %N' ~/Library-backup
0x8000 /Users/nspurrier/Library-backup
$ xattr -px ~/Library-backup
xattr: /Users/nspurrier/Library-backup: No such xattr:
$ # Library-backup will reappear in Finder window.
$ chflags nohidden ~/Library-backup
$ # Library-backup will disappear from Finder window.
$ mv Library-backup/ .Library-backup
$ # Library-backup will reappear in Finder window.
$ mv .Library-backup Library-backup

Now repeat the example with the Finder configured to show all files. Note that while it does show hidden files, it does not always show them in the same way as regular files. For some types of hidden files it shows them in gray. For other types of hidden files it will not indicate any difference.

$ # Configure Finder to always show all files.
$ defaults write AppleShowAllFiles 1 && killall Finder
$ # Finder will display .Library-backup as gray, but it will display.
$ mv Library-backup/ .Library-backup
$ # Finder will display Library-backup as not gray.
$ mv .Library-backup/ Library-backup
$ # Finder will display Library-backup as gray, but it will display.
$ xattr -wx "$(xattr -px ~/Library/)" ~/Library-backup/
$ # Finder will display Library-backup as not gray.
$ xattr -d ~/Library-backup 
$ # Finder will display Library-backup as not gray, despite the hidden flag.
$ # It will be indistinguishable from an ordinary file.
chflags hidden ~/Library-backup
$ # Return everything back to normal.
$ defaults write AppleShowAllFiles 1 && killall Finder
$ chflags nohidden ~/Library-backup

This is usually added to executable and disk images that were downloaded from a network.

smart quotes, smart dashes, automatic spelling correction are all stupid

Turn all this crap off.

defaults write NSGlobalDomain NSAutomaticDashSubstitutionEnabled 0
defaults write NSGlobalDomain NSAutomaticQuoteSubstitutionEnabled 0
defaults write NSGlobalDomain NSAutomaticSpellingCorrectionEnabled 0
defaults write SmartQuotes 0
defaults write SmartDashes 0
defaults write NSGlobalDomain AppleShowScrollBars -string "Always"
defaults write DateFormat -string "EEE MMM d  h:mm:ss a"
defaults write ShowPercent "YES"
defaults write AppleShowAllFiles -bool true
defaults write NSGlobalDomain AppleShowAllExtensions -bool true
defaults write ShowStatusBar -bool true
defaults write QLEnableTextSelection -bool true
defaults write _FXShowPosixPathInTitle -bool true
defaults write FXEnableExtensionChangeWarning -bool false
chflags nohidden ~/Library
defaults write DSDontWriteNetworkStores -bool true
# This is necessary to actually get the menuextra bar to refresh its display.
killall SystemUIServer -HUP

image a disk using `dd` on MacOS

Using dd on MacOS is basically the same as any other UNIX, but unmounting the disk first is a little different.

diskutil list

There's a difference between these two, but I forget the distinction. I believe that the second one is more comprehensive, but the first is what the umount command suggests using instead.

diskutil unmount /dev/disk2
# or
diskutil unmountDisk /dev/disk2
dd if=/dev/disk2 of=disk.img bs=1m conv=noerror,sync

Turn off multi-touch swipe navigation for history in Chrome

This is a stupid feature. It wouldn't make navigation all that much smoother even if I did use it often, but most often it gets triggered accidentally while multi-touch scrolling, which is a feature I use on almost every page.

defaults write AppleEnableSwipeNavigateWithScrolls -bool FALSE

Missing keys

[Ins] (insert key and shift-insert)
To paste the X11 clipboard use [shift][fn][return]. The plain insert key is [fn][return], but just about the only thing I use it for is to paste X11 selections, so [shift][fn][return] is usually what I'm looking for in this note.

Stupid MacOS Photos Export Original Error "couldn't be copied because you don't have permission to access"

You get this error when trying to export original photos from Apple Photos.

couldn't be copied because you don't have permission to access...

For some reason Photos seems to export as the staff user, so your destination directory must have group read/write/execute permissions.

chmod -R g+rwx ${TARGET_DIRECTORY}

The directories preceding ${TARGET_DIRECTORY} may also need to have RWX group permissions set.

Message App Forensics on when working with iTunes iPhone Backup

See also the blog of this guy, Rich Infante, here:

When you do a full manual backup of your iOS device the Message App's Sqlite datafiles are renamed with a long hexadecimal hash. The backups are stored in a separate directory for each iOS device you manage through iTunes. The backup files are stored under: ~/Library/Application Support/MobileSync/Backup/396f2f99f15127b8d921798f266a39b7342f560a/3d0d7e5fb2ce288813306e4d4636395e047a3d28. That second-to-last hexadecimal number is the hash for the iOS decide backup directory. The number will be different for each device you manage through iTunes. That last hexadecimal is the name of the SQLite database file that stores the message text and metadata, so you want to look for this name when searching for backups.

find ~ -name "3d0d7e5fb2ce288813306e4d4636395e047a3d28"

Further, you can look at the tables to check that they have the same table schema you would expect.

select count(*) from sqlite_master where name in ('message', 'chat', 'attachment', 'handle', 'message_attachment_join', 'chat_handle_join', 'chat_message_join');
count(*) = 7

First, find all the SQLite databases that you can.

find . -print0 | xargs -0 file | grep -i "sqlite" | awk '{print $1;}' | sed -e 's/:$//'
# or
find . -print0 | xargs -0 file | grep -i "sqlite" | sed -E 's/^([^:]*).*/\1/'
find . -print0 | xargs -0 file | grep -i "sqlite" | awk '{print $1;}' | sed -e 's/:$//' | xargs -J % sqlite3 % "select count(*) from sqlite_master where name in ('message', 'chat', 'attachment', 'handle', 'message_attachment_join', 'chat_handle_join', 'chat_message_join');"

There are various applications that can be used to export text messages. One that is simple and free is found at --input ~/Library/Application\ Support/MobileSync/Backup/396f2f99f15127b8d921798f266a39b7342f560a/3d0d7e5fb2ce288813306e4d4636395e0]47a3d28 > ~/Desktop/sms.csv

Hash file names

Where do these hash filenames come from? They are formed by taking the SHA1 of the full path to the file on the iPhone. It's a little more complicated because the paths are put under domains. For example, the text message chat database is called "sms.db" the path on the iPhone is "/Library/SMS/sms.db". That's under the domain, "HomeDomain", so with some string substitution the iPhone path gets turned into "HomeDomain-Library/SMS/sms.db". Now to get the SHA1 for that you can use the MacOS utility, 'shasum', as follows (note the -n option on 'echo'):

$ echo -n 'HomeDomain-Library/SMS/sms.db' | shasum
3d0d7e5fb2ce288813306e4d4636395e047a3d28  -

Now when you dump the sms database you will see attachments with file paths. You can figure out where these are in the backup directory by generating the SHA1 hash for the file name, but remember to substitute the domain in front of the path, but in this case attachments are under the Media domain, so substitute 'MediaDomain-' before the path. For example, if the path given in the attachment column of the sms.db was given as '~/Library/SMS/Attachments/74/04/8203B8D7-E95C-4DAA-ADF0-0C84B96F7909/' then the path used to calculate the SHA1 would be 'MediaDomain-Library/SMS/Attachments/74/04/8203B8D7-E95C-4DAA-ADF0-0C84B96F7909/'. Now calculate the SHA1:

echo -n 'MediaDomain-Library/SMS/Attachments/74/04/8203B8D7-E95C-4DAA-ADF0-0C84B96F7909/' | shasum
8717558df3f8403b13db9df5c5316cf7239d74ea -

So now you should be able to find the file, 8717558df3f8403b13db9df5c5316cf7239d74ea under the backup directory:

$ find ~/Library/Application\ Support/MobileSync/Backup -name "8717558df3f8403b13db9df5c5316cf7239d74ea"

Message App Forensics

See also the script SMS_Backup_for_iPhone that works with iPhone backup files.

Messages are stored under ~/Library/Messages/chat.db. Note that there may be some other sqlite3 files in the same directory, chat.db-shm and chat.db-wal. DO NOT OPEN THE CHAT.DB WITH AN SQLITE CLIENT! The database may have been shutdown with deleted rows. The rows may be recoverable, but an sqlite3 client may trigger a vacuum process which will garbage collect deleted rows. Alternatively the client may trigger the WAL to overwrite the chat.db, so previous values of records may be lost. The best thing to do is to make a backup copy. Reimage from the backup every time you want to test some method for recovering data. At this point it's actually preferable to copy the working copy to a different machine and work on it there.

cp -a ~/Library ~/Library.backup
cp -a ~/Library.backup ~/Library.working_copy

You will also probably want to get rid the extended attributes on the files while you work with them.

xattr -rc Library.working_copy

Extracting sqlite databases from older plist format backups

Find the sms messages database. Note the * wildcard. This is necessary because older backup formats had extensions like .mddata and .mdbackup. These are not in direct sqlite format. The database has to be extracted from these plist or bplist wrappers. The plutil just gives a visual confirmation that the file is a plist formatted file. Also note the full path to /usr/libexec/PlistBuddy.

find . -name "3d0d7e5fb2ce288813306e4d4636395e047a3d28*"
plutil -p ./a3cbc42afcbc63b243d0dd0bfbf4e9b1b9db5277/3d0d7e5fb2ce288813306e4d4636395e047a3d28.mddata
cp ./a3cbc42afcbc63b243d0dd0bfbf4e9b1b9db5277/3d0d7e5fb2ce288813306e4d4636395e047a3d28.mddata chat.mddata
/usr/libexec/PlistBuddy -c 'Print :Data' chat.mddata > chat.db

SQL to convert chat.db to CSV file

The following SQL statement will convert a chat.db database into a flat CSV file that is fairly easy to work with. It isn't too fancy. It just gives you the critical information about ROWID , date, address (iMessage user or phone number), service (iMessage, SMS), direction (sent, recv), attachment path, text. ROWID (unique ID to this message in the database), date, date_read, date_delivered, address (iMessage user pr phone number), service (iMessage or SMS), is_audio_message, group_title, subject, direction (sent or recv), attachment (filename path to attachment), text.

Issues. This doesn't properly reverse the address (chat id) for messages sent to a group. If a message is received from someone in a group it will show their address, but it will not indicated that it was a group chat.

Save the following in report.sql then run it with sqlite3 chat.db < report.sql

-- iPhone Chat Report
-- version 3
-- This generates a report of all messages sent and received as recorded by an
-- Apple Messages SQLite3 database, also known as "sms.db" on the iPhone and
-- "chat.db" on the MacOS Messages app.
-- The "chat.db" may be found under ~/Library/Messages for the Messages App. To
-- get a copy of the iPhone "sms.db" perform a full backup of the iPhone to a
-- Mac. The database will be found under ~/Library/Application
-- Support/MobileSync/Backup Note that the database name is hashed and is
-- actually named "3d0d7e5fb2ce288813306e4d4636395e047a3d28" instead of
-- "sms.db". The schema of "sms.db" and "chat.db" may sometimes be a little
-- different and may change bwtween versions. This report works on all but the
-- very oldest versions. For really old versions use the following simple SQL
-- report:
--     .mode csv
--     .headers on
--     .separator "," "\n"
--     .nullvalue NULL
--     .output chat-db-old-schema.csv
--     SELECT datetime(date,'unixepoch','localtime') as date, flags, address, text FROM message;
-- You may also try to find the database using this command:
--     find . -name "3d0d7e5fb2ce288813306e4d4636395e047a3d28*"
-- Quirks: The rowid and the date are sometimes out of order by a message or
-- two. I order by date so this means the rowid may not always be sequential.
-- It is rarely off by more that a few records. The downside of this is that it
-- makes it more difficult to spot deleted messages.
-- TODO: Add a separate report to identify gaps or deleted records in rowid.
-- Run as:
--   sqlite3 chat.db < report.sql
-- (c)2020 Noah Spurrier <>

.mode csv
.headers on
.separator "," "\n"
.nullvalue NULL
.output chat-report.csv
    case when LENGTH(date)=18 then
    datetime(date/1000000000 + 978307200,'unixepoch','localtime')
    when LENGTH(date)=9 then
    datetime(date + 978307200,'unixepoch','localtime')
    else 'NA'
    END as "date",
    case when LENGTH(date_delivered)=18 then
    datetime(date_delivered/1000000000 + 978307200,'unixepoch','localtime')
    when LENGTH(date_delivered)=9 then
    datetime(date_delivered + 978307200,'unixepoch','localtime')
    else 'NA'
    END as "date_delivered",
    case when LENGTH(date_read)=18 then
    datetime(date_read/1000000000 + 978307200,'unixepoch','localtime')
    when LENGTH(date_read)=9 then
    datetime(date_read + 978307200,'unixepoch','localtime')
    else 'NA'
    END as "date_read",
    id AS address,
--    m.is_audio_message,
--    m.group_title,
    CASE is_from_me
        WHEN 0 THEN "recv"
        WHEN 1 THEN "sent"
        ELSE is_from_me
    END AS direction,
    CASE cache_has_attachments
        WHEN 0 THEN Null
        WHEN 1 THEN filename
    END AS attachment,
FROM message AS m
LEFT JOIN message_attachment_join AS maj ON message_id = m.rowid
LEFT JOIN attachment AS a ON a.rowid = maj.attachment_id
LEFT JOIN handle AS h ON h.rowid = m.handle_id

I have also been playing with this simple query just to dump all messages that are part of a specific chat ID. For example, this will return all messages part of chat 17.

SELECT ROWID, chat_id, text, handle_id, datetime(date + strftime('%s','2001-01-01'), 'unixepoch') as date_utc  
FROM message T1
INNER JOIN chat_message_join T2 ON T1.ROWID=T2.message_id AND T2.chat_id=17; by Matthieu Riegler

This is quite old. I haven't tested it in years.

I think the fact that it uses absolute paths to chat.db means that the chat.db-wal file (write-ahead log) will not be merged into the current database state. This is bad if you want a report to include the latest data. This is good if you are doing forensics and do not want to lose any deleted rows. Of course, you should really keep a backup copy and a working copy copied from the backup to keep your work safe.

# Bash Script By Matthieu Riegler -
# Licence CC-BY 0 
# This script takes in input a iMessage account input and backs its conversations up as txt files. 
# It also saves its pictures that are cached localy 

# Parameter is a iMessage account (email or phone number i.e. +33616.... )
# This will be labeled as "recv" in the output. Your messages will be labeled as "sent".
if [ $# -lt 1 ]; then
    echo "Enter a iMessage account (email of phone number i.e +33616.....) "
    sqlite3 ~/Library/Messages/chat.db "
select distinct(guid) from chat;

# Retrieve the text messages 
sqlite3 ~/Library/Messages/chat.db "
select is_from_me,text from message where handle_id=(
select handle_id from chat_handle_join where chat_id=(
select ROWID from chat where guid='iMessage;-;$1')
)" | sed 's/1\|/sent: /g;s/0\|/recv: /g' > MessageBackup.txt

# Retrieve the attachments stored in the local cache

sqlite3 ~/Library/Messages/chat.db "
select filename from attachment where rowid in (
select attachment_id from message_attachment_join where message_id in (
select rowid from message where cache_has_attachments=1 and handle_id=(
select handle_id from chat_handle_join where chat_id=(
select ROWID from chat where guid='iMessage;-;$1')
)))" | cut -c 2- | awk -v home=$HOME '{print home $0}' | tr '\n' '\0' | xargs -0 -t -I fname cp fname .

Older Notes

This is from when I was just learning to work with the data in the chat.db.

Paths to data directories

I don't understand the relationship between Messages and Containers/ Is the iChat directory a backup or archive Messages? The formats are different; the iChat directory has a collection of plist files that form an archive of conversations (the files have .ichat extensions, but they are plist binaries). It may even be something left over from an OS upgrade or application upgrade.

  • ~/Library.working_copy/Messages/
  • ~/Library.working_copy/Containers/

To view the plist binaries it's probably more useful to convert them to XML.

plutil -convert xml1 "Noah Spurrier on 2015-05-29 at 13.45.51.ichat"

You may want to simply convert all the ichat files to XML format:

find "~/Library.working_copy/Containers/" -name "*.ichat" -exec plutil -convert xml1 "{}" \;

The file will have the same name and extension, it will simply be XML now. I have not figured out how to parse the format. Apparently it is a common Mac serialization format. The text of the messages appear to be near a key named NS.string; although, this is also used for other fields. As a quick and dirty hack this will work:

grep -A 1 NS.string "Noah Spurrier on 2015-05-29 at 13.45.51.ichat"

Use the locate command

I like to have the locate database update to date so I can use the locate command. The following enabled the locate launch daemon and it updates the locate database. For some reason, the OS X version requires that the locate.updatedb command be run from the root directory.

sudo launchctl load -w /System/Library/LaunchDaemons/
sudo bash -c "cd /; /usr/libexec/locate.updatedb"

Capture cam snapshot using the command-line

Capture with ffmpeg

First, list the devices available for image capture.

ffmpeg -f avfoundation -list_devices true -i ""

Now save a picture from device 0 using all the defaults:

ffmpeg -f avfoundation -i 0 -frames:v 1 cam0.jpg -y

If you want more control over the process, here is a longer version of taking with a built-in camera.

For this example I will select device 0 scanning at 1280x720 at 29.96 frames per second. Capture from device "0":

ffmpeg -f avfoundation -s 1280x720 -framerate  29.97 -i 0 -q:v 0 -b:v 10000k -vcodec mjpeg -frames:v 1 cam0.jpg -y

If the device does not support the options you gave then you may also try to let the system pick the defaults.

Capture images using imagesnap

Install imagesnap

Use Brew to install imagesnap

brew install imagesnap

Or install using a precompiled binary from here: or or

Capture image

The imagesnap utility can be used to take a picture from the built-in webcam. This beats using Photo Booth.

Capture from a specific video device (use imagesnap -l to list device names):

imagesnap -d "HD Pro Webcam C920"

This will take a picture every time you press enter.

while :; do
        echo "Press enter to take a picture."
        imagesnap -q -w 0.10 $(date +%Y%m%d%H%M%S).png

Do this to take a sequence of images in a time lapse. Recall Bash variables such that ${1-1} yields command-line arg 1 if defined. If no argument was given then it yields the default value after the -, in this case 1. So this always returns 1 if no argument is given.

image_sequence () {
    while :; do
        imagesnap -q $(date +%Y%m%d%H%M%S).png
        sleep ${1-1}

Display images using ImageMagick 'display'

You may see this error:

display: delegate library support not built-in `' (X11) @ error/display.c/DisplayImageCommand/1894.

The problem is that you installed the wrong build of ImageMagick. Run the following to install ImageMagick with X11 display support:

brew uninstall imagemagick
brew install imagemagick --with-x11

Display images from the command-line

This works on almost any file as well as images.

qlmanage -p FILENAME.jpg

Display video from sequence of images

mplayer -vo corevideo "mf://2015*.png" -mf type=png;fps=20

Open files as if double-clicking on them.

open picture.img
open my_document.doc
open page.html

Image processing with SIPS

Built-in, native tool for resize and performing simple manipulations of images.

Paste Board (clip-board, Desktop cut-and-paste)

pbcopy < foo.txt
pbpaste >> bar.txt

Mount extfs ext2 ext3 ext4 on MacOS using FUSE

If you use a Mac and want to mount Linux extfs drives then the easiest way to do this is to use FUSE for OS X with fuse-ext2. OSXFUSE is based on a defunct project called MacFUSE. fuse-ext2 does not appear to be updated frequently, but the old releases seem to work on the latest version of MacOS (Mavericks).

How to resolve: "No Java runtime present, requesting install."

When trying to run java from the command-line you may get this message, No Java runtime present, requesting install.. After installing the JRE: (Java Runtime Environment), you find that you still get this message from the command-line. Restarting the terminal session does not fix this. You must add the following line to /etc/bashrc or your own ~/.bashrc:

export JAVA_HOME="/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home"

MacOS keyboard modifiers get reset after boot or sleep

If you set your Caps Lock key to be a Control key you may find that this setting gets lost after the machine reboots or restores after a sleep. The problem may be with a corrupt ~/Library/Preferences/.GlobalPreferences.plist file. To fix this delete or move this file out of the way, reset the Caps Lock key modifier back to Control then reboot. The problem should go away.

Brew: installation of Brew packages fail with "/usr/local/lib/pkgconfig is not writable."

During a step that creates symlinks you may see a message like this:

Error: Could not symlink file: /usr/local/Cellar/x264/r2197.4/lib/pkgconfig/x264.pc
/usr/local/lib/pkgconfig is not writable. You should change its permissions.

I'm not sure what causes this. This seems to fix it; although, I'm not sure if this is the correct ownership to set:

sudo chown -R $USER /usr/local/lib/pkgconfig

Show all files in the Finder (and all application file dialogs) -- show hidden files

In Open and Save dialog boxes you can press Command-Shift-. (dot) to temporarily show hidden files. If you want to see hidden files in the Finder and all other applications then run the following from a command-line shell.

defaults write -g AppleShowAllFiles -boolean true
#defaults write -g AppleShowAllFiles YES
defaults write AppleShowAllFiles -boolean true 
# or should I really use the following?:
#    defaults write AppleShowAllFiles YES
killall Finder

older style

defaults write -g AppleShowAllFiles -bool true

This will affect only the Finder:

defaults write AppleShowAllFiles TRUE
killall Finder

.DS_store sucks

.DS_store spreads like the common cold. There is no way to turn it off for locally mounted drives, including removable media, but you can disable it from being created on network drives.

defaults write DSDontWriteNetworkStores true

Also add to your .gitignore file:




Fink (STOP -- use #Homebrew instead)

Use #Homebrew instead.

Show top level mounted drives (volumes) in the Finder

This is some same Applescript that I wrote. This gets me started with the basics.

(* Show top level mounted drives (volumes) in the Finder *)
tell application "Finder"
	make new Finder window with properties {target:computer container}
	(* I can't set the column view in properties when making new Finder window
		because the user may have set the Finder view option "Always open in list view". *)
	set current view of front window to column view
	set zoomed of front window to true
	(* if using list view then adjust some of the columns...
	set sort column of list view options of front window to name column
	set sort column of list view options of front window to kind column
	set width of column id name column of list view options of front window to 200
	set width of column id modification date column of list view options of front window to 170
	set width of column id size column of list view options of front window to 90
	set width of column id kind column of list view options of front window to 120
end tell

tell application "System Events"
	if UI elements enabled then
		keystroke "t" using {command down, option down}
		tell application "System Preferences"
			set current pane to pane ""
			display dialog "UI element scripting is not enabled. Check \"Enable access for assistive devices\""
		end tell
	end if	
end tell

Use Automator to set a global system hotkey to launch a new iTerm window

This doesn't work very well because it turns out that a lot of applications use Option-Command-T. I would like to find a better solution to this problem.

In Automator create a new document and select a Service" as the type for your new document. Set the following options:

Service receives: no input
                     in: any application

From the Library add the action Run AppleScript and set the following text in the editor:

on run {input, parameters}
        tell application "iTerm"
        end tell
        tell application "System Events" to keystroke "n" using command down
end run

Save the workflow as hotkey iTerm.

Open System Preferences to set a hotkey to launch the work flow.

System Preferences | Keyboard | Shortcuts | Services | General | hotkey iTerm

Add a shortcut and press alt-command-t to set this hotkey sequence to launch a new iTerm window. I tried ctrl-alt-t and ctrl-command-t, but these were being used by other applications.

Focus Follows Mouse

To turn on Focus Follows Mouse in Mac OSX Terminal App do the following from a terminal (note that you must restart the Terminal App):

defaults write FocusFollowsMouse -string YES

To turn off Focus Follows Mouse:

defaults write FocusFollowsMouse -string NO

Linux and OSX command equivalents

List both mounted and unmounted disk devices:

fdisk -l
diskutil list

SSH login

Start System Preferences. Click on Sharing under "Internet & Network". The Services tab should be highlighted. Check Remote Login.

Now you should be able to login remotely using SSH.