1. The LaunchDaemons folders contain items that will run as root, generally background processes.
   
   
2. The LaunchAgents folders contain jobs, called agent applications, that will run as a user or in the context of userland.
   
   
3. If your job needs to run even when no users are logged in, put it in /Library/LaunchDaemons.
   - If it is only useful when users are logged in, put it in /Library/LaunchAgents,
   or in the personal LaunchAgents directories of specific users.
   
   
4. Do not put your job in /System/Library, which is reserved for system-provided daemons.
   
   
5. Startup files are found in various locations, some are provided in the following tables.
   
   

Please be aware that many of the "old ways" of doing things are still supported, such as:

• /Library/StartupItems/
• /System/Library/StartupItems/
• /etc/rc.local
• /etc/mach_init.d/
• /etc/mach_init_per_login_session.d/
• /etc/mach_init_per_user.d/

1. See what NON-APPLE kernel extensions are being loaded in /System/Library/Extensions/,
   kextstat | grep -v apple
   Some examples of what you might find are listed below: com.subrosasoft.watcher = FileDefense from SubrosaSoft. at.obdev.KUC = Little Snitch, 1.x at.obdev.nke.LittleSnitch = Little Snitch, 2.x com.vmware.kext.vmx86 = vmWare, 1 of 4 com.vmware.kext.vmci = vmWare, 2 of 4 com.vmware.kext.vmioplug = vmWare, 3 of 4 com.vmware.kext.vmnet = vmWare, 4 of 4 com.macally.driver.ICEKey = Macally ICEKey keyboard. com.cisco.nke.ipsec = VPN client from Cisco. net.pocketmac.driver.BlackberryUSBDev = Blackberry USB iSync hack. org.openafs.filesystems.afs = OpenAFS client. com.AmbrosiaSW.AudioSupport = AudioHijack or WireTap. com.symantec.kext.SymEvent2 = Symantec AntiVirus, 1 of 2. com.Symantec.kext.SAVAPComm = Symantec AntiVirus, 2 of 2. com.sophos.kext.sav = Sophos Anti-Virus. com.bresink.driver.BRESINKx86Monitoring = Assorted tools from Marcel Bresink. com.airgrab.driver.AirGrabFirewallModule = Hawking HWUG1A (RT73) USB WiFi NIC EXAMPLE:
   - To STOP the kernel extension "com.bresink.driver.BRESINKx86Monitoring" do,
   sudo kextunload -b com.bresink.driver.BRESINKx86Monitoring
   
   - To prevent it from starting again on re-boot, move it OUT of StartupItems to your desktop.
   sudo mv /Library/StartupItems/BRESINKx86Monitoring ~/Desktop/
   
   and or move it OUT of /System/Library/Extensions/ to your desktop.
   Diablotin and or Lingon (see below) will disable them to.
   
   - See also: ls -asl /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ~/DownLoads
   
   

   ---

2. If your Mac will ONLY work in safe mode,
   you may have a bad kernel extension or the permissions are set wrong.
   
   
   • Make sure they are all OWNED by root and the GROUP is set to wheel.
     
     - Especially items NOT made by Apple like the BUG in the
     Lexar JumpDrive Secure II Plus USB Flash Drive installation software!!!
     
     Example fix below:
     sudo chown -R root /System/Library/Extensions/LexarFilterScheme.kext
     sudo chgrp -R wheel /System/Library/Extensions/LexarFilterScheme.kext
     
     See Bubba too...
     

     ---

   • To rebuild the kernel extensions, do:
     

   sudo rm /System/Library/Extensions.mkext
   sudo kextcache -k /System/Library/Extensions
   sudo reboot
   

   
   or try sudo touch /System/Library/Extensions, which Snow LEOpard likes more.
   - All will be rebuilt on next boot.
   
   See also:
   kextfind .
   

   ---

3. Learn to use and understand launchctl,
   to manage your Agents and Daemons in locations below (and above)!
   

   ~/Library/LaunchAgents         Per-user agents provided by the user.
   
   /Library/LaunchAgents          Per-user agents provided by the administrator.
   /Library/LaunchDaemons         System wide daemons provided by the administrator.
   /System/Library/LaunchAgents   Mac OS X Per-user agents.
   /System/Library/LaunchDaemons  Mac OS X System wide daemons.
   

   sudo launchctl help
sudo launchctl list |more
   
   So to see just a active service, we would do,
   sudo launchctl bslist |grep "A "
   (you will see a lot of services, not to worry)
   
   The three states a service can be in, they are:
   - active "A"
   - inactive "I"
   - on-demand "D"
   
   EXAMPLE:
   com.apple.SafariBookmarksSyncer.plist
   - Is in your ~/Library/LaunchAgents/ folder and used by Apple's MobileMe service to sync bookmarks between multiple computers, even if this feature is NOT used!!!
   
   * The *NEW* version of Lingon (see below) may help you get started.
   

   ---

   
   
4. Running system_profiler will show you the info much better then
   /etc/hostconfig (below).
   Running /usr/sbin/system_profiler SPHardwareDataType
   will give you a nice brief overview of the system.
   
   /usr/sbin/system_profiler SPStartupItemDataType, will list some startup items.
   /usr/sbin/system_profiler SPSoftwareDataType will list your OS version.
   /usr/sbin/system_profiler -listDataTypes for a complete list of what you can querry.
   
   The above is also avail via the GUI, open "/Applications/Utilities/System Profiler.app".
   
   NOTE: Good old Panther (10.3) /usr/sbin/AppleSystemProfiler -usage does it this way.
   

   ---

   
   
5. By default, you may be starting a few demons.
   PLEASE review your hostconfig file, more /etc/hostconfig .
   
   
6. To MANAGE a running service like AppleShare'ing (AFPSERVER=-YES-) do,
   sudo /sbin/SystemStarter stop AppleShare
   
   
7. You should know what services have the ABILTY to be started (apache etc.), via:
   sudo grep -r -e YES -e AUTOMATIC /System/Library/StartupItems
   
   
8. Now look for programs accessing the os via:
   sudo fs_usage -f filesys | grep -v iTerm | grep -v Finder | grep -v grep
   (add more to filter out known good services.)
   
   or to see just what iTunes is doing do:
   sudo fs_usage -f filesys | grep iTunes
   

1. Start by knowing what is in your:
   ls -asl /Library/StartupItems/
ls -asl /System/Library/StartupItems/
   
   
2. loginwindow searches this file (if exists) each time a user logs in.
   more ~/.MacOSX/environment.plist
   

1. This is the MOST IMPORTANT LOCATION for USER stuff !!!!!:
   open ~/Library/Preferences/loginwindow.plist
   - The above item is the same one located via the user accounts GUI preference pane.
   
2. The current "proper" way to start stuff is the:
   ls -asl ~/Library/LaunchAgents/ folder.
   

1. ALWAYS start your mac in VERBOSE MODE,
   so you can see what it is doing behind the splash screen.
   sudo /usr/sbin/nvram boot-args="-v"
   
   
2. REDUCE the amount of stuff you need to analyze by doing a SAFE BOOT.
   Hold down the SHIFT key after the boot tone, or mod your nvRAM by
   sudo /usr/sbin/nvram boot-args="-x"
   then reboot.
   Now login via the user name of >console trick.
   
   

   ---

3. When was the last time you investigated what was in your TMPDIR, /private/var/folders/ folders ?
   Especially the "-Caches-" directory ... Many things "hide" here you know...
   cd $TMPDIR/../../ to find out more.
   
   Or better yet, use lynx for poke around a lot faster !
   
   /opt/local/bin/lynx $TMPDIR

   ---

4. Is cron doing something you do not know about ?
   rOOt: sudo crontab -l -u root
   Yourself: sudo crontab -l -u $USER
   ... now do this for ALL your user accounts!
   
   

- Ports Collection		How to install and use the Mac Ports Collection.

- Lynx				Via the Mac Ports Collection.		May be the MOST important tool of all !
- Lingon			http://homepage.mac.com/pgw3/		http://tuppis.com/
- WaterRoof			http://www.hanynet.com/
- Little Snitch			http://www.obdev.at/
- Diablotin			http://s.sudre.free.fr/
- Leopard Cache Cleaner		http://www.northernsoftworks.com/       Has BOTH a Virus and rOOt Kit checker!

- iTerm				http://iterm.sourceforge.net/
- RCDefaultApp			http://www.rubicode.com/Software/	Fix broken mime types.
- AppCleaner			http://www.freemacsoft.net/		Better then AppZapper, free too.
- AppZapper			http://www.appzapper.com/
- Preferential Treatment	http://www.jonn8.com/			
- tcpFlow			Via the Mac Ports Collection.
- nMap				Via the Mac Ports Collection.
- TinkerTool System   		http://www.bresink.de/
- Geek Tool			http://projects.tynsoe.org/
- Mac Pilot			http://www.koingosw.com/		Nice WiFi AirRadar tool.
- Cocktail      	      	http://www.maintain.se/			Make sure you get 4.2.1
- OnyX                		http://www.titanium.free.fr/		
- Pacifist            	 	http://www.charlessoft.com/
- Visage              		http://keakaj.com/
- Postfix Enabler     		http://www.cutedgesystems.com/
- HenWen			http://seiryu.home.comcast.net/
- nTop				Via the Mac Ports Collection.
- Carbon Copy Cloner		http://www.bombich.com/
- AppleJack			http://applejack.sourceforge.net/
- Transmit			http://www.panic.com/			Best darn file transfer program out their !
- Printer Setup Repair		http://www.fixamacsoftware.com/		Fix Cups and free up a few gigs of
									unnecessary printer drivers too !
- VersionTracker		http://www.versiontracker.com/
- MPEG Streamclip		http://www.squared5.com/		Will need MPEG-2 codec from Apple.
- minicom			Via the Mac Ports Collection.		Terminal supports /dev/cu.Bluetooth-Modem and the KeySpan USB Adapter.
- Monolingual			http://monolingual.sourceforge.net/	Delocalizer like Leopard Cache Cleaner above.
- Gutenprint			http://gimp-print.sourceforge.net/
- Flip4Mac			http://www.telestream.net/		Play Windows .WMV Media files using QuickTime

- OpenOffice			http://porting.openoffice.org/		Now avail in native AQUA version.
- NeoOffice			http://www.neooffice.org/		This is an offshoot of OpenOffice.

- NTFS				http://www.paragon-software.com/	Read and Write NTFS partitions.

- RipIt				http://ripitapp.com/			Need I say more ?

• Check for pending files here too, ls /Library/Updates/
  
• For detailed information see, Mac OS X Internals: A Systems Approach, by Amit Singh.
  
• And to get even more confused, see the Apple developer website.