Little Snitch & Electric Sheep screen saver

General discussions about Little Snitch
Post Reply
simonl
Posts: 4
Joined: Mon Nov 13, 2006 2:09 pm

Little Snitch & Electric Sheep screen saver

Post by simonl » Mon Nov 13, 2006 2:26 pm

I used to be able to run the screen saver Electric Sheep (http://www.electricsheep.org; see below) on my G5 ( OS 10.4.8 ) with the OS X firewall turned on, without any problem -- sheep would download just fine and I never had to make any changes to the firewall for it to work, despite posts to the contrary that are to be found here and there regarding port forwarding and other stuff that's beyond me (I only have printer sharing checked in the OS X firewall). Then I decided that controlling network traffic with Little Snitch (LS) would be a good idea. As soon as LS was installed and activated...no new sheep were downloaded to my machine. I have opened ports 80 and 8090 for any connection for the ScreenSaverEngine, but still no sheep will download unless LS is turned off. Now, I have to admit that I don’t really understand all this port business and port forwarding, etc., so I’m not sure if I'm really setting things up as they should be to allow the sheep to download to my computer.

The screen saver Electric Sheep requires a connection to the internet to download "sheep", which are created by a number of computers which cooperatively perform the calculations necessary to generate them (works much like SETI at home). According to the developer ports 80 and 8090 are required for the program to function.
I can only presume that LS is blocking some connection, thus preventing the screen saver from functioning properly, but I don't see any messages from LS asking me for permission to make a connection. I can only assume that one of the inbuilt rules in LS is responsible for this problem.
Does anybody have any ideas what might be going on? Oh, and if you have never used Electric Sheep as your screen saver, try it, it's simply the most absorbing screen saver you'll ever see -- better than Fuse, better than iTunes -- try it (and figure out the problem with LS!).


Thanks, Simon

johannes
Objective Development
Objective Development
Posts: 815
Joined: Fri Nov 10, 2006 4:39 pm
Contact:

Post by johannes » Thu Nov 16, 2006 12:19 am

As the ScreenSaverEngine is located inside a Framework an is accessed via a symbolic link, you cannot create a manual rule for it from the Little Snitch Preference Pane.

You need to activate the screen saver (e.g. via a hot corner) and after a view seconds, move the mouse to deactivate it again. Then you will see the Little Snitch panel waiting for your input.

As this screen saver wants to create many different connection and as I assume you trust it, it would be the easiest solution to create an "Allow any network connection / forever" rule for it.

So once you've moved the mouse, the screen saver disappeared and the Little Snitch panel became visible, select "forever" and condition "Any network connection" and click on "Allow forever".

simonl
Posts: 4
Joined: Mon Nov 13, 2006 2:09 pm

Post by simonl » Thu Nov 16, 2006 2:39 am

Johannes,
Thank you for your help. In fact, the first time I tried to set up rules for Electric Sheep (ES) within Little Snitch (LS), I did it the way you suggest, but I ended up creating at least ten rules of the type you mention (allow forever) for all the URLs that I didn't recognise. Most, if not all the URLs were from educational establishments, judging by the look of them, but still, I didn't know what they were all for, so I got cold feet and thought that it might be a little silly to make all these rules allowing open communication with sites that I don't recognise. At that point I deleted all of those rules and created just two, one for port 80 and one for port 8090 allowing all traffic forever, but, as you rightly say, this didn't allow ES to run. I don't exactly mind creating rules for each of the sites that ES is trying to communicate with, using LS, but I didn't know when I would get to the end of the list of rules I would have to create. As I said, last time I gave up at ten or so and still Electric Sheep was not running.
So, do I keep on creating rules allowing communication for EVERY request that Electric Sheep makes? How will I know when I have finished making the list of rules?
As you can tell, I am not very clued in on this, so if you would like to make any further suggestions, I would be most grateful.


Many thanks,

Simon

johannes
Objective Development
Objective Development
Posts: 815
Joined: Fri Nov 10, 2006 4:39 pm
Contact:

Post by johannes » Thu Nov 16, 2006 3:40 pm

As it's the nature of ES to connect to a variety of servers, each time to another one, I'm afraid it's not really manageable to create a rule for each specific server.

So you need to decide whether you trust ES or not. If you do, you should, as described in my previous post, ad an "Allow any network connection" rule.

But keep in mind: As you do this, you're actually doing this for the whole ScreenSaverEngine! So if you select some other screen saver, it too will have full access to the net.

By the way: I downloaded and installed ES too and could not get it to work, also with Little Snitch turned off. I found out that the server it was trying to talk to always gave a 403 error and an error message saying that it's over its hourly quota and I should try again later.

I recommend turning on the verbose logging in the ES screen saver options. Then take a look into the console.log (Console.app) after running ES.

simonl
Posts: 4
Joined: Mon Nov 13, 2006 2:09 pm

Post by simonl » Fri Nov 17, 2006 1:05 am

Johannes,
Thanks for your additional input. As for your suggestion, that is axactly what I had done: I created two rules, one for port 80 and one for port 8090 (the ports that the developer states are required), "allow any network connection" for the "ScreenSaverEngine". Isn't that what you're suggesting I do? If it is, then it is not sufficient for Electric Sheep to run, but it would just fine with Little Snitch disabled. As for the difficulties you experienced, I know that there is often server overload when using the default server suggested by Electric Sheep, but once the sheep start to flock on to your machine, they will keep on coming! Today they were downloading to my machine until 2:45 PM EST, that's when the last one downloaded.
So, Johannes, if I understand your instructions correctly, then on my machine it still does not allow Electric Sheep to run OK. Of course, I have probably totally misunderstood you...sorry!


Regards, Simon

johannes
Objective Development
Objective Development
Posts: 815
Joined: Fri Nov 10, 2006 4:39 pm
Contact:

Post by johannes » Fri Nov 17, 2006 1:30 pm

simonl wrote:I created two rules, one for port 80 and one for port 8090 (the ports that the developer states are required), "allow any network connection" for the "ScreenSaverEngine". Isn't that what you're suggesting I do?


Not really. An "Allow / Any network connection" rule really allows any network connection, no matter what port or protocol or server. So if you add rules for specific ports, they're not "any network connection" rules.

An you must not create these rules manually. You must let the Little Snitch notification window pop up and create the rule that way. Do not create the rule in the Little Snitch Preference Pane via the "New..." menu entry!

So remove all rules for the ScreenSaverEngine. Then activate the screen saver and after a view seconds, move the mouse. You will then see the Little Snitch notification panel - set it up this way:

Image

The rule then should show up as:

Image

That way you make sure, that whatever network connection ES wants to create, it will be able to do so.

But again: Note, that this way the whole ScreenSaverEngine is allowed network access, not only ES!

If it still does not work then, there could be some other rule blocking a connection attempt of the ScreenSaverEngine - look for rules that apply to "any application"! Another point could be that ES launches some other tasks like curl or perl to do network access - those will not be covered by the ScreenSaverEngine rule.

simonl
Posts: 4
Joined: Mon Nov 13, 2006 2:09 pm

Post by simonl » Sat Nov 18, 2006 1:40 am

Johannes,
Bingo!! Thanks so much for all your help, you are most kind for taking the time to help me out, I truly apppeciate it!

Regards, Simon

Post Reply