Just a few things I found today (2004-12-01) while playing around on an Apple Macintosh computer running OS X 10.1.5. I guess that most of this works on other versions of OS X, but make no guarantees thereof. It won't work on plain Darwin or on any other UNIX system, because these hacks are based around the Quartz/Aqua graphical environment of Mac OS X. I doubt you could get any of this to work on OPENSTEP/NEXTSTEP, even. I haven't tried (yet...).
First off, you will need a Mac :-). I shall refer to the Mac as the "target". You will also need another computer, which for want of a better word I shall call "source". The source machine can be any computer that has an ssh client, such as another Mac, a Linux box, etc. A Windows machine may be used, but you will need to get a third-party ssh client, such as putty.
Lastly, a little descriptive note: the difference between a 'terminal' and a 'console'. I'm going to be a little cavalier in my use of these words, but will try to keep my own uses consistent. A 'terminal' is merely a prompt at which shell commands may be entered, be it Terminal.app, a telnet client, or whatever. The 'console' on target refers to the graphical login screen, which may be showing the login window, the Finder, some applications, or as we shall soon see a combination of the first and third :-).
First things first: I can't think of any genuine reason to do this, except that it's cool. I suppose if you've got a slow machine, and want to just do something like surfing but without the overhead of the Finder and stuff, then it's good. Or, say you're working away from the Mac (but within audio range), and want to turn it into a jukebox but for some reason would rather not log in (e.g., someone might come in and read your mail or something). Then you can use this hack to load iTunes, but without the need to be logged in at the console.
Security Advisory: The program you run here has root privileges (even on those machines on which the root password has not been enabled), so don't run anything potentially system-trashing unless you know what you're doing!
How it works. Initially, make sure that target's console is displaying the login window. Now, open an ssh connection from source, and log in to target via it. At the terminal, type 'sudo open /Applications/iTunes.app' and enter your password. Now iTunes has loaded on target, and is sitting there right behind the login window! You can move it, interact with it, play tunes, do whatever you want. Feel like logging in? Well, go on then, iTunes will still be there once you've done so. But remember, it still has root privs even if you log in as someone else.
If someone is logged into target at the console, then spook them out thus. Log in to target from source as above, and create an HTML file with some suitable large and scary text. "2004 will be like "1984"", or something. Let's say it's saved as /Users/Shared/boo.html; use the command 'sudo open /Users/Shared/boo.html' and enter your password. Examine the look on the target console user's face as their browser opens and tells them the bleak outlook for this year! N.B.: in this case the browser will be started with the privs of the user currently at the console, not those of root.
I've found that if you run XDarwin from the text console, when you exit the "Spinning Beachball of Death" appears (if your machine is set up to go back to the login window). This simply appears to be because the login shell (tcsh, in my case) fails to quit. Simply connect from source, use 'ps ux' to locate your login shell at the console (it will have p0 as its TTY), and 'kill -KILL' it. Simple. :-)