Well. Some of us already have our kids back in school, and some don’t. Some won’t this year, but the advice here applies to a lot of people wanting to lock down their laptops a little better for public use.
Ars Technica, the source of many fine articles related to computers, just published an excellent little primer on how to keep your computer secure. It includes information for Linux and Mac users as well.
I’ll admit. Some of my home stereo gear is old. As in better than fifteen years old. So?
It works.
It also makes no difference to what I’m about to discuss, which is: It is wayyyy too complicated for normal people (non-technical adults who are not gadget-geeks of some sort) to work their TV / home theater setup.
Case in point: Our widescreen gets cable piped directly in. It also gets the DVD player and VCR piped directly in, and echoes the sound out to the surround sound receiver.
So far so good. Unless I really want to listen to my iTunes library I never, ever change my stereo inputs. Turn on the TV and select the right input and *bam* there ya are. TV goodness.
But, we stumble into the first conceptual obstacle. You see, the TV remote, like many remotes supplied these days, is a universal remote. This means it’s universally useless for anything except perhaps the TV because the one critical feature you need for any other device (separate play-pause buttons, forex), are just not included on the remote surface, and the TV is complicated enough that little widdy biddy buttons require you to squint through bleary eyes.
The conceptual problem comes when Unsuspecting Normal Average Person with a Life picks up the remote, and, following your instructions turns on the TV and the stereo and cannot get it to change from the TV tuner.
Someone, recently handling the remote, must have hit the “dvd” button, and so neither the remote nor the TV care that you are mashing down the “source” button to change the input. The geeks response, knowing that the remote has multiple modes, will be to switch the remote back to TV mode.
This is NOT intuitively obvious to the normal average person. I’ll have to look at getting one of the programmable Logitech remotes because I’ve been told they actually really work - and divide up the settings by what you’re doing rather than by what device you need to control at the moment. The upshot is if you’re “watching a DVD” it controls the stereo volume via the volume buttons, sets the TV to the input designated as “DVD”, and the play controls manage the DVD player - all without you constantly switching modes.
The next common bugaboo, and one I’ll fix at my house with a little piece of RCA patch cable, is the famous “why is there no sound?” Receivers and pre-amps have many input selections. When my Onkyo was made, equalizers were common, and commonly hooked up at the in and out ports for “tape 2″ (in case you actually bought two separate tape decks). For the EQ to do it’s job the receiver had to route sound back out from its selected input via the tape 2 “record/out” jacks, and listen to the tape 2 input no matter what the original source was.
Needless to say, if you don’t have an EQ or a second tape deck there are probably no cables there. The secondary consequence is that accidentally turning on “Tape 2″ effectively mutes your stereo, with very little indication that it’s even in Tape 2 mode as you’ll still see the input for “Tape 1″ or “Video 1″, etc.
Earlier I posted about my “tanstaafl” related issues in getting filtering and proxy services set up.
Good news: I finally got it all to start reliably. It’s still a bit quirky about restarts for log turnovers though.
Nevertheless, I stumbled into something else incredibly useful, and after a few weeks of trying it out I will be shutting down my own filtering.
The service is called openDNS. Their purpose is to replace the sometimes flaky DNS service that comes with your ISP (Hi, Comcast!) and provide an alternate means to look up addresses on the internet. This means that every time you try to look up www.apple.com, their computer takes the web address and sends back the numerical address, much like looking up phone numbers in a phonebook by name.
The side benefit of this is that you can also specify corrections of typos, define what kind of websites you don’t want visited from your household or office, and specify what exceptions you want to allow, becausethey control what computer you connect to when you ask for a website.
Specifying what you want to block follows the same categories used in DansGuardian, and the logs give you a nice list of sites that have been denied. What it doesn’t do is let you know who in your network made the request, give you a weight for how strict to be within a category, or let you see what sites have been visited that were not blocked.
I can deal with those weaknesses, as it simplifies my computer setup and makes it a little more difficult for the kids to work around the restraints (I still make sure I eyeball their activity and computers on a regular basis). It has one other “plus” - the instructions. They have excellent documentation that should go a long way in helping you set up your router or computer to use their DNS servers as well as tracking changes in the IP address your ISP hands you.
Best of all, it’s “free.”
Well, not completely. They make money by sending mistyped or flat-out wrong domain names to their own search and ad results.
A client of mine recently received an email purporting to be from the Department of Justice (and another one from “the IRS” ) relating to claims made against their business. It had some official-looking language about case numbers and claims filed by so-and-so, and noted that a copy of the complaint was included “in the pdf below.” They were suspicious for several reasons, and asked me to check it out.
Even if you expect the IRS or DOJ to email you out of the blue with this kind of thing, addressing the recipient by the wrong gender is a big red flag. The other thing that made me immediately suspicious was the “pdf” file was zipped.
The ZIP format is an incredibly useful compression and archiving standard that was even more important back when internet access was typically via modem. The downside is that if the package is really a virus installer it will not only unpack the virus files but execute them, infecting your system. For this reason any decent virus scanner will search through .zip files as they come in, but some viruses still slip through, especially in email. Also, PDF files are already compressed so there is little benefit from further compressing them (technically speaking - the graphics are already compressed. You may save some space by compressing the text more). Someone legitimately sending a PDF - or any document small enough to reasonably email (a word DOC file, etc.) - will almost never go out of their way to zip it up. Laziness, if nothing else, practically guarantees this.
As a matter of nettiquette, never email someone a .zip file without warning them ahead of time, and if you receive one without a prior heads up from a known, trusted source, be very suspicious. One of the nastiest infections I cleaned out looked like it came from a trusted source so the client opened it up without checking with the sender.
To wrap the story up, I took a snapshot of my Vista installation under Fusion, and looked at the zip file. As expected, the antivirus software immediately caught it and archived it.
Just discovered another upgrade “gotcha” with Leopard related to Thursby Software’s “DAVE.”
DAVE has been around a long time. Before OSX it allowed Macs to access windows shares and networks with the same credentials/etc. as windows machines. Even when OSX allowed access to Windows file servers and limited Active Directory compatibility Dave and AdmitMac were a much more complete solution, especially when it came to home folders, authenticating to a domain, etc.
Of course, such an extensive system hack intercepting all of the Windows-related CIFS/SMB traffic is likely to break on a major system upgrade, and sure enough it did. If you remembered to remove this before upgrading to Leopard, or first installed the update to version 7, then all was well, and you could still access Windows servers. if you didn’t, your computer would fail to connect.
Fixing this isn’t that tricky, but is non-obvious unless you are paying for an upgrade. In all cases the best way to remove DAVE is to use the removal package (DAVE is one of the few programs on a Mac that really needs an uninstaller). The issue is that the same incompatibility that prevents DAVE from working prevents the version 6 or earlier uninstaller to shut down the services. In this case, download the trial for version 7 (don’t even bother filling out hte form, just download it), and run the uninstaller for version 7. After a restart, your Mac will get back onto SMB servers as reliably as ever.
I’ve been more a fan of the VMWare Fusion virtual windows solution than Parallels, usually because Fusion has had less stability issues (especially relating to one client’s Quickbooks needs) and was just a little more polished. Well, sometimes you find rough spots.
Apparently Fusion assumes the hard drive size never changes. After installing the new HD in my MacBook pro and recovering from backups, everything else worked great, but Fusion couldn’t run the Boot Camp parition. While the error told me it realized the partition map had changed, Fusion would not give me the option of pointing to the new drive.
It was not a difficult fix - I found where Fusion stored the virtual machine file that pointed to the Boot Camp partition and deleted it, allowing Fusion to create a new one. Nevertheless, VMWare should not assume that people will never change disks or partition maps, and should have provided an option to reset where it should find the Boot Camp partition.
… has got to be Time Machine.
Last week I was at a clients’ office and had my laptop drop off a counter just, just after I’d put it to sleep.
The good news was that the MacBooks and MacBook pros all have sensors that, upon sensing an impact can park the heads on the hard drive before they have a chance to crash into the platters and kill the drive.
The bad news is that right when you put it to sleep, the laptop writes out the contents of RAM to the HD in case the battery dies/is removed, but the sensors are not functional.
So I had one thoroughly dead hard drive.
After finagling around with Disk Utility and discovering I could create a partition big enough for all of my files that avoided the damaged areas and was thus usable, I restored the computer from my Time Machine backups and a few hours later was back to work. Most of this time was spent figuring out what parts of the drive were usable.
Then I ordered a new drive which I installed this weekend. Not ridiculously difficult (say… like a Mac Mini) but I’ll never complain about pulling apart a Toshiba or Compaq again.
Anyway. The point is that I had my computer back in full running order within hours in what was effectively a bare metal restoration. All my programs worked, and all of my settings were in place. All of this as part of the backup system that came with the OS.
Side note. I hate Torx screws. Why do manufacturers insist on using Torx screws on top of the mini-phillips (and even regular phillips) sized screws? The good news. Lowes has a nifty Kobalt-brand multi-head Torx screwdriver that includes T5 and T6 heads for about five bucks.
I also cannot give enough kudos to the guys who created Quicklook. A simple COMMAND-Y or a tap of the space bar, and you get an instant overview of the file, making it easy to determine of that is, indeed, the file you were looking for. All of this without opening it up in its program of choice.
I’ve spent five days with leopard now, installing it four times on three different computers, the most recent one two days ago. It’s left one heck of an impression on me. Mostly favorable. If your Mac can run Leopard, you should install it. The sheer scope of the improvements is worth it. Having another computer, or a .mac account and integration with calendar and other services on a Leopard server will make it even more worthwhile.
Other people have given their short little overviews. Others have released articles in dribs and drabs on different features. Yet others have released a veritable book on the subject. As a result, this review will be heavier on my impressions and what I went through.
I got the install DVD on Friday. The packaging was, as usual, wonderful. I chose my Macbook Pro to install it on as between the three Macs that could be upgraded, it was not only backed up (as they all were), it was the machine I could suffer the most disruptions with.
So in goes the DVD. Reboot, choose “upgrade.” So far so good. I click through the initial menus and let the install procedure start as I go off to make dinner. A while later, my son wanders into the kitchen. “Dad? Is it supposed to have a blue screen?”
Uh-oh. Try the usual precautions. Safe mode boot didn’t work. Doing a file-system check in single user mode proved that the hard drive is still in good shape. I decided it was worth some time doing tinkering. I’d have to help other people out of their troubles after all, so I didn’t want to jump the gun and do an “archive and install” or “clean install”. I may be backed up but I didn’t want to spend hours rebuilding my utilities and preferences.
A little research and I dug up a thread in the Apple Discussion Boards where people were already fighting with the same issue. About halfway down someone had decided to poke around on the premise that a set of system extensions referred to as APE was at fault. APE, or Application Enhancer was a third-party system hack used by Cleardock, Shapeshifter, and other programs that modify the appearance and behavior of the OS. Needless to say this can make the system… unstable.
The official Apple page (recommending an archive and install but giving the instructions I followed) is here. Daring Fireball also has more on the subject, including how the Logitech drivers for mice and keyboards, among other things, can install APE without your knowledge.
So I reboot holding down COMMAND-S on the keyboard into the single-user command-line mode, type in the commands needed to check and mount the hard drive, delete the relevant files, and reboot. Viola! It works.
Finally I got my .mac information set up, verified I still had my mail library and signatures (Mail predictably updated the library) and started to see what changed and testing what broke.
Insofar as the kerfluffle with the stacks and the dock… I don’t mind the new dock, but I prefer to apply the default side-dock format to the dock as it’s cleaner and easier to tell what is running. I found the new stack behavior a little frustrating at first because I had several folder shortcuts that I wanted to go and open up the folder, but most of them I used by right-clicking to get a menu of the contents anyway. So, once I recalibrated my expectations and realized I was trading submenus for easier-to click targets and a slight inconvenience in actually opening up the folders (when actually needed) I was more than happy with the effect. In a roundabout way, this is a return of the “drawers” behavior of OS8 and 9, complete with spring-loaded folders that you can drag files and documents to.
I hate the icons for the stacks. I hate them for the simple fact that as an aggregation of the icons for the contacts, I’m trading a minimum of useless information about the contents of a folder for an easily identifiable target to click on. Without wasting time to hover each one, it’s almost impossible to identify which is which reliably. While I’m not a huge fan of the new dock, and less a fan of the hard-to-differentiate new folder icons, I cannot understate how much I loathe the dock. Please please make it possible to keep a stable icon there!
I discovered to my annoyance that the calendar does not keep a side drawer open with the details of the currently selected event. I can deal with this change because it also makes it clearer when I’m looking at vs. just editing an event, and minimizes screen usage when I don’t need the details. That said, I love the “current time” bar that runs across the window. It did miff me a bit to discover that all of the subscribed folders had been pulled out into their own category from the groups I had them in.
I checked out the new syncing preferences for .mac, and decided to forego the syncing of widgets and preferences. My laptop and desktop have many overlapping uses, but they are fundementally used in different environments (field vs. office) with different tools needed at my fingertips.
Parental controls now allow for remote control of other macs on your local network. Hmmm… so now if all my future computers are macs I can administer the ones my children will use centrally insofar as web access, and get rid of the proxy server I run. I can also set hours for when they can get on online. I can also run Fusion to let my kids play some W98 games like Zoo tycoon… and probably faster than the current old Win machine they have access to.
When waking from sleep, I get to the password prompt consistently faster. The wiki feature in the dictionary is cool, and makes a program I already use regularly vice pulling down my volumes even more useful. I also trashed a “refresh finder” script I had available because Apple finally, finally made it update in a consistently timely manner when new files are added.
Spaces took some time to wrap myself around. The biggest problem was me - trying to figure out a separation of work modes that would allow me to maintain different virtual desktops. That said - if you use it as a clutter remover it works great, because unlike many variants I’d seen, you still have access to all of your apps through the Dock or COMMAND-Tab - which instantly switches you over to the correct screen. After I figured this out I don’t do any manual desktop switching - which is easy enough to do. The one hitch I’ve had is I often use CNTRL-Arrow in text editing, so I have to find another default key to switch my spaces.
Screen sharing is easily turned on if you want to use the “Back to my Mac” .mac feature or just access your desktop from across the house using Chicken of the VNC or the built-in Screen Sharing app. Like all of the network services it’s off by default. The only thing that threw me was that turning on file sharing automatically allowed guest access to the public folders - though the guest account was otherwise disabled. While it’s easy enough to stop sharing out public folders or turn off ALL guest access, it did throw me.
Actually, I like how they implemented guest access in general. You can log in as “guest” and get a temporary, restricted workspace that erases itself when you are done. The next “guest” again gets a pristine, sandboxed space to access the web. This is a great way to give my kids access to my main desktop when they’re online…
Back to screen sharing for a minute. This has a few other implications. First, those of us in tech support and consulting can now easily access the computer of any client that we can iChat with. This feature also reduces the future need to install the more flexible VINE server on many client desktops, though the jury is still out on servers, depending on security needs. This is yet another way that a user-friendly feature will also be a big help for IT folk. it alsomeans that those of us with .mac accounts have less need for a service like GoToMyPC or LogMeIn.
Speaking of big help - Time Machine. This is possibly the biggest single reason to get Leopard - so that you can have effortless, consistent backups. I’ve lost count of how many clients do a poor job in maintaining backups. While it won’t help with keeping copies offsite, this feature will save a lot of headaches where it comes to “oops I deleted my file” or “oops, my hard drive died” in shops where we don’t have our hands on Retrospect enough to make sure that the users files are regularly backed up. Time machine makes this process almost effortless. One thing to beware of - If you have any Paralells or Fusion windows images, you may want to make them exceptions or back them up separately unless you’ve got a much, much bigger backup drive than your main drive. Aperture also has some issues with Time Machine
When installing this on my desktop, I noted a few other things. First of all, while the Sharepoints prefpane was still available, all of the SMB and Appletalk share configuration data had been wiped out. instead, those share points now were in the Apple sharing preference pane. Also, after opening Cronnix, I noticed that ALL of my scheduling CRON scripts were gone that I used for mounting my backup disks. Not much of a loss since I’ll be using time machine anyways, but you may want to back up your Crontabs if you’re geeky enough to use them. (I was using CRON to schedule applescripts and other scripts that I only wanted to run on my desktop instead of through iCal).
Insofar as most of my programs, here’s the rundown:
Mail improvements. Here’s where I got hurt the worst. While I don’t mind saying good bye to mail.appetizer (it can be obtrusive), Mailtags and Mail act-on effectively don’t work. The good news is that the creator is already making it Leopard-compatible, and the “Leopard” beta of mailtags is available. I’ll just hold off for the final version. That said, the note-taking ability is useful, the contact-data sensing is just phenomenal, and it can now indent without quoting! The templates are fluff, but slick fluff, and very well implemented. mail has always been great about letting you pick an alternate outbound server if you can’t reach your default, but now you can also choose a different outgoing server as you compose your email.
Inquisitor, an app that gives me instant search results as I type in Safari doesn’t work. It may never be updated as it relied on access to parts of the Safari WebKit code that Apple has severely restricted access to. I will miss it.
Transmit and Quicksilver seem to work fine overall (with updates) though the “open all files with this tag” feature of the tagging module needs updating. The growl notifications are working just great.
Chax has disappeared, but most of the features it provided were rolled into iChat anyway. As it is I’ll still be using Adium except when I need the new “theater” and “screen sharing” modes.
I haven’t run mine yet, but apparently Photoshop works, though may “crash” upon closing out the program. I know Adobe has posted some other issues but apparently the main graphics programs all work OK.
As noted previously, APE is (very) broken.
LiteIcon, an App that allows you to change the default system icons is broken. We’ll have to wait for an update on that or Candybar (from the iconfactory).
Desklickr doesn’t change the desktop out.
Google Earth needed me to reinstall/download the latest version on my laptop.
My Cisco VPN settings were wiped out. I am not sure yet if simply reinstalling will fix this. I WILL get a Time Machine backup first….
Tinkertool says that it is not fully compatible, but shouldn’t break anything, even if some effects are unexpected.
The Wacom drivers needed to be replaced with a new version.
Internet Explorer 5 (OSX version) still works as well as it ever did, for what it’s worth.
Other things that apparently still work:
Stuff I still need to test:
That’s it in a nutshell.
