- Ahead of the Curve: Back to the Mac
- Corrections to "Back to the Mac"
- OS X Server break-in: Probably isolated, but a heads-up
- iPhone SDK: Interface Builder added; WebKit kicks into overdrive
- iPhone 2.0: Safari hosts local apps; SQL on a smartphone!; go get Safari 3.1 now
- New iPhone enterprise developer program, $299; musings about iPhone app licensing
- iPhone/iPod touch Q & A
- Apple's iPhone software strategy moves me
- InfoWorld Test Center Preview: Time Capsule wireless remote Time Machine backup
- MacBook Air, a detailed preview
April 16, 2008 | Comments: (0)
Ahead of the Curve: Back to the Mac
Several months ago, I determined that my years-long fondness required reexamination. I quietly took a break from the Mac to get some perspective, to check out Vista, AMD, and Longhorn (Windows Server 2008) untainted by Apple's PR and uninfluenced by other journalists and bloggers. I elected to take a break from reviews of new Mac hardware, the occasion of which always piques my interest in Apple's platform. There were times when I felt I'd chosen the worst possible time for this hiatus. I ended up passing on MacBook Air, Time Capsule, Harpertown Mac Pro, and most painful of all, the new MacBook Pro. It was difficult seeing InfoWorld pick up reviews of these from sister publications, but I take my responsibility to readers very seriously. I can't very well counsel you on technology choices if I consider the field limited to one worthwhile player, especially when that player projects the image that it competes only with the generation of systems that preceded what's presently sold.
I found enormous value in my time away from Mac. I made the kind of discoveries I used to make routinely before I took on the Mac as a specialty, and as I take up the Mac again -- which I am doing immediately -- it's clear that my appreciation for the platform is justified, and that the customary split of my effort and attention between Apple and AMD is justified.
The genuine, practical superiority of AMD's Barcelona server platform, and its Phenom desktop platforms that derived from Barcelona, came to light during the break I took from Mac. A one socket, quad core Spider (Phenom plus ATI CrossFire graphics) runs Vista so obscenely fast that even a diehard Mac user's head will turn. Privately, of course.
I found it extremely intriguing that systems built on Phenom platforms can tune themselves autonomously for the maximum possible CPU and GPU speed over a surprisingly broad range, based on a whole system approach that takes cooling, power supply capacity, and your preferences for noise and maximum power consumption into account. I found that I could speed bump an AMD Phenom desktop for free by moving it closer to the floor, where the cooler air prevails. What a grand idea that in itself shows genuine customer-focused insight.
I gained a fresh appreciation for the GNU compiler collection, which has taken remarkable strides since I last took a deep dive in it. I was unaware of the level of engagement from commercial partners, including Apple, AMD, and Novell. Each is undoubtedly pursuing its own agenda, but it does so within the framework and culture of one of the most tightly controlled and liberally licensed open source projects in existence. AMD has finally embarked on the long road to compiler parity with Intel with its contribution of Family 10 (Barcelona/Phenom) architecture-specific optimizations to GNU.
Apple has been busy on the gcc front as well. Objective-C 2.0, with its desperately needed garbage collection, has been a reality in the GNU toolchain since Xcode 3 was in non-disclosure beta. In release 4.2 of gcc, auto-parallelization joins auto-vectorization to adapt projects to multiprocessing and vector acceleration without developer intervention. Unless I'm mistaken, the public beta versions of the iPhone SDK, now at Beta 3, mark Apple's first swing at Microsoft-style free public distribution of pre-release dev tools. The privilege of early access has been reserved for paid members of Apple's Developer Connection programs. That iPhone SDK carries all of the latest GUI tools, documentation, and GNU command line compilers, including FORTRAN, into Apple's default distribution. Hit http://developer.apple.com/iphone and scroll to the bottom of the page for the download link. You do not need to pay the $99 fee to register as an iPhone developer to use the new tools, which compile applications for Leopard as well as iPhone.
Apple is getting ever more daring in its engagement with open source in other ways. WebKit, the fast HTML/CSS/SVG rendering and JavaScript engine used in Safari, has caught on like wildfire outside Apple, and why not? To get a commercial browser, loaded with current and emerging standards, free and open for incorporation in your software, is the stuff of fantasy, and Apple holds virtually nothing back. The WebKit project is not strictly Apple's. It enjoys broad community engagement, but it is worked as a priority by Apple's staff, even to the benefit of direct competitors. For example, the browser on Nokia's E-series phones is WebKit-based, and this is not the only example where Apple effectively put its staff and technology to work for the benefit of a competitor. The GNU toolchain's adaptability to multiple embedded platforms will see WebKit in everything from phones to toys, starting with iPhone and iPod touch. Now that WebKit has been accepted into Google's Summer of Code, I can't wait to see what innovation comes from that gathering. I plan to ply the most influential attendees with the libations of their choice and get their take on where development is headed.
Apple pushed the source code for the publicly exposed innards of OS X Leopard, known as Darwin 9, out for public download on MacOS Forge. Every time it does that, I imagine the move preceded by arguments inside the office about the effort and risks that such a program visits on Apple's platform business. The work of preparing a project of Darwin's size for public distribution is inestimable, and Apple deserves credit for putting it on the agenda of its top OS engineers and project leaders.
I love the conservative approach that Apple is taking with iPhone, especially with regard to multiprocessing. iPhone Applications need to launch and quit instantly, yet relaunch after the first execution having cached and persisted their closing state in detail. It's a freeze/thaw model of state persistence that I'd like to see extended to applications in general. Apple's Xcode has Instruments (prior: XRay), a tool that jams electrodes into your program's and the system's running environment. It records and charts statistical data at runtime along several axes for later examination. It's the most effective means of hand-tuning code for efficiency that I've ever used, and it shows the benefits of persistence quite plainly.
Taking a break from Mac hardware gave me a chance to drink more deeply of the software that Apple maintains off its beaten path. MacPorts and Apple's validated versions of open source projects are open source treasure troves stuffed with some 5,000 free applications tuned and packaged for Intel and PowerPC Macs. Digging through these repositories is so addicting that I had to issue myself an edict to get back to work, which I shall do, newly confident in my mission and purpose. I'm a Macophile for good reason.
Posted by Tom Yager on April 16, 2008 11:36 AM
April 16, 2008 | Comments: (0)
Corrections to "Back to the Mac"
I made a couple of statements in my recent "Ahead of the Curve" blog that Apple contscted me to correct.
First, contrary to my claim that the iPhone SDK is the first time that Apple has released a public preview editions of Xcode in the past, Apple claims to have done so.
Apple tells me that it is not incorporating FORTRAN into beta 3 of its iPhone SDK, a release that includes the newest stable build of the GNU Compiler Collection toolchain. MacOSForge lists FORTRAN as a default language in its distributions of gcc after v4.0, This accounted for my confusion. Note that while gcc 4.x will build for OS X, it is only supported informally by Apple, as are all Apple open source projects.
My apologies for any inconvenience brought about by my incorrect information.
Posted by Tom Yager on April 16, 2008 01:28 AM
April 15, 2008 | Comments: (0)
OS X Server break-in: Probably isolated, but a heads-up
On Sunday, I encountered a break-in on an Xserve running OS X Leopard Server 10.5.2. All Apple-issued fixes had been applied. I cannot locate the vector of intrusion, but following the break-in I noticed the following:
- Kerberos authentication was disabled, making the system extremely slow to respond to LAN-based secure shell (ssh) initiation requests. Screen sharing sessions would not connect at all. However, Server Admin was fully functional
- All e-mail was down
- A launch script for Communigate Pro 5.2.x had been placed in /System/Library/StartupItems, causing Postfix and Cyrus to abort on launch after logging that SMTP, IMAP and POP ports were already opened. All of these services answered with Communigate Pro's greeting rather than Postfix or Cyrus
- The StartupItems launch script was removed after Communigate Pro was successfully launched
- Communigate Pro's HTTP administration ports were not open at either their default TCP ports or any other listening ports
- Communigate Pro reinstalled itself when the contents of its configuration directory were deleted
- Several inbound messages from Eastern European senders were addressed to the recipient pw@mydomain.com. This account did not exist in Postfix prior to the attack
- Command-line searches for Communigate's distribution tarball and executable were unsuccessful until I interrupted the reinstall process prior to completion
- No listening or established TCP port connections were listed by netstat
- Postfix SMTP logs were stuffed with relay attempts (far more than usual) for days prior to the break-in
- Persistent ssh dictionary attacks preceded the break-in and the period following my blocking of external access. No successes were logged (not surprising)
- Fortunately, I interceded before the intruder managed to crack my server into acting as an open SMTP relay. It is possible that my server is wired as a DOS bot, but I doubt it (see below)
- The intrusion was only active for one day. However, the intruder was able to obtain periodic intelligence on my actions to thwart his efforts. This was evident in the fact that while I was investigating the cause, the passwords to the two privileged accounts on my server were altered
- System configuration files were not altered in any obvious way, and my server is apparently restored to normal function after this response: a) I shut down both WAN ports; b) I changed the root password to the serial number on a $2 bill I received as a high school graduation gift; c) I emptied the Communigate Pro configuration directory and applied ACLs that made it inaccessible except to a freshly-created user with an obscenely complicated password; d) I removed the Communigate Pro StartupItem; e) I wiped out the persisted keys for ssh
It's my suspicion that my system was placed under limited remote control via exploitation of a vulnerability, probably a manufactured one as no reported exploit exists, in Communigate Pro that allowed an attacker to submit very limited commands via SMTP and/or POP3. I think he was flying blind, unable to see the results of the commands he issued, and he therefore made rather slow progress. It was sloppy of him to change my administrative passwords while I was logged in. If I had missed his presence prior to that, that action would have given him away.
How he injected Communigate Pro into my system in the first place remains a troubling mystery.
I'm fairly confident that his original exploit and remote control vectors have been disarmed. Now it falls to me to discover any backdoors he's left behind. There is no sensitive data on this server, and it is not gatewayed to the rest of my network. Rather than reinstall the OS, I'm leaving my server on-line as it is, with all logs set to debug and privileged accounts disabled for non-console login, to see if the attacker has established another way in.
I don't have time right now to do more than this. Ironically, I'm doing a review of Xserve. This event does not color my opinion of Leopar or Leopard Server. I used canned OS X tools and methods to shut down the attack, so I feel the system is adequately armed to foil an attacker. I expect that the original vulnerability was of my own making.
Posted by Tom Yager on April 15, 2008 01:02 PM
March 31, 2008 | Comments: (0)
iPhone SDK: Interface Builder added; WebKit kicks into overdrive
Apple isn't shipping the official iPhone SDK until June, but if you're planning to create apps for iPhone or iPod touch, the pre-release SDK just became more than a curiosity for those writing native code. Interface Builder, the Xcode tool for creating graphical user interfaces for Mac applications, has been added to the iPhone SDK. This not only gives developers the ability to add non-HTML GUIs to their native applications, but Interface Builder also makes it easier to carry hardcore Mac coding skills to iPhone.
The SVG Animation in WebKit (Safari) is still under development, but in its latest incarnation it is fast, smooth and very close to passing the standard's acid test. I have little doubt that it will be in Safari's public release in time for WWDC in June. Developers who want to check SVG Animation out now can grab the latest nightly build of WebKit from www.webkit.org. Installing a nightly build binary will add an executable, webkit.app, to your Applications folder. It is indiscernible from Safari--even the title bar says "Safari" and all of your bookmarks are present. The tip-off is a gold-tinged rim around the compass icon. The About box reflects the latest full release build of Safari rather than the WebKit framework version.
There is always the risk that installing a nightly build over the top of production software will introduce some instability. I can't recommend it for Joe Machead, but if you're developing for iPhone, or developing for Safari for desktop, you should be tracking the WebKit builds and reading the blogs attached to the WebKit site.
You might not intend to build WebKit for yourself, but if you can read C and Objective-C, you'll find the WebKit source code to be a study in well-crafted code, written against multiple very complicated and moving specifications. Look at the HTML5 and CSS3 specifications on www.w3c.org to get a feel for what the WebKit crew is up against. Fortunately, it's a serious team that includes Apple engineers, and Apple is a key player in the specifications and standards processes.
Posted by Tom Yager on March 31, 2008 11:30 AM
March 19, 2008 | Comments: (0)
iPhone 2.0: Safari hosts local apps; SQL on a smartphone!; go get Safari 3.1 now
I have a secret: I love JavaScript. It has an extremely simple C-like grammar--it has far more in common with C than Java--and is readable and compact. I can teach it to a child in an hour. With just a few days of messing around, a beginner can write powerful client and server applications in JavaScript, and the minimum required toolset is a browser and a text editor. To test changes to your code, you refresh its browser page.
I developed my appreciation for JavaScript by using it to create applications of surprising scale. In 1999, I wrote a book about creating Web applications, laying out in detail how one can do anything with JavaScript, CSS, DHTML, XML and SQL. The pinnacle of client-side JavaScript at the time was Microsoft's JScript, implemented in Internet Explorer. I took great care in my book to balance IE against Netscape, and to document the ways in which each browser adhered to and diverged from W3C standards. IE did better than most people would assume. It went on to become the basis of the ECMAScript standard. Then Microsoft all but pulled the plug on the language's internal development. The JScript editor and debugger vanished from Visual Studio. My book flopped, but worse than that, a simple language that had justifiable momentum, and even a job market built around it, dropped from sight except as a means to render dynamic HTML content and discern one browser from another.
JavaScript has reemerged as the J in AJAX, where it's assigned such common duties of manipulating in-memory data structures, loading plug-ins and performing explicit animation on user interface elements. It's good to see JavaScript back in action, but for years I've imagined what JavaScript might have become if it had been actively developed after Microsoft let it go. My crushing disappointment was that AJAX, not so advanced in light of history, didn't aim at the one target I felt JavaScript was destined for: Standalone browser-based applications.
Now we're back on track. Incremental developments in WebKit, the open source project on which Apple's Safari is based, have coalesced into the Safari browser for iPhone 2.0, due out in June, and Safari 3.1, which was just delivered for OS X. Apple and WebKit developers have invested an impressive amount of effort to implement vital portions of HTML 5, CSS 3 and SVG (scalable vector graphics) standards. HTML 5 provides a standard for embedded SQL statements into script code. SVG (scalable vector graphics) does what its name suggests, but also brings motion into places where only static bitmap graphics worked before. SQL (through SQLite) and SVG are linked into Safari, not plug-ins. CSS 3 sets up implicit and explicit animation, with both managed by the renderer.
In the transition from Safari 3.0 to Safari 3.1, WebKit coders and Apple somehow blew the doors off prior JavaScript performance. Apple created a JS benchmark, SunSpider (a click here will run it immediately; be aware that it takes some time), to prove its point. It measures the average time taken to complete a few cycles of complex JavaScript tasks. An 8-core, 3 GHz Xserve ran the SunSpider suite on Safari 3.0.4 in 6624.6 millisconds (6.62 seconds). A dual-core, 2.4 GHz Santa Rosa MacBook Pro running Safari 3.1 completed the SunSpider suite in 3211.8 milliseconds, or 3.21 seconds. The fact that SunSpider expresses its results in thousandths of a second portends sub-second results.
As for persistence, well, Apple decided that cookies and XML just wouldn't do. Since SQLite is already pervasive in iPhone OS, Apple wired it into Safari to give JavaScript coders the ability to manage data using real, grown-up SQL with transaction support. SQLite is strictly client-sized, but very powerful for a database that links entirely into your code (and it's open source). I wasn't that hot on SQLite in OS X's Core Data until I saw it in action in the iPhone SDK. Now that I see it it running on an embedded device, I see SQLite for the tight coolness it is.
There is another motivation to using SQLite as the persistence mechanism for iPhone Safari applications: It forces developers to give much more thought to their use of storage, which is a finite commodity on a phone or music player. It also slashes a lot of tree walking and in-memory XML out of your script code. But if you've just got to do the DOM, Apple did fold in two new native-ized DOM query methods to displace still more iterative scans.
Safari on iPhone 2.0 (and iPod touch 2.0) pushes the envelope in so many ways that Mac users will want it in desktop Safari and Dashboard. Okay, I'll speak for myself. I've been hollering for standalone browser-based applications, not those pseudo-apps that require a teeny HTTP server, for years. I'm on record saying that if Apple just did persistence in iPhone's Safari, I'd quit harping at them about a native SDK. I got what I wanted and then some, so now I can harp at you about what Apple poured into iPhone/iPod touch 2.0, Safari and the SDK.
Posted by Tom Yager on March 19, 2008 07:14 PM
March 10, 2008 | Comments: (0)
New iPhone enterprise developer program, $299; musings about iPhone app licensing
Companies and organizations that don't want to make their iPhone/iPod touch software publicly available through AppStore can now apply for a special $299 enterprise development license that entitles them to create and distribute custom software strictly for internal use. The application must be submitted by an individual empowered to make legal commitments on their employer's behalf.
This raises some questions in my mind. If you run a consulting shop that creates commercial iPhone software for clients' (say, government agencies') private use, does each client need an iPhone enterprise license? $299 is not prohibitively expensive, but some clients might balk at signing a contract with Apple as a condition of running the code you sold them. Commercial developers don't necessarily want to share their client lists with Apple.
I'll ask Apple how it works, but I'm hoping that the $299 program is the equivalent of an unlisted number. If the extra $200 buys the privilege of bypassing Apple's validation, distribution and customer registration systems, then it's the right approach.
You could argue that anyone who carries an iPhone is already registered with Apple when they activate their phone, so whatever secrets a user would wish to keep are already out. However, in enterprises, handsets are purchased and activated by the employer, not individual users (a purchase model which has, to this point, been denied iPhone buyers by AT&T). Once a phone is purchased as part of an enterprise deal, it should drop off the map where the handset manufacturer is concerned, and the wireless operator's role is limited to supplying the service and sending the bill. Which individual is using the phone, what for, where they work and what applications they're running should be nobody's business. Anything from personal security to trade secrets might be at stake. Once Apple picks up the enterprise baton, it has a lot to live up to.
iPod touch is a special case, and given my overall lack of enthusiasm for AT&T, my favorite case. touch can be used exclusively inside company, agency or a home's walls for any private use the purchaser has in mind. There is no carrier to protect. There is no requirement to sign up with iTunes or any other service in order to use iPod touch for applications. My first application for iPod touch will be to use it as a remote control for an iBootBar rack power controller. This has several network interfaces, but Telnet is the most versatile and will hide well under a GUI. This won't be a difficult first assignment. I'm more uncertain about licensing for personal applications than I am the SDK.
My read of Apple's signing and licensing requirements is that once you pay your $99 or $299 and are issued a certificate, you can start using iPhone/iPod touch units for development (prior to licensing, you can only use the emulator), permitting you to use real devices as develop and debug targets. I have a hunch that units are activated for development use individually (how and how many, I have no idea; perhaps an iTunes-like model) to prevent the use of the SDK as a means of distributing apps.
Where applications written for my sole use are concerned, do I have to sign my code, upload it to AppStore, wait for approval, and re-download it in order to use it? Do I have to re-sign and resubmit the app I wrote for myself every time I make a change (because the checksum changes)? So many questions.
Developer and user licensing will be the messiest aspects of iPhone custom development leading up to the public release in June. I'm going to try to snag a briefing with Apple prior to the release to go over iPhone/iPod touch certificates and licensing. I'll share those details with you.
Posted by Tom Yager on March 10, 2008 07:06 AM
March 06, 2008 | Comments: (0)
Q: Why is Apple the exclusive distributor of third-party software for iPhone and iPod touch?
A: Somebody has to take full responsibility for customer security. Apple is taking responsibility for security by issuing developer certificates that irreversibly link every app a traceable, physical creator. Apple is a good groundskeeper, too; the site's always going to look splendid.
Q: Why do I have to pay $99 to write code for iPhone, and what's that buy me?
A: You can write code for iPhone for $0; download the tools from developer.apple.com. Mess around in the simulator to see if it piques your interest. If it does, then $99, plus answers to the validation questions that Apple will ask, gets you a certificate that will burn your name into your code. When you get that, you can start debugging with a physical iPhone or iPod touch. And you can upload your software to AppStore.
Q: What is AppStore, and how do I get in it?
A: The AppStore icon will be added to iPhone and iPod touch
Q: I meant, how can I get my software in it?
A: Sign up as an iPhone developer. They'll guide you through it.
Q: What kind of merchant account, PayPal, Kagi thing will I need to get my software sold?
A: This is much as you need to worry about money: a) Pay Apple $99 to be a developer; b) write something worth buying; c) decide what people should pay for it; d) upload it to Apple; e) rejoice as you're paid 70% of your monthly sales.
Q: Is anything about this program open source?
A: Steve Jobs says no. You will find references to ARM (the MCU used in iPhone and iPod touch) scattered around the Darwin source code.
Q: Do you think it's possible to completely overwrite the software on iPhone so I can do what I want?
A: For carrier unlocking: a) Buy iPod touch; b) Buy unlocked telephone
Posted by Tom Yager on March 6, 2008 04:31 PM
March 06, 2008 | Comments: (0)
Apple's iPhone software strategy moves me
A colleague scolded me for applauding during Apple's press conference to announce iPhone 2.0, next-generation firmware that will bring a host of enterprise features and support for a native software development kit (SDK) to iPhone and iPod touch. In my defense, I kept my pen and pad in my hands while the room went berserk over Apple's deal with Microsoft to bring an extraordinary array of Exchange Server connectivity to iPhone. I was moved, but not to clapping, by Apple's implementation of Cisco VPN compatibility, WPA2 security and other touches that IT administrators set as requirements for devices that connect to their networks. The enterprise half of Apple's new mobile strategy speaks to IT, and therefore to me as an IT journalist. iPhone 2.0 brings iPhone and iPod touch many steps closer to parity with the high-end BlackBerry, Windows Mobile and Nokia QWERTY and stylus handsets that are enterprise mainstays now. My journalist appreciates having a new contender in enterprise mobile, but does not applaud at press conferences presenting same. I nod and note.
[ Read my iPhone 2.0 Q&A. Read about the developers' reaction to the news. Read our special report, "IT's guide to the iPhone." Learn how to make the iPhone work at work. ]
But I am more than a journalist. I worked in engineering, consulting and technical management in the wireless industry before coming to InfoWorld. I've covered wireless, mobile and embedded technology during my entire tenure here simply by continuing to think and operate like a professional with skin in the mobile and embedded game. For over a decade, I've seen wireless carriers, hardware and component manufacturers and OS vendors come at custom software development from every imaginable angle but the right one. I've known for so many years that the barrier to a boom in mobile applications is a stable, simple, documented platform and a matched set of development tools. I've known that these things don't exist because no entity has found a way to make such an effort profitable. Apple has.
Lest I carry on too long in one post about a topic that will take many posts to cover, I'll clue you in on the points that provoked my applause.
Apple's native dev tools include live remote debugging and run-time profiling of USB-connected devices. During the demo, Apple showed Xcode's Instruments (formerly Xray, derived from Sun's DTrace) recording stack traces in real-time from software running on an iPhone. Developers of embedded software--and that's precisely what handset apps are--appreciate how difficult, expensive and tedious it is to design, code and debug with a tethered physical target, and what a big deal it is to have live debugging baked into an embedded platform and a free toolset. English translation: Applause.
Apple is hosting a catalog of third-party applications (AppStore), splitting the proceeds with developers 70/30, and paying developers for software sold on a monthly basis. AppStore will automatically notify iPhone and iPod touch customers when new releases of their purchased software is available. No desktop approach to shareware and small-volume licensing is adaptable to mobile. All a third-party developer needs to do is upload its software to Apple, hang on it the price tag of his choice, and it'll be added to the catalog. From there, the developer just waits for the checks. And, one hopes, responds to calls for support.
Apple will not charge developers or customers for free third-party software. Huzzah!! Developers will need their $99 certificate, but you can band together with your buds and code under an assumed name. Only the guy that actually has the phone needs the license. Everyone else can work for free, using free tools, with the free simulator.
Apple is opening the same APIs that it uses internally. OS X, BSD, TCP/IP, Sockets, security, power management, Keychain, Core Services (e.g. Address Book, Mail), Core Audio, OpenAL, audio recording, graphics (JPG PNG TIFF), PDF, Quartz 2D, OpenGL ES and H.264, to name a few. A new GUI API layer, Core Touch, has been added. A database layer, managed by SQLlite, is in there. Might could get something done with all that.
Apple will charge $99 per developer to issue a code signing certificate, and Apple will police the AppStore catalog for malware and the like. That's cheap, and in return, Apple's taking responsibility for security. Gutsy.
The iPhone SDK and documentation are entirely free of charge for use with the integrated iPhone simulator. You don't have to buy a certificate to write code. You don't even need an iPhone.
Interface Builder (the GUI designer in the Xcode toolset) is loaded with all standard iPhone and iPod touch interface elements and actions. No more AJAX hacks that look sorta like...
Safari WebView was only mentioned as a term, but if it gives me locally-hosted apps, written in JavaScript, with an HTML front end, I'm down. That might tide me over until Silverlight and Flash come around.
No, seriously, I won't wait. I must code.
After the break, a Q & A with our resident cynic.
Posted by Tom Yager on March 6, 2008 03:43 PM
January 18, 2008 | Comments: (0)
InfoWorld Test Center Preview: Time Capsule wireless remote Time Machine backup
Take an Airport Extreme 802.11n base station, add a 3.5-inch internal drive and modify the device's firmware to permit the built-in LAN to share a drive as a volume (a device) rather than a folder within the filesystem, and you've got Time Capsule. Apple has also done away with the power brick; Time Capsule's power supply is internal.
The reason for Time Capsule's existence is to compensate for a few unfortunate realities: Time Machine, wonderful as it is, requires desktop USB or FireWire drives. All of these have to be sized appropriately, which is no easy thing, and worse, notebook users have to remember to plug them in often enough to make the backups useful. Xserve is one fix, but it is a dear investment considering how fast one Mac can eat through a hard drive with Time Machine. Time Capsule fixes that. It is expandable via inexpensive external USB drives. You won't get breakneck speed, but if one Time Capsule gets bogged down, set up another. The Time Machine client lets you choose your backup destination.
Time Capsule does not precisely match the protocol used by Time Machine Server on OS X Server Leopard. The effect is the same: A network that includes a Time Machine Server and one or more Time Capsules populates a pull-down list of Time Machine destination volumes.
Time Capsule does allow users the full set of Time Machine abilities of doing point-in-time file system exploration. It also supports Time Machine's ability to perform a migration or restore from a Time Machine image.
Time Capsule's USB port still handles printer sharing. Except for the direct power input, Time Capsule's enclose is identical to that of Airport Extreme 802.11n. Time Capsule's base price is $299 with a 500 GB drive, and $499 with a 1 TB drive. Apple claims that it uses "server grade" drives, which I learned require special care compared to lesser drives. I carried a Hitachi DeskStar drive in an external enclosure and pulled it about two feet onto the ground while operational. It was shock-mounted in it chassis, but the drive was immediately destroyed. Server-grade drives don't park their heads by default. The next time I configure one, I'll see if it's an option.
I also need to test Time Capsule to see what the reasonable maximum number of USB drives is, and where performance starts to hit that part of the curve that says "buy a second one."
Posted by Tom Yager on January 18, 2008 12:30 AM
January 17, 2008 | Comments: (0)
MacBook Air, a detailed preview
The room service menu in my hotel, the San Francisco Marriott Courtyard, is the size and weight of Apple's new commercial notebook, MacBook Air. MacBook Air, Apple's newest, thinnest, lightest, simplest notebook in Apple history weighs three pounds. It's 3/4s of an inch at the display hinge (closed), sloping down aerodynamically to a much narrower snout. You have to hold it and tumble MacBook Air to experience what a three pound, aerodynamically inspired notebook feels like, because it'll be a first for you. You have to imagine carrying MacBook Air everywhere in a slipcase, being able to whip it out, open it and have it ready for note taking, research, order entry, voice recording, podcasting, writing or what-have-you faster than you can jot your first word with that legal pad and pen in your bag.
Apple got MacBook Air so skinny and light by removing everything that the majority of mainstream commercial users don't use when they're not in the office or at home. There is no wired Ethernet and no FireWire. MacBook Air has just physical I/O ports: USB 2, audio output and micro-DVI (the latter for connecting to a digital, VGA or video monitor). These are all mounted on a tiny panel that flips down from the bottom of the notebook. When the I/O panel is closed, MacBook Air is nothing but smooth, sloped aluminum skin all the way around. There are no lumps or access covers to tip you off to component placement.
Many questions remain that require a full review to answer. My encounter was with a prototype, so I didn't get a chance to experience heat or fan noise. The charger is 45 watts, and the clocked-down chips in smaller packaging is encouraging. I also didn't get to see how far back the display tilts. I did find that the microphone is no to the right of the iSight window, though I don't know if the sound quality is improved. Likewise, I did not audition the speakers. A test left to run is to use this machine with Bluetooth stereo headphones. This works on MacBook Pro, but it's buggy. Does MacBook Air fix it?
MacBook Air's battery is sealed inside. It offers no external indication of its charge state. Apple's battery replacement program for MacBook Air is to drop it at any authorized facility, get it replaced, and get your machine back having been charged for the cost of the battery alone. I wouldn't expect this swap to happen while you wait, and I don't know whether Apple will commit to returning your data intact.
The thin lid encasing the 13.3-inch glossy display is astonishingly rigid. With so little distance between the top of the lid and the surface of the display, I felt sure that it would fail my warp test. I pressed hard on the back of the prototype MacBook Air's lid. It did not flex, and the display's image did not distort. It's my feeling that the shape of MacBook Air's case will make it a tougher travel partner than the typical squarish notebook.There isn't anything to cave in.
MacBook Air is gives you only what you need: A keyboard, a 13.3-inch display, 80 GB hard drive, wireless networking and 2 GB of RAM. The 1.6 GHz Core 2 Duo CPU (1.8 is an option) is clocked slow by modern standards, but it is cooler and more power efficient than the latest Penryn CPUs. Apple claims that MacBook Air's battery will last five hours, with Wi-Fi. If that's true, then it'll run 90 minutes longer than the much heavier MacBook Pro that I carry. The 45-watt charger makes in-flight and in-car charging cheap and easy.
MacBook Air's keyboard is MacBookish in style with widely space keys, but it is full size and backlit. The prototypes weren't lighting properly, so I can't speak to brightness of the lights or the opacity of the keycaps. The trackpad is massive relative to the size of the notebook. If it worked with a stylus, it'd make a fair tablet. The new trackpad supports a subset of iPhone's multi-touch gestures in bundled Leopard applications. In Safari, for example, you can navigate backward and forward among cached pages by sweeping across the trackpad. To enlarge text in the browser, you make a spreading motion with two fingers. In iPhoto, you can scroll, zoom and even rotate images in the thumbnail view with a single trackpad gesture. The gestural vocabulary will undoubtedly expand, and multi-touch will reach into other Apple software. Apple wasn't ready to address giving third-party developers access to multi-touch.
It goes without saying that this notebook isn't for everyone. MacBook Air's chief drawback is the display. Apple chose a sharp, glossy and bright LED-backlit 13.3-inch LCD panel. It looks marvelous, but it has a vertical resolution of 800 pixels. Pages and applications that are (poorly, lazily) designed to just fill a 1024x768 Windows screen have to be scrolled vertically on a Mac's 800 pixel tall display, while the 900 pixel tall screen of a 15-inch MacBook Pro is a perfect fit. The reason for this is a rant for another time.
Apple's usual thin, slot-loading optical drive would have made the case and the battery too thick, so Apple sells a thin, slot-loading, USB-powered external DVD burner for $99 (beautiful, portable and a bargain for any notebook). MacBook Air also comes with Remote Disc software that allows it to use the DVD drive in any PC or Mac on your LAN. Remote Disc completely bypasses the hassles of fire sharing. The shared disc shows up in Finder as a read-only CD/DVD drive. You cannot use Remote Disc to play DVD movies.
Before pointing to performance as a reason to take MacBook Air off your list, keep in mind that its Core 2 Duo CPU enables OS X Leopard's 64-bitness. With 2 GB of RAM, running Windows, Solaris or Linux as a guest OS under Parallels Desktop or VMWare Fusion is well within its reach. Given MacBook Air's small hard drive, using Boot Camp to dual-boot between OS X and Windows is impractical. With Intel's integrated graphics, the primary impetus for running Boot Camp--to run games and other graphics intensive Windows apps--isn't a factor for MacBook, MacBook Air or Mac mini.
Making MacBook Air at home everywhere I go would require some additional purchases: A USB to Ethernet adapter to connect to hotels' in-room networks, a DVI to HDMI adapter so that I can use hotels' LCD TVs as eye-friendly monitors, and the external DVD drive, because I get CDs and DVDs, and burn them, everywhere I go. But all of these fit in a sandwich-sized baggie that stays behind in the office or hotel while I fly, attend meetings and sit in conference sessions. I can't strip these things out of a big notebook to lighten it up, and they are among the peripherals that fatten the case and make a large, heavy battery necessary.
You do have to weigh MacBook Air's $1,799 sticker price against the benefits of traveling very, very light. If you run to meetings now with a wheeled bag in your wake because your notebook and charger are too fat and heavy to sling over your shoulder, you need to make a change. If it's such a pain to extricate and pry open your big notebook just to make a note, check an appointment or send an e-mail that you sometimes just don't bother, you definitely need a smaller notebook. If you start shopping with MacBook Air, I'm afraid that touring PC alternatives will prove unfulfilling.
Posted by Tom Yager on January 17, 2008 09:59 PM
January 14, 2008 | Comments: (0)
Thoughts on the iPhone/iPod touch SDK
[Late note to helpful commenters: I only write from my experience, observation and analysis. I don't read anyone else's work on topics I cover.]
If everything is still on track, Apple will roll out a software development kit (SDK) for iPhone and iPod touch, which share a platform, in February. I have been pondering some possibilities about that SDK. I don't have answers, but perhaps the questions will get you thinking.
Why do an SDK? Certainly not to make the world happy. If Apple spoke with me about iPhone, it would point out that I'm among a tiny handful of people campaigning for a native iPhone SDK. Casual developers would be overjoyed if Apple beefed up iPhone's Javascript to provide programmers with access to a protected subset of the filesystem and the ability to add icons to the home screen. If it were possible to browse "file://" in Safari, then local HTML apps with XML data stores could function as off-line applications.
A similar purpose would be served by a tiny HTTP server capable of performing data binding and mixing of local and on-line content.
In the long run, I think that the reason for doing a native iPhone SDK is to make iTunes Music Store a marketplace for downloadable mobile software. It's been done; Forum Nokia has catalogs of third-party software and hosts developers' applications. An icon on your phone takes you to the Nokia catalog, and software that you purchase from there gets tacked onto your phone bill. Developers get a check for their cut. Games and network tools are very popular.
Commercial developers (shareware and up) need to wire their code for time-limited trials and phone home activation, which is harder to work into non-native software. Nokia tags offerings in its catalog by programming language, and the vast majority are written in C.
If the iPhone SDK is genuinely native, that is, compilers can target the ARM CPU, then that openness will come with high-tensile strings attached that will prevent working around any of the restrictions that protect Apple and wireless operator revenue, and to protect non-savvy iPhone users (the majority). If the SDK permitted the opening of arbitrary TCP sockets, for instance, half of the world's iPhones would be running P2P file sharing clients 24/7, at wireless operators' expense. Trusting users would be downloading malware-stuffed Tetris clones that ship address books and mail folders to identity thieves. I don't see Apple opening itself to this.
Apple will provide as much cover for customers as it can. iPhone apps will be sandboxed so that system and iTunes files are invisible. The first custom app you run will see an empty file system from / on down. Further protection will be afforded by Apple just as Nokia has done it (and with great controversy): Vendor code signing. There is no getting around the fact that native mobile apps, except for those you write for yourself, must be signed, and that no developer can be equipped with the means to sign code that runs on another device. Code has to blessed by a single trustworthy authority. I can't imagine what the signing process would be, how long it would take or how much it would cost--I'd hate to see no potential for iPhone/iPod touch freeware--but I don't think that it's something Apple will farm out.
iTunes' adaptable infrastructure and digital rights management technology are already there. After receiving and signing an app on behalf of a developer, Apple need only add a workflow item to ship that material, price attached, to iTunes. The question in my mind is how developers will get paid. Is Apple going to cut hundreds of developers individual checks? Will Apple demand to be the only source through which signed applications can be acquired?
So many questions. That's what I love about this job.
Posted by Tom Yager on January 14, 2008 11:17 PM
January 14, 2008 | Comments: (0)
Macworld Conference and Expo: Why am I here?
I always look forward to Macworld Expo, but this year my expectations are especially high. It may be the bracing San Francisco weather that's got my blood moving, but it's my anticipation of the keynote and the exhibit floor that have me blogging in the shower.
Apple has scheduled two briefings with me this week. One is a keynote follow-up on Wednesday, and the other is a sit-down on Mac Pro and Xserve on Thursday. I've already got the skinny on Mac Pro and Xserve, both quite impressive, but both falling under the category of pre-show announcements that make room for something else. So will the Wednesday briefing be all about iPhone?
I am braced for that possibility. With 3G, a lower price, streaming media and an upcoming software development kit (SDK), I'm prepared to treat iPhone '08 as a new device. I have speculation related to the SDK that I'll relate under separate cover. Suffice it to say that I don't expect to be able to wipe iPhone's system software clean and replace it with Darwin. That would subvert the primary purpose of Apple's mobile platform: To be an iTunes terminal that fits in your pocket and sticks to your dashboard. The only need that I can see for an iPhone SDK is to allow Apple to market signed commercial software on iTunes Music Store. The only justification that I can see for native code is to support games, and to allow commercial code to enforce licenses.
Apple could surprise me. After all, there is no obvious revenue justification for publishing those portions of Darwin that are not covered by GPL, the GNU Public Licenses that require vendors to publish their adaptation of software covered by the license. I can imagine, and I'm sure that others can, too, iPhone and iPod touch being the world's most sought-after robotics controllers and de facto platforms for university courses in embedded systems. I don't expect iPhone/iPod touch to be opened to kernel hackers, but I think that in the long run, Darwin has good potential as an embedded OS.
I hear from my editors that there is still speculation about a Mac tablet. I'm bearish on that; PC tablets aren't hot commodities. With so much low-hanging fruit yet to harvest from the seasonal evolution of Mac, iPod, iPhone, iTunes, Leopard, Pro Apps and .Mac, I can't foresee any bold new lines of business for Apple right now. My attention this year is largely focused on third-party vendors. I am always hopeful for products that I didn't see coming, and I'd be delighted to hear Steve say something that nobody expects.
In any case, this'll be fun. I hope you'll come along.
Posted by Tom Yager on January 14, 2008 01:05 PM
January 08, 2008 | Comments: (0)
For CPU power draw, trust Apple, not Intel
Apple dropped me a note in response to my blog post on its Harpertown Xserve and Mac Pro announcement. I attributed the per-socket CPU power draw claim of "80 watts max, 4 watts idle" to Intel. That turns out to be Apple's number, not Intel's.
I'm not much interested in Intel's stated Harpertown per-socket power draw because I can't reproduce Intel's test conditions. Outside Intel's labs, you can't pin down a single component's true power draw without a well-equipped test bench and a very steady hand.
If you have an Xserve or Mac Pro, you can skip the bench and skip Intel's data sheets as well. Apple builds an uncommon level of instrumentation into Xserve and Mac Pro. OS X Server Leopard's (or Tiger's) Server Monitor reports on component-level power draw and fine-grained regional temperatures in real-time. You can subject Xserve or Mac Pro to varying workloads and track power utilization of CPUs, DIMM sockets and the Intel north bridge independently. It is through this facility that I learned that Intel's north bridge (memory and I/O hub) chip is the least green component in the system.
I was green before green was in, and I am a firm believer that the only place to measure power draw is at the outlet. But chipmakers, and OEMs who ride the shirttails of chipmakers' marketing, compete based on power consumption per CPU socket without providing consumers or product testers the means to validate their claims. At least with Xserve and Mac Pro, I can see for myself. The figures may not be absolute--they can only safely be compared Apples to Apples--but Server Monitor will reveal whether Harpertown's 45 nanometer-ness is directly related to its greenness. With faster front side and memory busses, will cooler CPU sockets matter? As you can tell, I'm eager to find out.
Posted by Tom Yager on January 8, 2008 07:16 PM
January 08, 2008 | Comments: (0)
Apple ships new eight-core Harpertown Mac Pro and Xserve
Apple has once again taken up Intel's fresh-from-the-fab processor technology to give its two top-end systems a serious performance kick. Apple has reengineered its Xserve rack server and Mac Pro desktop/workstation for Intel's 45 nanometer quad-core Harpertown Xeon CPU with 12 MB of shared Level 2 cache per socket.
Xserve's top configuration now reaches to eight 3 GHz cores. Xserve's second socket is empty by default, making the standard config four cores, but the incremental config-to-order (CTO) cost to take the base Xserve to eight cores is just $500. The new Mac Pro elevates the standard configuration from four cores to eight while maintaining the previous Mac Pro's price level. That change is especially significant given that before today, a CTO eight core Mac Pro carried a premium of $1,200 over the standard four core system.
Apple claims that its new Mac Pro and Xserve deliver an impressively linear 1.9 to 2.3 times increase over the compute speed of prior four-core models, and with 800 MHz DDR2 memory (up from 667), 60 percent higher memory throughput. The new systems share support for PCI-Express 2.0 expansion cards, an option to upgrade to multiple 1 TB swappable hard drives, and when 4 GB FBDIMMs (fully buffered dual inline memory modules) are used, room for up to 32 GB of system memory. Both Xserve and Mac Pro are now shipping with 2 GB of RAM standard (previously 1 GB) and a SuperDrive dual-layer DVD burner.
Intel's Harpertown CPU is more energy efficient; Intel claims power consumption of 80 watts per socket, dropping to as little as 4 watts when idle. Apple has swapped out Xserve's redundant power supplies for stronger 750 watt units that exceed Energy Star 80 percent efficiency requirements. Mac Pro's system enclosure is identical to the previous model, while Xserve now has a USB 2.0 socket on its front panel.
Mac Pro and Xserve ship standard with discrete AMD/ATI 3-D graphics processing units (GPUs). Mac Pro's baseline config utilizes the Radeon HD 2600 XT with 256 MB of video memory, while Xserve ships with an on-board Radeon X1300. Mac Pro can support up to four AMD/ATI or NVidia graphics cards, while a 16x PCI-Express slot on Xserve permits the optional use of a standalone graphics adapter to supplant the built-in GPU.
AMD/ATI graphics cards are available now. An Apple spokesman said that optional NVidia graphics cards are "several weeks away."
Apple's systems are engineered in-house, not based on Intel reference designs. Mac Pro and Xserve are thoroughly instrumented for multi-point monitoring of power utilization, temperature and fan speed. Both systems have standard swappable hard drive backplanes--Mac Pro has four internal swappable drive bays, while Xserve has three front-facing bays--and the option to use either Serial ATA or Serial Attached SCSI (SAS) drives. SAS is new to this generation of Mac Pro, a benefit of the optional hardware RAID controller. The same RAID controller is an option for Xserve, but Xserve is capable of using any mix of SATA and SAS drives without the RAID option.
At $2,799, the standard Mac Pro ships with two 2.8 GHz quad-core Xeon CPUs, an AMD/ATI Radeon HD 2600 XT graphics card with 256 MB of video RAM, a 320 GB SATA hard drive, a 16X SuperDrive DVD burner with dual-layer support, Bluetooth 2.0, 2 GB of 800 MHz DDR2 memory, and Apple's wired aluminum keyboard and Mighty Mouse. Mac Pro ships with OS X Leopard and the iLife '08 personal digital media suite installed.
In its $2,999 standard configuration, Apple's Xserve has a single quad-core, 2.8 GHz CPU, an 80 GB SATA hard drive, 2 GB of 800 MHz DDR2 memory and a slot-loading SuperDrive DVD burner. Both systems have a large catalog of configure-to-order options that are factory-installed and tested by Apple.
The new Mac Pro and Xserve are shipping today via Apple's on-line and retail stores, and through authorized resellers.
Posted by Tom Yager on January 8, 2008 09:46 AM
December 19, 2007 | Comments: (0)
MacBook Pro unresponsive keyboard patch. Nick of time, or vain hope?
Apple has done it again. It has released a patch overlapping with my blog entry complaining about a bug, but this time, Apple beat me to posting the entry, so I can't claim credit for the fix. I'm also not the least bit sure that the fix and my trouble are related, but I have a reason to report the MacBook Pro Software Update 1.1 as newsworthy.
The MacBook Pro Software Update 1.1 patch addresses "a temporary suspension of keyboard input which can last a minute or longer." That's familiar.
I've been trying to narrow this bug, or something like it, down to a particular app or kernel extension, or to some newness in Leopard. My best suspect was the recent pairing with a new Plantronics A2DP (Bluetooth Stereo) headset, which did knock my MacBook Pro loaner quite wobbly in other respects.
A2DP is still problematic, as I'll relate to you. But at least now I can tease trouble related to Bluetooth Stereo from a known hardware bug.
Posted by Tom Yager on December 19, 2007 01:00 PM
December 11, 2007 | Comments: (0)
Greatest hits for OS X developers; labeling apps "10.5 or later"
It's always a boon when someone gathers the greatest hits of some massive drop of new and complicated developer resources into one simple page that serves as a roadmap to deeper understanding. If you're ho-hum about porting to Leopard, you and your users are missing out.
I wish I had a knack for what Matt Gemmell does. His list of top reasons for developers to love Leopard will make Windows and Linux developers green with envy, and convince Mac developers to modernize and simplify their code. Matt's list is simple, concise, enlightening and enlivening, and I recommend it even for non-developers.
Along the same lines, is it Kosher to set Leopard as a requirement for your custom app? Like all responsible writers and speakers, I leave that to you. Extensions to Quick Look are emerging at a more rapid pace than Dashboard widgets for now.
I think literature like Matt's and WWDC '07 session materials make "OS X 10.5 or later" badging an awfully appealing prospect, even if it is politically incorrect by historical practice. At the very least, you might consider forking your projects and let versions addressing OS X prior to 10.5 slide into maintenance. There is so much developer goodness in Leopard that can't be back-ported to Tiger.
Posted by Tom Yager on December 11, 2007 08:32 PM
December 03, 2007 | Comments: (0)
InfoWorld's OS X Leopard review: "A Perfect 10," and thanks for the links
If you haven't seen it yet, I'd be honored if you'd check out my just-posted review of OS X Leopard. It was a long time in the making, and if you can believe it, I'm still not done. Part II of that review is being edited as I write this, and my review of OS X Leopard Server is nearing completion. You don't have to wonder whether InfoWorld is serious about Mac coverage. You just have to ask yourself how much Mac you can handle.
I'm exceedingly grateful to bloggers, aggregators and other sites that create links to my stories.
Posted by Tom Yager on December 3, 2007 07:28 PM
November 22, 2007 | Comments: (0)
Cool facts about the Leopard kernel
Source code for the x86 and PowerPC OS X (Darwin) kernels have been merged in Leopard for the first time. Prior to Leopard, PPC and x86 source trees had to be downloaded and managed separately. Now instead of building the right tree for your system type, you identify your target architecture at build time.
The Darwin sources now self-build a bootable Darwin using only make. Previously, you had to download a separate set of build tools called Darwinbuild.
x86 and PowerPC aren't the only targets for the Darwin kernel. The build example in the xnu README attached to the Leopard kernel makes reference to a Freescale MX31ADS ARM9 eval board (link to PDF manual) build target. That bodes well for the reach of the iPhone/iPod Touch developer kit in February, eh?
Posted by Tom Yager on November 22, 2007 07:40 AM
November 22, 2007 | Comments: (0)
Leopard kernel source code published November 8
Happy Thanksgiving, everyone. Among countless other things, I'm thankful to have a weekday during which I can leave my BlackBerry powered down.
I have also chosen today to give overdue thanks to the Leopard project team. The Darwin kernel used in Leopard has been posted to Macosforge.org. This figured into my ten out of ten review score, but yelling about sources in a review targeted to users, admins and IT buyers is a little too gearheady. If Apple is popping any champagne corks over Leopard being InfoWorld's first ten out of ten review, then I bid them set aside a well-chilled bottle of the finest (or their preferred adult or hypercaffeinated beverage) for Kevin Van Vechten and his team.
If you watch for Darwin kernel releases, you might have bookmarked Apple's Darwin kernel (xnu) project page, which still shows Tiger 10.4.8 as the newest announced version of the Darwin kernel. Keeping the news page current for media snoops isn't as important as getting the real work done. I confess being glad for that, because not many can grasp the relevance of Apple's lock-step kernel source publishing policy.
The sure-fire URL to bookmark for up to the minute Darwin sources is http://www.opensource.apple.com/darwinsource/tarballs/apsl/, which is an HTML gateway into Apple's open source version control system. The pretty page URL, which also provides convenient pointers to tools, docs and related sources, is at http://www.opensource.apple.com/darwinsource/. I haven't watched that page closely enough to vouch that it is kept up to date, but the xnu (kernel) releases listed there do reflect the full list of downloadable tarballs.
By keeping the release of kernel sources in step with commercial OS X updates a priority, Apple's engineers, program and project managers have now put a universe's worth of distance between OS X and other commercial OSes. Readers should know that xnu, the Darwin kernel, is an "extra mile" project. Publication of the kernel sources is not mandated by a license lien on any of Darwin's open source components. The BSD license attached to much of the Darwin kernel requires attribution, not distribution. I've always admired that.
The Leopard project team's brilliance and vision doesn't end there. I've unearthed some exciting details that deserve a post headline of their own, to follow immediately.
Posted by Tom Yager on November 22, 2007 06:31 AM
November 15, 2007 | Comments: (0)
Apple issues 23 updates in two days; highlights of Tiger and Leopard updates
Make sure your broadband bill is paid up, because Apple's got a crate full of fixes with your name on them.
In a couple of cases, these are the updates we've all been waiting for. I'm hoping that the iMac Graphics Firmware Update will get iMac users out of their work/save/reboot cycle. Such beautiful machines behaving so badly. I still wonder whether Apple or ATI did the brunt of the work on this fix.
The entire Pro Apps suite has gotten significant attention. One of the many qualities to appreciate about Final Cut Studio, Aperture and Logic is the frequency with which Apple tunes and enhances them. TV networks and movie studios deserve a bit of extra attention, no?
All Tiger and Leopard users have gotten major attention. 10.4.11 is the latest scheduled release of Tiger, and high points among its improvements include Safari 3.0, RAW image decoding for a range of new Olympus and Panasonic cameras, VMware Fusion stability fixes, the addressing of a bug affecting port mapping with shared Internet connections, 3rd-party WAN device compatibility, USB hard drive reliability, and security updates.
I'm all in for that USB hard drive update. I wonder if it would have kept my dead MacBook Pro eval unit alive. I just missed it.
OS X Server 10.4.11 has all this, along with some server essentials, like allowing users to belong to more than 16 groups, repairs to the FTP server to handle the LIST command properly, failover between Intel and PowerPC servers, LAN registration of OS X servers via Bonjour, proper handling of aliases on UFS and Xsan volumes, having the chmod command cause corresponding changes in ACL permissions, and fixes for memory panics in servers with 2 GB and 4 GB of RAM.
The OS X 10.5.1 update has some changes that really matter. It puts password-protected AirPort disks in the Finder's Shared sidebar and claims to fix Leopard's annoying tendency to forget wireless network passwords.
Have you used Back to My Mac? It's a simple tunnel to your home Mac from a remote system that works even when one machine or the other is behind a NAT router. The Back to My Mac fix shows remotely-accessible Macs in Finder's sidebar more reliably, and fixes glitches with D-Link NAT gateways. D-Link gear is priced right, but it tends to present challenges, doesn't it?
iCal and Mail have substantial fixes in the areas of the delivery of alarms via e-Mail, the invitation of meeting attendees through CalDAV, attachments inside HTML e-mail, SMTP connection failures in accounts created with Simple Setup, and a couple of significant fixes affecting .Mac users.
In security and firewall (which have been combined in Leopard), Apple has arranged to allow unsigned third-party applications through the firewall if they're whitelisted in either Application Firewall or Parental Controls. Apple has changed some confusing wording in the Firewall tab; instead of Block All, which sounds like your machine is cut off from the outside world, Apple has inserted the wording "Allow only essential services." Apple's idea of "essential" may differ from yours; dealing with that is your problem.
One potentially serious squashed nasty regards the risk of dropping data when moving files across partitions using Finder. Time Machine no longer shrieks at huge, single-partition MBR (master boot record) drives and NTFS volumes.
Posted by Tom Yager on November 15, 2007 05:03 PM
November 12, 2007 | Comments: (0)
A little more detail on MacBook Pro recovery
As I related, I have recovered the data from a MacBook Pro that quit working on me a couple of weeks ago, and that I used the ditto command to do it. For the benefit of those more savvy Macheads among my honored readers, I'll offer a few more details on the process and its outcome.
When I discovered that Disk Utility would not create a restorable image of the dead MacBook Pro's internal drive, I fell back to ditto, figuring that to populate the new MacBook Pro with my existing data, I'd have to resort to a cautious, manual transfer to a clean Tiger install of those documents, applications and preferences that I could safely overwrite. I knew that some information that was encoded in binary form would have to be recreated in the application or preference pane that produced it, and that I'd lose the benefit of Migration Assistant's automated upgrade to Leopard.
As it turns out, Migration Assistant transfers files without much concern about the validity of their contents except when data translation is part of the process. When I finished with ditto, I had an OS X Tiger partition that I knew wasn't worth finessing into a bootable state. It might be worthwhile as the source for a Leopard Migration Assistant run. It was, and the result was better than I could have hoped. Most 3rd-party kernel extensions didn't survive the trip, but this gave Migration Assistant no trouble.The sole losses were kernel extensions and license managers and keys.
The lesson here is that a restorable block-by-block partition image need not be your objective in backing up or recovering data. It is okay to write changes to files as they are modified, just as Time Machine does. Time machine can even be outdone by ZFS and overlay mounts.
Whatever you do to back up your data to an external hard drive, don't use USB. Buy enclosures that have USB and FireWire.
Posted by Tom Yager on November 12, 2007 07:44 PM
November 12, 2007 | Comments: (0)
MacBook Pro gremlin vanquished, lessons learned
[accidentally posted with messed-up title to my other blog]
Noting gets my Irish up as quickly as when a hunk of technology takes on the characteristics of a stubborn animal, to wit, one more so than I. It's been the better part of a week struggling, with little success, against some cowardly goblin that infested the innards of the MacBook Pro in my possession, and in the course of his exploits managed to shred months of hard work.
My grief did not immobilize me. I dug through a stack of raw hard drives and found an archive that brought me back to late August. I then resolved to crack, rather, gently open the MacBook Pro's chassis to extract the hard drive to see if it was readable elsewhere. I had assembled the notebook's service manual, the requisite tools and the will for the operation, but Apple's replacement MacBook Pro had just arrived. I went to my office to restore the August backup image onto it, and the most wonderful thing happened: It locked up after the chime, precisely as the dead MacBook Pro had done, and in which state MacBook Pro the elder remained.
I call this a wonderful event, but I didn't think so at the time. I yanked the cables out of both sides of the notebook, reached underneath and ejected the battery like a spent magazine. After a minute's rest, I powered up again and found the new MacBook Pro in good health.
The wonderful part is that in a flash of understanding, I realized three things: The MacBook Pros' USB ports were the proximate cause of death, I might be able to get the dead MacBook Pro to boot from a flyweight FireWire drive, and that if it booted, it would be the last time I'd see that machine alive. While there is no defending this as a product of reason, it played out precisely as I had envisioned it. I was able see the internal drive and image most of its contents to an external FireWire drive, then transfer that to the new MacBook Pro.
Apart from reinforcing my long-standing disrespect for the USB implementation in Intel chipsets, the lesson, the yarn of which is too long to spin, left me with two simple bits of advice, one which you may take or leave, and one you're obliged to keep in mind. I recommend that you use FireWire drives. Apple developed it, they're understandably fussy about its implementation, and FireWire is not part of Intel's chipset. If you need to pull data from a damaged hard drive, don't use Disk Utility; it stops at the first error. Use the command-line utility ditto instead, which will plow through any read errors it encounters and copy everything it can, and with HFS+ metadata intact.
The dead MacBook Pro never boot again, and I don't believe it ever will. It is winging its way back to Cupertino, where it will be thoroughly refurbished and given a new life. I wish it well.
Posted by Tom Yager on November 12, 2007 04:26 PM
October 26, 2007 | Comments: (0)
Leopard Hands-On: The Beginning
As a counterpoint to the crushing disappointment that was Vista, which emerged with only a fraction of its promise intact, Apple's OS X Leopard (10.5) is everything that Steve Jobs said it would become when Apple first placed that first unsteady cub in developers' hands. Leopard is also a thick catalog of inventions and improvements that Steve flat neglected to mention, so thick that Apple had to resort to running the equivalent of a software project change log on its site for marketing purposes. You can't possibly chew through that list. I've been testing and assembling my own list of relevant and remarkable changes in Leopard, a list that speaks to more professional and savvy Mac users as well as those who might switch (or are sure they'll never switch) from Windows and Linux.
I have to start the introduction to this series of hands-on Leopard stories with what I consider to be Leopard's most impressive quality. For its 300 changes since Tiger (OS X 10.4), the line item reading of which provokes a range of reactions from the head nod to the ear-to-ear grin, there is not one ounce of fat, no feature in Leopard that you'd opt to leave on the DVD the next time you install it. Instead, for all that's been added, Leopard remains trim enough to run on a PowerBook G4 with 512 MB of RAM. The very same OS is a robust, Open Group certified 64-bit UNIX when run on Intel Core 2 Duo and PowerPC G5 machines, with no need to buy a special edition. One of Apple's marketing lines says that everyone gets the ultimate edition of Leopard because that's the only edition there is. I'd argue that if Microsoft's Vista product tagging is the basis for comparison, then all Leopard buyers get the 64-bit enterprise edition.
Despite the fact that I'm far past this stage, the first hands-on experiences I can relate involve stability and installation.
If you're eyeing Leopard, one concern that you can cross off your list straight away is stability. I've spent several months working with Leopard as a developer and administrator. I began rolling Leopard into production on MacBook, MacBook Pro, Mac Pro and Xserve Xeon, against Apple's advice but not requiring its consent, at a point well prior to its release. I'd be testing the bounds of non-disclosure to tell you when I felt Leopard hit its stride. Instead, I'll just say that there is no need to obey the standard advice to wait for the first boatload of fixes before buying in. That's true of Windows, and true of Linux, but not Leopard. Leopard shed its training wheels a while ago.
Non-Mac users coming to Leopard will find a really simple, automated install experience, but it is more flexible than before. That's most notable in network configuration, where auto-detection of wired and wireless networks is more accurate. It's easier to enter the SSIDs of private Wi-Fi networks, and you can bypass network configuration entirely. OS X doesn't phone home for authorization, so you can install completely and permanently without exchanging registration info with Apple.
Existing Mac users thinking of taking the leap can safely take ease of upgrades and installation for granted, after they burn their most critical data to DVD or an external hard drive. Migration Assistant, which you can invoke at install time or at your whim later, transfers your user data and applications from Tiger to Leopard after what amounts to a clean install. The Leopard installer will let you do an overlay install, which updates the system software and tries to leave everything else alone. It is impossible to automate all possible cases, but I can't imagine any user who could make Migration Assistant fail. Do be patient, though. Take measures to ensure that Migration Assistant runs uninterrupted, and understand that Migration Assistant's estimated time to completion is a wild guess. In my experience, it finishes sooner than expected.
As a taste of what's to come, I'll spend a few words on what I found to be the most substantial user interface enhancement: Spaces. Spaces gives you multiple virtual desktops, and you can switch among them via the keyboard, Dock or menu bar icon. It isn't fast user switching--all desktops are the same user--but it's more lightweight, and there's no need to enter a password when you switch desktops. The unexpected killer here is that Spaces lets you target specific applications to selected desktops. So, for example, you can arrange things so that Mail always opens in Spaces' second desktop, or you can set up separate developer and productivity desktops.
I'll go on from here through the weekend and into next week. I'm holed up in a hotel doing nothing but Leoparding. To tide you over until my next hands-on dispatch, you'll find one Apple exec's selected Leopard high points in this interview, and my thoughts on Leopard from a technologist's perspective are in my Leopard: A Beautiful Upgrade column. Hang out. You're welcome to the pull-out sofa, and you get used to the noise from the Xserve.
Yes, there will be screens and video. Many, many visuals.
Posted by Tom Yager on October 26, 2007 05:40 PM
October 24, 2007 | Comments: (0)
Why Leopard matters, plus more ZFS details
I can't assume that subscribers and visitors to Enterprise Mac necessarily follow my Ahead of the Curve blog. Pointing you toward other Mac-related content I've created saves me the effort of paraphrasing it for use here.
My recent column, "OS X Leopard: A beautiful upgrade" highlights Leopard as a turning point for Apple, Mac users, UNIX and the market as a whole. It's worth a read even if you've already decided to pop for Leopard, and even worth reading if you're sure you'll never touch a Mac. Leopard is an exemplar of user-focused design that doesn't obscure the underlying power of the OS.
My last Ahead of the Curve is a higher-altitude look at ZFS, a "why ZFS?" counterpart to the two-minute ZFS primer I've already written in Enterprise Mac.
Posted by Tom Yager on October 24, 2007 12:51 PM
October 19, 2007 | Comments: (0)
How to connect to remote X11 hosts from a Mac
In my previous two posts on the subject, I explained why you'd want to use X11 to drive a host remotely, and the basics of configuring your Mac to run OS X's X11 server and to use local X11 software. Now we get to the most important step, which, once you understand the whole X11 client/server thing, is a walk in the park.
In X11 parlance, the X11 server is the software that handles communications and renders client content. The X11.app that you run on your Mac is the server. X11 applications on remote hosts are clients. They reach out to your server to tap your display, keyboard and mouse, but with far lower networking and compute overhead than full-screen remote desktop sessions require.
The toughest thing about X11 used to be arranging for X11 clients to see your server. Reaching across LAN segments, or through NATs and firewalls, was no picnic without resorting to VPN. Fortunately, some creative melding of X11 and SSH, the secure shell, gave us this gem:
ssh -X hostname
When run from inside xterm on your Mac, this command creates a tunnel from the remote machine to your X server. You have to be able to access that machine via ssh, of course, which requires that you set up sshd (the SSH daemon) on the remote box and exchange credentials.
When ssh -X connects, it will ask for a password, just as regular ssh does. Once you get a shell prompt, do this:
echo $DISPLAY
The answer should come back "localhost:10.0" unless the remote machine has been configured differently. If DISPLAY is blank, you can set it:
export DISPLAY="localhost:10.0"
Now, whenever you run an X11-enabled app in that ssh session, the application runs on the remote machine and automatically opens its windows on your Mac. You may need to specify the path to your remote system's stash of X11 clients. For example,
export PATH=/usr/openwin/bin:$PATH
is required on Solaris machines.
Once the X11 apps are in your PATH, you can go snooping around. Everything compiled against GNOME and KDE is intrinsically X Window-enabled. If your remote machine has the GNOME desktop environment installed (it doesn't need to be running), try this in your ssh session:
nautilus &
That's GNOME's file manager.
gnome-system-monitor &
is useful, too, and Firefox runs nicely on X11.
When you're offline for periods of a few minutes, your SSH tunnel will be held open for you and reconnected as soon as your LAN interface comes back up. But if you're offline for too long, your session will expire and you'll get kicked back to your Mac's shell prompt. Just ssh -X again.
X11 is much faster and more efficient than VNC for remote access to GUI apps, and once you get it down the first time, it'll be second nature, even to connect two Macs.
Posted by Tom Yager on October 19, 2007 03:43 PM
October 19, 2007 | Comments: (0)
The impatient person's introduction to ZFS
You may have read that Apple is baking ZFS, Sun's Zettabyte File System, into Leopard. The flavor and extent of ZFS support in Leopard is an open question. ZFS, however, is very real and readily observable in its native habitat, Solaris, as well as in its equally capable open source counterpart, OpenSolaris.
At its foundation, ZFS looks and works like software RAID, and looking at ZFS from that familiar perspective makes it seem less intimidating.
Roughly drawn, here is software RAID:
1. Physical disks are combined to create a RAID logical volume
2. A logical volume is divided into partitions (or slices) of fixed size
3. Each partition or slice is formatted with a filesystem
4. Files live in filesystems
Conceptually, software RAID looks like this:
raid_logical_volume=RAID(disk1+disk2+disk3)
ZFS uses a similar construct, but calls it a pool:
zfs_pool=RAID(disk1+disk2+disk3)
On the Mac, to manage a logical volume you fire up Disk Utility and draw out partitions. In one step, Disk Utility creates the partition table, creates a blank filesystem in each partition and assigns each filesystem the name you gave the partition. Conceptually:
size(raid_logical_volume)=100 GB
raid_logical_volume/partition_1 size=10 GB, name="jampacks" # auto-mounts as "/Volumes/jampacks"
raid_logical_volume/partition_2 size=90 GB, name="projects" # auto-mounts as "/Volumes/projects"
With ZFS, you do the equivalent of logical voluming and partitioning from the command line, and the actual commands illustrate the concepts (the # is the shell prompt):
# zpool create ZFS_pool c1d0 c2d0 c3d0 # Just striped; no data protection by default
# zfs create ZFS_pool/jampacks # auto-mounts as /ZFS_pool/jampacks
# zfs create ZFS_pool/projects # auto-mounts as /ZFS_pool/projects
ZFS_pool is an arbitrarily chosen name. You can name a ZFS pool or filesystem whatever you like. Just two commands (zpool and zfs) run the whole show.
Highly distilled, ZFS has these properties:
1. Physical disks are grouped into ZFS pools, which are the rough equivalent of RAID volumes
2. Each pool can be split into any number of datasets, which work roughly like partitions or slices
3. Files live in datasets
Yes, it is that easy, and yes, I left out most of what makes ZFS so remarkable. It's a ploy to keep you coming back here.
Posted by Tom Yager on October 19, 2007 03:12 PM
October 17, 2007 | Comments: (0)
From Steve Jobs: Third-party iPhone SDK in early '08
Steve Jobs just issued a letter in response to criticism of Apple's decision to keep iPhone closed to third-party developers. The full text of the letter can be found at Apple Hot News. What follows is my commentary on Jobs' text. I have not included his full letter, only the portions on which I chose to comment. Jobs' text is set off in italics.
Let me just say it: We want native third party applications on the iPhone, and we plan to have an SDK in developers’ hands in February. We are excited about creating a vibrant third party developer community around the iPhone and enabling hundreds of new applications for our users.
iPhone crackers can quit gloating. This isn't their win. It's a response to customers and alignment of policy with the state of the mobile device market. iPhone can't reach consumers like me because show-stopper apps and functionality, like