- Ahead of the Curve: Back to the Mac
- OS X Server break-in: Probably isolated, but a heads-up
- On the demise of Xserve RAID
- InfoWorld Test Center Preview: Time Capsule wireless remote Time Machine backup
- Macworld Conference and Expo: Why am I here?
- For CPU power draw, trust Apple, not Intel
- Apple ships new eight-core Harpertown Mac Pro and Xserve
- Time Machine Server, or local external drive?
- How Leopard Time Machine works, and how it doesn't
- Apple issues 23 updates in two days; highlights of Tiger and Leopard updates
April 16, 2008
Ahead of the Curve: Back to the Mac
Several months ago, I determined that my years-long fondness required reexamination. I quietly took a break from the Mac to get some perspective, to check out Vista, AMD, and Longhorn (Windows Server 2008) untainted by Apple's PR and uninfluenced by other journalists and bloggers. I elected to take a break from reviews of new Mac hardware, the occasion of which always piques my interest in Apple's platform. There were times when I felt I'd chosen the worst possible time for this hiatus. I ended up passing on MacBook Air, Time Capsule, Harpertown Mac Pro, and most painful of all, the new MacBook Pro. It was difficult seeing InfoWorld pick up reviews of these from sister publications, but I take my responsibility to readers very seriously. I can't very well counsel you on technology choices if I consider the field limited to one worthwhile player, especially when that player projects the image that it competes only with the generation of systems that preceded what's presently sold.
I found enormous value in my time away from Mac. I made the kind of discoveries I used to make routinely before I took on the Mac as a specialty, and as I take up the Mac again -- which I am doing immediately -- it's clear that my appreciation for the platform is justified, and that the customary split of my effort and attention between Apple and AMD is justified.
The genuine, practical superiority of AMD's Barcelona server platform, and its Phenom desktop platforms that derived from Barcelona, came to light during the break I took from Mac. A one socket, quad core Spider (Phenom plus ATI CrossFire graphics) runs Vista so obscenely fast that even a diehard Mac user's head will turn. Privately, of course.
I found it extremely intriguing that systems built on Phenom platforms can tune themselves autonomously for the maximum possible CPU and GPU speed over a surprisingly broad range, based on a whole system approach that takes cooling, power supply capacity, and your preferences for noise and maximum power consumption into account. I found that I could speed bump an AMD Phenom desktop for free by moving it closer to the floor, where the cooler air prevails. What a grand idea that in itself shows genuine customer-focused insight.
I gained a fresh appreciation for the GNU compiler collection, which has taken remarkable strides since I last took a deep dive in it. I was unaware of the level of engagement from commercial partners, including Apple, AMD, and Novell. Each is undoubtedly pursuing its own agenda, but it does so within the framework and culture of one of the most tightly controlled and liberally licensed open source projects in existence. AMD has finally embarked on the long road to compiler parity with Intel with its contribution of Family 10 (Barcelona/Phenom) architecture-specific optimizations to GNU.
Apple has been busy on the gcc front as well. Objective-C 2.0, with its desperately needed garbage collection, has been a reality in the GNU toolchain since Xcode 3 was in non-disclosure beta. In release 4.2 of gcc, auto-parallelization joins auto-vectorization to adapt projects to multiprocessing and vector acceleration without developer intervention. Unless I'm mistaken, the public beta versions of the iPhone SDK, now at Beta 3, mark Apple's first swing at Microsoft-style free public distribution of pre-release dev tools. The privilege of early access has been reserved for paid members of Apple's Developer Connection programs. That iPhone SDK carries all of the latest GUI tools, documentation, and GNU command line compilers, including FORTRAN, into Apple's default distribution. Hit http://developer.apple.com/iphone and scroll to the bottom of the page for the download link. You do not need to pay the $99 fee to register as an iPhone developer to use the new tools, which compile applications for Leopard as well as iPhone.
Apple is getting ever more daring in its engagement with open source in other ways. WebKit, the fast HTML/CSS/SVG rendering and JavaScript engine used in Safari, has caught on like wildfire outside Apple, and why not? To get a commercial browser, loaded with current and emerging standards, free and open for incorporation in your software, is the stuff of fantasy, and Apple holds virtually nothing back. The WebKit project is not strictly Apple's. It enjoys broad community engagement, but it is worked as a priority by Apple's staff, even to the benefit of direct competitors. For example, the browser on Nokia's E-series phones is WebKit-based, and this is not the only example where Apple effectively put its staff and technology to work for the benefit of a competitor. The GNU toolchain's adaptability to multiple embedded platforms will see WebKit in everything from phones to toys, starting with iPhone and iPod touch. Now that WebKit has been accepted into Google's Summer of Code, I can't wait to see what innovation comes from that gathering. I plan to ply the most influential attendees with the libations of their choice and get their take on where development is headed.
Apple pushed the source code for the publicly exposed innards of OS X Leopard, known as Darwin 9, out for public download on MacOS Forge. Every time it does that, I imagine the move preceded by arguments inside the office about the effort and risks that such a program visits on Apple's platform business. The work of preparing a project of Darwin's size for public distribution is inestimable, and Apple deserves credit for putting it on the agenda of its top OS engineers and project leaders.
I love the conservative approach that Apple is taking with iPhone, especially with regard to multiprocessing. iPhone Applications need to launch and quit instantly, yet relaunch after the first execution having cached and persisted their closing state in detail. It's a freeze/thaw model of state persistence that I'd like to see extended to applications in general. Apple's Xcode has Instruments (prior: XRay), a tool that jams electrodes into your program's and the system's running environment. It records and charts statistical data at runtime along several axes for later examination. It's the most effective means of hand-tuning code for efficiency that I've ever used, and it shows the benefits of persistence quite plainly.
Taking a break from Mac hardware gave me a chance to drink more deeply of the software that Apple maintains off its beaten path. MacPorts and Apple's validated versions of open source projects are open source treasure troves stuffed with some 5,000 free applications tuned and packaged for Intel and PowerPC Macs. Digging through these repositories is so addicting that I had to issue myself an edict to get back to work, which I shall do, newly confident in my mission and purpose. I'm a Macophile for good reason.
Posted by Tom Yager on April 16, 2008 11:36 AM
April 15, 2008
OS X Server break-in: Probably isolated, but a heads-up
On Sunday, I encountered a break-in on an Xserve running OS X Leopard Server 10.5.2. All Apple-issued fixes had been applied. I cannot locate the vector of intrusion, but following the break-in I noticed the following:
- Kerberos authentication was disabled, making the system extremely slow to respond to LAN-based secure shell (ssh) initiation requests. Screen sharing sessions would not connect at all. However, Server Admin was fully functional
- All e-mail was down
- A launch script for Communigate Pro 5.2.x had been placed in /System/Library/StartupItems, causing Postfix and Cyrus to abort on launch after logging that SMTP, IMAP and POP ports were already opened. All of these services answered with Communigate Pro's greeting rather than Postfix or Cyrus
- The StartupItems launch script was removed after Communigate Pro was successfully launched
- Communigate Pro's HTTP administration ports were not open at either their default TCP ports or any other listening ports
- Communigate Pro reinstalled itself when the contents of its configuration directory were deleted
- Several inbound messages from Eastern European senders were addressed to the recipient pw@mydomain.com. This account did not exist in Postfix prior to the attack
- Command-line searches for Communigate's distribution tarball and executable were unsuccessful until I interrupted the reinstall process prior to completion
- No listening or established TCP port connections were listed by netstat
- Postfix SMTP logs were stuffed with relay attempts (far more than usual) for days prior to the break-in
- Persistent ssh dictionary attacks preceded the break-in and the period following my blocking of external access. No successes were logged (not surprising)
- Fortunately, I interceded before the intruder managed to crack my server into acting as an open SMTP relay. It is possible that my server is wired as a DOS bot, but I doubt it (see below)
- The intrusion was only active for one day. However, the intruder was able to obtain periodic intelligence on my actions to thwart his efforts. This was evident in the fact that while I was investigating the cause, the passwords to the two privileged accounts on my server were altered
- System configuration files were not altered in any obvious way, and my server is apparently restored to normal function after this response: a) I shut down both WAN ports; b) I changed the root password to the serial number on a $2 bill I received as a high school graduation gift; c) I emptied the Communigate Pro configuration directory and applied ACLs that made it inaccessible except to a freshly-created user with an obscenely complicated password; d) I removed the Communigate Pro StartupItem; e) I wiped out the persisted keys for ssh
It's my suspicion that my system was placed under limited remote control via exploitation of a vulnerability, probably a manufactured one as no reported exploit exists, in Communigate Pro that allowed an attacker to submit very limited commands via SMTP and/or POP3. I think he was flying blind, unable to see the results of the commands he issued, and he therefore made rather slow progress. It was sloppy of him to change my administrative passwords while I was logged in. If I had missed his presence prior to that, that action would have given him away.
How he injected Communigate Pro into my system in the first place remains a troubling mystery.
I'm fairly confident that his original exploit and remote control vectors have been disarmed. Now it falls to me to discover any backdoors he's left behind. There is no sensitive data on this server, and it is not gatewayed to the rest of my network. Rather than reinstall the OS, I'm leaving my server on-line as it is, with all logs set to debug and privileged accounts disabled for non-console login, to see if the attacker has established another way in.
I don't have time right now to do more than this. Ironically, I'm doing a review of Xserve. This event does not color my opinion of Leopar or Leopard Server. I used canned OS X tools and methods to shut down the attack, so I feel the system is adequately armed to foil an attacker. I expect that the original vulnerability was of my own making.
Posted by Tom Yager on April 15, 2008 01:02 PM
February 22, 2008
Once the Xserve RAID storage arrays in Apple's inventory sell out, the product will still be supported, but no longer sold.
It is simply Xserve RAID's time to go. There were several vendors at Macworld Expo showing quieter, cooler, cheaper and more compact alternatives. Apple can't build Xserve RAID for as little money as other vendors do, and I don't think there's a revenue justification for Apple to go back to the drawing board to cook up a modernized array.
Xserve RAID's impending demise was predictable when Apple set Xserve and Mac Pro up with (optional) hardware RAID controllers and mixed SAS and SATA removable drives, but kept Xserve RAID stuck at parallel ATA. I should make it clear that PATA, striped across 14 drives with two kick-ass hardware RAID controllers, has the same bandwidth as a Serial ATA (SATA) drive.
Neither SATA nor PATA can stand in for a 15,000 RPM Serially-Attached SCSI drive. Things of beauty, they are, but pricey. Still, a trio of 15K RPM SAS Apple Drive Modules, plus Xserve's $999 hardware RAID controller, will kick Xserve RAID's butt around the block gigabyte for gigabyte for performance, and with battery-backed cache, there's no compromise in safety. I'm not saying that server-local storage is a replacement for an external array, but Apple is taking three drives as far as it's possible to do. Mac Pro has room for four SAS or SATA drives when you add the RAID controller. Performance of hardware RAID SATA drives installed in Xserve is excellent.
Apple has blessed Promise's VTrak E-class arrays to replace Xserve RAID. VTrak arrays are very close in price and features to Xserve RAID, meaning that they're neither lowball priced nor chintzy in features. But do shop around. Promise is a nice brand, but I've worked with Fibre Channel arrays from Dell, HP and Sun. You can play these vendors against each other for price. Apple will always sell VTrak at list price.
Customers who already have Xserve RAID needn't panic. They have at least five years of Apple support, and presumably Apple will continue selling Xserve RAID Apple Drive Modules for some time to come. However, I don't expect to see Xserve RAID drive modules grow in capacity. A raw PATA drive and a small Philips screwdriver is all it takes to swap out an Xserve RAID drive for a larger one.
When you eventually do decommission your Xserve RAID in favor of VTrak or some other solution, don't let those server-validated, long-lived IBM/Hitachi Deskstar drives go to waste. Put them in external USB 2.0 enclosures to use with Airport Extreme or Time Capsule, or clip PATA-to-SATA adapters onto them for use in desktops.
Posted by Tom Yager on February 22, 2008 05:56 PM
January 18, 2008
InfoWorld Test Center Preview: Time Capsule wireless remote Time Machine backup
Take an Airport Extreme 802.11n base station, add a 3.5-inch internal drive and modify the device's firmware to permit the built-in LAN to share a drive as a volume (a device) rather than a folder within the filesystem, and you've got Time Capsule. Apple has also done away with the power brick; Time Capsule's power supply is internal.
The reason for Time Capsule's existence is to compensate for a few unfortunate realities: Time Machine, wonderful as it is, requires desktop USB or FireWire drives. All of these have to be sized appropriately, which is no easy thing, and worse, notebook users have to remember to plug them in often enough to make the backups useful. Xserve is one fix, but it is a dear investment considering how fast one Mac can eat through a hard drive with Time Machine. Time Capsule fixes that. It is expandable via inexpensive external USB drives. You won't get breakneck speed, but if one Time Capsule gets bogged down, set up another. The Time Machine client lets you choose your backup destination.
Time Capsule does not precisely match the protocol used by Time Machine Server on OS X Server Leopard. The effect is the same: A network that includes a Time Machine Server and one or more Time Capsules populates a pull-down list of Time Machine destination volumes.
Time Capsule does allow users the full set of Time Machine abilities of doing point-in-time file system exploration. It also supports Time Machine's ability to perform a migration or restore from a Time Machine image.
Time Capsule's USB port still handles printer sharing. Except for the direct power input, Time Capsule's enclose is identical to that of Airport Extreme 802.11n. Time Capsule's base price is $299 with a 500 GB drive, and $499 with a 1 TB drive. Apple claims that it uses "server grade" drives, which I learned require special care compared to lesser drives. I carried a Hitachi DeskStar drive in an external enclosure and pulled it about two feet onto the ground while operational. It was shock-mounted in it chassis, but the drive was immediately destroyed. Server-grade drives don't park their heads by default. The next time I configure one, I'll see if it's an option.
I also need to test Time Capsule to see what the reasonable maximum number of USB drives is, and where performance starts to hit that part of the curve that says "buy a second one."
Posted by Tom Yager on January 18, 2008 12:30 AM
January 14, 2008
Macworld Conference and Expo: Why am I here?
I always look forward to Macworld Expo, but this year my expectations are especially high. It may be the bracing San Francisco weather that's got my blood moving, but it's my anticipation of the keynote and the exhibit floor that have me blogging in the shower.
Apple has scheduled two briefings with me this week. One is a keynote follow-up on Wednesday, and the other is a sit-down on Mac Pro and Xserve on Thursday. I've already got the skinny on Mac Pro and Xserve, both quite impressive, but both falling under the category of pre-show announcements that make room for something else. So will the Wednesday briefing be all about iPhone?
I am braced for that possibility. With 3G, a lower price, streaming media and an upcoming software development kit (SDK), I'm prepared to treat iPhone '08 as a new device. I have speculation related to the SDK that I'll relate under separate cover. Suffice it to say that I don't expect to be able to wipe iPhone's system software clean and replace it with Darwin. That would subvert the primary purpose of Apple's mobile platform: To be an iTunes terminal that fits in your pocket and sticks to your dashboard. The only need that I can see for an iPhone SDK is to allow Apple to market signed commercial software on iTunes Music Store. The only justification that I can see for native code is to support games, and to allow commercial code to enforce licenses.
Apple could surprise me. After all, there is no obvious revenue justification for publishing those portions of Darwin that are not covered by GPL, the GNU Public Licenses that require vendors to publish their adaptation of software covered by the license. I can imagine, and I'm sure that others can, too, iPhone and iPod touch being the world's most sought-after robotics controllers and de facto platforms for university courses in embedded systems. I don't expect iPhone/iPod touch to be opened to kernel hackers, but I think that in the long run, Darwin has good potential as an embedded OS.
I hear from my editors that there is still speculation about a Mac tablet. I'm bearish on that; PC tablets aren't hot commodities. With so much low-hanging fruit yet to harvest from the seasonal evolution of Mac, iPod, iPhone, iTunes, Leopard, Pro Apps and .Mac, I can't foresee any bold new lines of business for Apple right now. My attention this year is largely focused on third-party vendors. I am always hopeful for products that I didn't see coming, and I'd be delighted to hear Steve say something that nobody expects.
In any case, this'll be fun. I hope you'll come along.
Posted by Tom Yager on January 14, 2008 01:05 PM
January 08, 2008
For CPU power draw, trust Apple, not Intel
Apple dropped me a note in response to my blog post on its Harpertown Xserve and Mac Pro announcement. I attributed the per-socket CPU power draw claim of "80 watts max, 4 watts idle" to Intel. That turns out to be Apple's number, not Intel's.
I'm not much interested in Intel's stated Harpertown per-socket power draw because I can't reproduce Intel's test conditions. Outside Intel's labs, you can't pin down a single component's true power draw without a well-equipped test bench and a very steady hand.
If you have an Xserve or Mac Pro, you can skip the bench and skip Intel's data sheets as well. Apple builds an uncommon level of instrumentation into Xserve and Mac Pro. OS X Server Leopard's (or Tiger's) Server Monitor reports on component-level power draw and fine-grained regional temperatures in real-time. You can subject Xserve or Mac Pro to varying workloads and track power utilization of CPUs, DIMM sockets and the Intel north bridge independently. It is through this facility that I learned that Intel's north bridge (memory and I/O hub) chip is the least green component in the system.
I was green before green was in, and I am a firm believer that the only place to measure power draw is at the outlet. But chipmakers, and OEMs who ride the shirttails of chipmakers' marketing, compete based on power consumption per CPU socket without providing consumers or product testers the means to validate their claims. At least with Xserve and Mac Pro, I can see for myself. The figures may not be absolute--they can only safely be compared Apples to Apples--but Server Monitor will reveal whether Harpertown's 45 nanometer-ness is directly related to its greenness. With faster front side and memory busses, will cooler CPU sockets matter? As you can tell, I'm eager to find out.
Posted by Tom Yager on January 8, 2008 07:16 PM
January 08, 2008
Apple ships new eight-core Harpertown Mac Pro and Xserve
Apple has once again taken up Intel's fresh-from-the-fab processor technology to give its two top-end systems a serious performance kick. Apple has reengineered its Xserve rack server and Mac Pro desktop/workstation for Intel's 45 nanometer quad-core Harpertown Xeon CPU with 12 MB of shared Level 2 cache per socket.
Xserve's top configuration now reaches to eight 3 GHz cores. Xserve's second socket is empty by default, making the standard config four cores, but the incremental config-to-order (CTO) cost to take the base Xserve to eight cores is just $500. The new Mac Pro elevates the standard configuration from four cores to eight while maintaining the previous Mac Pro's price level. That change is especially significant given that before today, a CTO eight core Mac Pro carried a premium of $1,200 over the standard four core system.
Apple claims that its new Mac Pro and Xserve deliver an impressively linear 1.9 to 2.3 times increase over the compute speed of prior four-core models, and with 800 MHz DDR2 memory (up from 667), 60 percent higher memory throughput. The new systems share support for PCI-Express 2.0 expansion cards, an option to upgrade to multiple 1 TB swappable hard drives, and when 4 GB FBDIMMs (fully buffered dual inline memory modules) are used, room for up to 32 GB of system memory. Both Xserve and Mac Pro are now shipping with 2 GB of RAM standard (previously 1 GB) and a SuperDrive dual-layer DVD burner.
Intel's Harpertown CPU is more energy efficient; Intel claims power consumption of 80 watts per socket, dropping to as little as 4 watts when idle. Apple has swapped out Xserve's redundant power supplies for stronger 750 watt units that exceed Energy Star 80 percent efficiency requirements. Mac Pro's system enclosure is identical to the previous model, while Xserve now has a USB 2.0 socket on its front panel.
Mac Pro and Xserve ship standard with discrete AMD/ATI 3-D graphics processing units (GPUs). Mac Pro's baseline config utilizes the Radeon HD 2600 XT with 256 MB of video memory, while Xserve ships with an on-board Radeon X1300. Mac Pro can support up to four AMD/ATI or NVidia graphics cards, while a 16x PCI-Express slot on Xserve permits the optional use of a standalone graphics adapter to supplant the built-in GPU.
AMD/ATI graphics cards are available now. An Apple spokesman said that optional NVidia graphics cards are "several weeks away."
Apple's systems are engineered in-house, not based on Intel reference designs. Mac Pro and Xserve are thoroughly instrumented for multi-point monitoring of power utilization, temperature and fan speed. Both systems have standard swappable hard drive backplanes--Mac Pro has four internal swappable drive bays, while Xserve has three front-facing bays--and the option to use either Serial ATA or Serial Attached SCSI (SAS) drives. SAS is new to this generation of Mac Pro, a benefit of the optional hardware RAID controller. The same RAID controller is an option for Xserve, but Xserve is capable of using any mix of SATA and SAS drives without the RAID option.
At $2,799, the standard Mac Pro ships with two 2.8 GHz quad-core Xeon CPUs, an AMD/ATI Radeon HD 2600 XT graphics card with 256 MB of video RAM, a 320 GB SATA hard drive, a 16X SuperDrive DVD burner with dual-layer support, Bluetooth 2.0, 2 GB of 800 MHz DDR2 memory, and Apple's wired aluminum keyboard and Mighty Mouse. Mac Pro ships with OS X Leopard and the iLife '08 personal digital media suite installed.
In its $2,999 standard configuration, Apple's Xserve has a single quad-core, 2.8 GHz CPU, an 80 GB SATA hard drive, 2 GB of 800 MHz DDR2 memory and a slot-loading SuperDrive DVD burner. Both systems have a large catalog of configure-to-order options that are factory-installed and tested by Apple.
The new Mac Pro and Xserve are shipping today via Apple's on-line and retail stores, and through authorized resellers.
Posted by Tom Yager on January 8, 2008 09:46 AM
December 16, 2007
Time Machine Server, or local external drive?
One of the services packaged with OS X Server Leopard (there are so many) is Time Machine Server. If you're running a network of Leopard notebooks and desktops, centralized Time Machine backups are easier to administer and secure than doling out a fleet of FireWire and USB drives. However, if you want to carry each client's protection beyond Time Machine's rolling 30 day window--Time Machine will retain weekly backups until it runs out of space--you might have to set aside twice the size of each busy client's internal hard drive to exceed 30 days' worth of coverage. The headroom varies widely by user, but do you want to try to tailor a backup strategy to each machine?
You have to weigh Time Machine Server's physical server (Xserve or Mac Pro) and storage costs--expenses that can't be avoided in any disk-based backup scenario--against savings in administrators' time ("please mount volume xxx") and user data lost to infrequent backups and cumbersome restore procedures.
For me, what sets aside all arguments about cost and flexibility of Time Machine Server is its catalog. Lots of backup utilities maintain catalogs, but Time Machine's catalog is chock full of metadata and is completely maintenance free. Users access Time Machine with a Finder-like interface that conceals the fact that they're even accessing a shared volume. When using Time Machine server, administrators maintain the ability to do point in time restores, or migrations, without the time or effort of taking full volume snapshots.
With regard to the incremental cost of storage as clients are added to the LAN, someone suggested attaching the USB or FireWire drives that would be on users' desks on the server instead. For five clients in a casual setting, sure. You could unmount any machine's backup drive, hand it to the user and tell them to do their own restore. Leopard presents "restore from Time Machine backup" as an option when you boot from the install DVD. For more than a few clients, or where the purpose of Time Machine is more critical than "undelete," I'd rather see a more robust enclosure, even a dumb backplane, than a daisy chain of FireWire drives.
Keep in mind that Time Machine doesn't absolutely require a server or an external physical volume. You can split local drives into multiple volumes, and use one for Time Machine. You end up with a backup volume that's bigger than the primary, but the average user is none the wiser. That takes care of undelete, and more old fashioned methods can be used at the server to cover worst case recovery.
What would I like to see in Time Machine? My one and only desire is to have Time Machine run only when the client is idle. This is really driven home when you try to use Wi-Fi, even 802.11n, to connect to a Time Machine Server. My strong recommendation is to use copper for Time Machine, at least for the volume copy that it makes as a first step. I realize that RJ-45 sockets, and users who sit still long enough to take advantage of them, are rare these days. If you must use Time Machine Server over wireless, or, heaven forbid, broadband, remember that I warned you against it.
Posted by Tom Yager on December 16, 2007 08:01 AM
December 04, 2007
How Leopard Time Machine works, and how it doesn't
For Time Machine's primary target audience, home users, backups of desktops and notebooks running OS X Leopard are fully automated, just as advertised. All that's needed is an external hard drive that's at least as large as the system's internal drive. Pull up the Time Machine pane in System Preferences, select your external backup drive, and flip the big switch from OFF to ON.
After making an initial full copy of your system's drive--file by file, not sector by sector--Time Machine scans your system hourly and copies the files changed since the last scan to the external drive. The copy is non-destructive: A file is not overwritten if the archive already has a copy of it. In effect, the old file is renamed before the new copy is written. A catalog tracks the location of every file in the archive, and the time at which file was appended to the archive.
Time machine conserves disk space by folding every 24 hours' worth of hourly backups into one daily backup. It retains 30 days' worth of daily backups. After 30 days, Time Machine starts folding daily backups into weekly backups, which are kept until the backup volume is full.
Apple brilliantly created a Finder-like view into the archive catalog that lets you browse your backup archive's catalog hierarchically and temporally. As Apple puts it, you can see your entire disk as it was at a given point in time. True, but depending on how far back you step to find a lost file (for example), time may rewind in increments of hours, days or weeks.
As Apple presents the Time Machine filesystem view, you can see your system approximately:
As it was at the top of each hour today
As it was each day for the past 30 days, starting yesterday
As it was each week, starting 31 days ago, going back as far as disk space permits
A distraught user might only be interested in the amount of data he may have lost:
If you accidentally deleted a file today, you lose up to an hour's work
If you deleted it between yesterday and 30 days ago, you lose up to a day's work
If you deleted it more than 30 days ago, you can lose up to one week's work, or all of it
There are users even among Apple's targeted consumer population who need to think about their use of Time Machine, or who may be better off not using it at all. Consider the case of a home user who time-shifts television shows via iTunes, BitTorrent or another source. A sensible user deletes episodes he's already watched to conserve disk space, but when Time Machine is active, it may take a month for that deleted episode to vanish from the backup drive. If the backup drive fills before it can archive 30 days' worth of data, Time Machine flags an error and quits.
That scenario plays out for any user or application that creates expanding or volatile files. A 10 GB database can be appended to your Time Machine archive hourly. A lengthy log will be appended in its entirety even if only one line is added between hourly archive runs. Deft management of Time Machine's exclusion list is essential for busy systems.
Time Machine is archiving, not data protection. If your external drive fails, you lose all of your backed up data. Data protection that covers the failure of a storage device calls for a disk array with RAID mirroring or parity striping. If you want to archive and protect your data, which isn't a bad idea if you're a professional Mac user, use a RAID volume as a Time Machine backup device.
Or, as I'll detail in the next entry on the subject, use Xserve as a Time Machine back-end.
Lastly, to get ahead of what will likely be the most frequently asked questions about Time Machine:
Q: I set up a directory for Time Machine on my external drive. Why can't I see it in Time Machine's list of backup destinations?
A: Time Machine can only back up to volumes (formatted partitions) that are dedicated to the purpose. For geeks' sake, if it doesn't have a /dev/disk* entry, Time Machine can't target it.
Q: Why won't Time Machine use my AirPort Extreme base station's USB drive, or other Mac or Windows storage on the network?
A: Windows and Apple file sharing share at the directory level. Even if you share a whole Windows lettered drive or the root directory of a Mac partition, you're sharing a folder, not a volume.
Q: I'm a fearless genius. Isn't there some way to work around these limitations short of hacking the kernel?
A: Learn ZFS, but know that the likelihood of creating unreadable Time Machine archives is enormous despite what appears to be success. I won't help you beyond that.
Posted by Tom Yager on December 4, 2007 10:24 PM
November 15, 2007
Apple issues 23 updates in two days; highlights of Tiger and Leopard updates
Make sure your broadband bill is paid up, because Apple's got a crate full of fixes with your name on them.
In a couple of cases, these are the updates we've all been waiting for. I'm hoping that the iMac Graphics Firmware Update will get iMac users out of their work/save/reboot cycle. Such beautiful machines behaving so badly. I still wonder whether Apple or ATI did the brunt of the work on this fix.
The entire Pro Apps suite has gotten significant attention. One of the many qualities to appreciate about Final Cut Studio, Aperture and Logic is the frequency with which Apple tunes and enhances them. TV networks and movie studios deserve a bit of extra attention, no?
All Tiger and Leopard users have gotten major attention. 10.4.11 is the latest scheduled release of Tiger, and high points among its improvements include Safari 3.0, RAW image decoding for a range of new Olympus and Panasonic cameras, VMware Fusion stability fixes, the addressing of a bug affecting port mapping with shared Internet connections, 3rd-party WAN device compatibility, USB hard drive reliability, and security updates.
I'm all in for that USB hard drive update. I wonder if it would have kept my dead MacBook Pro eval unit alive. I just missed it.
OS X Server 10.4.11 has all this, along with some server essentials, like allowing users to belong to more than 16 groups, repairs to the FTP server to handle the LIST command properly, failover between Intel and PowerPC servers, LAN registration of OS X servers via Bonjour, proper handling of aliases on UFS and Xsan volumes, having the chmod command cause corresponding changes in ACL permissions, and fixes for memory panics in servers with 2 GB and 4 GB of RAM.
The OS X 10.5.1 update has some changes that really matter. It puts password-protected AirPort disks in the Finder's Shared sidebar and claims to fix Leopard's annoying tendency to forget wireless network passwords.
Have you used Back to My Mac? It's a simple tunnel to your home Mac from a remote system that works even when one machine or the other is behind a NAT router. The Back to My Mac fix shows remotely-accessible Macs in Finder's sidebar more reliably, and fixes glitches with D-Link NAT gateways. D-Link gear is priced right, but it tends to present challenges, doesn't it?
iCal and Mail have substantial fixes in the areas of the delivery of alarms via e-Mail, the invitation of meeting attendees through CalDAV, attachments inside HTML e-mail, SMTP connection failures in accounts created with Simple Setup, and a couple of significant fixes affecting .Mac users.
In security and firewall (which have been combined in Leopard), Apple has arranged to allow unsigned third-party applications through the firewall if they're whitelisted in either Application Firewall or Parental Controls. Apple has changed some confusing wording in the Firewall tab; instead of Block All, which sounds like your machine is cut off from the outside world, Apple has inserted the wording "Allow only essential services." Apple's idea of "essential" may differ from yours; dealing with that is your problem.
One potentially serious squashed nasty regards the risk of dropping data when moving files across partitions using Finder. Time Machine no longer shrieks at huge, single-partition MBR (master boot record) drives and NTFS volumes.
Posted by Tom Yager on November 15, 2007 05:03 PM
November 12, 2007
MacBook Pro gremlin vanquished, lessons learned
[accidentally posted with messed-up title to my other blog]
Noting gets my Irish up as quickly as when a hunk of technology takes on the characteristics of a stubborn animal, to wit, one more so than I. It's been the better part of a week struggling, with little success, against some cowardly goblin that infested the innards of the MacBook Pro in my possession, and in the course of his exploits managed to shred months of hard work.
My grief did not immobilize me. I dug through a stack of raw hard drives and found an archive that brought me back to late August. I then resolved to crack, rather, gently open the MacBook Pro's chassis to extract the hard drive to see if it was readable elsewhere. I had assembled the notebook's service manual, the requisite tools and the will for the operation, but Apple's replacement MacBook Pro had just arrived. I went to my office to restore the August backup image onto it, and the most wonderful thing happened: It locked up after the chime, precisely as the dead MacBook Pro had done, and in which state MacBook Pro the elder remained.
I call this a wonderful event, but I didn't think so at the time. I yanked the cables out of both sides of the notebook, reached underneath and ejected the battery like a spent magazine. After a minute's rest, I powered up again and found the new MacBook Pro in good health.
The wonderful part is that in a flash of understanding, I realized three things: The MacBook Pros' USB ports were the proximate cause of death, I might be able to get the dead MacBook Pro to boot from a flyweight FireWire drive, and that if it booted, it would be the last time I'd see that machine alive. While there is no defending this as a product of reason, it played out precisely as I had envisioned it. I was able see the internal drive and image most of its contents to an external FireWire drive, then transfer that to the new MacBook Pro.
Apart from reinforcing my long-standing disrespect for the USB implementation in Intel chipsets, the lesson, the yarn of which is too long to spin, left me with two simple bits of advice, one which you may take or leave, and one you're obliged to keep in mind. I recommend that you use FireWire drives. Apple developed it, they're understandably fussy about its implementation, and FireWire is not part of Intel's chipset. If you need to pull data from a damaged hard drive, don't use Disk Utility; it stops at the first error. Use the command-line utility ditto instead, which will plow through any read errors it encounters and copy everything it can, and with HFS+ metadata intact.
The dead MacBook Pro never boot again, and I don't believe it ever will. It is winging its way back to Cupertino, where it will be thoroughly refurbished and given a new life. I wish it well.
Posted by Tom Yager on November 12, 2007 04:26 PM
October 26, 2007
Leopard Hands-On: The Beginning
As a counterpoint to the crushing disappointment that was Vista, which emerged with only a fraction of its promise intact, Apple's OS X Leopard (10.5) is everything that Steve Jobs said it would become when Apple first placed that first unsteady cub in developers' hands. Leopard is also a thick catalog of inventions and improvements that Steve flat neglected to mention, so thick that Apple had to resort to running the equivalent of a software project change log on its site for marketing purposes. You can't possibly chew through that list. I've been testing and assembling my own list of relevant and remarkable changes in Leopard, a list that speaks to more professional and savvy Mac users as well as those who might switch (or are sure they'll never switch) from Windows and Linux.
I have to start the introduction to this series of hands-on Leopard stories with what I consider to be Leopard's most impressive quality. For its 300 changes since Tiger (OS X 10.4), the line item reading of which provokes a range of reactions from the head nod to the ear-to-ear grin, there is not one ounce of fat, no feature in Leopard that you'd opt to leave on the DVD the next time you install it. Instead, for all that's been added, Leopard remains trim enough to run on a PowerBook G4 with 512 MB of RAM. The very same OS is a robust, Open Group certified 64-bit UNIX when run on Intel Core 2 Duo and PowerPC G5 machines, with no need to buy a special edition. One of Apple's marketing lines says that everyone gets the ultimate edition of Leopard because that's the only edition there is. I'd argue that if Microsoft's Vista product tagging is the basis for comparison, then all Leopard buyers get the 64-bit enterprise edition.
Despite the fact that I'm far past this stage, the first hands-on experiences I can relate involve stability and installation.
If you're eyeing Leopard, one concern that you can cross off your list straight away is stability. I've spent several months working with Leopard as a developer and administrator. I began rolling Leopard into production on MacBook, MacBook Pro, Mac Pro and Xserve Xeon, against Apple's advice but not requiring its consent, at a point well prior to its release. I'd be testing the bounds of non-disclosure to tell you when I felt Leopard hit its stride. Instead, I'll just say that there is no need to obey the standard advice to wait for the first boatload of fixes before buying in. That's true of Windows, and true of Linux, but not Leopard. Leopard shed its training wheels a while ago.
Non-Mac users coming to Leopard will find a really simple, automated install experience, but it is more flexible than before. That's most notable in network configuration, where auto-detection of wired and wireless networks is more accurate. It's easier to enter the SSIDs of private Wi-Fi networks, and you can bypass network configuration entirely. OS X doesn't phone home for authorization, so you can install completely and permanently without exchanging registration info with Apple.
Existing Mac users thinking of taking the leap can safely take ease of upgrades and installation for granted, after they burn their most critical data to DVD or an external hard drive. Migration Assistant, which you can invoke at install time or at your whim later, transfers your user data and applications from Tiger to Leopard after what amounts to a clean install. The Leopard installer will let you do an overlay install, which updates the system software and tries to leave everything else alone. It is impossible to automate all possible cases, but I can't imagine any user who could make Migration Assistant fail. Do be patient, though. Take measures to ensure that Migration Assistant runs uninterrupted, and understand that Migration Assistant's estimated time to completion is a wild guess. In my experience, it finishes sooner than expected.
As a taste of what's to come, I'll spend a few words on what I found to be the most substantial user interface enhancement: Spaces. Spaces gives you multiple virtual desktops, and you can switch among them via the keyboard, Dock or menu bar icon. It isn't fast user switching--all desktops are the same user--but it's more lightweight, and there's no need to enter a password when you switch desktops. The unexpected killer here is that Spaces lets you target specific applications to selected desktops. So, for example, you can arrange things so that Mail always opens in Spaces' second desktop, or you can set up separate developer and productivity desktops.
I'll go on from here through the weekend and into next week. I'm holed up in a hotel doing nothing but Leoparding. To tide you over until my next hands-on dispatch, you'll find one Apple exec's selected Leopard high points in this interview, and my thoughts on Leopard from a technologist's perspective are in my Leopard: A Beautiful Upgrade column. Hang out. You're welcome to the pull-out sofa, and you get used to the noise from the Xserve.
Yes, there will be screens and video. Many, many visuals.
Posted by Tom Yager on October 26, 2007 05:40 PM
October 24, 2007
Why Leopard matters, plus more ZFS details
I can't assume that subscribers and visitors to Enterprise Mac necessarily follow my Ahead of the Curve blog. Pointing you toward other Mac-related content I've created saves me the effort of paraphrasing it for use here.
My recent column, "OS X Leopard: A beautiful upgrade" highlights Leopard as a turning point for Apple, Mac users, UNIX and the market as a whole. It's worth a read even if you've already decided to pop for Leopard, and even worth reading if you're sure you'll never touch a Mac. Leopard is an exemplar of user-focused design that doesn't obscure the underlying power of the OS.
My last Ahead of the Curve is a higher-altitude look at ZFS, a "why ZFS?" counterpart to the two-minute ZFS primer I've already written in Enterprise Mac.
Posted by Tom Yager on October 24, 2007 12:51 PM
October 19, 2007
How to connect to remote X11 hosts from a Mac
In my previous two posts on the subject, I explained why you'd want to use X11 to drive a host remotely, and the basics of configuring your Mac to run OS X's X11 server and to use local X11 software. Now we get to the most important step, which, once you understand the whole X11 client/server thing, is a walk in the park.
In X11 parlance, the X11 server is the software that handles communications and renders client content. The X11.app that you run on your Mac is the server. X11 applications on remote hosts are clients. They reach out to your server to tap your display, keyboard and mouse, but with far lower networking and compute overhead than full-screen remote desktop sessions require.
The toughest thing about X11 used to be arranging for X11 clients to see your server. Reaching across LAN segments, or through NATs and firewalls, was no picnic without resorting to VPN. Fortunately, some creative melding of X11 and SSH, the secure shell, gave us this gem:
ssh -X hostname
When run from inside xterm on your Mac, this command creates a tunnel from the remote machine to your X server. You have to be able to access that machine via ssh, of course, which requires that you set up sshd (the SSH daemon) on the remote box and exchange credentials.
When ssh -X connects, it will ask for a password, just as regular ssh does. Once you get a shell prompt, do this:
echo $DISPLAY
The answer should come back "localhost:10.0" unless the remote machine has been configured differently. If DISPLAY is blank, you can set it:
export DISPLAY="localhost:10.0"
Now, whenever you run an X11-enabled app in that ssh session, the application runs on the remote machine and automatically opens its windows on your Mac. You may need to specify the path to your remote system's stash of X11 clients. For example,
export PATH=/usr/openwin/bin:$PATH
is required on Solaris machines.
Once the X11 apps are in your PATH, you can go snooping around. Everything compiled against GNOME and KDE is intrinsically X Window-enabled. If your remote machine has the GNOME desktop environment installed (it doesn't need to be running), try this in your ssh session:
nautilus &
That's GNOME's file manager.
gnome-system-monitor &
is useful, too, and Firefox runs nicely on X11.
When you're offline for periods of a few minutes, your SSH tunnel will be held open for you and reconnected as soon as your LAN interface comes back up. But if you're offline for too long, your session will expire and you'll get kicked back to your Mac's shell prompt. Just ssh -X again.
X11 is much faster and more efficient than VNC for remote access to GUI apps, and once you get it down the first time, it'll be second nature, even to connect two Macs.
Posted by Tom Yager on October 19, 2007 03:43 PM
October 19, 2007
The impatient person's introduction to ZFS
You may have read that Apple is baking ZFS, Sun's Zettabyte File System, into Leopard. The flavor and extent of ZFS support in Leopard is an open question. ZFS, however, is very real and readily observable in its native habitat, Solaris, as well as in its equally capable open source counterpart, OpenSolaris.
At its foundation, ZFS looks and works like software RAID, and looking at ZFS from that familiar perspective makes it seem less intimidating.
Roughly drawn, here is software RAID:
1. Physical disks are combined to create a RAID logical volume
2. A logical volume is divided into partitions (or slices) of fixed size
3. Each partition or slice is formatted with a filesystem
4. Files live in filesystems
Conceptually, software RAID looks like this:
raid_logical_volume=RAID(disk1+disk2+disk3)
ZFS uses a similar construct, but calls it a pool:
zfs_pool=RAID(disk1+disk2+disk3)
On the Mac, to manage a logical volume you fire up Disk Utility and draw out partitions. In one step, Disk Utility creates the partition table, creates a blank filesystem in each partition and assigns each filesystem the name you gave the partition. Conceptually:
size(raid_logical_volume)=100 GB
raid_logical_volume/partition_1 size=10 GB, name="jampacks" # auto-mounts as "/Volumes/jampacks"
raid_logical_volume/partition_2 size=90 GB, name="projects" # auto-mounts as "/Volumes/projects"
With ZFS, you do the equivalent of logical voluming and partitioning from the command line, and the actual commands illustrate the concepts (the # is the shell prompt):
# zpool create ZFS_pool c1d0 c2d0 c3d0 # Just striped; no data protection by default
# zfs create ZFS_pool/jampacks # auto-mounts as /ZFS_pool/jampacks
# zfs create ZFS_pool/projects # auto-mounts as /ZFS_pool/projects
ZFS_pool is an arbitrarily chosen name. You can name a ZFS pool or filesystem whatever you like. Just two commands (zpool and zfs) run the whole show.
Highly distilled, ZFS has these properties:
1. Physical disks are grouped into ZFS pools, which are the rough equivalent of RAID volumes
2. Each pool can be split into any number of datasets, which work roughly like partitions or slices
3. Files live in datasets
Yes, it is that easy, and yes, I left out most of what makes ZFS so remarkable. It's a ploy to keep you coming back here.
Posted by Tom Yager on October 19, 2007 03:12 PM
October 16, 2007
News summary and interview: Apple to release Leopard in ten days
After a months-long delay that only seemed to provoke greater buzz and anticipation, Mac OS X Leopard and OS X Server Leopard will go on sale at 6:00 PM on October 26, 2007. Apple boasts 300 new features in its Leopard client OS, and 250 new features in its server operating environment. During a harried 15-minute briefing, Brian Croll, Senior Director of Product Marketing for Mac OS X, rattled off what he considers to be the high points in the client version of OS X Leopard:
- A redesigned desktop with a consistent look across applications, and a semi-transparent menu bar to allow desktop backgrounds to show through.
- A redesigned Dock, a row of icons for launching frequently-used applications, with a semi-transparent background and reflections under each icon.
- Finder, OS X's counterpart to Windows' Explorer, has an updated Sidebar. The customizable collection of icons for frequently-accessed folders now locates and displays network files shared from PCs and Macs on the same LAN.
- Finder has gotten an overall revamping to a more intuitive and modern look and feel. The new Finder borrows its appearance and behavior from iTunes, Apple's media player and content purchasing interface, including an iTunes feature called Cover Flow that lets you flip through images and other viewable content like pages in an album. "It's really fun and useful to browse content on the PCs and Macs on your network using Cover Flow," said Croll.
- Most viewable content types, such as images and PDF and Word documents, can be viewed with Finder's integrated Quick Look without launching an additional application.
- To-do lists synchronize with both Mail and iCal, OS X Leopard's bundled e-mail and calendar/scheduling clients. Croll said, "We've noticed that people send reminders to themselves in e-mail."
- Leopard's Mail application implements Data Detectors, which scan e-mail messages for phone numbers, e-mail addresses and street addresses. These can be added to Leopard's Address Book, located in Google Maps or copied into iCal.
- iChat, Apple's bundled instant messaging client, takes on a host of new features in Leopard, including special effects from OS X's Photo Booth Web cam snapshot app (iSight Web cameras are standard in Intel-based Mac client systems). Leopard's iChat also supports the live playback of images, audio and video during a live chat, and users can share their screens for remote viewing or remote control.
- Croll also pointed to several new facilities for OS X Leopard Developers: Core Animation automates smooth 2-D animation with simulated 3-D paths and transforms; Xcode 3.0 is a rich integrated development environment for programs written in C, C++. Objective-C and other languages; Xray, adapted from Sun's DTrace, lets developers monitor and profile applications while they execute without the hassle of a debugger.
Croll described "reasonable system requirements" for Leopard that reach well into Apple's legacy PowerPC platforms. Any Macintosh with a 32-bit PowerPC G4 CPU running at 867 MHz or higher can run Leopard, as can all Macs with 64-bit PowerPC G5. All Intel Macs support Leopard, and Croll said that the minimum memory requirement for all architectures is 512 MB. An optical drive capable of reading DVD media is also required.
Croll laid out the plan for upgrading recent buyers of Mac systems from Apple's currently shipping operating system, OS X Tiger, to Leopard. Apple is giving Mac buyers, including those who purchased Apple's Xserve rack server, a free copy of Leopard (for a handling fee of $9.95) provided that they purchased their systems after October 1, 2007. Customers purchasing new Mac or Xserve systems after October 26 will receive Leopard either pre-installed on their systems or as a DVD inside the box.
Boxed copies of OS X Leopard client and Server will be priced at $129 and $999, respectively. A family pack with five client licenses of OS X Leopard will sell for $199. Apple's Web site for Leopard can be found at http://www.apple.com/macosx.
Posted by Tom Yager on October 16, 2007 07:21 AM
October 16, 2007
LEOPARD SERVER SHIPS 10/26 (press release)
Apple Announces Mac OS X Server Leopard
CUPERTINO, Calif., Oct. 16 /PRNewswire-FirstCall/ -- Apple(R) today
announced that Mac OS(R) X Server version 10.5 Leopard will go on sale on
Friday, October 26, at the same time as Mac OS X Leopard. Leopard Server
extends Apple's legendary ease of use, making it even easier to take advantage
of the benefits of a server, and introduces Podcast Producer, the ideal way to
automatically publish podcasts to iTunes(R) or the web. Leopard Server packs
more than 250 new features including Wiki Server, allowing people to
collaboratively create and modify their shared web sites with just a few
clicks; and iCal(R) Server, the world's first commercial CalDAV standard-based
calendar server.
"Leopard Server is the best release of Mac OS X Server yet, bringing more
great innovations, like Podcast Producer, Wiki Server and iCal Server," said
Philip Schiller, Apple's senior vice president of Worldwide Product Marketing.
"With new setup features that have a server up and running within minutes and
no client access licenses, Leopard Server is the ideal alternative to
complicated and expensive server offerings for small and large businesses."
Leopard Server presents new features for effortless setup, management and
monitoring of systems on the network. Server Assistant configures server
applications, network settings such as IP addresses and DNS configurations and
user accounts with just a few clicks. Server Preferences simplifies management
of users, groups and key server applications, and a Server Status Dashboard
widget remotely monitors activity and usage. Leopard Server also eliminates
the need to manually set up Leopard clients by automatically configuring
client applications, including file sharing, Mail, iChat(R), iCal, Address
Book and VPN from user information stored on the server.
Podcast Producer is the easiest way for anyone to record content,
automatically upload it to the server and convert it into a podcast optimized
for playback on almost any device, including a High Definition TV, iPod(R),
Apple TV(TM) or multimedia-enabled cell phone.
With Wiki Server, anyone can easily create and edit collaborative web
pages, called wikis, with a few clicks of a mouse. Wiki Server has 20
Apple-designed web page themes and provides a complete revision history to
make it easy to restore previous entries and merge or compare different
versions. Wiki Server can automatically notify users whenever a change is
made, keeping them up-to-date on the latest information, and users can tag
keywords to find content quickly.
It's easy to share calendars, schedule meetings and coordinate events
within a workgroup, school, small business or large corporation using iCal
Server. iCal Server is the first open, standards-based calendar server that
works with popular calendar programs which support the new CalDAV standard and
does not require client access licenses, so businesses can add users freely as
they expand at no additional cost.
Leopard Server is fully UNIX compliant and its core services, including
Apache 2, MySQL 5, Postfix, Podcast Producer and QuickTime(R) Streaming
Server, are 64-bit, allowing users to work with larger data sets and take full
advantage of the performance and processing power of their 64-bit hardware.
Since Leopard Server is fully 32-bit compatible, users can run 32-bit and
64-bit applications natively side-by-side.
Pricing & Availability
Mac OS X Server version 10.5 Leopard will be available on October 26 at
Apple's retail stores and through Apple Authorized Resellers for a suggested
retail price of $499 (US) for a 10-client edition and $999 (US) for an
unlimited-client edition. An unlimited client license of Leopard Server is
included with Apple's powerful Xserve(R) rack-mount server hardware at no
extra charge. Online pre-orders can be made through the Apple Store(R)
(http://www.apple.com) starting today and current subscribers to the Apple
Maintenance Program will receive Leopard Server as part of their service
agreement. Volume and maintenance pricing is available from Apple. The
standard Mac OS Up-To-Date upgrade package is available to all customers who
purchased a qualifying new Xserve system from Apple or an Apple Authorized
Reseller on or after October 1, 2007 for a shipping and handling fee of $9.95
(US). Leopard Server can run on any Macintosh(R) computer with an Intel,
PowerPC G5, or G4 (867 Mhz or faster) processor, a minimum 1GB of RAM and at
least 20GB of available disk space.
Apple ignited the personal computer revolution in the 1970s with the Apple
II and reinvented the personal computer in the 1980s with the Macintosh.
Today, Apple continues to lead the industry in innovation with its
award-winning computers, OS X operating system and iLife and professional
applications. Apple is also spearheading the digital media revolution with its
iPod portable music and video players and iTunes online store, and has entered
the mobile phone market this year with its revolutionary iPhone.
Posted by Tom Yager on October 16, 2007 06:02 AM
October 10, 2007
Getting started with X11 on Mac
Now that you know what X11 is good for, it's time to play with it. First, launch /Applications/Utilities/X11.app. If this doesn't exist, install it from an OS X DVD.
If you give keyboard/mouse focus to any X11 window, you'll get X11.app's menu bar. X11 software puts menus inside client windows. It's the price of portability.
Unlocking the Mac's X11 applications and documentation
To get to OS X's standard set of X11 applications and man pages, you need to edit either ~/.profile or ~/.cshrc to alter your PATH and MANPATH environment variables. I use bash, so I added these lines to the bottom of ~/.profile:
export PATH=/usr/X11R6/bin:$PATH
export MANPATH=/usr/X11R6/man:$MANPATH
export DISPLAY=localhost:0.0
Without DISPLAY set properly, X11 won't function. if you run into trouble, this is the first thing to suspect. DISPLAY won't match the value shown above if you're attached to a remote system. I'll explain that in my next post.
Launching applications automatically when X11 starts
There's one more file you want to change or create: ~/.xinitrc. Here's where you put the commands you want to run every time X11.app starts. At a minimum, this should read:
quartz-wm &
xterm
As a rule, launch interactive X11 applications in the background, as with quartz-wm above. That's as true for the command line as it is for ~/.xinitrc. Let the last command in ~/.xinitrc run in the foreground. When that last application exits, X11.app will either quit or wait for you to launch a new client application. Other X11 servers may reset or log you out.
X11's workhorse, xterm
Now you're ready for your first X11 app, the one in which you'll likely spend most of your time. Open up an OS X Terminal window and type:
xterm &
xterm isn't much to look at, but it has tons of command-line options; see the man page. Learn to love xterm, because it's the only terminal you can count on across all X11 implementations.
If you can't pull up a context menu in an X11 app like xterm, it might be triggered by mouse button 3. You can map virtual mouse buttons in X11.app's preferences. You can also set shortcuts for frequently-used clients in X11.app's Application menu. And you can always launch a new xterm instance by typing "xterm &" in an xterm window. Remember, launch X11 clients in the background.
Everything you just learned about xterm applies to X11 clients in general. It's not rocket science.
In the next and final part of this series, you'll learn how easy it is to use X11 to connect to remote hosts. In the meantime, rummage around in /usr/X11R6/bin. Most of the commands there have man pages, and any local client can be launched from an xterm window.
Posted by Tom Yager on October 10, 2007 09:21 PM
October 10, 2007
If you're not pulling X Window apps down from Fink or DarwinPorts, you might never have noticed /Applications/Utilities/X11.app. Or perhaps you've noticed it, but consider it a throwback to the 90s, one evolutionary step beyond the green screen. Give it a fresh look, because it has many qualities that other remote GUI methods, like VNC and Apple Remote Desktop, lack. For some purposes, like software development, X11 can reduce your dependence on Parallels, VMware Fusion and Boot Camp.
X11 is an elegantly simple client/server GUI protocol that allows any X Window application to run in one place but use the keyboard, mouse and display of any system. Using an X Window app from the console or from a hotel delivers precisely the same experience.
An application needs to be compiled to use X Window; it doesn't make arbitrary client sofware, like Aqua apps, remotable (I wish). But you'd be surprised by the range of X11-enabled applications that work seamlessly over remote links with their rich native GUIs: Firefox is a great example, as is openoffice.org, but any GNOME or KDE application is inherently remotable via X11, as are all command line apps.
X11 works like magic. Any command you launch in a remote terminal connection to a host pops up a new window on your desktop, complete with Aqua trim. Grab the title bar of any X11 application on your desktop and shake it; it updates in real-time. X11 has extensions for 3-D, smooth fonts, video and most all of the GUI features you'd want. Software runs over there with the compute speed and capacity of the remote host, but the GUI renders on your display at Aqua's native speed.
If your curiosity isn't piqued yet, consider these points:
- Launching a remote X11 app like xterm, X11's command window, requires only a single command from your desktop
- Authentication with a remote X11 host is secured and vastly simplified by an SSH tunnel
- Complex GUI applications like Firefox, along with all GNOME and KDE applications, have intrinsic X11 support and can be run remotely, as can all command line software
- X11 is transparently cross-platform. It's literally everywhere, and it's usually part of the standard OS distribution
- No daemon is required on the remote side. Each application makes the connection
- If a network link to a remote X11 app is lost, X11 reconnects automatically. That's nice for notebook sleep/wake. By default, the connection won't survive a reboot at either end, but there's a solution for that, too
- Unlike VNC and Apple Remote Desktop, X11 doesn't resend the entire display, just the changes within each window. Common operations, like scrolling, are accelerated
- X11 is faster than VNC and Remote Desktop, but it doesn't preclude their use
Is X11 sounding better now? Hang in, because in part two, I'll tell you how to use it. You'll be surprised by how easy it is.
Posted by Tom Yager on October 10, 2007 01:25 PM
September 09, 2007
Why Parallels Desktop warns about booting from Boot Camp partition
You know how Parallels Desktop puts up this big "wet paint" warning not to interrupt a start-up from a Boot Camp partition? I learned a hard lesson about why that's there.
My Parallels Desktop took a (core) dump while it was launching Vista from a known-healthy Boot Camp partition. It's probably no surprise that subsequent attempts to repeat that process consistently met with exactly the same result.
When you ask Desktop to boot from Boot Camp, it takes a while to alter Windows' reality with regard to the hardware on which it's running. I've always admired that Desktop and VMware Fusion are able to pull off this feat without triggering Windows' licensing boobytrap. Normally, when you make some significant change to your PC's hardware, Windows forces you to reauthorize your copy of the OS.
When Parallels Desktop blew its brains out mid-boot, it not only left itself in a non-functional state, it lit the fuse on Vista's authorization bomb. When I boot directly to the Boot Camp partition, it asks me to enter my Vista product key. I haven't taken the time to do this yet, but I'm having a bet with myself about what will happen when I re-enter my Vista key. Did Vista generate a new signature reflecting Parallels Desktop's phony hardware (or the half of it that Desktop put in place before it crashed)? If so, will Vista see yet another change when it sniffs out my actual configuration and put me through this again?
Are my Apple drivers blown away? Can I just reinstall them over the Vista install that's there, or will I have to reinstall Vista?
The next time I a) get a hankering to run Vista, and b) have a spare half day to mess with it, I'll find out the answers to these burning questions. Bets, anyone?
Posted by Tom Yager on September 9, 2007 11:29 AM
September 09, 2007
Firmware update puts AirPort Extreme in temporary coma, full recovery the next day
After a reported successful flash to version 7.2.1 of AirPort Extreme firmware, my AirPort Extreme base station locked at start-up with the status/activity LED solid yellow. It would not respond to AirPort Utility either over the air or via local Ethernet connection, even after several power cycles that allowed up to thirty minutes between attempts.
This is dire. AirPort Extreme isn't just my Wi-Fi router. It's the NAT/DHCP router for wired client nodes on my LAN. When it's down, my lab's clients and one of each of my server's two GigE ports goes dark, along with the personal Macs and (ugh) PCs in my house.
To guard against such catastrophes, I keep a second wireless router (of inferior brand, speed, quality and style) configured to match AirPort Extreme's settings. I moved two RJ-45s, powered up the standby router, pulled the plug on AirPort Extreme, and my NATed LAN segment quickly returned to service. It's a process that even a manager could manage.
I came back to AirPort Extreme the next day. It booted without incident and it's now back in full service. I still don't know what happened. Maybe there's a supercap inside AirPort Extreme that keeps volatile settings alive while the router is powered down so that it boots faster, and it took a day without power to drain that cap. I didn't have the presence of mind to see if it took any longer to boot after it recovered.
The lesson here is that if you think your AirPort Extreme is toast, unplug it for a day before you read its last rites. The other lesson? If you run a critical WLAN, keep a spare Wi-Fi router configured to plug and go.
Posted by Tom Yager on September 9, 2007 11:07 AM
July 30, 2007
Leopard gets UNIX 03 certification
OS X's commercial credentials recently got a major boost from the Open Group. Thanks to the efforts of Apple's OS boss Kevin Van Vechten and his team, Leopard has cleared all of the hurdles required to attain UNIX 03 certification. That places Apple in elite company. Only Sun, IBM and HP are certified, so OS X turns the Big Three into the Big Four.
Here's Apple's Open Group brand certificate, which entitles Apple to use the UNIX brand. I suggest printing this on high rag content paper, framing it and hanging it in your server room or your Mac-graced cubicle. There are UNIX pretenders, and there is the real thing. Mac users, realize that qualifying for UNIX is no small feat, especially for an open source, BSD-based OS. The Open Group standards, the PDFs for which are idiotically marked as free but blocked from PDF download unless you buy your way into a membership, are rooted in System V. Apple is to be commended.
The UNIX 03 specifications cover libraries, system calls, terminal interfaces, commands and utilities, internationalization and the C language. That's the whole enchilada for ISVs (independent software vendors) porting their server and non-GUI applications to OS X. UNIX ISVs ought to climb on board, because once Leopard ships in October I expect Xserve sales to take a leap. Software developers should also keep in mind that the Leopard client OS is the same as Apple's server, minus the quite exceptional administrative tools, and the installed base of four and eight-core Mac Pro desktop/workstations is even larger. MacBook Pro users are carrying 4 GB notebooks. If you're put off by Objective-C and Apple's proprietary UI frameworks--you needn't be, although I do wish that someone would give Apple's frameworks the Mono treatment--you've got OpenGL, SDL, X Window, Wine, Java SWT, Flash, DHTML with Apple's Canvas extension, and my old flame, curses. Microsoft's Silverlight is sweet as well, and it's picking up steam.
Wondering if you want in? You do. Imagine coding on Mac and porting by recompile to RISC big iron.
Posted by Tom Yager on July 30, 2007 08:57 PM
June 11, 2007
Seated, :10 to go, Wi-Fi hot in the keynote room
Well, I'll be. Apple actually wants live coverage of this year's keynote. 2.4 GHz and 5 GHz Wi-Fi are hot in the hall. I'm still going to use Bluetooth to save power.
Posted by Tom Yager on June 11, 2007 09:53 AM
June 11, 2007
At the conference, :52 to keynote, record attendance
"It's a record attendance this year. Make sure you get to your sessions early; there are no overflow rooms."
This counsel from the lady at the registration counter is a no-brainer. It's certainly a record turnout for Press attendees It's the first time I've seen people sitting on the floor outside the entrance to the keynote hall an hour before the doors open. You'd almost think that Jobs is expected to say something of substance that hasn't already been announced. I had some visions about that last night that will manifest as detailed Flash Analysis if they prove out.
The keynote hall is historically a Wi-Fi dead zone, so I have my BlackBerry 8800 rigged as an EDGE modem. IF this connection holds out, and IF the "Battery health: Poor" notoriously high quality battery on my eval MacBook Pro turns out to be inaccurately diagnosed (not bloody likely), then maybe I won't have to rely on my thumbs this year.
For now, it's all about waiting.
Posted by Tom Yager on June 11, 2007 09:09 AM
June 11, 2007
WWDC central is right here; keynote live posts start at 10:00 AM Pacific
It's been quiet in The Enterprise Mac for a while. My posts here tend to mirror Apple's new product announcements, and in that regard, there hasn't been a whole lot to report.
I hope that you didn't get too comfortable with the relaxed pace, because it's done. the Worldwide Developer Conference always gets my tired blood pumping again, and the back-to-backness of Microsoft Tech-Ed and WWDC has me entering Apple's event with what some who know me might call an unusually balanced perspective.
I'm in San Francisco, donning my tie and tails for Steve Jobs' WWDC keynote and bracing myself for the week-long Mac developer carnival that is, fittingly, Apple's sole company-sponsored conference. After all, developers make Mac's world go 'round, and between Leopard and iPhone, there will be more crazed and motivated coders coming out of this year's conference than from any WWDC before it.
I'll be among them. This is my show.
I'm rigged for live posts from my trusty BlackBerry 8800. As always, the posts will be thumb-ugly, but they'll be to-the-second.
Whether you're at WWDC or not, I'd be honored if you'd stay tuned in as I post throughout this week and after. Keep an eye out for content in the Test Center section as well, because I've got a boatload of previews and reviews on deck.
I will read and answer comments that come in this week. I'd like to make this week as much of a discussion as possible.
Thanks, everyone. It's good to be back.
Posted by Tom Yager on June 11, 2007 08:27 AM
March 01, 2007
Apple Sets Wi-Fi on Fire
AirPort Extreme is no ordinary 300 Mbps 802.11 draft-n base station, network accessible storage server and print server
The Top Line
Apple AirPort Extreme
Apple Inc.
Price: $179
Platforms: Management and disk auto-mount from Windows and Mac clients; gateway/router capabilities accessible to all Wi-Fi 802.11a/b/g/n clients; file and print services available to all platforms that support CIFS (common internet file system) or Apple File Protocol sharing; clients running Apple Bonjour or compatible zero-config software can connect to base station and services without name server access
Executive Summary: At $179, Apple's AirPort Extreme 802.11 draft-n wireless base station is priced like brand X, but Cisco couldn't have done it any better. Apple's claim of 5X performance and 2X coverage relative to 802.11g is no mere boast; it was proven for this review. Apple's new base station is easy to manage from Windows and OS X, and current AirPort Extreme admins will appreciate the rewritten AirPort Utility's expert features like logging and performance charting. If you plug a USB printer and a hard drive into AirPort Extreme's USB port, it will automatically be shared to Windows, Mac and other platforms able to work with these platforms' native network protocols. As for security, you can keep unauthorized clients off your network and limit the periods during which authorized clients can connect. From corporate campuses to LAN parties, AirPort Extreme is a base station that blurs the boundaries between base station and server.
Pros:
Cons:
| Ratings: | |
| Performance | 8.0 |
| Ease of setup | 10.0 |
| Features | 8.0 |
| Standards support | 9.0 |
| Manageability | 7.0 |
| Value | 9.0 |
Final score| 8.7 | |
| Excellent |
Consider this scenario: An ad-hoc workgroup of twenty developers needs a private LAN with strongly-encrypted Wi-Fi access, an Ethernet print server, and secure network-connected storage for the source trees, documentation, project data and home directories they'll sync to their notebooks for off-line use. The group will borrow contractors for the project, but the contractors can only use machines the company issues to them and they'll only be allowed to connect during scheduled working hours. It's your job to set them up. Oh, and the company has wisely allowed group members to use the platform of their choice, so make sure that Windows and Mac users are served equally well.
If you can't identify with an ad-hoc workgroup, then substitute a small business, sales team, branch office, LAN party or what-have-you. Just put yourself in the position of having to pull together the infrastructure, and configure clients and provision the server resources needed to fulfill this tall order in short order. Apple has a solution in mind: AirPort Extreme. This unit is no bigger than a box of chocolates, it has no moving parts and it costs $179. Leave one on the workgroup leader's desk, take an early lunch and return a hero.
AirPort Extreme is a Wi-Fi base station that works as a secure LAN/WAN gateway or bridge, a four-port 10/100 Ethernet router, a network access controller and a file/print server. No, really, this Wi-Fi box does file and print. Jack USB external hard drives and printers into AirPort Extreme's USB port and they pop up on your LAN and WLAN as Windows and Mac volumes and networked printers. Not only that, but any Windows or Mac user can choose to auto-mount the device when it's within range. For all of this, there is zero server administrative overhead because there's no server. AirPort Extreme's file/print isn't as guarded and configurable as Windows 2003 Server. It won't serve all purposes. But think of all of the printers and third-tier storage managed today by cast-off PCs. You can dump them and get Wi-Fi to boot, and if you drop an AirPort Extreme wherever these ratty servers sit now, Apple's base stations will join together, with no wires and no configuration hassles, to extend your WLAN's coverage area.
When do we get to the good part?
Hold onto your hat, friend, because that's just the first course. Apple supplies a rich client management utility with real-time logging and monitoring that operates identically from Windows PCs and Macs, and permits management over wired and wireless connections. That's true and quite cool, but I'm teasing. What everybody wants to read about AirPort Extreme is that it implements the IEEE 802.11n Wi-Fi draft standard. Apple claims that AirPort Extreme tests out at five times the top speed of 54 Mbps standards 802.11a and 802.11g, and that it can maintain speeds equal to 54 Mpbs standards' best at twice the distance. Apple is taking care to be conservative with its numbers, which is wise. I tested AirPort Extreme in ugly conditions and found that in places where the previous AirPort Extreme model (the one with the pointy head) couldn't see my MacBook Pro eval notebook at all for impediments structural and human, the new AirPort Extreme bathed me in bandwidth.
You'll have to decide which of these capabilities to get most excited about while I lay out a bit more detail. As for me, I'm grabbed by the whole package, and this is one of those rare circumstances in which the package could readily fetch more than the price asked.
Is there a draft-n here?
If you've heard of 802.11n, the method by which Apple drives AirPort Extreme and 802.11n-compatible clients to stratospheric speeds, it may have been in the context of some controversy. 802.11n is not yet ratified by the IEEE. It has been baked but not served for so long that most Wi-Fi users don't know what they're missing. Apple is not the first network product vendor to leapfrog the IEEE in customers' interest. There are readers who will regard my take as heretical, but I don't care. There are a few countries outside the US, including the United Kingdom, where the 5 GHz spectrum used by 802.11n is regulated in such a way as to preclude the Multi-Input, Multi-Output (MIMO) method used by 802.11n. I'm not in one of those places. I'll take mine now, and they can get theirs when it comes around. Apple ensures that AirPort Extreme does the compliant thing when it's operating in a regulated territory.
I'm not worried about how 802.11n might change between the draft and ratifaction. Big names, including Intel, have jumped on the 802.11n train. This has the earmarks of being a standard that's ratified by the public before the standards body can get itself off the dime.
Mac users get it
Apple is unique in having baked 802.11n directly into nearly all of its client product line: All Core 2 Duo iMac desktops (except for a discounted, education-targeted model), MacBooks, MacBook Pros, and Mac Pros ordered with the AirPort Extreme add-in, have shipped from day one with 802.11n baked in, but locked out in firmware. The CD that comes with AirPort Extreme includes an installable package that will unlock the 802.11n feature in an unlimited number of n-capable Macs, and any unlocked Mac stays n-enabled forever. If you want to use 3rd-party 802.11n base stations with your Mac, Apple sells the "802.11n enabler" for $1.99.
In addition to the majority of the Core 2 Duo Mac client lineup and AirPort Extreme, the Apple TV digital media hub (I call it the "iTunes terminal") shares the same implementation of the draft, and Apple tests for compatibility with other network hardware ve