Enterprise Mac | Tom Yager | TAG: Software

MORE ENTRIES

TAG: Software

May 13, 2008 | Comments: (0)

OS X Security: How I became a spam kingpin, went legit and turned detective

I'm picking up the first-person account of a Leopard Server root exploit where it left off from my preceding post.

I did slam the door on the ClamAV exploiter, and close observation for a couple of weeks allayed my concerns that any lasting hole had been blown in my OS X Leopard Server's security. I felt quite pleased with myself. My mail server was back on-line and healthy, and days of backed-up e-mails, including the requisite quantity of spam, started streaming in. I was a happy camper in April.

Then came May, which has been an unkind month thus far. Walking past my Xserve one night, I noticed that the CPU activity lights were pegged when the server should have been idle. Eight cores, burning rubber doing nothing? I went to the Activity Monitor GUI, and then to top from the command line. Neither identified a process responsible for sucking up all of my Xserve's CPU cores. I rebooted, and the problem seemed to go away. But after about ten minutes, CPU utilization began climbing. I disabled Postfix and rebooted again with the same pattern.

It was at this point that I knew I was under attack. It's at this point that a sensible person like you would pull his WAN cable. But I, in addition to using Xserve as my 24/7 server, use it to unravel mysteries that might make for interesting copy, even if it means feeding my limbs to wolves in the process. I care that much.

Looking at Activity Monitor, top and ps again, I noticed that there were five sshd (secure shell daemon) processes running whose CPU times (total time a process spends occupying a CPU) nearly kept pace with the system's uptime. I often keep multiple ssh sessions going at once from a couple of machines, so except for the CPU time, it was hard to see five sshd instances as unusual. Until, that is, I used lsof to find out which files each of the sshd processes had open. I found socket connections open to Russia, China, Poland, Sweden, and Italy. My Xserve seemed to be on a promiscuous world tour.

I blew away the sshd processes, including my own (coming in through Remote Desktop instead), and I used Server Admin to disable ssh. The CPU VU meters dropped to minimal. Well, that was easy. "Too easy," I said in my noir gumshoe manner.

Every so often, ps would show launchproxy, sshd -i or both in the process list, but they'd vanish before I could lsof them. This was a job for Little Snitch. Little Snitch traces outbound socket connections by application, source IP and destination IP. Its killer feature is that it keeps a list of the last several connections. Watching Little Snitch, I could see launchproxy, then sshd pop up from connections from mostly offshore domains. The sockets would close within a couple of seconds of opening. However, Little Snitch couldn't tell me what these programs were doing. Was spam still getting out?

It was time to move on to tcpdump, which confirmed that yes, my Xserve was making outbound connections on port 25. Instead of a flood of connections from standing sshd instances, each hit of launchproxy and sshd from afar seemed to squeak out one message. The frequency of connections was low during the day, but spiked enormously at night in my time zone. tcpdump -A -s 0 didn't show the text of any of the messages, which I found odd.

Throughout all of this, I've been checking blacklists to see if my IPs were flagged for spamming. I haven't, knock wood. As I expected, my server passed a variety of on-line open relay tests.

I'm quite sure that the initial attacker messed with my ssh server keys or my server's default certificate. Beyond that, I still have a lot of work to do. I've already done a clean install (I wasn't given an option to upgrade or archive) of OS X Server Leopard to a new volume, with no WAN services on line yet. I'll copy configuration files, very carefully, to recover services like DNS, while I expect that I'll rebuild my mail server from scratch. Meanwhile, I'll keep scratching around to look for signs that might help you in diagnosing a similar attack.

When I finally do put ssh back on-line, it will be authorized only for a non-privileged user.

Posted by Tom Yager on May 13, 2008 05:07 PM

April 16, 2008 | Comments: (0)

Ahead of the Curve: Back to the Mac

Several months ago, I determined that my years-long fondness required reexamination. I quietly took a break from the Mac to get some perspective, to check out Vista, AMD, and Longhorn (Windows Server 2008) untainted by Apple's PR and uninfluenced by other journalists and bloggers. I elected to take a break from reviews of new Mac hardware, the occasion of which always piques my interest in Apple's platform. There were times when I felt I'd chosen the worst possible time for this hiatus. I ended up passing on MacBook Air, Time Capsule, Harpertown Mac Pro, and most painful of all, the new MacBook Pro. It was difficult seeing InfoWorld pick up reviews of these from sister publications, but I take my responsibility to readers very seriously. I can't very well counsel you on technology choices if I consider the field limited to one worthwhile player, especially when that player projects the image that it competes only with the generation of systems that preceded what's presently sold.

I found enormous value in my time away from Mac. I made the kind of discoveries I used to make routinely before I took on the Mac as a specialty, and as I take up the Mac again -- which I am doing immediately -- it's clear that my appreciation for the platform is justified, and that the customary split of my effort and attention between Apple and AMD is justified.

The genuine, practical superiority of AMD's Barcelona server platform, and its Phenom desktop platforms that derived from Barcelona, came to light during the break I took from Mac. A one socket, quad core Spider (Phenom plus ATI CrossFire graphics) runs Vista so obscenely fast that even a diehard Mac user's head will turn. Privately, of course.

I found it extremely intriguing that systems built on Phenom platforms can tune themselves autonomously for the maximum possible CPU and GPU speed over a surprisingly broad range, based on a whole system approach that takes cooling, power supply capacity, and your preferences for noise and maximum power consumption into account. I found that I could speed bump an AMD Phenom desktop for free by moving it closer to the floor, where the cooler air prevails. What a grand idea that in itself shows genuine customer-focused insight.

I gained a fresh appreciation for the GNU compiler collection, which has taken remarkable strides since I last took a deep dive in it. I was unaware of the level of engagement from commercial partners, including Apple, AMD, and Novell. Each is undoubtedly pursuing its own agenda, but it does so within the framework and culture of one of the most tightly controlled and liberally licensed open source projects in existence. AMD has finally embarked on the long road to compiler parity with Intel with its contribution of Family 10 (Barcelona/Phenom) architecture-specific optimizations to GNU.

Apple has been busy on the gcc front as well. Objective-C 2.0, with its desperately needed garbage collection, has been a reality in the GNU toolchain since Xcode 3 was in non-disclosure beta. In release 4.2 of gcc, auto-parallelization joins auto-vectorization to adapt projects to multiprocessing and vector acceleration without developer intervention. Unless I'm mistaken, the public beta versions of the iPhone SDK, now at Beta 3, mark Apple's first swing at Microsoft-style free public distribution of pre-release dev tools. The privilege of early access has been reserved for paid members of Apple's Developer Connection programs. That iPhone SDK carries all of the latest GUI tools, documentation, and GNU command line compilers, including FORTRAN, into Apple's default distribution. Hit http://developer.apple.com/iphone and scroll to the bottom of the page for the download link. You do not need to pay the $99 fee to register as an iPhone developer to use the new tools, which compile applications for Leopard as well as iPhone.

Apple is getting ever more daring in its engagement with open source in other ways. WebKit, the fast HTML/CSS/SVG rendering and JavaScript engine used in Safari, has caught on like wildfire outside Apple, and why not? To get a commercial browser, loaded with current and emerging standards, free and open for incorporation in your software, is the stuff of fantasy, and Apple holds virtually nothing back. The WebKit project is not strictly Apple's. It enjoys broad community engagement, but it is worked as a priority by Apple's staff, even to the benefit of direct competitors. For example, the browser on Nokia's E-series phones is WebKit-based, and this is not the only example where Apple effectively put its staff and technology to work for the benefit of a competitor. The GNU toolchain's adaptability to multiple embedded platforms will see WebKit in everything from phones to toys, starting with iPhone and iPod touch. Now that WebKit has been accepted into Google's Summer of Code, I can't wait to see what innovation comes from that gathering. I plan to ply the most influential attendees with the libations of their choice and get their take on where development is headed.

Apple pushed the source code for the publicly exposed innards of OS X Leopard, known as Darwin 9, out for public download on MacOS Forge. Every time it does that, I imagine the move preceded by arguments inside the office about the effort and risks that such a program visits on Apple's platform business. The work of preparing a project of Darwin's size for public distribution is inestimable, and Apple deserves credit for putting it on the agenda of its top OS engineers and project leaders.

I love the conservative approach that Apple is taking with iPhone, especially with regard to multiprocessing. iPhone Applications need to launch and quit instantly, yet relaunch after the first execution having cached and persisted their closing state in detail. It's a freeze/thaw model of state persistence that I'd like to see extended to applications in general. Apple's Xcode has Instruments (prior: XRay), a tool that jams electrodes into your program's and the system's running environment. It records and charts statistical data at runtime along several axes for later examination. It's the most effective means of hand-tuning code for efficiency that I've ever used, and it shows the benefits of persistence quite plainly.

Taking a break from Mac hardware gave me a chance to drink more deeply of the software that Apple maintains off its beaten path. MacPorts and Apple's validated versions of open source projects are open source treasure troves stuffed with some 5,000 free applications tuned and packaged for Intel and PowerPC Macs. Digging through these repositories is so addicting that I had to issue myself an edict to get back to work, which I shall do, newly confident in my mission and purpose. I'm a Macophile for good reason.

Posted by Tom Yager on April 16, 2008 11:36 AM

April 16, 2008 | Comments: (0)

Corrections to "Back to the Mac"

I made a couple of statements in my recent "Ahead of the Curve" blog that Apple contscted me to correct.

First, contrary to my claim that the iPhone SDK is the first time that Apple has released a public preview editions of Xcode in the past, Apple claims to have done so.

Apple tells me that it is not incorporating FORTRAN into beta 3 of its iPhone SDK, a release that includes the newest stable build of the GNU Compiler Collection toolchain. MacOSForge lists FORTRAN as a default language in its distributions of gcc after v4.0, This accounted for my confusion. Note that while gcc 4.x will build for OS X, it is only supported informally by Apple, as are all Apple open source projects.

My apologies for any inconvenience brought about by my incorrect information.

Posted by Tom Yager on April 16, 2008 01:28 AM

April 15, 2008 | Comments: (0)

OS X Server break-in: Probably isolated, but a heads-up

On Sunday, I encountered a break-in on an Xserve running OS X Leopard Server 10.5.2. All Apple-issued fixes had been applied. I cannot locate the vector of intrusion, but following the break-in I noticed the following:

Kerberos authentication was disabled, making the system extremely slow to respond to LAN-based secure shell (ssh) initiation requests. Screen sharing sessions would not connect at all. However, Server Admin was fully functional
All e-mail was down
A launch script for Communigate Pro 5.2.x had been placed in /System/Library/StartupItems, causing Postfix and Cyrus to abort on launch after logging that SMTP, IMAP and POP ports were already opened. All of these services answered with Communigate Pro's greeting rather than Postfix or Cyrus
The StartupItems launch script was removed after Communigate Pro was successfully launched
Communigate Pro's HTTP administration ports were not open at either their default TCP ports or any other listening ports
Communigate Pro reinstalled itself when the contents of its configuration directory were deleted
Several inbound messages from Eastern European senders were addressed to the recipient pw@mydomain.com. This account did not exist in Postfix prior to the attack
Command-line searches for Communigate's distribution tarball and executable were unsuccessful until I interrupted the reinstall process prior to completion
No listening or established TCP port connections were listed by netstat
Postfix SMTP logs were stuffed with relay attempts (far more than usual) for days prior to the break-in
Persistent ssh dictionary attacks preceded the break-in and the period following my blocking of external access. No successes were logged (not surprising)
Fortunately, I interceded before the intruder managed to crack my server into acting as an open SMTP relay. It is possible that my server is wired as a DOS bot, but I doubt it (see below)
The intrusion was only active for one day. However, the intruder was able to obtain periodic intelligence on my actions to thwart his efforts. This was evident in the fact that while I was investigating the cause, the passwords to the two privileged accounts on my server were altered
System configuration files were not altered in any obvious way, and my server is apparently restored to normal function after this response: a) I shut down both WAN ports; b) I changed the root password to the serial number on a $2 bill I received as a high school graduation gift; c) I emptied the Communigate Pro configuration directory and applied ACLs that made it inaccessible except to a freshly-created user with an obscenely complicated password; d) I removed the Communigate Pro StartupItem; e) I wiped out the persisted keys for ssh

It's my suspicion that my system was placed under limited remote control via exploitation of a vulnerability, probably a manufactured one as no reported exploit exists, in Communigate Pro that allowed an attacker to submit very limited commands via SMTP and/or POP3. I think he was flying blind, unable to see the results of the commands he issued, and he therefore made rather slow progress. It was sloppy of him to change my administrative passwords while I was logged in. If I had missed his presence prior to that, that action would have given him away.

How he injected Communigate Pro into my system in the first place remains a troubling mystery.

I'm fairly confident that his original exploit and remote control vectors have been disarmed. Now it falls to me to discover any backdoors he's left behind. There is no sensitive data on this server, and it is not gatewayed to the rest of my network. Rather than reinstall the OS, I'm leaving my server on-line as it is, with all logs set to debug and privileged accounts disabled for non-console login, to see if the attacker has established another way in.

I don't have time right now to do more than this. Ironically, I'm doing a review of Xserve. This event does not color my opinion of Leopar or Leopard Server. I used canned OS X tools and methods to shut down the attack, so I feel the system is adequately armed to foil an attacker. I expect that the original vulnerability was of my own making.

Posted by Tom Yager on April 15, 2008 01:02 PM

March 31, 2008 | Comments: (0)

iPhone SDK: Interface Builder added; WebKit kicks into overdrive

Apple isn't shipping the official iPhone SDK until June, but if you're planning to create apps for iPhone or iPod touch, the pre-release SDK just became more than a curiosity for those writing native code. Interface Builder, the Xcode tool for creating graphical user interfaces for Mac applications, has been added to the iPhone SDK. This not only gives developers the ability to add non-HTML GUIs to their native applications, but Interface Builder also makes it easier to carry hardcore Mac coding skills to iPhone.

Webkit Icon

The SVG Animation in WebKit (Safari) is still under development, but in its latest incarnation it is fast, smooth and very close to passing the standard's acid test. I have little doubt that it will be in Safari's public release in time for WWDC in June. Developers who want to check SVG Animation out now can grab the latest nightly build of WebKit from www.webkit.org. Installing a nightly build binary will add an executable, webkit.app, to your Applications folder. It is indiscernible from Safari--even the title bar says "Safari" and all of your bookmarks are present. The tip-off is a gold-tinged rim around the compass icon. The About box reflects the latest full release build of Safari rather than the WebKit framework version.

There is always the risk that installing a nightly build over the top of production software will introduce some instability. I can't recommend it for Joe Machead, but if you're developing for iPhone, or developing for Safari for desktop, you should be tracking the WebKit builds and reading the blogs attached to the WebKit site.

You might not intend to build WebKit for yourself, but if you can read C and Objective-C, you'll find the WebKit source code to be a study in well-crafted code, written against multiple very complicated and moving specifications. Look at the HTML5 and CSS3 specifications on www.w3c.org to get a feel for what the WebKit crew is up against. Fortunately, it's a serious team that includes Apple engineers, and Apple is a key player in the specifications and standards processes.

Posted by Tom Yager on March 31, 2008 11:30 AM

March 19, 2008 | Comments: (0)

iPhone 2.0: Safari hosts local apps; SQL on a smartphone!; go get Safari 3.1 now

I have a secret: I love JavaScript. It has an extremely simple C-like grammar--it has far more in common with C than Java--and is readable and compact. I can teach it to a child in an hour. With just a few days of messing around, a beginner can write powerful client and server applications in JavaScript, and the minimum required toolset is a browser and a text editor. To test changes to your code, you refresh its browser page.

I developed my appreciation for JavaScript by using it to create applications of surprising scale. In 1999, I wrote a book about creating Web applications, laying out in detail how one can do anything with JavaScript, CSS, DHTML, XML and SQL. The pinnacle of client-side JavaScript at the time was Microsoft's JScript, implemented in Internet Explorer. I took great care in my book to balance IE against Netscape, and to document the ways in which each browser adhered to and diverged from W3C standards. IE did better than most people would assume. It went on to become the basis of the ECMAScript standard. Then Microsoft all but pulled the plug on the language's internal development. The JScript editor and debugger vanished from Visual Studio. My book flopped, but worse than that, a simple language that had justifiable momentum, and even a job market built around it, dropped from sight except as a means to render dynamic HTML content and discern one browser from another.

JavaScript has reemerged as the J in AJAX, where it's assigned such common duties of manipulating in-memory data structures, loading plug-ins and performing explicit animation on user interface elements. It's good to see JavaScript back in action, but for years I've imagined what JavaScript might have become if it had been actively developed after Microsoft let it go. My crushing disappointment was that AJAX, not so advanced in light of history, didn't aim at the one target I felt JavaScript was destined for: Standalone browser-based applications.

Now we're back on track. Incremental developments in WebKit, the open source project on which Apple's Safari is based, have coalesced into the Safari browser for iPhone 2.0, due out in June, and Safari 3.1, which was just delivered for OS X. Apple and WebKit developers have invested an impressive amount of effort to implement vital portions of HTML 5, CSS 3 and SVG (scalable vector graphics) standards. HTML 5 provides a standard for embedded SQL statements into script code. SVG (scalable vector graphics) does what its name suggests, but also brings motion into places where only static bitmap graphics worked before. SQL (through SQLite) and SVG are linked into Safari, not plug-ins. CSS 3 sets up implicit and explicit animation, with both managed by the renderer.

In the transition from Safari 3.0 to Safari 3.1, WebKit coders and Apple somehow blew the doors off prior JavaScript performance. Apple created a JS benchmark, SunSpider (a click here will run it immediately; be aware that it takes some time), to prove its point. It measures the average time taken to complete a few cycles of complex JavaScript tasks. An 8-core, 3 GHz Xserve ran the SunSpider suite on Safari 3.0.4 in 6624.6 millisconds (6.62 seconds). A dual-core, 2.4 GHz Santa Rosa MacBook Pro running Safari 3.1 completed the SunSpider suite in 3211.8 milliseconds, or 3.21 seconds. The fact that SunSpider expresses its results in thousandths of a second portends sub-second results.

As for persistence, well, Apple decided that cookies and XML just wouldn't do. Since SQLite is already pervasive in iPhone OS, Apple wired it into Safari to give JavaScript coders the ability to manage data using real, grown-up SQL with transaction support. SQLite is strictly client-sized, but very powerful for a database that links entirely into your code (and it's open source). I wasn't that hot on SQLite in OS X's Core Data until I saw it in action in the iPhone SDK. Now that I see it it running on an embedded device, I see SQLite for the tight coolness it is.

There is another motivation to using SQLite as the persistence mechanism for iPhone Safari applications: It forces developers to give much more thought to their use of storage, which is a finite commodity on a phone or music player. It also slashes a lot of tree walking and in-memory XML out of your script code. But if you've just got to do the DOM, Apple did fold in two new native-ized DOM query methods to displace still more iterative scans.

Safari on iPhone 2.0 (and iPod touch 2.0) pushes the envelope in so many ways that Mac users will want it in desktop Safari and Dashboard. Okay, I'll speak for myself. I've been hollering for standalone browser-based applications, not those pseudo-apps that require a teeny HTTP server, for years. I'm on record saying that if Apple just did persistence in iPhone's Safari, I'd quit harping at them about a native SDK. I got what I wanted and then some, so now I can harp at you about what Apple poured into iPhone/iPod touch 2.0, Safari and the SDK.

Posted by Tom Yager on March 19, 2008 07:14 PM

March 10, 2008 | Comments: (0)

New iPhone enterprise developer program, $299; musings about iPhone app licensing

Companies and organizations that don't want to make their iPhone/iPod touch software publicly available through AppStore can now apply for a special $299 enterprise development license that entitles them to create and distribute custom software strictly for internal use. The application must be submitted by an individual empowered to make legal commitments on their employer's behalf.

This raises some questions in my mind. If you run a consulting shop that creates commercial iPhone software for clients' (say, government agencies') private use, does each client need an iPhone enterprise license? $299 is not prohibitively expensive, but some clients might balk at signing a contract with Apple as a condition of running the code you sold them. Commercial developers don't necessarily want to share their client lists with Apple.

I'll ask Apple how it works, but I'm hoping that the $299 program is the equivalent of an unlisted number. If the extra $200 buys the privilege of bypassing Apple's validation, distribution and customer registration systems, then it's the right approach.

You could argue that anyone who carries an iPhone is already registered with Apple when they activate their phone, so whatever secrets a user would wish to keep are already out. However, in enterprises, handsets are purchased and activated by the employer, not individual users (a purchase model which has, to this point, been denied iPhone buyers by AT&T). Once a phone is purchased as part of an enterprise deal, it should drop off the map where the handset manufacturer is concerned, and the wireless operator's role is limited to supplying the service and sending the bill. Which individual is using the phone, what for, where they work and what applications they're running should be nobody's business. Anything from personal security to trade secrets might be at stake. Once Apple picks up the enterprise baton, it has a lot to live up to.

iPod touch is a special case, and given my overall lack of enthusiasm for AT&T, my favorite case. touch can be used exclusively inside company, agency or a home's walls for any private use the purchaser has in mind. There is no carrier to protect. There is no requirement to sign up with iTunes or any other service in order to use iPod touch for applications. My first application for iPod touch will be to use it as a remote control for an iBootBar rack power controller. This has several network interfaces, but Telnet is the most versatile and will hide well under a GUI. This won't be a difficult first assignment. I'm more uncertain about licensing for personal applications than I am the SDK.

My read of Apple's signing and licensing requirements is that once you pay your $99 or $299 and are issued a certificate, you can start using iPhone/iPod touch units for development (prior to licensing, you can only use the emulator), permitting you to use real devices as develop and debug targets. I have a hunch that units are activated for development use individually (how and how many, I have no idea; perhaps an iTunes-like model) to prevent the use of the SDK as a means of distributing apps.

Where applications written for my sole use are concerned, do I have to sign my code, upload it to AppStore, wait for approval, and re-download it in order to use it? Do I have to re-sign and resubmit the app I wrote for myself every time I make a change (because the checksum changes)? So many questions.

Developer and user licensing will be the messiest aspects of iPhone custom development leading up to the public release in June. I'm going to try to snag a briefing with Apple prior to the release to go over iPhone/iPod touch certificates and licensing. I'll share those details with you.

Posted by Tom Yager on March 10, 2008 07:06 AM

March 06, 2008 | Comments: (0)

iPhone/iPod touch Q & A

Q: Why is Apple the exclusive distributor of third-party software for iPhone and iPod touch?
A: Somebody has to take full responsibility for customer security. Apple is taking responsibility for security by issuing developer certificates that irreversibly link every app a traceable, physical creator. Apple is a good groundskeeper, too; the site's always going to look splendid.

Q: Why do I have to pay $99 to write code for iPhone, and what's that buy me?
A: You can write code for iPhone for $0; download the tools from developer.apple.com. Mess around in the simulator to see if it piques your interest. If it does, then $99, plus answers to the validation questions that Apple will ask, gets you a certificate that will burn your name into your code. When you get that, you can start debugging with a physical iPhone or iPod touch. And you can upload your software to AppStore.

Q: What is AppStore, and how do I get in it?
A: The AppStore icon will be added to iPhone and iPod touch

Q: I meant, how can I get my software in it?
A: Sign up as an iPhone developer. They'll guide you through it.

Q: What kind of merchant account, PayPal, Kagi thing will I need to get my software sold?
A: This is much as you need to worry about money: a) Pay Apple $99 to be a developer; b) write something worth buying; c) decide what people should pay for it; d) upload it to Apple; e) rejoice as you're paid 70% of your monthly sales.

Q: Is anything about this program open source?
A: Steve Jobs says no. You will find references to ARM (the MCU used in iPhone and iPod touch) scattered around the Darwin source code.

Q: Do you think it's possible to completely overwrite the software on iPhone so I can do what I want?
A: For carrier unlocking: a) Buy iPod touch; b) Buy unlocked telephone

Posted by Tom Yager on March 6, 2008 04:31 PM

March 06, 2008 | Comments: (0)

Apple's iPhone software strategy moves me

A colleague scolded me for applauding during Apple's press conference to announce iPhone 2.0, next-generation firmware that will bring a host of enterprise features and support for a native software development kit (SDK) to iPhone and iPod touch. In my defense, I kept my pen and pad in my hands while the room went berserk over Apple's deal with Microsoft to bring an extraordinary array of Exchange Server connectivity to iPhone. I was moved, but not to clapping, by Apple's implementation of Cisco VPN compatibility, WPA2 security and other touches that IT administrators set as requirements for devices that connect to their networks. The enterprise half of Apple's new mobile strategy speaks to IT, and therefore to me as an IT journalist. iPhone 2.0 brings iPhone and iPod touch many steps closer to parity with the high-end BlackBerry, Windows Mobile and Nokia QWERTY and stylus handsets that are enterprise mainstays now. My journalist appreciates having a new contender in enterprise mobile, but does not applaud at press conferences presenting same. I nod and note.

[ Read my iPhone 2.0 Q&A. Read about the developers' reaction to the news. Read our special report, "IT's guide to the iPhone." Learn how to make the iPhone work at work. ]

But I am more than a journalist. I worked in engineering, consulting and technical management in the wireless industry before coming to InfoWorld. I've covered wireless, mobile and embedded technology during my entire tenure here simply by continuing to think and operate like a professional with skin in the mobile and embedded game. For over a decade, I've seen wireless carriers, hardware and component manufacturers and OS vendors come at custom software development from every imaginable angle but the right one. I've known for so many years that the barrier to a boom in mobile applications is a stable, simple, documented platform and a matched set of development tools. I've known that these things don't exist because no entity has found a way to make such an effort profitable. Apple has.

Lest I carry on too long in one post about a topic that will take many posts to cover, I'll clue you in on the points that provoked my applause.

Apple's native dev tools include live remote debugging and run-time profiling of USB-connected devices. During the demo, Apple showed Xcode's Instruments (formerly Xray, derived from Sun's DTrace) recording stack traces in real-time from software running on an iPhone. Developers of embedded software--and that's precisely what handset apps are--appreciate how difficult, expensive and tedious it is to design, code and debug with a tethered physical target, and what a big deal it is to have live debugging baked into an embedded platform and a free toolset. English translation: Applause.

Apple is hosting a catalog of third-party applications (AppStore), splitting the proceeds with developers 70/30, and paying developers for software sold on a monthly basis. AppStore will automatically notify iPhone and iPod touch customers when new releases of their purchased software is available. No desktop approach to shareware and small-volume licensing is adaptable to mobile. All a third-party developer needs to do is upload its software to Apple, hang on it the price tag of his choice, and it'll be added to the catalog. From there, the developer just waits for the checks. And, one hopes, responds to calls for support.

Apple will not charge developers or customers for free third-party software. Huzzah!! Developers will need their $99 certificate, but you can band together with your buds and code under an assumed name. Only the guy that actually has the phone needs the license. Everyone else can work for free, using free tools, with the free simulator.

Apple is opening the same APIs that it uses internally. OS X, BSD, TCP/IP, Sockets, security, power management, Keychain, Core Services (e.g. Address Book, Mail), Core Audio, OpenAL, audio recording, graphics (JPG PNG TIFF), PDF, Quartz 2D, OpenGL ES and H.264, to name a few. A new GUI API layer, Core Touch, has been added. A database layer, managed by SQLlite, is in there. Might could get something done with all that.

Apple will charge $99 per developer to issue a code signing certificate, and Apple will police the AppStore catalog for malware and the like. That's cheap, and in return, Apple's taking responsibility for security. Gutsy.

The iPhone SDK and documentation are entirely free of charge for use with the integrated iPhone simulator. You don't have to buy a certificate to write code. You don't even need an iPhone.

Interface Builder (the GUI designer in the Xcode toolset) is loaded with all standard iPhone and iPod touch interface elements and actions. No more AJAX hacks that look sorta like...

Safari WebView was only mentioned as a term, but if it gives me locally-hosted apps, written in JavaScript, with an HTML front end, I'm down. That might tide me over until Silverlight and Flash come around.

No, seriously, I won't wait. I must code.

After the break, a Q & A with our resident cynic.

Posted by Tom Yager on March 6, 2008 03:43 PM

February 12, 2008 | Comments: (0)

10.5.2 update: Way more than security, and Apple fixed Stacks

Apple's 10.5.2 update is a whopper. It addresses several issues that have been at the top of my list, many with regard to accessibility. Apple has heard the pleading and has reworked Stacks (e.g. the Downloads icon in the Dock) so that it's useful when you have more than a handful of items. Here are my other picks for most welcome changes in 10.5.2:

- An option to make the menu bar opaque (like Tiger)
- A reduction in the transparency of menus
- New list and folder views in Stacks, and a more eye-compatible grid view background
- More accurate Data Detectors in e-mail
- Reduces Mail's tendency to refuse to connect to SMTP servers on some networks
- Ability to make mailbox icons larger
- Remote printers won't disappear when Mac goes to sleep
- Backlight won't off before the user's set Energy Saver delay

What's left to do? If Apple wants to make me happy, it can let me see a full, normal column view when it displays search results. This patch doesn't leave me with much to gripe about beyond that.

For complete details of the items addressed in 10.5.2, see Apple's knowledgebase article on the update.

Posted by Tom Yager on February 12, 2008 10:58 AM

January 17, 2008 | Comments: (0)

MacBook Air, a detailed preview

The room service menu in my hotel, the San Francisco Marriott Courtyard, is the size and weight of Apple's new commercial notebook, MacBook Air. MacBook Air, Apple's newest, thinnest, lightest, simplest notebook in Apple history weighs three pounds. It's 3/4s of an inch at the display hinge (closed), sloping down aerodynamically to a much narrower snout. You have to hold it and tumble MacBook Air to experience what a three pound, aerodynamically inspired notebook feels like, because it'll be a first for you. You have to imagine carrying MacBook Air everywhere in a slipcase, being able to whip it out, open it and have it ready for note taking, research, order entry, voice recording, podcasting, writing or what-have-you faster than you can jot your first word with that legal pad and pen in your bag.

Apple got MacBook Air so skinny and light by removing everything that the majority of mainstream commercial users don't use when they're not in the office or at home. There is no wired Ethernet and no FireWire. MacBook Air has just physical I/O ports: USB 2, audio output and micro-DVI (the latter for connecting to a digital, VGA or video monitor). These are all mounted on a tiny panel that flips down from the bottom of the notebook. When the I/O panel is closed, MacBook Air is nothing but smooth, sloped aluminum skin all the way around. There are no lumps or access covers to tip you off to component placement.

Many questions remain that require a full review to answer. My encounter was with a prototype, so I didn't get a chance to experience heat or fan noise. The charger is 45 watts, and the clocked-down chips in smaller packaging is encouraging. I also didn't get to see how far back the display tilts. I did find that the microphone is no to the right of the iSight window, though I don't know if the sound quality is improved. Likewise, I did not audition the speakers. A test left to run is to use this machine with Bluetooth stereo headphones. This works on MacBook Pro, but it's buggy. Does MacBook Air fix it?

MacBook Air's battery is sealed inside. It offers no external indication of its charge state. Apple's battery replacement program for MacBook Air is to drop it at any authorized facility, get it replaced, and get your machine back having been charged for the cost of the battery alone. I wouldn't expect this swap to happen while you wait, and I don't know whether Apple will commit to returning your data intact.

The thin lid encasing the 13.3-inch glossy display is astonishingly rigid. With so little distance between the top of the lid and the surface of the display, I felt sure that it would fail my warp test. I pressed hard on the back of the prototype MacBook Air's lid. It did not flex, and the display's image did not distort. It's my feeling that the shape of MacBook Air's case will make it a tougher travel partner than the typical squarish notebook.There isn't anything to cave in.

MacBook Air is gives you only what you need: A keyboard, a 13.3-inch display, 80 GB hard drive, wireless networking and 2 GB of RAM. The 1.6 GHz Core 2 Duo CPU (1.8 is an option) is clocked slow by modern standards, but it is cooler and more power efficient than the latest Penryn CPUs. Apple claims that MacBook Air's battery will last five hours, with Wi-Fi. If that's true, then it'll run 90 minutes longer than the much heavier MacBook Pro that I carry. The 45-watt charger makes in-flight and in-car charging cheap and easy.

MacBook Air's keyboard is MacBookish in style with widely space keys, but it is full size and backlit. The prototypes weren't lighting properly, so I can't speak to brightness of the lights or the opacity of the keycaps. The trackpad is massive relative to the size of the notebook. If it worked with a stylus, it'd make a fair tablet. The new trackpad supports a subset of iPhone's multi-touch gestures in bundled Leopard applications. In Safari, for example, you can navigate backward and forward among cached pages by sweeping across the trackpad. To enlarge text in the browser, you make a spreading motion with two fingers. In iPhoto, you can scroll, zoom and even rotate images in the thumbnail view with a single trackpad gesture. The gestural vocabulary will undoubtedly expand, and multi-touch will reach into other Apple software. Apple wasn't ready to address giving third-party developers access to multi-touch.

It goes without saying that this notebook isn't for everyone. MacBook Air's chief drawback is the display. Apple chose a sharp, glossy and bright LED-backlit 13.3-inch LCD panel. It looks marvelous, but it has a vertical resolution of 800 pixels. Pages and applications that are (poorly, lazily) designed to just fill a 1024x768 Windows screen have to be scrolled vertically on a Mac's 800 pixel tall display, while the 900 pixel tall screen of a 15-inch MacBook Pro is a perfect fit. The reason for this is a rant for another time.

Apple's usual thin, slot-loading optical drive would have made the case and the battery too thick, so Apple sells a thin, slot-loading, USB-powered external DVD burner for $99 (beautiful, portable and a bargain for any notebook). MacBook Air also comes with Remote Disc software that allows it to use the DVD drive in any PC or Mac on your LAN. Remote Disc completely bypasses the hassles of fire sharing. The shared disc shows up in Finder as a read-only CD/DVD drive. You cannot use Remote Disc to play DVD movies.

Before pointing to performance as a reason to take MacBook Air off your list, keep in mind that its Core 2 Duo CPU enables OS X Leopard's 64-bitness. With 2 GB of RAM, running Windows, Solaris or Linux as a guest OS under Parallels Desktop or VMWare Fusion is well within its reach. Given MacBook Air's small hard drive, using Boot Camp to dual-boot between OS X and Windows is impractical. With Intel's integrated graphics, the primary impetus for running Boot Camp--to run games and other graphics intensive Windows apps--isn't a factor for MacBook, MacBook Air or Mac mini.

Making MacBook Air at home everywhere I go would require some additional purchases: A USB to Ethernet adapter to connect to hotels' in-room networks, a DVI to HDMI adapter so that I can use hotels' LCD TVs as eye-friendly monitors, and the external DVD drive, because I get CDs and DVDs, and burn them, everywhere I go. But all of these fit in a sandwich-sized baggie that stays behind in the office or hotel while I fly, attend meetings and sit in conference sessions. I can't strip these things out of a big notebook to lighten it up, and they are among the peripherals that fatten the case and make a large, heavy battery necessary.

You do have to weigh MacBook Air's $1,799 sticker price against the benefits of traveling very, very light. If you run to meetings now with a wheeled bag in your wake because your notebook and charger are too fat and heavy to sling over your shoulder, you need to make a change. If it's such a pain to extricate and pry open your big notebook just to make a note, check an appointment or send an e-mail that you sometimes just don't bother, you definitely need a smaller notebook. If you start shopping with MacBook Air, I'm afraid that touring PC alternatives will prove unfulfilling.

Posted by Tom Yager on January 17, 2008 09:59 PM

January 14, 2008 | Comments: (0)

Thoughts on the iPhone/iPod touch SDK

[Late note to helpful commenters: I only write from my experience, observation and analysis. I don't read anyone else's work on topics I cover.]

If everything is still on track, Apple will roll out a software development kit (SDK) for iPhone and iPod touch, which share a platform, in February. I have been pondering some possibilities about that SDK. I don't have answers, but perhaps the questions will get you thinking.

Why do an SDK? Certainly not to make the world happy. If Apple spoke with me about iPhone, it would point out that I'm among a tiny handful of people campaigning for a native iPhone SDK. Casual developers would be overjoyed if Apple beefed up iPhone's Javascript to provide programmers with access to a protected subset of the filesystem and the ability to add icons to the home screen. If it were possible to browse "file://" in Safari, then local HTML apps with XML data stores could function as off-line applications.

A similar purpose would be served by a tiny HTTP server capable of performing data binding and mixing of local and on-line content.

In the long run, I think that the reason for doing a native iPhone SDK is to make iTunes Music Store a marketplace for downloadable mobile software. It's been done; Forum Nokia has catalogs of third-party software and hosts developers' applications. An icon on your phone takes you to the Nokia catalog, and software that you purchase from there gets tacked onto your phone bill. Developers get a check for their cut. Games and network tools are very popular.

Commercial developers (shareware and up) need to wire their code for time-limited trials and phone home activation, which is harder to work into non-native software. Nokia tags offerings in its catalog by programming language, and the vast majority are written in C.

If the iPhone SDK is genuinely native, that is, compilers can target the ARM CPU, then that openness will come with high-tensile strings attached that will prevent working around any of the restrictions that protect Apple and wireless operator revenue, and to protect non-savvy iPhone users (the majority). If the SDK permitted the opening of arbitrary TCP sockets, for instance, half of the world's iPhones would be running P2P file sharing clients 24/7, at wireless operators' expense. Trusting users would be downloading malware-stuffed Tetris clones that ship address books and mail folders to identity thieves. I don't see Apple opening itself to this.

Apple will provide as much cover for customers as it can. iPhone apps will be sandboxed so that system and iTunes files are invisible. The first custom app you run will see an empty file system from / on down. Further protection will be afforded by Apple just as Nokia has done it (and with great controversy): Vendor code signing. There is no getting around the fact that native mobile apps, except for those you write for yourself, must be signed, and that no developer can be equipped with the means to sign code that runs on another device. Code has to blessed by a single trustworthy authority. I can't imagine what the signing process would be, how long it would take or how much it would cost--I'd hate to see no potential for iPhone/iPod touch freeware--but I don't think that it's something Apple will farm out.

iTunes' adaptable infrastructure and digital rights management technology are already there. After receiving and signing an app on behalf of a developer, Apple need only add a workflow item to ship that material, price attached, to iTunes. The question in my mind is how developers will get paid. Is Apple going to cut hundreds of developers individual checks? Will Apple demand to be the only source through which signed applications can be acquired?

So many questions. That's what I love about this job.

Posted by Tom Yager on January 14, 2008 11:17 PM

December 29, 2007 | Comments: (0)

Blog comments getting DOSed

I really enjoy reading comments from readers of Enterprise Mac and Ahead of the Curve blogs. Your comments figure significantly into the direction of my coverage.

Unfortunately, the comment system is being targeted by some conspiracy to keep me from speaking out on matters important to the public. There are those who can't accept that Apple is positioned to sell its server gear against IBM, HP and Sun, and that in the field of commercial systems, there is no longer any excuse to opt for a lesser quality PC notebook, desktop or workstation. Nobody's afraid of OS X any more.

There are interests arrayed against the dissemination of this freeing knowledge.

I'm just having you on; it's no conspiracy, just some nutters hoping to overwhelm the comments system with garbage text to make it useless. Weenies who think this is fun will be back to peeking into their sister's shower It will pass, and when it does, more of your comments will come under my eye. I sorely dislike being without them. In other words, don't quit.

Posted by Tom Yager on December 29, 2007 04:51 PM

December 19, 2007 | Comments: (0)

MacBook Pro unresponsive keyboard patch. Nick of time, or vain hope?

Apple has done it again. It has released a patch overlapping with my blog entry complaining about a bug, but this time, Apple beat me to posting the entry, so I can't claim credit for the fix. I'm also not the least bit sure that the fix and my trouble are related, but I have a reason to report the MacBook Pro Software Update 1.1 as newsworthy.

The MacBook Pro Software Update 1.1 patch addresses "a temporary suspension of keyboard input which can last a minute or longer." That's familiar.

I've been trying to narrow this bug, or something like it, down to a particular app or kernel extension, or to some newness in Leopard. My best suspect was the recent pairing with a new Plantronics A2DP (Bluetooth Stereo) headset, which did knock my MacBook Pro loaner quite wobbly in other respects.

A2DP is still problematic, as I'll relate to you. But at least now I can tease trouble related to Bluetooth Stereo from a known hardware bug.

Posted by Tom Yager on December 19, 2007 01:00 PM

December 16, 2007 | Comments: (0)

Time Machine Server, or local external drive?

One of the services packaged with OS X Server Leopard (there are so many) is Time Machine Server. If you're running a network of Leopard notebooks and desktops, centralized Time Machine backups are easier to administer and secure than doling out a fleet of FireWire and USB drives. However, if you want to carry each client's protection beyond Time Machine's rolling 30 day window--Time Machine will retain weekly backups until it runs out of space--you might have to set aside twice the size of each busy client's internal hard drive to exceed 30 days' worth of coverage. The headroom varies widely by user, but do you want to try to tailor a backup strategy to each machine?

You have to weigh Time Machine Server's physical server (Xserve or Mac Pro) and storage costs--expenses that can't be avoided in any disk-based backup scenario--against savings in administrators' time ("please mount volume xxx") and user data lost to infrequent backups and cumbersome restore procedures.

For me, what sets aside all arguments about cost and flexibility of Time Machine Server is its catalog. Lots of backup utilities maintain catalogs, but Time Machine's catalog is chock full of metadata and is completely maintenance free. Users access Time Machine with a Finder-like interface that conceals the fact that they're even accessing a shared volume. When using Time Machine server, administrators maintain the ability to do point in time restores, or migrations, without the time or effort of taking full volume snapshots.

With regard to the incremental cost of storage as clients are added to the LAN, someone suggested attaching the USB or FireWire drives that would be on users' desks on the server instead. For five clients in a casual setting, sure. You could unmount any machine's backup drive, hand it to the user and tell them to do their own restore. Leopard presents "restore from Time Machine backup" as an option when you boot from the install DVD. For more than a few clients, or where the purpose of Time Machine is more critical than "undelete," I'd rather see a more robust enclosure, even a dumb backplane, than a daisy chain of FireWire drives.

Keep in mind that Time Machine doesn't absolutely require a server or an external physical volume. You can split local drives into multiple volumes, and use one for Time Machine. You end up with a backup volume that's bigger than the primary, but the average user is none the wiser. That takes care of undelete, and more old fashioned methods can be used at the server to cover worst case recovery.

What would I like to see in Time Machine? My one and only desire is to have Time Machine run only when the client is idle. This is really driven home when you try to use Wi-Fi, even 802.11n, to connect to a Time Machine Server. My strong recommendation is to use copper for Time Machine, at least for the volume copy that it makes as a first step. I realize that RJ-45 sockets, and users who sit still long enough to take advantage of them, are rare these days. If you must use Time Machine Server over wireless, or, heaven forbid, broadband, remember that I warned you against it.

Posted by Tom Yager on December 16, 2007 08:01 AM

December 11, 2007 | Comments: (0)

Greatest hits for OS X developers; labeling apps "10.5 or later"

It's always a boon when someone gathers the greatest hits of some massive drop of new and complicated developer resources into one simple page that serves as a roadmap to deeper understanding. If you're ho-hum about porting to Leopard, you and your users are missing out.

I wish I had a knack for what Matt Gemmell does. His list of top reasons for developers to love Leopard will make Windows and Linux developers green with envy, and convince Mac developers to modernize and simplify their code. Matt's list is simple, concise, enlightening and enlivening, and I recommend it even for non-developers.

Along the same lines, is it Kosher to set Leopard as a requirement for your custom app? Like all responsible writers and speakers, I leave that to you. Extensions to Quick Look are emerging at a more rapid pace than Dashboard widgets for now.

I think literature like Matt's and WWDC '07 session materials make "OS X 10.5 or later" badging an awfully appealing prospect, even if it is politically incorrect by historical practice. At the very least, you might consider forking your projects and let versions addressing OS X prior to 10.5 slide into maintenance. There is so much developer goodness in Leopard that can't be back-ported to Tiger.

Posted by Tom Yager on December 11, 2007 08:32 PM

December 04, 2007 | Comments: (0)

How Leopard Time Machine works, and how it doesn't

For Time Machine's primary target audience, home users, backups of desktops and notebooks running OS X Leopard are fully automated, just as advertised. All that's needed is an external hard drive that's at least as large as the system's internal drive. Pull up the Time Machine pane in System Preferences, select your external backup drive, and flip the big switch from OFF to ON.

After making an initial full copy of your system's drive--file by file, not sector by sector--Time Machine scans your system hourly and copies the files changed since the last scan to the external drive. The copy is non-destructive: A file is not overwritten if the archive already has a copy of it. In effect, the old file is renamed before the new copy is written. A catalog tracks the location of every file in the archive, and the time at which file was appended to the archive.

Time machine conserves disk space by folding every 24 hours' worth of hourly backups into one daily backup. It retains 30 days' worth of daily backups. After 30 days, Time Machine starts folding daily backups into weekly backups, which are kept until the backup volume is full.

Apple brilliantly created a Finder-like view into the archive catalog that lets you browse your backup archive's catalog hierarchically and temporally. As Apple puts it, you can see your entire disk as it was at a given point in time. True, but depending on how far back you step to find a lost file (for example), time may rewind in increments of hours, days or weeks.

As Apple presents the Time Machine filesystem view, you can see your system approximately:
As it was at the top of each hour today
As it was each day for the past 30 days, starting yesterday
As it was each week, starting 31 days ago, going back as far as disk space permits

A distraught user might only be interested in the amount of data he may have lost:
If you accidentally deleted a file today, you lose up to an hour's work
If you deleted it between yesterday and 30 days ago, you lose up to a day's work
If you deleted it more than 30 days ago, you can lose up to one week's work, or all of it

There are users even among Apple's targeted consumer population who need to think about their use of Time Machine, or who may be better off not using it at all. Consider the case of a home user who time-shifts television shows via iTunes, BitTorrent or another source. A sensible user deletes episodes he's already watched to conserve disk space, but when Time Machine is active, it may take a month for that deleted episode to vanish from the backup drive. If the backup drive fills before it can archive 30 days' worth of data, Time Machine flags an error and quits.

That scenario plays out for any user or application that creates expanding or volatile files. A 10 GB database can be appended to your Time Machine archive hourly. A lengthy log will be appended in its entirety even if only one line is added between hourly archive runs. Deft management of Time Machine's exclusion list is essential for busy systems.

Time Machine is archiving, not data protection. If your external drive fails, you lose all of your backed up data. Data protection that covers the failure of a storage device calls for a disk array with RAID mirroring or parity striping. If you want to archive and protect your data, which isn't a bad idea if you're a professional Mac user, use a RAID volume as a Time Machine backup device.

Or, as I'll detail in the next entry on the subject, use Xserve as a Time Machine back-end.

Lastly, to get ahead of what will likely be the most frequently asked questions about Time Machine:

Q: I set up a directory for Time Machine on my external drive. Why can't I see it in Time Machine's list of backup destinations?
A: Time Machine can only back up to volumes (formatted partitions) that are dedicated to the purpose. For geeks' sake, if it doesn't have a /dev/disk* entry, Time Machine can't target it.

Q: Why won't Time Machine use my AirPort Extreme base station's USB drive, or other Mac or Windows storage on the network?
A: Windows and Apple file sharing share at the directory level. Even if you share a whole Windows lettered drive or the root directory of a Mac partition, you're sharing a folder, not a volume.

Q: I'm a fearless genius. Isn't there some way to work around these limitations short of hacking the kernel?
A: Learn ZFS, but know that the likelihood of creating unreadable Time Machine archives is enormous despite what appears to be success. I won't help you beyond that.

Posted by Tom Yager on December 4, 2007 10:24 PM

December 03, 2007 | Comments: (0)

InfoWorld's OS X Leopard review: "A Perfect 10," and thanks for the links

If you haven't seen it yet, I'd be honored if you'd check out my just-posted review of OS X Leopard. It was a long time in the making, and if you can believe it, I'm still not done. Part II of that review is being edited as I write this, and my review of OS X Leopard Server is nearing completion. You don't have to wonder whether InfoWorld is serious about Mac coverage. You just have to ask yourself how much Mac you can handle.

I'm exceedingly grateful to bloggers, aggregators and other sites that create links to my stories.

Posted by Tom Yager on December 3, 2007 07:28 PM

November 24, 2007 | Comments: (0)

The only Leopard tip guide you'll ever need

If you want to be in the know about Leopard's new features and how they can improve your work and life, you could wait for a book, sift though OS X tips sites, or have insider secrets leap into your hands the moment you need them.

The first step is to abandon presumptions about what Apple couldn't possibly have built into Leopard and its bundled apps. These presumptions lead to premature workarounds for absent features that actually exist in Apple's code. It's folly, bordering on hubris, to imagine that you're the first person who ever needed to do a given thing. Instead of assuming that a feature is missing because it isn't where you expected to find it, ask your Mac where that feature is.

Whenever you need to do something you haven't tried yet, turn to Help first. Query each application's Help; the Help for Leopard as a whole is linked to the Help menu that's available when Finder is selected. If your query fails, your terminology might be to blame. Go to the Help table of contents and drill down the hierarchy until you narrow in on what you're trying to accomplish, or its nearest identifiable neighbor.

If you lose your way in System Preferences, which is much harder in Leopard since Apple did a major reworking of the most complicated Security, Sharing and Networking preferences, enter a keyword or two (e.g. "firewall") into the search field in the corner of the System Preferences window. Preferences panes matching your query will light up. Most buttons and fields pop up brief, useful descriptions when you hover over them for a few seconds, and you'll often see questionmark buttons on dialog boxes that open context-sensitive Help.

Enter "shortcuts" into any Help window's search field. This will point you to a list of keyboard shortcuts for the app or, using Help while Finder is active, for Leopard. Even if you're not a fan of shortcuts, Apple wires most important and most commonly-used interactive features to the keyboard. Reading the one-line shortcut descriptions is much easier than pulling down every app's menu bar item and trying to figure out what it does.

I spell this out in such detail because Help is grossly underutilized on the Mac, especially among Mac users who are just too cool to click Help. Leopard's Help is concise and easily navigable. Use it when no one's looking if you must, but no matter how good you are, you will always find happy surprises in Help. Covert use of Help has made many a superstar on OS X tips sites.

If you still can't figure out how to make your Mac do what you need it to, open Automator. It drives GUI apps in ways that you'd never have imagined, and if Automator can make an app do what you want, then so can you.

Lastly, you'll come across simple needs, like sorting a list of number/name pairs, or converting data from one format to another, or removing the top five lines from every file in a certain folder, that you won't find in GUI apps because it's already been done in UNIX. The command line (Applications/Utilities/Terminal from Finder) opens the astonishingly well-stocked UNIX cupboard that Apple doesn't expose through GUIs. If GUI Help doesn't reveal a way to do what you want, open up a Terminal window and type "apropos" followed by a keyword (for example, try "apropos firewall"). This will search the documentation for commands relevant to the keyword. Then type "man" followed by one of the command names displayed by apropos. If the resulting manual page is long and confusing, many have Examples sections that spell out the most common usages. Of the roughly 1,500 command line programs in OS X, you may only need a handful, and learning these will take some experimentation. But you will discover that most of the wheels you have in mind to invent to work around some perceived shortcoming in OS X were created by a guy at AT&T or Berkeley back in 1983.

Familiarity with grep, awk, tr, find and the built-ins of the bash shell will serve you well.

Rest easy. Help is always there when you need it, and it's right on your Mac.

Posted by Tom Yager on November 24, 2007 12:08 AM

November 22, 2007 | Comments: (0)

Cool facts about the Leopard kernel

Source code for the x86 and PowerPC OS X (Darwin) kernels have been merged in Leopard for the first time. Prior to Leopard, PPC and x86 source trees had to be downloaded and managed separately. Now instead of building the right tree for your system type, you identify your target architecture at build time.

The Darwin sources now self-build a bootable Darwin using only make. Previously, you had to download a separate set of build tools called Darwinbuild.

x86 and PowerPC aren't the only targets for the Darwin kernel. The build example in the xnu README attached to the Leopard kernel makes reference to a Freescale MX31ADS ARM9 eval board (link to PDF manual) build target. That bodes well for the reach of the iPhone/iPod Touch developer kit in February, eh?

Posted by Tom Yager on November 22, 2007 07:40 AM

November 22, 2007 | Comments: (0)

Leopard kernel source code published November 8

Happy Thanksgiving, everyone. Among countless other things, I'm thankful to have a weekday during which I can leave my BlackBerry powered down.

I have also chosen today to give overdue thanks to the Leopard project team. The Darwin kernel used in Leopard has been posted to Macosforge.org. This figured into my ten out of ten review score, but yelling about sources in a review targeted to users, admins and IT buyers is a little too gearheady. If Apple is popping any champagne corks over Leopard being InfoWorld's first ten out of ten review, then I bid them set aside a well-chilled bottle of the finest (or their preferred adult or hypercaffeinated beverage) for Kevin Van Vechten and his team.

If you watch for Darwin kernel releases, you might have bookmarked Apple's Darwin kernel (xnu) project page, which still shows Tiger 10.4.8 as the newest announced version of the Darwin kernel. Keeping the news page current for media snoops isn't as important as getting the real work done. I confess being glad for that, because not many can grasp the relevance of Apple's lock-step kernel source publishing policy.

The sure-fire URL to bookmark for up to the minute Darwin sources is http://www.opensource.apple.com/darwinsource/tarballs/apsl/, which is an HTML gateway into Apple's open source version control system. The pretty page URL, which also provides convenient pointers to tools, docs and related sources, is at http://www.opensource.apple.com/darwinsource/. I haven't watched that page closely enough to vouch that it is kept up to date, but the xnu (kernel) releases listed there do reflect the full list of downloadable tarballs.

By keeping the release of kernel sources in step with commercial OS X updates a priority, Apple's engineers, program and project managers have now put a universe's worth of distance between OS X and other commercial OSes. Readers should know that xnu, the Darwin kernel, is an "extra mile" project. Publication of the kernel sources is not mandated by a license lien on any of Darwin's open source components. The BSD license attached to much of the Darwin kernel requires attribution, not distribution. I've always admired that.

The Leopard project team's brilliance and vision doesn't end there. I've unearthed some exciting details that deserve a post headline of their own, to follow immediately.

Posted by Tom Yager on November 22, 2007 06:31 AM

November 15, 2007 | Comments: (0)

Apple issues 23 updates in two days; highlights of Tiger and Leopard updates

200711151902

Make sure your broadband bill is paid up, because Apple's got a crate full of fixes with your name on them.

In a couple of cases, these are the updates we've all been waiting for. I'm hoping that the iMac Graphics Firmware Update will get iMac users out of their work/save/reboot cycle. Such beautiful machines behaving so badly. I still wonder whether Apple or ATI did the brunt of the work on this fix.

The entire Pro Apps suite has gotten significant attention. One of the many qualities to appreciate about Final Cut Studio, Aperture and Logic is the frequency with which Apple tunes and enhances them. TV networks and movie studios deserve a bit of extra attention, no?

All Tiger and Leopard users have gotten major attention. 10.4.11 is the latest scheduled release of Tiger, and high points among its improvements include Safari 3.0, RAW image decoding for a range of new Olympus and Panasonic cameras, VMware Fusion stability fixes, the addressing of a bug affecting port mapping with shared Internet connections, 3rd-party WAN device compatibility, USB hard drive reliability, and security updates.

I'm all in for that USB hard drive update. I wonder if it would have kept my dead MacBook Pro eval unit alive. I just missed it.

OS X Server 10.4.11 has all this, along with some server essentials, like allowing users to belong to more than 16 groups, repairs to the FTP server to handle the LIST command properly, failover between Intel and PowerPC servers, LAN registration of OS X servers via Bonjour, proper handling of aliases on UFS and Xsan volumes, having the chmod command cause corresponding changes in ACL permissions, and fixes for memory panics in servers with 2 GB and 4 GB of RAM.

The OS X 10.5.1 update has some changes that really matter. It puts password-protected AirPort disks in the Finder's Shared sidebar and claims to fix Leopard's annoying tendency to forget wireless network passwords.

Have you used Back to My Mac? It's a simple tunnel to your home Mac from a remote system that works even when one machine or the other is behind a NAT router. The Back to My Mac fix shows remotely-accessible Macs in Finder's sidebar more reliably, and fixes glitches with D-Link NAT gateways. D-Link gear is priced right, but it tends to present challenges, doesn't it?

iCal and Mail have substantial fixes in the areas of the delivery of alarms via e-Mail, the invitation of meeting attendees through CalDAV, attachments inside HTML e-mail, SMTP connection failures in accounts created with Simple Setup, and a couple of significant fixes affecting .Mac users.

In security and firewall (which have been combined in Leopard), Apple has arranged to allow unsigned third-party applications through the firewall if they're whitelisted in either Application Firewall or Parental Controls. Apple has changed some confusing wording in the Firewall tab; instead of Block All, which sounds like your machine is cut off from the outside world, Apple has inserted the wording "Allow only essential services." Apple's idea of "essential" may differ from yours; dealing with that is your problem.

One potentially serious squashed nasty regards the risk of dropping data when moving files across partitions using Finder. Time Machine no longer shrieks at huge, single-partition MBR (master boot record) drives and NTFS volumes.

Posted by Tom Yager on November 15, 2007 05:03 PM

November 12, 2007 | Comments: (0)

A little more detail on MacBook Pro recovery

As I related, I have recovered the data from a MacBook Pro that quit working on me a couple of weeks ago, and that I used the ditto command to do it. For the benefit of those more savvy Macheads among my honored readers, I'll offer a few more details on the process and its outcome.

When I discovered that Disk Utility would not create a restorable image of the dead MacBook Pro's internal drive, I fell back to ditto, figuring that to populate the new MacBook Pro with my existing data, I'd have to resort to a cautious, manual transfer to a clean Tiger install of those documents, applications and preferences that I could safely overwrite. I knew that some information that was encoded in binary form would have to be recreated in the application or preference pane that produced it, and that I'd lose the benefit of Migration Assistant's automated upgrade to Leopard.

As it turns out, Migration Assistant transfers files without much concern about the validity of their contents except when data translation is part of the process. When I finished with ditto, I had an OS X Tiger partition that I knew wasn't worth finessing into a bootable state. It might be worthwhile as the source for a Leopard Migration Assistant run. It was, and the result was better than I could have hoped. Most 3rd-party kernel extensions didn't survive the trip, but this gave Migration Assistant no trouble.The sole losses were kernel extensions and license managers and keys.

The lesson here is that a restorable block-by-block partition image need not be your objective in backing up or recovering data. It is okay to write changes to files as they are modified, just as Time Machine does. Time machine can even be outdone by ZFS and overlay mounts.

Whatever you do to back up your data to an external hard drive, don't use USB. Buy enclosures that have USB and FireWire.

Posted by Tom Yager on November 12, 2007 07:44 PM

November 12, 2007 | Comments: (0)

MacBook Pro gremlin vanquished, lessons learned

[accidentally posted with messed-up title to my other blog]

Noting gets my Irish up as quickly as when a hunk of technology takes on the characteristics of a stubborn animal, to wit, one more so than I. It's been the better part of a week struggling, with little success, against some cowardly goblin that infested the innards of the MacBook Pro in my possession, and in the course of his exploits managed to shred months of hard work.

My grief did not immobilize me. I dug through a stack of raw hard drives and found an archive that brought me back to late August. I then resolved to crack, rather, gently open the MacBook Pro's chassis to extract the hard drive to see if it was readable elsewhere. I had assembled the notebook's service manual, the requisite tools and the will for the operation, but Apple's replacement MacBook Pro had just arrived. I went to my office to restore the August backup image onto it, and the most wonderful thing happened: It locked up after the chime, precisely as the dead MacBook Pro had done, and in which state MacBook Pro the elder remained.

I call this a wonderful event, but I didn't think so at the time. I yanked the cables out of both sides of the notebook, reached underneath and ejected the battery like a spent magazine. After a minute's rest, I powered up again and found the new MacBook Pro in good health.

The wonderful part is that in a flash of understanding, I realized three things: The MacBook Pros' USB ports were the proximate cause of death, I might be able to get the dead MacBook Pro to boot from a flyweight FireWire drive, and that if it booted, it would be the last time I'd see that machine alive. While there is no defending this as a product of reason, it played out precisely as I had envisioned it. I was able see the internal drive and image most of its contents to an external FireWire drive, then transfer that to the new MacBook Pro.

Apart from reinforcing my long-standing disrespect for the USB implementation in Intel chipsets, the lesson, the yarn of which is too long to spin, left me with two simple bits of advice, one which you may take or leave, and one you're obliged to keep in mind. I recommend that you use FireWire drives. Apple developed it, they're understandably fussy about its implementation, and FireWire is not part of Intel's chipset. If you need to pull data from a damaged hard drive, don't use Disk Utility; it stops at the first error. Use the command-line utility ditto instead, which will plow through any read errors it encounters and copy everything it can, and with HFS+ metadata intact.

The dead MacBook Pro never boot again, and I don't believe it ever will. It is winging its way back to Cupertino, where it will be thoroughly refurbished and given a new life. I wish it well.

Posted by Tom Yager on November 12, 2007 04:26 PM

October 26, 2007 | Comments: (0)

Leopard Hands-On: The Beginning

As a counterpoint to the crushing disappointment that was Vista, which emerged with only a fraction of its promise intact, Apple's OS X Leopard (10.5) is everything that Steve Jobs said it would become when Apple first placed that first unsteady cub in developers' hands. Leopard is also a thick catalog of inventions and improvements that Steve flat neglected to mention, so thick that Apple had to resort to running the equivalent of a software project change log on its site for marketing purposes. You can't possibly chew through that list. I've been testing and assembling my own list of relevant and remarkable changes in Leopard, a list that speaks to more professional and savvy Mac users as well as those who might switch (or are sure they'll never switch) from Windows and Linux.

I have to start the introduction to this series of hands-on Leopard stories with what I consider to be Leopard's most impressive quality. For its 300 changes since Tiger (OS X 10.4), the line item reading of which provokes a range of reactions from the head nod to the ear-to-ear grin, there is not one ounce of fat, no feature in Leopard that you'd opt to leave on the DVD the next time you install it. Instead, for all that's been added, Leopard remains trim enough to run on a PowerBook G4 with 512 MB of RAM. The very same OS is a robust, Open Group certified 64-bit UNIX when run on Intel Core 2 Duo and PowerPC G5 machines, with no need to buy a special edition. One of Apple's marketing lines says that everyone gets the ultimate edition of Leopard because that's the only edition there is. I'd argue that if Microsoft's Vista product tagging is the basis for comparison, then all Leopard buyers get the 64-bit enterprise edition.

Despite the fact that I'm far past this stage, the first hands-on experiences I can relate involve stability and installation.

If you're eyeing Leopard, one concern that you can cross off your list straight away is stability. I've spent several months working with Leopard as a developer and administrator. I began rolling Leopard into production on MacBook, MacBook Pro, Mac Pro and Xserve Xeon, against Apple's advice but not requiring its consent, at a point well prior to its release. I'd be testing the bounds of non-disclosure to tell you when I felt Leopard hit its stride. Instead, I'll just say that there is no need to obey the standard advice to wait for the first boatload of fixes before buying in. That's true of Windows, and true of Linux, but not Leopard. Leopard shed its training wheels a while ago.

Non-Mac users coming to Leopard will find a really simple, automated install experience, but it is more flexible than before. That's most notable in network configuration, where auto-detection of wired and wireless networks is more accurate. It's easier to enter the SSIDs of private Wi-Fi networks, and you can bypass network configuration entirely. OS X doesn't phone home for authorization, so you can install completely and permanently without exchanging registration info with Apple.

Existing Mac users thinking of taking the leap can safely take ease of upgrades and installation for granted, after they burn their most critical data to DVD or an external hard drive. Migration Assistant, which you can invoke at install time or at your whim later, transfers your user data and applications from Tiger to Leopard after what amounts to a clean install. The Leopard installer will let you do an overlay install, which updates the system software and tries to leave everything else alone. It is impossible to automate all possible cases, but I can't imagine any user who could make Migration Assistant fail. Do be patient, though. Take measures to ensure that Migration Assistant runs uninterrupted, and understand that Migration Assistant's estimated time to completion is a wild guess. In my experience, it finishes sooner than expected.

As a taste of what's to come, I'll spend a few words on what I found to be the most substantial user interface enhancement: Spaces. Spaces gives you multiple virtual desktops, and you can switch among them via the keyboard, Dock or menu bar icon. It isn't fast user switching--all desktops are the same user--but it's more lightweight, and there's no need to enter a password when you switch desktops. The unexpected killer here is that Spaces lets you target specific applications to selected desktops. So, for example, you can arrange things so that Mail always opens in Spaces' second desktop, or you can set up separate developer and productivity desktops.

I'll go on from here through the weekend and into next week. I'm holed up in a hotel doing nothing but Leoparding. To tide you over until my next hands-on dispatch, you'll find one Apple exec's selected Leopard high points in this interview, and my thoughts on Leopard from a technologist's perspective are in my Leopard: A Beautiful Upgrade column. Hang out. You're welcome to the pull-out sofa, and you get used to the noise from the Xserve.

Yes, there will be screens and video. Many, many visuals.

Posted by Tom Yager on October 26, 2007 05:40 PM

October 26, 2007 | Comments: (0)

Leopard blows away expectations

As a counterpoint to the crushing disappointment that was Vista, which emerged with only a fraction of its promise intact, Apple's OS X Leopard (10.5) is everything that Steve Jobs said it would become when Apple first placed that first unsteady cub in developers' hands. Leopard is also a thick catalog of inventions and improvements that Steve flat neglected to mention -- so thick that Apple had to resort to running the equivalent of a software project change log on its site for marketing purposes. You can't chew through that list. I've had months to do it, and I'll hit high points. The ones I choose, not those highlighted by Apple. I'll be on Leopard constantly through the weekend and next week, so while I may be forced to speak to the familiar here and the Mac-curious there, I'll make sure that everyone gets what they need to make informed decisions.

What impresses me most about Leopard is that for its 300 changes since Tiger (OS X 10.4), the line item reading of which provokes a range of reactions from the head nod to the ear-to-ear grin, there is not one ounce of fat, no feature in Leopard that you'd opt to leave on the DVD the next time you install it. Instead, for all that's been added, Leopard remains trim enough to run on a PowerBook G4 with 512MB of RAM. The very same OS is a robust, Open Group certified 64-bit Unix when run on Intel Core 2 Duo and PowerPC G5 machines with no need to buy a special edition. One of Apple's marketing lines says that everyone gets the ultimate edition of Leopard because that's the only edition there is. I'd argue that if Microsoft's Vista product tagging is the basis for comparison, then all Leopard buyers get the 64-bit enterprise edition.

One concern that you can cross off your list is stability. I've spent several months working with Leopard as a developer and administrator. I began rolling it into production, against Apple's advice but not requiring its consent, at a point prior to its release when I judged it stable enough. I'd be pressing against the bounds of the non-disclosure to tell you when I felt Leopard hit its stride. Instead, I'll just say that there is no need to obey the standing advice to wait for the first boatload of fixes before buying in. That's true of Windows, and true of Linux, but not Leopard.

Existing Mac users thinking of taking the leap can safely take ease of upgrades and installation for granted after they burn their most critical data to DVD or an external hard drive. Migration Assistant, which you can invoke at install time or at your whim later, transfers your user data and applications from Tiger to Leopard after what amounts to a clean install. The Leopard installer will let you do an overlay install, which updates the system software and tries to leave everything else alone. It is impossible to automate all possib