It’s time again. I bought my first MacHeist bundle last year. If you’re a Mac user, you owe it to yourself to at least check it out.

MacHeist.

UPDATE!

All of the apps are now unlocked. You have until the end of the day tomorrow to get in on the action. At least 12 apps for only $39. These are fully registered versions of the apps, not crippleware or shareware. You can pick up more (like Delicious Library) if you Tweet about the purchase. If you’re a Mac user, you can’t go wrong getting this bundle.

Included apps are (with their regular retail price):

iSale $39.95
Picturesque $34.95
SousChef $30.00
World of Goo $20.00
PhoneView $19.95
LittleSnapper $39.00
Acorn $49.95
Kinemac $299.00
WireTap Studio $69.00
BoinxTV $199.00
The Hit List $49.95
Espresso $80.00
Cro-Mag Rally $19.95
Times $30.00

Many more details are at the MacHeist site linked above!

I saw this on the “new apps” feed I subscribe to the other day. It just barely became available in the ‘States. The home page is here: FlipContact and the link to the Apple Store is here.

The app allows iPhone users to send their contact info to another iPhone user without wires, WiFi or even cell connectivity. It effectively makes your speaker and mic behave like a modem, sending and receiving the information via sound. It’s not terribly loud, so it’s not quite as annoying as those old modems were on connect. I haven’t tested it in a noisy environment, but since the idea is that phones be placed within an inch of each other, end to end, I don’t imagine any but the loudest of environments would keep this from working.

I tested this at work with one of my co-workers and found it to work quite quickly and effectively. There are other contact “beaming” apps for the iPhone, but all of those require users to be on the same WiFi SSID. This is a great solution to get around this requirement, even if it feels a little 20th century.

It’s true! Just like these people…

Of course, I’m also a Mac.

I haven’t posted anything here for a long while. I’ve been busy living. I recently updated my iPhone to the 2.0 software and yesterday WordPress released a blog client for the iPhone. I had to try it, of course. You tell me — is this going to result in more posts? Or perhaps just short ones occasionally? Time will tell. At any rate, this is being written from my iPhone.

I was awestruck watching this:

This absolutely floored me. I have never thought that I’d be able to truly realize my creative ideas since I haven’t got a lot of time to work on practicing guitar or other instruments. This allows me so much wiggle-room in that department I can even envision creating an entire symphony orchestra from a few samples. This is simply amazing. I can’t wait!

I had some issues with my cable internet service, of late. I took the liberty of taking a screen-cap of the speed test results:

I finally had to call Time Warner to send someone out. I called at approximately 7:30pm, they had someone here at 2:15pm the next day. I am suitably impressed and pleased so far. My signal strength is excellent, so it turns out it’s the cable modem. The service guy replaced it and, well, you can see the results:

I am MOST pleased with RoadRunner’s new 15Mbit/2Mbit service. You can see I get all 2Mbit of my upload speed, and nearly all of my download. Me likey!

By the way, the exceptional ping time on the “before” picture was an anomaly. That tended to be in the 87ms range. Also, the “after” picture was going through my proxy server where the “before” was not. All things considered, keep in mind that this was going through a cable modem, a wi-fi router, 2 GigE switches and a proxy server. That’s a nice ping time by any stretch.

Well, lest anyone forget that I am a computer geek, I must occasionally post something computer related. I have just the thing!

For anyone who uses Apple’s iWeb software to blog, share photos or what-have-you, a recent series of updates were released (first 1.1, then soon thereafter 1.1.1). The kind of errors I encountered were terse and uninformative, Publish Error
An error occurred while publishing file “/Web/Sites/iWeb….. I am not the only one who has had these problems. I now know why. I’m going to share with the world at large my solution.

Please note: This may or may not be the “fix” that others still experiencing difficulty are in needing. This only corrected my problems. Your mileage may vary, most especially because the culprit is:

SQUID CACHING PROXY!

dunh dunh dunh….

I can’t speak for everyone, but my problem was tied to the fact that I run DansGuardian on top of Squid Caching Proxy (if you know anything about DansGuardian, it requires a proxy server to function). For those too busy to follow the links (or those who don’t care), DansGuardian is an internet filter, free for non-commercial use. I have six children at home, so I prefer having a somewhat filtered internet. The system has been effective and generally hasn’t posed any problems.

iWeb reportedly repaired all of the error occurred while publishing problems with 1.1.1 and yet my problems remained. I began to suspect that the problem might not lie within iWeb. I monitored my access.log file in real-time while I attempted to publish my iWeb sites. This is what I found:

Needing more information, I watched the cache.log file and this is what I found:

2006/06/01 19:36:14| parseHttpRequest: Unsupported method 'ACL'

Whoa. I did some digging and discovered that there are several HTTP/1.1 compliant methods for connecting to a web server or service. GET and POST are the most common. A newer extension is PROPFIND (which .Mac uses with WebDAV uploading). However, ACL is not one of the recognized methods, so Squid was killing the attempt to upload. Luckily, squid has a configuration option where you can define up to 20 extended methods.

#  TAG: extension_methods

#       Squid only knows about standardized HTTP request methods.

#       You can add up to 20 additional "extension" methods here.

#

#Default:

# none

So I add a line like this and restart Squid:

extension_methods ACL

I watch the cache.log file this time and iWeb still won’t publish because:

2006/06/01 19:37:34| parseHttpRequest: Unsupported method 'DMMKPATH'

Another one! So now my line in Squid looks like:

extension_methods ACL DMMKPATH

After restarting Squid another time with these new configuration options, much to my relief, iWeb published flawlessly!

So what does this mean for Joe AverageUser? Well, the important information here is simply that iWeb uses some non-typical (at least from an HTTP/1.1 standards point of view) HTTP methods to contact .Mac (namely idisk.mac.com) in order to publish your sites. I’m fairly certain that not every user is going to have a Squid proxy in their basement, leave alone DansGuardian. However, if you have any kind of filtering or proxying between the computer running iWeb and the wide open internet, there is a possibility that these non-standard HTTP methods are being blocked. For all I know, there are even routers that may have this functionality built-in. Possible solutions might include allowing unrestricted access to idisk.mac.com.

As I said before, your mileage may vary. This was my experience, and my solution. If you have any comments or questions go ahead and leave them in the area provided!

Update: There appears to be one more extension method related to iWeb which would be needed.  This is DMINDEX.  This would presumably be DotMacINDEX or something like that.  Anyway, if you’re following this thread or looking for help, there’s the one last thing I can offer.  I credit Michael Newbery with that tidbit.  I must not have been making all of the same calls or I expect I would have seen that one too.

I am more a hardware and operating system hacker than a coder or software tinkerer. When presented with a pile of non- or semi-functional hardware I am often able to compile one or more functional machines from the stack. I haven’t done so in a long time, but I’m back in the saddle again.

I recently purchased an iMac G3 500 from a local surplus sale. It wouldn’t power on, but that’s hardly stopped me before. I tore it apart that same night and found that the primary fuse was blown. A small detour to RadioShack and some re-assembly and I was ready to see if the fuse had simply blown from a minor surge or if more serious damage to the power circuitry had already taken place. The moment of truth arrived and…bzzzorch! I’d let the magic smoke out of the box. So much for that chassis, though I was reasonably sure that the mainboard and the CD-RW drive were still usable.

Fast-forward to this week. I picked up an iMac G3 400 from a school district’s surplus sale. According to the item description the computer seemed to work just fine, though the screen was dim. Something tickled my memory about upgrading to OS X (which the screenshot obviously revealed was installed) and some older machines having problems with onboard video going dark. I figured that a firmware upgrade would correct the problem. But before I did any of that, I cracked open the system and put in the motherboard from the 500. At power-on, I get the nice Apple start-up chime. Fantastic! The mainboard was in great shape! A few seconds later, the screen comes to life in perfect brightness and glory. Two for two! I upgraded the RAM to 512M and put in a 20G drive that already had OS 9 installed. I updated the firmware to the most recent version and Tiger installed flawlessly. I get a 100MHz upgrade, a video RAM upgrade and the machine will work with the onboard monitor, rather than have problems and be tethered to an external monitor.

I still got it…

For those who may be wondering what my total investment was, here’s the breakdown: $25.50 for the iMac 400, $10 for the iMac 500, the RAM and hard disk were pre-existing, so it’s hard to say how much I had to invest there. Not bad for a few dollars and a few hours of my time, eh? A computer that will run OS X 10.4 for under $50, even if it isn’t the fastest, is a pretty neat thing. Security, form and function in a small package that will provide much usability in the form of children’s educational games, etc. I feel good.

Alright, there’s a quote I once heard. I’m sure I’ll slaughter it, but here’s a good paraphrase: Put me in a prison or try to detain me in any way and I will use every device, every artifice at my disposal to try and escape until I’m either dead or free. But draw a circle on the ground around me and obtain a promise from me that I will not leave it under my own volition and I will die before breaking my promise.

This is sort of a similar thing — we have an unlocked house with the doors and windows all open. We can ask people, on their honor, not to go in and break, steal, or vandalize the home. We can also presume that while some will never break that promise, others (according to observed human nature over the last several thousand years) will think nothing of walking in and taking or breaking things. If we can assume that a certain percentage will always violate an implicit trust and, if the contents of the metaphoric house are of any value we should do something to protect them, rather than leave the “barn door open.”

This brings us to the story for today:

CNN.com – Harmless hackers or—teen criminals? – Aug 9, 2005

The trouble began last fall after the district issued some 600 Apple iBook laptops to every student at the high school about 50 miles northwest of Philadelphia. The computers were loaded with a filtering program that limited Internet access. They also had software that let administrators see what students were viewing on their screens.

But those barriers proved easily surmountable: The administrative password that allowed students to reconfigure computers and obtain unrestricted Internet access was easy to obtain. A shortened version of the school’s street address, the password was taped to the backs of the computers. (Emphasis added)

Now, please tell me you didn’t think this was out of the ordinary because it really isn’t. This tells me that the person or admin who set these systems up with such a trivial password was naïve, too trusting that the students would never even try to hack into the system, woefully ignorant of dictionary-based password cracking tools power, stupid, or a combination of any or all of the above. Oh, yeah, you need to see this bit too:

Some students also turned off the remote monitoring function and turned the tables on their elders — using it to view administrators’ own computer screens.

The administrative password on some laptops was subsequently changed, but some students got hold of that one, too, and decrypted it with a password-cracking program they found on the Internet.

I must confess that if these students were told not to tamper with the laptops or the administration thereof they’ve committed an offense of some kind. I’m not going to try to speculate what that ought to be, nor will I try to sugar-coat this and say, “they’re just kids.” Wrong is still wrong.

That said, the people who set this up should be in nearly as much if not more trouble than the perpetrators. It is your job as an admin to select non-trivial passwords and to test them against dictionary-type cracking tools. If you can’t do this much, you’re not a good candidate for a senior-level admin, leave alone a security expert.

Come on, people! If you want good security and administration either 1) pay for it, or 2) beg for it — there’s bound to be a knowlegeable parent somewhere in the district who would be happy to donate some time as a consultant to verify the security measures. Not doing this sort of thing is just like leaving the house unlocked with the windows open expecting that people will just mind their own business and not intrude or pilfer things.

This is one of the chief reasons why technology in the classroom is such a loaded topic. It can be a wonderful resource. It can also be a terrible distraction. It can also become a security headache and no more useful than a doorstop when teachers cannot keep the students from using them when they should not or in proscribed ways.

Remember, dear readers, that a good SysAdmin really is worth his or her salt.

Can you believe this?! Microsoft hasn’t even released Vista (the erstwhile Longhorn) yet and someone’s already writing proto-viruses for it! So much for Windows security, huh?

Hasta la Vista, baby | The Register

Virus writers have created proof of concept viruses targeting the scripting language behind prototype versions of Vista, the next version of Windows. An Austrian virus writer has published five simple viruses targeting Microsoft Command Shell (MSH), the command line interface and scripting language, in a virus writing magazine.

I will still only believe this when it is announced by Steve Jobs himself. Nevertheless…

Apple has used IBM’s PowerPC processors since 1994, but will begin a phased transition to Intel’s chips, sources familiar with the situation said. Apple plans to move lower-end computers such as the Mac Mini to Intel chips in mid-2006 and higher-end models such as the Power Mac in mid-2007, sources said.

My new found love for the Mac platform is not hardware dependent. Not hardly. In fact, if Mac OS X begins shipping in such a way as to be installable on nearly any old x86 machine, Microsoft better have a lot up its sleeves. The customers will start flocking like flies to a midden heap.

Is this strange news compelling and exciting, or terrifying, or both? It could signal the next step in Apple’s evolution. Mac OS X can be almost 100% platform agnostic. Only kernel CPU optimizations and other obscure hardware related measures would need to be altered for OS X to function identically on x86 hardware. For all intents and purposes, I think that the BIOS setup screen would finally have to be dealt with. The forth-based open firmware would be a welcome addition to the x86 universe. Though Apple may be using x86 processors, it doesn’t mean that the remaining legacies of the PC world will come with.

Dollars to doughnuts, Apple has already demonstrated proof-of-concept OS X on x86. It’s as easy as a cross-compile. Some of the other amazing measures that this move may bring is WINE on OS X. Think about it: What are the three things that keep people from jumping ship in the Windows world? Cost of hardware replacement, cost of software replacement, and cost of re-learning how to use the system. Theoretically, if one could run Windows apps on Mac OS X without having to use an emulator to translate between instruction sets, the Windows apps could run as fast as they would in Windows on a machine configured identically. Extend this theory to include the possibility that OS X could install on certain configurations of existing x86 hardware and, suddenly, two out of the three major objections to migrating to OS X are obviated. This could deal a major blow to the Windows world.

At the same time, this represents a mixed bag of puzzles for the Linux world. The theoretic ability (and don’t doubt that it’s a major hurdle, but one that would have to be addressed to really make this viable) to run and install Windows apps without an emulator would almost instantaneously vault OS X into corporate desktops everywhere, leapfrogging Linux. At the same time, though, it can also boost Linux because of a common UNIX heritage.

Only time will tell, as I said. It will irritate a great many Apple users, because software will be platform dependent for a while — likely a very long while. As long as there are Apple users holding on to perfectly viable PowerPC based computers, Apple will be obliged to provide both support and software updates for them. It will likely be an ugly transition. If it goes well, however, Apple stands to slingshot into the forefront of the desktop computing universe in very short order.

How’d you like to become part of a botnet?

Bagle variants punch, punch and punch again

The latest variants of the Bagle worm have alarmed antivirus companies because of the multiple-stage process they use to attack PCs.

Multi-stage? What does that mean?

Stage 1. End user clicks on innocuous-seeming attachment. Worm spawns itself to everyone in address book.
Stage 2. Worm downloads a Trojan to the infected machine. The Trojan in question is designed to prevent antivirus software updates as well as prevents access to Microsoft Windows updates online.
Stage 3. Worm downloads a second Trojan. The second Trojan disables firewalls and antivirus software, effectively lowering the drawbridge and allowing any other number of viruses, worms and Trojans into your icky, vulnerable PC.

As a consequence, your machine is, as we geeks would say, “0wn3d.” Malefactors now have the full run of your machine and all its contents, including sensitive identity information and financials you may have stored on your computer. A dismal picture, to be sure. Well informed and educated users, as always, have relatively little to fear. However, can you be sure that others who use your computer are as capable of avoiding this threat?

While it is technically accurate to say that Mac OS X is vulnerable, or that any modern operating system is for that matter, it is also accurate to say that no virus or worm for Mac OS X has ever been found in the wild. The Opener Trojan is hardly a wild threat, and can only be installed by someone willing to enter an administrative-level password. The only vectors it seems to use are all piggy-backs through software which may be of dubious origin, thereby limiting its infection rate substantially. No one got the Opener via email. As such, it hardly falls under the same category as the above mentioned.

In light of these things, this is a good time for you Windows users to head to your nearest Apple store, and barring that, CompUSA or another Apple Certified Reseller. You could drop in to BestBuy and pick up a Mac mini for as little as $449. You’d get a cute, for-all-purposes silent computer that is 100% safe from the world of Windows viruses, and you could take your first steps into a new world of computing.

You could game the system. You can continue to wrestle your PC into submission. You can also stop beating yourself up and save yourself some time and effort and let your computer be the tool you bought it to be. Buy a Mac, save time and effort. It really is that simple.

Well, the switching to the Mac platform part, anyway.

Mad as hell, switching to Mac

Here’s my answer to the WinTel problem: We need an open Simple Operating System (SOS) that meets the needs of the majority of people who buy PCs for everyday home and enterprise tasks. Get rid of the complexity and simplify the interface between SOS, BIOS and hardware. In other words, KISS. You know what it means. KISS SOS.

Because SOS doesn’t exist yet, my company has given up on WinTel. We have successfully moved to Mac in less than two days. Think about it: a security-friendly alternative that works and doesn’t require gobs of third-party utilities to safely perform the most mundane tasks. Please follow the details of our experiment at securityawareness.blogspot.com. It’s already way more interesting than I thought it would be.

(Emphasis mine)

I have no idea how large this company is, or how many users, or which applications they use. What I do know, however, is that switching to the Mac is not nearly as difficult as people believe. An entire company switched over in two days? That’s still a major feat in a company with only five employees.

Come to the Mac side of the force. It is your destiny. Search your feelings…you know it to be true.

Yes, indeed! I’m talking about Mac OS X 10.4 Tiger. I have been running it on my Mac mini since Friday night.

For those who are curious, my upgrade proceedure was to back up /Users via my normal rdiff-backup and do a clean install. After the clean install, I recreated each account in order to keep the UID:GID the same as before. Once the accounts were recreated I restored the /Users content and did some testing. So far we haven’t had any issues at all. My one and only complaint stems from a lost functionality that existed in later versions of 10.3 (Panther) in iTunes. Before Panther only one instance of iTunes could play at a time. If fast user switching was utilized while any user was playing music, the music continued. This was new functionality in Panther, but Tiger seems to have reverted back to the earlier Panther behavior, which was to pause or halt playback until the original user logged back in. In its defense, Tiger does continue play if iTunes was streaming to an Airport Express device. Nevertheless, we became enamored of the ability for tunes to be playing while another user quickly logged in and checked his or her email. Now this doesn’t work anymore. Fix it, Apple!

This said, that’s really my only beef with Tiger so far. Everyone else loves the improved UI speed, Safari page load speed, Spotlight search speed, power-on to accessible time, etc. I’ve had no issues with programs not re-installing, either. Only thing I haven’t tried yet is the scanner. Shouldn’t be an issue.