Sunday, April 29, 2007

Reaching for Nerdvana: Integrating family and work calendars

Can I reach nerdvana? Can I manage calendars for every family member, keeping them all as private as digital can be, and also integrate my work calendar while allowing each calendar to be viewed and edited on a PDA?

Not yet, but we're getting close. The secret sauce so far is Google Apps for our family, Spanning Sync, SyncMyCal, Outlook 2003 at home and office, iCal, my wife's beloved but aging Samsung (PalmOS) i500, Missing Sync for Palm OS, and my battered and broken Palm Tungsten E|2. My demon-spawned Motorola RAZR is not invited, there's a seat waiting for the iPhone.

Here's the situation so far:
  • Google Calendar on our family domain. The domain means I can easily share calendars internally without exposing them.
  • In Google Calendar: a work and home calendar for me, a home calendar for my wife, child calendars to come. My calendar view includes my two calendars and my wifes.
  • iCal is a natural fit to Google Calendar (gCal), so I create corresponding calendars on iCal for my wife and I on our shared home desktop. For example, my iCal desktop my personal, my work, my wife's personal, etc.
  • Spanning Sync allows me to sync each of my iCal calenders to the corresponding gCal calendars, so we're in great shape on the Macs. gCal is the source of truth, but we can view the composite calendars on my MacBook as well.
  • My personal Palm syncs to XP Outlook, so I need an Outlook to Palm solution. I'm testing SyncMyCal. So far, it's ok. Even handled some calendar name changes I threw at it. I need it because I want control over sync direction, only SyncMyCal offers that. Outlook is a weak match to gCal and SyncMyCal is not as sophisticated as Spanning Sync -- so I sync only my Personal calendar to gCal Personal and and to my Palm.
  • The last step will be to instal SyncMyCal at work, so my work calendar will sync unidirectionally to gCal, bidirectionally to Exchange Server, and unidirectionally to another kludgy app I run on the Palm. [My work calendar uses every advanced feature of Outlook and Exchange server, I don't dare enable bidirectional sync to the much simpler gCal data model.]
If the last step works, I'll have achieved 90% of nerdvana ...

Update 4/30/07: I ran into a roadblock on my journey to nerdvana [1] while testing SyncMyCal. The problem sounds a bit like this one, but I don't use ActiveSync. I do use Palm's Outlook sync conduits (HotSync Manager) and I also use a no-longer-supported .NET-requiring Outlook plug-in called Lookout for Outlook.

In my case I had two problems occur around the same time:
  1. HotSync Manager stopped responding. This happens every week or two anyway, so I don't give it enormous weight. I killed the stuck process in XP's process list and restarted it and it worked.

  2. After #1 the SyncMyCal toolbar vanished from Outlook and a restart didn't bring it back.
This won't be easy to debug -- I wonder about one of those infamous .NET-version conflict problems. I'll contact the SyncMyCal authors and see if they're interested in tackling this with me. If not I'll contact the gSyncIt folks and see if they're interested in supporting unidirectional sync (a mandatory requirement for me).

I'll update this post if/when I make substantial progress.


[1] Hardly surprising. When one creates a dependency chain of unreliable software components the probability that everything will work starts to get pretty low.

Update 5/7/07: SyncMyCal flopped for me. The install on my home machine was troubled, but I followed the vendor's FAQ directions and I was able to enable the plug-in. It worked at home for a week, so I tried it at work (Outlook Pro 2003 w/ Exchange environment). It crashed Outlook 2003 on startup. I tried a few times w/ rebooting etc, but it crashed every time.

I have sympathy for the vendor -- installing this type of functionality into Outlook 2003 is, I wager, a nightmare. I use 'Lookout for Outlook' at work and at home, and that's an unsupported plug-in now -- but I deeply depend on it. Outlook 2007 is incompatible with Lookout, so when we switch to 2007 I might try SyncMyCal again.

In the meantime, I'll try gSyncIt at home ...

Update 9/8/07: A blog dedicated to calendar interoperability ...

Update 9/6/09: I did eventually get this all sorted out! Actually, several times, since it changes every few months. There are some hints in this 2009 post. I have a unified work/home/family calendar now on both my iPhone and Google. I don't use OS X desktop iCal at all any more.

Apple fixes suicidal batteries?

I wonder if this is related to the peculiar phenomenon of perfectly healthy MacBook batteries abruptly showing the "Dead X" icon, possibly in association with use of Parallels ...
Apple releases MacBook battery update | Reg Hardware

Apple is recommending an update be installed on all MacBook and MacBook Pro computers and extra batteries purchased between February 2006 and April 2007...

...According to Apple, there are factors causing performance issues in the batteries which do not present a safety risk....

After you've installed the update, if your battery still has the following symptoms, contact Apple for a free replacement:

* Battery is not recognized causing an "X" to appear in the battery icon in the Finder menu bar.
* Battery will not charge when computer is plugged into AC power.
* Battery exhibits low charge capacity/runtime when using a fully charged battery with a battery cycle count (as shown in System Profiler) of less than 300.
* Battery pack is visibly deformed [Reporter's note: Somehow I doubt a software update will fix this guy.]

Apple is also extending the repair coverage program for MacBook and MacBook Pro systems batteries with Intel Core Duo processors for up to two years from the date of purchase.
The warrantee extension suggests that some behavior was prematurely aging batteries.

Google Apps for our family

If Apple had decided they wanted our business, we'd have built our family portal solution around .Mac (dotMac). Alas, Apple decided they needed to focus on other projects; .Mac has languished for years.

The next best option is Google Apps. Email that integrates seamlessly with desktop email (no imap yet), Page Creator, Docs and Spreadsheets (soon presentation), Chat, Control panel - it's a persuasive suite backed the most powerful and fastest thinking megacorp in history. I assume they'll integrate Picasa web albums into their emergent family solution and it will be a small step towards their personal health record solution.

The cost is low -- basically $10 a year for their eNom managed integrated domain. I have the domain, but it's awkward to switch over. I decided for now to create a new family domain.

Now I'll see how well various outlook and iCal sync to Google Calendar solutions really work. There is still the nerdvana of an integrated family and work/home calendar solution in my dreams ....

PS. Privacy? Surely you joke. That battle was lost in America 15 years ago. If you want privacy, use paper.

Friday, April 27, 2007

Dina Dai Zovi: how to secure your OS X machine

DF has a terrific interview online with Dino Dai Zovi. Mr. Dai Zovi demonstrated that he could create a serious exploit on an OS X machine within 12 hours of being invited to do so. That's more than a bit impressive. It is, of course, supremely unlikely that he's located the only such vulnerability. It's possible that OS X is just incredibly vulnerable, but I think few believe that. The take home message for me is that most computers on public networks are quite vulnerable. I hope Schneier will write his own comment.

In the course of the interview Dai Zovi also provided some handy security advice for users and free advice to Apple. I was reassured to learn that I already follow some of it, but I will move some passwords to a new keychain with a timeout. Emphases mine:
Daring Fireball: Interview: Dino Dai Zovi

... I take some extra security precautions such as always running as a non-admin account, using separate encrypted disk images and keychains for different purposes, and isolating data on different machines. I also take some extra precautions that I’m not going to advertise publicly :). I do not, however, run any commercial anti-virus packages.

Gruber: Are there any precautions you think typical Mac users should take that they aren’t now?

Dai Zovi: I would recommend they make their primary user account a non-admin user, I think that is a reasonable compromise between usability and security. I would also recommend that more security-conscious users create a separate keychain with a 5 minute timeout for important passwords. Even if the user is using FileVault, a separate encrypted disk image for sensitive financial or personal documents is another simple and prudent measure to protect your personal information.

Gruber: Do you use FileVault? I don’t. I do store financial and private information on encrypted disk images, but I’m wary of storing my entire home directory on one. I feel like I’m far more likely to run into problems with my disk than I am to run into a security problem, and FileVault can make it harder to recover files if things go south with the drive.

Dai Zovi: I had previously used FileVault on my laptops without much incident when I was traveling and doing consulting. These days, I am no longer doing consulting and traveling less, so I am not using it. I do still use separate encrypted disk images for different types of data.

Gruber: I’ve heard claims that there exist a handful of known Mac OS X exploits amongst security experts. Do you believe – or know – this to be the case?

Dai Zovi: Security experts quite often have exploits for vulnerabilities that they have discovered and the vendor is in the progress of addressing. Some others choose not to report the vulnerabilities that they find. So I would not be surprised if there were a number of OS X exploits floating around, I have already seen evidence of this in the past (i.e. the mach exception ports exploit)...

... Gruber: You had nice things to say in your interview with Ryan Naraine about your experience reporting findings to Apple. Do you think there’s anything Apple should do different with Mac OS X itself that would improve security? (E.g. do you think Apple should change the first-run configuration UI so as to encourage users to create non-admin accounts?)

Dai Zovi: I think Apple is to be commended for proactively releasing updates for internally identified security vulnerabilities, which is a stance that few other software vendors take. Apple should implement some of the security defenses that other operating systems have adopted [jf: I think this includes Vista] such as Address Space Layout Randomization and other stack and heap protections. I think Apple should provide the option to create both admin and non-admin accounts in the first run as well as make it easier to store passwords in non-login keychains.

Wednesday, April 25, 2007

Automated defrag in XP out of the box

Nice to know XP can auto-defrag without any add-ons: Mozy Blog: Defrag the Mozy Way

Joel on VBA for Macintosh and the Office alternatives

Another example of Microsoft on the skids: VBA for Macintosh goes away (Joel on Software).

Joel wrote the spec for VBA. It was a lock-in strategy from start, which is no surprise of course. The loss of VBA on the Mac won't have much impact on most users of Office/Mac, but Joel's story is interesting for several reasons:
1. It's a story about Microsoft's only great product - Excel.
2. Joel's a longtime supporter of Microsoft as a company (he grew up there) and even he's advising friends to avoid Vista at this time.
3. He gets fed up with Office 2007.
Most Mac users who really need Office are going to run Office Pro/Windows in emulation under Windows 2000 or XP. I don't care so much about VBA, but I need Microsoft Access.

Mac users who want a quality word processor should probably use Nisus Writer Express (Pro is in beta). Every other product that works well on the Mac uses a lock-in proprietary file format or an (unfortunately) little supported open alternative. NWE uses RTF.

For presentations, if you can escape PowerPoint (few can) I hear Keynote is good. For an end-user non-pro database you're limited to Filemaker (kind of hurting really). For a spreadsheet you can, err, uhhh, hmmm. That' s a problem, isn't it? When I started writing this post I didn't know of any. I decided to research the question first ...

I was able to find 6 alternatives, not counting OpenOffice since it still requires an X Window front-end:
  1. AppleWorks if you can find a copy (runs in cpu emulation on intel macs)
  2. MarinerCalc 5.5.1
  3. Google Apps with Firefox/Camino (not Safari)
  4. Tables
  5. Mesa (NextStep originally) is still around and is a universal binary
  6. NeoOffice: (update 5/29/07: I tried the spreadsheet with a modestly large data series. It died trying to create a chart. It's not a real contender.)

Tuesday, April 24, 2007

Spanning Sync on multiple macs

This description of Spanning Sync makes me wonder again if we can use it for a family calendar. I still need a good solution for synchronizing Google Calendar with Outlook ...
Spanning Sync Blog: Using Spanning Sync with Multiple Macs:

...To set up Spanning Sync on multiple Macs, first download and install it on one machine, login using your Google account, pair your iCal and Google calendars, and perform a sync. At this point, Google Calendar will have a copy of all of your events.

Then on each of your other Macs, create an empty iCal calendar for each calendar you're syncing. Install Spanning Sync and login with the same Google account, then pair the appropriate Google calendars with the empty iCal calendars and sync. From this point on, changes you make in iCal on any of your computers will be synchronized with Google Calendar and with your other Macs.

Remember that since Spanning Sync is licensed per-person and not per-Mac, you can install it on as many Macs as you like—just login using the same Google account on each one...
I will test this at home first ...

Update: I created a family domain for Google Apps and added both my wife and I to the domain. I've tested spanning sync and am now trying SyncMyCal and gSyncit. Gsyncit is bidirectional, which I don't want for work, so I'll try SyncMyCal first.

Coda and Fission: Nice action on the OS X app front

OS X 10.5 is MIA [1] and so is iWorks 3 (OS X spreadsheet), Aperture 2 (working date metadata and faster than a dead slug), iLife 2007 (2008?), Safari 3 (a modern browser?), a blog editor, .Mac that's worth something ... argh. There's no putting a pretty face on it, Apple seems to have taken 2007 off to work on my iPhone.

So it's especially good news to hear of two very interesting OS X product releases: Coda (DF review) and Fisson. Nisus Professional for OS X is also in beta and OpenOffice is supposed to come out for OS X (no X Windows) this summer.

[1] I worry about the Fall delivery considering the challenge of iPhone -- when big projects slip once they almost always slip three times. By that rule 10.5 will come in 2008.

Monday, April 23, 2007

A cause for the pesky -36 error with SMB connections

I get these on occasion, though I do much less with XP these days ...
Mac OS X 10.4: Error -36 alert displays when connecting to a Windows server

Mac OS X 10.4: Error -36 alert displays when connecting to a Samba or Windows server

After upgrading from Mac OS X 10.3.x to Mac OS X 10.4, you may get an error message when you try to connect to a Samba or Windows (SMB/CIFS) server. A Samba or Windows (SMB/CIFS) server includes servers operating on Microsoft Windows and other operating systems that use Samba for SMB/CIFS services.

If the connection is unsuccessful, the following error message may appear:

The Finder cannot complete the operation because some of the data in smb://........ could not be read or written. (Error code -36).

If you check the Console (/Applications/Utilities/), you will also see this error message:

mount_smbfs: session setup phase failed

This error can occur if your Mac OS X 10.4 client is trying to connect to a Samba or Windows (SMB/CIFS) server that only supports plain text passwords. If you do not see the above message in the Console, you are not experiencing this issue and should try normal troubleshooting to isolate the source of the issue.

Unlike Mac OS X 10.3, the Mac OS X 10.4 SMB/CIFS client by default only supports encrypted passwords. Most modern Samba or Windows (SMB/CIFS) servers use encrypted passwords by default, while some Samba servers might have to be reconfigured.

You should consider contacting the owner or system administrator of the Samba or Windows (SMB/CIFS) server to which you are trying to connect and encourage them to disable plain text passwords and start using encrypted ones. If the server cannot be reconfigured to support encrypted passwords, you can configure Mac OS X 10.4 SMB/CIFS client to send plain text passwords.
I think XP only uses encrypted passwords, but I'll check.

Rescue Kodak Photo CDs from oblivion with iPhoto

iPhoto can import obsolete Kodak Photo CD file formats. Neat trick! Another lesson in the risks of proprietary file formats. In ten years there may be nothing that can read these old formats.

Controlling drive mounting dependencies: iTunes example

Make sure iTunes mounts a networked music library is a hint with a clever technique embedded. If you want to require a drive be mounted before an application (such as iTunes) is used, then put an alias on the application on the mounted drive, then put the alias on your Doc. Clicking on the alias will only work if the drive can first mount.

Saturday, April 21, 2007

PodCorps, and

Two interesting connections from one Udell post:
1. PodCorps and bring lectures on special needs children to those who cannot attend. (My post based on Udell's PodCorps notice.)
2. A user generated events calendar, also used to summon the PodCorps. (Pod people?) There have been zillions of these, most famously I don't know why this one is fashionable, but there you go. I'll try promoting some of the Minnesota Inline Skating Club outings through these two and see what happens.

Thursday, April 19, 2007

Google owns my web history

Another thread is tying me to my Google (Gmail) identity and to Firefox. I've given Google the right to track and record every web page I visit using Firefox with the Google toolbar installed and PageRank enabled:
Official Google Blog: Your slice of the web

...Today, we're pleased to announce the launch of Web History, a new feature for Google Account users that makes it easy to view and search across the pages you've visited. If you remember seeing something online, you'll be able to find it faster and from any computer with Web History. Web History lets you look back in time, revisit the sites you've browsed, and search over the full text of pages you've seen. It's your slice of the web, at your fingertips.
To get full value I have to use Firefox and the Google toolbar on every machine, and I have to be logged into Gmail. Quite a powerful connection ...

OS X modifier keys: organized by key type

Another list of Apple's modifier key combinations, this one organized by key: A long list of modifier key tricks

It's not that long really, and must be quite incomplete. On the other hand, cmd-click-dock item to show in Finder was new to me. I'll keep it around.

How does one really hack a system?

CH reviews a book that categorizes software errors: Coding Horror: Sins of Software Security. He then provides a count of how often each has been exploited (over 3,000 times for buffer overflows). If you know a bit of C programming, then it's all very readable and it makes clear why so much software is so vulnerable. Ahh, if only we'd never left Pascal ...

Wednesday, April 18, 2007

iStock Photo: $2 to $4 per image

I read about in an article about globalization and crowdsourcing. These inexpensive photos look like they'd be great for desktop backgrounds (I use black and white images with limited white areas for my wallpaper so I can see icons) or presentations. Sure, you can find photos for free using Google, Flickr, etc -- but these are pretty nice quality. Might be worth a few dollars to save search time.

Monday, April 16, 2007

Ports: a handy reference for firewall work

"Well Known" TCP and UDP Ports Used By Apple Software Products lists the port, protocol and service. A handy reference, even if it's dated in places (Retrospect is no longer Dantz).

WordPress: the blogging platform of the moment

I've suffered with Blogger for years, while competitors waxed and waned. Blogger is getting more tolerable, but WordPress is the fashionable place these days. I opened an account and played with it a bit. It doesn't have much more Safari support than Blogger, but it's a strong competitor for Firefox clients and I think it has a more stable API than Blogger. I was very impressed by the import/export facilities, WordPress is not afraid to let their customers free.

I'll keep playing with it, though if Blogger improves their BlogThis! client I'll probably stay with Blogger.

Blogger BlogThis!: Drag and drop URLs

This works in the Firefox rich text field that one sees when using BlogThis! in rich-text mode:
1. View a page in Firefox
2. Click on icon displayed next to URL in the url field.
3. Drag and drop into the editing area. A link appears.
It would, of course, be better if the URL was assigned given the page title [1], but I can live with this. I've not seen it mentioned anywhere, though it's a hard topic to search on. I'm sure it's a general property of the Firefox rich text editor. It's a significant time saver.

Incidentally, Blogger 2.0 with Firefox's [2] impressive integrated spell-checking is a qualitative improvement on Blogger 1.0. I've been reluctant to declare that since I've been burned so often by Blogger! Alas, BlogThis! is still stuck in the dark ages; it doesn't support tags. I've got my fingers crossed for BlogThis! 2.0 sometime soon.

[1] Internet Explorer may use the page title, Microsoft Live Writer uses the page title as does old FrontPage 98 (which I still use - it was a good application then).
[2] Don't even think of using Safari.

Sunday, April 15, 2007

iWorks MIA: OpenOffice and NeoOffice

It's been years since AppleWorks was retired, but there's still no full replacement. Apple's 10.5 delay bodes poorly for anything soon.

Time to look again at NeoOffice and OpenOffice.

NeoOffice is now on version 2.1. It's still Java based, but it has an Aqua UI and doesn't require X11. NeoOffice has been ailing ever since Apple deprecated Java as a development environment, but the small team of international volunteers is still working on it. I'll test it out, being sure to install the most recent patches. It now comes with an app that installs support for Spotlight search of OpenOffice document formats.

OpenOffice 2.2 is still dependent on X11, so it's not a consideration for our home. However, there's a tentative date for a true OS X version: Digg - Timetable Announced For Native Aqua OpenOffice - Public Release in May

OpenOffice has a very well done Wiki on the Aqua (not Cocoa!) project, including minutes from the March 30th meeting. It's encouraging news, suggesting there might be something we'd use ready for late summer. I wouldn't consider replacing Nisus Writer Express, which has been excellent (Nisus Writer Pro is in beta now), but a decent Excel clone and PowerPoint reader would be very helpful. Note that "Aqua" doesn't mean OpenOffice will become a full fledged Cocoa application with services integration, system spell checking, etc. It won't show off the (aging) advantages of OS X as well as NWE or even iWorks.

Friday, April 13, 2007

OS X: Creating a "parents only" shared folder

It began innocently enough.

I needed to move the family share off an old XP box and onto our iMac. We needed a Parents-only folder that would be shared on the network and accessible for each Parental-unit on the iMac. Print services are via a networked Brother MFC and the 802.11b/g Airport Extreme, they would not change.

The journey passed through dark places. Along the way I learned:
  • Mac Classic, and Windows 95, 98, ME, NT and 2K, were all better designed for small network file sharing than OS X. I'm not sure even XP Pro isn't better designed than OS X for this particular task. The Users and Groups functionality of Mac Classic is only available in OS X server. (Same thing happened to that function between Windows 98 and XP.)

  • You can't share the Shared Folder. (!) (Unless you use SharePoints, see below.)

  • The NetInfo Manager is largely undocumented and the user interface is broken (are you sure you know what you're deleting? Do you know when there's a confirmation dialog and when there isn't). (The only documentation I could find was Apple's PDF. [1]

  • The 10.2 edition of David Pogue's Mac OS X The Missing Manual has dangerously incorrect advice for using NetInfo Manager

  • SharePoints is a bit crude and it's dangerous, but it works well for adding a Parent group. When I donate I'll suggest some UI tweaks. The author's web site has an Amazon donation box.

  • If you want to do this the authorized way you either need to buy OS X server (!) or, maybe, you can buy the new Airport Extreme and a USB share (slow, slow, slow).
This is what I thought I'd do:
  • Create a Group called "parents" and add the two parental users to it using NetInfo Manager per Pogue's explanations
  • Create a folder in the Shared Folder called "Parents" and change the Group access to Parents with read/write privileges.
This is the next best thing I came up with:
  • Created a folder called "Parents" in the Public folder associated with my wife's account on the iMac
  • Used SharePoints to create a Group called "parents" with two user members.
  • Used Get Info to give the group "parents" read/write access to the folder "Parents"
To access Parents I need to authenticate with the iMac using my wife's username and password. That would be a problem if she wanted control over her own password. In that case I'd have to either use SharePoints to create a new common networked share (point) or I'd have to create a new user with a password we could share and make the Public folder read/write.


BTW, here's the problem with the 10.2 edition of David Pogue's Mac OS X The Missing Manual. In that edition he recommends duplicating the Administrator group as the starting point for a new share. The problem is that the Administrator group has some extra attributes associated with it that, I suspect, are used by AFP file sharing. They aren't part of a standard Group created by SharePoints or OS X server. The result is that any user member of the new, derived, group has occult admin privileges. If they try to access a denied folder, they have the right to authenticate as an admin. This is bad. Of course maybe it did work safely in 10.2, I don't have the 10.4 edition of his book. I'll write and ask him if it's been fixed.

[1] I've been reading through the PDF. NetInfo Manager is an antique. It uses sequential integers as user IDs rather than GUIDs (globally unique identifiers) and advises strategies like "reserve range". Brrrr. Reminds me of Disco. I've read blase responses to Apple's 10.5 shipping delay, but I think the reactions are too complacent. OS X still has one foot firmly stuck in the 1970s, it needs some serious upgrades.

Update 4/14/07: It was nasty to setup (thank you SharePoints), but it is sweet. The Mac clients connect pretty seamlessly to the server, with no sleep/wake connection issues. I enabled SMB sharing for my OS X account (only) and that works very well. Interestingly OS X 10.4.9 Sharing specifies an IP address for the iMac, but while I was playing around with browsing the workgroup from my XP box the server appeared as if by magic. I'm not quite sure how that happened. The iMac shows up as \\BIGMAC\jfaughnan, probably because I'd installed Apple's Bonjour on the XP box. (Note I'd previously set the Mac to use my SMB workgroup name, using the obscure setting in the extraordinarily obscure Directory Access utility.

Thursday, April 12, 2007

Microsoft OneCare dies: XP hangs by a thread

About seven months ago, when Norton Antivirus came up for renewal, I switched to Windows/Microsoft Live OneCare. I was tired of quality and performance issues with NAV. I figured Microsoft, since they owned the OS, would manage the performance/reliability issues better. I thought Microsoft couldn't screw it up.

Wrong. First, the sign-up process was amazingly buggy. Then, from the first day of use OneCare flagged many benign files as suspicious. More recently an update failure uncovered a disturbing number of red flags. Yesterday, OneCare went over the edge.

I'd seen an update notice when I shut down the day before. When I restarted yesterday morning I received the dreaded "memory could not be read" svchost.exe startup message. This is Microsoft's singularly unhelpful way of saying something is wrong with deep in the bowels of the services that underlie XP. In the past it has appeared after I've installed an Office update (due to an egregious and longstanding bug in the Office updater).

This time the problems were deep. I could only use the machine for a few minutes before it became unresponsive. On a power down and restart I couldn't get past the 'applying settings' part of a login, I had to do a soft boot to get further.

I suspected a drive error, but a drive scan was clean. I though of rolling back to a prior system restore, but I discovered I'd disabled system restore when fixing up an old XP problem and forgotten to restore it. I didn't want to reinstall the OS, so my next step was to try uninstalling badly behaved software.

Two applications were at the top of my list. Windows Live OneCare and Adobe Acrobat Professional (AAP has a famously badly behaved updater). I started with OneCare.

That did the trick. Once I'd uninstalled OneCare every problem went away. I purged Windows Defender for good measure.

I didn't like NAV, so what should I do for antiviral software now?

Well, let's assess the risks. I'm the only user of this machine and my email is filtered by an average of three different layers of antiviral filtering (spamcop, gmail and visi). I don't install any new Windows software of any sort on this machine, I do almost all my work on one of our ultra-reliable trouble-free OS X machines. I have an automated nightly backup system. I use Firefox, not IE. My network is behind two different NAT router/firewalls with different vendors and my wireless network is WPA2 with a strong password.

Screw it. OneCare is a far greater risk to me than the world of viruses and NAV is in the same league. I'm going "bare".

Meanwhile, I'm going to start moving the file sharing function off this old box onto the iMac. I run Parallels/Win2K on my MacBook for the rare Windows app I need (Microsoft Access a few sundry others), it might be time to donate my one remaining PC use the MacBook as my desktop.

Update 4/13/07: There's one other bad actor in my software collection -- Dantz (now EMC) Retrospect Professional for Windows. If I had to guess what went badly wrong in my XP install, I would look first at some interaction between Retrospect, OneCare, Microsoft Update and maybe one or two other variables. Mercifully, I don't need to bother pursuing this one any further. Retrospect Pro is the main reason I keep the XP box running, so when I eliminate the box I'll dump Retrospect Pro as well. (EMC, somewhat tardily, has begun offering trial versions of Retrospect. I will test their Retrospect Desktop for OS X network backup product and report on my experiences. I'd hoped to test EMC's mettle by seeing how well and quickly they supported OS X 10.5, but the delay to that release means I'll have to try them on 10.4 instead).

Update 4/21/07: It's one thing to uninstall OneCare, another to kill the OneCare account. The account auto-renews forever. You can't change this online, you have to phone Microsoft to cancel. I tried this tonight. The phone rang a bit, then came a voice .. "Microsoft is closed". Click.

I'll try calling @10am PT Monday. I wonder if there's money in shorting Microsoft ...

Update 4/22/07: OneCare support has the world's most obnoxious hold music. They alternative up-tempo elevator music with two repetitive sales pitches spoken in a cheerfully grating tone. I got to listen to a lot of that today. After a half-hour I went to lunch, when I returned the line had gone dead. So the wait time was probably 40 minutes. I'll try again tomorrow. Has Microsoft imploded?

Update 4/24/07: Waited 30 minutes on hold. Called back and pushed 9,9,9. Got a support-referral person. They suggested I try option 2 for tech support. Got someone there. They said hours for the account services are 5am-10pm M-F PST and 5am-5pm PST Sat/Sun. They also suggested calling Microsoft's Money-Back-Guarantee line at 888-673-8624. They put through to another tech support number. They said I can't stop the account renewal process without support giving me an "ASIS" number. They transferred me to fee-based technical support where I listened to hold music. Then I gave up. I'll try calling billing at 5am PT tomorrow.

Update 4/25/07: I ignore the "get an ASIS number first" advice and and call the billing number again at 8:45am PT. Got through immediately -- but that was a false alarm. I'd hit option 3 twice, and errant key presses bring up a human router. She laughs maniacally when I mention OneCare and sends me back to the accounts line. I decide to wait 10 minutes. After seven minutes of the insanely irritating hold music and repetitive marketing patter I decide Microsoft owes me a copy of Macintosh Office 2007 and I contemplate piratical acts. At minute eight the phone picks up. I'm asked why I want to dump OneCare. "Because it has caused far more damage to my system than any virus I've seen". There are no further questions, and to my disgruntled surprise I get a prorated credit of $32. End of story, except, of course, for a post to Gordon's Notes.

Tuesday, April 10, 2007

Option Airport: find strongest

Again, the option key.
TidBITS: Find Strongest Wi-Fi Networks Easily: "If you hold down the Option key when dropping the AirPort status menu, it lists available networks in order of signal strength, rather than the usual (and useless) alphabetical sort.

Daring Fireball on AAC, MP3 and WMA licensing

DF has the first public comparison of MP3, AAC and WMA licensing fees I've seen. Emphases mine.
Daring Fireball: Some Facts About AAC

... The rights to MP3 in most countries, including the U.S., are held by Thomson Consumer Electronics, and companies must pay them licensing fees for any hardware or software product that plays or encodes MP3 audio. Audio playback in hardware costs $0.75 per unit, for example; encoding costs $1.25 per unit.

... AAC is not “unique” to Apple. It’s not even controlled or invented by Apple, or any other single company. It is an ISO standard that was invented by engineers at Dolby, working with companies like Fraunhofer, Sony, AT&T, and Nokia. Licensing is controlled by Via. For up to 400,000 units per year, AAC playback costs $1.00 per unit; for more than 400,000 units per year, the price drops to $0.74 per unit.

[jf: DF doesn't say what AAC encoding costs ...]

In terms of licensing costs, patents, and openness, AAC is very much comparable to MP3. MP3 does have the advantage of near-ubiquitous support in consumer electronics and software; AAC has the advantage of slightly better audio quality at the same encoding bitrate. Additionally, MP3 requires a royalty fee of 2 percent for “electronic music distribution”, AAC requires no royalty fee for distribution.

... it is true that WMA licensing is significantly cheaper: $0.10 per unit for playback of two or fewer channels of audio, $0.20 per unit for encoding. But WMA is not an industry standard. Unlike AAC, it is controlled by a single company: Microsoft. And in for a penny, in for a pound: once you license WMA audio, you’re also on the hook to Microsoft for licensing fees for Windows Media DRM (if you need support for DRM) and Windows Media Video.
The .DOC (Word) file format made Microsoft, along with extreme (and illegal) ruthlessness (back in the day) and the ability to break Lotus at will. Even in its current, seemingly senile, state I dread the thought of Microsoft owning a music file format. I even get twitchy at them owning HD Photo despite their standardization claims.

Monday, April 09, 2007

FileMaker 8: dumbest software ever?

This is rich.

Imagine you have a FileMaker database that's configured to login using the guest account.

Now create an admin account and reduce guest privileges to read-only.


Now you're locked out of the database. It won't ask for a un/pw because it's configured to login using the guest account. You can't change the settings because you don't have access privileges.

Wow. What a rotten piece of junk.

Fortunately I'm geeky enough to try starting up holding down the option key. As I'd guessed, that forces FM to ask for a un/pw despite the startup setting.

Update: If you change the startup account you do get a warning about login (shift for windows, option for Mac), but you don't get this warning if you reduce privileges for an existing guest account.

Update: Now that I've calmed down, here's what FileMaker could do to fix this:
  1. Include a menu option in a logical place for requesting a change in privileges/login.
  2. If the structure of FM is such that this cannot occur without a restart, then FM should provide a dialog saying (in essence) 'Close and restart required, is that ok?'

iSquint: Pod Video Made Easy.

I missed this one: iSquint. I've been using another app to burn DVDs to the iPod, I'll have to try this one. There's a commercial version for the whimsical price of $23.32.

Bringing the ease of AppleTalk to wide area IP

Nice review by ars technica ...
Have your Mac say Bonjour to tout le monde

By now, most Mac users are probably familiar with the magic that is Bonjour (formerly known as Rendezvous). A decade or two ago, when local networks emerged, many computer vendors came up with their own network protocols—AppleTalk in Apple's case. Unlike TCP/IP, AppleTalk works completely automatically: addresses are selected without user intervention or even a DHCP server, and the network makes sure all hosts know about all the network services that are available. Since the demise of the vendor-specific network protocols, Apple has been working hard to add the same level of seamlessness and ease-of-use to today's IP networks. On local networks, this has worked very well for a number of years: you can automatically detect other people running iChat, iTunes, and iPhoto, as well as detect local file, print, and web servers. All of this works by virtue of multicast DNS, where all the systems on a local network listen for mDNS requests and reply if they can answer the request. Unfortunately, this mechanism can't work across the Internet: before long, the only traffic we'd see would be mDNS requests.

It turns out that the Bonjour that we all know and love has a little-known sibling that does work across the Internet: Wide-Area Bonjour. And it's part of Mac OS X Tiger. It works like this. When you get an IP address from your friendly neighborhood DHCP server, the DHCP server usually also supplies a domain name. Wide-Area Bonjour looks up a couple of special DNS names under the supplied domain name. In most cases, these lookups fail and nothing
My oddball Brother MFC has Bonjour (mDNS) support. I recommend not buying any networkable device that lacks support for mDNS, though it's very hard to learn which devices do this. (Heck, most product descriptions don't even identify which devices have Ethernet ports!)

Sunday, April 08, 2007

Core Image Fun House -- the powerful image editor you didn't know you had

Every modern Mac ships with Apple's developer toolkit, though it's not installed. It's on the DVD. You can also register as a developer (free) and download the latest version (which is what I did today since I'm messing with AppleScript Studio).

Besides a massive (1.3 GB) library of Apple documentation (take that Spotlight!) the Developer install includes several useful tools and at least one semi-frivolous tool: Core Image Fun House. I tried out the perspective manipulation tool. Very impressive.

You can do some valuable image manipulation with this, especially if you don't own Aperture. You can, for example, apply noise reduction, something that's part of Aperture but not part of iPhoto 6. It opened my Canon RAW images (.CR2) without complaint.

It has an interesting export option called "Fun House Preset". This is a package that contains the original RAW file and an plist style XML file.

You can also export as TIFF or JPG. Interesting and potentially useful. I'll test it as an external editor with iPhoto.

O'Reilly, Safari Books, and AppleScript: so close to a win-win

[Updated with a correction per Matt Neuburg's comments. Thank you very much Matt!]

This is one of those situations that's so achingly close to a win-win for everyone that it pains me. If only someone at O'Reilly could realize how close they are! Here's the problem and the solution.

Matt Neuburg's AppleScript book
(not Neuberg!) is an excellent overview of AppleScript. Alas, it is limited, as all such books are, by AppleScript's peculiar nature.

The problem is that AppleScript is primarily useful when it interacts with scriptable Applications; this means that many important commands one may think of as belonging to AppleScript belong to Applications instead [2]. If you working to extend an existing script, and decide to research a command in the excellent book index Matt built himself [1], you'll often be frustrated. The command, you see, belongs to the Application, not to AppleScript.

On the other hand, there's a good chance Matt used in the command in one or more examples. In the absence of a companion book entitled "AppleScript for Applications" [3] you'd like to find those examples. Alas, that's where you want a full text search engine.

The good news is, there are two. The even better news is that O'Reilly could make their engine much more visible and useful, with advantages for everyone.

Consider the case of the 'Duplicate' command, which is supported by iTunes (among others) and the Finder (in slightly different ways, no doubt). When I tried Amazon's "search within the book" I discovered several illuminating references. Similarly, O'Reilly allows one to search within the book as a promotion for its Safari eBook library: O'Reilly - Safari Books Online - 0596102119 - AppleScript: The Definitive Guide, 2nd Edition.

The Safari search works well, but they don't want to give away too much for free. You can only read a snippet of information in the search results. A snippet that doesn't, currently, include the page or section number. If you click further you get to the 'buy safari' screen, but you also get to see the section number. Now, you can return to the book and read the information.

Matt would love for O'Reilly to open up Safari a bit more, but they don't want to. That's ok, O'Reilly could make all of us (and themselves) happy by keeping Safari just as closed as it is today, but merely adding a section reference to the search results they freely expose already.

Here's the win-win for O'Reilly, Matt, book retailers and us:
1. Include the section reference in the initial search results screen.
2. Promote the search facility in every published O'Reilly book and explain how to use it on the O'Reilly book page.
3. If need be, request readers register to obtain this service. O'Reilly doesn't do spam, but they can suggest email subscriptions, RSS feeds, etc during the registration process.
Let us count the wins:
1. Matt's book is suddenly a better book. Readers get more value from it. They use it more. They like it and O'Reilly more.
2. O'Reilly gets ongoing visits from its customers. Many would kill for this alone.
3. O'Reilly gets free, regular, promotion of Safari services.
4. O'Reilly sells more books, Amazon sells more books.
5. O'Reilly does not reduce the value of Safari, they enhance it by introducing users to it without giving it away.
It's a win-win for everyone. I just hope someone at O'Reilly can see the profit in it for them.


[1] In my real life I'm a knowledge representation/informatics geek. I have a lot of respect for the unrecognized intellectual labor that goes into producing a truly excellent index. In this case Matt did the work himself!

[2] Many applications may use the same string to refer to somewhat similar functions with slightly different syntax and semantics. This "ontologic dilemma" is a kind of uncontrolled overloading, and it makes AppleScript very challenging to use.

[3] If Matt decides to sell an "AppleScript for Applications" as a Tidbits eBook I'll pay for mine in advance.

Saturday, April 07, 2007

The NYT reviews travel bargain finder services

It feels like we're completely outgunned by the airlines when it comes to pricing strategies, but there's no lack of sites trying to find a way to stay in the game. The NYT has a nice review. I'm going to add several of these to my old business travel page (emphases mine)
Sifting Data to Uncover Travel Deals - New York Times

... The Internet abounds with offers for low fares. You can find them on the major Internet travel agent sites like Orbitz, Travelocity or on more specialized sites like or, which gathered a following with technology that enables it to predict the direction of airfares on a particular route, is back with another innovation that it says can distinguish the best deals in air travel....

...George Hobica, a former travel writer, says he thinks that fare-finder sites that rely only on data feeds miss bargains mainly because they do not include the information from Southwest Airlines. Southwest offers bargain fares but does not share its information with other Web sites. He started airfare based on the idea that “technology can fail.

...For the hard-core traveler, the kind who wants to make sure he has the highest odds of making that meeting in Manhattan, there is It compiles statistics not just by airline, but by each flight. So, for instance, if you wanted to see which flights between Atlanta and Newark are most prone to problems, you would go to its Flight Rating section and find that while Continental Flight 1154 is on time 96 percent of the time, Continental Flight 1156 is on time only 44 percent of the time and was canceled or diverted 6 percent of the time over the last 60 days.

The site also helpfully lays out vital bits of information you need to make a decision. For instance, it cites the number of flights on a particular route. The on-time statistics become more relevant if you know only two flights were made on a particular route, not 54.

... One source of data at FlightStats on frequent-flier promotions comes from Boaz Shmueli, who runs and PointMaven. If your goal in life is to accumulate enough points to get free flights to Hawaii for the family vacation, you will want to frequent these sites...

... Google Mobile’s ( text messaging service for cellphones provides information in a pinch. You can get flight arrival or departure information (it comes from Flightstats) by typing in the flight number, like “Jetblue 91” on your phone’s SMS service and sending the query to 466453. (That is Google on the keypad, in case you want to remember it.)

You can also get the phone number of an airline, which can come in handy when you have just learned a flight has been canceled. (While other frustrated travelers shove each other in line at the counter, you make a few calls.) Google also offers to translate words into foreign languages and provides driving directions.

Orbitz also makes flight information available to cellphone users. Type in from any Web-enabled phone and you can also get information about hotels that are near the airport in 20 major cities. It details room availability and prices., the comparison shopping site, scours other Web sites for deals on electronics, clothing and other products. Now it searches Web sites like Orbitz, and to compile a list of hotels. It makes a similar effort for car rentals...

AppleScript: adding a progress indicator to a script

I finally found a need to write (modify) an AppleScript. I'd been kind of hoping Apple would dump AppleScript and switch over to Ruby or (even better) Python as the official AppleEvent scripting language [1]. After some grumbling, though, I was able to get things working. The remaining problems is that execution is dog slow and the progress indicator available from AppleScript is very annoying.

So I was interested in this tutorial ...
AppleScript Studio Tutorial - Getting Started with Displaying Progress

One very common use for AppleScript is batch processing. Scripts of this nature will often loop through multiple items, performing some type of automated task for each item being processed. An example of this might be a script that loops through a folder of image files, converting each one to another format.

A script of this nature that is created with Script Editor, and then run, may work just fine. However, visually, it is less than spectacular. Other than a spinning cursor, and perhaps a dialog message displayed here or there during script execution, the user does not usually receive a very good visual representation of what is occurring.

This is where AppleScript Studio can come in handy. In this month's column, we will discuss adding progress bars and spinners to an AppleScript, in order to provide a visual representation of what is being processed, how much processing is complete, and how much processing remains during script execution.
I'll give it a try, and if I get it running I'll post the code. I've added MacScripter to my feeds as well.

[1] This insightful feeling comment, however, has given me pause:
Posted February 28, 2007 @ 12:57PM by AlanS

... What makes AppleScripting difficult is not the AppleScript language, it is the OSA architecture, which pushes most of the semantics into individual applications. Not only do most applications do an abysmal job of documenting their OSA support, they also differ widely in how they choose implement basic semantics such as object references. Thus, every attempt to use AppleScript often becomes a treasure hunt to find the magic incantation to accomplish a goal. Switching to another scripting language will not solve this fundamental problem...
Which makes me even sadder that "AppleScript for Applications" (out of print) has never been updated. One of the most aggravating things about trying to use AppleScript is that so much is undocumented, under-documented, broken, incompletely implemented ...

Windows Live OneCare: maybe Microsoft is still incompetent

How much trouble is Microsoft having with their Windows Live OneCare subscription service? Let me count the ways:
1. Live OneCare is red recently. It says "An error has prevented Windows Live OneCare from installing a required upgrade".
2. I click "get help" and manually check for updates.
3. I get a notice that page URL has changed -- danger! danger! I persist.
4. The update page can't verify my account status.
5. I click the link I'm next shown for technical support.
6. I get this: Page Not Found: "undefined"
What a relief. I was afraid Microsoft was rediscovering competence. Maybe Windows Live Writer is some kind of statistical fluke. This latest debacle gives me a warm and fuzzy feeling ...

Update: unsurprisingly, an uninstall, new download and reinstall fixed the problem.

Thursday, April 05, 2007

Google My Maps killed my XP box

Google Maps now includes the KML based path sketching previously available only on Google Earth (Plus). Sounds great for inline skating trails, commuting bike paths, etc. I fired it up in Firefox tonight and zoomed out from my home map. Then XP died. Just died. No keyboard or mouse response, nothing. I had to power cycle.

Wow. I suspect something hit the video driver hard. I'll be very careful about using this app while I have any unsaved work open...

Update: The crash blew away my Firefox browser settings including the configuration data for the Google Firefox toolbar and Google's firefox browser sync. Wow.

Wednesday, April 04, 2007

Google's Mac desktop: a bit scary

The exciting news is that Google has delivered another major OS X product. The bad news is it tries to replace Spotlight and has a fairly ugly installation routine. DF has the story ...
Daring Fireball: A Quick, Possibly Incomplete Guide to What Gets Installed by the Google Desktop Installer

... One of the nice features of Apple’s installer is the Show Files command in the File menu, which gives you a nice listing of everything the installer is going to install, before it happens...

...Today, Google released Google Desktop for Mac, which, in a nutshell, is more or less a competitor to Spotlight. I’ve only had time to give it a cursory examination, but it’s clearly a deep and complex set of software. I say “set” because Google Desktop is not just one piece of software, it’s a system with numerous components. A simple drag-and-drop installation wouldn’t work.

But Google doesn’t use Apple’s standard installer, either. Google Desktop is delivered using another new Google app, called Google Updater. This app is a meta installer for various Google Mac apps, including, as of today, Google Desktop, Earth, Notifier, and Picasa Uploader. It doesn’t contain the software for any of these apps, instead, it downloads the latest version when you choose to install or update them. It also provides a simple one-button interface for uninstalling these apps...
I won't be installing this one for a while. Spotlight isn't perfect, but it's pretty darned good (especially with non-Apple front ends). I know Google is into search, but really I wish they'd focused on other value props for their Mac client. I also heartily dislike installations that break 'good conduct' rules, and it appears Google Desktop for Mac is quite a bad actor.

I hope Google will respond and address some of these issues. I'd like to see an installation that omitted the search function.

iTunes drag and drop bug: the Doug's AppleScripts workaround

iTunes OS X supports drag and drop export of a playlist to a folder. I use this to export AAC and MP3 (non-FairPlay) tunes to a thumb drive for play in the car or on my corporate laptop.

There's no other built-in method for exporting playlist files, and this method isn't documented. One reason it may be undocumented is that it's buggy. If a playlist contains two tunes of the same name (possibly same file name, I didn't have time to finish testing) the drag and drop aborts without an error message. It's a funny abort -- the files briefly appear then vanish.

Happily there appear to be workarounds. Doug's AppleScripts for iTunes, a site mostly built in 2005, has several scripts that sync or copy a playlist to an external folder. I'm going to try this one. Doug's site accepts Amazon donations (in addition to PayPal, a service I dislike for several reasons), so if the scripts work I'll send him a fiver.

PS. Doug's 'What's New' feed has some good tips and comments. He mentions a "tumblelog", a new categorical term which sounds like it might apply to this blog.

Update: Alas, the 'copy to folder' script has the same bug. I'll take a look at it and see if I can hack a fixed version that will do name collision fixes. I've written Doug in the hopes he might add this code.

Update 4/6/07: I haven't heard from Doug, so I decided to see if I could hack a workaround. I find AppleScript pretty painful to work with (anyone else notice Apple's online documentation is dated 1999?) but a relatively simple hack occurred to me; if I prefixed all the output filenames with an incrementing counter they'd be guaranteed to be unique. It took at least two hours to figure out how to do this (Ethan Wilde's AppleScript for Applications was by far the best reference I could find and it's very dated). Here's the modified script, my additions are in bold.
tell application "iTunes"
set counter to 0
set trackList to the selection of window 1 -- any window with a selection
set theTrackCount to count trackList
if ((count trackList) is 0) then
display dialog "No tracks are selected!" with icon caution buttons {"Cancel"} default button 1
end if
set theFolder to choose folder with prompt "Pick folder to copy the selected tracks to"

if theFolder is not "" then
repeat with theTrack in trackList
set counter to counter + 1
set theTrackName to ((the location of theTrack))
tell application "Finder"
set NewFile to duplicate file theTrackName to theFolder
set the name of NewFile to ((counter as string) & "_" & the name of NewFile)
if (counter mod 10 is 0) then display dialog "Processing track " & counter & " of " & theTrackCount giving up after 1 with icon note
on error
tell application "iTunes"
display dialog "The Finder reported an error: The file [" & (theTrackName as string) & "] could not be copied to [" & theFolder & "]. The counter is " & (counter as string) with icon caution
end tell
end try
end tell
end repeat
display dialog "Finished!" buttons {"Okay"} default button 1 with icon 1
end if
end tell

It takes a long time to run through a mere 179 tracks, but it works. The hardest part was figuring out how to get a handle on the result of the "Duplicate file" command; browsing the Finder's "Dictionary" I discovered the Duplicate command in 10.4.9 returns a reference to the output file. That wasn't documented anywhere else I looked.

This would have been a trivial task in the old days of DOS Batch programming, and it would have completed in a second or two. Progress can be elusive.