Thursday, April 19, 2007
How does one really hack a system?
CH reviews a book that categorizes software errors: Coding Horror: Sins of Software Security. He then provides a count of how often each has been exploited (over 3,000 times for buffer overflows). If you know a bit of C programming, then it's all very readable and it makes clear why so much software is so vulnerable. Ahh, if only we'd never left Pascal ...
Wednesday, April 18, 2007
iStock Photo: $2 to $4 per image
I read about iStockphoto.com in an article about globalization and crowdsourcing. These inexpensive photos look like they'd be great for desktop backgrounds (I use black and white images with limited white areas for my wallpaper so I can see icons) or presentations. Sure, you can find photos for free using Google, Flickr, etc -- but these are pretty nice quality. Might be worth a few dollars to save search time.
Monday, April 16, 2007
Ports: a handy reference for firewall work
"Well Known" TCP and UDP Ports Used By Apple Software Products lists the port, protocol and service. A handy reference, even if it's dated in places (Retrospect is no longer Dantz).
WordPress: the blogging platform of the moment
I've suffered with Blogger for years, while competitors waxed and waned. Blogger is getting more tolerable, but WordPress is the fashionable place these days. I opened an account and played with it a bit. It doesn't have much more Safari support than Blogger, but it's a strong competitor for Firefox clients and I think it has a more stable API than Blogger. I was very impressed by the import/export facilities, WordPress is not afraid to let their customers free.
I'll keep playing with it, though if Blogger improves their BlogThis! client I'll probably stay with Blogger.
I'll keep playing with it, though if Blogger improves their BlogThis! client I'll probably stay with Blogger.
Blogger BlogThis!: Drag and drop URLs
This works in the Firefox rich text field that one sees when using BlogThis! in rich-text mode:
Incidentally, Blogger 2.0 with Firefox's [2] impressive integrated spell-checking is a qualitative improvement on Blogger 1.0. I've been reluctant to declare that since I've been burned so often by Blogger! Alas, BlogThis! is still stuck in the dark ages; it doesn't support tags. I've got my fingers crossed for BlogThis! 2.0 sometime soon.
[1] Internet Explorer may use the page title, Microsoft Live Writer uses the page title as does old FrontPage 98 (which I still use - it was a good application then).
[2] Don't even think of using Safari.
1. View a page in FirefoxIt would, of course, be better if the URL was assigned given the page title [1], but I can live with this. I've not seen it mentioned anywhere, though it's a hard topic to search on. I'm sure it's a general property of the Firefox rich text editor. It's a significant time saver.
2. Click on icon displayed next to URL in the url field.
3. Drag and drop into the editing area. A link appears.
Incidentally, Blogger 2.0 with Firefox's [2] impressive integrated spell-checking is a qualitative improvement on Blogger 1.0. I've been reluctant to declare that since I've been burned so often by Blogger! Alas, BlogThis! is still stuck in the dark ages; it doesn't support tags. I've got my fingers crossed for BlogThis! 2.0 sometime soon.
[1] Internet Explorer may use the page title, Microsoft Live Writer uses the page title as does old FrontPage 98 (which I still use - it was a good application then).
[2] Don't even think of using Safari.
Sunday, April 15, 2007
iWorks MIA: OpenOffice and NeoOffice
It's been years since AppleWorks was retired, but there's still no full replacement. Apple's 10.5 delay bodes poorly for anything soon.
Time to look again at NeoOffice and OpenOffice.
NeoOffice is now on version 2.1. It's still Java based, but it has an Aqua UI and doesn't require X11. NeoOffice has been ailing ever since Apple deprecated Java as a development environment, but the small team of international volunteers is still working on it. I'll test it out, being sure to install the most recent patches. It now comes with an app that installs support for Spotlight search of OpenOffice document formats.
OpenOffice 2.2 is still dependent on X11, so it's not a consideration for our home. However, there's a tentative date for a true OS X version: Digg - Timetable Announced For Native Aqua OpenOffice - Public Release in May
OpenOffice has a very well done Wiki on the Aqua (not Cocoa!) project, including minutes from the March 30th meeting. It's encouraging news, suggesting there might be something we'd use ready for late summer. I wouldn't consider replacing Nisus Writer Express, which has been excellent (Nisus Writer Pro is in beta now), but a decent Excel clone and PowerPoint reader would be very helpful. Note that "Aqua" doesn't mean OpenOffice will become a full fledged Cocoa application with services integration, system spell checking, etc. It won't show off the (aging) advantages of OS X as well as NWE or even iWorks.
Time to look again at NeoOffice and OpenOffice.
NeoOffice is now on version 2.1. It's still Java based, but it has an Aqua UI and doesn't require X11. NeoOffice has been ailing ever since Apple deprecated Java as a development environment, but the small team of international volunteers is still working on it. I'll test it out, being sure to install the most recent patches. It now comes with an app that installs support for Spotlight search of OpenOffice document formats.
OpenOffice 2.2 is still dependent on X11, so it's not a consideration for our home. However, there's a tentative date for a true OS X version: Digg - Timetable Announced For Native Aqua OpenOffice - Public Release in May
OpenOffice has a very well done Wiki on the Aqua (not Cocoa!) project, including minutes from the March 30th meeting. It's encouraging news, suggesting there might be something we'd use ready for late summer. I wouldn't consider replacing Nisus Writer Express, which has been excellent (Nisus Writer Pro is in beta now), but a decent Excel clone and PowerPoint reader would be very helpful. Note that "Aqua" doesn't mean OpenOffice will become a full fledged Cocoa application with services integration, system spell checking, etc. It won't show off the (aging) advantages of OS X as well as NWE or even iWorks.
Friday, April 13, 2007
OS X: Creating a "parents only" shared folder
It began innocently enough.
I needed to move the family share off an old XP box and onto our iMac. We needed a Parents-only folder that would be shared on the network and accessible for each Parental-unit on the iMac. Print services are via a networked Brother MFC and the 802.11b/g Airport Extreme, they would not change.
The journey passed through dark places. Along the way I learned:
Ugly.
BTW, here's the problem with the 10.2 edition of David Pogue's Mac OS X The Missing Manual. In that edition he recommends duplicating the Administrator group as the starting point for a new share. The problem is that the Administrator group has some extra attributes associated with it that, I suspect, are used by AFP file sharing. They aren't part of a standard Group created by SharePoints or OS X server. The result is that any user member of the new, derived, group has occult admin privileges. If they try to access a denied folder, they have the right to authenticate as an admin. This is bad. Of course maybe it did work safely in 10.2, I don't have the 10.4 edition of his book. I'll write and ask him if it's been fixed.
[1] I've been reading through the PDF. NetInfo Manager is an antique. It uses sequential integers as user IDs rather than GUIDs (globally unique identifiers) and advises strategies like "reserve range". Brrrr. Reminds me of Disco. I've read blase responses to Apple's 10.5 shipping delay, but I think the reactions are too complacent. OS X still has one foot firmly stuck in the 1970s, it needs some serious upgrades.
Update 4/14/07: It was nasty to setup (thank you SharePoints), but it is sweet. The Mac clients connect pretty seamlessly to the server, with no sleep/wake connection issues. I enabled SMB sharing for my OS X account (only) and that works very well. Interestingly OS X 10.4.9 Sharing specifies an IP address for the iMac, but while I was playing around with browsing the workgroup from my XP box the server appeared as if by magic. I'm not quite sure how that happened. The iMac shows up as \\BIGMAC\jfaughnan, probably because I'd installed Apple's Bonjour on the XP box. (Note I'd previously set the Mac to use my SMB workgroup name, using the obscure setting in the extraordinarily obscure Directory Access utility.
I needed to move the family share off an old XP box and onto our iMac. We needed a Parents-only folder that would be shared on the network and accessible for each Parental-unit on the iMac. Print services are via a networked Brother MFC and the 802.11b/g Airport Extreme, they would not change.
The journey passed through dark places. Along the way I learned:
- Mac Classic, and Windows 95, 98, ME, NT and 2K, were all better designed for small network file sharing than OS X. I'm not sure even XP Pro isn't better designed than OS X for this particular task. The Users and Groups functionality of Mac Classic is only available in OS X server. (Same thing happened to that function between Windows 98 and XP.)
- You can't share the Shared Folder. (!) (Unless you use SharePoints, see below.)
- The NetInfo Manager is largely undocumented and the user interface is broken (are you sure you know what you're deleting? Do you know when there's a confirmation dialog and when there isn't). (The only documentation I could find was Apple's PDF. [1]
- The 10.2 edition of David Pogue's Mac OS X The Missing Manual has dangerously incorrect advice for using NetInfo Manager
- SharePoints is a bit crude and it's dangerous, but it works well for adding a Parent group. When I donate I'll suggest some UI tweaks. The author's web site has an Amazon donation box.
- If you want to do this the authorized way you either need to buy OS X server (!) or, maybe, you can buy the new Airport Extreme and a USB share (slow, slow, slow).
- Create a Group called "parents" and add the two parental users to it using NetInfo Manager per Pogue's explanations
- Create a folder in the Shared Folder called "Parents" and change the Group access to Parents with read/write privileges.
- Created a folder called "Parents" in the Public folder associated with my wife's account on the iMac
- Used SharePoints to create a Group called "parents" with two user members.
- Used Get Info to give the group "parents" read/write access to the folder "Parents"
Ugly.
BTW, here's the problem with the 10.2 edition of David Pogue's Mac OS X The Missing Manual. In that edition he recommends duplicating the Administrator group as the starting point for a new share. The problem is that the Administrator group has some extra attributes associated with it that, I suspect, are used by AFP file sharing. They aren't part of a standard Group created by SharePoints or OS X server. The result is that any user member of the new, derived, group has occult admin privileges. If they try to access a denied folder, they have the right to authenticate as an admin. This is bad. Of course maybe it did work safely in 10.2, I don't have the 10.4 edition of his book. I'll write and ask him if it's been fixed.
[1] I've been reading through the PDF. NetInfo Manager is an antique. It uses sequential integers as user IDs rather than GUIDs (globally unique identifiers) and advises strategies like "reserve range". Brrrr. Reminds me of Disco. I've read blase responses to Apple's 10.5 shipping delay, but I think the reactions are too complacent. OS X still has one foot firmly stuck in the 1970s, it needs some serious upgrades.
Update 4/14/07: It was nasty to setup (thank you SharePoints), but it is sweet. The Mac clients connect pretty seamlessly to the server, with no sleep/wake connection issues. I enabled SMB sharing for my OS X account (only) and that works very well. Interestingly OS X 10.4.9 Sharing specifies an IP address for the iMac, but while I was playing around with browsing the workgroup from my XP box the server appeared as if by magic. I'm not quite sure how that happened. The iMac shows up as \\BIGMAC\jfaughnan, probably because I'd installed Apple's Bonjour on the XP box. (Note I'd previously set the Mac to use my SMB workgroup name, using the obscure setting in the extraordinarily obscure Directory Access utility.
Thursday, April 12, 2007
Microsoft OneCare dies: XP hangs by a thread
About seven months ago, when Norton Antivirus came up for renewal, I switched to Windows/Microsoft Live OneCare. I was tired of quality and performance issues with NAV. I figured Microsoft, since they owned the OS, would manage the performance/reliability issues better. I thought Microsoft couldn't screw it up.
Wrong. First, the sign-up process was amazingly buggy. Then, from the first day of use OneCare flagged many benign files as suspicious. More recently an update failure uncovered a disturbing number of red flags. Yesterday, OneCare went over the edge.
I'd seen an update notice when I shut down the day before. When I restarted yesterday morning I received the dreaded "memory could not be read" svchost.exe startup message. This is Microsoft's singularly unhelpful way of saying something is wrong with deep in the bowels of the services that underlie XP. In the past it has appeared after I've installed an Office update (due to an egregious and longstanding bug in the Office updater).
This time the problems were deep. I could only use the machine for a few minutes before it became unresponsive. On a power down and restart I couldn't get past the 'applying settings' part of a login, I had to do a soft boot to get further.
I suspected a drive error, but a drive scan was clean. I though of rolling back to a prior system restore, but I discovered I'd disabled system restore when fixing up an old XP problem and forgotten to restore it. I didn't want to reinstall the OS, so my next step was to try uninstalling badly behaved software.
Two applications were at the top of my list. Windows Live OneCare and Adobe Acrobat Professional (AAP has a famously badly behaved updater). I started with OneCare.
That did the trick. Once I'd uninstalled OneCare every problem went away. I purged Windows Defender for good measure.
I didn't like NAV, so what should I do for antiviral software now?
Well, let's assess the risks. I'm the only user of this machine and my email is filtered by an average of three different layers of antiviral filtering (spamcop, gmail and visi). I don't install any new Windows software of any sort on this machine, I do almost all my work on one of our ultra-reliable trouble-free OS X machines. I have an automated nightly backup system. I use Firefox, not IE. My network is behind two different NAT router/firewalls with different vendors and my wireless network is WPA2 with a strong password.
Screw it. OneCare is a far greater risk to me than the world of viruses and NAV is in the same league. I'm going "bare".
Meanwhile, I'm going to start moving the file sharing function off this old box onto the iMac. I run Parallels/Win2K on my MacBook for the rare Windows app I need (Microsoft Access a few sundry others), it might be time to donate my one remaining PC use the MacBook as my desktop.
Update 4/13/07: There's one other bad actor in my software collection -- Dantz (now EMC) Retrospect Professional for Windows. If I had to guess what went badly wrong in my XP install, I would look first at some interaction between Retrospect, OneCare, Microsoft Update and maybe one or two other variables. Mercifully, I don't need to bother pursuing this one any further. Retrospect Pro is the main reason I keep the XP box running, so when I eliminate the box I'll dump Retrospect Pro as well. (EMC, somewhat tardily, has begun offering trial versions of Retrospect. I will test their Retrospect Desktop for OS X network backup product and report on my experiences. I'd hoped to test EMC's mettle by seeing how well and quickly they supported OS X 10.5, but the delay to that release means I'll have to try them on 10.4 instead).
Update 4/21/07: It's one thing to uninstall OneCare, another to kill the OneCare account. The account auto-renews forever. You can't change this online, you have to phone Microsoft to cancel. I tried this tonight. The phone rang a bit, then came a voice .. "Microsoft is closed". Click.
I'll try calling @10am PT Monday. I wonder if there's money in shorting Microsoft ...
Update 4/22/07: OneCare support has the world's most obnoxious hold music. They alternative up-tempo elevator music with two repetitive sales pitches spoken in a cheerfully grating tone. I got to listen to a lot of that today. After a half-hour I went to lunch, when I returned the line had gone dead. So the wait time was probably 40 minutes. I'll try again tomorrow. Has Microsoft imploded?
Update 4/24/07: Waited 30 minutes on hold. Called back and pushed 9,9,9. Got a support-referral person. They suggested I try option 2 for tech support. Got someone there. They said hours for the account services are 5am-10pm M-F PST and 5am-5pm PST Sat/Sun. They also suggested calling Microsoft's Money-Back-Guarantee line at 888-673-8624. They put through to another tech support number. They said I can't stop the account renewal process without support giving me an "ASIS" number. They transferred me to fee-based technical support where I listened to hold music. Then I gave up. I'll try calling billing at 5am PT tomorrow.
Update 4/25/07: I ignore the "get an ASIS number first" advice and and call the billing number again at 8:45am PT. Got through immediately -- but that was a false alarm. I'd hit option 3 twice, and errant key presses bring up a human router. She laughs maniacally when I mention OneCare and sends me back to the accounts line. I decide to wait 10 minutes. After seven minutes of the insanely irritating hold music and repetitive marketing patter I decide Microsoft owes me a copy of Macintosh Office 2007 and I contemplate piratical acts. At minute eight the phone picks up. I'm asked why I want to dump OneCare. "Because it has caused far more damage to my system than any virus I've seen". There are no further questions, and to my disgruntled surprise I get a prorated credit of $32. End of story, except, of course, for a post to Gordon's Notes.
Wrong. First, the sign-up process was amazingly buggy. Then, from the first day of use OneCare flagged many benign files as suspicious. More recently an update failure uncovered a disturbing number of red flags. Yesterday, OneCare went over the edge.
I'd seen an update notice when I shut down the day before. When I restarted yesterday morning I received the dreaded "memory could not be read" svchost.exe startup message. This is Microsoft's singularly unhelpful way of saying something is wrong with deep in the bowels of the services that underlie XP. In the past it has appeared after I've installed an Office update (due to an egregious and longstanding bug in the Office updater).
This time the problems were deep. I could only use the machine for a few minutes before it became unresponsive. On a power down and restart I couldn't get past the 'applying settings' part of a login, I had to do a soft boot to get further.
I suspected a drive error, but a drive scan was clean. I though of rolling back to a prior system restore, but I discovered I'd disabled system restore when fixing up an old XP problem and forgotten to restore it. I didn't want to reinstall the OS, so my next step was to try uninstalling badly behaved software.
Two applications were at the top of my list. Windows Live OneCare and Adobe Acrobat Professional (AAP has a famously badly behaved updater). I started with OneCare.
That did the trick. Once I'd uninstalled OneCare every problem went away. I purged Windows Defender for good measure.
I didn't like NAV, so what should I do for antiviral software now?
Well, let's assess the risks. I'm the only user of this machine and my email is filtered by an average of three different layers of antiviral filtering (spamcop, gmail and visi). I don't install any new Windows software of any sort on this machine, I do almost all my work on one of our ultra-reliable trouble-free OS X machines. I have an automated nightly backup system. I use Firefox, not IE. My network is behind two different NAT router/firewalls with different vendors and my wireless network is WPA2 with a strong password.
Screw it. OneCare is a far greater risk to me than the world of viruses and NAV is in the same league. I'm going "bare".
Meanwhile, I'm going to start moving the file sharing function off this old box onto the iMac. I run Parallels/Win2K on my MacBook for the rare Windows app I need (Microsoft Access a few sundry others), it might be time to donate my one remaining PC use the MacBook as my desktop.
Update 4/13/07: There's one other bad actor in my software collection -- Dantz (now EMC) Retrospect Professional for Windows. If I had to guess what went badly wrong in my XP install, I would look first at some interaction between Retrospect, OneCare, Microsoft Update and maybe one or two other variables. Mercifully, I don't need to bother pursuing this one any further. Retrospect Pro is the main reason I keep the XP box running, so when I eliminate the box I'll dump Retrospect Pro as well. (EMC, somewhat tardily, has begun offering trial versions of Retrospect. I will test their Retrospect Desktop for OS X network backup product and report on my experiences. I'd hoped to test EMC's mettle by seeing how well and quickly they supported OS X 10.5, but the delay to that release means I'll have to try them on 10.4 instead).
Update 4/21/07: It's one thing to uninstall OneCare, another to kill the OneCare account. The account auto-renews forever. You can't change this online, you have to phone Microsoft to cancel. I tried this tonight. The phone rang a bit, then came a voice .. "Microsoft is closed". Click.
I'll try calling @10am PT Monday. I wonder if there's money in shorting Microsoft ...
Update 4/22/07: OneCare support has the world's most obnoxious hold music. They alternative up-tempo elevator music with two repetitive sales pitches spoken in a cheerfully grating tone. I got to listen to a lot of that today. After a half-hour I went to lunch, when I returned the line had gone dead. So the wait time was probably 40 minutes. I'll try again tomorrow. Has Microsoft imploded?
Update 4/24/07: Waited 30 minutes on hold. Called back and pushed 9,9,9. Got a support-referral person. They suggested I try option 2 for tech support. Got someone there. They said hours for the account services are 5am-10pm M-F PST and 5am-5pm PST Sat/Sun. They also suggested calling Microsoft's Money-Back-Guarantee line at 888-673-8624. They put through to another tech support number. They said I can't stop the account renewal process without support giving me an "ASIS" number. They transferred me to fee-based technical support where I listened to hold music. Then I gave up. I'll try calling billing at 5am PT tomorrow.
Update 4/25/07: I ignore the "get an ASIS number first" advice and and call the billing number again at 8:45am PT. Got through immediately -- but that was a false alarm. I'd hit option 3 twice, and errant key presses bring up a human router. She laughs maniacally when I mention OneCare and sends me back to the accounts line. I decide to wait 10 minutes. After seven minutes of the insanely irritating hold music and repetitive marketing patter I decide Microsoft owes me a copy of Macintosh Office 2007 and I contemplate piratical acts. At minute eight the phone picks up. I'm asked why I want to dump OneCare. "Because it has caused far more damage to my system than any virus I've seen". There are no further questions, and to my disgruntled surprise I get a prorated credit of $32. End of story, except, of course, for a post to Gordon's Notes.
Tuesday, April 10, 2007
Option Airport: find strongest
Again, the option key.
TidBITS: Find Strongest Wi-Fi Networks Easily: "If you hold down the Option key when dropping the AirPort status menu, it lists available networks in order of signal strength, rather than the usual (and useless) alphabetical sort.
Daring Fireball on AAC, MP3 and WMA licensing
DF has the first public comparison of MP3, AAC and WMA licensing fees I've seen. Emphases mine.
Daring Fireball: Some Facts About AACThe .DOC (Word) file format made Microsoft, along with extreme (and illegal) ruthlessness (back in the day) and the ability to break Lotus at will. Even in its current, seemingly senile, state I dread the thought of Microsoft owning a music file format. I even get twitchy at them owning HD Photo despite their standardization claims.
... The rights to MP3 in most countries, including the U.S., are held by Thomson Consumer Electronics, and companies must pay them licensing fees for any hardware or software product that plays or encodes MP3 audio. Audio playback in hardware costs $0.75 per unit, for example; encoding costs $1.25 per unit.
... AAC is not “unique” to Apple. It’s not even controlled or invented by Apple, or any other single company. It is an ISO standard that was invented by engineers at Dolby, working with companies like Fraunhofer, Sony, AT&T, and Nokia. Licensing is controlled by Via. For up to 400,000 units per year, AAC playback costs $1.00 per unit; for more than 400,000 units per year, the price drops to $0.74 per unit.
[jf: DF doesn't say what AAC encoding costs ...]
In terms of licensing costs, patents, and openness, AAC is very much comparable to MP3. MP3 does have the advantage of near-ubiquitous support in consumer electronics and software; AAC has the advantage of slightly better audio quality at the same encoding bitrate. Additionally, MP3 requires a royalty fee of 2 percent for “electronic music distribution”, AAC requires no royalty fee for distribution.
... it is true that WMA licensing is significantly cheaper: $0.10 per unit for playback of two or fewer channels of audio, $0.20 per unit for encoding. But WMA is not an industry standard. Unlike AAC, it is controlled by a single company: Microsoft. And in for a penny, in for a pound: once you license WMA audio, you’re also on the hook to Microsoft for licensing fees for Windows Media DRM (if you need support for DRM) and Windows Media Video.
Monday, April 09, 2007
FileMaker 8: dumbest software ever?
This is rich.
Imagine you have a FileMaker database that's configured to login using the guest account.
Now create an admin account and reduce guest privileges to read-only.
Exit.
Now you're locked out of the database. It won't ask for a un/pw because it's configured to login using the guest account. You can't change the settings because you don't have access privileges.
Wow. What a rotten piece of junk.
Fortunately I'm geeky enough to try starting up holding down the option key. As I'd guessed, that forces FM to ask for a un/pw despite the startup setting.
Update: If you change the startup account you do get a warning about login (shift for windows, option for Mac), but you don't get this warning if you reduce privileges for an existing guest account.
Update: Now that I've calmed down, here's what FileMaker could do to fix this:
Imagine you have a FileMaker database that's configured to login using the guest account.
Now create an admin account and reduce guest privileges to read-only.
Exit.
Now you're locked out of the database. It won't ask for a un/pw because it's configured to login using the guest account. You can't change the settings because you don't have access privileges.
Wow. What a rotten piece of junk.
Fortunately I'm geeky enough to try starting up holding down the option key. As I'd guessed, that forces FM to ask for a un/pw despite the startup setting.
Update: If you change the startup account you do get a warning about login (shift for windows, option for Mac), but you don't get this warning if you reduce privileges for an existing guest account.
Update: Now that I've calmed down, here's what FileMaker could do to fix this:
- Include a menu option in a logical place for requesting a change in privileges/login.
- If the structure of FM is such that this cannot occur without a restart, then FM should provide a dialog saying (in essence) 'Close and restart required, is that ok?'
iSquint: Pod Video Made Easy.
I missed this one: iSquint. I've been using another app to burn DVDs to the iPod, I'll have to try this one. There's a commercial version for the whimsical price of $23.32.
Bringing the ease of AppleTalk to wide area IP
Nice review by ars technica ...
Have your Mac say Bonjour to tout le mondeMy oddball Brother MFC has Bonjour (mDNS) support. I recommend not buying any networkable device that lacks support for mDNS, though it's very hard to learn which devices do this. (Heck, most product descriptions don't even identify which devices have Ethernet ports!)
By now, most Mac users are probably familiar with the magic that is Bonjour (formerly known as Rendezvous). A decade or two ago, when local networks emerged, many computer vendors came up with their own network protocols—AppleTalk in Apple's case. Unlike TCP/IP, AppleTalk works completely automatically: addresses are selected without user intervention or even a DHCP server, and the network makes sure all hosts know about all the network services that are available. Since the demise of the vendor-specific network protocols, Apple has been working hard to add the same level of seamlessness and ease-of-use to today's IP networks. On local networks, this has worked very well for a number of years: you can automatically detect other people running iChat, iTunes, and iPhoto, as well as detect local file, print, and web servers. All of this works by virtue of multicast DNS, where all the systems on a local network listen for mDNS requests and reply if they can answer the request. Unfortunately, this mechanism can't work across the Internet: before long, the only traffic we'd see would be mDNS requests.
It turns out that the Bonjour that we all know and love has a little-known sibling that does work across the Internet: Wide-Area Bonjour. And it's part of Mac OS X Tiger. It works like this. When you get an IP address from your friendly neighborhood DHCP server, the DHCP server usually also supplies a domain name. Wide-Area Bonjour looks up a couple of special DNS names under the supplied domain name. In most cases, these lookups fail and nothing
Sunday, April 08, 2007
Core Image Fun House -- the powerful image editor you didn't know you had
Every modern Mac ships with Apple's developer toolkit, though it's not installed. It's on the DVD. You can also register as a developer (free) and download the latest version (which is what I did today since I'm messing with AppleScript Studio).
Besides a massive (1.3 GB) library of Apple documentation (take that Spotlight!) the Developer install includes several useful tools and at least one semi-frivolous tool: Core Image Fun House. I tried out the perspective manipulation tool. Very impressive.
You can do some valuable image manipulation with this, especially if you don't own Aperture. You can, for example, apply noise reduction, something that's part of Aperture but not part of iPhoto 6. It opened my Canon RAW images (.CR2) without complaint.
It has an interesting export option called "Fun House Preset". This is a package that contains the original RAW file and an plist style XML file.
You can also export as TIFF or JPG. Interesting and potentially useful. I'll test it as an external editor with iPhoto.
Besides a massive (1.3 GB) library of Apple documentation (take that Spotlight!) the Developer install includes several useful tools and at least one semi-frivolous tool: Core Image Fun House. I tried out the perspective manipulation tool. Very impressive.
You can do some valuable image manipulation with this, especially if you don't own Aperture. You can, for example, apply noise reduction, something that's part of Aperture but not part of iPhoto 6. It opened my Canon RAW images (.CR2) without complaint.
It has an interesting export option called "Fun House Preset". This is a package that contains the original RAW file and an plist style XML file.
You can also export as TIFF or JPG. Interesting and potentially useful. I'll test it as an external editor with iPhoto.
O'Reilly, Safari Books, and AppleScript: so close to a win-win
[Updated with a correction per Matt Neuburg's comments. Thank you very much Matt!]
This is one of those situations that's so achingly close to a win-win for everyone that it pains me. If only someone at O'Reilly could realize how close they are! Here's the problem and the solution.
Matt Neuburg's AppleScript book (not Neuberg!) is an excellent overview of AppleScript. Alas, it is limited, as all such books are, by AppleScript's peculiar nature.
The problem is that AppleScript is primarily useful when it interacts with scriptable Applications; this means that many important commands one may think of as belonging to AppleScript belong to Applications instead [2]. If you working to extend an existing script, and decide to research a command in the excellent book index Matt built himself [1], you'll often be frustrated. The command, you see, belongs to the Application, not to AppleScript.
On the other hand, there's a good chance Matt used in the command in one or more examples. In the absence of a companion book entitled "AppleScript for Applications" [3] you'd like to find those examples. Alas, that's where you want a full text search engine.
The good news is, there are two. The even better news is that O'Reilly could make their engine much more visible and useful, with advantages for everyone.
Consider the case of the 'Duplicate' command, which is supported by iTunes (among others) and the Finder (in slightly different ways, no doubt). When I tried Amazon's "search within the book" I discovered several illuminating references. Similarly, O'Reilly allows one to search within the book as a promotion for its Safari eBook library: O'Reilly - Safari Books Online - 0596102119 - AppleScript: The Definitive Guide, 2nd Edition.
The Safari search works well, but they don't want to give away too much for free. You can only read a snippet of information in the search results. A snippet that doesn't, currently, include the page or section number. If you click further you get to the 'buy safari' screen, but you also get to see the section number. Now, you can return to the book and read the information.
Matt would love for O'Reilly to open up Safari a bit more, but they don't want to. That's ok, O'Reilly could make all of us (and themselves) happy by keeping Safari just as closed as it is today, but merely adding a section reference to the search results they freely expose already.
Here's the win-win for O'Reilly, Matt, book retailers and us:
john
[1] In my real life I'm a knowledge representation/informatics geek. I have a lot of respect for the unrecognized intellectual labor that goes into producing a truly excellent index. In this case Matt did the work himself!
[2] Many applications may use the same string to refer to somewhat similar functions with slightly different syntax and semantics. This "ontologic dilemma" is a kind of uncontrolled overloading, and it makes AppleScript very challenging to use.
[3] If Matt decides to sell an "AppleScript for Applications" as a Tidbits eBook I'll pay for mine in advance.
This is one of those situations that's so achingly close to a win-win for everyone that it pains me. If only someone at O'Reilly could realize how close they are! Here's the problem and the solution.
Matt Neuburg's AppleScript book (not Neuberg!) is an excellent overview of AppleScript. Alas, it is limited, as all such books are, by AppleScript's peculiar nature.
The problem is that AppleScript is primarily useful when it interacts with scriptable Applications; this means that many important commands one may think of as belonging to AppleScript belong to Applications instead [2]. If you working to extend an existing script, and decide to research a command in the excellent book index Matt built himself [1], you'll often be frustrated. The command, you see, belongs to the Application, not to AppleScript.
On the other hand, there's a good chance Matt used in the command in one or more examples. In the absence of a companion book entitled "AppleScript for Applications" [3] you'd like to find those examples. Alas, that's where you want a full text search engine.
The good news is, there are two. The even better news is that O'Reilly could make their engine much more visible and useful, with advantages for everyone.
Consider the case of the 'Duplicate' command, which is supported by iTunes (among others) and the Finder (in slightly different ways, no doubt). When I tried Amazon's "search within the book" I discovered several illuminating references. Similarly, O'Reilly allows one to search within the book as a promotion for its Safari eBook library: O'Reilly - Safari Books Online - 0596102119 - AppleScript: The Definitive Guide, 2nd Edition.
The Safari search works well, but they don't want to give away too much for free. You can only read a snippet of information in the search results. A snippet that doesn't, currently, include the page or section number. If you click further you get to the 'buy safari' screen, but you also get to see the section number. Now, you can return to the book and read the information.
Matt would love for O'Reilly to open up Safari a bit more, but they don't want to. That's ok, O'Reilly could make all of us (and themselves) happy by keeping Safari just as closed as it is today, but merely adding a section reference to the search results they freely expose already.
Here's the win-win for O'Reilly, Matt, book retailers and us:
1. Include the section reference in the initial search results screen.Let us count the wins:
2. Promote the search facility in every published O'Reilly book and explain how to use it on the O'Reilly book page.
3. If need be, request readers register to obtain this service. O'Reilly doesn't do spam, but they can suggest email subscriptions, RSS feeds, etc during the registration process.
1. Matt's book is suddenly a better book. Readers get more value from it. They use it more. They like it and O'Reilly more.It's a win-win for everyone. I just hope someone at O'Reilly can see the profit in it for them.
2. O'Reilly gets ongoing visits from its customers. Many would kill for this alone.
3. O'Reilly gets free, regular, promotion of Safari services.
4. O'Reilly sells more books, Amazon sells more books.
5. O'Reilly does not reduce the value of Safari, they enhance it by introducing users to it without giving it away.
john
[1] In my real life I'm a knowledge representation/informatics geek. I have a lot of respect for the unrecognized intellectual labor that goes into producing a truly excellent index. In this case Matt did the work himself!
[2] Many applications may use the same string to refer to somewhat similar functions with slightly different syntax and semantics. This "ontologic dilemma" is a kind of uncontrolled overloading, and it makes AppleScript very challenging to use.
[3] If Matt decides to sell an "AppleScript for Applications" as a Tidbits eBook I'll pay for mine in advance.
Subscribe to:
Posts (Atom)