Friday, January 26, 2007

Run Parallels, get root access

I've been running Windows 2000 in OS X Parallels. I don't use it much, but it's nice when I need it. I have, however discovered a slight dark. The new beta allows me to browse my entire machine. Forget access control, I could browse every folder.

It's worth noting that if you have Parallels installed, that anyone using it can bypass the usual OS X permissions controls. (Sure, physical control of a computer means security is minimal, but this requires no skill at all.

Makes me wonder what kinds of security holes are created by running Parallels.

Robots.txt - an up-to-date tutorial

Google's official blog has a high quality tutorial on using robots.txt to control search engine indexing: Controlling how search engines access and index your website. A reference to keep!

Copilot 2.0 supports Macs - at last, at last, at last

For me, this is bigger than anything announced at MacWorld. Yeah, the iPhone is nice — but that’s months away. There’s nothing else that was announced that I want or need. Copilot is another story …

Copilot 2.0 supports Macs - The Unofficial Apple Weblog (TUAW)

…. Enter Copilot, the Fog Creek online 'assistive service' that allows you to connect to a remote computer using a small app and a website. Copilot 2.0 now supports OS X 10.2, and later, as well as both Safari and Firefox. No configuration is required, and the pricing structure is very interesting. 5 bucks will get you 24 hours of unlimited access, and if you find yourself using Copilot more than that there are subscription plans available that should suit your needs.

You can read more about Copilot at this post on Joel On Software, and to get a glimpse into the Mac dev side of things check out this post on Red Sweater blog. ...

Hallelujah. I wrote to the Copilot folks months ago and they said they were going to look seriously at a Mac version, but, honestly, I didn’t believe it. In the meantime I’ve was very jealous of some colleagues who showed me the free version of LogMeIn – XP only. I watched grinding my teeth in frustration at Apple’s determination not to deliver any kind of affordable remote maintenance solution (rumored, supposedly, for the next OS). Joel’s post on the product is, as usual, funny and informative. Five bucks for 24 hours use.

I’m going to ask my mother to put it in place on her Mac, so I can do support whenever it’s needed.

Now if Apple would only deliver the thin client solution that I’ve been whining about for at least 3 years … Alas, I think Jobs is allergic to it.

Update 1/26/07: I've been testing with two machines at home. It's painfully slow; it's running a variant of TightVNC and it's about as slow as VNC. It's nowhere near as responsive as Microsoft's Remote Desktop Protocol or the free logmein.com active-X service. It works though, I was able to do some basic work. An average window took 5 to 10 seconds to open, typing was slow but not as bad as window work.

There are definite rough edges:
  1. Each time the service is used, both "host" (recipient) and "client" (helper, controller) must download and install a new local copy of the Helper and Host widgets.
  2. They used .zip for transfer, which increases the risk of Stuffit seizing control. They should have used a compressed .dmg file.
  3. When downloading with Firefox or Safari the requestor must download the zip, find it, unzip, then run the app. That's about 3 steps too many. When they're done they must find and discard the zip and the Copilot host widget.
  4. It's slow, slow, slow. (Maybe the server is straining under the press of the new release?)
If there were other options I'd not bother, but this is a class of one. With some finagling it will likely work ...

Update 1/29/07: I sent a support email on this. The reply? They're changing from zip to .dmg.

iSync plugins to support additional mobile phones.

They don’t support USB connections and they don’t do the (hideous) Motrola RAZR V3M, but it’s good to know a company is tackling this:

phone plugins for iSync | Nokia, Motorola, BenQ-Siemens, Sony Ericsson

iSync is Apple’s hot synchronizing software. It eases entering names and numbers into your phone, synchronizing contacts and dates with your Mac.

But Apple does not supported the latest hot mobile phones. This is where nova media jumps in and enables you to use more than 55 additional mobile phones with this exciting technolog ...

Tuesday, January 23, 2007

OS X: virtualization on cheap PCs is bad security news

Parallels, an Apple hardware XP/Win2K/Linux virtualization engine built by a Russian team (I like it), makes it possible to run OS X on generic Intel hardware:

Parallels and VMware running Mac OS X on XP? - The Unofficial Apple Weblog (TUAW)

... SWsoft's Beloussov says that this spring, Parallels will upgrade its software further, in a way that by coincidence will make it easier to run Mac OS on a non-Apple computer. He also insists that is not deliberate, but just a consequence of the nature of the technology, especially now that Intel builds virtualization technology into its chips. ...

This is bad news for OS X security. One of the reasons I run my Macs without corrosive antiviral software is that Apple hardware is too costly for non-professional crackers to buy, and the pros haven’t seen revenue options in the OS X world (OS X default security makes it harder to write reliable spambots, businesses don’t run OS X). Virtualization will allow the amateurs to enter the market, and even the pros will start to experiment.

The dumbing down of OS X (and Vista): indirection is too hard

MacOS Classic was built by the gods. They tossed it off to mere mortals and then retired to Olympus. OS X isn't all bad, but it's clearly the work of mortals, not gods.

Witness the decline of indirection, a slippery concept that's probably too hard for mortals to manage. In MacOS Classic "files" (bounded collections of bits perceived by users as entities) had a visible name that could be changed and a system name that was fixed. Hierarchy was separate from identity. You could move the file anywhere and no references broke [2]. Any application that referenced the file would find the file. In OS Classic you could rearrange your applications an utilities at will.

Genius. Simple, but slippery. If you've used OS X for a while, you know things are trickier now. Aliases used to resolve themselves based on the unique file identifier, but in 10.2 the hard-coded path name ruled. Today paths matter, and you rearrange things at your peril [1]. It's hard to find any mention of the indirection that was once the pride of Apple. This is one of the few references I found today (emphasis mine):
File System Overview

... On HFS and HFS+ file systems, each file and folder has a unique, persistent identity. Aliases use this identity along with pathname information to find files and folders on the same volume.

In versions of Mac OS X before 10.2, aliases located a file or folder using its unique identity first and its pathname second. Beginning with Mac OS X 10.2, aliases reversed this search order by using the pathname first and unique identity second. This means that if you move a file and replace it with an identically named file, aliases to the original file now point to the new file. Similarly, if you move a file on the same volume (without replacing it), aliases use the unique identify information to locate the file.

When a file or folder moves, the alias may update either its path information or unique identify information to account for the change. If a file moves somewhere on the same volume, the alias updates its internal record with the new path information for the file. Similarly, if the original file is replaced by a file with the same name, but a different unique identity, the alias updates its internal record with the unique identity of the new file.

Label/identity indirection is so hard to grasp that a current Wikipedia article on file systems never even mentions this as a core feature.

I write about this because my current XP work environment is a complex mass of file references, including about fifty references to Access data sets embedded in other Access datasets. The result is I can't move or rename anything for fear of breaking everything. The file system is now a locked set of interdependent relationships.

So, to organize work, I have to mix full-text search (Yahoo Desktop Search is still the least worst option) and a peculiar alternate ontology. I treat my existing relationships as a fixed structure, and create a new, mobile, information organization structure consisting strictly of folders and aliases. Data lives in the old, locked, ontology (it can grow but never change or shrink), but I can rearrange the folders and aliases as needed. So I have a fixed data store and a dynamic ontology, painfully and manually recreating some of the genius of the original Mac Classic.

We didn't deserve the gifts of the gods. We are only mortals.

[1] XP does something peculiar and, as near as I can tell, almost undocumented to try to avoid breaking 'shortcut/alias' references to files. I think when you move a file it tries to patch up the shortcuts that reference it. Sometimes it fails, sometimes it works, sometimes it does very odd things. When you have a very complex environment XP can bog down trying to fix things. I suspect Vista was supposed to support Mac Classic like indirection, but I gather they abandoned that dream.

[2] Tim Berners-Lee, being a god, thought the web would work like that. The URLs was to be machine-readable reference, not a semantic identifier. There was supposed to be a directory/reference service to resolve location. Hyper-G did the same thing for Gopher and various directory services (LDAP) were also supposed to provide indirection for everything. All rejected thus far. Instead Google models the web in their servers and creates a search world that enables functional correction of links. A bit like what I end up doing in XP with my "alternate ontology".

Sunday, January 21, 2007

Netflix cuts out the Mac. iTV is pleased.

Netflix streaming video only works with XP households.

I wrote them about this, and they replied:
From: "Netflix Customer Service"
Date: January 19, 2007 4:29:00 PM CST

Thanks for your inquiry.

I apologize for the frustration this has caused you. As a fellow Mac user, I understand where your coming from. Please be advised that we are looking into releasing a Mac version of our player, but nothing has been determined as of yet.

Note that this is a phased launch, and even customers that meet all the requirements do not have access to this feature as of yet. As a business we decided to release this first on a platform that will effect the broadest range of customers. The majority of our customers use Windows.

This is a feature that is included with your service. There is no additional charge for instantly viewing movies, and we do not guarantee that it will be available for everybody.

If you have any further questions or concerns, please feel free to contact us.
I replied:
I understand Netflix may have had very good business reasons for this decision. Microsoft may have made Netflix an offer that could not be refused, or Apple may have made no offers at all.

It is misleading, however, to say that "There is no additional charge for instantly viewing movies". There may be no separate charge, but there is an enormous cost to providing this service. That cost must be passed on to all of your customers, including those who do not benefit from the service. Mac users, who do not benefit, will be paying the cost -- without the benefits. We won't like this. We'll all be taking another look at Apple's iTV.

If Netflix wants to mitigate this, they would need to offer compensation, such as an extra video rental a month for those who cannot use the download service.

I like Netflix and I'm sympathetic to your situation, but not sympathetic enough to subsidize a service I'll never use. I can wait a few months to see if Netflix can do a deal with Apple, but sooner or later you'll lose a good portion of your Mac households. I assume Netflix knows how large a portion of their customer base this is, though I don't recall ever being asked that question myself.
I didn't pay much attention to Apple's iTV, but now I'm most curious.