tiistaina, lokakuuta 30, 2007

Leopard firewall problems

The link in the title takes you to a story where the Leopard firewall was tested and the results were not pretty. (Thank you Timo for sharing this link.)

I also forgot to mention that I was a bit surprised to find the firewall was set to accept all incoming connections, although I'm sure my Panther was set to allow only some limited set of ports.

I'm very happy I'm behind a wireless NAT router using WPA.

If I set up my own firewall rules with ipfw, I wonder if Leopard's firewall will get upset with it. In Panther the firewall System Prefs was all grayed out when I had custom ipfw rules. Only after removing my own rules could I use Panther's System Prefs to e.g. allow access to Apple file sharing.

sunnuntaina, lokakuuta 28, 2007

Leopard second impressions

Safari version 3 is much better than version 1 in old Panther. Even some Google services work with it. I made it my default browser instead of Firefox.

Mail told me it needs to import my existing emails. Importing about 3000 messages took couple of minutes and then Mail worked with no problems.

I set up iChat with my Google Talk account. (Panther's iChat only supported AIM accounts.) No problems there either.

I turned Coverflow on in Finder and started to browse thru my Applications folder to throw away old apps I did not need. E.g. I removed Internet Explorer.

I did not notice any new games in there. 

Spaces was disabled by default. I enabled it. I had not realized how great it is to get more screen real estate, even when it is only virtual.

I enabled Time Machine. You need to tell it on which disk to put the backups. My external disc had 10 GB free. Time Machine immediately started to make a backup and told me it could not fit the 60+ GB on that volume. I removed a bunch of old TV recordings and now Time Machine has a small status window floating on my screen where I can follow the progress of the backup.

Even though "man crontab" says the cron functionality has been taken over by launchd, cron is still running and executing tasks from /etc/crontab. (I wonder if it should be?)

I removed my old Carbon Copy Cloner backup task from /etc/crontab.

Apparently Leopard also executes all old startup items from /Library/Startup. I had an old-style startup script that runs throttled. Killed that and removed the startup item. (OS X newer than Panther should have QoS built into the kernel.)

The firewall settings have moved. They are no longer under Sharing in System Prefs. Now they are under Security. It would appear that no matter which firewall setting I choose, "ipfw list" always prints just one line: "allow ip from any to any". I hope this does not mean the firewall is always disabled.

That's all for now... I should get some sleep.

Leopard first impressions

I got myself Mac OS X Leopard from MacPeople store on Friday. This is what happened since:

I read the installation instructions that came with the DVD box. They said to insert the DVD into the Mac and run the installer. I did so but the Leopard disc never appeared on my Mac desktop. Also the Mac became very, very slow.

I spent the better part of an hour trying to launch System Monitor and Terminal and Console to try to find out why the Mac was crawling along and why the Leopard disc was not mounted. I also launched Disk Utility, which never appeared either.

After watching a spinning beach-ball for almost an hour, I powered off the Mac and restarted. It spit out the Leopard disc and it was working perfectly, no slowness anywhere. The only hint to the problems was in system.log where something complained about timeout in connecting systemuiserverd. (I cannot find that anywhere now, apparently the Leopard install somehow lost yesterday's syslog.)

I plugged in a USB keyboard and mouse and booted from Panther installation disc, ran Disk Utility and did Repair Disk and Repair Permissions. There were some incorrect permissions in some files relating to iso9660 filesystem.

Reboot. Insert Leopard disc. This time it mounted. Run Leopard installer. It rebooted from the disc. The Microsoft USB mouse did not work in the installer, but the installer was fully operational with the keyboard. I chose default installation, which upgrades an existing OS X to Leopard. It told me it will take more than 3 hours to finish installation. I went to bed.

In the morning I was greeted by the OS X login window and hidden behind it was a window that asked what kind of keyboard I was using. Unfortunately I was unable to bring that window to the front because the Microsoft mouse was still not working. But the Mac was now up and running, so I turned on my bluetooth mouse. It worked, I managed to get the Mac recognize my keyboard and logged in.

The first thing that popped up was a window that asked me which wireless network I wanted to connect to but there were no wireless networks available. In reality my Linksys AP was on and working. I had no time to debug it any further at that time, so I shut down the Mac.

The next time I booted the Mac, the Microsoft mouse worked! And when I logged in, I was presented with a list of all wireless networks. I connected to my WPA-protected wlan with no problems.

I haven't booted the Mac since and I haven't had any other problems so far.

tiistaina, lokakuuta 23, 2007

Mac minin muistipäivitys


After memory upgrade
Originally uploaded by sti.
Mac OS X Leopard julkaistaan perjantaina. Sen sanotaan toimivan 512 megatavulla muistia, mutta Xcode-kehitystyökalu vaatii 1 gigatavun. Koska haluan päästä mukaan parantamaan erinäisiä vapaita Mac-ohjelmia, pitää Xcoden toimia ja siksi kävin ostamassa 1 gigan muistikamman.

Printtasin netistä ohjeet Mac minin avaamiseen ja muistin vaihtamiseen suurempaan ja luin niitä sydän sykkyrällään. Vaikutti vaikealta operaatiolta, jossa oli monta mahdollisuutta rikkoa mini.

Loppujen lopuksi kyseessä oli kuitenkin varsinainen antikliimaksi. Koppa aukeni melko nätisti parilla kapeateräisellä ruuvimeisselillä ja muistikamman vaihtamiseksi piti irrottaa vain yksi ruuvi, jotta sai siirrettyä wlan-antennin tieltä pois.

Paketti kasaan käänteisessä järjestyksessä, piuhat kiinni ja se on siinä.

sunnuntaina, lokakuuta 21, 2007

DVD, a standard or not? And why would it be?

I have learned that Mac mini (G4 1.42 GHz, OS X 10.3.9) cannot play DVD discs recorded with Sony RDR-HXD870B, a digital set-top-box with a built-in DVD-recorder.

This seems to be the case no matter if the DVD is recorded as DVD-VR or DVD-video. The disc was finalized.

The discs can be played on the Sony itself and on a Philips DVDR-3400 player.

I will try to get more data points before pointing an accusing finger to somebody. Right now I'm just pissed that it won't work. DVD is such an old standard that it should have matured by now. But I guess I should not be surprised. After all, I did own an old PlayStation 2 that would not recognize some of our Disney DVDs as playable discs.

But surely it was just a glitch that Sony PlayStation 2 would not play some Disney content. After all, what would Sony, itself a major movie studio, benefit from such a situation?

I can't help but recall the olden days when all the VCRs played all the videos, provided you were trying to insert a VHS tape into a VHS device and not into a Betamax device. This mistake would have been difficult to do, given the different physical characteristics of VHS and Betamax systems. You would immediately know you were trying to shove a Betamax tape into a VHS device, even in dark and your eyes closed.

After you managed to insert the cassette into the device, it would play back the video. If the recording device and playing device were not very well compatible, you would get a slightly fuzzy or noisy picture, but if the story of the video was any good, you could overlook little things like the picture quality.

Your chance of getting satisfaction were pretty high.

Fast-forward to present day of digital entertainment systems and high-definition TV screens. There are several incompatible systems on the market from several consortiums of companies who have realized it is not in their best interests to have a level playing field where every device just plays any medium.

If you were an alien who was just dropped on this planet, you might think there was a level playing field with a standard medium. The medium was a shiny, plastic disc, about 12 cm in diameter. The alien would probably be surprised to find, even though the discs all look alike (although they might have different coloring or images imprinted on them), the data on the disc can be encoded in a number of different ways, all ever so slightly different and incompatible.

The alien would need to study the economy and culture of this planet to realize the entities called companies, who the capitalistic system relies on to bring new wonderful things for people (who are called consumers), are really afraid of the the very system they are part of. In the capitalistic system, companies compete on the marketplace and the one to make the superior product will win the hearts (and pocketbooks) of the consumers.

But in this system nothing is permanent. Any time another company could arise and make an even better product and steal the customers from the previous winner. This means the winner cannot rest on its laurels, as they say, but must keep on innovating. This is hard work. It is much easier for the company if it can create a product that locks people into the system, makes it hard for them to switch the product of one company to a product of another.

The first step of creating such lock-in is to make products that are incompatible. Once the consumer has invested into one product, it would cost him a lot of money to switch to a better system because he would have to buy everything new instead of using his older products.

Hmm... this is developing into a nice conspiracy theory. Perhaps I should just take a deep breath and get a grip of myself. Obviously I'm just getting overexcited over such a little thing as Apple failing to make proper DVD player software. I'll try the disc in some other Macs first...

Ankkuri Kotkan Katariinan puistossa


Ankkuri Kotkan Katariinan puistossa
Originally uploaded by sti.
Paikalla jossa tuhkat lasketaan mereen.

sunnuntaina, lokakuuta 14, 2007

Warning: your OpenID login might be compromised

For a few months now I have used one web service that supports OpenID logins. I decided it was time for me to get me an OpenID and start using it.

The good thing about OpenID is it is a completely open system where multiple providers can compete. It is not a proprietary system that would be tied to the success or failure of one company and it is not encumbered by patents or other intellectual property issues.

I looked at some of the OpenID providers and could not really see much difference there. I knew OpenID makes it possible to use any URL as your identity, so I wanted to use my blog URL. When I was looking, the only provider that openly told how to do that was claimID.com. So I chose to register with them.

I have also started using Tor, The Onion Router to hide my location on the web (and also turned off cookies by default, installed NoScript and Adblock Firefox extensions.)

Yesterday I was told Tor was used to steal passwords.

I immediately thought this can only happen if people mistook Tor for something else than it is: Tor does not encrypt or scramble your traffic and magically make it secure, it only hides where and who you are. Tor cannot hide who you are if you reveal that in the content of the messages in the form of user names and passwords.

So, if you are dumb enough to send passwords in the clear, you deserve to get your password stolen. And of course I'm not that stupid. All the important web sites I use login over SSL-protected pages... except claimID.com.

When I use my OpenID URL to log into OpenID-enabled web services, I'm redirected to claimID.com's login page where I log in. I had been lazy and not verified that login page is secured with SSL. It is not. Sometimes the login page is not SSL protected, but the login form is posted back to the server over SSL. But this is not the case with claimID.com either.

This means it is possible someone running a Tor exit node has seen my claimID.com login name and password in the clear.

I started to fix this issue. First, I wanted to know if there is a way to login to clamID.com securely and I just haven't used it for some reason. If there was no secure login available, I would find another OpenID provider.

After some digging around, I found claimID.com has recently made it possible to login securely on an SSL protected page. (Link to announcement in the title of this post.)

I have now updated my login settings to use the SSL protected login page and changed my password at claimID.com. Also I sent an email to claimID.com's support and asked them to: 1) Add a secure login link to the old cleartext login page and 2) email their users telling them to start using the secure login and change their passwords.

I think it would be decent of them to do these things but if I were claimID.com, I would probably be too embarrassed to tell my users I have made them send cleartext passwords.

perjantaina, lokakuuta 12, 2007

Parkkeerattu puoliksi nurmikolle


Parkkeerattu puoliksi nurmikolle
Originally uploaded by sti.

EU ja Galileo

Tämän päivän Helsingin Sanomien pääkirjoituksessa tuskaillaan EU-maiden eripuraisuutta ja lyhytnäköisyyttä Galileo-projektin rahoituksen järjesteämiseksi. Galileohan on EU:n epätoivoinen yritys rakentaa amerikkalaisten GPS:ää vastaava järjestelmä. Yksi järjestelmän satelliiteista on jo laukaistu vuonna 2005.

Kun Nokia osti juuri yhden yrityksen 5.7 miljardilla, koko EU ei saa kasaan paria miljardia.

Päätoimittaja lohkaisee aika hyvin:
Jos Galileo Galilei olisi tarvinnut kaukoputken kehittämiseen eurooppalaisten päättäjien yhteistä apua, työ olisi taatusti vieläkin kesken intressiristiriitojen vuoksi.
Kokonaan toinen asiahan sitten on, onko koko hankkeessa ylipäätään mitään järkeä. Miksi kukaan valmistaisi Galileoa käyttäviä paikannuslaitteita kun GPS toimii ihan hyvin? GPS-paikantimia saa nykyään pikkurahalla ja sellainen alkaa löytymään jo puhelimistakin. 3 vuoden kuluttua se on varmasti jo kännyköiden vakiovaruste, aivan kuten datayhteys ja weppiselain ja kamera ovat nykyään.

Tietysti kilpailun lisääntyminen on hyvä asia, koska se yleensä ajaa hintoja alas, mutta käykö niin tässä tapauksessa? Eikö GPS-järjestelmän käyttäminen ole ilmaista? Jos ilmaisen järjestelmän rinnalle tehdään toinen ilmainen, miksi siirtyä järjestelmästä toiseen?

Galileon pitäisi ilmeisesti houkutella käyttäjiä paremmalla laadulla, paikan pystyy määrittämään metrin tarkkuudella. Mikä mahtaa olla GPS:n tarkkuus? Ilmeisesti se on kuitenkin jokapäiväisiin sovelluksiin riittävä.

Näin ruohonjuuritasolta asiaa katsoen Galileo-järjestelmässä ei ole mitään järkeä. Ehkä juuri siitä syystä EU:lla oli niin suuria vaikeuksia löytää yrityskumppaneita kantamaa suurin osa järjestelmän rahoituksesta.

maanantaina, lokakuuta 08, 2007

We want to hear from you. Yeah, right...

Remember the good old times when the only way to get your voice heard by other people was to write a letter to the editor of the local newspaper? Of course, the editor might not publish it, but perhaps he read it.

Then the Internet came. Everyone and everything was on it. Everyone had an email address. Newspapers had them. Some newspapers had separate addresses for every section of the paper printed at the top of every page.

Then there were newsgroups, bulletin boards and finally, social networks.

Communication is the big thing. Call us, email us, send us the phonecam pic you snapped of the upside-down car on your way to work. Tell us what you think! Help us make this site better!

Usually you have nothing to say. Sometimes you have something to say but you're busy or just can't be bothered.

And then there are the times when you really feel you have something you want to share.

You click that link.

"You need to register before you can post comments." Grrr... do I look like I need another login/password to keep track of? Well, ok, just this once.

You fill in the form, click the next-button... and they slap you with a captcha.

Ok, these guys are paranoid. You type in what the barely readable picture says.

And it tells you you got it wrong. Ok, perhaps my fingers slipped. Let's try again.

Wrong again! There's no way my motor functions are this bad. I need to complain to them and tell them they are making it too difficult to contribute and their captcha is not working. Now how do I contact them? Searching the page .... finds link called Contact Us. This looks good. Clicking... New page loading.... with ANOTHER CAPTCHA!

That does it. It is past midnight and I finally get the message: whatever it was I wanted to say was not that important and by now I have already forgotten what it was.

Good night.

maanantaina, lokakuuta 01, 2007