SpiderRoot

In Mac OS X 10.3 (Panther), when you tried to use the sudo command you’d get the warning:

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

    #1) Respect the privacy of others.
    #2) Think before you type.

Password:

Under Mac OS X 10.4 (Tiger) you get:

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

Password:

So I suspect that someone out there went to see Spiderman 🙂

Taking the Tiger by the tail

So, given that our XServe was crashing regularly under Mac OS X
10.3.9 (sometimes at night. Sometimes it would stay up in order to crash
in the middle of the working day), I decided that there wouldn’t
likely be any particularly bad to upgrade to
Tiger. At worst it would crash more frequently or hose some data
(which is all backed up) and I’d just reboot off the existing 10.3.9
drive.

So, having waited until after work, the odyssey begins.

We begin by turning off mail and AFP. This will stop people modifying
files, and stop any mail arriving on the old server, where it would
live for the rest of its days.

Then, we use SuperDuper to duplicate the existing 10.3.9 partition to
another volume. Thankfully our boot drive and data volumes are
separate, so this doesn’t take too long as we don’t have to copy all
the user data.

Then it’s time to disconnect the server from the ethernet (I don’t
want any mail coming in if I boot off the old drive) and reboot off
the Tiger install CD (no DVD drive in the G4 XServe). This is where
the fun begins.

The machine boots off the CD, but the screen is blank.

Bummer.

Previous experience leads me to check if it’s just swapped to a
monitor resolution that our monitor doesn’t support, so I swap
monitors. Nothing.

About this time the
XServe
puts all its fans on full and sounds like someone is
landing a 747 in our rather small server room.

Fortunately our backup server (as in server used for Retrospect
backups ) is nearby.

I reboot the XServe again, out of hopefullness. Now it’s displaying
the flashing (Amusingly, Mac OS 9 style) missing boot folder icon. I
reboot it while holding down the ‘T’ key to boot it into target disk
mode as a AU$7,000 external hard drive.

Fortunately the backup server has a DVD drive, so I don’t need to
swap disks. I reboot the backup server off the Tiger install DVD,
plug the XServe in via Firewire and then install Tiger onto it as if
it’s an external disk. This takes some time… (Why does the server
need the Oxford American Dictionary installed on it? I’m not going to
be using Dashboard on the server, honest!)

At this stage, I read the install note which says that you may have
problems with 3rd party video or SCSI cards in the XServe. Well, I
know it’s got a 3rd party SCSI card but I assume the video card it
came with is the Apple standard, so that shouldn’t explain why the
screen is black. And I really can’t be ready

After the install, the backup server wants to reboot. For some reason
it doesn’t want to come back after doing so. I disconnect the XServe
from the backup server and reboot it. Still can’t find the boot
drive, so I reboot whilst holding down the option key to get the Open
Firmware boot drive choice screen. Selecting the new Tiger boot disk,
the machine then boots into Tiger and finishes the install with the
help of the magic serial number.

Tiger comes up with AFP off, which is good, as I want to check things
out before confusing the client machines.

I turn mail on and try sending some mail through the server. It
doesn’t arrive. It looks like our amavisd/clamd install (in
accordance with this
AFP548 article
) may be interfering with the (now standard) Tiger
install. An inspection of the amavisd configuration files indicates
that Apple runs amavisd as the clamav user rather than the
mailtransport user we were previously using.

I use the Server Admin tool to turn off Tiger’s antispam and
antivirus protection. This time the test e-mails get through. Yay!

I reboot again (as if the server goes down overnight, I know one of
the other staff will attempt to reboot it, and if it doesn’t work I’m
in trouble). However it still reboots without finding the Tiger
volume as the boot disk. I option-reboot and explicitly choose the
Tiger volume this time, and all seems fine.

Strangely none of the web sites seem to work, and it looks like the
/Library/WebServer/Documents folder got replaced, which is kind of
sucky.

It seems like PHP’s
mysql
connection is broken as our in/out board application no longer works.
It seems that it’s having problems connecting to the mysql server.
However mysql is up and running quite happily, and I can connect to
it remotely using phpmyadmin without any problems.

Also, Startup Item scripts written for some of our services (the
anti-spam mailtransport, and Apache2) no longer seem to work.

At this stage I deem the server to be sufficiently usable and head
home. It’s around 10pm after a 5pm start (which probably included
about 1 hour of backing up), so not too horrible. The coq au vin is
still warm when I get home…

/etc/aliases has been replaced by an alias to /etc/postfix/aliases
(with no backup of the old file. Bad Apple!) So I need to go and
merge our old copy into that (thankyou BBEdit’s
bbdiff tool).

All in all, a relatively successful install. Only a few non-critical
services broken (probably repairably), but overall reliability seems
improved (so far). Clients can connect to the server and e-mail is
coming through, which is the main thing the users care about. But if
you’re relying on PHP/mysql solution or an existing amavisd/clamav
installation you may want to try testing things first.

Once the broken stuff is working again I’ll look at the cool
new stuff.

[ Ok, so the /Library/WebServer was moved to /Library/WebServer.server-applesaved
Also, Tiger’s mysql is now writing its socket to /var/mysql/mysql.sock whereas PHP and other things are expecting it to be at /tmp/mysql.sock.

This can be changed by (creating and) putting the following lines into /var/mysql/my.cnf

[client]
socket=/tmp/mysql.sock

[mysqld]
socket=/tmp/mysql.sock

Save the file and restart mysql.]

Hello Tiger!

Well, I drove out to Daniel’s place and picked up a copy of Tiger. I really think I need a GPS to get to his place, as it’s off the map (as in a new development, rather than really far away)

Eventually made it back home.

So, to start with, we finished a Retrospect backup overnight.

Tiger needs 4Gb to install if you want the developer tools (3Gb otherwise). Conveniently I’ve got about 4Gb of stuff in my pictures folder, which I archive off to another drive and delete locally. Some time I’ll have to work out how to fit them back in 🙂

Then it’s time to run the installer. Options are

  • Upgrade the current version of Mac OS X
  • Archive and install
  • Erase and install

Fortune favouring the brave, I choose ‘Upgrade’. Then I choose to customise the install by adding in the X Windows installation. Then we’re off and running. After about an hour or so the machine has finished verifying the install DVD, checking my local drive, and installing Tiger.

After rebooting the machine, I notice that a new user ‘pop’ has mysteriously appeared in the login window. Probably a relic of my previous experimentation with fink or something.

Upon selecting my name to log in I notice a slight pause, presumably as Tiger sorts out some initial settings that need to be updated before the first login.

The first thing I notice is that things seem a bit faster. Window redraws, calculations of disk space used for folders visible in the Finder, etc. The Finder has a window open at the top level, in icon view (I would have thought Steve would have mandated column view :). The window is positioned at the top left corner of the screen, which is a bit unfortunate as if you hit the chiclet button at the top right of the window, the favourites etc. expand to the right and off the edge of the screen.

The Finder also seems to have the occasional problems with redrawing folders in list view. The Finder’s info window now includes Spotlight Comments, ‘More Info’, which shows date last opened (and possibly some more metadata info if you’ve got it turned on for the current HFS+ volume)

After logging in, the Assistant launches, and shows me the new ‘Welcome’ movie, complete with lots of spotlight effects (subtle plugging for the new Spotlight technology). I enter in all the registration material, but as I haven’t turned the Airport on yet I don’t get a chance to submit the registration details. The registration app no longer seems to offer ‘register later’, all I can do is quit or try again.

I choose an application to run, so I run Safari. It comes up with a window telling me that it can’t open my home page as the machine doesn’t seem to be connected to the network. There is a button to click to open “Network Diagnostics” (from the /System/Library/CoreServices folder). This offers to help diagnose my internet connection problem. I bring my connection back up and it asks if I want to continue as my connection seems fine. I don’t bother to go any further with it, but it’s a nice idea to be able to help out users whose connection isn’t working.

Safari opens the Apple Home page and there’s now a big blue “RSS” button in the right hand side of Safari’s URL window. I click it and it takes me to the RSS Feed page of new Apple news items. Cool. Other new features in Safari seem to be

  • Referral to Network Diagnostics if your connection is down
  • You can now save web pages as archives, including photos etc.
  • The file menu now lets you mail the contents of a page, or a link to it to someone.

I run Software update and it wants to update my machine with QuickTime Broadcaster to 1.5 (I don’t even remember installing that, but who knows what lurks in my Applications folder) and Remote Desktop Admin Update 2.2

Launching Eudora, I get asked about launching it for the first time, presumably because it’s not an application that’s sitting in the /Applications folder, it’s inside a Eudora a subfolder. After approving launch, it launches, asks if I want to make it the default mail application (It would seem that Apple reset it during the Tiger install, presumably to Mail.app) and works fine. Its masses of windows redraw more quickly than usual. I guess that means I can now leave even more windows open 🙂

I launch Mail.app and it proceeds to put up a dialogue espousing the new Mail features in Tiger. I ignore the ad and it imports its old mailboxes. The look is much cleaner, but personally I think the new icons suck. But you can read more about that on Ars Technica.

Logging in to iTerm I notice that the fonts now all look fuzzy, presumably something’s changed with the font rendering (or a preference has been reset). A cursory inspection shows that Fink seems to still be working, but the fink web page recommends a ‘fink reinstall fink’ and a ‘fink selfupdate’. I do that, but am told I need to do a ‘sudo gcc_select 4.0’, which doesn’t work with the version of gcc_select I’ve got installed as it doesn’t recognise 4.0 as a valid option. [I later realise this is because I still need to install XCode 2 from the Tiger DVD]

The System Preferences pane seems mainly unchanged, other than the addition of the Spotlight item. There is now a ‘Show All’ button at the top to allow you to easily navigate from any preference pane back to the full list. There no longer seem to be options for dragging frequent favourites into the top of the System Preferences window, but IMHO this was seldom used anyway. Note that the following observations about preference panes are based on my memories of Panther, so I may have mentioned that something is ‘new’ when it was already in Panther. But if I didn’t remember it maybe it’ll help refresh both our memories about available features anyway!

The Spotlight preference pane allows you to change the order in which search results appear, change the keyboard shortcuts (by default, control-space and option-control-space). It also allows you to specify folders that are private and shouldn’t be indexed. Using either of the Spotlight keys at this stage tells me that Spotlight is still indexing and I should try again in about 35 minutes. This seems to be an optimistic estimate, as it’s still displaying 35 minutes even after I’ve written this whole review. At one stage it seems to have given up indexing and when I attempt a search it decides it needs to try indexing again. I suspect I may have more files than it’s expecting, or it’s crashed or run out of disk space. A little flashing dot in the middle of the Spotlight magnifying glass shows that it’s indexing. A bit of cognitive dissonance, given that it’s called ‘spotlight’ and its icon is ‘magnifying glass’.

The Desktop and Screensaver pref pane offers a few new pictures in the ‘Nature’ options, including Tiger fur. There are also some rocks, water, and a zen garden. Not to mention some clown fish (subtle plug for “Finding Nemo” perhaps?). There are some plants, and some very nice black and white background photos. Screensavers now include iTunes Artwork, Nature Patterns and “Paper Shadow”. There is also now an RSS Visualizer, which downloads news stories from any of the RSS Feeds that Safari knows about and then spins them around on your screen. You can hit the ‘1’ key to open Safari on the appropriate web page for that article. There is also a “Spectrum” saver which displays a continuous colour change.

The International Preference Pane now offers a choice of calendars, namely Gregorian, Buddhist, Hebrew, Islamic, Islamic Civil, and Japanese. The choice of Measurement units now no longer lists the US Imperial units as “Standard”, but as “U.S.”. Down with cultural imperialism! The Input menu also seems to have many more input options than previously. [It has been pointed out that it seems you can no longer specify a custom number format as you could previously. This may annoy quite a few people]

The Bluetooth Preference Pane now offers options to turn individual services on and off, and whether or not pairing is required for security if you’re using Bluetooth file sharing.

The Security Preference Pane now caters to the paranoid by offering the option of using secure virtual memory.

There is now a ‘Hardware’ Preference pane, which shows details about the processor(s). The only options it offers are a checkbox for ‘Nap’, and a setting for L2 Cache (0 or 512KB in my case).

The Printer Preference pane can open printers and the Printer Setup application. The Print Queue now logs completed print jobs, along with their state and the date they were printed. There is also a ‘Supply levels’ icon, presumably for checking ink levels etc. The Fax option now allow other computers to send faxes through the local computer.

The Sound Control panel now has an option to turn on/off feedback when you change the volume.

The Network control panel now offers an ‘Exclude simple hostnames’ control in the Proxies panel.

The QuickTime Preference Pane’s Advanced settings allows you to Enable kiosk mode, which removes save and change options from movies when displayed in browsers.

The Sharing Pref Pane Advanced options now allows for blocking UDP traffic, Enabling Firewall Logging, and Enabling Stealth mode. You can also now share your internet connection with other users (ie, use your machine as an Airport router for other machines connected to it by Ethernet or Firewire)

The Accounts Pref Pane now has a button to open the Address Book Card for a particular user. There are no new user icons. There are now Parental Controls which allow restriction of who e-mails can be received from (including allowing the sending of permission e-mails to a parental account), which websites can be seen, applications used, iChat buddies, and even block display of profanities!. Parental Controls cannot be set to restrict admin accounts (unsurprisingly). [There’s also now a password assistant to help you by generating a random password that can be one of ‘manual’,’memorable’,’letters and numbers’,’numbers only’,’random’ or ‘FIPS-181 compliant’ (the Federal Information Processing Standard 181). It lets you choose the length of the password you want, and displays graphically how secure it is]

The Classic control panel doesn’t seem to have changed, but it does seem to have forgotten my ‘Warn before starting classic’ setting. There is also a ‘Use Mac OS 9 preferences from your home folder’ option. As per usual some system files need to be updated when launching Classic under Tiger for the first time.

Date and Time offers a new calendar and clock, a world map which seems to show more snow over areas of cold climate in the Northern Hemisphere.

As I’m unfamiliar with the Speech control panel I won’t comment on any changes here, but I suspect there are some.

The Startup Disk control panel now has a button to restart the machine in Target Disk Mode (without having to hold down the ‘T’ key). This is good as it might make more people aware of Target Disk mode…

CheckMate seemed to work ok, however old copies of Default Folder X and Little Snitch both required an update to work under Tiger. Salling Clicker and SideTrack both still seem to work.

LaunchBar still seems to work, which makes me happy.

iChat launches and asks for .Mac information, Jabber information (if you’re running a local server). Rendezvous is now Bonjour, which seems to me to be a bit silly, as there’s now ‘Bonjour’ everywhere, and really the word seems to lack the savoir faire of the old moniker. Groups in the Buddy list are now collapsible and have a grey title bar. Preferences now cater for the red-blue colourblind by allowing the use of shapes to indicate iChat status in the buddies list. There are also options for enhanced privacy, and sending text as it’s typed for local Bonjour connections (and blocking your idleness from your coworkers 🙂 You can now also configure a Bluetooth headset for use with iChat.

Address Book now lets you ‘Look for duplicate entries…’ which I haven’t brought myself to use yet, as it merges them apparently without any consultation. But it is a task that I do frequently so I’ll probably revisit it in a bit.

Dashboard, it would be great if it loaded a bit faster. And the Yellow pages worked here in Australia. Or the weather icon realised that displaying 73 degrees is kind of silly in a metric country (and I’ve already told the computer I want to use Metric!). It also gets the conversion wrong, it’s definitely not -4 degrees C and snowing outside at 6:30pm in Perth [Eventually after several tries I manage to convince the Weather app to display the Perth weather correctly. Or the flight tracker worked (I’m sure there must be some flights from Perth to Heathrow)[I’m lead to believe that there aren’t. PER->SIN does get some hits though]. That leaves me with the analog clock that’s slow to render, the calendar which I wouldn’t use, and the International translator that doesn’t translate. Or the stock ticker which displays US shares only. So really, nothing I’ve seen makes me particularly impressed by Dashboard’s usefulness so far. But the rippling effect is cool. [I’ve since downloaded some more or less useful widgets, namely Package Tracker (for tracking Fedex and UPS packages), VLC (for controlling VLC), Wikipedia (for searching the Wikipedia), taildash (for tail-f’ing log files), iTCM (for monitoring connections to my iTunes). The Dictionary/Thesaurus widget also looks really useful. But why can’t I smart search my Desktop for .wdgt files?]

The authorisation dialog for Keychain access now (in the ‘details’ section) includes pop-up button menus (Some new UI device?) to display the location of the keychain on disk, and the location of the application seeking authorisation. The Keychain Access application itself now has a category column on the left which lets you select from All items, Passwords (divided into “AppleShare”, “Application” and “Internet”), Certificates, My Certificates, Keys and Secure Notes.

Calculator now has a ‘Programmer’ mode, for all those pesky calculations involving Hex, Octal or Decimal, in ASCII or Unicode.

Other than that, there are the occasional “/etc/postfix/body_checks” in my system.log file. No doubt the install hosed some of my postfix customisations.

Apache now has a “log_forensic_module” added, and the “mod_rendezvous” is now “mod_bonjour”. My httpd.conf file was moved to “httpd.conf.user_modified”. A bit of work with BBEdit’s bbdiff command had the commands necessary to add the entropy.ch PHP build added back. After restarting Apache the PHP pages started working again.

So, in the end probably the most useful and important things that Tiger offers a speed improvement, Spotlight searching, Smart Folders in the Finder. Hopefully also with improved stability, but only time will tell.

[Addendum: Lots of software updates from Apple today (May 2nd), including Apple Remote Desktop Updates. Sadly Tiger hasn’t fixed the problem I have with printing to a Canon ir2800 networked photocopier/printer, namely Preview crashes when I try. Preview now also offers ‘Import image’, ‘Grab selection/window/timedscreen’, PDF viewing as separate, continuous or side-by-side pages. It also now offers an annotate tool so you can add stickie-like notes to PDF’s or draw ovals on the document to highlight sections. Very cool!

Also, OpenVPN no longer works, which is what I use to connect to my home server. Bummer.

Thanks to Rod and Daniel and the WAMUG crowd for their comments]

Sydney, Day 2

Feeling much more human after a shower and a night’s sleep, it’s off to navigate my way to UTS. Fortunately it’s pretty easy, and I manage to dodge the 4 people trying to hand out copies of The Watchtower at the entrance to the underpass. Then there are the beggars to contend with… The fact that the NSW Govt. decided to let their mentally ill patients wander the streets springs to mind. Well, at least until the police get around to shooting them, that is.The Tiger Tech Tour continues. It’s an Apple do, they know what they’re doing, there’s coffee on the table when I arrive. The guy who took over my job when I left Arts is busily stitching the 25 QuickTime VR panoramas he’s taken during the trip. I’m astounded, it’s a pretty dedicated hobby to go through 25 panos times about 18 photos or so and stitch them all.Lunch thanks to Apple, I have a bit of a chat with Tess Williams, who’s done an excellent job of organising the briefing. It has the air of WWDC, but on a lot smaller budget, and with fewer Americans. Lunch is followed by more briefings and some cool demos of what can be done with Tiger.After thanks and the wrapup I say goodbyes to those I’m probably not going to see in the near future.Then it’s off to track down Allie, who is busy with the business of selling gas to industry. Pack too little into the pipe and they have to slow down or stop big industrial processes (some of which are chemical reactions that can’t be stopped). Pack too much into the pipe and it’s wasted. If the customers get panicky they try to draw too much out of the pipe and disrupt other subscribers. Of course, getting it wrong can cost hundreds of thousands of dollars.I walk down to her office and we catch the bus out to her place.She opens a bottle of vino and we have a bit of a chat about life. Her kid’s going to school in Perth and is sorely missed.After about a bottle or so her friend David Chan turns up and we discuss Perth gossip, mainly about the somewhat intertangled relationships of UWA ex-Computer Science students and staff over the ages…Then hunger has reared its ugly head and it’s time to grab a cab off to the Forum and hang out in the Piazza in Leichardt (I can spell that, CS’s laptops used to be named after famous Australian explorers. The rest of their machines were named after spiders like lactodectus and tetragnatha. This was becaus the Mac users never had to type the machine names, unlike the PC and Unix users who had to be able to spell everything at the commandline).The piazza was very cool, there were obviously a lot of people still out enjoying themselves over a late meal. Really, finishing up around midnight actually felt rushed.. The chicken with prosciutto was excellent. As was the simple but exceedingly tasty pizza.After polishing off more wine it’s a quick walk around whichever shops are still open (sadly the cake shop we’d had our eye on wasn’t one of them), but around the corner was a café where I took solace in some pecan pie.We took a cab back to Allie’s place, said goodbye to David and I crashed in her spare room for the night.

Macworld SF 2004 Stevenote

So, in about 20 minutes time Steve Jobs is going to kick the year off for Apple with his usual keynote speech. The faithful are gathered all over the planet hanging on his every word, and wondering what cool toys he’s going to offer us in this post-Christmas technology bonanza.

The money seems to be on mini-iPods, given the advent of a small US$70 hard drive announced earlier today that would seem to be about right, technology wise. Also some updates for various iApps.

But Steve’s the most dangerous man in Silicon Valley, who know’s what he’s got up his sleeve. “Oh, and justone more thing…” no doubt!