Extra Pepperoni

To content | To menu | To search

Tag - BBEdit

Entries feed - Comments feed

Monday, December 22 2008


After a mention by Kevin van Haaren, I decided to try boxee, a multiplatform open source media sharing project. Specifically, I was interested in running boxee on our Apple TV, and pointing it at a share on a Linux server, since the Apple TV's 160gb hard drive is perpetually full, and I spend a significant amount of time moving video on and off via iTunes. Additionally, boxee adds support for additional video formats, and facilitates access to Internet content such as hulu and RSS video feeds (ONN FTW, although I was already getting that through iTunes).


My first problem was some confusion in the atvusb-creator, which builds a "patchstick" by copying the appropriate files onto a flash drive. Booting an Apple TV from the patchstick adds boxee to the existing Apple TV software, and provides additional menu items and ssh access.

I was distracted by the bright blue Choose a DMG button. In Mac OS X, blue buttons are supposed to identify the default action, so I kept trying to find a suitable .dmg file to feed it, with no luck. I saw a few warnings that the creator only works with some flash drives, so thought mine were incompatible. After I watched a video on creating the patchstick, I realized this button was a herring -- it is apparently unneeded. Once I skipped straight to Create Using ->, I got a patchstick. Hooray!

Today, I got Boxee installed. It was pretty simple:

  1. Pull the plug.
  2. Plug the patchstick into the back.
  3. Turn on the Apple TV.

I watched Linux boot messages, then saw a message telling me no errors were detected, and to reboot the Apple TV. When it came back, I had 2 extra menu items: XBMC/Boxee & Software Menu. The former includes a (highly recommended) Update command (but after updating I am still offered the same set of updates), a Boxee command which gives me an inescapable black screen, and an XBMC command that lets me configure and use up the Xbox Media Center (which Boxee is built upon). Unfortunately, XBMC doesn't see the videos, music, & photos iTunes synched over, so there's no content yet.

Ah, well. That's progress, at least.

Thursday, September 11 2008

iTunes 8's Video Improvements, and Updated App Bugs

Update: Thanks to Dave Makower for a workaround. Per Dave's suggestion, I signed out of the Apple Store and signed back in as my account @mac.com. This is the default, so signing in with just my account (without explicitly typing @mac.com) should worked just as well, but apparently it doesn't. Thanks, Dave! I hope short names work properly in iTunes soon. Or perhaps it's just that I used a different login name when I initially downloaded the software...

Update 2: from Kevin Ross:

Hi, I'm emailing to let you know that I had similar problems updating apps. My solution was to go through the app store and "buy" every app over again. I did it with all my free apps first and they all upgraded fine, then I did it with Super Monkey Ball, iTunes saw that I already had it, told me so and said I wouldn't be charged, and installed the upgrade free of charge. Just a little tidbit to help you out in case Dave's workaround doesn't work later.

I just discovered that iTunes 8 makes large strides in handling videos. Previous versions were unable to change the Movie/TV Show/Music Video type flag, or set Show, Season, or Episode. v8 adds all these capabilities. I no longer need Set Video Kind from Selected from the most excellent Doug's AppleScripts for iTunes, and can now sort out imported video from iTunes' Get Info window.

Additionally, iTunes used to say it had over a dozen application updates for me, but fail to access my account or say I had none when I tried to get them. Now it shows me 19 updates, and seems to have the correct list, although it cannot actually install them. It appears to be something about upgrading free applications, which was broken last week (in different ways) too.

Here is what happens when I click Download All Free Updates:


Here is a bogus tooltip for Life (not necessarily related to the updating problems):


And a message telling me I cannot get Life 1.0.3, apparently because I don't have an earlier 1.x version of Life (actually, I have 10.0.1). I get this for every app.

Individually, I am able to upgrade free apps -- I don't mind paying their full price of "Free". I'm not willing to test Apple's bugs to find out if Apple they would really re-bill me for what should be free upgrades to purchased apps, though, as this erroneous message claims. Here iTunes told me I cannot get the free LifeGame for free; I get the same message for every app, free or purchased.

You do not qualify for this price.

To make the problem even more aggravating, App Store on the iPhone has the same issue -- when I try to upgrade Twitteriffic Premium or Toy Bot Diaries, it tells me I'll have to pay full price. I want those updates! I hope this is sorted out soon.

Tuesday, August 26 2008

Time for More RAM

pepper@prowler:~$ top -l1|head -7
Processes:  105 total, 3 running, 4 stuck, 98 sleeping... 439 threads   20:08:26

Load Avg:  0.68,  1.05,  1.10    CPU usage: 22.86% user, 42.86% sys, 34.29% idle
SharedLibs: num =    4, resident =   41M code, 3032K data, 3172K linkedit.
MemRegions: num = 39625, resident =  824M +   20M private,  207M shared.
PhysMem:  269M wired, 1159M active,  554M inactive, 1990M used,   58M free.
VM: 16G + 374M   5256473(0) pageins, 1406422(0) pageouts

A pair of 2gb DIMMs are en route from NewEgg, for $75.

Thursday, August 14 2008

Suggested iPhone apps

Frank just got an iPhone, so I was listing off suggested apps, and decided to post the list. Almost all of them are free.

  • NetNewsWire/iPhone: RSS reader which synchs with NNW on Mac, FeedDemon on Windows, and Newsgator Online; all are free
  • Instapaper: Multi-computer bookmarking service -- links to http://www.instapaper.com/
  • (paid) Twitteriffic Premium (Free shows ads): http://twitter.com/reppep
  • Stanza: ebook reader
  • Remote: iTunes & AppleTV control
  • (paid) TouchTerm: ssh client
  • (paid) pTerm: ssh client
  • Facebook
  • AIM (just for free SMS)
  • Now Playing
  • Scribble: need a drawing program to play with Julia
  • Shazam: identifies recorded music the iPhone can "hear"
  • Shakespeare: complete works
  • Yelp (Amy likes)
  • Google


  • (paid) Toy Bot
  • Phone Saber
  • Fire Drop
  • Moonlight Mahjong Lite
  • Labyrinth LE
  • Life
  • Tap Tap Revenge
  • Advent (I don't play it, but keep it for the ecstasy it will someday induce in an old Zork fan)

Thursday, August 7 2008


I've been a serious BBEdit user for years (I suspect a beta password many years ago was a joke at my expense). I use vi daily but am not a fan, and I find emacs inexplicable. As an system administrator, editing text files (typically configuration files and scripts) is a large part of my job.

So spending my days using Windows, with no BBEdit, was a concern.

I used kate a bit, and it's not bad, but it's limited (cannot even compare 2 windows!), and Exceed's Copy & Paste support is extremely erratic.

Many people suggested UltraEdit, but due to an installer issue, I was unable to use it. That issue has been fixed, and I got it running today. I'm quite impressed, although I have already discovered that its sorting capability is downright feeble compared to BBEdit's GREP-enhanced sorting. I see that UltraEdit offers 4 different flavors of Find & Replace: Plain, perl regex, UNIX regex, and UltraEdit regex. This seems crazy to me -- I consider anything that's not 100% backward-compatible with PCRE a bug, but I am not selling to a population of users who live in MS Word.

Truly weak: Find for $ doesn't work properly in perl regex mode with UNIX line endings.

I am both impressed and mildly aggravated. UltraEdit is much better than anything else I've used on Windows (or Linux or Solaris), but it's also less polished than BBEdit. I'm not sure how much of my frustration is because I have the advantage of years of experience of BBEdit -- compared to only a few hours to learn UE so far -- and how much is real deficiencies and lack of polish in UE.

Monday, August 4 2008

iPhone 2.0 Subtleties

I upgraded to iPhone OS v2.0 a while before I got a 3G iPhone (very worthwhile for me, since I spend most of my time outside Wi-Fi coverage now). Since the upgrade, I have noticed a few things which I have not seen mentioned elsewhere.

Continual pseudo-GPS updating in original models

On my original iPhone under iPhone OS v1.x, tapping the crosshair button in Maps used to locate me -- the button turned blue while the iPhone was fixing my location, then turned grey again when done. To update my location I had to tap the button to get a new location fix. Under v2.0, after tapping the button it stays blue, and the iPhone updates my location automatically until I tap again (to turn it grey and switch location auto-updating off) or exit Maps. This is well-known on 3G models, but I was surprised and pleased to see auto-relocation on the original iPhone.

Pause to rotate (walker unfriendly)

Under iPhone 1.x, I could rotate the iPhone to re-orient Safari while walking. Under v2.0 the iPhone does not reorient while I am walking -- I have to stand still for it to notice the change in orientation and rotate. Annoying, as it means I will have to stop in the middle of crowds to trigger rotation.

More switches to iPod.app when resuming music playback?

Under v1.x, after a sync or reboot, the first time I hit the earphone button to start music playback, the iPhone would switch into iPod mode, but I could stop and start without switching into iPod mode. I have a feeling that it switches into iPod mode sometimes now (after I first started and stopped playback), at times when it would not have before. This is unconfirmed, though.

Upside-down for iPod videos

I believe this changed from v1.1.4 to v2.0, but could be wrong about when. In earlier software versions, iPod movie playback only worked when rotated 90° counterclockwise. Alex hates this, as it puts the speakers behind your right hand. With v2.0, iPod movies can also be played back 90° clockwise, which puts the speakers under the left hand. YouTube still only works counterclockwise, though.

Loss of background functionality with apps vs. Safari

I am very happy with NetNewsWire, Twitteriffic, and Instapaper, but iPhone 2.0 doesn't let them run in the background. This means NetNewsWire and Twitteriffic always need to update when I launch them, as opposed to the Mac apps which update automatically in the background. It also means I cannot multitask -- when I was using NewsGator Online and m.twitter.com, I was able to switch between Safari tabs and Mail, and keep them working in the background as I switched to whichever was done. The apps are much better than the webapps, but the regression of having to wait really bugs me. Fortunately it's lessened somewhat by the 3G iPhone's improved update speed.

Another disappointment is that neither NetNewsWire nor Twitteriffic supports rotation. I thought Apple didn't support it outside Safari proper (both NetNewsWire and Twitteriffic incorporate the WebKit engine Safari uses) until I realized Instapaper supports rotation, and Stanza supports rotation (even upside-down, which Safari does not). I'm sure there are real reasons Brent & Craig have not yet provided rotation in their apps, but as I understand it, they are not allowed to discuss them, or how Instapaper & Stanza do it -- even under NDA, despite the fact that this is released software!

On the other hand, reading Slashdot via NewsGator Online stunk. The delay to get each article was very aggravating, and NGO was useless on the train. NNW/iPhone makes reading Slashdot a pleasure.

Also, Remote is great.

Friday, July 11 2008

iPhone Apps: First Impresssions

I've been waiting for NetNewsWire for iPhone since I first heard of it, and have already registered Twitterrific Premium, which is very slick (although I'm not sure how GPS or photos work). I am somewhat disappointed that NNW/iPhone doesn't proactively download updates; that's one of the nice things about NNW on the Mac -- it's always pretty current, and I never have to wait for an update. On the iPhone, where I may not even be able to get an update on the train, it's problematic. I was hoping NNW/iPhone would proactively sync feeds, so I could use it on the subway while out of coverage, but no joy.

Twice, all apps have failed to launch until I rebooted, and I've had a couple unexpected reboots.

Most apps are very slick, although AIM and iMaze both disappoint. Very much looking forward to using Remote for real, and wondering if I should have gotten an Apple TV for our living room stereo instead of an AirPort Express/n...

There's a trick to replacing the 4 persistent apps in the Dock at the bottom: you cannot drag into the Dock to bump them out of the way; instead you must drag something out of the Dock to make room first, and then you can drag an app into the free space.

It's annoying that deleting an app from the iPhone leaves it on the Mac; moreso that re-synching re-installs the app on the iPhone and forces a full (slow) backup of the iPhone. Adding insult to injury, I cannot control-click an app in iTunes to re-install it, or get rid of the confirmation on every deletion from iTunes.

The AIM client stinks. Not sure if it's push enabled, but it has serious flaws and bugs, both.

Moving apps around Springboard is a bit buggy. As I moved them from one screen to another, Springboard moved a bunch of extra apps to later screens -- many more than were actually necessary to make room. I always have 7 screens of apps, even when they all fit on 6. Under 1.1.4, there were no empty screens -- empty ones were automatically removed; I preferred that behavior.

I expect to get an iPhone 3G Monday -- can't do it this weekend.

Where's the OpenSSH port?!?! I do hope Apple didn't reject a submission...

Update 2008/07/12: The extra screen is correct. When in app rearrangement mode, the iPhone always provides an extra screen so I can move apps there; in normal mode the extra screen goes away.

Sunday, June 15 2008

iPhone 3G Economics

Steve Jobs announced that the iPhone 3G would be "Twice as fast. Half the price".

Ever since Om Malik's interview with AT&T's Ralph de la Vega, people have been noticing and commenting on the fact that this ignores the mandatory 2-year AT&T contract, and in fact iPhone 3Gs will generally cost more, thanks to the higher monthly fees.

Unfortunately, Amy doesn't want my original $400 iPhone -- perhaps a friend who can't justify the 3G charges will buy it for $100.

The $300 16gb iPhone 3G will be worth the money for me -- I spend a significant amount of time each day waiting for pages to load, and still take a Treo 650 & Bluetooth GPS unit on driving trips. But I'm disappointed in Apple for choosing a clearly misleading catchphrase for a product which doesn't need deceit and customer confusion to sell well.

I don't use SMS much, but I do sometimes, and I don't want to worry about the astronomical per-message costs, so I like the $5/month flat rate plan. And I certainly want the $30/month unlimited 3G data plan.

Fortunately, I'm now able to drop back from the 900-minute/month plan I upgraded to, down to the base 450-minute/month plan, which will save $20/month, and nicely offset the additional $15/month for unlimited 3G & 200 SMS.

Now that AppleCare has failed me, and the iPhone isn't as much of a hardware investment, and I don't walk outdoors across campus (drops on carpet are much less destructive than on asphalt or concrete outside), I've decided not to purchase AppleCare or a case for my new iPhone (my 11-month-old plastic incase protector is falling apart, and kept the iPhone from fitting in any dock). I like the idea of leaving the iPhone charging in its dock overnight, rather than lying on a night table.

So with the new iPhone, I'll save $70 on a 2-year AppleCare contract and $30 for the case. This is enough to pay for MobileMe service. Hopefully it will be solid, as opposed to the current .Mac service, based on the unreliable iSync.

I wonder how much turn-by-turn GPS with spoken directions will cost on the iPhone. I know TomTom and Garmin are quite interested, and Google Maps can do real-time driving GPS without spoken directions -- I don't know what the iPhone options will be, though.

I have a couple large questions. First, how well will MobileMe work? Second, how much will turn-by-turn GPS with spoken directions cost? Hardware GPS units are in the several-hundred-dollar range, while Google offers free or cheap GPS with directions but no speech. I'm looking forward to seeing what is available using the iPhone SDK.

I'll have a much faster iPhone (and probably OpenSSH -- hooray!), and next time an attractive upgrade rolls around, I won't have $500 invested in the previous generation.

To sum up, I'll save $20/m on extra minutes, and pay an additional $15/m on 3G data & SMS. I'll save $100 on protection, and pay $100/year on MobileMe. If things don't change over the next 2 years, I'll end up paying $40 more, which isn't bad, but also isn't "Half the price."

Wednesday, June 4 2008

The Serious Shit

At Wheaton, I helped found the Progressive Alliance, a student political club. I don't remember most of the members (in fact I no longer recall the names of most of my classmates), but Kirsten Cappy was one of the heads -- one of two co-presidents, if I recall correctly -- and Steve Amster (a good friend to both of us) got me involved.

As the nerdiest Progressive, I ended up laying out The Serious Shit in PageMaker. Articles were of course always late, so I remember having to shorten articles I'd just stretched out to fill space, in order to fit post-deadline content onto the page (issues were one to two pages, letter or legal sized).

The Shit was posted on the bathroom stall doors, where we had a guaranteed audience with time to read. I don't recall much more about it, although if Jason Snell revives my old 210mb hard drive, I might get some old issues back -- unless they're on my 6 even older 44mb SyQuest cartridges.

The other thing I recall about TPA & TSS is that my mother convinced me that if I listed "Progressive Alliance" as an activity on my resume, people would decide I was a Communist and not hire me. I don't remember if I took her suggestion and called it "The Humanist Alliance", or simply left it out entirely. There was never any question of listing The Serious Shit on the resume -- I never interviewed for a job where that would have been a plus.

Fortunately, after my first job at Rockefeller University, I had more relevant things to put on my resume, so the Progressive Alliance dilemma quickly became a non-issue.

Tuesday, May 13 2008

My favorite Mac OS X command: open

For years I've been hearing complaints about the Finder, chiefly from John Siracusa and John Gruber. They have mostly gone in one ear and out the other, because of a little secret I have.

See, back in the day of Mac OS X Public Beta (pre-1.0), the Finder was really bad. Dog slow (much worse than now), highly crash-prone, and very limited (compared to both the Mac OS 9 Finder and the Leopard Finder).

When I was still working at The Shooting Gallery, fixing Macs, learning UNIX, and trying to jettison hacked Windows servers (unsuccessfully), the Mac OS X Public Beta was a very big deal. Its Terminal application and command-line environment much more stable than the still-very-beta Finder, so, I used them as much as possible. Over the years, as I have read ongoing complaints about the Finder, I have continued to use Terminal and the command line, and been largely insulated from the Finder's failings.

I would like to mention three Apple tricks for mixing the GUI and CLI worlds -- not that there couldn't be others I don't know. One is that you can drag files into Terminal, and it will insert their paths. This is excellent, because instructions can say things like:

Now open your Applications Folder, and the Utilities folder there, and Terminal inside Utilities. Next type "chmod u+x " (make sure to leave that space at the end), and drag the file you just downloaded into the Terminal window. Then press Return.

I don't use path insertion often, though, because Tab completion is faster than switching to the Finder, digging up the file, and dragging. Ironically, when I read In the Beginning Was the Command Line, I thought it was absurd that Stephenson claimed typing could be faster than mousing. All those keys to hit! Alas, the CLIs I had used at the time did not have Tab completion, which does in fact make the keyboard faster than the mouse.

So anyway, back to the point of this post: the path from the command line back to the Mac OS X GUI: the open command. Apple has given this one simple command the ability to open files, folders, URLs (web pages, email addresses, etc.), applications (optionally passing them files), etc. This single command allows me to do 90% or more of my file system navigation in the command line (where ssh and friends live) instead of in the Finder.

We love it!

I actually use the bbedit command as frequently.

There's a third bridge between the CLI and GUI spheres: executable scripts with the .command suffix are launchable as Mac applications, but run as CLI scripts. I like putting these in the Dock, although for my own use I mostly launch scripts directly from the command line. If you find yourself in need of argument processing, check out Fred Sanchez's DropScript hack useful; it can add argument processing which is not available with the .command technique.

PS-If you want to run AppleScripts from the shell, look into the osascript command.

Thursday, May 8 2008

Time Warner HD DVR Kicked to the Curb; Replaced by Apple TV

Our (cheap) 23" LCD TV's composite input gives lousy color. On the other hand, we've gotten loud buzzing noises a few times from its HDMI input, so we had our Time Warner (Scientific Atlanta) HD DVR connected to the composite inputs, and dealt with the lousy color and poor brightness. We also paid an additional $20.10/month for the second cable connection and DVR (Time Warner charges $9.95/month more for either HD or non-HD DVR than for a non-DVR cable box [HD or non-HD]). Now I wonder if the problem was with the DVR's HDMI output all along. Oh, well -- it no longer matters.

We do still pay $66.19/month for digital cable service upstairs. This lets Julia watch a couple kids' shows a day, and Annette & Amy check the Weather Channel. Our (pre-paid) TiVo also records the shows we like, so we can watch upstairs, but we generally watch downstairs. Neither of us knows if we'll watch more upstairs, or pay a few dollars a month to watch downstairs. It's an experiment.

Since we watch most of our "TV" from (ripped) DVDs, and our Time Warner signal is very unreliable, and their service is lousy, I returned the DVR on Saturday. That $20.10/month should pay for a Netflix upgrade and/or several shows from the iTunes Store (no longer the "iTunes Music Store", I noticed -- I wondered how long that would take, but missed the actual switch).

Good candidates for iTunes ducats -- (certain to total less the $241.20/year we'd been paying for the downstairs DVR):

  • $10: 16 consecutive episodes (4 weeks) of The Daily Show ($2/ea) -- we watch it infrequently these days.
  • $20: a season of South Park.
  • $26: a Torchwood season.
  • Doctor Who isn't available from iTunes, but we can watch it in VLC or upstairs, on cable.
  • free: Battlestar Galactica (on cable, upstairs)
  • free: The Sarah Jane Adventures (upstairs)
  • free: Robot Chicken (downloaded and watched on a laptop)

The TiVo S2 has a built-in web server, and I use tivodecode to extract MPEG video, but it won't play in QuickTime Player. They do play in the redoubtable VLC, but it's not quite as polished. This is not presently annoying enough to justify purchase of Toast, which can convert .TiVo files for QuickTime or iPhone, but I am not sure if DRM would be a problem; they don't provide any detail.

We haven't yet purchased anything through (or for) the Apple TV yet -- perhaps this week we'll try it.

Saturday, May 3 2008

Apple TV in the House

We got an Apple TV this week, and it's excellent, although I tripped over some serious network problems (more Mac problems than Apple TV problems, actually).

Compared to our TiVo (upstairs) or our Time Warner Scientific Atlanta HD DVR, the Apple TV is surpringly advanced. The SA box keeps losing signal (probably TWC's wiring at fault, but they keep not fixing it), and is much larger (and noisier) than the Apple TV; basically it's a piece of junk, but it's substantially cheaper than another TiVo. We'll probably get rid of this DVR and our downstairs cable connection in favor of the Apple TV very soon.

Comparing the Apple TV to the TiVo is more interesting, not least because people have been comparing the two companies for years, and keep demanding that Apple build a TiVo killer (both before and after the Apple TV release). Given how badly cable companies stink, it's hard to believe Apple should embroil themselves in this mess, but they seem to be doing okay with the iPhone, and phone companies aren't much better than cable companies. People also want Apple TVs to play DVDs, which is an obvious feature, but would be less profitable for Apple than iTunes Store rentals and purchases. But back to the comparisons.

The SA DVR has exactly one advantage over the TiVo (aside from price): its "Ouija board" -- when you need to "type" with a very limited keyboard, the TiVo makes it possible but not easy. The SA box improves the experience dimming (and skipping over) invalid letters (which would spell words that don't match the list of available shows). The Apple TV, interestingly, has an unimpressive on-screen keyboard and a very limited remote (it's the same one Macs ship with, meaning 6 buttons: 4 directions, play/pause, and menu/back). But it's easier to use, because the Apple TV doesn't lag behind user input as much (it doesn't have to match input against all possible titles, remember), and tactile response is very good; I only made one typo when entering usernames of several friends, and it was easy to correct, even though Delete is an onscreen selection (no Clear key, as on the TiVo remote).

This brings us to another interesting comparison: the SA box has Internet connectivity (I think it's channel 996 that shows the current IP), but doesn't use it for anything except the electronic program guide and purchasing pay-per-view (which we don't do). The TiVo adds TiVo-to-TiVo transfers of shows (we only have one, so haven't tried it), scheduling via http://www.tivo.com/tco/, an unsupported web server which allows downloading encrypted/watermarked television shows, and the ability to run applications from a server (either at home or across the Internet). Applications allow you to play music or slide shows from a Mac or Windows PC, or slide shows (from your Picasa or Yahoo Pictures account -- but not Flickr, even though Yahoo owns Flickr!). Unfortunately, you cannot combine these applications, so it's impossible to listen to music while watching a slide show on the TiVo. TiVo has apparently dropped support for third-party development.

The Apple TV, on the other hand, does this all much better. Out of the box, it comes with a set of high-quality flower photos, which run as a slide show when idle. Music can be a) played from the Apple TV's hard drive, b) streamed from iTunes on a Mac or PC (controlled from the Apple TV), or c) streamed from within iTunes in AirTunes+ mode -- iTunes sends audio and ID3-style metadata including cover art over the network to the Apple TV. In any of these modes, track information is displayed onscreen, and if the Apple TV is left idle, the it starts showing a slide show (ours is photos of Julia, of course); this doesn't interfere with music playback at all.

Compared to TiVo's lousy support for Yahoo Photos (!?!) and Picasa (they want you to create your own account and log into it before downloading any photos), the Apple TV supports Flickr and .Mac photos, as well as the owner's own via iTunes, of course. There is a clear hierarchy of user experience here: no support on SA/TWC; poor slide shows or mediocre media streaming on TiVo; high-quality music and photos on the Apple TV, pre-loaded with nice photos for a superior out-of-box experience.

One of the few things I regret about the Apple TV is that I bought it from Apple; I didn't get an educational or corporate discount, so I could have gotten it faster for $15 less from Amazon (via Prime), but when I tried to cancel the order at store.apple.com it had already gone through (less than 5 minutes after pressing Submit). This should be the worst problem I have with the new gadget!

Unfortunately, it wasn't. The Apple TV would not synchronize content from iTunes; I was able to play music through it (AirTunes), but it mostly refused to show up in iTunes' DEVICES list. I got a warning about port 3689 possibly being blocked by a firewall, which I initially ignored, knowing I had specifically allowed iTunes to connect through Leopard's "socket firewall".

The Apple TV AppleTV is not responding. Check that any firewall software running on this computer has been set to allow communication on port 3689.

pepper@prowler:~$ grep 3689 /etc/services 
daap            3689/udp    # Digital Audio Access Protocol
daap            3689/tcp    # Digital Audio Access Protocol

The second time I got this message, with iTunes' Preferences claiming the Apple TV was synching even while it wasn't fully accessible, I did some searching, and found out that indeed several people needed to open up the socket firewall before Apple TV synching would work. I did this, and lo and behold, our Apple TV now has the proper 12gb of video, 51gb of audio, and 3gb of photos it should. It's bad that iTunes wasn't properly whitelisted in the firewall, but it's much worse that people need to turn off a security feature to make the Apple TV work. Fortunately, after I switched the firewall back to "Set access for specific services and applications" (where it should be), the Apple TV continued to appear and synch properly; bug filed with Apple.

That brings up another bug: we have a Gigabit Ethernet network (3.5 switches -- 8-port, a couple 5-port, and the 3-port built into our Time Capsule) and an 802.11n network, but unfortunately the wireless doesn't work right. At 5GHz, I keep losing my connection; at 2.4GHz it stays up everywhere except the guest room (which has no Ethernet), but speeds throughout the apartment are poor and connectivity is less reliable than our 802.11g Airport Extreme network. Since I haven't fixed this yet, I much prefer to do large transfers over the wired network.

The Apple TV connects to a running copy of iTunes to download content; in my case, most of the connections (once I got past the firewall issue) were to the AirPort IP address, which prevented them from making progress on the 65gb transfer. I had to disable AirPort to force the Apple TV over to the Ethernet connection, which was much faster; after it was done I re-enabled AirPort, but that's another bug (also reported, and yes, I do have System Preferences set to prefer Ethernet to AirPort).

Sunday, March 16 2008

Time Capsule DNS Bug?

I just got a 1tb Time Capsule -- it was a natural accessory for my new MBP, since I finally have a Mac with 802.11n support, and I routinely move large files or folders (500gb-8gb) around our home network; I also like the GE ports.

The Capsule replaced a WRT54G (hacked) and an AirPort Extreme -- the APE is now serving as a print server in WDS mode (overkill, but otherwise it would just sit on a shelf, and the print server is handy). It is also providing backup space for all three of our laptops (including Julia's), and the magic of Time Machine seems like a good security vs. convenience compromise -- keeping conventional AFP or SMB shares from reppep.com mounted all the time on all three laptops would be suboptimal. Time Machine seems to handle mounting & unmounting gracefully.

On to the meat of my problem, though: Once I set up the Time Capsule, I noticed my MBP (10.5.2 latest) was getting the TC's IP as its only DNS server via DHCP. This is annoying, as I configured the TC with 2 upstream DNS servers, and I want it to configure my Macs with at least those two; if the TC inserts itself first that's fine, but it shouldn't be my only nameserver.

The problem is aggravated (considerably!) by the fact that the TC is not actually serving names. My dig queries against it all time out.

On a related note, nmap points out that the Capsule is running an FTP server, which I (fortunately) cannot actually log into. I don't see FTP anywhere in the UI or help (aside from a note about forwarding FTP through NAT). FTP is evil, and I don't want it on at all! I know why ports 139 & 445 are open -- to support SMB/CIFS and WINS, which I could configure but cannot turn off -- but why RTSP and RealServer ports, and port 10,000?? I cannot get anything out of 10,000, so it's not a normal Webmin, but what is Apple doing here??

I filed 3 bugs against Time Capsule, one against AirPort Admin Utility, and one against SP:Network, which I discovered while working around the TC DNS issue.

Meanwhile, I'm not holding my breath for answers & fixes from Apple. Do you all have more information about what's going on here? Do TC users find a) the TC is the only only nameserver assigned via DHCP, and b) it doesn't actually work as a nameserver??

Wednesday, March 12 2008

Extra Pepperoni Re-Hosted

After DreamHost's breach 8 months ago, I was aggravated at their poor handling of the situation, but willing to give them the benefit of the doubt, and still happy with their low prices and flexible services.

With the new bad news and worse confirmation (still with poor incident handling), though, it's time to get out of dodge.

I have moved Extra Pepperoni back onto my own hardware. I started blogging on Apple's Blojsom install, but gave up on Tiger Server for Blojsom (and Mailman) because the services kept silently shutting down, leaving me to notice they were disabled days or weeks later (no fault of Blojsom or Mailman -- Apple didn't do a good job porting SpamAssassin either). Bringing up a WordPress blog and mailing lists at DreamHost was easy and cheap, but that's no good if they are unsafe.

I'll look at moving a couple very light-duty Mailman lists off DH next, but the lists are so lightly used I'm not too concerned. There just isn't any confidential information on the mailing lists, aside from their tiny subscriber lists.

Ah, well. I now know much more about WordPress and MySQL than I cared too, but the setup wasn't too bad. I hadn't realized how many customizations and tweaks I made to WordPress until it came time to recreate them on my own system:

  1. Almost Spring theme (included by DreamHost); with minor hack
  2. PHP Markdown Extra; with minor hack
  3. MySQL admin UI
  4. WP-DB-Backup (DH included one, which I'm no longer using)
  5. mod_rewrite for permalinks
  6. Admin-SSL, with "Shared SSL" tweak, integrated into my existing SSL site (meaning EP is available through two different "sites", and I have to keep the Apache configurations reconciled)
  7. Twitter
  8. WP-Cache (DH standard)
  9. Akismet anti-spam registration
  10. Technorati pinger (came over automatically with the DB).
  11. Fix for widget.php to use legal JavaScript tag.

Saturday, March 8 2008

Windows and Outlook Annoyances

I've been using Windows on a daily basis for 9 days now. At Rockefeller, I kept it on a VM (earlier, on a physical PC) which I could easily wipe and reinstall. I kept the few installers I need on a Mac so I could easily reinstall and be back in business. Now I have to do much more in XP/Outlook, and I have many gripes.

Things I Miss

These are mostly lacks in Windows, although not entirely.

  • In the Alt-Tab task switcher, I cannot Hide (Command-H), Quit (Command-Q), or click an application's icon to switch directly to it. This is aggravated by the fact that icons in the switcher often correspond to windows rather than on the Mac, where they correspond to applications (each with one or more windows), so there are many more icons to Tab through, and often several indistinguishable windows (4 Firefox windows generate 4 identical unlabeled icons; so do 4 open messages in Outlook). Considering Windows has had this feature for longer than Apple, it's shockingly underpowered.
  • I cannot hide the current application (window) from the keyboard (Command-H), or Hide Others (Command-Option-H).
  • I miss BBEdit -- working with notepad and vi for now; UltraEdit's installer (recommended on TidBITS-Talk) doesn't work in my environment. This will get worse as I start writing and editing more (code).
  • BBEdit (particularly side-by-side diff and interactive reconciliation, which I should be able to find an alternative for, but sdiff isn't it).
  • bbedit (I miss opening files from the shell, including via sftp and from for loops).
  • ssh keys for authentication.
  • Seeing my personal email throughout the day -- the financial/SEC/Sarbanes-Oxley environment requires a lot more separation between personal and work activities.
  • Options (program-wide preferences) is not available from message windows -- only from the mailbox viewer window. This is true in Thunderbird/Mac too; presumably copied from the MS model.
  • Good filtering: Outlook's filtering is very much wizard-driven, but not very flexible (no booleans & very limited criteria available); two filters that try to file the same message will put 2 "copies" of the message in different mailboxes; some options are handled on the server, while others are only performed on the client.
  • BlackBerry filtering: The BlackBerry Curve shows everything in one mailbox; I'd like to see things grouped as I do on Outlook.

Things that bug me

  • I can make Outlook sort a mailbox with the newest messages at the bottom (the default is newest-at-top), but then when I click the mailbox, Outlook selects the bottom (newest) message in a mailbox, whereas I want to read oldest first.
  • I can make Outlook allow commas as address delimiters (which is what they are in the actual mail messages), but then I cannot type names, because we have autocomplete disabled and Outlook doesn't recognize a correct "Last, First" recipient when it's set to allow commas as delimiters (even though Outlook uses them once I click Check Names).
  • Keyboard nickname completion (Command-L in Eudora); I can't find a way to assign a keyboard shortcut to Check Names.
  • I try to keep my mailbox "caught up" or "clean" (all messages read). Outlook doesn't mark a message read until I deselect it. This means that when I'm done, to have it stop showing that last message as unread, I have to select something else.
  • When I'm reading a bunch of new messages, and Outlook selects one I don't want to read (see above about selecting the bottom/newest message), I have to click another message to get the Mark Unread contextual menu command; then I scroll up to the top and click on the first message.
  • AutoCorrect absolutely would not let me type "SAs" (System Administrators) until I killed it.
  • MS Office Communicator flashes in the Start bar and the Alt-Tab switcher, but it flashes the main window's icon, instead of the one for the conversation with new activity. That's just dumb.

Things I like

  • Outlook can show me mailing list (group) membership. It's called "Outlook Properties" in the menu, despite being maintained on the Exchange side, but after I got over thinking that couldn't be the right place, this is quite handy.
  • Outlook checks group memberships automatically when filtering; this cannot be turned off, so I cannot filter messages sent to a list separately from messages sent to a member of the list.

Thursday, March 6 2008

Bad News from DreamHost

I got a message from DreamHost tonight which both confused and disturbed me.

Telling me there's evidence that I have been intruded upon is scary -- but what was the evidence?? Without more information, this is upsetting but not helpful.

I only access this account from fully patched Macs under my direct control. None of them were running Windows spyware, and I know there hasn't been a hardware keylogger in operation on my equipment recently (I don't believe every, but I've been doing lots of work on my equipment lately, so I know not recently). It's certainly possible I got hacked by some brand-new Mac OS X exploit, but (especially given my understanding of DreamHost's security model, which entails emailing plaintext passwords at the drop of a hat) I consider it considerably more likely this is a false alarm or miscommunication.

Especially given that, despite "we have reset your password", the affected account's password was NOT changed. I logged in normally and changed it myself. This makes me very glad that I created a brand-new password only for DreamHost last time they got hacked. On the other hand, I could have been sniffed logging in over the Internet (most of their access is unprotected); I only set up SSL for administration of Extra Pepperoni a month ago...

We'll see how they respond to my request for clarification.

In the meantime, I am worried and aggravated.

It's also somewhat suspicious that the timezone is UTC, considering that DreamHost is in Los Angeles. If it wasn't the right panel.dreamhost.com hostname, I'd think this was an attempt to get me to submit my DH account information to a spammer, but that information isn't worth much.

To: "Chris Pepper" <---->
From: DreamHost Support <support@---->
Subject: [reppep ----] Account Concerns...
Date: Fri,  7 Mar 2008 02:20:34 +0000 (UTC)

Dear DreamHost customer,

We have found evidence indicating that your 'reppep' web server account
may have been subject to intrusion by a malicious 3rd party. As a
precautionary measure, we have reset your password and ask that you
change it, here:


At this time we have found no evidence to suggest that there has been a
breach of our internal security. We believe that the passwords in
question were likely obtained through the use of
spyware/keyloggers/malware, possibly installed on your personal

In order to secure your account, we ask that you immediately follow the
recommendations provided in the DreamHost AbuseCenter - particularly
those involving the removal of malware. You may visit the AbuseCenter,


If you have any questions or concerns, please let us know.

- DreamHost Abuse/Security Team

Thursday, February 28 2008

Mac OS X Leopard: Changes and confusion regarding network mounting

Apple put a lot of effort into making network sharing (Mac and Windows networking using the AFP & SMB/CIFS protocols) easier in Leopard. One of the things they did was introduce credential caching at the system level, so once you mount another Mac via AppleShare (for instance), you could then connect to it with Screen Sharing too, without authenticating. This is neat, but a bit problematic. I have had cases where:

  1. I had to kill NetAuthAgent (the background process that appears to hold username/password pairs on your behalf) to make mounting work
  2. I had to rearrange windows around onscreen, because a (stalled) progress window was hiding a username/password window, and never going to get anywhere without some help; other times I have dismissed the progress dialog without realizing it was waiting for a concealed window.
  3. I have had to Force Quit and relaunch the Finder before it could (re-)mount some or all network volumes.
  4. I have had to reboot the Leopard server before I could (re-)mount its volumes.
  5. I have had Leopard systems fail to share out volumes, and had to re-share them manually. Part of this appears to be a different issue, where Leopard systems don't even mount additional drives until a user logs in (obviously unmounted volumes cannot be mounted over the network). That's not right!

Tonight's problem was a bit different -- I was connecting to a Windows server running Samba, and not getting the right permissions. When I looked in the server's /var/log/samba/smbd.log (because I cannot find any way to see the account used for a network mount in in the Finder), I discovered that the share was mounted as the wrong user. I had never gotten the username/password dialog for this mount, as I had (the wrong) user credentials cached in NetAuthAgent.

The Tiger behavior is to default to the client username (the account mounting the share from the server). Leopard instead uses whichever user it has a cached credential for. I have now changed my scripts to always specify the username when mounting shares, e.g., open smb://pepper@inspectore/inspector.

Thursday, February 21 2008

Between Jobs

For dessert: 4 bags of chocolate chips

It feels very very strange to be unemployed -- it's been 7 years since the last time, and I was too freaked out at Shooting Gallery laying me off to feel this way. Now that I'm a grown-up (having kid(s) means you're responsible, even when you're irresponsible!) it's a good thing that we're covered by RU insurance past the start date for GS insurance, but the whole experience is still very odd. I wiped the third computer today at 5:30pm, and am copying data off computer #4 (old reppep.com) right now in preparation for retiring it (it's falling apart, apparently -- optical drive died an hour ago).

Now I just need Apple to update the MBP15s, so I can replace this PowerBook. It's doing better than I thought, though -- doesn't seem any doubt that it will serve until the next update.

RU IT did right by me today -- a grand spread, consisting of John's pizza, baby back ribs, beef ribs (they looked like something from The Flintstones), and chicken wings. A nice (short) speech by Armand, and well wishes all around. Elaine hung a bunch of colorful signs, which delighted Julia.

I closed out my helpdesk tickets, turned in my keys (forgot to turn in my ID/swipe card, though), and updated the documentation on our load balancers again, as well as re-re-recapping for my co-workers. I had to say "Look, when you feel like you're an idiot, don't worry -- I felt like that repeatedly for years while working with these. The Big-IPs are absurdly complicated. Two kernels, a super 'switch card' that's doing all kinds of crazy (non-switch) stuff, over 20 IP addresses, 8 networks, plenty of bugs, and delays in getting technical support. It's not you!"

Maybe I'll have some time to investigate Linux & Windows text editors.

Tuesday, February 19 2008

reppep.com Migrated

On Feb 19, 2008, I shut down the old reppep.com server, which ran Mac OS X 10.4 "Tiger" Server, and replaced it with a new (cheaper and faster) PC running Linux. Unfortunately, the password formats are incompatible, so I apologize to app reppep users for the disruption.

Please call me if you have an account on reppep.com and haven't received your password already, or find anything not working right.

I switched from Apple's jabberd to Openfire, which doesn't use the UNIX system accounts, so let me know if you want a chat account (compatible with iChat & GTalk).

[Done] I forgot SquirrelMail address books -- should be able to bring those over too.

  • Firewall problem fixed. SMTP MX issue fixed.
  • Virus filtering problem fixed.
  • Webmail certificate fixed.
  • Quota problem fixed.
  • Virtual domains for email fixed.

As of 5pm, I don't know anything that doesn't work (aside from SquirrelMail address books) [fixed Thursday].

Thanks for your patience!

As of 10:30 on the 20th, things seem to be working. Something's screwy with amavisd-new's quarantine, but mail is going through. I reinstalled Openfire, and chat seems okay under the correct hostname/certificate name now (will try signing it as ca.reppep.com later).

Good timing -- the optical drive on the old server died tonight.

I have distributed all the new temporary passwords, so any users having trouble logging in should let me know.

Markdown.cgi is still broken, but I'm the only person who uses it here, so I'll get to it.

On Thursday the 21st, I found a problem with amavisd-new -- it had quarantined 32,000 messages in a single directory, and was stuck (apparently ext3 doesn't support more than 32,000 files in a directory). I cleared it out and finally managed to disable quarantine, which wasn't as easy as it should have been, and the backlog of messages have been delivered as of 9:15pm.

At 11pm, I fixed an issue preventing SMTP AUTH from working properly, which was interfering with sending email to non-reppep addresses.

Thursday, January 24 2008

Keychain Sync without .Mac

After getting burned too many times, I dropped my .Mac subscription. I never trusted my Apple keychains to iDisk anyway, but this means I have different subsets of passwords on different machines, and no good way to keep them in sync. I thought of a solution for manual sync last week: One keychain per Mac. Say I have 3 systems: work, home, and other. Each system has 3 Apple keychains: work.keychain, home.keychain, and other.keychain, with each host using its own as the default. Then I can rsync work.keychain to home.keychain & other.keychain, etc. This is awkward with rsync because it's inherently unidirectional, but keychains are small so it's quite feasible to script.

In Tiger, I know the keychain is actually stored in memory once it's unlocked, so it's good to lock (unload) all keychains with "security lock-keychain -a" before updating the files -- this goes in the same script. I also set mine to lock after 2 hours of inactivity, or (on those systems where I run SSHKeychain) when sleeping or activating the (locking) screen saver.

- page 1 of 6