TidBITS#722/22-Mar-04
=====================
We range far and wide this week! Glenn Fleishman contributes two
articles, one explaining how soft mounting went away in Mac OS X
10.3.3 and another examining Sender Policy Framework, a new anti-
spoofing technology for email. Then, Tony Williams reviews the
highly entertaining book Apple Confidential 2.0. We also tell you
about the new headline site Macminer.com, Guy Kawasaki's cover
contest for his next book, the release of GraphicConverter 5,
and Belkin's new iPod voice recorder. Win PDFpen in this week's
DealBITS drawing!
Topics:
MailBITS/22-Mar-04
DealBITS Drawing: PDFpen from SmileOnMyMac
Mounting Servers Becomes Rational in 10.3.3
BookBITS: Apple Confidential 2.0
Sender Policy Framework: SPF Protection for Email
Hot Topics in TidBITS Talk/22-Mar-04
<http://www.tidbits.com/tb-issues/TidBITS-722.html>
<ftp://ftp.tidbits.com/issues/2004/TidBITS#722_22-Mar-04.etx>
Copyright 2004 TidBITS: Reuse governed by Creative Commons license
<http://www.tidbits.com/terms/> Contact: <[EMAIL PROTECTED]>
---------------------------------------------------------------
This issue of TidBITS sponsored in part by:
* Make friends and influence people by sponsoring TidBITS!
Put your company and products in front of tens of thousands of
savvy, committed Macintosh users who actually buy stuff.
For more information and rates, email <[EMAIL PROTECTED]>.
* READERS LIKE YOU! Help keep TidBITS great via our voluntary <------ NEW!
contribution program. Special thanks this week to Thomas Knox,
Carl Zimmerman, and Lee Eldridge for their generous support!
<http://www.tidbits.com/about/support/contributors.html>
* SMALL DOG ELECTRONICS: iBook Sale! <------------------------------- NEW!
iBook G3/800/AirPort $749! iBook G3/800/AirPort/640 MB RAM $815
iBook G3/900 14-inch 256/40/Combo/56K/AirPort $1069!
Visit: <http://www.smalldog.com/tb/> 802-496-7171
* FETCH SOFTWORKS: With FTP, Fetch does it all! Upload, <------------ NEW!
download, mirror, and manage your web site. Fetch works
with Mac OS X, Mac OS 9, Mac OS 8, and even System 7!
Get your free trial version at <http://fetchsoftworks.com/>!
* Discover, Master, and Unleash the Music in You!
The Big Mix from Aladdin Systems delivers nine awesome titles
in one complete audio package. Get the Big Mix for only $69.99.
<http://www.aladdinsys.com/store/tidbits/bigmix.html>
* Dr. Bott, LLC: We got into this business because we love
computer stuff. We now have the chance - the DUTY - to sit and
geek out with technology every day under the guise of "work."
And if it's cool enough, we sell it. <http://www.drbott.com/>
* Web Crossing: Free Web Crossing Express now adds discussions and <- NEW!
plug-ins (low-volume) to the unlimited Web/FTP/email server.
Plug-ins add blogs, wikis, RSS, & more. Perfect for small biz,
families or clubs. Try it! <http://www.webcrossing.com/tb-304>
---------------------------------------------------------------
MailBITS/22-Mar-04
------------------
**Macminer.com: Better Mac Headlines** -- As you know, we're
highly selective about what news we publish in TidBITS, which
makes for quite a job of culling through the press releases we
receive and scanning other sites to see what else is happening
that might warrant coverage. I've just come across a new site
that promises to make lighter work of our headline scanning:
Macminer.com. Started by Tobias Engler, who helped translate
TidBITS into German several years ago, Macminer.com takes the
standard headline list to new levels. You can click any headline
to view it, of course, but more interestingly, you can click
buttons next to each headline to email it to a friend, view
similar news stories, show all the headlines from a particular
site, and hide all the headlines from sites that don't interest
you (this last setting is persistent). A Hot Topics listing at
the top of the screen lets you filter the headlines along specific
topics, and more general filters allow you to categorize your
news views. You can even create your own filters. It's highly
refreshing to see a news headline site that so completely
understands that it's a database and make database-style actions
possible - it's basically a smart search engine for Mac news.
If you're a Mac news hound, check it out. [ACE]
<http://www.macminer.com/>
**Belkin Offering External Microphone Adapter for iPod** -- Belkin's
latest iPod add-on lets you plug in an external microphone for
recording audio to your iPod. The Universal Microphone Adapter
accepts 3.5 mm microphones and plugs into the special headphone/
adapter jack found on the dock-based iPod series. The adapter
shipped 17-Mar-04 and costs $60 from Belkin; or about $40 from
resellers. The adapter records 16-bit audio (ostensibly stereo)
at 8 KHz, which is adequate for voice recording but would be
sub-par for live music recording. The adapter has its own
headphone jack to replace the one it's using, a level indicator,
and a three-position gain switch to adjust sound sensitivity
on the microphone you attach.
<http://catalog.belkin.com/IWCatProductPage.process?&Product_Id=158384>
Belkin's previous offering, the Voice Recorder, was a mono
recorder with relatively low fidelity and no adjustments,
although a reasonable choice for compactness. In low ambient
noise conditions, the Voice Recorder performed well. But at
any distance or with any complex sound situation, the recorder
lost distinction and rendered sound somewhat unintelligible.
By contrast, the Universal Microphone Adapter lets you change
sensitivity on the fly. The level indicator - which displays
tones that range from green through yellow to red - ensures
that you're actually recording sound and that it's not breaking
up at the loudest end. As with Belkin's previous product, it's
extremely hard to use the iPod's hold button since it's partially
covered by the adapter. [GF]
**GraphicConverter 5.0.1 Released** -- TidBITS readers with long
memories have probably already noted that we tend to mention Lemke
Software's image processing utility GraphicConverter often in
these issues (at least 21 times since 1997, in fact). Largely this
is due to the fact that this robust shareware application competes
on almost all fronts with Adobe Photoshop, the powerhouse of image
processing - yet costs a measly $30. But it's also due to how
extensive the changes are - and release notes that accompany
them - between revisions. Now, GraphicConverter has turned 5,
gaining a browser search feature, improved handling of EXIF data,
the capability to export a photo slideshow as a movie file, and
lots of other enhancements and bug fixes (a small 5.0.1 version
released late last week fixes an error that cropped up when saving
files). GraphicConverter 5.0.1 runs on Mac OS 8.5 and higher,
including Mac OS X, and is a 6 MB download. [JLC]
<http://www.lemkesoft.com/en/graphcon.htm>
<http://www.lemkesoft.com/en/graphversionsueb.htm>
**Guy Kawasaki's Cover Contest** -- Guy Kawasaki, Apple's original
evangelist and now CEO of the venture capital investment bank
Garage Technology Ventures, is running a contest to come up with
a cover for his upcoming book, The Art of the Start. Click the
graphic on the page linked below, submit your entry, and you
could win a Canon EOS Digital Rebel camera with lens, an
autographed copy of the book, and 250 credits toward images
on iStockPhoto.com. The deadline for entry is 15-Apr-04.
PS: From what I saw of the drafts, it's a good book. [ACE]
<http://www.istockphoto.com/contest/cover.php>
DealBITS Drawing: PDFpen from SmileOnMyMac
------------------------------------------
by Adam C. Engst <[EMAIL PROTECTED]>
Adobe's PDF format has become commonplace as a replacement for
paper, but unless you own the full Adobe Acrobat package, you
can't do much more than read and print PDF files. For a number of
standard tasks that you'd expect to be able to perform with paper,
that can now change with PDFpen from SmileOnMyMac; it's a utility
that enables you to edit PDF files in several useful ways. PDFpen
lets you insert and remove pages, move pages around in a document,
and copy them between documents. You can also overlay text,
images, and even freehand drawings on top of PDF documents, and
you can even keep a library of frequently used items for fast
access. Now you can easily add your signature to PDF documents
and return them via email (or SmileOnMyMac's Page Sender fax
software) without having to print a document just to sign and
fax it back. PDFpen is also fully scriptable and comes with a
variety of example scripts that show how to perform actions like
adding page numbers to a PDF document. PDFpen requires Mac OS X
10.2.5 or later.
<http://www.smileonmymac.com/pdfpen/>
<http://db.tidbits.com/getbits.acgi?tbart=07511>
In this week's DealBITS drawing, we're giving away three copies
of PDFpen 1.2, valued at $29.95 each. Those who aren't among our
lucky winners will receive a discount price. Enter at the DealBITS
page linked below, and be sure to read and agree to the drawing
rules on that page. As always, all information gathered is covered
by our comprehensive privacy policy. Lastly, check your spam
filters, since you must be able to receive email from my address
to learn if you've won.
<http://www.tidbits.com/dealbits/smileonmymac.html>
<http://www.tidbits.com/about/privacy.html>
Mounting Servers Becomes Rational in 10.3.3
-------------------------------------------
by Glenn Fleishman <[EMAIL PROTECTED]>
Part of the charm of last week's update to Mac OS X 10.3.3 is
that Apple listened to the user confusion that the initial Panther
release caused by creating two entirely different methods of
mounting servers in the Finder. Let's recap the situation, which
I explained when introducing my "Take Control of Sharing Files
in Panther" ebook back in TidBITS-716_.
<http://db.tidbits.com/getbits.acgi?tbart=07537>
**Hard and Soft Mounting** -- Mac OS X 10.2 Jaguar's Connect to
Server dialog (accessible from the Go menu in the Finder) let you
either enter an address manually or choose from a list of servers
that Jaguar discovered by scanning the local network. In Panther,
Apple split these two functions and the method by which they
worked. The Panther version of the Connect to Server dialog
requires you to enter an address or select from a list of stored
favorites. To scan your local network for available servers, you
must click the Network icon in any Finder window's sidebar.
The split wasn't related purely to the interface, though.
Connecting to a server through the Connect to Server dialog before
10.3.3 used hard mounting, which is what we were used to when
mounting servers in the past. Hard-mounted servers appear on
the Desktop and work like a drive physically connected to the
computer. The main downside of hard mounting is that the Finder
can lock up for quite some time if a mounted server volume becomes
unavailable.
To address that annoyance (and it was a serious one), the pre-
10.3.3 Network browser employed a new form of mounting servers
long available in Unix: soft mounting. When you connected to a
server using soft mounting, the network volume didn't appear on
the Desktop and it even mounted at a different place in the Unix
directory hierarchy. In practical use, soft mounting was
nightmarish: soft-mounted volumes wouldn't properly store their
passwords in the Keychain, it was difficult to eject a soft-
mounted volume, and aliases to soft-mounted volumes broke quickly.
**Firmer Ground** -- Apple listened to your complaints and
resolved the situation by eliminating soft mounting entirely from
the graphical interface (you can still employ soft mounting from
the command line). In some ways, the move was a bit of a cop-out,
since the problem with the Finder locking up when hard-mounted
servers become unavailable is still present. I hope Apple will
manage to make the Finder less sensitive to the disappearance
of a mounted server.
Apple's release notes about 10.3.3 indicate a host of changes,
which I confirmed in testing: Mounting a server via Network
browsing is now practically identical to mounting one though the
Connect to Server dialog. A Network browser-mounted volume appears
on the Desktop and in the sidebar of Finder windows; it is listed
in the hidden /Volumes directory (use Go to Folder in the Finder's
Go menu to see it); you can store the password necessary to mount
it in your Keychain; and you can dismount it by dragging it to
the Eject icon in the Dock, Control-clicking it and choosing
Eject, or clicking its Eject button in the sidebar. Along
with those improvements, you can now see Samba (Windows-style)
workgroups in the Network browser.
**Sharing Files 1.1** -- To explain these changes, I've updated
"Take Control of Sharing Files in Panther." Other changes in the
ebook, many of which were suggested by readers, include a new
section discussing how sleep interacts with file sharing, a tip
explaining how to display the list of files in a directory shared
via Apache, instructions on mounting .Mac iDisk volumes via
WebDAV, instructions on how to turn on and use SFTP (Secure FTP),
and coverage of the AppleShare security problems I outlined in
TidBITS-719_.
<http://db.tidbits.com/getbits.acgi?tbart=07563>
The 1.1 version is available now, and as with all minor updates
to Take Control ebooks, purchasers of this title can upgrade for
free; we've done our best to notify all current customers but if
you didn't receive notification, send Tonya email using the form
on our Ordering Tips page, which also answers all the frequently
asked questions we've received about ordering.
<http://www.tidbits.com/takecontrol/panther/sharing.html>
<http://www.tidbits.com/takecontrol/ordering-tips.html>
BookBITS: Apple Confidential 2.0
--------------------------------
by Tony Williams <[EMAIL PROTECTED]>
A number of books covering the history of Apple Computer have
been released, but none have satisfied me. They were either too
dry, or were self-serving autobiographies I found difficult to
believe (one particular ex-Pepsi employee stands out in this
category). However, a recent title is a refreshing change:
Owen W. Linzmayer's Apple Confidential 2.0: The Definitive
History of the World's Most Colorful Company. This cleverly
written, well laid-out history of Apple Computer contains plenty
of nuggets that all Apple aficionados will appreciate.
<http://www.owenink.com/ac/contents.html>
<http://www.nostarch.com/apple2.htm>
I am, however, at a slight disadvantage with this review.
I haven't read the first edition of Apple Confidential, so
I can't tell you how much this book has changed. According to
the publisher, No Starch Press, the book contains 60 new pages
"including greatly revised chapters." It has to be said that
the table of contents is almost identical.
I love the layout. Wide margins give Linzmayer the opportunity
to place additional material such as anecdotes and quotes (many
referenced from other histories of Apple) and the text is
scattered with numerous small photos. Overall, it looks and
reads a little like a good quality magazine. It is well written
and highly readable, and lends itself to dipping in and out of
the story almost anywhere. Once I'd finished the book, I found
myself re-reading various short sections for the next fortnight.
For example, I liked the chapter that gave me the list of all the
people whose signatures appeared inside the case of the original
Macintosh 128K, their job descriptions at the time, and where they
are now. I appreciated the various timelines, such as one listing
the various Macintosh models and another for the various version
of the Mac OS. The inclusion of chapters covering NeXT and Pixar
is marvelous - after all, Mac OS X was built from NeXTstep, and
Pixar is the company that made Steve Jobs a billionaire. Linzmayer
also focuses well on the people at Apple, not just the events.
This focus and the large number of quotes and related information
in the margins adds to the book's light feel and readability.
Despite the wealth of material, I felt that the book seems
slightly rushed towards the end. I'd like to see more space given
to recent history, even though most of the recent information is
much better known than the old. Still, with this update it seems
that Linzmayer's book strives to be an ongoing chronicler of
Apple; what better time to set down the details than the present?
Apple Confidential 2.0 is a highly readable account of the people
and events that surround arguably the most exciting computer
company in the world. I'd recommend it to anyone who would like
to understand where their Macintosh comes from. The book is 304
pages and costs $20 retail.
<http://www.amazon.com/exec/obidos/ASIN/1593270100/tidbitselectro00/ref=nosim>
[Tony Williams is a Macintosh IT Manager and has previously been
a programmer, journalist, and magazine editor. You can read more
of his reviews at Tony's Book Spot.]
<http://books.honestpuck.com/>
Sender Policy Framework: SPF Protection for Email
-------------------------------------------------
by Glenn Fleishman <[EMAIL PROTECTED]>
A fundamental reason for the proliferation of spam is that the
underlying mechanisms for exchanging email over the Internet
never check the identity of the sender. Any user anywhere on
the Internet can send email that appears to come from any email
address. This is a common reason why you receive angry email
messages from people asking why you spammed them. You didn't:
some spammers used their simple software to spoof your address
(usually chosen at random) in spam.
There's a new technique generating some discussion that may change
the balance of power and ultimately put more control back in the
hands of the owners of individual domain names. It's called Sender
Policy Framework (SPF), and it allows a system administrator to
tell other mail servers which servers may legitimately send email
with a given domain name as the return address.
<http://spf.pobox.com/>
**SPF Basics** -- The idea behind SPF is simple. Those of us who
have domain names, including Internet service providers (ISPs),
add records (or have them added on our behalf) that assign IP
numbers to domain and host names. For instance, king.tidbits.com
currently maps to 216.168.61.154 and emperor.tidbits.com is
216.168.61.78.
These domain records, which are simple text files with one entry
per line, also tell mail servers where to deliver mail using mail
exchanger (MX) records. The domain record for tidbits.com has an
MX record that says to deliver email to emperor.tidbits.com. If
that server is busy, an additional entry says to try
king.tidbits.com as a backup or secondary.
With SPF, you or a system administrator adds a line that lists the
mail servers from which email that is addressed from your domain
may be sent. For TidBITS staffers, we would add a line that says,
"legitimate email with @tidbits.com in the address must originate
from king.tidbits.com or emperor.tidbits.com." Since we often work
on the road, we would also say, in SPF format, "or from any SPF
mail servers defined by Speakeasy Networks, EarthLink, and
Comcast."
**Will SPF Work?** For SPF to carry out its objective, two things
must happen: domain owners have to add SPF records, and mail
servers need to be reconfigured to check SPF records before
accepting email messages from domains that list SPF records. Both
of these are happening simultaneously. AOL, for instance, started
listing SPF records weeks ago, and other ISPs may follow. (In
fact, SPF was devised by the founder of pobox.com, a popular and
long-time email service provider.)
Because there's no penalty in adding SPF records, over 7,500 ISPs
(according to the SPF site) have already added them. The SPF site
offers a wizard for composing these records to avoid learning the
syntax by hand. For instance, the SPF record for my glennf.com
domain will look like this:
"v=spf1 a mx ptr ip4:64.81.13.192/26 include:speakeasy.net -all"
<http://spf.pobox.com/wizard.html>
For many users, composing these entries will still be too
technical. They can look for assistance to their domain hosts;
the company TidBITS relies on, easyDNS, has already indicated to
us that they're working on supporting SPF. When a domain hosting
company supports SPF, it should be even simpler for users to add
SPF settings.
The other half requires more effort. The SPF site lists patches
and beta test versions for some major mail transfer agents (MTAs),
the formal name for mail servers that receive messages addressed
to users at any domain for which the server accepts email. This
includes Postfix (the default mail server in Mac OS X 10.3),
Sendmail (which is widely used throughout the Unix and Linux world
and which Apple included with Mac OS X 10.2 and earlier), Exim,
and Qmail.
<http://spf.pobox.com/downloads.html>
SpamAssassin 2.70 will also include SPF support as part of its
scoring system.
**Flies in the Ointment: Legitimate Spoofing** -- As email and
anti-spam consultant John Levine pointed out to Adam Engst and
me via email and in an essay he's posted, the fundamental problem
that SPF is solving isn't precisely spam, but spoofing, and it's
not at all uncommon to rely on systems that operate by spoofing
mail legitimately.
<http://www.taugh.com/mp/lmap.html>
Mailing lists are the most problematic, since if someone sends
mail to certain discussion lists, the message as sent by the
mailing list will appear to be from that person, but will be
sent out via the list server. Assuming the poster isn't using
an account at the same domain as the list server, any SPF checks
would fail, since the list server wouldn't be SPF-approved for
mail from the sender's domain.
Also, many sites let you forward an article to someone else. These
services typically require you to enter your return address and
the publication spoofs your address so the message appears to come
from you and so any replies go back to you.
Finally, many email forwarding services rewrite incoming message
headers so forwarded messages look like they came from the
original sender instead of the forwarding service. I use my alumni
association's free forwarding from aya.yale.edu to my address, and
many other mailing services allow the same kind of forwarding.
The mailing list and forwarding problems would require reworking
of many aspects of email systems. The end result might be better,
but the transition could be painful. John Levine offered some
suggestions in his essay above for plastering over the problem,
and the SPF site has specific suggestions as well.
<http://spf.pobox.com/faq.html#forwarding>
These three spoof-at-your-request problems remain the biggest
obstacles facing broad SPF adoption.
**Isn't Microsoft Already Doing This?** Microsoft made some
interesting announcements a few weeks ago at the RSA security
conference about a strategy similar to SPF called Caller ID.
<http://www.pcworld.com/news/article/0,aid,114911,00.asp>
<http://www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspx>
Caller ID must download and parse an entire email message before
it can apply itself, and it uses XML (Extensible Markup Language)
to encode information in the DNS record. SPF is less formal
(although its proponents are working towards having it ratified
as an Internet standard) but it can work with just the message
envelope, which mail servers read before they even see the message
headers and body.
SPF-enabled mail servers should be able to read Caller ID records,
however, because of the similarity in approach. They're not
inconsistent with one another, despite their different tacks.
Caller ID might better avoid issues with the kinds of legitimate
spoofing described above because it may be capable of better
analyzing the path of legal forwarded addresses or mailing list
addresses.
From what I can tell at the moment, Microsoft will provide
royalty-free licenses for any patents necessary to implement
Caller ID. There are currently no patents associated with SPF,
and its inventor has publicly declared his intent to keep SPF
royalty-free should any future defensive patents become necessary.
**Can SPF Succeed?** SPF definitely suffers from the chicken and
egg problem, but early adoption from AOL and other major ISPs
might give it a boost. I expect that many large ISPs will find it
worthwhile to adopt SPF as soon as the mail server software is
widely tested - no ISP wants to be an early adopter - because it
could radically reduce the amount of email that they process and
store.
Early adoption by ISPs has a huge advantage: the ISPs could start
preventing the massive amount of returned email that wasn't sent
from their users, which is part of the overwhelming problem of
spam - but only part of it.
If SPF is adopted by a large number of ISPs, spammers will start
using domains that lack SPF records, and it's likely that those
domains would be shunned, much as happens with domains that allow
open relay exploitation by spammers. Because most domains are
hosted by ISPs, the ISPs would then encourage or even require
their customers with domains to have SPF records.
Ultimately, as the SPF site itself notes, spammers would register
new domains and provide SPF records for those domains, but ISPs
could out-evolve this approach given that existing tools could
easily recognize and block email from domains - particularly
newly registered domains - that send only spam.
**Spammers Always Find a Way** -- Of course, spammers always find
a way around any difficulty. It's hard to blame them in one sense,
because spam is evolution in action. Much like fruit flies cycle
through generations so quickly they're used to test ideas of
genetics, spammers send out so many billions of messages that
it's natural (in the worst sense) that the ones that slip through
inform them how to build better spam-sending engines. This doesn't
mean we in any way approve of spam, but it does explain the
inevitability of spam adaptations.
SPF solves a part of the problem, but not the whole problem.
Spoofing is just one aspect of spam, but reducing even part of
the spoofing problem reduces the overall demands on each email
system as well as the amount of illegitimate email that's sent.
No magic bullet exists that will end the battle against spam, but
all domain owners should take a hard look at SPF. It's just one
more tool in the arsenal of keeping a clean mailbox, but either
SPF or something like it is in our future.
Hot Topics in TidBITS Talk/22-Mar-04
------------------------------------
by TidBITS Staff <[EMAIL PROTECTED]>
**An iChat State Proposal** -- Adam offers a new way of thinking
about how iChat should handle availability states, and everyone
else chimes in with their views. (10 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2195>
**Eudora and S/MIME** -- Want to sign Eudora messages with S/MIME,
or integrate the program with PGP? Check out this discussion for
pointers. (7 messages)
<http://db.tidbits.com/getbits.acgi?tlkthrd=2193>
$$
Non-profit, non-commercial publications may reprint articles if
full credit is given. Others please contact us. We don't guarantee
accuracy of articles. Caveat lector. Publication, product, and
company names may be registered trademarks of their companies.
For information: how to subscribe, where to find back issues,
and more, see <http://www.tidbits.com/>. TidBITS ISSN 1090-7017.
Send comments and editorial submissions to: <[EMAIL PROTECTED]>
Back issues available at: <http://www.tidbits.com/tb-issues/>
And: <ftp://ftp.tidbits.com/issues/>
Full text searching available at: <http://www.tidbits.com/search/>
-------------------------------------------------------------------
