Series: Mac OS 9
Security, Multiple Users, Sherlock 2, and more...get the facts on features & compatibility
Article 1 of 5 in series
by Geoff Duncan
Apple has released Mac OS 9 with fanfare, billing it as "the best Internet OS ever" and touting more than 50 new features. Some of these features add significant new capabilities (like file sharing over the Internet, encryption, support for multiple users, and automatic software updating via the Internet); other features mark the return of old ideas (the Keychain password management tool, a Sound control panel, and flexible PlainTalk speech recognition); and still other features are extensions of previous enhancements, like the almost unrecognizable Sherlock 2Show full article
Apple has released Mac OS 9 with fanfare, billing it as "the best Internet OS ever" and touting more than 50 new features. Some of these features add significant new capabilities (like file sharing over the Internet, encryption, support for multiple users, and automatic software updating via the Internet); other features mark the return of old ideas (the Keychain password management tool, a Sound control panel, and flexible PlainTalk speech recognition); and still other features are extensions of previous enhancements, like the almost unrecognizable Sherlock 2. Under the hood, Mac OS 9 makes some fundamental changes that may break some of your applications but will also be welcome to anyone pushing the limits of what their Macs can do.
Pricing & Requirements -- Apple officially began selling Mac OS 9 23-Oct-99, so it's available now to U.S. and Canadian customers from Apple and virtually all Macintosh software retailers for U.S. $99 or less, such as the $70 after-rebate deals from TidBITS sponsors Outpost.com and Small Dog Electronics (who throw in a pint of Ben & Jerry's ice cream). Apple and those same retailers have been accepting pre-orders for months, so if you've already purchased Mac OS 9, your copy should arrive shortly. Apple says international versions of Mac OS 9 will be available in November.
If you purchased the Mac OS - either on its own or with a new computer - after 05-Oct-99, you may be able to upgrade to Mac OS 9 for $20. Owners of Mac OS 8.5 or 8.6 may qualify for a $20 mail-in rebate from Apple; details are inside the Mac OS 9 box. Unfortunately, both these offers are available only to U.S. customers.
Mac OS 9 requires a Macintosh with a PowerPC processor, at least 32 MB of physical RAM (though 48 to 64 MB of RAM is a more reasonable minimum), and 150 to 400 MB of free disk space depending on selected options. Apple has not certified Mac OS 9 for use with Macintosh clone systems or on systems using third-party processor upgrades, although it may work. Folks with third-party processor upgrades should check with the upgrade manufacturer before trying to install Mac OS 9.
Installation -- Installing Mac OS 9 is self-explanatory, but is best done by booting from the Mac OS 9 CD-ROM - installing Mac OS 9 while booted from other disks almost always proceeded correctly in my tests, but sometimes with unexpected alerts and errors. As always, make a complete backup before attempting to install Mac OS 9. If you use third party hard disk formatting utilities like La Cie's Silverlining or FWB's Hard Disk Toolkit, check to make sure your hard disk drivers are compatible with Mac OS 9 before installing.
In general, Mac OS 9 wants more memory than previous versions. Starting up with extensions disabled, Mac OS 9 uses about 18 MB of RAM. With reasonable extensions, the system software could balloon up to 30 MB with virtual memory turned on; without virtual memory it could require as much as 10 MB of additional RAM.
Apple's Language Kits are included in Mac OS 9; they were sold separately for earlier versions of the Mac OS. If you're using one of the kits (Arabic, Cyrillic, Japanese, etc.) be sure to perform a customized installation of Mac OS 9 that includes the Language Kit you were previously using - otherwise it will not be updated. Also check the Language Kits CD Extras folder on the Mac OS 9 CD-ROM for localized versions of SimpleText, fonts, and utilities.
FCBs & Compatibility -- Mac OS 9's file systems includes two significant under-the-hood enhancements: one allows applications to open files larger than 2 GB; the other increases the maximum number of open file forks from 348 to 8,169. Opening 348 file forks simultaneously might seem unusual, but both the problem and the fix turn out to be significant. The limit predates even the HFS file system, and it's a problem because a typical Mac has many open files you never see: modern applications and versions of the Mac OS rely heavily on shared libraries, temporary files, and plug-ins - all those items count against the open file limit. Plus, we all know people with hundreds of fonts and sounds.
To allow more open files, Apple had to change the file control block (FCB) table the Mac OS uses to track open files. Apple has been warning developers not to access the FCBs directly since 1986, but few developers took Apple seriously because Apple had never revised its own code. So long as Apple software depended on unapproved methods, developers figured their programs could depend on those same methods.
The resulting situation was a mess, and Apple couldn't find a way to increase the number of open files and retain compatibility with widely deployed code. So, in Mac OS 9 Apple instead prevents that code from running and possibly crashing the system or corrupting data. Whenever a program tries to use unsupported methods for accessing information about open files, Mac OS 9 shuts down the application with an error number 119, and displays a dialog saying you need an updated version of that application. It's annoying.
What's more annoying is that many commonly used applications and utilities need updating - I've included a partial list of major problems below. Disk tools, file utilities, font management tools, and anti-virus software are especially likely to be impacted. Alsoft has released a checker that can inspect PowerPC applications for compatibility with the Mac OS 9 file system - it produces an HTML report you can view in a Web browser. I can't vouch for its results, but it could prove useful.
Versions of Adobe's ATM and ATM Deluxe prior to 4.5.2 are incompatible with Mac OS 9, and the Mac OS 9 installer automatically disables them if present. Versions of Adobe Type Reunion prior to 2.5.2 are also incompatible. Adobe has released updates to these utilities for use only under Mac OS 9; keep in mind that Type 1 fonts still print correctly without ATM and current versions of some Adobe applications (such as Acrobat and InDesign) no longer require ATM to rasterize PostScript fonts on screen.
New versions of StuffIt Deluxe and the StuffIt Engine compatible with Mac OS 9 ship on the Mac OS 9 CD-ROM - be sure you install the Internet Utilities. StuffIt Deluxe and components of Private File are not compatible with Mac OS 9; Aladdin expects to ship an update to StuffIt Deluxe soon.
RAM Doubler 8 is reportedly incompatible with Mac OS 9; Connectix expects to have an update available in Jan-00.
Drivers for several Hewlett-Packard DeskWriter and DeskJet printers are incompatible with Mac OS 9; HP says it will update its drivers for compatibility.
AppleWorks must be updated to version 5.0.4 to work with Mac OS 9; an updater is on the Mac OS 9 CD-ROM.
Netscape's TalkBack Quality Feedback Agent - which might be present with Netscape Communicator 4.5 or later - is incompatible with Mac OS 9. You can remove the TalkBack folder from Communicator's folder.
If you use MacsBug, Apple's low-level debugger, you'll need to obtain version 6.6f2c1 for use under Mac OS 9.
As always, there may be additional compatibility problems related to upgrading to Mac OS 9, particularly if you haven't been staying up to date on all of your software. Until you've become comfortable with the stability of Mac OS 9 for your particular uses, save often and back up religiously.
Article 2 of 5 in series
by Geoff Duncan
Although Apple claims there are 50 new features in Mac OS 9, most people are likely to care about only a few. The question is: do Mac OS 9's new features make it compelling for you? This article takes quick looks at some major features in Mac OS 9, and next week we'll look at additional features, more subtle changes, and under-the-hood tweaks. Sherlock 2 -- The most-hyped feature of Mac OS 9 is Sherlock 2, a significant revision to the Internet-enabled Find feature that debuted with Mac OS 8.5Show full article
Although Apple claims there are 50 new features in Mac OS 9, most people are likely to care about only a few. The question is: do Mac OS 9's new features make it compelling for you? This article takes quick looks at some major features in Mac OS 9, and next week we'll look at additional features, more subtle changes, and under-the-hood tweaks.
Sherlock 2 -- The most-hyped feature of Mac OS 9 is Sherlock 2, a significant revision to the Internet-enabled Find feature that debuted with Mac OS 8.5. If anyone's counting, Sherlock 2's version number is actually 3.0.1. The old Find File applications were version 1.x, and previous versions of Sherlock were version 2.x.
The first thing you'll notice about Sherlock 2 is its brushed-metal interface resembling the QuickTime 4 Player, which been justly criticized for its non-standard interface; Sherlock 2 has fewer unexplained elements and offers balloon help (and some tool tips) for its somewhat inscrutable controls. Nonetheless, Sherlock 2 features non-standard windows that can't be rolled up or zoomed, and Sherlock 2 hides, shows, disables, and nudges window elements in confusing ways. Also, Sherlock no longer opens new search results windows for each search, instead combining the query, settings, and search results into a single window.
Sherlock 2 divides its capabilities into "search channels." The Files channel represents the contents of volumes accessible to your computer - and sports additional controls to modify search queries and search the contents of files - while all other channels represent collections of Internet searching plug-ins. Sherlock 2 ships with Internet, People, Apple, Shopping, News, Reference, and My Channel channels that you cannot delete (although you can remove and add specific site plug-ins). My Channel is a custom channel that includes whatever additional Internet site plug-ins you like - and inherits any custom plug-ins you may have previously installed, like the TidBITS plug-in - and you can create and delete additional custom channels for Internet sites. Sherlock 2 can communicate with Lightweight Directory Access Protocol (LDAP) servers; as such, the People channel points to LDAP servers at Yahoo, Bigfoot, and Four11.
Sherlock 2's Internet-related channels may not be to everyone's taste, but they do facilitate sensible management of Sherlock plug-in sets. Instead of managing a long list of plug-ins - or simply leaving all plug-ins enabled all the time - you can focus your searches to appropriate sites. You'll also notice that plug-ins in the News and Shopping channels can add new elements to search results, including prices, dates, and availability. Dates are useful for news items, and Apple is promoting pricing and other information from Shopping channel plug-ins as a way to comparison-shop across many Internet retailers. That might be true when more sites customize their plug-ins for Sherlock 2; my searches revealed the default sites sell the same items at nearly identical prices. Sherlock 2 also offers no way to check for updated plug-ins manually - all plug-in updates happen transparently in the background.
Sherlock support from many Internet sites may now be in question because of Sherlock 2's handling of banner advertisements. When Apple released Sherlock with Mac OS 8.5, the company introduced a capability late in the development cycle to display banner advertisements in Internet search results windows. This capability was intended to make supporting Sherlock palatable to major ad-supported Internet sites, who were upset about Sherlock users bypassing their advertising. Apple's decision was controversial not only for its explicit approval of advertising on users' desktops, but also because banner advertisements aren't always appropriate to all audiences. Within a day of Mac OS 8.5's release, TidBITS began receiving outraged letters from parents, educators, and even kids astonished to see banner advertisements with explicit adult content and other objectionable material (we still receive similar letters). Although major search engines like AltaVista aren't as likely to serve up ads featuring nude models today as they were a year ago, you never know what might appear - major Internet sites still carry ads many teachers and parents would find objectionable.
Sherlock 2 now displays banner ads only from Apple and partners whose plug-ins ship with Mac OS 9. I don't know whether Apple made this change to address issues of objectionable content or whether it simply regards Sherlock's banner area as prime advertising space available only to partners. In any case, Sherlock does not display banner graphics from other sites, instead substituting an Apple banner. This move may help Apple in schools and homes, but may dissuade many sites from developing or supporting Sherlock plug-ins. After all, such sites' banner advertising apparently won't be displayed - even if it's perfectly innocuous - unless they can somehow become an "approved" site. This could reduce Sherlock's Internet searching capability to a mere bundling opportunity for large Internet services and retailers.
Sherlock 2 retains the file-searching capabilities of its predecessors and can search for files by name and by content if you first index your disks. However, Sherlock 2 takes a giant step backwards in searching for multiple file attributes. Additional file search options available via More Choices entries appended to the Sherlock window have been replaced by a mammoth More Search Options dialog that sports a cacophony of 16 checkboxes, 9 text areas, and 18 pop-up menus that enable users to create custom searches based on multiple criteria. To use these options, you must first select Custom from a pop-up menu (or choose More Options from Sherlock's Find menu), hunt through this enormous dialog to click checkboxes next to each desired criterion (and if you typed a file name or file contents in the main Sherlock window, you may get to type it again here), fiddle with the requisite pop-up menus and text entries, click OK to return to the Sherlock window, and finally click the (unlabeled) Find button.
In short, search options are a mess. You can (unintuitively) drop files from the Finder into the modal More Choices dialog to fill in dates and text areas with the dragged file's attributes - though the new data overwrites anything you may have already typed - but you must still hunt and peck checkboxes to enable or disable appropriate items. If you find yourself in the More Search Options dialog often, see if you can save common search criteria as reusable files. If that isn't enough, you can script more flexible Sherlock searches using AppleScript.
Multiple Users -- Another high profile feature of Mac OS 9 is Multiple Users, which enables a number of people to use a single Macintosh, each with their own preferences and customized environment. Multiple Users also provides some basic file security. With Multiple Users enabled, the Mac starts up normally, then runs a Login program that displays a screen where users can enter or select their login ID or choose guest access (if permitted). Users then type a password to log in or use a slick Voice Verification option to identify themselves to the computer. It's less secure than a typed password but distinctly cooler. Multiple Users does not currently load a different set of extensions for each user but can provide different sets of preferences, Apple Menu items, startup items, Favorites, and desktop items. Users can also be set up as Limited users with access only to specific applications, printers, removable media, specific CD/DVD titles, the Chooser, control panels, and other items. Users can also be defined as Panel users who launch programs and manage documents from a shell application called Panel, which behaves much like At Ease or a full-screen Launcher. In Panel, users can expand and collapse panels that provide icon-based access to permitted items, but they can't reach the full range of Finder features. A Mac can use users and passwords set up locally, or it can pick them up from a Macintosh Manager account on the network - handy for lab or classroom administrators using Mac OS X Server. Users can be timed out after a period of inactivity.
Mac OS 9's Voice Verification feature integrates with Multiple Users. If Multiple Users is activated with voice verification enabled, users can speak a passphrase into a PlainTalk-capable microphone to identify themselves to the computer, rather than typing a password. The default passphrase is "My voice is my password," but you can supply your own, taking care it has enough phonemes to be distinct. I immediately changed my passphrase to "Soylent Green is people," although Apple recommends phrases with five to seven words. To set up a voice password, you record yourself saying your passphrase four times - if the voice verification system thinks the recordings are sufficiently similar, you're all set. It's important that you speak normally when setting up a spoken password: speaking loudly or with unusual emphasis seems to do more harm than good.
Apple is promoting Voice Verification as revolutionary technology - and they worked out an appealing presentation with animated spectrum graphs as you record and verify passphrases. Behind the scenes, the authentication system can supposedly be extended, potentially enabling developers to identify users using digital cameras, card keys, or even fingerprint scanners. Nonetheless, Voice Verification seems like a stunt with limited utility. Folks concerned with the security of their Macs don't necessarily use them in environments where it's safe to speak a passphrase - or where it's quiet enough for the computer to distinguish a voice over background noise.
Although Multiple Users could keep an over-inquisitive child (or parent) out of sensitive parts of a Macintosh, its security is easily bypassed by starting up from another device (such as the internal CD-ROM) and limited access privileges may interfere with automated backups or other scheduled operations. Just remember: Multiple Users provides lightweight security and user configuration tools - definitely useful for many people but not enough to protect sensitive data or manage large groups.
Keychain & Data Security -- Mac OS 9 does include security features more robust than Multiple Users. The first is the Keychain, which originally debuted as part of PowerTalk back with System 7 Pro in 1993. The Keychain is a secure place to store passwords to Internet and AppleShare servers, digital signatures, certificates, and other sensitive information - all behind a single password. Applications can access the Keychain directly, so in theory users only have to remember one password to access any Keychain data. Current versions of applications like Eudora, Anarchie, Fetch, and Web Confidential already work with the Keychain, as do the Mac OS 9 Finder, Apple File Security (see below), and AppleShare services. Mac OS 9 can handle multiple Keychain files, and you can unlock Keychain files and move them between computers - they live in the Keychain folder in the Preferences folder. The Keychain file itself is reasonably secure: it never stores the Keychain password on disk (instead using an encryption key derived from the password), and uses export-approved 128-bit RC2 encryption for storage. The Keychain resists repeated attempts to guess a password by exponentially increasing a delay between failed authentication attempts - the more often you guess the wrong password, the longer you have to wait to try again.
The Keychain provides no way for users to maintain or change passwords on remote systems, so users can't quite forget about passwords and login information - they'll still need to access systems manually to manage their accounts. The process is a bit tedious; you open the Keychain Access control panel to look at individual items stored in a Keychain file, including stored passwords. So long as you remember your Keychain password, you should be able to view the password for any item stored in your Keychain. The Keychain is a big improvement over time-honored methods of storing passwords like typing them into a SimpleText document or keeping them on slips of paper. If you find yourself relying on the Keychain, let us emphasize the importance of regular backups - if your Keychain file is lost or corrupted, you could lose access to important files and services.
Another security enhancement in Mac OS 9 is Apple File Security, which can encrypt and decrypt specific files using an arbitrary password. You can run Apple File Security as an application - it's in the Security folder in Mac OS 9's Applications folder - or encrypt files using the Encrypt menu command that appears in the Finder's File menu and in contextual menus. When you encrypt an item, you're asked to type and confirm a password; by default, Apple File Security adds the password to your Keychain. Apple File Security then compresses the file and encrypts it using a 56-bit key - a small yellow key appears on the file's Finder icon. (Apple File Security does not go back to wipe out the disk sectors where the unencrypted file was stored, so somone with disk recovery tools could potentially pull back data from its pre-encrypted state.) A 56-bit encryption key is considered weak security in the cryptographic community - Distributed.net successfully cracked a 56-bit RC5 key in 1997 - but it's currently the largest key size the U.S. government permits for export, and it's strong enough to deter all but the most determined and well-equipped crackers. If someone wants to get into the file, they'll have better luck guessing your password or coercing you into revealing it. Apple File Security cannot encrypt a folder, which also means it can't encrypt a package, a special kind of folder introduced with Mac OS 9 for handling Carbon "application bundles" - collections of files which together form a Carbon application. You'll see more packages as Mac OS X gets closer to reality and developers begin to make programs designed to run under both Mac OS X and Mac OS 9.
To decrypt a file, simply double-click it: Apple File Security launches, prompts you for the password, then proceeds to decrypt and open the file. (You can also decrypt a file without opening it using the Apple File Security application.) Note, however, that once you decrypt a file, it stays decrypted. If you want to secure the file once you've viewed or modified it, you must remember to locate the file in the Finder and encrypt it again. Also, if you forget the password used to encrypt the file, there's no way Apple or anyone else can retrieve the data for you.
More Next Week -- Space constraints require us to delay discussion of some of Mac OS 9's other features and enhancements - tune in next week for additional details.
Article 3 of 5 in series
by Geoff Duncan
Previously, we looked at some installation and compatibility issues with Mac OS 9, as well as some major new features: Sherlock 2, Multiple Users and Voice Verification, plus the Keychain and Apple File SecurityShow full article
Previously, we looked at some installation and compatibility issues with Mac OS 9, as well as some major new features: Sherlock 2, Multiple Users and Voice Verification, plus the Keychain and Apple File Security. This article examines some of Mac OS 9's networking and file sharing features.
Internet File Sharing -- A significant power-user feature in Mac OS 9 is the capability to use both Personal File Sharing and Program Linking over the Internet. Personal File Sharing, which enables users to access files on a remote Macintosh over AppleTalk, debuted with System 7 back in 1991, and though it's limited to ten simultaneous users, it has proven the be one of the Mac OS's most-loved and most-used features.
Now you can use those same capabilities over the Internet, thanks to a special background-only version of Open Door Networks' ShareWay IP that Apple has rolled into Mac OS 9, adding only a single activation checkbox to the File Sharing control panel. You configure users, groups, and privileges as you normally would for Personal File Sharing - except now users can connect to your Macintosh by entering your Mac's IP address into the Chooser (using either a DNS name or an IP number), or perhaps by locating your Macintosh in the Network Browser application. Although TCP/IP File Sharing may not be too useful for folks with dial-up Internet access (and hence ever-changing IP addresses) it's handy for accessing machines with fixed IP addresses from the road or anywhere else that's not on your local AppleTalk network. Note that AppleTalk must still be active in the AppleTalk control panel for TCP/IP File Sharing to work - the feature simply provides access to AppleTalk-based services you've already defined.
Program Linking - otherwise known as the Program-to-Program Communications (PPC) Toolbox - was another feature that appeared way back with System 7, although it hasn't enjoyed the widespread popularity of File Sharing. Program Linking enables applications on separate machines to communicate with each other over a network, all controlled by the users and groups privileges set up in the File Sharing control panel. However, since most programs don't talk to other programs by default, few users took advantage of this capability, and using it to its full potential often required scripting. I may be alone in the universe, but I use Program Linking regularly, both to monitor the status of servers on my network, and also to perform everyday tasks - in fact, issues of TidBITS would never make it to our Web site or be distributed via email if it weren't for Program Linking. For many users, the utility of Program Linking over the Internet will be the capability to run AppleScript scripts that can interact with applications on remote machines via the Internet.
TCP/IP File Sharing and Program Linking raise security questions for many users. Although Internet sharing features are not enabled by default (and guest access isn't available at all for Program Linking over TCP/IP), once they're turned on your Mac's security is limited to the quality of the usernames and passwords you've defined - and, of course, whether you've enabled guest access. Theoretically, your Mac could be accessed by anyone on the Internet, rather than just the comparatively few souls on your local AppleTalk network. Although you can certainly protect your Mac adequately using good, hard-to-guess usernames and passwords and disabling any sort of guest access, Open Door Networks - the same folks who developed these capabilities in the first place - offer enhanced utilities with improved security and monitoring features. ShareWay IP 3.0 adds logging features and the capability to enable or disable IP-based connectivity on a user-by-user basis. You can also change the port number of TCP/IP File Sharing to something besides the standard port 548. Special pricing is available for Mac OS 9 owners. Open Door also offers versions of DoorStop, a stand-alone firewall that offers highly selective allow-or-deny access of Internet services on a Macintosh going back to Mac OS 8.1.
AppleScript 1.4 -- Program Linking over TCP/IP creates new possibilities for Internet-enabled scripts. Typically, AppleScript scripts are confined to running on your local computer as one-shot tasks you trigger yourself or as Folder Actions that act automatically on your behalf. Only ambitious scripters have used the PPC Toolbox to run scripts over AppleTalk, but the rewards of doing so can be substantial: you could open or close databases on a Web server, transfer data to and from remote applications, shuffle files between folders on a remote Macintosh, launch and quit applications on another machine... in short, just about anything you could do with a script on your local Mac, you could do remotely if you were willing to tussle with obscure syntax and scripting tricks.
AppleScript 1.4 adds two enhancements to this scenario - in addition to prepping AppleScript for the forthcoming world of Carbon and Mac OS X. First, AppleScript 1.4 enables the use of "eppc" URLs in tell statements, so scripts can connect to remote machines running Mac OS 9 with TCP/IP Program Linking turned on:
tell application "Finder" of machine "eppc://pointless.quibble.com/" beep end tell
Second, AppleScript has a new "using terms from" block to get around the infamous "double-tell" trick of writing scripts for applications on remote machines: you can use terminology from a local application to compile a script that will execute on a remote system:
using terms from application "FileMaker Pro" tell application "FileMaker Pro" of machine "eppc://pointless.quibble.com/" open database "Contacts" with password "LaVidaPoca" end tell end using terms from
Unfortunately, Apple doesn't document these capabilities online or in any of the materials that ship with Mac OS 9. Hopefully, Apple will update its AppleScript Web site soon discuss these features, as well as additional scripting enhancements in Mac OS 9. In the meantime, Bill Cheeseman's AppleScript SourceBook is a good place to look for information about AppleScript 1.4.
Network Services Location -- Although AppleTalk is often maligned by network administrators (especially those who don't use Macs), Apple's age-old networking protocol has always offered good ease of use, simple administration for small groups, and features still not found in many modern networking environments, such as the ability to "see" network resources dynamically as they appear and disappear from a network. Nonetheless, AppleTalk faces two fundamental problems: AppleTalk isn't based on Internet technologies, and network administrators believe (mostly erroneously) that AppleTalk services consume lots of bandwidth as they "chatter" to locate other AppleTalk services.
So, Apple started working on Network Services Location (NSL), a protocol-independent way for programs to learn about services available on a local intranet. The key phrase here is "intranet", not "Internet" - although these services can operate over the Internet because they aren't bound to any one protocol, they aren't intended to encompass the entire Internet. The idea is to bring some of the best features of AppleTalk - discoverability and ease of use - to other protocols and network services.
Apple quietly introduced support for NSL in Mac OS 8.5 and 8.6, although there were no visible manifestations. Apple solidified NSL in Mac OS 9, although users may still find it confusing and hard to use until applications and servers intelligently take advantage of its capabilities.
In Mac OS 9, NSL includes plug-ins for four services - DNS, LDAP, Service Location Protocol, and AppleTalk. In theory, this enables NSL-savvy applications like the Network Browser to locate and connect to network services using any one of these protocols. Items from each of these services appear in "neighborhoods" - hierarchical groupings of network items - that can contain items from any of the available network services, as well as other "sub-neighborhoods". Depending on your LAN setup, the Network Browser might be able to see your local FTP servers, Macs running Personal File Sharing and Personal Web Sharing, Web servers on your intranet, organizational information kept in an LDAP directory server - plus everything you'd expect to see on an AppleTalk network, including zones and file servers, but not printers. Apple's Personal File Sharing and Personal Web Sharing use Service Location Protocol (SLP), a new way for clients to learn about available network servers, so these services automatically appear in the Network Browser as local services under Mac OS 9.
There are several catches with NSL and SLP. First, Apple shipped SLP 1.0 in Mac OS 8.5 and 8.6, and SLP 2.0 in Mac OS 9. These two versions are not mutually compatible, so Mac OS 9 systems can't discover SLP services on Mac OS 8.5 and 8.6 systems and vice versa, creating confusion for users. Fortunately, version 1.1 of the SLP plug-in from Mac OS 9 (which implements SLP 2.0; it's called "SLPPlugin" in the Extensions folder) will work with Mac OS 8.5 and 8.6 systems, but Apple doesn't document this trick, and it could create administration headaches. Second, although SLP-savvy clients can discover services on a local network, there's currently no way to organize or administer them. On medium-to-large networks SLP is designed to work with servers called "directory agents," which register and administer network services. Directory agents enable the scalability of network services, permit centralized administration of what is and isn't allowed to advertise itself as a network service, and define how those services are organized. However, no SLP directory agents are available right now, although Apple claimed it intended to ship a directory agent for SLP last May at WWDC. So, SLP services can't easily be organized at the moment, which limits their utility.
All this might be moot if your LAN's routers - or those of folks with whom you'd like to communicate - don't support IP multicasting. IP multicasting is a technology designed to facilitate IP-based audio and video transmission - basically, instead of each client or audience member requiring a separate data stream, each client can receive the same data stream, thereby using the network more efficiently. Although most recent routers support IP multicasting, older equipment may not. In the absence of directory agents to coordinate network services, SLP-savvy clients rely on IP multicasting to query the network for desired services. If those queries don't go anywhere, the services on the same LAN can't be discovered and won't appear in the Network Browser.
(Open Door Networks has published a good discussion of SLP and the Mac; it bears reading if you're interested in SLP's history and development.)
So the SLP situation is complicated: what about using NSL in real life? On a small network, NSL can come close to AppleTalk's ease-of-use, especially if users standardize on Mac OS 9 or at least version 1.1 of the SLPPlugin extension. In other situations, using NSL's utility may be hard to predict.
You can add neighborhoods to the Network Browser by entering DNS machine names or IP numbers. However, you can only delete neighborhoods using the Finder - some neighborhoods appear in the Favorites folder in the Apple Menu, others are buried deep in your Preferences folder - or using control panel settings (see below). This difficulty of configuration is an unneeded aggravation since most neighborhoods won't work as people expect.
The Network Browser creates neighborhoods for you when it starts up. If you're on an AppleTalk network, the Network Browser displays an AppleTalk neighborhood which works much as you'd expect. Since NSL has an LDAP plug-in, it also tries to create a neighborhood based on any LDAP server settings you've specified in the Hosts settings of the Advanced tab in your Internet control panel. (If you don't see an Advanced tab, you need to switch to Advanced mode using the User Mode command on the Internet control panel's Edit menu.) Even if you can connect to the specified LDAP server, LDAP resource listings in the Network Browser may be nearly useless: email addresses don't appear as Internet resource files but rather as entirely new neighborhoods which, in turn, contain the entire LDAP directory information again, ad infinitum. Any URLs associated with an LDAP entity are listed separately, creating more confusion.
The Network browser may also try to create a neighborhood based on information you have entered in the search paths fields in your TCP/IP control panel. These neighborhoods display any services discovered using SLP (right now this means only Personal File Sharing over TCP or Personal Web Sharing) or DNS. Unfortunately, the only way a service can be "discovered" using DNS is if the DNS server administrator has created TXT records in that domain identifying services. The format for this record is tucked away in an Apple manual on NSL; if you think network administrators dislike AppleTalk, they'll respond even less favorably to hard-coding references to services into their DNS zones.
In short, Apple has introduced some new fundamental networking technologies with Mac OS 9 that may be useful now to some users in specific environments. However, until server and application support improves, many of these new capabilities may exacerbate confusion about how to access network services.
Remote Access -- Apple has also rolled the features of Apple Remote Access Personal Server into Mac OS 9, enabling a Macintosh to answer modem calls from clients using either PPP or ARAP (Apple Remote Access Protocol) and grant access to either the local computer or the entire local network - this puts Mac OS 9 on par with the dial-up access capabilities built into Windows 98. Remote Access is handy if you need to access your desktop Mac from your PowerBook while you're away from the office, and potentially access your entire office network at the same time.
You can set up call answering in the Remote Access control panel (select Answering from the RemoteAccess menu); Remote Access can act as a PPP server and assign an IP address to a caller using TCP/IP, or allow a caller to use a pre-determined IP address. The File Sharing control panel's User & Groups tab determines which users have the ability to dial in to a Macintosh using Remote Access: dial-in privileges must be enabled on a user-by-user basis, and can be configured to call a user back at a pre-defined number rather than granting immediate access. Mac OS 9's Remote Access capability isn't sufficient to support a pool of remote users - it supports only one modem - but does offer the most current modem scripts for Apple and third-party modems, improved DNS negotiation, support for MS-CHAP, and improved compatibility with AppleTalk/PPP servers. Remote Access also keeps an activity log, so you can check to see if folks are abusing the service or trying to break into your system. Although I haven't tried this in almost two years, there's no reason Windows or Unix machines wouldn't be able to connect to Remote Access using PPP, although they would need AppleTalk software to access any AppleTalk services.
Looking Ahead -- Even all this detail doesn't fully cover Mac OS 9's changes, and we'll be looking at some additional features in a future issue, along with the groundwork for Mac OS X that Apple has laid in the foundations of Mac OS 9.
Article 4 of 5 in series
by Geoff Duncan
Apple Computer has released a free Mac OS 9.0.4 which claims to offer enhanced USB and FireWire support, provide improved networking and power management, plus improve video, graphics, and audio functionalityShow full article
Apple Computer has released a free Mac OS 9.0.4 which claims to offer enhanced USB and FireWire support, provide improved networking and power management, plus improve video, graphics, and audio functionality. Mac OS 9.0.4 is a maintenance release; it does not add new features. The update itself is a 12.2 MB download, and it is available either from Apple's servers or from Mac OS 9's Software Update control panel. As of this writing, versions are available for North American English (at the first URL below) plus International English, French, German, Italian, Japanese, Spanish, and Swedish. Additional localized versions should be available soon.
Owners of Power Mac G4s, PowerBook (FireWire) systems, and slot-loading iMacs will also need to download and install Apple DVD Player 2.2 to support their systems' software-based DVD decoding. Owners of blue and white G3 systems, PowerBook G3 Series, and PowerBook (Bronze keyboard) can stick with Apple DVD Player 1.3, since their systems decode DVDs in hardware.
What's New -- You'd think a 12 MB system software update would include a ReadMe file explaining the changes - but in this case, you'd be wrong. Also missing is an uninstall option: once you've upgraded to Mac OS 9.0.4, reverting to a previous version of Mac OS 9 involves re-installing from scratch. As with any system software update, be sure to do a complete backup before installation, just in case.
The limited information Apple has released indicates Mac OS 9.0.4 should address DVD playback problems on recent Macintosh systems, fix a bug preventing slot-loading iMacs from going to sleep with an active PPP connection, and improve compatibility with third-party FireWire cards. Apple has published a developer technical note on Mac OS 9.0.4, although it mashes together information from Mac OS 9.0 as well as the hardware-specific Mac OS 9.0.2 (for some iBooks, Power Mac G4s, and FireWire-equipped PowerBooks) and Mac 9.0.3 (for some slot-loading iMacs), and contains a number of apparently inaccurate statements.
So far, our limited experience with Mac OS 9.0.4 and our interpretation of the information available about the update indicates you can expect the following additional tweaks:
Open Transport 2.6.1 fixes a number of DHCP networking issues, and includes changes to support the AirPort base station as well as the patches hastily rolled out in Open Transport 2.6 to prevent possible abuse as a traffic amplifier in a denial-of-service attack.
Machines should automatically reboot more reliably after a power failure if they've been set to "server mode" in the Energy Saver control panel.
The Battery Monitor control strip should display improved estimates of remaining battery time on PowerBooks that support a second battery.
Fixes a bug in Mac OS 9 so that the PowerPC-native SCSI Manager is installed at system startup, rather than the version of SCSI Manager in ROM. This should improve SCSI performance of older Power Macs (released before, say, mid-1996) running Mac OS 9.
Glacially slow visual effects in HyperCard on Power Mac G4 systems now work correctly (although this problem was corrected in Mac OS 9.0.2).
What's Not Fixed -- Mac OS 9.0.4 does not address the data corruption problem affecting iBook and PowerBook (FireWire) systems using the "preserve memory contents on sleep" option in the Energy Saver control panel; like Apple's Sleep Memory Extension, Mac OS 9.0.4 merely blocks access to the feature. We've also received numerous reports of problems connecting to USB devices under Mac OS 9.0.4, especially HotSyncing with Palm devices. In addition, devices like TV tuner cards from the now-defunct ixMicro which had audio difficulties under previous versions of Mac OS 9 may lose audio capability altogether.
Our Advice -- The benefits of Mac OS 9.0.4 are mainly aimed at newer Apple hardware, so if you have an older Mac (without USB and/or FireWire) the update may not be useful unless you're suffering from one of the few specific problems it fixes. Otherwise, the update is a good idea, but watch out for problems it introduces.
Article 5 of 5 in series
by Geoff Duncan
Mac OS 9.1 Available Online at Nearly 70 MB -- Apple has quietly released Mac OS 9.1, the latest version of its shipping operating system. Mac OS 9.1 improves support for Multiple Users and iTools, and offers a number of under the hood enhancements including AppleScript 1.5.5, AppleShare Client 3.8.8, OpenGL 1.2, revised FireWire software, a new process manager (enabling faster task switching and better performance for some background applications), and a substantially revised nanokernelShow full article
Mac OS 9.1 Available Online at Nearly 70 MB -- Apple has quietly released Mac OS 9.1, the latest version of its shipping operating system. Mac OS 9.1 improves support for Multiple Users and iTools, and offers a number of under the hood enhancements including AppleScript 1.5.5, AppleShare Client 3.8.8, OpenGL 1.2, revised FireWire software, a new process manager (enabling faster task switching and better performance for some background applications), and a substantially revised nanokernel. Mac OS 9.1 also improves the Finder's Get Info functionality, adds a Window menu to the Finder, and simplifies the top-level folder structure of a newly set up drive to match that of Mac OS X more closely - installing only System, Documents, Apple Extras, and Applications (where Utilities and Assistants now reside). Mac OS 9.1's system requirements are unchanged from Mac OS 9: an Apple original PowerPC-based system with at least 32 MB of RAM (64 MB of RAM or more recommended). Apple does not support third party PowerPC upgrades; although Mac OS 9.1 may work with them, you may wish to let more-ambitious users test the waters first. Also, Mac OS 9.1 and the Mac OS X Public Beta are incompatible; Mac OS 9.1 breaks Mac OS X Public Beta's Classic environment.
The Mac OS 9.1 Update for U.S. English systems is available online for free, but it's a substantial download: nearly 70 MB for 15 segments or a single file (available shortly). A better option may be to order a CD; Mac OS 9 owners in the U.S. can order a full Mac OS 9.1 installation CD for $20 from Apple if they can provide one of Apple's proof of purchase coupons or a copy of a dated sales receipt. Please note that owners of early NuBus Power Macs and Workgroup Servers must use a complete install CD to upgrade to Mac OS 9.1. Similarly, if you use a language kit with Mac OS 9, you must have the full Mac OS 9.1 CD to update your language kit. Localized versions of the Mac OS 9.1 Update are available online for several languages; more should be available shortly. As with any system software update, be sure to perform a complete backup before installation. [GD]