Series: Panther Answers
Get the scoop on Mac OS X 10.3, codenamed "Panther"
Article 1 of 18 in series
Today at Apple's Worldwide Developer Conference, Steve Jobs unveiled the next version of Mac OS X, codenamed Panther and scheduled to ship sometime before the end of 2003 for $130Show full article
Today at Apple's Worldwide Developer Conference, Steve Jobs unveiled the next version of Mac OS X, codenamed Panther and scheduled to ship sometime before the end of 2003 for $130. Mac OS X 10.2 Jaguar was a major upgrade with numerous large and small improvements over the previous version, and from initial impressions, it appears that Panther will follow in Jaguar's footsteps. Jobs said that Apple has made over 100 major changes to Panther. Here's a brief overview, based on the information available at this point.
New Finder -- Panther sports an all new, brushed metal Finder with several significant changes to standard windows that Jobs claimed were more user-centric. In particular, Apple tried to emphasize those folders that people actually use by putting them in the new Places sidebar on the left side of the window, much like albums in iPhoto or playlists in iTunes. The top part of the Places sidebar lists accessible volumes; the lower part holds your favorite folders. Clicking an item in the Places sidebar jumps to it directly. The Finder will feature new Open and Save dialogs that also use the Places sidebar; we'll see if that's sufficient to help us wake from the horrible nightmare that Open and Save dialogs have been for so long.
Labels have finally returned to the Panther Finder, as has network browsing using the Network icon that has long sat (mostly) unused at the top level of everyone's hard disk. Searching should be faster in Panther's Finder as well, and like searching in iTunes and Mail, it will refine the visible items to those that match as you type. In a fascinating twist, Apple has also added an Action menu to the toolbar of Finder windows; it simply contains the content of the contextual menu that would appear if you Control-clicked or right-clicked a selection in the Finder. That says to me that Apple is acknowledging a basic usability problem with contextual menus for many users; there's no way to know a contextual menu is available simply by looking.
Lastly, a new feature called Expose (actually spelled with an accent on the final "e" and pronounced "ex-po-zay" from what little I could hear of the stuttering QuickTime webcast) aims to help us clean our cluttered Desktops. Expose offers three functions that can be invoked with a function key, by throwing the pointer into a corner of the screen, or with a button on multi-button mice. The first function uses Quartz to tile all open windows; mousing over a window displays its title, and clicking one expands it (along with all the rest) and makes it the foreground window. The second function tiles all the windows in the current application while making windows in other applications go grey; again, a click in a window activates it. The third function simply hides all open windows, providing access to the Desktop. Apple doesn't say if pressing the function key a second time will show all those hidden windows again.
Network Improvements -- As is fitting for today's emphasis on the Internet and local area networks, Panther incorporates a number of changes that should make Macs even better network citizens. SMB and Active Directory support has improved, which should enable Macs to coexist on Windows networks better. IPSec-based (IP Security) virtual private networking is also included.
On the Mac-only side, Panther can automatically synchronize files with your iDisk in the background, making it easy to maintain backup copies of important files (although 100 MB of iDisk storage disappears awfully fast these days). The better iDisk integration also means easier sharing of files between computers, and Jobs claimed it works particularly well with laptops that connect only sporadically. It's basically a local folder that syncs via .Mac.
Mail 2.0 and Address Book -- Apple's bundled email client will receive a significant upgrade with Panther. Performance has reportedly improved significantly, and Mail will use Safari's HTML engine, which will help HTML rendering quality and speed. For those who subscribe to mailing lists, Mail will provide a new interface for tracking and reading discussion threads. Mail's spam filter has reportedly been improved for better accuracy, and it can take advantage of server-side spam marking tools like Spam Assassin or Brightmail. One last neat feature that previously existed only in Microsoft's Entourage: replies and forwards are linked to messages, making it easy to track what you've done to a message.
Mail also has more integration with Address Book, and a number of new small features that some people may find helpful when addressing mail, such as the capability to highlight messages addressed to domains not in a "safe" list. Another interesting bit of integration - if you change some of your contact information in Address Book, a new option in that program can automatically notify all your contacts of the new information. Finally, Address Book can print labels and phone books.
User Switching and Security -- In the keynote, Steve Jobs admitted that Windows XP had trumped Mac OS X in how it handled multiple users, since in Windows XP, you don't have to quit all your applications to switch from one user to the other. That feature will be coming to Panther, and it should make Mac OS X significantly faster and easier to use for families having trouble justifying the extra work of multiple accounts. You set up fast user switching in the Accounts preferences pane, which also offers more levels of security that can be assigned to individual users.
Other security improvements include FileVault, which encrypts the entire contents of your home directory using 128-bit AES (Advanced Encryption Standard) encryption. It works on the fly, and is ideal for protecting files on a PowerBook or iBook. Laptop users will also appreciate a new Panther setting that requires a password whenever the Mac wakes from sleep.
Finally, a few utilities from independent developers will suffer from the addition of a new secure delete feature in Panther that writes seven passes of random data over deleted files to prevent them from being recovered.
Faxing and Preview -- With Panther, Apple is entering a mostly ignored field that has seen little decent software over the years: faxing. If you hook up your Mac's internal modem to a phone line, you can fax any document from the Print dialog to contacts in your Address Book with fax numbers. Incoming faxes can be printed, forwarded to an email address, or viewed in the new Preview application, which can now handle multi-page faxes. Preview converts black-and-white images to 8-bit grayscale using anti-aliasing and smoothing techniques, which may make the faxes easier to read on screen. It would be nice to see additional integration with Internet fax services like eFax, since no matter what Apple adds to Panther, there's no way around the annoyance of dealing with fax reception without a dedicated second phone line.
Preview has received additional improvements, particularly in terms of performance and linking. Apple claims "URL support in Preview makes short work of navigating long documents," which I hope means that it supports PDF bookmarks and links. Also supported are links to other documents and out to Internet resources. If Preview offers support for all those types of links and proves to be faster than Acrobat Reader, it may supplant Acrobat Reader as the most capable PDF browser on the Mac. Other features that would help Preview overthrow Acrobat Reader include improved text copying from PDF documents (currently tricky with Acrobat Reader) and indexed text searches.
Font Book -- Secure deletion utility developers are undoubtedly upset at Panther, and font utility developers may be as well, once they see the new Font Book. Like Suitcase and Font Reserve, Font Book helps you install, preview, search, activate, and deactivate your fonts. Activation and deactivation happen dynamically, so you don't need to relaunch applications to take advantage of the changed font sets.
The Font Panel has been enhanced to help you take advantage of font ligatures, kerning, number spacing, rendering fractions, and more. The Character Palette even lets you preview a character rendered into every available font, something that will probably be appreciated by Unicode users.
The Upgrade Question -- Steve Jobs claimed Apple has seven million active users of Mac OS X and said that the transition to Mac OS X will be done by the end of the year. I suspect that means that he thinks all of the people who are going to switch from Mac OS 9 to Mac OS X will have done so by that point, though there's no question that some people will remain with Mac OS 9 until they have reason to buy a new Mac.
As with the migration to Jaguar, I fully expect many existing Jaguar users to be unhappy about paying $130 for the upgrade to Panther, and it's entirely likely that a non-trivial percentage of users will stick with Jaguar. When I asked a roomful of shareware developers at MacHack how many users they estimated hadn't upgraded from Mac OS X 10.1 to Mac OS X 10.2, I heard numbers as high as 20 percent. That surprises me, since Jaguar is so much better than Mac OS X 10.1. Obviously, we won't know for a while how much better than Jaguar Panther really is, but I expect the number of people who consider Jaguar sufficient to be potentially even higher than the number who stuck with Mac OS X 10.1. Apple clearly expects that some people won't upgrade as well, since they're offering iChat AV for free with Panther but charging $30 for those who want to use it with Jaguar.
We'll certainly be ponying up the $130 for Panther when it comes out, so you can look forward to much more detailed coverage and thoughts about whether Panther will be worth your hard-earned cash.
PayBITS: Contribute to TidBITS as a way of saying thanks for our
on-the-day coverage of Apple's WWDC news! Now with PayPal support!
Read more about PayBITS: <http://www.tidbits.com/paybits/>
Article 2 of 18 in series
by Matt Neuburg
Default Folder X & QuicKeys X: Upgrade Before Panther! St. Clair Software has published version 1.9.1 of their popular Open/Save dialog enhancement utility, Default Folder XShow full article
Default Folder X & QuicKeys X: Upgrade Before Panther! St. Clair Software has published version 1.9.1 of their popular Open/Save dialog enhancement utility, Default Folder X. In addition to being compatible with both Mac OS X 10.3 Panther and Mac OS X 10.2 Jaguar, Default Folder X 1.9.1 now tracks files opened directly from the Finder (not just through the Open dialog) and lists recent and favorite folders in a system-wide menu, in the Dock or menu bar. Furthermore, Default Folder's menus are now hierarchical. Version 1.9.1 is a free upgrade for existing users.
St. Clair warns that older versions of Default Folder X are not compatible with Panther. Existing Default Folder X users who upgrade to Panther (even using Archive and Install) won't be able to launch any applications! If this happens to you, log out, log in with the Shift key held down, disable the older version (remove it from the Startup Items tab of the Accounts preference pane), and then log back in. Panther will then operate normally, and you can upgrade Default Folder X at leisure. Default Folder X 1.9.1 is a 3.7 MB download.
CE Software has released a beta of QuicKeys X 2.0.2b3 to work around a similar-sounding problem; launching any other version of QuicKeys X in Panther causes every active application to quit. QuicKeys X 2.0.2b3 is an 11 MB download and comes with a registration number that's good until 19-Nov-03 if you don't already own QuicKeys X. In both cases, following Joe Kissell's advice in "Take Control of Upgrading to Panther" to delete everything from the Login Items preference pane in Jaguar before upgrading to Panther would avoid the problem. [MAN]
Article 3 of 18 in series
by Jeff Carlson
Mac OS X 10.3 Panther bounded out of its lair over the weekend, giving us the opportunity to start using the shipping version and see how it compares to what was promised by Apple at the Worldwide Developer Conference in June (see "Mac OS X 10.3 Panther Springs at WWDC" in TidBITS-685)Show full article
Mac OS X 10.3 Panther bounded out of its lair over the weekend, giving us the opportunity to start using the shipping version and see how it compares to what was promised by Apple at the Worldwide Developer Conference in June (see "Mac OS X 10.3 Panther Springs at WWDC" in TidBITS-685). Apple has packed numerous improvements into this release, both on the surface and under the hood, and has also finally implemented some old favorites. Is it worth the $130 upgrade price? Read on for some of the highlights, and decide for yourself.
New Finder -- The first obvious changes appear in the Finder, which gains the same brushed metal sheen as iTunes and adds the Sidebar, a pane on the left side of every window that provides quick access to volumes and your home directory. If you don't want the Sidebar to occupy as much space, you can drag the separator bar to view as little of the contents as you want, down to just icons. If you drag the bar all the way to the left, or double-click it, the Sidebar disappears. Open and Save dialogs also include the Sidebar, simplifying navigation.
The Sidebar replaces, in theory, the Favorites window: drag a folder to the Sidebar to add it to the list, or drag items out of the Sidebar to remove them with the same "poof" animation used when removing items from the Dock. However, Favorites isn't completely gone, even if there's no keyboard shortcut or menu item for it. Open the Library folder in your Home directory and drag the Favorites folder to the Sidebar to reclaim your favorites.
Other improvements in the Finder include on-the-fly searching, which displays matching items as you type, the reappearance of Finder labels, and a Windows-inspired interface for switching between open applications: press Command-Tab to select the applications' icons in a row onscreen (Proteron's LiteSwitch X performs the same functionality, and the company posted an "open memo" to Apple this week, drawing attention to Apple's controversial appropriation of third-party technologies in the Mac OS).
Exposé -- One surprise at WWDC was the introduction of Exposé (accented at the end and pronounced "ex-po-zay"), an innovative method of unraveling the inevitable tangle of application and Finder windows. When activated by a user-configurable shortcut key, mouse button, or dragging the pointer to a screen corner, Exposé temporarily shrinks and rearranges the windows to make them more visible. Pressing F9 resizes every window so there is no overlap; you can then click the one you want to bring to the front. F10 exposes the front-most application's windows in a similar way and dims the rest of the screen for better contrast. F11 works in the opposite fashion, zipping every window offscreen to reveal the Desktop.
We were slightly skeptical of Exposé at first, but the simple and elegant implementation is starting to win us over. You can either press and release one of the shortcut keys to keep the Exposé display on screen, while you choose a window, but if you keep the shortcut key pressed, you need only mouse over your desired window and release the key to activate that window. One annoyance: Exposé doesn't display Classic windows in its thumbnail view.
Fast User Switching -- Previous versions of Mac OS X required you to completely log out if you wanted to activate another user on the same machine, which meant quitting open applications and essentially restarting your Mac, but without the startup chime. In Panther, you can have multiple users logged in simultaneously, preserving the state at which you switched to a different user. You switch among different users by choosing the desired user name from a new menu on the right side of the menu bar. For homes that share a Mac among multiple family members, Fast User Switching is a godsend, and it has already made the cost of the Panther upgrade worthwhile for me: I needed to help someone configure an application from scratch, so I was able to quickly go through the steps using a brand new user, switching from testing to the email I was writing.
For pure eye-candy tastiness, Fast User Switching is likely to be a feature that many people will try out, even if they don't end up using it frequently. Instead of just displaying another user's Desktop, the environment graphically rotates as if each user belongs to one side of a cube, at least on my 15-inch PowerBook G4; it just switches on my Titanium PowerBook G4 and Adam's iBook. I haven't had a chance to see how the 3D metaphor works with more than six users; it would be swell to have a new cube fly in from a point in space, but I doubt Apple has extended the visual metaphor that far.
I have noticed that some applications behave differently when you switch between users. iChat automatically goes offline, but logs back into the AIM network when you return. Similarly, iTunes stops playing music, but unfortunately it doesn't start playing again when you're back. Also, be careful restarting when other users are active; if they have unsaved work and you can't access their accounts, they'll lose their changes (you need an administrator password to do this).
FileVault -- Responding to the security needs of corporations and privacy-minded individuals, Panther introduces FileVault, a feature that encrypts the contents of your Home folder using AES-128 (Advanced Encryption Standard) encryption. After FileVault is enabled, you can still use items in your Home folder as you normally would, but they're encrypted and decrypted on the fly as you open and close them. This makes it extremely difficult for someone to access your data, such as if your laptop is lost or stolen.
However, even ignoring the fact that several of the Take Control authors experienced data loss with FileVault while testing beta releases of Panther, FileVault has a serious architectural limitation in that it creates one large file to house your Home items. For many of us, that file will be humongous (as in many gigabytes), since the Home folder by default contains files such as digital photos, iMovie media files, and the iTunes library. This is a problem for two main reasons.
Even a small amount of data corruption due to a failing hard drive or other problem could render everything in your Home folder inaccessible. Talk about putting all your eggs in one basket...
The smallest change to any file in your Home folder will cause the modification date of the entire FileVault file to change, and backup utilities such as Retrospect will copy the whole thing. (Dantz has listed some known issues with Panther and FileVault on their Web site.)
FileVault isn't a bad idea, but it scares me (and everyone else at TidBITS) silly; I can't imagine entrusting all my data to that single file, much less screwing up my backup strategy to accommodate it. Apple should modify FileVault so you can encrypt only specific folders, thus letting users protect only sensitive data, rather than wasting time and effort on other mostly innocuous files.
Font Book -- The Mac has always been on top of typography, but managing fonts has been persistently cumbersome. Font Book is a good step in the right direction, giving most users more control over fonts without having to wonder if they're copying font files to the correct Fonts folder. You can enable or disable fonts, group typefaces into categories, and search for fonts in the same manner as in the Finder or iTunes. Graphics professionals will likely choose to stick with a font management utility such as Suitcase X or Font Reserve, but for most people Font Book provides enough control.
The tricky part of using Font Book is figuring out its rules for enabling and disabling fonts, since you'll see different results depending on whether you disable a font when it's selected in All Fonts or in a particular collection. Matt Neuburg devotes several pages to this topic in "Take Control of Customizing Panther."
Virtual Private Network (VPN) Connections -- Apple has been toiling behind the scenes on technologies that don't necessarily include splashy graphics or an improved user interface. Case in point: built-in VPN support, which many companies use to communicate safely with employees who travel or telecommute. VPN connections essentially capture all of the ports on a machine and bundle them up into an encrypted tunnel to another computer somewhere on a local network or elsewhere on the Internet. Because all data entering and leaving the machine is encrypted, and there's only a single point of entry or departure - the VPN connection - you've simultaneously reduced the potential of machines being attacked or compromised while eliminating networking snooping whether on a wired or wireless connection. Using the Internet Connect application, you can configure either L2TP-over-IPSec or PPTP connections.
On the other side of the data pipe, Mac OS X 10.3 Server has both kinds of VPN services built in, making it relatively simple and inexpensive for a small office to hook up a Panther server machine and use the Panther VPN clients to secure their wireless connection.
Should You Upgrade? A major release of any operating system brings with it a number of impressive new features as well as the certainty of glitches that need to be worked out, and Panther is no different.
For example, TidBITS Contributing Editor Glenn Fleishman and I, both recent purchasers of new 15-inch PowerBook G4s, discovered that Panther seems to be persnickety about RAM. The third-party generic RAM we installed seems to be the cause of problems (in my case, Panther would not even run on a completely new installation on a separate partition, and I got repeated system freezes on my main partition installed with the Archive and Install option). Swapping in the original 512 MB of RAM that came with my PowerBook seemed to solve the problem. (Upgrade tip: don't immediately sell your original RAM on eBay.)
Also, a number of users are reporting that external FireWire drives that are connected when Panther is restarted can become irrevocably corrupted, so make sure you have offline backups of data on external drives before (and while) using them with Panther. And, as with every Mac OS update, some third-party applications and utilities will require updating before they work properly under Panther - be sure to check the Web sites of those products to see if any essential program is Panther-ready.
That said, Panther has a lot to offer. I've been impressed not only by the number of new features, but by the sense that Mac OS X is becoming more refined as it matures (perhaps because I remember when it was an awkward toddler). Even as extra bullet points are added to the feature list, I get the sense that just as much effort is being applied to making this Unix-driven system user-friendly.
Plus, Panther just feels faster and more responsive than Jaguar. Granted, I'm now using one of Apple's fastest laptops, so I'll be curious to see how my previous 400 MHz Titanium PowerBook G4 runs after upgrading. But I'm starting to see reports that indicate Apple's engineers continue to optimize Mac OS X's code to squeeze out better performance.
In the end, the upgrade question comes down to what sort of a user you are. Adventurous early adopters should of course upgrade to Panther immediately; it's too much fun to explore and play with the new features. More cautious users might want to hold off a bit, not necessarily for a 10.3.1 release, but just until more of the glitches have been identified and can thus be avoided. And unlike the upgrade from 10.1 to 10.2, which we considered essential, we can see some non-demanding users sticking with Jaguar from inertia alone.
PayBITS: Did Jeff's overview help you decide whether or not
you should upgrade to Panther? Say thanks via PayBITS!
Read more about PayBITS: <http://www.tidbits.com/paybits/>
Article 4 of 18 in series
Jeff Carlson has walked you through the marquee features of Apple's new Mac OS X 10.3 Panther, but my experience with the previous version, Jaguar, was that the changes that made the difference for me were more subtleShow full article
Jeff Carlson has walked you through the marquee features of Apple's new Mac OS X 10.3 Panther, but my experience with the previous version, Jaguar, was that the changes that made the difference for me were more subtle. So let's take a look at some of these subtle changes in Panther and how they work.
Timed Startup/Sleep/Shutdown Returns -- Yet one more feature of Mac OS 9 has reappeared in Mac OS X. The Energy Saver preference pane now contains a Schedule tab in which you can set schedules for the Mac to start up, sleep, or shut down. Now you can have your Mac ready and waiting for you in the morning without having to wait for it to start up manually. Initial testing and reports show slightly sporadic success (my iBook refused to sleep at the specified time, but did wake up appropriately, and a reader on TidBITS Talk reported that his Mac didn't shut down when it should have).
As an aside, if you find the new organization of the icons in System Preferences confusing, consider using the View menu to choose a specific preference pane or choose Organize Alphabetically to hide Apple's categories. These viewing options aren't new to Panther, but I hadn't wanted them until I found myself confused by some of the new organization. Annoyingly for those of us on slower Macs, Panther's System Preferences application now quits when you close its window, making it slower to start up if you need it again later.
Network Browser Done Right -- Despite excellent support for file sharing and networking, Apple has long had terrible interfaces for finding and connecting to network volumes. First the Chooser, then the Network Browser in Mac OS 9 (did anyone really bother with that?), and then the lousy Connect to Server dialog in Mac OS X. Panther finally moves in the right direction, using the previously superfluous Network icon at the top level of Finder windows as the starting point for network browsing for both Mac and Windows shared volumes (quite a number of which seem to be available in the hotel for the O'Reilly Mac OS X Conference, where I currently am). Select one and click the Connect button that appears to bring up a login dialog and from then on, that volume shows the full file hierarchy underneath.
Keyboard Shortcut Quirks -- In the Keyboard & Mouse preference pane, Panther now enables you to change the keyboard shortcuts for many global actions, such as taking a screenshot. That's great, but what's even better is that you can also add keyboard shortcuts to menu items in at least some applications. I couldn't get them to work in Eudora or iTunes in my initial testing, although they did work in Safari and System Preferences. Interestingly, when I made an All Applications shortcut that I intended to choose Eudora from the Recent Items submenu of the Apple menu, it didn't work, but it did attach properly a bookmark I had in Safari for the Eudora Web site; having keyboard shortcuts for Safari bookmarks will be helpful. Also, as I learned in Matt Neuburg's "Take Control of Customizing Panther," if the menu item in question has an ellipsis, you must use trial-and-error to determine if it's a true ellipsis (Option-;) or three periods. The moral of the story? Useful and welcome as this new feature is, don't give up on macro utilities like QuicKeys X and Keyboard Maestro (since they can string sequences together, run AppleScript scripts, type text, click buttons, and so much more.
Disk Utility Engulfs Others -- Who knew that Disk Utility had imperialistic leanings? Previously, Disk Utility was essential for repairing damaged disks, fixing permissions, and initializing and partitioning disks. In Panther, however, Disk Utility has taken over the disk image functions of Disk Copy, so you can use it to make and burn disk images. Not stopping there, Disk Copy has also overrun the territory of the free Carbon Copy Cloner, since you can now use the controls in the Restore tab to make an exact duplicate of a disk, or restore a disk from an existing disk image. For the many people disappointed that it was impossible to duplicate a Mac OS X volume by merely dragging it, as was possible in Mac OS 9, this feature should be quite welcome. While you're in Disk Utility, note that you can click the Enable Journaling button for disks that don't currently have journaling turned on. Without going into details, with journaling on, your Mac can start up more quickly after a crash.
Force Quit This! Much as I like being able to force quit a recalcitrant application, I hate going through the Force Quit dialog because of the extra steps of opening and closing it. I often Option-click the misbehaving application's Dock icon and choose Force Quit from there, but in Panther, you can now force quit just the frontmost application - without even seeing the Force Quit dialog - by pressing Command-Shift-Option-Escape. That shortcut may also help in situations where the Force Quit dialog doesn't draw in front of the dead application.
Classic Interface Tweaks -- Apple isn't likely to change Classic, even though it might be nice to have a saved state option, much like Virtual PC offers. But Panther does offer some improvements in how you interact with Classic. In the Classic preference pane's Start/Stop tab, there's now a checkbox for Show Classic Status in Menu Bar. The Classic menu that appears in your menu bar provides a quick way to start and stop Classic, but more important, it also offers an Apple Menu Items submenu that contains the contents of your Classic environment's Apple menu. Since that also includes control panels by default, it means you no longer must launch a Classic application just to access a control panel. Also in the Classic preference pane is a new Memory/Versions tab that shows the names, versions, and memory usage of Classic applications that could be handy if you're stuck using a RAM-hungry Classic application.
iPhoto Integration Tips -- It sometimes seems as though Apple isn't paying much attention to iPhoto, though I hope we'll see an iPhoto 3.0 at Macworld Expo in January that will address the significant performance and scalability problems of the current version. My hopes for improvement have been raised by the new integration of iPhoto and the operating system in Panther. In the Desktop & Screen Saver preference pane, you can select any iPhoto album to use photos in it for your Desktop and your screen saver, which may be easier than setting up the same thing through iPhoto. However, if you make a new album in iPhoto, the Desktop & Screen Saver preference pane won't see it until you quit System Preferences and relaunch. Also, one tip: when selecting a new photo for your Desktop, use the Exposé Desktop-revealing shortcut for a quick preview.
Submit Bug Report -- Kudos to Apple on this one. When an application crashes in Panther, a dialog appears with a Submit Bug Report button. You can add more information to the report and then send it to Apple over the Internet. Though I haven't tried to watch the network traffic, Apple states clearly in Mac Help that no personal information is included in the report. User-submitted bug reports (such as those that come from Safari's bug button) have a lower priority than developer-submitted bug reports that go directly into Apple's bug database, but multiple Apple employees have assured me that the user reports are processed and evaluated. In the future, I hope to see a way that independent developers can also receive these automatically generated bug reports when their applications crash.
Network Status Display -- Those of us who have somewhat complicated networks with multiple connections (built-in Ethernet, AirPort, modem) and even potentially multiple Internet connections (okay, I admit that's weird), will appreciate the new Network Status display in the Network preference pane. It shows all your connections and provides a plain English description of the status of each connection. You can also double-click one to edit its settings.
More Bits and Pieces -- I'm sure we'll all be discovering more useful details about Panther in the coming weeks, so post any interesting things you learn to TidBITS Talk. I'll try to keep up with posts, but I'm at the O'Reilly Mac OS X Conference all week, so I may not be able to keep posts flowing as regularly as I'd like.
PayBITS: Did Adam's tips help you get started with Panther?
Show your appreciation with a few bucks via PayBITS!
Read more about PayBITS: <http://www.tidbits.com/paybits/>
Article 5 of 18 in series
by Jeff Carlson
Security Update 2003-10-28 Released -- Although Mac OS X 10.3 Panther fixes a number of security-related flaws that existed in previous versions of Mac OS X, Apple has wasted no time in releasing Security Update 2003-10-28 via Software Update last weekShow full article
Security Update 2003-10-28 Released -- Although Mac OS X 10.3 Panther fixes a number of security-related flaws that existed in previous versions of Mac OS X, Apple has wasted no time in releasing Security Update 2003-10-28 via Software Update last week. Security Update 2003-10-28 fixes a problem that could allow unauthorized access to a system through a vulnerability in QuickTime for Java. The update is only for computers running Mac OS X 10.3 Panther, and is a 782K download.
In another security development, Apple acknowledged last week that Panther fixes three recently discovered security issues. The company is also working on providing an update for computers running Mac OS X 10.2.8 and earlier. [JLC]
Article 6 of 18 in series
by Jeff Carlson
When a new version of an operating system is released, we expect to run into bugs or incompatibilities that didn't get shaken out during the testing phaseShow full article
When a new version of an operating system is released, we expect to run into bugs or incompatibilities that didn't get shaken out during the testing phase. Unfortunately, a particularly nasty problem has surfaced: Mac OS X 10.3 Panther can, in certain circumstances, completely destroy the data on an external FireWire drive. Disk recovery utilities such as DiskWarrior and Norton Disk Doctor have reportedly been incapable of resurrecting the disks.
Last week, Apple identified a problem with FireWire 800 drives using the Oxford 922 bridge chipset with firmware version 1.02. Based on anecdotal reports on the Web, restarting the Mac with the drive attached triggers the problem; Apple recommends that you immediately eject and disconnect any FireWire 800 drive connected to a Mac running Panther.
The situation has provoked a flurry of firmware updates and finger-pointing. Drive manufacturers such as WiebeTech, LaCie, Other World Computing, and FireWire Direct have released firmware updates for their products (unfortunately, firmware updates are vendor-specific, so contact your drive's vendor). You must install the firmware update using a Mac running an older version of Mac OS X.
<http://eshop.macsales.com/Reviews/Framework.cfm ?page=/hardwareandnews/oxford/ oxfordandpanther.html>
In response to Apple's announcement, Oxford Semiconductor issued its own statement, pointing out that the problem lies in Apple's implementation of FireWire in Panther and not the 922 chipset, since Mac OS X 10.2 Jaguar systems aren't affected.
In addition, users are reporting that the problem is not limited to FireWire 800 drives; a fellow Mac author was bitten by the problem using a FireWire 400 drive with the Oxford 911 chipset. For the time being, we recommend keeping Panther away from any FireWire drives until this issue is resolved. If you must use an external FireWire drive in Panther, be sure to mount the drive manually after the Mac has started up, and dismount it manually before restarting. And for goodness sake, make sure you're backing up carefully, preferably to CD or DVD, or over a network.
If you were unfortunate and did lose data to this problem, there's at least some hope of recovering your critical data. We've heard from several sources that Prosoft Engineering's Data Rescue X has had some success in recovering files, sometimes after erasing the disk with Disk Utility (which just clears the directory, scary as that seems). Jay Nelson at Design Tools Monthly also tells us that Prosoft is offering $10 off to people suffering data loss due to Panther; use code PAN911 when ordering.
Alternatively, our friends at DriveSavers tell us they've been successful in recovering data from drives that experienced this problem. Better still, DriveSavers is offering a discount to customers who have lost data as a result of the specific Panther and FireWire 800 issue. If you plan to send your drive in to DriveSavers or a similar company, do not attempt to restore data using disk utilities; that could exacerbate the problem and make it less likely that your critical data will be recovered. (I can personally recommend DriveSavers, which once helped me recover a failed hard disk; see "DriveSavers to the Rescue" in TidBITS-495).
PayBITS: Did Jeff's article save you from losing data to this
Panther bug? Consider sending him a few bucks via PayBITS!
Read more about PayBITS: <http://www.tidbits.com/paybits/>
Article 7 of 18 in series
WPA Weakness Discovered, but Easily Solved -- Following last week's article about the implementation of WPA (Wi-Fi Protected Access) in AirPort Extreme cards and base stations (see "AirPort 3.2 Update Adds New Security Options" in TidBITS-704), a security expert alerted me to a weakness in choosing keys for the WPA systemShow full article
WPA Weakness Discovered, but Easily Solved -- Following last week's article about the implementation of WPA (Wi-Fi Protected Access) in AirPort Extreme cards and base stations (see "AirPort 3.2 Update Adds New Security Options" in TidBITS-704), a security expert alerted me to a weakness in choosing keys for the WPA system. The weakness applies to the AirPort 3.2 update as well as to all other consumer WPA-enabled Wi-Fi systems. Basically, choosing a key comprised entirely of real words that are 20 characters or fewer leaves you open to that key being broken rather easily. The solution? Choose a longer key or invent 20 characters of gibberish. If you're particularly security-conscious, use the option Apple provides to enter 256 bits of encryption, which is 32 hexadecimal bytes or 64 hexadecimal digits! That's overkill, however. In last week's article, it wasn't clear why Apple even offers the hexadecimal option when other devices from Buffalo and Linksys don't; now it appears that Apple provides all of the options for entering WPA keys, where the other manufacturers don't. I've written more about this issue and posted my colleague's paper on the subject at Wi-Fi Networking News. [GF]
Article 8 of 18 in series
by Jeff Carlson
So you've installed Panther, started to get used to the new Finder, and worn the ink off the F9 key showing off Expose to your friends. Isn't there more to Mac OS X 10.3? In TidBITS-703, I looked at some of Panther's marquee features, while Adam poked around the corners of Apple's newest operating system (see "Mac OS X 10.3 Panther Unleashed" and "Interesting Bits of Panther")Show full article
So you've installed Panther, started to get used to the new Finder, and worn the ink off the F9 key showing off Expose to your friends. Isn't there more to Mac OS X 10.3? In TidBITS-703, I looked at some of Panther's marquee features, while Adam poked around the corners of Apple's newest operating system (see "Mac OS X 10.3 Panther Unleashed" and "Interesting Bits of Panther"). In this article, I want to look at some of the application and utility changes that give Panther some of its sheen. If you're still deciding whether or not to upgrade, hopefully this information will help you decide if Panther is right for you.
Mail -- Apple's Mail application continues to improve under Panther. Version 1.3 adds a convenient view for tracking threaded messages, improves spam filtering, and offers better HTML rendering thanks to Safari's rendering engine. To help prevent improperly addressed outgoing messages, the Safe Addressing feature flags addresses that don't belong to a domain you specify. This feature could be worthwhile in an organization that wants to avoid sending proprietary information outside the local network. Note that you can specify multiple domains in Mail's preferences, even though only one field is available to enter them.
For some people, however, the big news in Mail is support for working with Microsoft Exchange servers, including non-email-related content using an Outlook Web Access Server (also known as an Internet Information Services, or IIS, server).
Also new is better integration with Address Book and iChat AV: any message from an iChat buddy that you've defined in Address Book includes a green indicator when the buddy is online and her status is set to Available (nothing appears if the status is set to Away). Double-clicking the indicator initiates a chat in iChat.
Address Book -- As one of the main components for Mail and iChat, Address Book has been expanded, too. Its iChat integration is similar to Mail, with an indicator appearing when a buddy is online and available.
Address Book adds several custom fields, including Prefix, Suffix, and Dates (the default is Anniversary, but you can customize it). A series of relationship fields has been added, so you can list relations such as Spouse, Sister, Brother, Friend, Assistant, etc. One thing that confused me initially is that the Job Title field is no longer included as a blank field when you edit a record; you must now select it from the Add Field submenu of the Card menu.
Unfortunately, a nasty and obvious bug still exists in this new version: if you're editing a contact and need to undo what you typed into a field, the entire contact reverts back to the state before you started edit it, wiping out any other fields that you changed or entered. That flub eliminated Address Book's usefulness for me in Jaguar, but I assumed that something so obvious would have been fixed in Panther. Perhaps no one is actually using Address Book?
iChat AV 2.0 -- Not much has changed between the iChat AV beta and iChat AV 2.0 (see "iSight Eyes iChat AV" in TidBITS-685). You can now specify a location where received files will be stored, and you can block users on a Rendezvous network from seeing your email and AIM addresses.
Perhaps the most significant news is that the iChat AV beta is set to expire at the end of the year, so Jaguar users will need to either upgrade to Panther or pay $30 to take advantage of audio and video chatting. Unfortunately, that counts for iSight owners using Jaguar; even though Apple bills the $150 iSight as the "eyes and ears" of iChat AV, the software is not included with the iSight.
Help Viewer -- I've set up a hotkey so that pressing Control-E brings up Eudora - a combination I use several dozen times each day. On another Mac running Jaguar where I don't have QuicKeys X installed, this combination launches Help Viewer, but only after an interminable wait.
Panther doesn't use Control-E to launch Help Viewer, but even if it did, I'd be elated: it launches quickly! It runs smoothly! I find myself actually turning to Apple's help system when I have a question about something, rather than making a knee-jerk Google search. Give it a try.
Faxing -- Tired of fighting with bad fax software? (See "FaxSTF Pro Echoes Sad State of Fax Software" in TidBITS-476). Although I try to avoid faxing whenever possible, there are times when I need to send a fax, which involves standing over the fax machine in our office, hand-feeding it one page at a time so it doesn't jam and make me start over from page one.
I'm guessing someone at Apple became fed up with FaxSTF, which has shipped with new Macs for years, because Mac OS X now includes a basic option to send and receive faxes in Panther. Click a Fax button in any print dialog, specify a recipient from your Address Book, enter cover page information, and click Fax (this assumes that your Mac's modem is connected to a available phone line).
Panther can also receive faxes, using a few settings in the Print & Fax preference pane. It can print incoming faxes or email them to an address you specify, presumably as a PDF file, though I haven't tested this feature yet.
Here's a quick faxing tip: When you're sending a fax, an icon for your connection (such as Internal Modem) appears in the Dock. If the job doesn't go through and you accidentally close the window belonging to the connection, the interface disappears. To get it back, don't bother searching for a fax application as I did; instead, launch Printer Setup Utility from the Utilities folder of your Applications folder, and choose Show Fax List from the View menu.
I'm sure people with more serious faxing needs might opt for a more sophisticated program such as Smile Software's Page Sender (with which I've had limited experience on an old iMac set up at the office for receiving faxes). But for those of us forced to send only the occasional big, bitmapped, semi-legible picture to people who can't deal with email attachments, Mac OS X's fax implementation looks promising.
Preview -- Apple's Swiss Army Knife of PDF and image viewing and conversion, Preview, gains a much needed performance boost in Panther. In addition to launching and displaying pages faster, Preview beefs up its PDF features by adding an indexed text search capability and PDF bookmark and linking support for easier internal document navigation.
Preview can also now open raw PostScript or EPS files and print them to any cheap inkjet printer, something that previously required an expensive PostScript-based laser printer.
Zip Compression in the Finder -- A quiet addition to Panther is the capability to create .zip archives in the Finder. The Windows world has pretty much standardized on the .zip format, so this becomes an easy way to transfer files across platforms (although Aladdin makes StuffIt Expander for Windows, it's not nearly as commonly available on Windows machines). Select one or more files in the Finder and choose "Create Archive of [filename]" from the File menu or from the contextual menu (Control-click to bring this up).
Internet Preferences -- Finally, I want to point to a bit of reorganization that has prompted several people I know to scratch their heads. Under Jaguar, you could change the default Web browser and email client by going to the Internet preference pane. In Panther, however, the Internet preference pane is replaced by the .Mac preference pane.
Instead, in a move that I'm sure only makes sense in the marketing hallways at Apple, you must configure your default email and Web applications from within Safari and Mail. Launch Mail, go to its preferences, click the General icon, and choose an application from the Default Email Reader pop-up menu. Similarly, a Default Web Browser pop-up menu appears in Safari's General preferences.
What if you want to configure helper applications for other protocols? Turn to Monkeyfood's freeware More Internet preference pane, which uses Internet Config to provide a single interface to all your protocol helpers, something that was previously accessible most easily through Internet Explorer's preference in the Protocol Helpers pane.
Panting for Panther? Have you made the switch to Mac OS X 10.3, or are you still pondering the path to Panther? Go to the TidBITS Web site and scroll down to answer our poll question: "When do you plan to upgrade your main Mac to Mac OS X 10.3 Panther?"
PayBITS: Did Jeff's additional info about Panther applications
help you decide whether to upgrade? Say thanks via PayBITS!
Read more about PayBITS: <http://www.tidbits.com/paybits/>
Article 9 of 18 in series
by Tom Gewecke
With Mac OS X 10.2 Jaguar, Apple made sweeping changes to the operating system's language handling and internationalization features, which are key to the Mac's acceptance throughout much of the world and for many people who regularly work in multiple languagesShow full article
With Mac OS X 10.2 Jaguar, Apple made sweeping changes to the operating system's language handling and internationalization features, which are key to the Mac's acceptance throughout much of the world and for many people who regularly work in multiple languages. Three weeks of working with the foreign language capabilities of Mac OS X 10.3 Panther reveals a number of interesting new features. Although the changes are not as great as those we saw in Jaguar - and a couple new bugs have been introduced - the experience is on balance overwhelmingly positive.
Input Improvements -- When it comes to entering text in other languages, Panther features a number of welcome additions, including 14 new languages (with input keyboards and fonts), raising the total number to over 50. Panther adds Estonian, Latvian, Lithuanian, Macedonian, Serbian, Dari, Pashto, Uzbek, Armenian, Cherokee, Faroese, Northern Sami, Inuktitut, and Welsh. Also new are some new keyboards (often QWERTY or "Extended" versions) for languages that existed in Jaguar. Some people could be confused by an inability to access non-Roman characters in Cherokee and Inuktitut. The trick is that you must activate Caps Lock to access non-Roman characters. Why? I'm told that's what "native users" expect.
Apple also revamped the input methods for Asian scripts (Chinese/Japanese/Korean) for the first time in a decade or so. The changes are primarily cosmetic though, with the old "pencil" menus now at the bottom of the "flag" menu. That said, the Japanese input method, Kotoeri, is thoroughly reorganized, with the six input options formerly buried in the "pencil" menu now listed separately in the "flag" menu, and the old "operations palette" gone. Unfortunately, Chinese users had a long wish list of input features that weren't implemented in Panther.
In Panther, the venerable Key Caps application has disappeared entirely, being replaced with the floating Keyboard Viewer palette, which has no text input field but which types characters clicked on its graphical keyboard directly into the frontmost window. Another new floating Input Mode palette shows activated keyboards. Apple also modified the keyboard shortcuts for switching scripts and keyboards in ways that some people will find more efficient (but you still cannot disable using Command-Space, which some applications want to use for a different function, to switch between input scripts).
Display Improvements -- Panther also offers a number of improvements on the display side, including the squashing of several bugs in Jaguar relating to the display of Devanagari and Arabic text. Most notably, though, Apple's Mail can finally set the character set encoding for outgoing messages. This is a critical addition because, left to its own devices, Mail often chose the wrong encoding, resulting in messages that nobody could read. The encoding list for both incoming and outgoing messages is extensive, and if the one you need isn't listed in the Language tab of the International preference pane, just click the Edit button and add it.
Panther now selects default fonts according to the priorities set in the Languages preference pane, so there should be less need to disable fonts to prevent inappropriate use. For instance, if you have Chinese above Japanese in the Language preference pane's list, Panther should use Chinese fonts in preference over Japanese, even if another language is actually first in the list. One caveat: it's possible that this new font fallback logic may require application support, so it may not be in effect in all applications yet. The number of languages supported for such prioritization and sorting operations has been increased to over 100, up from 64 in Jaguar (send me email if you want a list).
The Character Palette (accessible by choosing Characters from the Action menu - the "gear wheel" pop-up menu - in the Font palette) has a new pane that shows all the variations among fonts having a specific character, which is very useful for non-Roman scripts (it's also an extremely cool way to see how a specific character looks in different fonts). Also, you can now access special capabilities of advanced fonts relating to ligatures, diacritics, glyph variants, and other features. Select the desired font in the Font palette and choose Typography from the Action menu.
Lastly, the Date/Time/Numbers tabs in Jaguar's International preference pane have been replaced by a new Formats tab, which supports many more locales for the ways these items are expressed.
Eh? What Was That You Said? As welcome as the improvements discussed above are, Panther doesn't address some of the limitations present in Jaguar, and it also seems to have introduced some new bugs.
Despite all the new keyboards, Panther doesn't sport any new system languages. I expected that Apple would at least add Russian, since Apple Computer Russia used to provide a Russian localization for both Mac OS X 10.1 and 10.2 as a separate download. Greek users will also be disappointed at the lack of a Greek localization. Note that you must perform a custom install if you do not want all the system localizations, or if you do want all the available fonts. However, you can add the system localizations and "Fonts for Additional Languages" afterwards by running the appropriate installers from the second and third Panther installation CDs.
In the category of actual defects, a text bug makes it impossible to input certain accented characters using the U.S. (and other) "Extended" keyboards in Cocoa programs. The Simplified Chinese input system has a new pinyin engine which doesn't deal correctly with certain input combinations. And Mac OS X still does not work correctly with Greek in certain OpenType fonts like Adobe Minion Pro.
The significant improvements in Panther unfortunately cannot change the fact that AppleWorks, all Microsoft products for the Mac (aside from MSN Messenger and the MSN 8 integrated browser), along with several important desktop publishing and Web publishing products are not yet Unicode-savvy, and thus cannot handle a number of languages. But this situation is bound to improve with time, as can be seen by the recent updates of Adobe InDesign CS and Macromedia Dreamweaver MX 2004. Also, new programs like the word processor Mellel can help fill the gap.
Additional Info -- For more extensive information on Mac OS language issues, visit the Multilingual Mac and Chinese-Mac Web sites.
Article 10 of 18 in series
We weren't the only ones in a mad rush toward the end of the year, and some of Apple's engineers probably enjoyed their holiday breaks more after shipping a variety of updatesShow full article
We weren't the only ones in a mad rush toward the end of the year, and some of Apple's engineers probably enjoyed their holiday breaks more after shipping a variety of updates. They include Mac OS X 10.3.2, iTunes 4.2, QuickTime 6.5, and Battery Update 1.1.
Most awaited of the updates is Mac OS X 10.3.2, which promises improved file sharing and directory services for mixed Mac and PC networks, more robust printing to PostScript printers, improved font management, updates to Mail and Address Book, and new ATI and Nvidia graphics drivers. Apple offers an expanded change list on the Web. Improvements in 10.3.1 and recent security updates are also bundled in for anyone who hasn't already gotten those. Unfortunately, Apple says nothing about the problems users experienced with FireWire 400 hard drives in Panther, merely reiterating the note from 10.3.1 that says users with FireWire 800 drives should still upgrade their drives' firmware. Mac OS X 10.3.2 is available in Software Update as a 38.2 MB download; it's also available separately as a 36.4 MB download.
iTunes 4.2 appears to be a fairly minor release, primarily adding support for signing into the iTunes Music Store from an AOL account. You can now view the iTunes Music Store in a separate window (useful for checking to make sure you don't already own a particular song), and iTunes 4.2 also reportedly features a number of performance improvements. iTunes 4.2 is a 6.4 MB download from Software Update; it requires Mac OS X 10.1.5 or later, with Mac OS X 10.2.4 or later necessary to share music. In related news, Apple and AOL announced that AOL members can now preview, purchase, and download songs available on AOL Music by clicking an iTunes button next to featured tracks, a move that can only help iTunes Music Store sales, which topped 25 million songs at the end of December.
QuickTime 6.5, an 18.2 MB download from Software Update, enables creation and playback of 3GPP2 and AMC "mobile multimedia" formats, improves text track support and DV playback options, and enhances support for iMovie, iDVD, and Final Cut Pro. QuickTime 6.5 requires Mac OS X 10.2.5 or later.
Lastly, owners of white iBooks and aluminum PowerBooks will see Battery Update 1.1 appear in Software Update as a 520K download (it's also available as a 160K standalone installer). Battery Update 1.1 claims to enhance the performance of the battery to ensure that full capacity is available. Some users on TidBITS Talk reported significantly increased fan activity after installing Battery Update 1.1 and Mac OS X 10.3.2; see the discussion on TidBITS Talk. If you download and install the update manually, it alerts you if it's not necessary for your computer; relying on Software Update is probably easiest.
Article 11 of 18 in series
We've been uniformly negative about FileVault, the new security feature that Apple added to Mac OS X 10.3 Panther, but that doesn't mean we dislike the idea of protecting sensitive dataShow full article
We've been uniformly negative about FileVault, the new security feature that Apple added to Mac OS X 10.3 Panther, but that doesn't mean we dislike the idea of protecting sensitive data. The problem is that Apple chose an overly simplistic approach that may be easy to use and understand but ends up making users more vulnerable to other problems.
FileVault Basics -- Conceptually, FileVault is easy to understand, since it makes use of a variety of existing Mac OS X technologies. When you turn on FileVault, Mac OS X creates a special type of disk image and stores your entire Home folder inside. The disk image is unusual in two ways: it's encrypted with AES 128-bit encryption and it's a "sparse image," which means that it takes up only as much as space on disk as the data it contains. During setup, copying all your data to the encrypted disk image can take some time: with the 6.6 GB Home folder on my 12-inch PowerBook G4, it took 73 minutes to set up.
By the way, pay attention to FileVault's dire warnings about remembering your password. Apart from the master password you can set up when turning on FileVault, there are no back doors into FileVault, so you're out of luck if you don't have a backup. (This is of course a good thing: a security feature with a back door is worthless.)
Once FileVault is set up and working, you should notice it in only two ways. First, if you like to login automatically, FileVault turns that setting off (which makes sense from a security point of view), although you can turn automatic login back on. Second, for some applications, particularly on slower Macs, disk-related activities may be slower.
Should your Mac be stolen, the miscreant won't be able to access anything in your FileVault-protected Home folder, assuming, of course, that your account wasn't logged in when the computer is stolen and that your password was sufficiently secret and difficult to guess. It's worth noting that when you're logged in and can access your data, it's also accessible to anyone who could learn your username and password and break into your computer remotely, or to hypothetical malicious or just poorly written programs.
There is one caveat to FileVault's security: it doesn't securely erase the original files that it adds to its encrypted disk image, so take this into account if you're worried about a thief using a disk editor to recover deleted data from a stolen Mac.
FileVault Problems -- Although FileVault sounds good in theory, it suffers from some serious design flaws. The most serious is that it's an all-or-nothing protection of your Home folder, and only your Home folder. Of course, your Home folder is where all your data is (at least for most people), but just because data is in your Home folder doesn't mean you need to protect it from prying eyes. And more to the point, there's usually no need to waste disk space, CPU power, and time (entering passwords) protecting the very largest pieces of data: movies, music, and photos.
For instance, my Home folder is nearly 40 GB in size. Of that, my Movies folder contains about 2.4 GB, my Pictures folder holds 13.4 GB, and another folder stores 7.7 GB of Web logs. My Music folder has only 1.3 GB of files in it, but if I stored my iTunes Music folder on my Mac rather than on a server, that would be another 17.7 GB of data. So right off the bat, 24.8 GB of the 40 GB of data in my Home folder needs no protection at all. But there's no way to tell FileVault to ignore all those folders.
Putting unnecessary data into FileVault has three negative implications. First, there's added overhead in dealing with files that don't need to be encrypted. Maybe the performance hit is noticeable in a given situation, maybe not, but there's no reason to waste CPU cycles encrypting and decrypting files that aren't sensitive. Second, and this is the real reason I don't use FileVault, a disk image is a single file, and if your hard drive suffers physical or logical damage to the sectors that contain the FileVault disk image, you could lose the entire thing. No one should be surprised by that fact - it's no different than losing any other file when a disk becomes corrupt. But there is a huge difference between losing a single file and losing every piece of your user data. Third, let's say that you try FileVault and decide you don't want to continue using it, so you turn it off. FileVault must then copy all your data out of the disk image and back to your Home folder, deleting the disk image file when it's done. If your Home folder is too large, you must delete some files to free up enough disk space for both copies.
Put bluntly, you know those warnings about putting all your eggs in one basket? FileVault is that basket.
Along with the flaw of being too broad in the scope of what it protects, FileVault also increases your risk of data loss from unrelated events. Because FileVault stores your data in a disk image, it needs to write data to the image gracefully on logout. In the event that you should experience a kernel panic, system freeze, filesystem-corrupting bug, or even a power outage, the chance of losing data increases with FileVault. That's because the encryption layer adds complexity to recovering from improperly closed files, as does the fact that the FileVault disk image is itself a file that could be corrupted. Although Mac OS X is usually quite stable, in the real world, it can still crash in ugly ways at times.
In fact, while I was testing FileVault on my PowerBook for this article, I installed some updates via Software Update and when prompted, rebooted. FileVault told me my Home folder was using more space than necessary and said it could recover the extra space. But before I could click a button, the Mac kernel panicked. I restarted, and it came back up fine, but it continued to kernel panic on every reboot. Needless to say, I turned off FileVault, which took another 28 minutes.
Even when Mac OS X remains stable, power outages can cause data loss. Not everyone has a laptop (which would switch to battery instantly in the event of a power failure) or an uninterruptible power supply (UPS), though I personally consider a UPS essential equipment. Over the years I've amassed a UPS collection that lets me protect every desktop Mac we own, along with our TiVo.
Lastly, as much as I hope it's clear that using FileVault increases the need for a solid backup strategy, FileVault itself makes backing up a little more difficult. Backup applications must have access to the encrypted files, which means you must be logged in during the backup. For personal backup applications, that's probably a good assumption, but it's less true when backing up networked Macs via Retrospect Client, which can happen when no user is logged in. In situations like that, Retrospect can't access the files and won't back them up; at least Retrospect 6.0 knows to ignore the FileVault sparse image files by default, since backing them up would be a huge waste of backup media. Having multiple users with FileVault turned on also complicates matters, since only logged-in users can have their files backed up.
For Serious Security -- Although I don't doubt the security of the encrypted disk image that FileVault uses, I don't think that people with truly sensitive data should rely on FileVault, for the simple reason that it lacks the paranoid mindset that's necessary for the highest levels of security. That's why the PGPdisk feature in PGP 8.0, which also offers encrypted disk images for storing sensitive data, is a better solution in such cases. Some of the added security features in PGPdisk include:
The option to re-encrypt all the data on a PGP disk, enabling you to change your underlying encryption key (if you believe it has been compromised) or to switch to a different encryption algorithm.
An inactivity timer that can automatically dismount PGPdisks after your Mac has been idle for some amount of time. The inactivity timer lessens the likelihood that someone could steal a computer and be able to access a mounted PGPdisk.
Support for multiple users, such that multiple people can have their own passphrases for the same PGPdisk. Although using additional passphrases conceivably increases the vulnerability of the PGPdisk, it's probably better than having a single passphrase traded around.
The capability to change the passphrases easily.
Protection of the passphrase in RAM by erasing it immediately after use (the passphrase is actually turned into a key), preventing passphrases from being written to disk due to virtual memory swapping, and protection against the derived key staying in RAM long enough to build up a static charge that can apparently be read by equipment owned by major governments.
In short, if you need the utmost in security, you should use PGP over FileVault.
Rethinking FileVault -- Despite this condemnation of how Apple chose to implement FileVault and the concern that it's not spook-level security, I think the idea of FileVault is an excellent one, so I offer this simple suggestion of how it could be improved.
Instead of making FileVault an all-or-nothing deal that takes over the user's Home folder, let it apply to any given folder. You could Control- or right-click the folder to choose Protect with FileVault for a selected folder. Not knowing exactly what happens behind the scenes, I don't know if it would make more sense to have a single FileVault sparse image file to which each protected folder would be added or if creating a new sparse image file for each protected folder would be easier. The latter approach might allow different passwords, which could be useful in certain situations where you protect some folders with a simple password that you don't mind if your colleagues or family members know (but which a thief wouldn't) and other folders with a totally private password that only you know and could enter when you accessed the associated folder.
Allowing users to specify exactly which folders should be protected by FileVault not only eliminates or reduces the severity of most the problems outlined previously, it gives users necessary flexibility. For instance, as much as the Pictures and Movies folders probably don't contain anything particularly sensitive for most people, I'm sure there are plenty of people with photo or movie collections that they'd prefer stayed private. Others may wish to protect only a Quicken data folder, or data related to sensitive work projects.
The real question I have is just how hard making this change actually is. Could a savvy independent developer use FileVault's underlying technologies and provide the top-level interface via a simple contextual menu plug-in? After all, you can use Disk Utility to create encrypted sparse image files, and it's trivial to add disk images to the Startup Items list so they are mounted automatically at login, after which an alias or symbolic link to the encrypted version could replace the original folder. It sounds good in theory, and since you can perform all the necessary actions manually today, it would seem a relatively easy task to wrap into a contextual menu command. If anyone implements my idea, be sure to let me know, and in the meantime, I'd encourage anyone who has been frustrated by FileVault to create and use encrypted sparse images for your sensitive data.
Article 12 of 18 in series
Apple Releases Mac OS X 10.3.3 -- Just as we were about to go to press, Apple released the latest free update to Mac OS X 10.3. Version 10.3.3 offers a long list of enhancements (see Apple's Knowledge Base article), but one we're pleased to see is the inclusion of network-mounted volumes in the list of volumes shown in the sidebar of Finder windows and Open/Save dialogsShow full article
Apple Releases Mac OS X 10.3.3 -- Just as we were about to go to press, Apple released the latest free update to Mac OS X 10.3. Version 10.3.3 offers a long list of enhancements (see Apple's Knowledge Base article), but one we're pleased to see is the inclusion of network-mounted volumes in the list of volumes shown in the sidebar of Finder windows and Open/Save dialogs. The update also incorporates other networking fixes and improvements for cross-platform compatibility and AppleTalk; improves .Mac iDisk synchronization performance and behavior; provides fixes for Finder, DVD Player, iPhoto, Mail, Address Book, and Image Capture; and improves start-up time for some computers that were slowed down by the 10.3.2 update. Mac OS X 10.3 Panther owners may upgrade via Software Update (58.8 MB) or download a standalone installer from Apple. [MHA]
Article 13 of 18 in series
Apple Releases Mac OS X 10.3.4 Update -- Apple has released Mac OS X 10.3.4, a free update for owners of Mac OS X 10.3 Panther. (A similar update was also released for Mac OS X Server 10.3.) Apple says the update addresses issues in Mail, Safari, Address Book, Stickies, QuickTime Player, and DVD Player; and improves behavior with iPods connected via USB 2.0, mass storage devices, and video cameras connected to PowerBooks via FireWireShow full article
Apple Releases Mac OS X 10.3.4 Update -- Apple has released Mac OS X 10.3.4, a free update for owners of Mac OS X 10.3 Panther. (A similar update was also released for Mac OS X Server 10.3.) Apple says the update addresses issues in Mail, Safari, Address Book, Stickies, QuickTime Player, and DVD Player; and improves behavior with iPods connected via USB 2.0, mass storage devices, and video cameras connected to PowerBooks via FireWire. The installer also reportedly incorporates recent security updates (although Adam was prompted to install the latest security update on one Mac even after installing 10.3.4), improves file sharing and directory services, and fixes some disc burning oddities. The update is available via Software Update, which requires a 41 MB download. A standalone installer is available as a 39.5 MB download to update from Mac OS X 10.3.3, or as a 79 MB combined update for any earlier version of 10.3. [MHA]
Article 14 of 18 in series
by Joe Kissell
When Apple released Mac OS X 10.3 Panther last October, many people (though by no means all) had serious difficulties with their FireWire hard drives. Affected users found that, after restarting their computers under Panther with the drives connected, the drives become completely inaccessible - unable to mount on any operating system, and so badly damaged that even disk recovery applications could not retrieve their data. Not long after the problem surfaced, Apple acknowledged an issue affecting FireWire 800 hard drives that use the Oxford 922 bridge chipset with firmware version 1.02 or earlierShow full article
When Apple released Mac OS X 10.3 Panther last October, many people (though by no means all) had serious difficulties with their FireWire hard drives. Affected users found that, after restarting their computers under Panther with the drives connected, the drives become completely inaccessible - unable to mount on any operating system, and so badly damaged that even disk recovery applications could not retrieve their data.
Not long after the problem surfaced, Apple acknowledged an issue affecting FireWire 800 hard drives that use the Oxford 922 bridge chipset with firmware version 1.02 or earlier. Manufacturers of such drives quickly released firmware patches, and Apple took steps to resolve the problem from their end as well. The Mac OS X updates (beginning with 10.3.1) provide "improved reliability" with FireWire 800 drives, though Apple still recommends that you update the firmware on such devices. (See "Fixes Available for Some Panther FireWire Troubles" in TidBITS-704 and "Apple Updates Panther to 10.3.1" in TidBITS-705.)
Data Loss with FireWire 400 Drives -- All this is old news to most TidBITS readers. But for the past several months, users of FireWire 400 drives have wondered whether they can safely upgrade to Panther yet. Neither Apple nor hard drive manufacturers ever officially acknowledged a data loss problem with FireWire 400 drives, yet a number of users, including at least one Take Control author, have experienced exactly the same symptoms with some FireWire 400 drives. Although the root cause appears to be different - and the problem less widespread - the data loss, when it occurs, is no less serious.
Whereas the FireWire 800 problem was easily reproducible, failures of FireWire 400 drives seem to be random. A given drive model may work correctly on one machine and fail on another that appears to be configured identically. In general, the reports I've read show a higher tendency for problems to occur on systems with multiple FireWire devices chained together or attached to a bus-powered hub, especially if one device is an iSight camera. (Apple's iSight 1.0.2 update may fix this.) Also, drives that support both FireWire 400 and 800, or FireWire 400 and USB (1.1 or 2.0) appear to experience problems more frequently than drives that support only FireWire 400. Lastly, computers that support FireWire 400 but not FireWire 800 are typically less likely to experience this problem.
I've laced my description with fudge words such as "seems," "tendency," and "typically." Unfortunately, none of the experts I consulted knew what causes this problem. Drive manufacturers have spent countless hours testing without reaching any conclusive results. And thousands of users - including me - never had a problem with their FireWire 400 drives (from a variety of manufacturers). Even so, the iPod is the only FireWire 400 device I know definitively to be immune to this problem.
Recommendations for FireWire 400 and Panther -- In version 1.1 of "Take Control of Upgrading to Panther" last November, I recommended against using FireWire 400 drives with Panther until more was known - or failing that, to be sure the drive was never connected when the computer started or woke from sleep. Given the relatively infrequent occurrence of this problem, I feel comfortable tempering my suggestions somewhat.
If you want to upgrade your computer to run Panther while continuing to use a FireWire 400 drive, follow these guidelines:
Back up everything on the drive to DVD, CD-R, tape, or some other medium other than another FireWire hard drive before installing Panther.
Check your drive manufacturer's Web site to see if a firmware update is available. If so, apply it (preferably before installing Panther) - even if the manufacturer does not mention whether the update addresses this issue.
If you are not installing Panther on the FireWire drive itself, disconnect the drive from your computer until after you have installed Panther and updated it to version 10.3.2 or later.
Avoid chaining FireWire devices together, especially if a chained device lacks its own power supply. If you have more FireWire 400 devices than your computer has ports, use a powered hub - or better yet, if you have a PowerBook or Power Mac, add a second FireWire bus using a PCI or PCMCIA card.
If you must use a FireWire 400 drive but cannot back it up or avoid chaining devices together, consider these additional precautions:
Be sure the drive's FireWire cable is unplugged when you turn on your computer.
Before shutting down, restarting, or putting your computer to sleep, unmount any volumes from the FireWire drive and unplug the drive's FireWire cable.
If your computer is set to sleep automatically, temporarily disable this feature in the Energy Saver pane of System Preferences.
Plug in the drive only when Panther is running. Again, be sure to unmount the disk and disconnect the FireWire cable when you finish using the drive.
What If My Hard Drive Is Already Fried? Conventional disk repair applications such as Disk Utility, Norton Utilities, TechTool Pro, and even DiskWarrior cannot repair drives that have encountered this problem or recover data from them. Quite a few users have reported success using Prosoft Engineering's Data Rescue X, however. If even that fails, you may need to send your drive to a data recovery service such as the highly regarded (but not inexpensive) DriveSavers.
"Take Control of Upgrading to Panther" -- Advice for users of FireWire 400 hard drives is just one of the topics I expanded greatly in the latest edition of "Take Control of Upgrading to Panther." Now at version 1.2, this 89-page ebook covers all the steps you need to follow for a worry-free upgrade to Panther from any earlier version of the Mac OS. Most of the new content comes in direct response to inquiries I received from readers. Even if you've already upgraded your computer to run Panther, you will find extensive troubleshooting tips, suggestions for storing frequently used files somewhere other than your startup volume, and information to help you understand and cope with some of Panther's most surprising changes. I hope you find the book helpful!
[Editor's note: As is our policy, anyone who purchased an earlier version of Joe's ebook may receive this update for free. To that end, we notified all purchasers of the new version last week via email (and nearly half of our readers have downloaded the update already!). However, a number of messages bounced due to changed email addresses and spam filters, so if you didn't receive notification, please use the form at the bottom of our Ordering Tips page to ask me for help. Also note that we've started a referral program for readers; click the button on the cover page of this update to Joe's ebook to send a 10 percent discount coupon to a friend and receive 10 percent off your next order as well. Thanks for helping to spread the word about Take Control! -Tonya]
[Joe Kissell is a writer, consultant, and Mac developer living in San Francisco.]
Article 15 of 18 in series
by Jeff Carlson
Quicken 2005 Released -- Intuit has released Quicken 2005, the latest version of its financial management application. The new version adds online support for more financial institutions, streamlines new account creation and category management, and ties into iPhoto to generate a visual home inventoryShow full article
Quicken 2005 Released -- Intuit has released Quicken 2005, the latest version of its financial management application. The new version adds online support for more financial institutions, streamlines new account creation and category management, and ties into iPhoto to generate a visual home inventory. Quicken 2005 for Mac currently costs $60, and is available as a 32 MB download or in a boxed version. [JLC]
Article 16 of 18 in series
Apple last week released Security Update 2004-09-07 to address a slew of security-related issues. Updated components include Apache 2, CoreFoundation, FTP, IPSec, Kerberos, OpenLDAP, OpenSSH, PPPDialer, QuickTime Streaming Server, rsync, Safari, SquirrelMail, and tcpdump - see Apple's site for detailsShow full article
Apple last week released Security Update 2004-09-07 to address a slew of security-related issues. Updated components include Apache 2, CoreFoundation, FTP, IPSec, Kerberos, OpenLDAP, OpenSSH, PPPDialer, QuickTime Streaming Server, rsync, Safari, SquirrelMail, and tcpdump - see Apple's site for details. Unfortunately, two of the changes may have negative consequences.
The changes to Safari resulted in rendering problems on a number of Web sites, though the trouble apparently originates with the Web sites themselves. Many sites detect browser versions and present slightly different versions of their pages to different browsers. It seems that some sites were accidentally identifying this new version of Safari as Netscape 4 and thus feeding it dynamic HTML that failed in a modern browser. In at least some of places suffering from this problem (including FedEx, CompUSA, and Best Buy) the problem stemmed from a product called QuickMenu Pro, from OpenCube. OpenCube has since fixed the problem, though it's up to the sites to update their copies of QuickMenu Pro. Kudos to Jeff of the HyperJeff Network for tracking down the bug in QuickMenu Pro.
Also, to work around a security problem in the lukemftpd FTP server in the client version of Mac OS X, Apple replaced it with the tnftpd FTP server (Mac OS X Server uses xftp instead); unfortunately the change has caused login difficulties for some users when connecting to upgraded Macs via FTP. The Apple support forum discussion linked below offers some solutions, but perhaps the best one is to use this problem as an excuse to switch to SFTP, which eliminates long-standing security problems with FTP. Apple will likely release a fix for normal FTP in the near future.
The security update applies to the client and server versions of Mac OS X 10.2.8, Mac OS X 10.3.4, and Mac OS X 10.3.5. The easiest way to get Security Update 2004-09-07 is via Software Update; otherwise you'll have to pick the correct version from the Apple Downloads page. The client downloads are 7.6 MB; the server downloads are 12.6 MB. [ACE]
Article 17 of 18 in series
Security Update 2004-09-07 1.1 Fixes FTP & Safari -- Just after we put last week's issue to bed with a warning about Security Update 2004-09-07 1.0, Apple released Security Update 2004-09-07 version 1.1, which offers two important fixesShow full article
Security Update 2004-09-07 1.1 Fixes FTP & Safari -- Just after we put last week's issue to bed with a warning about Security Update 2004-09-07 1.0, Apple released Security Update 2004-09-07 version 1.1, which offers two important fixes. First, the update changes the Safari version number to provide compatibility with Web sites that improperly identified Safari as a different browser; Apple also offers advice on detecting Safari's user-agent string and on object detection. The 1.1 version of the security update also fixes the installation of the FTP server (it turns out that tnftpd is just a renamed version of lukemftpd, if you were confused) to eliminate the user login problems, and in our testing this appears to be true. The 1.1 version of the security update ranges in size (depending on your version of Mac OS X) from 7.1 MB to 12.6 MB and is available via Software Update and Apple's Software Downloads page. There are no other changes from the 1.0 version, but we can now recommend that everyone install it. [ACE]
Article 18 of 18 in series
by Jeff Carlson
Security Update 2004-09-16 Fixes iChat Vulnerability -- Apple last week released Security Update 2004-09-16 via Software Update and as separate downloadsShow full article
Security Update 2004-09-16 Fixes iChat Vulnerability -- Apple last week released Security Update 2004-09-16 via Software Update and as separate downloads. The update includes a new version of iChat that fixes a potential problem whereby someone could send a link that would launch an application on your Mac. After the update is applied, clicking such a link brings up a dialog that asks you to confirm that you want to run the application. If you don't use Software Update, three separate downloads are available, each about 1 MB in size, depending on the version of Mac OS X and iChat you're running. [JLC]