Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue

TidBITS Logo


The main news this week is Apple's release of the System 7.5 Update 1.0, which updates a System 7.5 Mac so it thinks it is running 7.5.1, along with updates to QuickDraw GX, LaserWriter, and some new PowerTalk gateways. We also have news about what happened to DeskPicture, a program that has enhanced countless thousands of desktops over the years, and - finally - we bring you a look at SATAN, which has caused one of the latest Internet controversies.


Copyright 1995 TidBITS Electronic Publishing. All rights reserved.
Information: <> Comments: <>

This issue of TidBITS sponsored in part by:


We continue to worry about the mega-long URLs that result when we try to point people at Apple's FTP sites, because the return characters they contain tend to cause problems when people copy and paste them into other programs. As a result, we're going to try enclosing URLs that span more than a single line in <angle brackets>, just as we do with email addresses, machine names, newsgroup names in running text. This won't make the return characters go away, but will alert you to their existence. Up! The 10 to 12 day delay in replacing the machine that runs <> we reported last week turned out to be a one-day delay, thanks to some fast work from Northwest Nexus. This means that TidBITS issues and the portion of Info-Mac mirrored there are once again accessible, plus the Anarchie bookmarks that ship with Adam's book should be working again. We apologize for any inconvenience, and extend a hearty thanks to Northwest Nexus for getting the machine replaced so quickly. [GD]

New Apple System Software Components -- In addition to the release of the System 7.5 Update 1.0 last week (see article below), Apple also released QuickDraw GX 1.1.1, LaserWriter 8.2.2, new PowerTalk gateways, and an international version of the network software installer that's potentially useful to a variety of Mac owners. Unfortunately, it seems these updates are only available on the same sites as System 7.5 Update 1.0, which means getting your hands on them can be difficult. Just for kicks, I wrote a script that repeatedly attempted to connect to Apple's update sites using a variety of methods during the wee hours of the morning. It ran for more than six hours without a single successful connection. So, we'll bring you more on these updates as soon as we can. [GD]

TCP/Connect II Correction and Update -- Dave Saunders <> writes to tell us that the latest version of TCP/Connect II is (as of a few days ago) version 2.1.1, and it does support multiple Web windows, although in a somewhat unusual way. In the Web configuration window, there's an option entitled "Open a new window for each user-specified URL" and when that's checked, TCP/Connect II 2.1.1 opens a new window when you use the Open URL command from the Services menu (but not when you type a URL into the Current URL field in the Web window). Also, version 2.1.1 now supports CERN proxies, which means it can access WAIS URLs, as well as anything normally inaccessible to those behind a firewall running CERN proxy servers. [ACE]

ISKM III Providers Wanted -- I'm working on the third edition of Internet Starter Kit for Macintosh, and this time we're going to include custom configurations for a number of providers. If you run an Internet provider anywhere in the world and provide SLIP or PPP accounts at a reasonable rate, and you can offer some sort of special connection offer to readers of the Starter Kit who sign up with you, send email to my editor, Brad Miser <>, for more details. There isn't much time to spare, so act soon. [ACE]

System 7.5 Update 1.0 Released

by Geoff Duncan <>

On March 15, 1995, Apple released the Macintosh System 7.5 Update 1.0 to the world. Although the appearance of this update might seem to follow right on the heels of the release of System 7.5, this series of patches and enhancements have been in development for some time - in fact, portions of it have circulated among selected developers since at least November of 1994. If you've heard rumors about System 7.5.1, this is it: once installed, your Macintosh reports that it's running System 7.5.1, and Apple plans to ship new Macs with 7.5.1 pre-installed.

Readers familiar with previous updates to the Macintosh system software - the System 7 Tune-Up, the various Hardware System Updates, System Update 3.0, and the Apple Multimedia Tuner - will note at least one major change with this update: it's big. System Update 1.0 consists of four high-density floppy disk images. Binhexed and placed online, these files weigh in around 5.2 MB. Even with a fast modem, be prepared to spend some time downloading this update.

What's Included -- Although previous system updates changed multiple system files (such as new printer drivers, a new Chooser, and so on), the System 7.5 Update takes this a little further by including updated system extensions and control panels (Launcher, WindowShade), system items previously available (such as MacTCP 2.0.6 and Speech Manager 1.3) as well as a brand-new Finder. Here's a look at some of the functional enhancements:

Here are a few highlights of some technical enhancements in the System 7.5 Update 1.0.


Update Problems and Tips -- This update hasn't been out for long, so any summary of problems is obviously premature. However, the following issues have so far emerged:

Where To Find It -- Apple has made System 7.5 Update 1.0 available on eWorld and from its usual array of Internet servers. Unfortunately, these Internet servers have been overwhelmed with traffic since the update became available. Apple quickly put up a new server - <> - to help spread the load, but it's still extremely difficult to get through. Currently the update is officially available on three Internet servers: <>, <>, and <>.

Here is the main FTP URL:


You might try substituting the name of another Apple server (see above) if you can't get through. Sneaky users might try using an HTTP URL (but that's left as an exercise for the reader, and the results have been mixed). However, one back door to the update that doesn't seem to have been completely overwhelmed (yet) is:


A word about FTPing this update: if you're connecting the Internet over a slow connection or a modem and you have access to a shell account on your Internet provider's machine, consider opening a shell session and FTPing the files to a directory on your provider's machine. Why? Apple's FTP servers are restricted to anywhere from 60 to 100 concurrent anonymous users, and in all likelihood your provider's Internet connection is considerably faster than your modem. In the event you manage to get through to Apple's FTP sites, a 14.4 Kbps modem would take nearly an hour to download the update - that's an entire hour that you're filling one of those 100 slots, which isn't an efficient use of the server's bandwidth. Using your provider's faster line, however, you might be able to download the update to your provider's machine in only a few minutes, thereby freeing that slot much more quickly. Once you've done this, you can download the files from your provider's machine at your leisure, without having to worry about finding an available FTP slot on Apple's machines.

Summary -- My Quadra and PowerBook have been running the System 7.5 Update since it was released (and two pre-release versions before that) with little trouble. The update eliminated three completely reproducible crashes or hangs on my system, one involving the Standard File dialogs, another involving opening Finder windows, and one with WindowShade. My machines don't seem any slower, and CPU benchmark utilities indicate no significant shift in system performance since installing the 7.5 Update.

Finally, one complaint about the System 7.5 Update remains: the "secret about box" that appeared with System 7.5 is gone. TidBITS readers might want to consider it their mission to discover and report any replacement Apple might have included.

Information from:
Apple propaganda
DayStar Digital
KS Labs
Output Enablers

DeskPicture: Back to the Nets

by Adam C. Engst <>

Way back when in 1991, Now Utilities was the first piece of commercial software that TidBITS ever received as a review copy. That was version 2.0; the current version is 5.0.1 and the package has undergone some cast changes that make the Clinton cabinet look stable. Along the way, Now Software spun out some of the more frivolous parts of Now Utilities into a now-defunct package called NowFun.

One of those early pieces of Now Utilities was Clay Maeckel's DeskPicture, a utility for displaying images in place of the standard desktop patterns (see TidBITS-45). Ironically, DeskPicture started off life as freeware called DeskPICT. In that review in TidBITS-45 (which now falls under my current pet phrase, "History happens."), I said:

"Clay Maeckel wrote DeskPICT, the freeware predecessor to DeskPicture, in early 1987. The DeskPICT INIT simply displayed on the desktop a picture stored in a file called DeskPicture. Clay had planned a shareware upgrade to DeskPICT that would give it a control panel interface and a number of other features. But, at about the same time Claris Legal gave him permission to release DeskPICT as shareware (gotta run everything through legal these days it seems), he heard about Now Software and its planned collection of utilities. The concept interested him, and since non-essential shareware often does poorly in terms of financial earnings, he decided to go with Now rather than market DeskPICT as shareware. Clay said that he had received quite a bit of email from people who understood and encouraged the move and only one letter flaming him for the decision. Clay said that taking DeskPicture commercial made him feel a bit guilty, but it also gave him a good excuse for his wife when he uses the computer at home."

At the time, DeskPicture's ability to display and randomize Startup Screen and PICT files was pretty neat, although it was soon joined by numerous other utilities that in some way graphically modified the desktop, including WallPaper and Screenscapes, among many others. When NowFun arrived, DeskPicture moved from Now Utilities into NowFun, but NowFun never took off. I don't know why - perhaps it was too expensive, or perhaps the individual utilities didn't stack up to the existing competition - it doesn't matter. What does matter is that NowFun went away, and DeskPicture was in limbo.

A brief aside here. Another part of the first version of Now Utilities was a tiny utility from Michael Peirce called MemorySetter, which could intercept an application launch and let the user specify a different memory setting. Now dropped MemorySetter from Now Utilities 2.0, ostensibly because of disk space, although the feature lives on today as a part of Now Menus (and I use that feature frequently). Once he had it back, Michael updated MemorySetter, renamed it AppSizer, and released it as $19.95 shareware from Peirce Software (see TidBITS-125 for a review of AppSizer 2.1).

In any event, once Clay recovered the rights to DeskPicture from Now Software, he and Michael got together and released DeskPicture 4.0 as shareware, also for $19.95. It's nice to see Clay's work available to the Macintosh community once again, and I hope the market has matured enough that Clay's 1991 fears about DeskPICT not being financially viable via shareware won't come true. It's interesting that with this move, DeskPicture will have moved from freeware to commercial to shareware in its eight-year existence. Few programs have been so long-lived or mobile.

DeskPicture 4.0 enables you to place any number of pictures on your desktop, no matter how many monitors you have or what screen depth you use. It can either use system memory for fast screen updates or load from disk to reduce the system memory usage. You can also scale, crop, and tile pictures on the screen, just in case you feel like making a collage. DeskPicture supports XTND, and comes with four translators that enable you to open and display images in GIF, black and white Startup Screen, WallPaper, and MacPaint formats. These formats are in addition to the built-in formats that DeskPicture supports: PICT, EPS, color Startup Screen, and PhotoCD. For those of us with short attention spans, DeskPicture can switch between pictures randomly or sequentially at random or specified time intervals.

A small update to DeskPicture 4.0.1 should arrive soon, adding an application called DeskPicture Hanger, which enables you to place a picture on your desktop by merely dragging it onto the DeskPicture Hanger application. Needless to say, when it arrives, the URL above will break, so don't be surprised.

Peirce Software has a support area on eWorld (keyword: Peirce), and also provides support for DeskPicture via Internet email at <>. If your desktop has needs a shot of excitement, give DeskPicture a try, and if you like it, show your support for Clay's shareware resuscitation of DeskPicture from the ashes of a commercial package.

Information from:
Michael Peirce <>

Could It Be... SATAN?

by Geoff Duncan <>

In recent weeks, there's been heaps of hype and controversy on the nets and in mainstream media surrounding a Unix security tool called SATAN. I've been cautioned against writing an article about it on the grounds that the article would fuel the fires of confusion and misinformation about SATAN. However, in the wake of the arrest of Kevin Mitnick (a widely-renowned computer cracker who, among other things, recently grabbed twenty thousand credit card numbers from Netcom - leading one to wonder why Netcom would leave such sensitive information on a machine connected to anything), I've noticed a growing popular paranoia about Internet security. The message seems to be a) the Internet is not a safe place, b) people on the Internet are intent on damaging you and your computer, and c) their next weapon is SATAN.

What Is It? The name SATAN is an acronym for Security Analysis Tool for Auditing Networks. SATAN gathers information about machines, networks, and remote hosts by examining a number of Internet and Unix services, looking for potential problems and known security loopholes. SATAN is being written by Dan Farmer and Wietse Venema, two well-established members of the Unix security community, in their spare time. SATAN is born of the philosophy that as computer systems are increasingly networked, they become more vulnerable to attack from those networks. The idea for SATAN was first proposed by Dan and Wietse in a paper called "How to Improve the Security of Your Site by Breaking Into It," originally posted in December, 1993.

Using SATAN requires root access to a Unix machine on a network - a privilege enjoyed by few Internet users - and presently SATAN only runs under SunOS and Irix. So why all the hype? Unlike other Unix security tools, the authors intend to publicly release SATAN to the general Internet community as early as 05-Apr-95, and a beta version of SATAN is out there now. SATAN makes system and network information - often obtainable only through careful, knowledgeable, and often painstaking work - available in one consistent, easy-to-download package. And this makes some people who have critical information on their networked systems-like credit card numbers or trade secrets - very nervous.

According to early reports, SATAN works. Users of early releases indicate SATAN accurately finds potential and possibly unknown problems on networks with as few as eight or ten systems. The bigger and more complex a network becomes, the more likely SATAN will find potential security problems.

Sign Right Here, Mr. Jones -- So why is SATAN bad? According to some, SATAN will unleash hordes of crackers and wannabe crackers on the Internet, many of whom will take down systems and networks with impunity. One Kevin Mitnick was bad enough: imagine a thousand or more, all armed with the latest in security analysis software.

SATAN's creators have certainly heard their share of this argument. Their standing as members of the Unix security community has kept them from being completely vilified in the popular press - but only barely. SATAN's documentation even says "at least one of the authors has had his job threatened." Some security experts have been quoted as saying that all copies of SATAN should be destroyed, and I've read rumors of possible legal action in the event SATAN is released.

However, there's another side to that line of reasoning: maybe SATAN just lets the security experts keep up with the Joneses.

Think about it: imagine that you're a sociopathic, wizard cracker with a grudge against the entire Internet - just for the sake of argument. You pick some obvious targets: government agencies, military computers, sites conducting online commerce, computer companies, research centers, and maybe - to show off a little - the personal machines of some net security people. Just to let them know who's boss.

Now, despite your obvious and considerable genius, cracking into systems undetected is sometimes a tricky thing to do. When you find a trick that works more often than not, you make yourself a tool that does the trick for you. Maybe it's a script that exploits a flaw in a particular version of sendmail, or maybe it's a program that helps simulate a "trusted" machine. Whatever - it's cool and it saves you time. When you meet other crackers and start one-upping each other with feats of deviousness heretofore unknown to the networked world, eventually you start trading tools.

One result of all this back-room trading is that sophisticated crackers already have tools that do what SATAN does - and more - and they've had them for a long time. In terms of sheer capability, SATAN does little to help or hinder intruders of this caliber. "Keeping out the real Mitnicks is hard enough even for real security experts," Wietse points out. "SATAN is a tool to help systems administrators to keep a large class of intruders out." Those intruders are casual crackers who know enough to exploit common weaknesses, but not enough to develop sophisticated tools.

Sympathy for the Devil -- If a line were to be drawn as to what constituted a "tool" and a "weapon" on the nets, where would that line be? All too often, system break-ins are the result of weak passwords rather than sophisticated break-in techniques. Finger, a common program in the Unix world, can reveal copious amounts of information about a machine if applied systematically, including a machine's disk structure, account names, and hosts users commonly connect from. This information can be (and has been) used to assist break-in attempts, and therefore Finger might reasonably be defined as a "weapon." Should the distribution of Finger be restricted?

Similarly, SATAN is a piece of software that provides information. Let's face it: if SATAN wanted to be the Program From Hell, it wouldn't stop at identifying problems: it would exploit them. Contrary to much of the popular press, SATAN does not directly attack other computer systems, although some of its scanning activities should set off alerts on remote systems being investigated. The information SATAN collects is already available to anyone with the right knowledge and significant access to the network being examined; similarly, the problems SATAN identifies are well-known and often the subject of CERT and CIAC security advisories. You could think of SATAN as a tool intended to raise the minimum standards of network security high enough that the majority of would-be intruders are kept out. Ironically, despite the current gnashing of teeth, SATAN arguably has the potential to make the Internet a more secure place than it is now, in large part because cracking machines is often a domino process - crack into one, and another one becomes easier to break into.

SATAN's authors are straightforward about the potentials of their program. "Not only is it an unfriendly idea to run SATAN against a remote site without permission, it is probably illegal as well. Do yourself and the rest of the Internet a favor and don't do it! While we don't know of anyone being charged with a crime or sued because they ran a security tool against someone else, SATAN could change that."

The current media hype about SATAN might best be summarized as members of the press and the online community being all too aware that what they don't know can hurt them. However, the bottom line is that even if your Mac is connected to the Internet and probed by SATAN, you're unlikely to notice, and even less likely to suffer for it. Internet providers and users of networks with Unix machines connected to the Internet might wish to stay abreast of SATAN's development and release schedule - just in case. The official SATAN release page is a good place to check, as are the <> and <> newsgroups. SATAN's developers can be reached at <>.

Information from:
SATAN documentation


Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.

Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue