Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue

TidBITS Logo

TidBITS#577/23-Apr-01

Security holes in Mac OS X? That's right, and the first installment of our new column on Mac OS X explains how to shut them, along with looking at Mac OS X releases of Timbuktu Pro and ConceptDraw, a limitation of Mac OS X's FTP server, and a clever utility that puts a graphical interface on the Unix command line. We also look at Apple's extremely positive quarterly financial results and cover new releases of Eudora 5.1, BBEdit 6.1, and Acrobat 5.0.

Topics:

Copyright 2001 TidBITS Electronic Publishing. All rights reserved.
Information: <info@tidbits.com> Comments: <editors@tidbits.com>


This issue of TidBITS sponsored in part by:


MailBITS/23-Apr-01

Eudora 5.1 Adds SSL, Palm Address Synchronization -- Qualcomm has released Eudora 5.1, a free update to their popular email application. New features include support for secure, authenticated connections via SSL (Secure Sockets Layer) if your email server supports them; an option to display signatures inline in message composition windows; support for sending, receiving, and storing vCards; colorizing of MoodWatch trigger words and phrases (Paid or Sponsored mode only); and a new MoodWatch settings panel. Qualcomm rewrote Eudora's Address Book for Eudora 5.0 (see "Eudora 5.0 Reads Your Mind" in TidBITS-547), and now we're starting to see the benefits. Enhancements include a conduit for synchronizing your Eudora Address Book with a Palm OS handheld, support for photos in address book entries and in nickname toolbar buttons, the capability to export the Address Book (or just selected entries) to a comma-delimited text file, and a new Address Book settings panel. In addition, Qualcomm fixed a slew of minor bugs. A 4.8 MB installer enables you to install a fresh Eudora Application Folder or update a Paid copy of Eudora 5.0.x (but not a beta version). For those running Mac OS X, a carbonized version of Eudora 5.1 is in beta testing now (it's a 3.8 MB download). [ACE]

<http://www.eudora.com/email/>
<http://db.tidbits.com/getbits.acgi?tbart=06112>
<http://www.eudora.com/products/eudora/download/>
<http://www.eudora.com/betas/>

BBEdit 6.1 Adds Features, Mac OS X Support -- Bare Bones Software's popular text and HTML editor BBEdit has now joined the ranks of software carbonized for Mac OS X. Along with that basic architectural change and numerous tweaks to fit into the Mac OS X environment better, BBEdit 6.1 offers many new and enhanced features, including integration with Mac OS X's Perl tools, an improved FTP engine with support for alternate ports, optional display of hard line numbers in soft-wrapped documents, FTP browser windows for viewing remote directories, and support for Emacs-style key equivalents for editing commands. BBEdit 6.1 is 8.3 MB download and works on System 7.5.5 and higher. It's free for registered users of BBEdit 6.0; $39 for users of previous versions of BBEdit, $79 for cross-upgrades, and $119 for everyone else. [ACE]

<http://www.barebones.com/products/bbedit.html>
<http://www.barebones.com/support/bbedit/bbedit-notes.html>
<http://www.barebones.com/support/updates.html>

Acrobat 5 Focuses on Online Collaboration -- Adobe has released Adobe Acrobat 5, positioning its Portable Document Format (PDF) as an online collaboration tool rather than just a way to view documents across platforms (see the TidBITS series on document collaboration). Acrobat 5 adds the capability to save the contents of PDF files in other formats such as RTF, or to save pages as TIFF, JPEG, or PNG images. On the security front, Acrobat 5 supports 128-bit encrypted password protection and digital signatures for handling confidential documents, and it can restrict editing and printing. You can apply annotations and changes to shared documents online from within a Web browser, saving the trouble of shuttling multiple versions of a document via email. Adobe has boosted Acrobat's capability to use forms in PDF documents, so users can create live electronic forms that can be tied into back-end databases using Acrobat's XML support. Acrobat 5 also includes accessibility features such as high-contrast display settings, support for Windows-based screen readers (see our series on accessibility for the disabled), and more keyboard shortcuts. The program also offers a host of other features, such as enhanced output and color controls, batch processing, and tools for analyzing and repairing PDF files. Acrobat 5 is now available for $250 and is carbonized for Mac OS X. The free Acrobat 5 Reader installer is a 380K download; the application itself is a 10 MB download. [JLC]

<http://www.adobe.com/acrobat/>
<http://db.tidbits.com/getbits.acgi?tbser=1191>
<http://db.tidbits.com/getbits.acgi?tbser=1189>


PowerBook G4 Titanium Propels Apple $43 Million Profit

by Adam Engst <ace@tidbits.com>

For its second fiscal quarter of 2001, Apple Computer last week announced a net profit of $43 million dollars, or $.12 per share, on sales of 751,000 Macs. That number was helped slightly by $89 million from Apple's sale of 23 million shares in ARM Holdings, plc, which more than offset an $86 million charge for a write-down of Apple's investment in EarthLink. Apple has only 8 million shares in ARM Holdings remaining, but selling shares in ARM Holdings has done wonders for bolstering Apple's finances over the last few years. Although this quarter's results don't compare well with the $233 million profit ($.64 per share) on sales of over 1 million Macs from the second quarter last year, they utterly crush analysts' estimates of $.01 per share that followed last quarter's $195 million loss. Apple's cash and short-term investment position remains strong at over $4.1 billion.

<http://www.apple.com/pr/library/2001/apr/18q2results.html>
<http://db.tidbits.com/getbits.acgi?tbart=05902>
<http://db.tidbits.com/getbits.acgi?tbart=06273>

Credit for the improved results goes in part to Apple's cost-cutting measures and lower component costs, but more obviously to the popular PowerBook G4 Titanium, which sold 134,000 units in the quarter, far better than its PowerBook G3 (FireWire) predecessor in either last quarter or the year ago quarter. The PowerBook G4 Titanium also helped boost Apple's gross margins to 26.9 percent, still below last year's 28.2 percent. Sales of the Power Mac G4 (Digital Audio) were also stronger than last quarter, at 250,000 units. However, the iMac couldn't quite match the Christmas quarter with 300,000 units, and the iBook - the model most likely to be revised soon - racked up sales of only 55,000 units. Even with Apple's price cuts, the Power Mac G4 Cube managed sales of only 12,000 units. The most interesting lift to Apple's revenues came from Mac OS X, which accounted for $19 million.

Some thoughts about Apple's financial position: the company's fortunes may be relatively independent of the larger computer industry, perhaps because Macintosh purchases are more commonly individual rather than corporate decisions. Also, note that a compelling product like the PowerBook G4 Titanium can sell well even in a cool economic climate. In contrast, the Power Mac G4 Cube - despite its elegant and quiet design - simply doesn't offer sufficient advantages over either high-end iMacs or low-end Power Mac G4s to entice buyers even after Apple dropped its price. We'll probably see the Cube either benefit from a significant revision or disappear entirely by the end of 2001.


TenBITS/23-Apr-01

by Adam C. Engst <ace@tidbits.com>

I noticed when reading back through the issues of ten years ago (see our anniversary article "TidBITS Goes to Eleven" in TidBITS-576) that we did a sporadic column reporting bits of information related to the just-released System 7. That release was a huge deal in the spring of 1991, and I'm embarrassed our coverage of the actual release was so minimal. But the parallels with Mac OS X's recent release are striking: in both cases, applications needed to be rewritten to support new features, the actual release came several months before the operating system was installed by default, both were slow on low end Macs that didn't have enough RAM (a 4 MB minimum for System 7 versus Mac OS X's 128 MB minimum), and numerous tips and tricks were necessary to make the most of the new operating system. The main difference seems to be that Mac OS X has suffered far more negative comments. There was some moaning about a few specific technologies in System 7 (such as balloon help and publish & subscribe), but the overall response was positive because System 7 clearly addressed well-perceived needs, like multitasking and access to more physical RAM.

<http://db.tidbits.com/getbits.acgi?tbart=06397>

Whatever the similarities or differences, it's time for another sporadic column to distill otherwise unrelated bits of information about Mac OS X from the extensive discussions on TidBITS Talk and other places.

Mac OS X FTP Vulnerability? On 10-Apr-01, CERT issued an advisory identifying a problem with the way various FTP servers can be compromised to enable intruders to execute code on the machine running the FTP server. The bug affects FTP servers in a variety of Unix implementations, including the FreeBSD version which Apple uses in Mac OS X. FreeBSD, Inc. has acknowledged the bug and fixed it, and other vendors have also investigated the situation. Unfortunately, Apple has made no statements to CERT as to whether or not Mac OS X is vulnerable, requests for clarification on Apple's DarwinOS-Users mailing list went unanswered, and Apple has failed to reply to our direct email queries as well. However, Larry Rosenstein <lsr@alum.mit.edu> tells us that the version control log for Darwin shows that the FTP server was imported from the FreeBSD project in July of 2000, and his reading of the code indicates a likely vulnerability. He also noted what might be an attempt at a fix in the current version of the FTP server source code.

<http://www.cert.org/advisories/CA-2001-07.html>

Since Mac OS X's Sharing control panel offers an option to allow remote FTP access using this server code, we recommend you leave that option off (as it is by default, thank goodness) to be safe until Apple closes this security hole. If you do need FTP access on, don't allow anonymous FTP access (by creating an account named "ftp") and make sure users have strong passwords.

My advice to Apple: with Mac OS X, you chose to hop into bed with the open source Unix community, and now you have to suffer the bedbugs which didn't bite previous versions of the Mac OS. Deal with them like an upstanding member of the community: acknowledge problems quickly, provide interim workarounds, fix the bugs, and distribute the fixes widely through the Software Update control panel. Attempts to conceal problems or execute PR spin won't fly - Mac OS X will likely become the most popular version of Unix on the planet before long, and with that reach comes a heavy responsibility to protect Mac OS X users.

No MacBinary in Mac OS X FTP -- While we're on the topic of Mac OS X's FTP server, I discovered last week that the silly thing doesn't support MacBinary file transfers. That means that if you upload a Macintosh file with a resource fork (like all Classic applications, Carbon applications that also run under Mac OS 9, and some documents) the resource fork will be stripped during upload, damaging the file. We expect more attention to detail from Apple; hopefully they'll add this functionality in a future release.

In the meantime, there are two workarounds. Either use the slower AppleShare instead, since it copies the resource fork with no trouble, or stuff the file with a recent version of StuffIt Deluxe or DropStuff before uploading to combine the resource and data forks in the data fork-only StuffIt archive.

Timbuktu Pro for Mac OS X Released and Released Again -- With Netopia's preview release of Timbuktu Pro for Mac OS X, we have another essential piece of software necessary to turn Mac OS X into a production operating system. New features include an Aqua interface (along with other basic Mac OS X elements, such as tooltips and support for file and folder permissions), support for multi-gigabyte files, additional security, the capability to force quit applications on remote Mac OS X machines, and improved display performance. Limitations include no support for AppleTalk-based connections, no DirectDial functionality for connecting directly via modem, no way to wake up a sleeping display (forcing use of the Mac OS X screensaver - unfortunately, Mac OS X has no basic black screensaver built in), no support for Mac OS X's long file names, no way to restrict incoming access when Timbuktu is running, no drag & drop with Mac OS X host computers, no support for the Hide Desktop Pattern feature, and compatibility only with version 4.8 and higher of Timbuktu Pro for Macintosh and Timbuktu 2000 for Windows (earlier versions may work but are not officially supported). The preview release costs $30 from Netopia's online store and expires on 18-Jun-01; Netopia plans to offer special upgrade pricing on the final version to those who purchase the preview release.

<http://www.macosxready.com/>

In testing, Timbuktu Pro for Mac OS X worked well for both controlling existing Macs and being controlled. However, Netopia today acknowledged a serious security hole that allows a user with physical access to the computer to bypass Mac OS X's password security. Netopia immediately released 6.0b2 to correct the problem; it's available at the URL sent in the confirmation email purchasers received. We strongly recommend against installing the 6.0b1 software on any computers for which physical security is a concern, and we recommend anyone with 6.0b1 installed download 6.0b2 immediately. Although this hole provides additional evidence of the security concerns raised by a multi-user operating system, kudos to Netopia for acknowledging and responding to this issue so quickly.

<http://www.securemac.com/timubktuosxpreviewhole.cfm>
<http://www.netopia.com/support/faqs/software/osxfaq.html#securityissue>

Here's how the hole works. Timbuktu for Mac OS X is designed to allow remote access even when a computer set up for multiple users is sitting at the login screen, a state at which the operating system has fully loaded but is waiting for user authentication. Even then, Timbuktu displays an annoying free-floating icon (Control-drag to move it to the least obtrusive location since it floats on top of all other windows and even the Dock) that duplicates the menu items of the Mac OS 9 Timbuktu menu bar icon. Select one of those menu items, the Timbuktu application launches, and the Mac OS X menu bar becomes visible. Unfortunately, now that the Mac OS X menu bar is visible, the user has full access to the Apple menu, including the System Preferences tool, whose Users pane allows the creation of new user accounts with administrative privileges. Version 6.0b2 eliminates the problem by not displaying the Mac OS X menu bar if there's no logged-in user.

ConceptDraw 1.6 Goes Carbon -- CS Odessa has released ConceptDraw 1.6, adding no new features but making it run natively under Mac OS X as a Carbon application and supporting the Aqua interface. Performance in Mac OS X is also improved when working with large documents. CS Odessa also has a non-carbonized version of ConceptDraw for people using Mac OS 8.1, and folks running Mac OS 8.5 to Mac OS 9.1 may want to consider the non-carbonized program, since it's somewhat faster than the carbonized version. There are a few minor bug fixes that might make the free upgrade to 1.6 worth the 3.9 MB download even for those not using Mac OS X.

<http://www.conceptdraw.com/en/resources/beta16xload.php>

Playing the Mac OS X ShellShell Game -- Many people have expressed concern regarding how Mac OS X provides access to the underlying Unix command line, fearing that developers and support technicians will rely on it rather than graphical Macintosh tools (see the recent debate in TidBITS Talk between frequent TidBITS contributors Chris Pepper and Travis Butler). Robert Woodhead of Wizardry and Virex fame has muddied the waters in a welcome way with his just-released ShellShell utility, which puts a graphical interface on top of Unix shell commands. Robert created a scripting language for representing all the options and dependencies of a Unix command; ShellShell turns such a script into a configuration panel for that command. Choose your options, decide if the command needs to be sent from the root account, and click the Run button to send the command to Mac OS X's Unix underpinnings. The arcane textual Unix results come back in a second pane. The other limitation to ShellShell is that it comes with scripts for only some Unix commands; it's up to the community to contribute additional ones. ShellShell is LegoWare (send Robert's kids Lego blocks if you use it) and is a 600K download.

<http://www.madoverlord.com/Projects/SHELLSHELL.t>
<http://db.tidbits.com/getbits.acgi?tlkthrd=1351>


BookBITS: Me, My iMac and I - Three Books for iMac Users

by Kirk McElhearn <kirk@mcelhearn.com>

Last week, Apple announced that it had sold its five millionth iMac, making the translucent machine Apple's best-selling Macintosh model of all time. Its unique design attracted many who had never before purchased computers, and its ubiquitous shape and colors have made it almost standard fare in mainstream magazine photo spreads, television shows, and movies - when you need to show a computer, you might as well present one that looks good.

Many TidBITS readers undoubtedly own iMacs, as I do, and many of you may also have family members who own one. Although it is easy for an experienced Mac user to get an iMac up and running, many new users find the task more difficult, not so much because it's inherently hard, but because nearly half of iMac purchasers are first-time Macintosh users.

<http://db.tidbits.com/getbits.acgi?tbart=05780>

Unfortunately, the iMac has fallen prey to the industry trend of eliminating documentation, in part to reduce development, production, and distribution costs, but also undoubtedly in part to support Apple's claim that it's so easy you won't need much documentation. [For more on this topic, see our seminal article, "The Death of Documentation" in TidBITS-428 and the many TidBITS Talk discussions it has spawned. -Adam] The iMac has a couple slim manuals to get you started, but, other than online documentation, there is nothing to which novice computer users can refer, or even use as an introduction. I think this is a shame, not only because the Mac OS is complex, but also because the applications bundled with the iMac, such as AppleWorks, are powerful and have a wide array of features a new user is unlikely to discover or use fully without assistance.

<http://db.tidbits.com/getbits.acgi?tbart=04865>
<http://db.tidbits.com/getbits.acgi?tlkthrd=69+70+71+72+73+75+78+79+1206>

Many publishers have released books on the iMac, an unusual move given that single computer model is seldom sufficiently popular to warrant an entire book. Their levels differ greatly - some are designed for beginning users, others for those more familiar with computers. They all have one thing in common, though: they present the basic features of the iMac, its operating system, and its applications.

Yet, none of these books are all that specific to the iMac. Although they all present the computer, show how to set it up and connect it, they then continue with a more general presentation of the Mac OS and the different applications bundled with the iMac. Any of these books could be used as a general book on the Mac OS, with the exception of a few pages that deal with the iMac.

Perhaps this makes sense. Would a beginning computer user be more attracted by a book talking about the Mac OS (many iMac users might not even know their iMac is running the Mac OS, in spite of the splash screen displayed at startup), or by a book presenting the iMac, their computer? One of the successes of the iMac is that its "personality" sets it apart from other computers, making it a more attractive device for many novice users. iMac users don't own computers; they own iMacs.

In this article I look at three different iMac books. Each adopts a different strategy and tone to give iMac users the knowledge they need.

A Tried and True Formula -- A long time ago, in a world far, far away, computers came with manuals: huge tomes that were big enough to be used as doorstops. Some of you may remember that time. Since then, manuals have all but disappeared.

Sometime between then and now, IDG Books (now known, oddly enough, as Hungry Minds) came up with a way to attract all those computer users who didn't understand how these machines worked, didn't understand those bulky manuals, and were almost too ashamed to ask. The popular Dummies series has seen both wildly successful titles and total flops, both on computers and other diverse subjects (business, cooking, gardening, sex, etc.). Through a mixture of humor and lightheartedness, the Dummies books have the merit of demystifying computers. The Dummies series also has an online complement, where you can subscribe to daily tips by email. This can be a good way for new users to start receiving email messages.

<http://www.dummies.com/>

David Pogue's The iMac for Dummies (Hungry Minds, $20) uses the irreverent tone, humor and cartoons that are the hallmark of this series to lead users from setup to competence. Written in a friendly style that's light years away from the stereotypical computer manual that many new users fear, this book provides a complete overview of what you can do with your iMac. From the absolute basics (pointing and clicking, moving files around, handling folders) to chapters on the Internet, applications, an overview of the System Folder, and even a well-presented chapter on troubleshooting, this book is a thorough collection of what new users need to know to get the most common tasks done.

<http://www.amazon.com/exec/obidos/ASIN/076450648X/tidbitselectro00A/>

Relatively little of the content is specific to the iMac, which leads me to believe that The iMac for Dummies is probably extremely similar to Pogue's Macs for Dummies (I don't have a copy for comparison). But it is certainly sufficiently copious (at over 400 pages) for the demanding iMac user, while maintaining the right tone to make it all sound easy.

Taking Your Time -- One of the biggest worries of new computer users is the amount of time needed to learn about their machine before getting anything out of it. It can't hurt to reassure iMac owners, showing them that they can learn the basics in a short amount of time.

Teach Yourself the iMac in 24 Hours (Second Edition), by Gene Steinberg (Sams, $20) takes this approach, giving 24 one-hour chapters, or lessons, presenting the main features of the iMac. Like The iMac for Dummies, this 400-page book actually is more about the Mac OS in general - Steinberg even mentions this in the introduction, saying that this book "is not just for iMac users," but also for iBook, PowerBook or Power Mac users as well. Only the first few pages of the book are specific to the physical setup of the iMac.

<http://www.amazon.com/exec/obidos/ASIN/0672318377/tidbitselectro00A/>

But Teach Yourself the iMac in 24 Hours presents the Mac OS in a much different way than Pogue's Dummies book. It starts at a higher level - while The iMac for Dummies is for real beginners who have never held a mouse, Steinberg instead assumes that readers are more or less familiar with the basics of using a computer. He then presents step-by-step lessons, each of which deals with a specific aspect of using a Mac.

Does this approach work? Each chapter is about the same as a chapter in any other computer book, so the lesson concept doesn't come through all that well. Perhaps there is a psychological advantage to seeing the learning process as a series of separate units. In any case, the book is well-written, and many users may feel more comfortable with its serious tone over the flippancy of The iMac for Dummies.

iMac in a Jiffy -- These first two books are relatively large, which may be daunting for some users. Other, smaller books manage to give a sufficient overview to users who don't want as much detail.

Martin C. Brown's iMac FYI (Muska & Lipman, $15) is a small, almost pocket-sized book that approaches the iMac in question-and-answer format. Its seven chapters present a total of 99 questions, each of which explains one aspect of using an iMac in a few pages. Again, there is little here that is specific to the iMac itself. But the tone of this book is that of answering the reader's questions, rather than telling the reader what to do.

<http://www.amazon.com/exec/obidos/ASIN/1929685068/tidbitselectro00A/>

iMac FYI is a much smaller book than the previous two, both in size and number of pages (277 pages), and it lacks the depth of the others. But it provides a simple introduction to the Mac OS in a relaxed, yet efficient tone. Its structure and size also make iMac FYI a good candidate for a quick-reference book, for when you don't want to read through narrative to get an answer (no matter how entertaining the narrative may be). This might be the ideal book for someone who has just gotten an iMac, but who still has someone they can call for the big questions. Think of your parents or grandparents, for whom you just bought an iMac, and who will undoubtedly be calling you no matter what. iMac FYI might give them the background to keep their phone bill down a bit and protect you from too many questions.

Nevertheless, iMac FYI isn't for total beginners. Take question 6, for example, "How do I open a file or application?" The answer begins, "Just double-click!" Well, the author does not explain what a double-click is, nor does he go into the basics, such as selecting menu items or moving the cursor. Although The iMac for Dummies may seem patronizing to some, it has the merit of explaining everything.

Looking It Up -- All three books contain one essential feature: a complete and detailed index. I consider the index one of the most important parts of a computer book, since, while a reader may read such a book from cover to cover once, it is mostly used as a reference.

iMac FYI's index is shorter, because the book itself covers less, and has the drawback of being in very small type (think of those elderly iMac users!). The other two books each have indexes of around 40 pages, with enough detail to cover most queries. Teach Yourself the iMac in 24 Hours comes out ahead in the index user-friendliness comparison test, and its layout makes it the most readable. Its indexers carefully considered what beginning readers will look up.

Take, for example, the Command key on the keyboard. Beginning users may call it the Apple key, because of the small apple on it, but Teach Yourself the iMac in 24 Hours provides index entries for both "Apple key" and "Command key." iMac FYI's index calls it the "Apple logo key," which might be confusing. The iMac for Dummies lacks any entry for the Command key, but it does have entries for terms such as pointing, double-clicking, etc.

Conclusion -- Each of these three books is written for a specific type of person. The iMac for Dummies is for those who don't want to get too involved with their computers, and its relaxed tone is ideal for people who are a bit anxious about using them. It has the merits of being a book for true beginners - Pogue takes the time to explain everything you need to do, from pointing and clicking to using menus and moving icons.

These basic techniques are missing from Teach Yourself the iMac in 24 Hours, which, nevertheless, provides a solid grounding in using an iMac with a more serious tone. Those coming to the iMac with Windows experience might appreciate the way Teach Yourself the iMac in 24 Hours goes right to the nitty-gritty.

iMac FYI, while covering less ground, is less of a textbook and more of a conversation with the reader. It's not designed for total beginners, but its question-and-answer format might be perfect for those who don't want to read a whole book.

You won't go wrong with any of these books, so your best approach would be to look at each and read a couple of pages. Especially given the overlap in material between these three books and their focus on different types of users, choosing the book with the right the tone and presentation may make the difference between a tool for learning and just another book on the shelf.

[Kirk McElhearn is a freelance translator and technical writer living in a village in the French Alps.]


Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.

Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue