Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue
We range far and wide this week! Glenn Fleishman contributes two articles, one explaining how soft mounting went away in Mac OS X 10.3.3 and another examining Sender Policy Framework, a new anti-spoofing technology for email. Then, Tony Williams reviews the highly entertaining book Apple Confidential 2.0. We also tell you about the new headline site Macminer.com, Guy Kawasaki's cover contest for his next book, the release of GraphicConverter 5, and Belkin's new iPod voice recorder. Win PDFpen in this week's DealBITS drawing!
Copyright 2004 TidBITS: Reuse governed by Creative Commons license
<http://www.tidbits.com/terms/> Contact: <firstname.lastname@example.org>
This issue of TidBITS sponsored in part by:
Make friends and influence people by sponsoring TidBITS!
Put your company and products in front of tens of thousands of
savvy, committed Macintosh users who actually buy stuff.
For more information and rates, email <email@example.com>.
READERS LIKE YOU! Help keep TidBITS great via our voluntary
contribution program. Special thanks this week to Thomas Knox,
Carl Zimmerman, and Lee Eldridge for their generous support!
SMALL DOG ELECTRONICS: iBook Sale!
iBook G3/800/AirPort $749! iBook G3/800/AirPort/640 MB RAM $815
iBook G3/900 14-inch 256/40/Combo/56K/AirPort $1069!
Visit: <http://www.smalldog.com/tb/> 802-496-7171
FETCH SOFTWORKS: With FTP, Fetch does it all! Upload,
download, mirror, and manage your web site. Fetch works
with Mac OS X, Mac OS 9, Mac OS 8, and even System 7!
Get your free trial version at <http://fetchsoftworks.com/>!
Discover, Master, and Unleash the Music in You!
The Big Mix from Aladdin Systems delivers nine awesome titles
in one complete audio package. Get the Big Mix for only $69.99.
Dr. Bott, LLC: We got into this business because we love
computer stuff. We now have the chance - the DUTY - to sit and
geek out with technology every day under the guise of "work."
And if it's cool enough, we sell it. <http://www.drbott.com/>
Web Crossing: Free Web Crossing Express now adds discussions and
plug-ins (low-volume) to the unlimited Web/FTP/email server.
Plug-ins add blogs, wikis, RSS, & more. Perfect for small biz,
families or clubs. Try it! <http://www.webcrossing.com/tb-304>
Macminer.com: Better Mac Headlines -- As you know, we're highly selective about what news we publish in TidBITS, which makes for quite a job of culling through the press releases we receive and scanning other sites to see what else is happening that might warrant coverage. I've just come across a new site that promises to make lighter work of our headline scanning: Macminer.com. Started by Tobias Engler, who helped translate TidBITS into German several years ago, Macminer.com takes the standard headline list to new levels. You can click any headline to view it, of course, but more interestingly, you can click buttons next to each headline to email it to a friend, view similar news stories, show all the headlines from a particular site, and hide all the headlines from sites that don't interest you (this last setting is persistent). A Hot Topics listing at the top of the screen lets you filter the headlines along specific topics, and more general filters allow you to categorize your news views. You can even create your own filters. It's highly refreshing to see a news headline site that so completely understands that it's a database and make database-style actions possible - it's basically a smart search engine for Mac news. If you're a Mac news hound, check it out. [ACE]
Belkin Offering External Microphone Adapter for iPod -- Belkin's latest iPod add-on lets you plug in an external microphone for recording audio to your iPod. The Universal Microphone Adapter accepts 3.5 mm microphones and plugs into the special headphone/adapter jack found on the dock-based iPod series. The adapter shipped 17-Mar-04 and costs $60 from Belkin; or about $40 from resellers. The adapter records 16-bit audio (ostensibly stereo) at 8 KHz, which is adequate for voice recording but would be sub-par for live music recording. The adapter has its own headphone jack to replace the one it's using, a level indicator, and a three-position gain switch to adjust sound sensitivity on the microphone you attach.
Belkin's previous offering, the Voice Recorder, was a mono recorder with relatively low fidelity and no adjustments, although a reasonable choice for compactness. In low ambient noise conditions, the Voice Recorder performed well. But at any distance or with any complex sound situation, the recorder lost distinction and rendered sound somewhat unintelligible. By contrast, the Universal Microphone Adapter lets you change sensitivity on the fly. The level indicator - which displays tones that range from green through yellow to red - ensures that you're actually recording sound and that it's not breaking up at the loudest end. As with Belkin's previous product, it's extremely hard to use the iPod's hold button since it's partially covered by the adapter. [GF]
GraphicConverter 5.0.1 Released -- TidBITS readers with long memories have probably already noted that we tend to mention Lemke Software's image processing utility GraphicConverter often in these issues (at least 21 times since 1997, in fact). Largely this is due to the fact that this robust shareware application competes on almost all fronts with Adobe Photoshop, the powerhouse of image processing - yet costs a measly $30. But it's also due to how extensive the changes are - and release notes that accompany them - between revisions. Now, GraphicConverter has turned 5, gaining a browser search feature, improved handling of EXIF data, the capability to export a photo slideshow as a movie file, and lots of other enhancements and bug fixes (a small 5.0.1 version released late last week fixes an error that cropped up when saving files). GraphicConverter 5.0.1 runs on Mac OS 8.5 and higher, including Mac OS X, and is a 6 MB download. [JLC]
Guy Kawasaki's Cover Contest -- Guy Kawasaki, Apple's original evangelist and now CEO of the venture capital investment bank Garage Technology Ventures, is running a contest to come up with a cover for his upcoming book, The Art of the Start. Click the graphic on the page linked below, submit your entry, and you could win a Canon EOS Digital Rebel camera with lens, an autographed copy of the book, and 250 credits toward images on iStockPhoto.com. The deadline for entry is 15-Apr-04. PS: From what I saw of the drafts, it's a good book. [ACE]
by Adam C. Engst <firstname.lastname@example.org>
Adobe's PDF format has become commonplace as a replacement for paper, but unless you own the full Adobe Acrobat package, you can't do much more than read and print PDF files. For a number of standard tasks that you'd expect to be able to perform with paper, that can now change with PDFpen from SmileOnMyMac; it's a utility that enables you to edit PDF files in several useful ways. PDFpen lets you insert and remove pages, move pages around in a document, and copy them between documents. You can also overlay text, images, and even freehand drawings on top of PDF documents, and you can even keep a library of frequently used items for fast access. Now you can easily add your signature to PDF documents and return them via email (or SmileOnMyMac's Page Sender fax software) without having to print a document just to sign and fax it back. PDFpen is also fully scriptable and comes with a variety of example scripts that show how to perform actions like adding page numbers to a PDF document. PDFpen requires Mac OS X 10.2.5 or later.
by Glenn Fleishman <email@example.com>
Part of the charm of last week's update to Mac OS X 10.3.3 is that Apple listened to the user confusion that the initial Panther release caused by creating two entirely different methods of mounting servers in the Finder. Let's recap the situation, which I explained when introducing my "Take Control of Sharing Files in Panther" ebook back in TidBITS-716.
Hard and Soft Mounting -- Mac OS X 10.2 Jaguar's Connect to Server dialog (accessible from the Go menu in the Finder) let you either enter an address manually or choose from a list of servers that Jaguar discovered by scanning the local network. In Panther, Apple split these two functions and the method by which they worked. The Panther version of the Connect to Server dialog requires you to enter an address or select from a list of stored favorites. To scan your local network for available servers, you must click the Network icon in any Finder window's sidebar.
The split wasn't related purely to the interface, though. Connecting to a server through the Connect to Server dialog before 10.3.3 used hard mounting, which is what we were used to when mounting servers in the past. Hard-mounted servers appear on the Desktop and work like a drive physically connected to the computer. The main downside of hard mounting is that the Finder can lock up for quite some time if a mounted server volume becomes unavailable.
To address that annoyance (and it was a serious one), the pre-10.3.3 Network browser employed a new form of mounting servers long available in Unix: soft mounting. When you connected to a server using soft mounting, the network volume didn't appear on the Desktop and it even mounted at a different place in the Unix directory hierarchy. In practical use, soft mounting was nightmarish: soft-mounted volumes wouldn't properly store their passwords in the Keychain, it was difficult to eject a soft-mounted volume, and aliases to soft-mounted volumes broke quickly.
Firmer Ground -- Apple listened to your complaints and resolved the situation by eliminating soft mounting entirely from the graphical interface (you can still employ soft mounting from the command line). In some ways, the move was a bit of a cop-out, since the problem with the Finder locking up when hard-mounted servers become unavailable is still present. I hope Apple will manage to make the Finder less sensitive to the disappearance of a mounted server.
Apple's release notes about 10.3.3 indicate a host of changes, which I confirmed in testing: Mounting a server via Network browsing is now practically identical to mounting one though the Connect to Server dialog. A Network browser-mounted volume appears on the Desktop and in the sidebar of Finder windows; it is listed in the hidden /Volumes directory (use Go to Folder in the Finder's Go menu to see it); you can store the password necessary to mount it in your Keychain; and you can dismount it by dragging it to the Eject icon in the Dock, Control-clicking it and choosing Eject, or clicking its Eject button in the sidebar. Along with those improvements, you can now see Samba (Windows-style) workgroups in the Network browser.
Sharing Files 1.1 -- To explain these changes, I've updated "Take Control of Sharing Files in Panther." Other changes in the ebook, many of which were suggested by readers, include a new section discussing how sleep interacts with file sharing, a tip explaining how to display the list of files in a directory shared via Apache, instructions on mounting .Mac iDisk volumes via WebDAV, instructions on how to turn on and use SFTP (Secure FTP), and coverage of the AppleShare security problems I outlined in TidBITS-719.
The 1.1 version is available now, and as with all minor updates to Take Control ebooks, purchasers of this title can upgrade for free; we've done our best to notify all current customers but if you didn't receive notification, send Tonya email using the form on our Ordering Tips page, which also answers all the frequently asked questions we've received about ordering.
by Tony Williams <firstname.lastname@example.org>
A number of books covering the history of Apple Computer have been released, but none have satisfied me. They were either too dry, or were self-serving autobiographies I found difficult to believe (one particular ex-Pepsi employee stands out in this category). However, a recent title is a refreshing change: Owen W. Linzmayer's Apple Confidential 2.0: The Definitive History of the World's Most Colorful Company. This cleverly written, well laid-out history of Apple Computer contains plenty of nuggets that all Apple aficionados will appreciate.
I am, however, at a slight disadvantage with this review. I haven't read the first edition of Apple Confidential, so I can't tell you how much this book has changed. According to the publisher, No Starch Press, the book contains 60 new pages "including greatly revised chapters." It has to be said that the table of contents is almost identical.
I love the layout. Wide margins give Linzmayer the opportunity to place additional material such as anecdotes and quotes (many referenced from other histories of Apple) and the text is scattered with numerous small photos. Overall, it looks and reads a little like a good quality magazine. It is well written and highly readable, and lends itself to dipping in and out of the story almost anywhere. Once I'd finished the book, I found myself re-reading various short sections for the next fortnight.
For example, I liked the chapter that gave me the list of all the people whose signatures appeared inside the case of the original Macintosh 128K, their job descriptions at the time, and where they are now. I appreciated the various timelines, such as one listing the various Macintosh models and another for the various version of the Mac OS. The inclusion of chapters covering NeXT and Pixar is marvelous - after all, Mac OS X was built from NeXTstep, and Pixar is the company that made Steve Jobs a billionaire. Linzmayer also focuses well on the people at Apple, not just the events. This focus and the large number of quotes and related information in the margins adds to the book's light feel and readability.
Despite the wealth of material, I felt that the book seems slightly rushed towards the end. I'd like to see more space given to recent history, even though most of the recent information is much better known than the old. Still, with this update it seems that Linzmayer's book strives to be an ongoing chronicler of Apple; what better time to set down the details than the present?
Apple Confidential 2.0 is a highly readable account of the people and events that surround arguably the most exciting computer company in the world. I'd recommend it to anyone who would like to understand where their Macintosh comes from. The book is 304 pages and costs $20 retail.
[Tony Williams is a Macintosh IT Manager and has previously been a programmer, journalist, and magazine editor. You can read more of his reviews at Tony's Book Spot.]
by Glenn Fleishman <email@example.com>
A fundamental reason for the proliferation of spam is that the underlying mechanisms for exchanging email over the Internet never check the identity of the sender. Any user anywhere on the Internet can send email that appears to come from any email address. This is a common reason why you receive angry email messages from people asking why you spammed them. You didn't: some spammers used their simple software to spoof your address (usually chosen at random) in spam.
There's a new technique generating some discussion that may change the balance of power and ultimately put more control back in the hands of the owners of individual domain names. It's called Sender Policy Framework (SPF), and it allows a system administrator to tell other mail servers which servers may legitimately send email with a given domain name as the return address.
SPF Basics -- The idea behind SPF is simple. Those of us who have domain names, including Internet service providers (ISPs), add records (or have them added on our behalf) that assign IP numbers to domain and host names. For instance, king.tidbits.com currently maps to 220.127.116.11 and emperor.tidbits.com is 18.104.22.168.
These domain records, which are simple text files with one entry per line, also tell mail servers where to deliver mail using mail exchanger (MX) records. The domain record for tidbits.com has an MX record that says to deliver email to emperor.tidbits.com. If that server is busy, an additional entry says to try king.tidbits.com as a backup or secondary.
With SPF, you or a system administrator adds a line that lists the mail servers from which email that is addressed from your domain may be sent. For TidBITS staffers, we would add a line that says, "legitimate email with @tidbits.com in the address must originate from king.tidbits.com or emperor.tidbits.com." Since we often work on the road, we would also say, in SPF format, "or from any SPF mail servers defined by Speakeasy Networks, EarthLink, and Comcast."
Will SPF Work? For SPF to carry out its objective, two things must happen: domain owners have to add SPF records, and mail servers need to be reconfigured to check SPF records before accepting email messages from domains that list SPF records. Both of these are happening simultaneously. AOL, for instance, started listing SPF records weeks ago, and other ISPs may follow. (In fact, SPF was devised by the founder of pobox.com, a popular and long-time email service provider.)
Because there's no penalty in adding SPF records, over 7,500 ISPs (according to the SPF site) have already added them. The SPF site offers a wizard for composing these records to avoid learning the syntax by hand. For instance, the SPF record for my glennf.com domain will look like this:
"v=spf1 a mx ptr ip4:22.214.171.124/26 include:speakeasy.net -all"
For many users, composing these entries will still be too technical. They can look for assistance to their domain hosts; the company TidBITS relies on, easyDNS, has already indicated to us that they're working on supporting SPF. When a domain hosting company supports SPF, it should be even simpler for users to add SPF settings.
The other half requires more effort. The SPF site lists patches and beta test versions for some major mail transfer agents (MTAs), the formal name for mail servers that receive messages addressed to users at any domain for which the server accepts email. This includes Postfix (the default mail server in Mac OS X 10.3), Sendmail (which is widely used throughout the Unix and Linux world and which Apple included with Mac OS X 10.2 and earlier), Exim, and Qmail.
SpamAssassin 2.70 will also include SPF support as part of its scoring system.
Flies in the Ointment: Legitimate Spoofing -- As email and anti-spam consultant John Levine pointed out to Adam Engst and me via email and in an essay he's posted, the fundamental problem that SPF is solving isn't precisely spam, but spoofing, and it's not at all uncommon to rely on systems that operate by spoofing mail legitimately.
Mailing lists are the most problematic, since if someone sends mail to certain discussion lists, the message as sent by the mailing list will appear to be from that person, but will be sent out via the list server. Assuming the poster isn't using an account at the same domain as the list server, any SPF checks would fail, since the list server wouldn't be SPF-approved for mail from the sender's domain.
Also, many sites let you forward an article to someone else. These services typically require you to enter your return address and the publication spoofs your address so the message appears to come from you and so any replies go back to you.
Finally, many email forwarding services rewrite incoming message headers so forwarded messages look like they came from the original sender instead of the forwarding service. I use my alumni association's free forwarding from aya.yale.edu to my address, and many other mailing services allow the same kind of forwarding.
The mailing list and forwarding problems would require reworking of many aspects of email systems. The end result might be better, but the transition could be painful. John Levine offered some suggestions in his essay above for plastering over the problem, and the SPF site has specific suggestions as well.
These three spoof-at-your-request problems remain the biggest obstacles facing broad SPF adoption.
Isn't Microsoft Already Doing This? Microsoft made some interesting announcements a few weeks ago at the RSA security conference about a strategy similar to SPF called Caller ID.
Caller ID must download and parse an entire email message before it can apply itself, and it uses XML (Extensible Markup Language) to encode information in the DNS record. SPF is less formal (although its proponents are working towards having it ratified as an Internet standard) but it can work with just the message envelope, which mail servers read before they even see the message headers and body.
SPF-enabled mail servers should be able to read Caller ID records, however, because of the similarity in approach. They're not inconsistent with one another, despite their different tacks.
Caller ID might better avoid issues with the kinds of legitimate spoofing described above because it may be capable of better analyzing the path of legal forwarded addresses or mailing list addresses.
From what I can tell at the moment, Microsoft will provide royalty-free licenses for any patents necessary to implement Caller ID. There are currently no patents associated with SPF, and its inventor has publicly declared his intent to keep SPF royalty-free should any future defensive patents become necessary.
Can SPF Succeed? SPF definitely suffers from the chicken and egg problem, but early adoption from AOL and other major ISPs might give it a boost. I expect that many large ISPs will find it worthwhile to adopt SPF as soon as the mail server software is widely tested - no ISP wants to be an early adopter - because it could radically reduce the amount of email that they process and store.
Early adoption by ISPs has a huge advantage: the ISPs could start preventing the massive amount of returned email that wasn't sent from their users, which is part of the overwhelming problem of spam - but only part of it.
If SPF is adopted by a large number of ISPs, spammers will start using domains that lack SPF records, and it's likely that those domains would be shunned, much as happens with domains that allow open relay exploitation by spammers. Because most domains are hosted by ISPs, the ISPs would then encourage or even require their customers with domains to have SPF records.
Ultimately, as the SPF site itself notes, spammers would register new domains and provide SPF records for those domains, but ISPs could out-evolve this approach given that existing tools could easily recognize and block email from domains - particularly newly registered domains - that send only spam.
Spammers Always Find a Way -- Of course, spammers always find a way around any difficulty. It's hard to blame them in one sense, because spam is evolution in action. Much like fruit flies cycle through generations so quickly they're used to test ideas of genetics, spammers send out so many billions of messages that it's natural (in the worst sense) that the ones that slip through inform them how to build better spam-sending engines. This doesn't mean we in any way approve of spam, but it does explain the inevitability of spam adaptations.
SPF solves a part of the problem, but not the whole problem. Spoofing is just one aspect of spam, but reducing even part of the spoofing problem reduces the overall demands on each email system as well as the amount of illegitimate email that's sent. No magic bullet exists that will end the battle against spam, but all domain owners should take a hard look at SPF. It's just one more tool in the arsenal of keeping a clean mailbox, but either SPF or something like it is in our future.
by TidBITS Staff <firstname.lastname@example.org>
An iChat State Proposal -- Adam offers a new way of thinking about how iChat should handle availability states, and everyone else chimes in with their views. (10 messages)
Eudora and S/MIME -- Want to sign Eudora messages with S/MIME, or integrate the program with PGP? Check out this discussion for pointers. (7 messages)
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue