Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue

TidBITS Logo


Now that we've had a chance to absorb the preview of Mac OS X 10.5 Leopard, we can move on to other topics. Glenn Fleishman examines two secure file-transfer services that cleverly implement peer-to-peer technology. Matt Neuburg reflects on the quality of this year's Worldwide Developer Conference with suggestions on how Apple could improve the experience. Then we note that the IMAP email client Mulberry is now free, that Dell is recalling 4.1 million laptop batteries (and how that may affect Mac users), and that the print-on-demand version of "Take Control of Syncing in Tiger" is now available. On the Apple update front, we cover two that provide important fixes for the MacBook and MacBook Pro, along with updates for Logic Pro 7.2.2, Logic Express 7.2.2, and Boot Camp 1.1 beta.

This issue of TidBITS sponsored in part by:

MacBook and MacBook Pro Updates Available

  by Jeff Carlson <>

Is your new Mac laptop making barnyard noises or suffering from insomnia? Apple has released a pair of updates to address two specific, annoying issues that have cropped up with the MacBook and MacBook Pro.

The MacBook SMC Firmware Update adjusts the fan behavior of the entry-level notebook to calm its inner cow. The update apparently gets rid of the "moo" sound caused by the MacBook's fan repeatedly spinning up and powering down as it regulates the processor temperature. As this is a firmware update, make sure the installation process isn't interrupted. The installer is a 420K download, requires Mac OS X 10.4.7, and works only on the MacBook.

MacBook Pro owners can install ExpressCard Update 1.0, a 492K download that fixes a problem where the laptop would fail to go to sleep if some cards are left in the ExpressCard slot.

Logic Pro 7.2.2 and Logic Express 7.2.2 Updates Released

  by Jeff Carlson <>

Musicians with their eyes on Apple's new Mac Pro should update their copies of Logic Pro or Logic Express to version 7.2.2, which provide compatibility with the Intel Xeon-powered desktop computer. The updates also increase performance through the Mac Pro's architecture and improve support for the built-in audio ports. Logic Pro Update 7.2.2 is a 24 MB download; Logic Express Update 7.2.2 is a 14 MB download. Both updaters require the 7.2.1 version of the respective programs and Mac OS X 10.4.3 or later.

Apple Updates Boot Camp Beta

  by Geoff Duncan <>

Much of the recent talk of running non-Macintosh operating systems on Apple's new breed of Intel-based Macs has focused on virtualization solutions like Parallels Desktop (see "Parallels Desktop: The Switch is Complete") and VMware's as-yet-unreleased product (see "More, Less, and No Information on Running Windows on a Mac"), but let's not forget the product announcement that started the ball rolling officially: Apple Computer's Boot Camp (see "Apple Opens Boot Camp for Windows Users"), which enables Intel-based Macs to restart running Windows XP and is scheduled to be included in some way with Mac OS X 10.5 Leopard.

Apple last week released version 1.1 of its public beta of Boot Camp, adding support for Apple's brand-new Xeon-based Mac Pro and Xserve systems, adding partition presets which make installing Windows XP simpler for many users, providing the capability to install Windows XP on any internal disk, and building in support for Apple's iSight camera and built-in microphones. The new beta improves support for Apple keyboards (enabling Delete, Print Screen, NumLock, and ScrollLock keys under Windows) and, for folks using single-button pointing devices, enables right-clicking by pressing the rightmost Command key on Apple keyboards. Boot Camp beta 1.1 also rolls in a number of small fixes, including turning off internal speakers when the headphone jack is in use, support for date and time synchronization under Windows when logged in as an administrator, and more.

The new beta weighs in at 202 MB; complete instructions for updating are available on Apple's Web site. As always with beta software, we strongly recommend you back up your data early and often, and think carefully before trusting truly important data or processes to Boot Camp.

Dell Recalls 4.1 Million Batteries

  by Geoff Duncan <>

In what may turn out to be one of the largest consumer electronics product recalls in history, computer maker Dell is voluntarily recalling some 4.1 million batteries sold with a wide range of its notebook systems over a more-than-two-year period ranging from 01-Apr-04 through 18-Jul-06. Dell is offering free replacement batteries to affected consumers via a Battery Return Program Web site.

According to Dell, the recalled batteries can overheat under rare conditions, presenting a risk of fire, property damage, and/or injury: the company has received six reports of the batteries overheating and causing damage to furniture and personal belongings. The company has received no reports of injuries caused by the recalled batteries. Dell says customers should not use recalled batteries, but power notebooks from their AC adapters until replacement batteries arrive.

Why are we noting a Dell battery recall here? First, many Mac owners also use "those other" computers and may be directly affected by Dell's recall. Second, the recalled batteries were manufactured for Dell by Sony, and Sony also manufactures batteries for Hewlett-Packard and Apple. HP has already said none of its products are impacted by the issues forcing Dell to recall batteries; so far, Apple is still investigating whether any of its products might be impacted. Apple instituted a recall of MacBook Pro batteries at the end of July 2006 due to performance issues, not overheating problem (see "Apple Recalls Underperforming MacBook Pro Batteries").

Last Tango Round the Mulberry Bush

  by Matt Neuburg <>

IMAP is a sophisticated protocol for remote and shared storage of email, and Mulberry is an IMAP client renowned for implementing its side of that protocol fully and with careful adherence to standards. In addition to IMAP features and extensions such as subscribed mailboxes, sorting, threading, access control, quotas, and namespaces, Mulberry also supports either online or disconnected mode, POP3, remote storage of address books and preferences, LDAP, and remote calendaring and scheduling. Mulberry was distributed as a commercial application, first from Cyrusoft International, then from ISAMET, both of which went bankrupt late last year (and both of whose Web sites have closed down). In an astonishing turn of events, however, Mulberry has now been re-released as freeware by its original developer, Cyrus Daboo.

TidBITS has mentioned Mulberry in the past, but we've never done a full-fledged review, and I'm not about to do one now. (Important disclosure: in late 1996-97 I had a brief but rather central association with the Cyrusoft startup process, but I soon elected to have nothing to do with the project.) Personally, I find just about the whole of Mulberry's interface pretty annoying, but since I'm not an IMAP user, I don't need the features and complexity that Mulberry provides, making me a poor judge of the program. Those who do need a good IMAP client might find Mulberry well worth investigating.

Mulberry is available for Mac OS X 10.3 or later, Windows, and Linux. It is a 12.1 MB download. Development has officially ceased, so I would not expect Mulberry ever to become a universal binary. But you never know...

DealBITS Drawing:'s Online Training Library Winner

  by Adam C. Engst <>

Congratulations to Douglas Hoffman of, whose entry was chosen randomly in last week's DealBITS drawing and who received a one-year premium subscription to's Online Training Library, worth $375. But don't fret too much if you didn't win, since is offering all TidBITS readers an exclusive $125 discount off a one-year premium subscription to the Online Training Library, dropping the price from $375 to $250. To take advantage of this offer, which is good through 30-Aug-06, use coupon code TDBTS06 when signing up. Thanks again for entering this DealBITS drawing, and we hope you'll continue to participate in the future. Thanks to the 1,000 people who entered, and keep an eye out for future DealBITS drawings!

The Decline of WWDC

  by Matt Neuburg <>

Who is Apple's most important customer? If your answer is "Me!" consider this. Without software (applications, preference panes, utilities of all sorts), your Mac would be nothing but a very expensive doorstop. And software doesn't grow on trees; human beings write it. Those human beings are the software developers. So, sure, end-users are important, but without software developers, there would be nothing to use.

And make no mistake: Apple software developers are Apple customers. They all need at least one Mac. They all need to keep up with changes in the operating system. The tools for writing applications are now free (a tremendous revolution that started when Steve Jobs returned to Apple and Mac OS X emerged), but many developers subscribe to some paying level of the Apple Developer Connection. And Apple developers are constantly focused on Apple. They hit the developer Web site dozens of times per day. They download examples, they ask questions, they hang out on the mailing lists, they submit bug reports. And a few thousand really hard-core developers, those who have the money and who need the personal touch, show up for Apple's annual Worldwide Developers Conference (WWDC).

WWDC is Apple's most important way of communicating directly with its developer base. Every year, the actual Apple employees who maintain the operating system and the programming interface that software developers use to write applications spend several days standing in front of crowds of those developers. They explain (under non-disclosure agreement) Apple's future plans and directions, lecture extensively and in detail on how to program the Mac effectively, and listen meekly to trenchant suggestions and criticisms. Plus, developers get to bring their code to a room full of computers and receive real-time, line-by-line advice on specific problems and tasks they're facing. It's an intense experience; a developer can easily spend ten straight hours in lectures and labs, without time to leave the building, on three successive days. (WWDC is currently three-and-a-half days, preceded by a day of keynotes.)

It's distressing, therefore, to see how WWDC has become more and more unpleasant for the attendees each year. Each year we say to each other, "Wow, it's really gone downhill, but at least it couldn't possibly get any worse," and each year it gets worse. I'm not talking here about the value and relevance of the content, which is usually top-notch, though, to be sure, it can vary in quality, depending partly upon internal aspects of Apple's mental health and firmness of direction, and partly upon accidents of timing. (The 1996 WWDC, for example, was a complete waste of time and money, because Apple under Gil Amelio had no idea what it was doing or where it was going, so everything it said that year was outrageously false. On a far milder scale, this year's WWDC was slightly less useful than last year's because the next release of the operating system is further off, so more of what Apple had to say about upcoming features was inchoate or guesswork.) No, I'm talking about more mundane considerations - freebies, food, and logistics.

The zenith in recent years was the 2003 WWDC. Apple had moved the venue from the isolated, unpleasant San Jose McEnery Convention Center to the west wing of the Moscone Center in wonderful downtown San Francisco. Attendees were given a superb portfolio bag that I still use, a copy of the currently shipping operating system, and a major piece of hardware (an iSight!). The food was terrific (excellent hot breakfasts and lunches), and between talks we were plied with free juices and fruit, and of course plenty of high-quality coffee.

This year, on the other hand, the freebies were the cheapest portfolio bag I've ever seen (flimsy, no padding, few compartments, bad zippers, strap attached in a silly place), a crummy travel mug, and a t-shirt with incorrect Latin on it. (OK, so I spent many years teaching Latin; they could have asked me.) No hardware, no currently shipping software. Lunches were plastic salad and plastic sandwiches in plastic containers; breakfast was nearly non-existent. Snacks between talks were dried-up pastry. One evening there was something that pretended to be pizza; it was so bad that people were literally gasping in disbelief. There were free Odwalla juices, but none of them were the good Odwalla juices: they were all sugar-added concoctions that no one ever buys. And attendees were herded into lecture rooms by uniformed characters we came to call "seat Nazis," yelling at us to move forward and inward rather than sitting where we preferred.

The overall trouble here is that WWDC done in this way feels like a rip-off. It's expensive to attend (including airfare and hotel costs, of course), while the experience itself feels cheap and oppressive. And there's no need for it to feel that way. This year WWDC had over 4,200 attendees - the largest WWDC ever. So Apple is hardly short on cash flow for the conference itself. Prices vary, but the nominal fee is $1,600 per person (with a discount for early registration). Is it really possible that renting the Moscone Center and paying for the equipment and logistics for presenting and recording the lectures is so expensive that Apple can't afford to give back more of those fees in the form of gifts and better food? (At these quantities, a really good portfolio bag, for example, is less than $20 a unit.)

To complain of this may seem to be whining about a very small thing; and so it is. But it's a small thing that, in the aggregate, makes the difference between WWDC being a pleasant experience and an unpleasant one; and three and a half days of unpleasant experience quickly starts to feel very unpleasant indeed. There is also the question of what this deterioration in WWDC's surface quality implies about Apple's attitude towards its developers. Apple used to honor its developers, as being the creators of the front line of Macintosh usability; now it feeds them like rats and herds them like cattle. Is that really the message Apple wants to send?

Secure Transfer Using Civil Netizen and Pando

  by Glenn Fleishman <>

Transferring files between two people can be an extraordinarily painful process. Email seems perfectly reasonable, but is subject to message file attachment limits for both parties. Using file sharing technology like FTP could require setting up a dropbox or an account. If you want to use your own computer as a server (running AppleShare, for instance), you need a reachable IP address, not always a readily available commodity.

Two new services, Civil Netizen and Pando, hope to make file transfer easier by employing peer-to-peer (P2P) techniques to push data securely over the Internet. Both are in beta testing; the former turns a computer, briefly, into a peer-to-peer surfer for individual connections, and the latter acts as a time-limited central repository with distributed P2P properties for files up to 1 GB in size (during testing).

Both services are currently free, and their developers currently have no plans to charge in the future, although Pando may use some sponsorship advertising to fund bandwidth, and plans to license its technology to other firms. Civil Netizen is an open-source project with no fees.

Civil Netizen -- The phrase "peer-to-peer file sharing" has taken a beating. In common use, it almost always implies illegal transfer of copyrighted materials or the implication of that act. But people using ordinary computers to transfer files are peers, and Civil Engines Research recognizes that in the choice of the name Civil Netizen for its project.

When you install Civil Netizen, you're not setting up a server. Rather, you're creating a specific P2P engine that is active only at certain times and in response to the right queries.

Civil Netizen lets you take one or more files or folders and create a "parcel." The parcel has an associated pickup slip, which is a sequence of obscured data. Instead of transferring the parcel directly, the program lets you use your default email application to send just the pickup slip (you can also copy the pickup slip information to the clipboard for pasting into a program like iChat, or you can save it to a file on your Desktop).

As long as the parcel remains available within Civil Netizen (which must be running), that pickup slip enables any recipient to retrieve the file; the retrieval is logged for reference. Civil Netizen doesn't allow generic file retrieval - other Civil Netizen users can retrieve only parcels, and only those for which they have the associated pickup slips.

Whenever a recipient attempts to retrieve a parcel by loading the pickup slip details you sent them into their copy of Civil Netizen, their software creates a connection to your computer, retrieves the parcel, and stores it locally. Civil Engines Research uses a centralized storage system for the pickup slips, but that's the only portion of the connection that's stored in a non-P2P fashion. You can send the pickup slip to multiple recipients, and as long as you keep the parcel available within your copy of Civil Netizen, others can download it. However, there's no confirmation that someone with the pickup slip is a legitimate recipient.

Civil Netizen uses a fairly robust method of encrypting data in transit, employing 128-bit AES (Advanced Encryption System) session keys, which are considered quite strong. The keys are negotiated using a Diffie-Hellman key exchange, which prevents interception. However, the developers don't use a validation step that confirms there's no man in the middle intercepting both sides of a conversation.

However unlikely interception is for most users, the lack of a validation step prevents Diffie-Hellman from being considered reliable. In correspondence with one of the developers, he said the company expects to offer user registration that would then allow an out-of-band method to provide necessary validation. I call that the "evil dictator" problem, in that without validation, you're well protected, but not against those intent upon intercepting traffic at a governmental level. Validation wouldn't prevent knowledge of parties transferring data, but would - by today's standards - provide extremely high security for the contents of packages.

Civil Netizen is at beta 4 for Mac and Windows, and the company plans a Linux client. As an open-source project, clients for other platforms or other versions of the client for Mac or Windows could appear.

Pando -- Pando, from Pando Networks, takes an entirely different approach with regard to where files are stored, using what initially appears to be a hub-and-spoke system and a centralized repository, but turns out to have a P2P twist.

Once you've downloaded the Mac software, you can create a new package composed of one or more files or folders, and then enter recipients' email addresses. The Pando client packages your files, uploads them to Pando Networks's servers, and notifies recipients via email. Recipients then open the attached .pando file in their copy of the Pando application to download the packaged files.

Here's where Pando's approach gets interesting. Rather than simply being a file server, Pando uses P2P technology much like BitTorrent to speed the download by having the recipient's Pando client pull data from the Pando servers (which they call supernodes); from your computer, which acts as a P2P node for the file; and from other recipients of the file who have already downloaded it (or pieces of it) and have Pando running and haven't moved the file.

The software is straightforward and easy-to-use. The company stores files on its own supernodes for up to 14 days after the file is posted and recipients informed. Packages can be up to 1 GB in size during the beta period. (The implication is that limit will be raised when the beta period is over, but the company hasn't promised that.) After that 14-day period, packages are still retrievable from any Pando clients that are running and have the file still available.

This is an interesting twist, because you could send out a large file - say, a video you'd created - to hundreds of recipients, all of whom would benefit from the initial high-speed availability on Pando's servers and the swarming effect of many downloaders with Pando's client. However, after 14 days, not only would Pando drop the file and thus reduce some large potential bandwidth costs, but for most downloads of this sort, most of the other recipients would have moved on and probably stopped participating in the swarm, too.

Pando's encryption model is slightly more robust than Civil Netizen's. The developers have chosen to use the 256-bit version of AES, the company said via email, although its FAQ states that Pando uses 128-bit encryption. All other communication between the Pando client and the company's servers are conducted using certificate-authority validated SSL/TLS, which prevents tampering.

However, the .pando file is sent unencrypted and contains the security key necessary to decipher the retrieved file. Anyone with the .pando file would then be able to retrieve the same data with no additional validation or authentication.

Changing the World of Email Attachments -- Where both Civil Netizen and Pando could shine is in bypassing the ugly world of one-off file transfers that currently use email attachments. While MIME (Multipurpose Internet Mail Extensions) has long made it relatively simple to send attachments reliably among varied email servers and clients, many companies that provide email services impose attachment size limits.

Many free email services allow you to send and receive total attachments per message of 2 MB to 10 MB. Some also have monthly, daily, or even hourly limits on attachments. Higher-end services have increased attachment limits over time to tens of megabytes, but even still, that's a limit you must be aware of and track.

Plus, email servers aren't designed well to handle large files. Some choke even when the attachment size is within limits. Retrieving a large file often takes substantially longer from a mail server than from a commensurate file server (even file server software running on the same hardware as the mail server software).

Pando has taken one step in that direction by planning a Microsoft Outlook 2003 plug-in that would enable Pando to be used as a substitute for large email attachments. Given the nature of both products, I would hope that plug-ins could be created for popular Macintosh email clients and other Windows email clients, too.

I'd also like to see designated recipients, so that when I need to transfer a file to, say, Adam Engst, I would drag a set of files onto an Adam icon on the Desktop or within the program. If Adam had pre-approved me, perhaps his copy of either package would automatically download the files I transmitted without further ado and alert him. This kind of trust could be made possible through these programs and the systems that support them, and would eliminate a lot of the fuss that file transfer places upon ordinary users.

All that said, when I wrote "Take Control of Sharing Files in Panther" and later "Take Control of Sharing Files in Tiger", I found that the devil is in the details when it comes to making file sharing work. Whenever you have a group of people who need a common repository of files, file services like AppleShare, Samba, WebDAV, and FTP are still warranted. In these cases, you want a persistent set of consistently available, updated files found in the same place.

And for software companies or other organizations that need to distribute large amounts of files or a few large files, FTP and HTTP downloads still make the most sense, because there's little chance except during new releases of having the right threshold of users downloading and retaining a file to get the benefit of the swarm behavior of P2P that Pando can leverage.

However, there's a great place for this new method of bypassing all current forms of repositories and P2P, and, in the process, increasing the efficiency of retrieving files and reducing associated frustration.

Take Control News/21-Aug-06

  by Adam C. Engst <>

"Take Control of Syncing in Tiger" Now Available in Print -- If you've been waiting for a print version of Michael E. Cohen's "Take Control of Syncing in Tiger", your wait is over. Our final test copies came back successfully from QOOP and look great, so you can now place an order. Because pricing is based on page count, this 135-page book costs $12 for black-and-white or $33 for color. As before, to access the print-on-demand ordering link, click the Check for Updates button in your copy of the ebook. You can learn more and see pictures of what the print-on-demand copies look like. Let us know what you think!

Hot Topics in TidBITS Talk/21-Aug-06

  by TidBITS Staff <>

Visual Basic a Casualty of Processor War -- Matt Neuburg's article about the demise of Microsoft's Visual Basic on the Mac spurs discussion of the utility of Visual Basic and Virtual PC. 32 messages

Leopard wish list -- Did Apple's preview of Mac OS X 10.5 Leopard fulfill your wishes for the next version of the operating system? TidBITS readers share and debate their own ideas. 43 messages

iTunes Server -- It's one thing to share a common set of music files from one computer using iTunes, but what if each person accessing it wants their own playlists and song ratings? 4 messages

Retrospect to DVD - what write speed do you get? The type of DVD media you use for backups can affect the write performance in Retrospect. 8 messages

Recovering audio from aging CD-Rs -- Remember all those audio CDs you burned several years ago? They might not be holding up well over time. How do you get the audio off of them? 5 messages

AOL Drops Fees, Offers 5 GB Free Storage -- Glenn Fleishman's article on AOL's new pricing prompts some ruminating on online video and video iPod sales. 2 messages

This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Macintosh and Internet communities. Feel free to forward to friends; better still, please ask them to subscribe!
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Copyright 2006 TidBITS; reuse governed by this Creative Commons License.

Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue