Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue

TidBITS Logo


We're on the ground at Macworld Expo in San Francisco, waiting for things to kick off Tuesday (so be sure to check our Web site for breaking news from the show!). But before the keynote and ensuing craziness of the show, we have plenty of news to pass along. Apple surprised us last week by announcing new eight-core Mac Pros and Xserves, adding more intrigue to what might be announced tomorrow. Adam looks at the recent news of Amazon MP3 gaining more DRM-free music and wonders if a change at the iTunes Store is in the cards. If you're coming to San Francisco or travelling in general, be sure to read our coverage of new rules for flying with computer and camera batteries, as well as Glenn Fleishman's advice for protecting your wireless connections while at the show. We also note the releases of a beta of Parallels Server, NetNewsWire 3.1 (now free!), Interarchy 9, and Airfoil 3, with a peek at Rogue Amoeba's Live Disc utility for distributing current software versions on CD. Lastly, Macworld Expo isn't the only big tech event this month: our intrepid correspondent Jeff Porten reports on the latest gizmos, gadgets, and gewgaws from last week's Consumer Electronics Show in Las Vegas.

This issue of TidBITS sponsored in part by:
Help support TidBITS by supporting our sponsors!

Flying to Macworld? Carry On Your Batteries!

  by Mark H. Anbinder <>

Macworld Expo attendees (and anyone else) flying to or within the United States will be affected by a new set of rules implemented recently by the U.S. Department of Transportation that limits how and where air travelers can carry spare lithium batteries for their electronic devices. Effective 01-Jan-08, the rules prohibit carrying spare batteries in checked luggage, and limit spare batteries brought aboard in carry-on luggage.

The DOT recommends carrying electronic devices with you (we do, too, considering how often our checked luggage has gone astray), but if you wish to pack an electronic device in your checked luggage, you may pack it with its battery installed - as long as the device is securely turned off. You must protect the terminals of spare batteries in your carry-on bags to avoid short-circuits; the DOT provides how-to tips for safely covering battery terminals, such as using the plastic slip-cover that may have come with the battery, or electrical tape over the terminals.

The battery guidelines specifically refer to cell phone and laptop spare batteries, but apply to all lithium and lithium metal batteries, also common in digital cameras and camcorders, portable DVD players and video games, etc. Check the DOT Web site for specific limits on the allowed lithium content per battery, which is especially important if you have an extended-life battery.

Concerns about Sony-made laptop batteries overheating, leading to battery recalls by Apple, Dell, and several other laptop manufacturers in 2006, make this the most rational and least arbitrary restriction on passenger baggage we've seen affecting air travelers in recent years. (For details on that recall, see "Apple Recalling 1.8 Million Laptop Batteries," 2006-08-26.)

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Amazon MP3 Scores DRM-Free Music: What About Apple?

  by Adam C. Engst <>

First came EMI's test of selling music free of digital rights management (DRM) with Yahoo. Then Steve Jobs let fly with his "Thoughts on Music" open letter (see "Steve Jobs Blasts DRM," 2007-02-12), and Apple followed it several months later with the announcement that the iTunes Store would sell DRM-free tracks from EMI (see "Apple and EMI Offer DRM-Free Music via iTunes," 2007-04-02). Next, jumped into the fray with Amazon MP3's DRM-free downloads from EMI and Universal (see "Amazon MP3 Takes on the iTunes Store," 2007-09-25, and "Apple Cuts iTunes Plus Price to 99 Cents," 2007-10-16).

With EMI and Universal offering DRM-free music, Warner Music Group and Sony BMG were the remaining holdouts, and in the last few weeks, both have caved. In late December 2007, Amazon announced that DRM-free tracks from Warner Music would be available via Amazon MP3. And on 10-Jan-08, Amazon repeated the announcement with Sony BMG, the fourth of the major music labels (and the one that intentionally installed spyware on Windows PCs in an insane attempt to prevent CDs from being copied).

Amazon MP3 now claims 3.1 million tracks, all without any DRM. Apple says the iTunes Store has over 6 million songs, but only iTunes Plus tracks from EMI aren't hampered by Apple's FairPlay DRM. In April 2007, in the announcement of the iTunes Plus tracks, Steve Jobs said, "We expect to offer more than half of the songs on iTunes in DRM-free versions by the end of this year."

It's now 2008, and I'm happy to give Apple a two-week grace period if one of the announcements at Macworld Expo is that all the music in the iTunes Store will become available in DRM-free format. Otherwise, any moral high ground Apple may have achieved with the "Thoughts on Music" letter and subsequent promotion of iTunes Plus tracks will be ceded to Amazon.

And yes, I realize that this decision is not Apple's to make unilaterally, and if Apple isn't just sitting on an announcement until the Macworld Expo keynote, the spotlight will then focus on the labels that are playing favorites with Amazon over Apple.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Parallels Server Brings Virtualization to Leopard Server

  by Joe Kissell <>

Parallels has announced the first beta release of Parallels Server, a new virtualization program that, like Parallels Desktop, lets one operating system run as a virtual machine inside another. But Parallels Server introduces some significant new capabilities, not the least of which is support for running Leopard Server as a guest operating system. Thanks to Apple's recently updated licensing terms (see "Apple to Allow Virtualization of Leopard," 2007-10-31), owners of Leopard Server can run it as a virtual machine - and even run multiple copies of it on a single computer - as long as each copy is purchased and licensed individually and the host computer is made by Apple. (Parallels Server itself runs on Mac OS X, Windows, or Linux.)

The option to run two or more copies of Leopard Server (along with other operating systems, such as Windows Server and Linux) on, say, one of the spiffy new eight-core Xserves (see "New Xserve Goes Eight-Core Too," 2008-01-08) could prove to be very interesting to sites needing to get the most flexibility out of a limited number of machines.

In addition to guest support for Leopard Server, Parallels Server finally offers (limited) support for multiple processors or cores in guest machines, a capability the company says will migrate to Parallels Desktop in the future. Among the other new features is the option to install and run guest operating systems using a "bare metal" hypervisor that eliminates dependence on the host operating system. Since I haven't seen this capability in action personally yet, I'm having some trouble grasping exactly how it will work, but it certainly sounds interesting.

The beta testing program for Parallels Server is private, meaning that registration is required, though apparently Parallels has opened participation to anyone.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

NewsGator Turns NetNewsWire Loose for Free

  by Glenn Fleishman <>

NetNewsWire 3.1 is the latest release of the long-developed news aggregator of RSS and Atom feeds - and it's now free. NewsGator, which acquired Seattle developer Brent Simmons's NetNewsWire software in 2005 and hired Simmons, announced updates for its major newsreading applications; their applications are all available at no cost. Previously, NetNewsWire was available in a fully featured paid Pro version and a free Lite version.

NewsGator's applications include FeedDemon 2.6, NetNewsWire 3.1, Inbox 3.0 (in beta), and NewsGator Go! for Windows Mobile 2.0, as well as Web-site based readers aimed at generic mobile devices and one customized for the iPhone. NewsGator integrates newsreading across programs and services by letting users create accounts that can be used to synchronize feeds and track which items have been read.

NewsGator founder and CTO Greg Reinacker wrote on his blog that the company is focusing on saturating the market with its clients to provide a better environment for its corporate products, which include NewsGator Enterprise Server. The server aggregates content from the outside world and combines it with internal communications for employees. A single source for the server software and no per-seat licensing fee for every desktop and mobile operating system and device could be a powerful tool to let NewsGator challenge bigger competitors that lack good software for normal users.

The latest release of NetNewsWire, by the way, includes a small list of useful new features, including a refresh of the user interface, better performance, and an HTML Archive option that saves news items in a standard Web format. The performance improvements were noticeable: I quit version 3.0, installed and launched 3.1, and witnessed a dramatic improvement in retrieving new items and other actions.

I should also note that Simmons added a feature late in the 3.1 beta that I've been requesting quietly for years: an unsubscribe-from-feed option available from the contextual menu for any news item. Because I subscribe to so many news feeds, and feeds tend to go stale, become overwhelming, or simply start to irritate me, it's great to have a click-and-select method of saying buh-bye to a news feed. Previously, you had to select an option to reveal the feed in the subscription list, select it, and choose Unsubscribe.

With NetNewsWire 3.1, generally considered to be one of the most capable RSS newsreaders, now available for free, the bar has been raised for all other RSS newsreaders (including Safari). As Rich Siegel told TidBITS when Bare Bones released the capable text editor TextWrangler for free, "You must now be this tall to play."

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Nolobe Ships Major Interarchy Update

  by Glenn Fleishman <>

Nolobe has shipped Interarchy 9, a major update to one of the longest-developed Macintosh Internet applications. The new release adds a new secure file-transfer mode using SSH encryption that requires a server with Perl 4 or later to use. Nolobe promises substantially improved performance with the new mode for mirroring, in which files are automatically duplicated whenever they're changed, typically to remote directories, such as the folder that holds a Web site.

A number of cosmetic changes were made as well, with the new main window display resembling a Leopard Finder window, including organizing information in a sidebar by categories, one of which is Bonjour-accessible local volumes. Long-time users may need to read the release notes to figure out where features they use have migrated to; in particular, it appears that the network testing features of the previous version have been removed. I particularly like the addition of the Copy Public URL command in the Edit menu, which lets you create a mapping between an FTP path and the equivalent URL to reach that path from a Web site, and then copy the public URL for any file in the FTP hierarchy for pasting into email or documents.

[View image]

Version 9 ties into Mac OS X's structure for mapping file extensions to applications, rather than maintaining its own mapping. This can cause some consternation. For instance, if you had previously set Interarchy to edit .html files in BBEdit, but left the .html mapping in Mac OS X to open such files in OmniWeb, you can't duplicate that approach with Interarchy 9. An Edit With command has been added to the contextual menu, too, so you can choose among valid applications to edit a given file. This release incorporates Sparkle for updates, which slipstreams improvements in an elegant manner while the program is running (see "Sparkle Improves Application Update Experience," 2007-08-20).

In February 2007, Nolobe obtained development rights for Interarchy (originally Anarchie) from Peter Lewis's Stairways Software; Nolobe was founded by Interarchy's lead developer Matthew Drayton (see "Nolobe Takes Over Interarchy; 8.5 Ships," 2007-02-05). This is Nolobe's first ".0" release of the software since the acquisition.

Interarchy 9 costs $39 until 29-Feb-08, after which the price rises to $59. Registered owners of Interarchy 8.5.4 and earlier may upgrade for $29. Mac OS X 10.4.11 or later is required.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Airfoil 3 Spreads Music Streaming Beyond AirPort Express

  by Glenn Fleishman <>

Rogue Amoeba has released Airfoil 3, a significantly updated version of their $25 software package that was originally designed to allow any application or audio source, not just iTunes, to play audio through speakers hooked to an AirPort Express Base Station.

The latest version can also play audio through remote Macs that are running the Airfoil Speakers software, included with the release. In addition, it can sync remote audio with video playing on your computer using the new Airfoil Video Player that's part of the package. Rogue Amoeba notes that Airfoil synchronization is now "perfect": Each remote AirPort Express receiving audio gets it at precisely the same time, which wasn't possible with previous releases.

[View image]
[View image]

Upgrades from previous releases cost $10. Airfoil 3 requires Mac OS X 10.4.0 or later, and is the first Airfoil release that works correctly under Mac OS X 10.5 Leopard. A fully functional trial version that overlays noise on the audio stream after 10 minutes of continuous playback is available as a 9 MB download.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Rogue Amoeba's Live Disc Avoids Wasting CDs

  by Adam C. Engst <>

Imagine that you're exhibiting at Macworld Expo and want to hand out CDs containing demo versions of your software. It's easy to create a master disc and a label, and send it out for printing and duplication. But there can be a long lead time for big orders, making it hard to release a new product at the show, and any unused CDs become obsolete quickly afterwards, which is a waste of money and resources.

The clever lads at Rogue Amoeba have come up with a nifty solution to this problem, which they call Live Disc. Essentially, Live Disc is a custom application that presents a Finder-like window to the user, showing icons for demos of Rogue Amoeba's products that you can drag to copy or double-click to launch, just like in the Finder. The magic is that if a newer version of the application is on Rogue Amoeba's server, Live Disc seamlessly downloads that version and copies or launches it instead. If there's no Internet connection, Live Disc simply uses the copy on the CD.

[View image]

At the moment, Live Disc isn't a product anyone can buy or license, although I imagine that Rogue Amoeba would consider making it one if there's sufficient interest. Far too many CDs are wasted because their contents have become obsolete; with Live Disc and some forethought, nearly any promotional CD could have a significantly longer life span and would be less likely to join the ever-growing waste stream without at least being useful first.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

New Mac Pro Goes Eight-Core Before Macworld Expo

  by Adam C. Engst <>

A week before Steve Jobs was set to take the stage at Macworld Expo, Apple cleared away any need to talk about professional-level Macs to concentrate on what we presume are more interesting announcements. When a new Mac Pro that Apple advertises as "the fastest Mac ever" (sure, the latest professional Mac is always the fastest Mac ever, but still...) doesn't make the cut for the Macworld Expo keynote, even the more jaded among us start salivating.

The new Mac Pro features eight-core processing, thanks to a pair of Intel's new 45-nanometer Quad-Core Xeon processors running at 2.8 GHz, 3.0 GHz, or 3.2 GHz. Actually, there is a build-to-order option with only a single 2.8 GHz Quad-Core Xeon processor, but that feels like a throwaway to keep the price of the lowest-end Mac Pro down, and I usually avoid such oddball configurations when the direction is clearly toward eight cores across the board.

Apple claims the new Mac Pros are up to twice as fast as the previous top-of-the-line 2.66 Quad-Core Mac Pro when using processor-intensive applications like Maya and Logic Pro. Additional performance comes from a whopping 12 MB of L2 cache per processor, a high-bandwidth hardware architecture, dual-independent 1600 MHz front size buses, and support for up to 32 GB (8 slots) of 800 MHz DDR2 ECC FB-DIMM memory.

In terms of storage expandability, the new Mac Pro features four internal hard drive bays with direct-attach, cable-free installation of SATA drives, giving it support for up to 4 TB of internal storage. A SuperDrive with double-layer support is also standard, with a second open optical drive bay available for another SuperDrive... or perhaps a Blu-ray drive in the future.

Graphics processing is also important for the professional crowd, and although I'm not deep in that world, the specs sound impressive. The standard video card is an ATI Radeon HD 2600 XT with 256 MB of video memory, but build-to-order options include the Nvidia 8800 GT with 512 MB of memory or Nvidia Quadro FX 5600 with 1.5 GB of memory. You're not limited to just one of these cards (each of which can drive a pair of DVI monitors) - the Mac Pro provides a total of four PCI Express slots, making it possible for a Mac Pro to drive a total of eight 30-inch monitors running at 2560 by 1600. Who needs Spaces when you can address over 32 million pixels? Clearly, Apple is looking to move into the stadium display market.

On the communications front, the Mac Pro comes standard with a pair of gigabit Ethernet ports (with support for jumbo frames), Bluetooth 2.0+EDR, an optional 802.11n AirPort Extreme card, and an optional Apple USB Modem. Anyone who buys a modem for this machine deserves a wedgie.

Other specs include a pair of FireWire 800 ports (one in front, one in back), a pair of FireWire 400 ports (one in front, one in back), five USB 2.0 ports (two in front, three in back), front-panel headphone minijack and speaker port, optical digital audio input and output Toslink ports, and analog stereo line-level input and output minijacks.

Apple says the new Mac Pro is available immediately, with pricing starting at $2,799 for a model that includes a pair of 2.8 GHz Quad-Core Xeon processors, 2 GB of RAM, the ATI Radeon HD 2600 XT graphics card, a 320 GB SATA drive, and SuperDrive, along with all the other standard stuff. The only slight disappointment? The industrial design remains the same, and while there's nothing wrong with the "cheese grater" case introduced nearly five years ago with the Power Mac G5, we'd sure like to see a hot new case design.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

New Xserve Goes Eight-Core Too

  by Adam C. Engst <>

Hot on the heels of Apple's pre-Macworld announcement of the new Mac Pro comes the release of a long-awaited update to the Xserve, the company's 1U rackmount server. Given that the Xserve typically finds itself racked in supercomputing and enterprise data centers, hardware updates seldom warrant mention during the Macworld Expo keynote anyway. This makes it unsurprising that Apple is releasing specifications and taking orders now to avoid the Xserve upgrade stealing any keynote thunder.

Like the new Mac Pro, the Xserve's top-end models feature eight-core processing, with a pair of 2.8 GHz or 3.0 GHz Quad-Core Xeon processors. There's also a base model sporting just a single 2.8 GHz Quad-Core Xeon processor. All models include 12 MB of L2 cache per processor, a high-bandwidth hardware architecture, dual-independent 1600 MHz front side buses, and support for up to 32 GB (across 8 slots) of 800 MHz DDR2 ECC FB-DIMM memory.

In terms of expansion, the Xserve provides three drive bays that support either SATA or SAS drives, a pair of PCI Express 2.0 expansion slots that can accept multi-channel 4-gigabit Fibre Channel, and 10-gigabit Ethernet cards.

Standard features include internal graphics support that can drive anything up to a 23-inch Apple Cinema Display, dual gigabit Ethernet jacks, two FireWire 800 ports (but no FireWire 400 ports), three USB 2.0 ports, and, of course, an unlimited client license for Mac OS X Server 10.5 Leopard. The base Xserve configuration, shipping immediately, includes a single 2.8 GHz Quad-Core Xeon processor, 2 GB of RAM, and a single 80 GB SATA Apple Drive Module for $2,999.

Apple boasts that the new 45-nanometer Intel Quad-Core Xeon processors improve on energy efficiency, with the processors drawing a maximum of 80 watts and dropping as low as 4 watts when idle.

As with the Mac Pro, the industrial design of the Xserve remains largely unchanged, which will cause disappointment in some quarters. We've heard complaints from data center operators that the Xserve's 30-inch (76.2-cm) depth makes for awkward spacing in standard racks. (The original Xserve was 28 inches (71.1 cm) deep.) Also, Apple's policy of selling the Xserve's drive sleds only with drives makes it expensive to upgrade storage with drives from vendors other than Apple; that appears to be unchanged.

In a mixed blessing, Apple removed the FireWire 400 port from the front panel and replaced it with a USB 2.0 port. That's a good step, since it makes it easier to attach a keyboard and mouse for troubleshooting, but doesn't go far enough, since rack-mounted servers also usually need a monitor attached for troubleshooting, and the video port remains at the back of the Xserve.

Chuck Goolsbee, Vice President of Technical Operations for hosting company digital.forest, suggests that "user-related" ports, such as USB, video, and FireWire be accessible from the front panel, whereas "system-related" ports like Ethernet, Fibre Channel, and power be relegated to the back. (USB and FireWire should exist in both places, of course.) The reason is that ideal data center design calls for hot aisles and cold aisles, with the hot backs of servers facing each other and the cold fronts facing each other. That way, the hot aisles can be enclosed and cooled more effectively. But that's not feasible if the staff needs regular access to the backs of servers for troubleshooting, as the Xserve requires due to the placement of its video port on the back.

All that said, we've been needing new server hardware for some time and this looks like the unit we've been waiting to order!

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Secure Your iPhone Connections at Macworld Expo - and Beyond

  by Glenn Fleishman <>

What do you get when you cross thousands of iPhones users, hundreds of Wi-Fi nodes across dozens of networks, and no network security? Lots of snarfed passwords from what could be as few as a handful of ne'er-do-wells who know what to look for.

If you're an iPhone user headed towards the Macworld Conference and Expo, I'll see you there, but I hope I won't see your passwords floating through the air. The iPhone - and Mac OS X and all other major operating systems designed for personal computers and mobile phones - doesn't secure data sent over Wi-Fi by default. Rather, the operating system and hardware makers assume that you will layer your own security on top.

Most users aren't aware they need to add security on top of their in-transit data, and I've tried to be Johnny Wi-Fi Security Seed - if I'm not stretching the king of Applejack's reputation too far - in spreading the word on simple ways you can ensure your passwords and data aren't sucked in while walking around. You can read an in-depth article I wrote several months ago for Macworld about the iPhone and its security limitations or scan the following tips. (A few obscure VPN flaws mentioned in the article have been fixed in subsequent iPhone updates since the article was written last summer.)

Fundamentally, every network connection you make over an iPhone or a laptop via Wi-Fi when roaming away from home is insecure unless the particular program you're using or network connection has been designed to include encryption or overlaid with some secure elements. (At home, you might enable WPA Personal encryption on your network, which reliably protects the data from snoopers who don't have the network password.)

Protect Email Passwords and Contents -- The iPhone tries to be good. When you set up a new email account using the prefabricated partner email host options in iPhone's Mail preferences, or when you add an email account manually, Apple's procedure is to use an encrypted connection unless one isn't available. (Yahoo Mail's push service for the iPhone secures its passwords but sends the contents of your messages in the clear.)

Email passwords are often sent in the clear by default, which means that without adding encryption on top, someone could access your password. Mail programs and mail servers, like Web servers, use SSL/TLS to tunnel data without allowing a snooper a position to intercept what's being sent. Almost all mail software, including Apple's iPhone Mail and Mac OS X Mail, include support for SSL/TLS connections.

Most but not all Internet service providers offer SSL/TLS for sending (SMTP) and receiving (POP3/IMAP) email. It may be worth forwarding email to Gmail or another service that offers encrypted POP, IMAP, and SMTP while traveling if your ISP's own mail servers don't support encryption. (Here's a detailed article on how secured email works and why to use it.)

You can protect just your email password by using APOP (Authenticated POP) with ISPs that support that protocol. Using APOP, each time you retrieve messages your mail client creates a unique hash of your password that the server, knowing your password as well, can confirm. The iPhone doesn't offer APOP support, but many mail programs include it as a legacy option.

If your ISP requires your password for sending outgoing email - as most do - that password is frequently sent in the clear if SSL/TLS isn't used.

Keep Insecure Web Surfing Private -- When you're browsing Web sites that don't use encryption to protect your sessions, a sniffer on the same network can monitor all your activity. Banking sites nearly always use SSL/TLS to entire sessions, while ecommerce sites may limit SSL/TLS to your account login and the checkout phase.

It used to be fine to be sanguine and say, well, I have no secrets; if my password is protected during login to a site - as many firms like Yahoo and Google offer - what do I care if the session is in the clear? That was an attitude one could take before sidejacking was defined.

Sidejacking is a way of grabbing the account token sent by sites like Google that enable your browser to maintain a continuous session as you request pages. That token, stored as a cookie that your browser sends on each transaction, can be grabbed through in-the-clear Web surfing, as is typical for sites that don't involve financial details, medical information, or other private transactions. The token may last minutes, days, or years, depending on the security model chosen by the site's developers.

An account token doesn't let someone decode your password, but it can allow them access to your current session, which they can hijack on the side. This lets them send email as if it came from your account, receive and read your messages, and, on security-poor Web sites, ask the site to send your password to their email address with little effort. (For more details, read my article "Sidejack Attack Jimmies Open Gmail, Other Services," 2007-08-27.)

You can secure Web sessions and prevent sidejacking on a Mac with the Secure-Tunnel service (available in Gold or Platinum offerings, $7.95 or $9.95 per month, respectively), which acts as an encrypted proxy for Web requests.

But if you're using an iPhone, this won't work. The iPhone unreasonably requires that Web and other network proxies be set individually for each Wi-Fi network, rather than for the Wi-Fi adapter and the EDGE adapter, as is the case in Mac OS X, and how most operating systems handle proxy services.

So for your laptop browsing, Secure-Tunnel is an option, but iPhone users must consider a VPN if they want this form of protection. That carries its own limitation on the iPhone, too, as described next.

VPN for Hire -- A VPN (virtual private network) connection encrypts all the data entering and leaving your computer or iPhone to a remote point. For those of you who work for companies that run VPN servers, that remote point is inside the corporate network. But several firms sell VPN service, terminating the remote point at their server inside a data center somewhere: the end point isn't secure, but typically you're just trying to protect your data over the Wi-Fi link and the local network. These VPN service providers offer that.

Mac-friendly services include publicVPN's eponymous service and WiTopia's personalVPN. After you sign up for publicVPN's $5.95 per month or $59.95 per year service, you receive a simple set of instructions explaining how to set up the L2TP-over-IPsec VPN client built into the iPhone (called just L2TP) and Mac OS X 10.3 and later to connect to publicVPN's servers.

WiTopia offers a $39.99/year SSL-based VPN service, and provides a complete package for installing the open-source TunnelBlick connection client with the necessary digital certificates custom created for you. Unfortunately, the iPhone doesn't currently support SSL VPNs or the installation of third-party software, and TunnelBlick can cause freezes in Leopard. (I was able to solve these freezes only by uninstalling TunnelBlick. It works fine in Tiger. The TunnelBlick developer is working on fixing the Leopard problems.)

WiTopia does an end run around both the iPhone limitation and the current Leopard crashes through their free addition a few months ago of a second VPN account as part of your service. WiTopia offers the widely supported PPTP (Point to Point Tunneling Protocol), which can be used by the iPhone and in Leopard. PPTP is an older VPN protocol that has weaknesses when poor passwords are chosen; WiTopia chooses a strong password for you to bypass this. (Other limitations have led to most companies bypassing PPTP in favor of IPsec and SSL-based VPNs.)

On the iPhone, select Settings > General > Network > VPN, and enter information provided by WiTopia for PPTP or publicVPN for L2TP-over-IPsec. After entering the information, a VPN button appears beneath the Wi-Fi switch in the main Settings screen to make it easier to turn the VPN on and off; more on that in a moment.

In Panther and Tiger, you use Internet Connect to configure a VPN; in Leopard, VPN service is an option in the Network preference pane displayed like another network adapter. (If you don't see a VPN service in the adapter list, click the + [plus sign] at lower left, select VPN from the Interface menu, and choose L2TP over IPsec or PPTP from the VPN Type menu as appropriate.)

But here's the rub with the iPhone. While a VPN is the best overall solution, Apple hasn't made it easy to keep a VPN active while you roam, which could lead to you browsing with the VPN off unintentionally. Because the iPhone is so good at roaming between EDGE and any available Wi-Fi network you've chosen to join before, your VPN connection is liable to break during any of these network switchovers. Some corporate software is designed to work on mobile devices and maintain a continuous connection back to the enterprise network regardless of your connection media - Ethernet, Wi-Fi, cellular, or other. But Apple and AT&T haven't provided this kind of flexibility yet. With the addition of third-party software for the iPhone in February 2008, developers might be able to extend this flexibility to the device.

In the meantime, you need to pay attention to your VPN connection before each browsing session if you're concerned about the issues I raise in this article. A security expert I consulted suggests that the EDGE network is generally secure - some heavy resources need to be brought to bear to break its encryption and then only for a single device - but Wi-Fi is wide open.

Macworld Optimism -- With the release of the iPhone development kit due in February, and a preview of it likely part of the Macworld Expo keynote, I can only hope that some of the rough edges that expose data and passwords of the unwary at the show can be fixed through third-party software that will make networked data transfer that much easier to keep private at events like Macworld - and at your neighborhood hot spot.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

CES 2008 Day 1: Finding My Bearings

  by Jeff Porten <>

[Editor's note: Intrepid roving correspondent Jeff Porten braved the aisles at this year's Consumer Electronics Show (CES), which was held last week in Las Vegas, Nevada. We published his reports on our Web page as he filed them, when he was conscious enough to write.]

Hello from CES, the largest consumer electronics trade show in the world, dedicated to testing the upper limits of human endurance and forcing its attendees to exceed them.

No, really. I just spent the first day of CES at The Venetian/Sands Expo and Convention Center in Las Vegas, where I succeeded in covering just about half of the show floor. There's the other half of this floor, three other levels of exhibits, the Tower Suites for select companies, and an additional exhibition next door at the Wynn that runs until 10 PM.

After I finish all that tomorrow, I head to the Las Vegas Convention Center. The Venetian holds just the satellite show; most of the exhibits and events are at the LVCC. All told, CES has 1.8 million square feet of exhibit space, and around 250,000 people are expected to walk on it this week. The entire show requires seven different folding maps.

To put it another way, given my habit of attacking a trade show floor in grid style (up one aisle and down the next), and since most exhibitors are all too happy to hand me paper brochures made of thinly sliced wood, I'm expecting to hike 10 miles a day carrying upwards of 40 pounds of conference swag. (If anyone is interested in my Getting Things Done approach to trade shows, see my sidebar article.)

I have a stack of such swag which I have yet to go through and write about, so here's a quick note about what I'm looking to cover for TidBITS. There are a few companies here with products that are more or less unique in their area, and interesting products will catch my eye. But the majority of exhibits have devices that differ only in slight ways from the competition, so my focus is on the products whose competitive differences really connect with the target audience.

I have some items here which illustrate this idea. In front, a media kit from Solio (manufacturers of solar power accessories); by putting this on a flash drive, it's easy to carry and will in the future be useful to me in a way a DVD won't. The round red pen is a giveaway from Genius; unlike most other pens given away at the show, it won't get lost in the bottom of my bag. Finally, the official World Series of Poker lighter I bought yesterday; not for the logo, but for the form factor: it's flat and will fit in just about any pocket I care to throw it into.

[View image]

I'll generally be too polite to mention the companies whose competitive features are negatives, but there are many people here who are making the same mistake by giving out information on mini-CDs the size of a business card. These are guaranteed to break the slot-loading drive in my MacBook immediately, and if that's the only way they're circulating information, it counts as points off on their friendliness to the Mac community; unless someone came here with a Mac Pro desktop, they're not reading those disks.

Onward! Tune in soon for some actual product coverage.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

CES 2008 Day 1: Keyboards, Power, Eyewear, and More

  by Jeff Porten <>

You know you're a geek when one of the best parts of your day in Las Vegas is seeing a new hot new keyboard.

Art Lebedev is showing the real, non-vaporware, made-of-actual-atoms Optimus Maximus keyboard, on which each key houses a tiny OLED display. When you switch your layout from QWERTY to Dvorak, all the keycaps change with it. Perhaps more usefully, special function keys and the standard Fkeys can display application icons to remind you what they're all going to do.

[View image]

At $460 a pop, the Optimus Maximus is a splurge for most people, but I can see how it would be useful for public computers that are used by an international group - I've been to dozens of conferences where the participants had to mentally remap a physical keyboard to their home country's layout. I suspect it's also just a matter of time before some lifehack Web site comes up with a method to make this a fantastic productivity tool; just think of what you could do with AppleScript, macros, and a keyboard that dynamically changes functions and shows you how it's changing to automate your workflow into one or two keystrokes.

There are some fascinating power accessories here at CES. Powercast is demoing various methods of transmitting power without wires, which would be great for charging cell phones and laptops without plugs. Aqua PowerSystem is looking for American distributors for their batteries that run on water. Any kind of water: "It will work with alcoholic drink, beer, cola, coffee, and even saliva or urine in an emergency situation without water." Apparently fuel cells are also being demonstrated elsewhere on the show floor; finding them is on my to-do list.

The winner for Best Geordi LaForge iPod accessory is i-Vue's video eyewear. A decent display and built-in headphones make this a killer toy for watching movies on a plane, but text starts to break down at greater than 800 by 600 resolutions, so it won't do much for portable productivity.

[View image]

It's cool, but is it useful? SanDisk's Cruzer Titanium Plus is a USB flash drive with 4 GB of memory, with a twist. The gimmick is that everything you put on the drive is also uploaded simultaneously to online storage. (Through your computer; the drive itself doesn't go online.) It's good to have a redundancy plan, but I can't think of a use where I'd need to have a file in three places, one of them being on my person - if I'm physically carrying a file, that's because I've decided I won't have online access to it. The drive costs $60, and the online storage costs $30 per year after six months for free. (I have to say, when you're carrying around about 20 GB in free flash storage from exhibitors, it lowers your opinion of the market value.)

Another neat idea - I think - comes from PhoneCasting, which lets you record a podcast or audio blog entry by phone, simplifying what can be a tricky process. PhoneCasting also assigns a phone number to every podcast it records, enabling your listeners (all 3.25 billion worldwide cell phone subscribers, according to PhoneCasting's rather breathless press release, which you can hear at 702-553-2764) to call up and hear your latest podcast over the phone. There are SMS messages to alert people to the existence of a podcast show, and PhoneCasting can insert radio-style ads into your podcast so you can generate revenue as well. How many people want to listen to podcasts via long and likely expensive phone calls? I can't criticize too much, having accidentally left my iPod nano at home, but it seems questionable. Podcasters receive 250 MB of storage for free and presumably pay for extra; the cost, if any, to those making the calls is oddly not mentioned in my press kit or on the home page.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

CES 2008 Day 2: From iPods to iShoes

  by Jeff Porten <>

CES continues to amaze, with an astonishing variety of products and services. Here's what stood out on my second day.

ifrogz caught my eye with their interesting "thumpz" iPod cases with built-in speakers, about the same size as earbuds. Unfortunately, my ears don't work well enough for me to report back on speaker quality, so I turned down the demo in the soundproof booth. Versions for the 3G iPod nano are slated to ship 14-Jan-08 for $24.99, with a version for the iPod classic to follow.

[View image]

Earbud or spaceman? Speaking of poor hearing, if you're interested in keeping your ears in pristine condition, or if you're encouraging your children to do so, you might want to check out the American Speech-Language- Hearing Association's Listen to Your Buds campaign. Featuring, er, either an anthropomorphic earbud, or a Lego spaceman, depending upon your interpretation. Essentially, you can permanently damage your hearing with your headphones, and children are especially susceptible; if you'd rather avoid learning to lip-read in noisy environments like I have to, stop by their site.

[View image]

Are you bored with that monotonous single-color case for your MacBook or iPod? Gelaskins impressed me with their eye for design in their line of custom skin cases. I'm particularly fond of MC Escher's Drawing Hands laptop case and Hokusai's The Great Wave for iPods. But if that's not enough for you, Digiskin showed off their kiosk, which they claim can be used to print custom images for any device, including cell phones. I neglected to ask for the price, but this looks like something a business would use to sell customized cases to its customers. If you can't pick up one on your own, look for it at a mall near you.

[View image]
[View image]

When it comes to design, LaCie offers a wide variety of storage devices with cases by famous designers. They're now extending their Little Disk product line with even smaller models that look more like Zippo lighters than cases for the forthcoming 1.3-inch 30 or 40 GB hard drives; even so, they still have a built-in USB cable. Larger models (still around the size of a tin of Altoids) offer up to 250 GB and have an option for FireWire. LaCie's press release says immediate availability, but the Web site hasn't yet been updated and the booth said "next month."

[View image]

TechForward wasn't demoing any technology, but rather an interesting angle on electronics insurance. They'll sell you a "buyback plan" which guarantees that they'll pay you a set amount of money for your hardware at some future date. For example, buy a MacBook today and pay them $39; sell them your MacBook in one year for $460, or in two years for $380, regardless of its market value. Interestingly, they offer plans for iPods, but not for Zunes - I wonder why. They'll sell this to you directly, or offer it as a point-of-sale purchase from other vendors. (And they're promising those vendors a cut of the revenue, so that might be a negotiating point for savvy buyers.) The idea is that you can upgrade your equipment at less than the actual cost, since you'll get a guaranteed payment later. I suspect you'll sometimes do better on eBay, but this is certainly a no-hassle alternative.

If you've ever wanted to zip around town like Woz on his Segway, but with a gizmo that fits into a backpack, check out iShoes. Somehow they've managed to come up with battery powered roller skates that can carry you about 3 miles (not quite 5 kilometers) on a single charge, with a top speed of about 13 miles per hour (21 kilometers per hour). I have no idea how safe this is, but it looks like the coolest locomotion you'll see until someone can sell us a hoverboard. They're apparently available now, for a mere $599 plus $20 shipping. If you buy a pair, let us know how it goes.

[View image]

Finally, a shout-out to the folks from Opera Software, authors of (among other software) the wonderful Opera Mini for cell phones and Java-capable devices. I ran into several of them in the outdoor smoking area, and jokingly introduced myself by saying, "Hey, I think you guys just crashed my phone." To my surprise, they really cared and asked me all sorts of questions about my usage, then quizzed me about my thoughts on their product and how they could increase usage in the United States. (My reply: the people most likely to need their software are unfortunately the ones least likely to ever hear about it.) If you've ever surmised from Opera's Web site and forums that this is a company made up of really nice Norwegians, I can attest to your accuracy.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

CES 2008 Day 3: Robots and Wrap-up

  by Jeff Porten <>

They say Las Vegas has a strong psychological effect on the males of our species, causing us to say and do things here that we'd otherwise know to avoid due to good sense or good taste.

That said, I'm probably the first man in the history of Vegas who has ever walked up to a Playboy Playmate and said, "Hi, I'm looking for whatever you can tell me about Tasers."

Really, that's the whole story. I have no excuse. Yes, I had noted that she and the three other women sitting at her table stood out from the crowd, but I somehow didn't notice that they were there to sign autographs instead of hand out product information.

As for the actual products at the show, I'll have to admit to being underwhelmed. CES is where I like to see for the first time the new technologies that I think will be ubiquitous in five years. Not so much of that at this show. If you wanted to compare 100 brands of truly massive televisions, or 350 brands of eardrum-blowing speakers, CES was definitely the place to be. But I've been coming here on and off for 20 years, and I remember seeing my first DVD and picking up the first issue of Wired. It's entirely possible I missed something with a show this size, but little jumped out at me as being truly groundbreaking.

One possible exception was the bizarre iRobot ConnectR, coming later this year from the people who normally automate your vacuuming with the Roomba. The ConnectR is another short round robot, but it's for communicating with your family: when you're away from home, you log into the ConnectR over the Internet, and use the swivel-mounted webcam and two-way audio to talk to your kids (or your extremely patient spouse, presumably). If the boy goes mobile, you just drive it around to follow him. [Editor's note: The mind boggles, but we'll save our comments from the perspective of being actual parents for another article. -Adam]

[View image]

I'd write the ConnectR up anyway, just on the basis of it just being a cool piece of gear, but it strikes me as potentially breakout - if the mid-21st century finds us all using telematic devices to create a physical virtual presence, in addition to the ways we use the Internet today to cut down on virtual distance, then this will have been among the first of its kind. It's also quite possible that it's just too far out in left field to take hold; I can think of several rather geeky friends who travel away from their families often, and I still can't picture one of them using this.

There was also plenty of information at CES about "intelligent transportation systems," with a nice overview provided by the U.S. Department of Transportation's department of the same name. ITS seems to cover, broadly, pretty much any information technology you might want to put in a car, but there are several technologies that might change the way we travel. Most interesting to me is Vehicle Infrastructure Integration, which essentially makes every car a node in a peer-to-peer network. In the early stages, this will be used for realtime traffic data and the like, but it could be an incremental on-ramp, as it were, to the self-driving cars of the future, which can fit more cars on the existing asphalt with less congestion, and let you safely talk on the phone because the car computer is handling the driving. An alternative path being explored to the same destination is the "smart highway"; but which do you think makes more sense, putting a few billion dollars into every road, or incrementally upgrading the smarts of each automobile?

(Speaking of which... only a government would inflict its employees with a URL with the word "dot" in the domain. Imagine yourself at parties: "hi, I'm Jeff at dot dot gov.")

I did see a few other things of note.

Vonage was handing out their $39.99 V-Phone for laptops; essentially, it's just a 250 MB USB flash drive with a 2.5mm headphone/microphone jack. It came with the Windows software to make calls, but they neglected to include the Mac version (despite ample room on the drive), so I can't comment on its sound quality just yet. You can try it out yourself by downloading the Mac software, along with a 30-day trial account. You don't need the USB dongle - the Mac audio in/out will work fine - although I can tell you from experience that it's nice to have a dedicated hardware port to use with Vonage and similar software.

[View image]

If you have a bunch of home electronics that aren't yet wireless, and you're tired of stringing 100-foot cables from room to room, you might want to check out MoCA (the Multimedia over Coax Alliance), an industry consortium that's creating standards aimed at letting you use your home's existing internal coaxial cable for home networking.

Wacom impressed me with the $999 Cintiq 12WX external touchscreen monitor. Hook it up as an external monitor to your Mac, and you end up with a touch-sensitive tablet displaying the video; the promotional materials show it in use with Photoshop and a Wacom pen. The 12.1-inch Cintiq 12WX requires an external control box, so I wouldn't think of it as providing an ersatz tablet computing experience, unless you're crazy enough like some people to carry around lots of hardware (see "Build Your Own 23-inch MacBook," 2007-02-05).

[View image]

I didn't stick around to play with one, but I was impressed by the brief demos I saw of the Moxi home digital media recorder system; in addition to the Tivo-style capabilities, the hardware and software provides a wide range of interactivity with your home network.

I also missed a demo of the new Myvu personal media viewer headgear. Like the i-Vue video eyewear I mentioned in "CES 2008 Day 1: Keyboards, Power, Eyewear, and More" (2008-01-09), I'm intrigued by wearable monitor technology, but without trying it, I can't tell you if the Myvu video eyewear lets you see what's happening around you better.

[View image]

Finally, the award for best practical joke at CES goes to Dan Frakes of Macworld. I ran into him in front of the Zoombak booth, where they were demoing the $199.99 "LoJack for dogs" (actually called "Advanced GPS Dog Locator"), a pager-sized device that you can attach to a dog, suitcase, or some other similarly sized item that might wander off without you. If it goes missing, you track said item on their Web site.

But this wasn't immediately clear to me, and the way Dan described it, I thought that Zoombak's stuffed animal giveaways were the product, and that there was a GPS locator chip inside so you could track your children. (Which, frankly, strikes me as a pretty cool idea, until such time as parents are comfortable with subdermally "chipping" their children.) Trust me when I say this led to a highly confused conversation between me and two PR guys.

I'm still not sure whether Dan deliberately tried to put one over on me, or if I'm just so fried this week that I jumped to conclusions from his perfectly good explanation. Considering my conversation about Tasers with Miss June 2004, I probably shouldn't blame him.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Hot Topics in TidBITS Talk/14-Jan-08

  by Jeff Carlson <>

Intuit -- Rich Mogull's article on Intuit's mistreatment of its users prompts one reader to suspect that the company isn't hostile to Mac users - they secretly hate all their customers. (1 message)

Eudora question -- Will switching Eudora to paid mode solve a number of annoying errors? Or will the problem just go away on its own? (16 messages)

Intuit Alienates Mac Users With QuickBooks Fiasco -- More examples of poor customer experiences with Intuit programs leads one reader to compile a list of 30 finance software packages for the Mac. (4 messages)

Backup Databases and Time Machine -- When it comes to backing up large database files (such as Entourage mail databases), Time Machine can be very inefficient and slow, since it backs up the entire file, not just recent changes. A reader suggests a workaround that backs up those files regularly, but not on Time Machine's hourly schedule. (4 messages)

Endnote, Bookends, Sente, Zotero, oh my -- Frustrated with expensive upgrades and performance issues, readers discuss dropping Endnote and using alternative programs. (3 messages)

Aperture crashes -- Updating to Leopard causes Aperture to crash for a user, even under a clean test account. (1 message)

New Mac Pro Goes Eight-Core Before Macworld Expo -- Readers discuss the tech specs and timing of Apple's pro hardware announcements of last week. (4 messages)

Request for help: MacBook sound problem -- Why would a MacBook stop outputting sound? Readers suggest several possible fixes. (8 messages)

Parallels - Mac Upgrade for Tiger Disabled Drag & Drop? The convenient method of copying files to a Parallels environment by dragging and dropping seems to be broken under Tiger, but other options for moving files are available. (8 messages)

Backing up Time Machine restores -- After restoring a Time Machine backup, the next Time Machine operation wants to make a duplicate backup, using up much more disk space. (4 messages)

Location-aware printing -- Leopard will recognize your location based on the network your Mac is connected to, and switch to using the local printer automatically - sometimes. Are there other location-aware applications that can do a better job? (7 messages)

Mail is Slow -- Readers bemoan performance of Mail under Leopard. (2 messages)

Widget Problem -- For some reason, Dashboard widgets refuse to appear for a user when Dashboard is invoked. Any suggestions? (2 messages)

Amazon MP3 Scores DRM-Free Music: What About Apple? Readers respond to Adam's article about Apple's capability to sell DRM-free music. Is Apple being excluded by the music labels, or will Macworld Expo bring more openness to the iTunes Store? (3 messages)

New 8800GT video card -- The new video cards available for the Mac Pro models announced last week appear to work only with the newest Macs, not earlier models. (1 message)

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Macintosh and Internet communities. Feel free to forward to friends; better still, please ask them to subscribe!
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Copyright 2008 TidBITS; reuse governed by this Creative Commons License.

Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue