Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue

TidBITS Logo


Two industries underwent major changes last week: Cellular carriers began offering unlimited minutes for $100 per month; and, after a long and expensive campaign, Blu-ray beat HD DVD as the optical disc format of choice for high-definition video. Glenn Fleishman looks at both events and how they relate to Apple. Also in this issue, Glenn writes about a new hardware vulnerability that may expose encrypted data with the help of compressed air, Jeff Carlson discovers that DRM won't let him view rented movies on his Apple TV, and Joe Kissell discusses how to achieve better video presentations with iChat Theater. We also note the releases of SuperDuper 2.5, Airfoil 3.1, Xsan 2 (along with the discontinuation of the Xserve RAID), a keyboard update for the MacBook and MacBook Pro, a 2 GB iPod shuffle (plus a price reduction for the 1 GB model), and Brian Tanaka's new "Take Control of Permissions in Leopard" ebook.

This issue of TidBITS sponsored in part by:
Help support TidBITS by supporting our sponsors!

SuperDuper 2.5 Released with Leopard Compatibility

  by Joe Kissell <>

After months of beta testing and much eager anticipation, Shirt Pocket Software has released SuperDuper 2.5, finally making the popular backup program fully compatible with Mac OS X 10.5 Leopard. Although there are other ways to make a bootable duplicate under Leopard, SuperDuper is my personal favorite tool for that task, and I'm delighted to be able to use it once again.

Along with an assortment of bug fixes and minor feature enhancements, version 2.5 offers the important and unusual capability of cloning Time Machine backup volumes. In other words, if your Time Machine drive gets full and you want to move your backups to a larger drive without losing your existing archives, SuperDuper can now make that happen. Previously, the only way I knew to do this was using Disk Utility's Restore feature, with the Erase Destination option selected - not the most convenient procedure. In addition, SuperDuper now makes it possible for a bootable duplicate and a Time Machine archive to share a single volume (though for practical reasons I still generally prefer using separate partitions).

It's kind of funny to think of having a backup utility that helps to manage another backup utility. But this new feature highlights the fact that SuperDuper and Time Machine perform equally essential (and in fact complementary) backup tasks.

SuperDuper 2.5 is a 2.8 MB download. The program costs $27.95; updates from earlier versions are free.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

More MacBook, MacBook Pro Keyboard Problems Fixed

  by Adam C. Engst <>

Apple has released the MacBook, MacBook Pro Keyboard Firmware Update 1.0 to address a problem where the first key press could be ignored if the Mac had been sitting idle. The company claims the update also addresses other unspecified issues. The update requires that you have already updated to Mac OS X 10.5.2, and it applies only to certain MacBook and MacBook Pro models released since late 2006. It's available via Software Update and as an 876K standalone download.

Pay attention when you download, since the update installs an application in the Utilities folder (inside the Applications folder) called "Built-in Keyboard Firmware Update." It should open automatically, but if it doesn't, double-click it to open manually, and follow the instructions it provides to update your laptop's keyboard firmware.

This is the second keyboard fix for the MacBook and MacBook Pro since the release of Leopard: in December 2007, the MacBook, MacBook Pro Software Update 1.1 addressed a problem wherein the keyboard would occasionally stop responding for a minute or longer (see "Update Fixes Unresponsive Laptop Keyboards," 2007-12-25). Clearly, this is all a subtle plot on Apple's part to convince us that keyboards aren't reliable and should be replaced by multi-touch interfaces on devices like the iPhone and iPod touch.

Unfortunately, there have been numerous reports of the first key press being ignored on systems other than the MacBook and MacBook Pro, and this fix won't do anything for other Macs.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Apple Drops iPod shuffle Price, Introduces 2 GB Model

  by Adam C. Engst <>

RAM is cheap and getting cheaper. Apple has now passed along some of their savings to those looking for an iPod shuffle by dropping the price of the 1 GB model from $79 down to $49. Simultaneously, Apple announced the release of a 2 GB iPod shuffle, to be priced at $69 when it ships later this month. With prices dropping at this rate, a 1 GB iPod shuffle will appear in cereal boxes within a few years.

With news like this and Apple's announcement of a pink iPod nano (see "Apple Ships Pink iPod nano, Apologizes to Tonya," 2008-01-22), it's hard to do more than state the facts, so let's once again peer closely at Apple VP Greg Joswiak's quote in Apple's press release. He said, "At just $49, the iPod shuffle is the most affordable iPod ever. The new 2 GB model lets music lovers bring even more songs everywhere they go in the impossibly small iPod shuffle."

What's this? The iPod shuffle is "impossibly small?" Come now. "Impossibly small" means that you worry about accidentally inhaling it, that Apple has to use magnification in product shots, and that it's impossible to imagine Apple releasing another iPod that's even smaller. Is it painfully obvious that I'm really stretching here? I thought so.

Seriously, thanks for the price drop and the 2 GB model, Greg. But I'm still betting that Apple releases an even smaller iPod within a few years.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Airfoil Adds Apple TV Support, Updated for Windows

  by Glenn Fleishman <>

Rogue Amoeba has updated Airfoil, their networked audio streaming software, to add support for pushing music to the updated release of Apple TV, and to add remote speaker support under Windows. The company released both Airfoil 3.1 for Mac OS X and Airfoil 2.5 for Windows (2000, XP, and Vista). (The Windows release is numbered lower because it lacks Airfoil Video Player and doesn't support the Griffin RadioShark.)

Airfoil 3's notable addition was Airfoil Speakers, software that you can install on any computer on the network, and that lets you take control of that computer's audio output remotely from a computer running Airfoil. Airfoil 3.1 for Mac OS X and 2.5 for Windows extends Airfoil Speakers to computers running Windows, and allows Windows machines with Airfoil to control remote speakers either on Mac OS X or Windows systems.

Airfoil also supports streaming to AirPort Express base stations using Apple's AirTunes protocol; the AirPort Express has a dual analog/digital optical audio output port. For more on Airfoil 3, see "Airfoil 3 Spreads Music Streaming Beyond AirPort Express," 2008-01-10.

Rogue Amoeba software engineer Guy English explains in a blog entry that they managed to put a little fit and finish on the Apple TV streaming by pushing an image of your particular computer to the device, complete with your desktop background and a screen capture of the application from which you're streaming audio.

Airfoil 3.1 for Mac OS X also fixes a problem with DVD Player synchronized audio introduced with the release of Mac OS X 10.5.2, and improves performance on less-speedy computers.

All these changes to Airfoil have us wondering - will Rogue Amoeba create a version of Airfoil that could send music from an iPhone (or iPod touch) in your pocket to your AirPort Express? The iPhone could then be both the source of your music and the remote control, and incoming calls could cause the music to pause automatically. All we know is that Rogue Amoeba is pondering the possibility.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Take Control News: Learn to Wrangle Permissions in Leopard

  by Adam C. Engst <>

If you like to go under the hood of Mac OS X, or if you've been forced to by quirky problems, you'll want to check out our latest ebook, freshly revised for Leopard - "Take Control of Permissions in Leopard." Written by Unix guru and Mac aficionado Brian Tanaka, the 87-page ebook mixes practical how-to details and troubleshooting tips with just the right amount of theory as it explains permissions in relation to how you keep your files private, copy files to and from servers effectively, set the Ignore Permissions option for external disks, repair screwy permissions, and delete those files that just won't die.

For those who want to learn advanced concepts, the ebook also delves into topics like the sticky bit, symbolic versus absolute ways to set permissions, and how to work with bit masks. In particular, Brian looks at what's new with permissions in Leopard, including the disappearance of the NetInfo database and the increased use of access control lists. Don't worry if you're not accustomed to using the Unix command line in Terminal, since Brian provides extremely clear instructions for that, along with how to manage permissions from the Finder's Get Info and Inspector windows, and with more-capable third-party utilities.

Those who already own Brian's earlier "Take Control of Permissions in Mac OS X" can upgrade to "Take Control of Permissions in Leopard" for 75 percent off; just click the Check for Updates button in your existing copy to access the discount. 

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Apple Releases Xsan 2, Discontinues Xserve RAID

  by Adam C. Engst <>

Apple has released an update to Xsan, the company's shared SAN (storage area network) file system that enables enterprises to group together storage attached to individual servers as part of a single collective storage pool. Xsan 2 offers easier setup and deployment, enables users on a single workstation to access multiple Xsan volumes at the same time, supports Spotlight searching, and is now qualified to work with third-party RAID storage. (Xsan's previous version did support third-party RAID storage, but Apple didn't emphasize that fact). The software is available immediately.

Xsan is actually an Apple-branded version of Quantum's StorNext File System software, ported to work on Mac OS X, and sold at a significantly lower price. Xsan costs $999 for each Mac attached to the shared file system; Quantum's versions are priced from $1,750 to $3,000 for Windows, Linux, and Unix versions. As far as I can tell, as with Mac OS X Server, Apple offers no upgrade discounts.

The fact that Xsan 2 works with third-party RAID storage is particularly important because Apple has thrown in the towel on the Xserve RAID, quietly removing it from their Web site and directing potential customers to the Promise VTrak E-Class RAID Subsystem. The Xserve RAID was increasingly long in the tooth, relying as it did on Ultra ATA drives instead of modern SATA and SAS drives, and suffering from controllers that weren't active/active failover controllers (meaning that if one controller failed, you lost access to that side of the RAID, and replacing it required bringing the entire RAID down). In comparison, the Promise VTrak E-Class RAID features fully hot-swappable SATA or SAS drives, dual hot-swappable RAID controllers (each one of which can run the entire RAID), support for more RAID levels than the Xserve RAID, and a 4Gb Fibre Channel interface instead of the Xserve RAID's 2Gb interface.

On the MacEnterprise list, comments about the specs on the Promise RAID were almost entirely positive, although one poster had less-than-stellar experiences with other RAID models from Promise.

The fading away of the Xserve RAID may indicate that the product had outlived its utility. According to Andrew Laurence of the University of California at Irvine, "Xserve RAID created a new category when it came out: robust storage using extremely cheap (ATA) disks. As time wore on many other vendors descended into that space, using ATA and then SATA disks."

IT analyst John Welch concurred, noting that there aren't significant margins to be made in the low end of the cutthroat RAID business, and although Apple could have re-engineered the Xserve RAID, "they couldn't bring enough to the table to make it worth the effort." He went on, "The idea of an Xsan/Final Cut Studio hardware certification program also gets much easier to swallow, since RAID hardware manufacturers are no longer competitors, but partners. I can't find much of anything bad about this decision."

While agreeing that the Xserve RAID desperately needed an update, Chuck Goolsbee of Web hosting company digital.forest defended the product, noting that they had never seen any component of an Xserve RAID other than a disk fail, despite having more than 100 terabytes of Xserve RAID storage online. He said, "It is a shame that the Xserve RAID is another Apple product cul-de-sac. They literally changed the game but never exploited the advantage."

None of this indicates, though, that Apple is backing down from the enterprise market entirely, especially given the recent update to the Xserve itself (see "New Xserve Goes Eight-Core Too," 2008-01-08). Instead, Apple is focusing its efforts on areas that can leverage advances from other divisions within the company, such as Macintosh hardware design.

As Andrew Laurence said, "For Apple, I imagine the Xserve RAID calculation came to 'We no longer need to be here.'"

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Blu-ray Wins High-Definition Disc Format Battle

  by Glenn Fleishman <>

After less than two years of head-to-head competition in the marketplace, HD DVD developer Toshiba has resigned the side, choosing to drop further development of their format. The Sony-backed Blu-ray high-definition (HD) disc specification has won. This must be an especially sweet victory for Sony, which lost decades ago in the VHS versus Betamax battle, despite some superior technical characteristics of Betamax.

The two HD formats both provided a digital-rights-managed (DRM) approach for playing movies and other video from a high capacity disc to an HD television set at substantially higher resolutions than was possible from an ordinary DVD. Both formats support resolutions up to 1080p, which is 1920 by 1080 pixels, and most movies released are in this format. (Not all HDTV sets display 1080p; some display 1080i, in which lines of pixels are painted in alternating passes; and many show 720p, typically 1280 by 720 pixels.)

Both Blu-ray and HD DVD employ lasers that use blue light for reading and writing. Blue has a shorter wavelength than the red and infrared used in standard CDs and DVDs, and a blue-light laser can read and write information at a much higher density. Blu-ray has some storage and throughput advantages over HD DVD, but I never saw any side-by-side testing that indicated Blu-ray was better in other ways.

While both formats were introduced in prototype form in 2002, players didn't reach the market until 2006, with HD DVD appearing first. The HD players became associated with gaming systems: Sony included a Blu-ray player in every PlayStation 3 they shipped; Microsoft offered an inexpensive HD DVD upgrade kit for its Xbox 360. Apple never signaled its interest in the higher-capacity formats, except for HD DVD burning support in DVD Studio Pro; the company sometimes moves slowly with regard to optical disc formats. After betting on the never-popular DVD-RAM technology for writing DVDs, Macs were late to market with CD burners. With the format war over, it's possible Apple will now make its move with a built-to-order option on Mac Pros; Blu-ray drives are currently too big and power-intensive for laptops.

Warner Brothers, in early 2007, showed a prototype HD DVD/Blu-ray hybrid disc that could have made the studios agnostic as to format, and LG, an electronics firm, introduced several models of Blu-ray/HD DVD players - that cost more than separately purchasing a PlayStation and an HD DVD player. But these hybrid and dual-format efforts were for naught because Sony and partners shipped enormously more Blu-ray players than the HD DVD alliance, and Blu-ray wound up with more studios on board releasing titles than its competitor.

Toshiba and other news sources report that about 1 million HD DVD systems of all kinds were sold worldwide, with roughly 300,000 in the form of Xbox 360 upgrades, and 300,000 as drives used in PCs. But Sony has shipped 10.5 million PlayStation 3 systems worldwide with Blu-ray drives since the gaming system went on the market, according to the BBC and other sources. At least another 1 to 1.5 million Blu-ray players and drives are estimated to have sold as well.

The real market decision comes from what media consumers purchase - Sony could have sold Blu-ray players until they were, uh, blue in the face, but if consumers didn't buy movies in Blu-ray format, we'd have seen a different outcome. From the time discs were sold using both formats through November 2007, over 4 million Blu-ray titles were reportedly sold around the globe, and over 2.5 million HD DVD titles. That difference doesn't seem huge, but the worldwide numbers understate the support for Blu-ray in Europe and Japan, and the upward curve of higher Blu-ray player and disc sales in recent months.

Blu-ray was behind in the count for some time in terms of studio support, but it gradually won over most of the large studios. Universal was firmly in the HD DVD camp, Warner Brothers was developing discs for both formats, and Paramount and DreamWorks said that they'd support only HD DVD instead of both formats back in August 2007. (That last deal reportedly involved large payments to those studios to cover costs and pay for potential loss of revenue.)

Warner Brothers dropped its support of HD DVD in late 2007, which gave Blu-ray five of the seven largest movie studios, and apparently kicked the legs out from under HD DVD. Netflix then said it would support only Blu-ray rentals. And, finally, Best Buy and Walmart announced they would stop selling HD DVD movies and hardware, which nailed the lid on HD DVD's coffin. Today, on the heels of Toshiba's announcement, Universal said it would, of course, switch to Blu-ray as well. On 24-Feb-08, Microsoft confirmed it would stop selling HD DVD players for the Xbox 360.

Each standard had a variety of technical differences in its approach to interactivity (Blu-ray supports Java, HD DVD uses a Microsoft standard), security, and storage density. Blu-ray can store 25 GB on a single-layer disc, and 50 GB on a dual-layer disc; HD DVD offered just 15 GB and 30 GB for single- and dual-layer discs. Blu-ray can also pull audio and video data off a disc at an effective playback rate more than 50 percent higher than HD DVD (48 Mbps for Blu-ray versus 30 Mbps for HD DVD). Both playback rates are far higher than necessary for full 1080p content, however.

Disc burners were available for both formats, but HD DVD is now a dead end, and was never a preferred choice due to its lower capacity. Philips updated a popular model for PC systems with new firmware this month that allows burning double-layer Blu-ray discs at their full 50 GB capacity (minus overhead). Amazon offers this burner for $400. LaCie has a Mac-compatible FireWire/USB 2.0 Blu-ray drive that handles dual-layer 50 GB discs ($740), and includes Toast 7.1.1 Platinum with Blu-ray support; Toast 8 Titanium can be purchased separately with built-in Blu-ray support, too ($80 with $20 mail-in rebate). Single-layer recordable discs cost about $12 to $15 each; dual-layer recordable discs, about $35. As far as I understand it, Blu-ray discs can't be mastered with desktop burning software for video and audio playback, only for data storage.

For the average consumer, this may all come as news. The format war affected mostly early adopters, and, as the numbers show, the majority of them opted for Blu-ray.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Three Cell Carriers Offer Unlimited Minutes for $100 per Month

  by Glenn Fleishman <>

Verizon Wireless disrupted the heavy margins collected from high-usage cellular customers last week by announcing an unlimited voice usage plan for $100 per month. AT&T and T-Mobile quickly followed suit. Sprint Nextel has a $120 to $160 per month unlimited voice, data, and messaging package that's being tested in limited markets. The fine print on Verizon's offer notes that fees and line charges are on top of this rate, adding between $4 and $35 per month depending on locality and other factors.

Shifting Fees, but Maintaining Revenue -- This change in pricing has the potential to bolster revenue from some customers even as the carriers lose some of the richest plums - but they'll make those constantly talkative customers happier. Cellular plans have always been a game of chicken. Some people choose plans with a low number of minutes to keep their monthly contract rate down, but then face overage charges of as much as 45 cents per minute. Others opt for plans with no monthly fee that have rates of 15 to 25 cents per minute when paid in advance, resulting in a payment of as much as $100 for just 400 minutes of usage a month. (Of course, many people choose prepaid plans because they're wildly cheaper when few minutes are used; see Tom Schmidt's "Prepaid: Cell Phone Plans for the Rest of Us," 2007-07-23.)

This is one reason why I've been a happy AT&T customer, and Cingular before that: They include rollover minutes in most plans, and I haven't had an overage with a modest plan shared by my wife and myself since signing up. Some months we use hundreds of minutes, some over 1,000.

Customers now paying $60 to $80 per month, but who regularly exceed their monthly allotment by as few as 100 minutes, may choose to upgrade to a $100-per-month plan to budget for what they'll pay each month with no surprises.

Power callers, those who live on their cell phones, often pay exorbitant rates, over $200 per month, and sometimes still exceed the thousands of included minutes. These customers will see substantial savings, which makes them less likely to switch providers, which reduces churn, in turn reducing marketing and other expenses.

Carriers will make less absolute money from these customers on voice and other services, but may be better able to sell them upgrade packages that have relatively high margins and recapture some of the lost revenue. Verizon, for instance, might move customers from a $200 high-volume plan to a $140 per month plan that includes video and unlimited text messages; text messaging costs practically nothing per message, making most of its associated revenue pure gravy.

Industry sources have told me in the past that cellular minutes cost roughly 4 to 5 cents on a wholesale basis, but carriers have lower (and typically mostly fixed) expenses on their home networks. Costs are also lower outside of peak weekday hours. It's unclear precisely what the average monthly minutes will be for "unlimited" call plans - do people cut their landlines at last and shift tens of hours a month to their cell phone? - but it's likely to bring more revenue overall against a large set of fixed expenses in operating a network.

Plan Details by Carrier -- Verizon Wireless's basic unlimited plan includes no text messaging or data services. For $20 more per month, unlimited text messaging is included, while $40 more per month includes unlimited text messaging, video services, email, and their GPS navigation service. Data is charged at $2 per megabyte except with the highest-level plan, where data transfer is included. Family plans are also available without much of a discount until you hit three or more lines. Verizon will let customers switch without paying a change fee or renewing a contract.

AT&T launched its unlimited call plan on 22-Feb-08. The basic plan is $100 per month, while existing messaging and data plans can be added. A $5 per month add-on includes 200 text and multimedia messages, while $35 per month includes unlimited messaging and access to the network through its restricted gateways. AT&T will also allow a switch to this plan with no fee and no required contract extension.

No mention was made of any iPhone-related plans, although iPhone pricing is commensurate with other AT&T plans. The most expensive individual calling plan for the iPhone costs $220 per month for 6,000 minutes, including unlimited weekend and evening calling, and just 200 text messages, as well as unlimited EDGE data. An upgrade to unlimited text messages adds $20 more per month.

T-Mobile's unlimited service started up on 21-Feb-08 and includes unlimited text and picture messages. The carrier requires a new two-year commitment to switch to the plan, but no change fees are added.

Helio, a mobile operator that resells access to Sprint's network with its own unique handsets, also offers a $100 per month unlimited plan for voice, data, GPS services, and messaging, dropped earlier this month from $145 per month.

Sprint Nextel, the odd duck out in the announcements, made measured statements about evaluating offerings, and could hemorrhage even more subscribers. The company is in fairly dire shape as it has bungled its merger of the Sprint and Nextel networks, has invested hugely in the measured gamble that is WiMax data networking, and is far behind in a multi-billion requirement to re-outfit public safety departments across the United States as part of a spectrum swap that the U.S. government allowed to consolidate emergency frequencies and Sprint Nextel's licenses. I expect they'll have an announcement soon.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

FileVault Security Compromised with Compressed Air

  by Glenn Fleishman <>

A chilling story broke on 21-Feb-08, and please excuse the pun: Researchers from Princeton University, the Electronic Frontier Foundation, and elsewhere revealed research that disk-encryption software used by and with major operating systems - including Mac OS X's FileVault - can be defeated if you have physical access to a running computer and, in the easiest example, a can of compressed air. You can download their entire research paper (PDF).

The researchers discovered that the dynamic random access memory (DRAM) chips used to store running programs and data while a computer is active maintain an image of their contents for seconds to minutes after power is removed. Using relatively simple techniques to cool DRAM, ranging from discharging an inverted compressed-air canister (temperatures as low as -50 degrees C) to using liquid nitrogen (-196 degrees C), maintains the data longer.

This persistence is important because while an encrypted disk image is active, the master encryption key is stored in memory. It was previously thought that this storage had few vectors of exploitation: a machine that had a targeted virus might be able to extract and transfer the key, but even that was a bit dubious with well-designed software, and no such viruses have been reported for Mac OS X or Windows Vista.

If a ne'er-do-well had physical access to a machine, you might think, that person would also have access to the disk for which the encryption keys are loaded. But if the computer is sleeping or using a secured screen saver, and if it's set to require a password to bring back to life, this research shows that keys can be extracted even when the machine is otherwise thought to be safe. A stolen computer or one that's thought to be safely locked is now vulnerable.

The researchers discuss using a USB flash drive with an operating system and forensic tools installed to reboot the computer while retaining the memory image in RAM. The booted system can then scan for and extract encryption keys. Or, if the DRAM chips are fully frozen, they can be removed from the computer and installed in another system without losing much, if any, data.

The stored keys might not be unique to one disk's encryption or one purpose, too, making the breach of one system more troublesome. Even more interesting, if the "break in" were performed well, it's possible that a victim would be unaware - they might think their computer had just crashed in their absence unless the machine were left disassembled. (One expects that the FBI was already aware of this weakness; they already know how to keep continuous power to a computer plugged into the wall by unscrewing the wall outlet and attaching a UPS via clips to the live wires.)

The solution to this problem is a requirement for two-factor methods of authentication, in which possession of the encryption key has to be coupled with another piece of information, such as a hardware encryption device that generates codes that must be entered in combination with the key to gain access (RSA SecurID SID800 Token pictured below). Those devices are typically carried by individuals, and thus without kidnapping or use of physical threat, security could be maintained. (Two-factor authentication is readily available these days: I have a fob from PayPal that I use to confirm my eBay and PayPal logins. It's free for business accounts, and $5 including shipping and handling for personal accounts.)

[View image]

What does this mean for the average user? Realistically, your disk-encryption software is just as secure as it always was. It's unlikely that you're being monitored by a hostile government, organized crime cartel, or James Bond's villains, or even by more ordinary criminals who want your private data and have the technical chops to implement this security exploit. That said, one thing you can do to increase the security of your system is set your keychain password to something different from your login password. The researchers discovered that Mac OS X 10.4 Tiger and 10.5 Leopard keep multiple copies of the login password in memory, and most people use their login passwords to access the keychain, which in turn often stores passwords for FileVault and other secured services. See Joe Kissell's "Take Control of Passwords in Mac OS X" for details on Apple's keychain and how to separate your keychain and login passwords.

But the researchers point out that many of the systems used by financial institutions and others who maintain secure operations use disk encryption to prevent unauthorized access. Luckily, many of these institutions do require two-factor authentication, and have other physical security mechanisms in place to prevent access to computers, including locked computer cases. Those who do not should add such precautions.

The most troubling aspect of this research is that the group found unquestioned assumptions about how DRAM works and the security of disk encryption keys. With those questions now posed and answered, operating systems and other security software will have to be revised and strengthened to eliminate or at least reduce this chilly vulnerability.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

DRM Foils iTunes Movie Rentals for Some Apple TV Owners

  by Jeff Carlson <>

Like many Apple TV owners, I was excited to learn that the 2.0 software (or "Take 2," as Apple refers to it) would be a free upgrade for those who already own the media player. One of the first things I did on my refreshed Apple TV was test a movie rental. The process of finding a movie and renting it was simple and quick. I wasn't planning on watching it right away, so I let the movie download over my somewhat pokey Internet connection overnight.

When I sat down to watch it, however, the Apple TV wouldn't let me, due to the way I have the device set up. You see, I don't own an HDTV, which is required for the Apple TV. Sony let me borrow a 40-inch Bravia last year when I was writing my book "The Apple TV Pocket Guide," but of course I had to give that back. Since then, my Apple TV has been connected to a Dell FPW2005 20-inch LCD display (the same kind to which I connect my MacBook Pro at home and at the office). The two devices are connected by a cable that has an HDMI plug on one end (which attaches to the Apple TV) and a DVI plug on the other (connecting the Dell monitor). It's a setup that has worked well, even if it's not a fancy big-screen television.

When I attempted to watch the movie, however, the Apple TV displayed an error message: "This content requires HDCP for playback." HDCP (High Bandwidth Digital Content Protection) is a form of digital rights management (DRM) that prevents you from playing video over DVI and HDMI connections (in my case) if you don't own compatible hardware that can decode the signal properly. (In other words, HDCP is more crap DRM that does nothing but irritate legitimate customers.) Although I had downloaded the movie legally, my monitor apparently was too old to include HDCP and thus wouldn't display my movie.

But this isn't a high-horse article about how the media and electronics companies are hell-bent on screwing their customers. (No, really.) Beneath the error message was a note that I could watch the movie using the Apple TV's component connection instead. I couldn't take advantage of the HDMI solution that sends video and audio down one cable, but I could output video through the three component video cables and separately attach audio to the Apple TV. Unfortunately, the Dell monitor, being primarily a computer display, didn't include component connections.

Although you can purchase a component-to-DVI adapter on the Internet for around $25, some unsolicited sleuthing by my colleague Andrew Laurence (who owns the same display) turned up a problem: this Dell model employs a DVI-D (digital) connection, but you need DVI-I (integrated) or DVI-A (analog) to use one of those adapters. Many Dell monitors after that model are compatible, but not ours. So much for that idea.

In a better world where media companies aren't clueless and paranoid (sorry, toning down the aggression - deep breaths), I'd simply transfer the movie to my MacBook Pro or iPhone. But anything you rent directly from the Apple TV can be viewed only on the Apple TV. If you rent a movie on your Mac via iTunes, that movie can be transferred between an iPhone, iPod, or Apple TV. My movie was trapped on the Apple TV, with the only way to watch it being hooking up the Apple TV to a compatible device.

I could have simply sacrificed the $4 rental fee and chalked it up as the cost of research, but $4 is also the cost of a pair of double-espressos and is therefore real money. So I did what I imagine few people do: I wrote to Apple. It took a bit of navigating, but ultimately I ended up at a form where I could contact iTunes Store support. I explained my predicament and sent the message into what I expected would be yet another corporate email black hole.

Within 24 hours, I received a reply: "I'm sorry to hear that you can't play the movie that you rented. I have reversed the charge for this rental. You will see a credit of $4.35 USD, plus any applicable taxes, in three to five business days. If store credit was used for this rental, you should see the credit after you sign out of the iTunes Store and sign back in. Please note that the iTunes Store Terms of Sale states that all rentals are final, so this is a one-time exception."

Now, the movie is on its way back to me, this time via iTunes so I can watch it later on my iPhone. I guess I won't be watching iTunes movie rentals via the Apple TV, and if your TV or display doesn't support HDCP, component video, or the appropriate flavors of DVI, you'll be avoiding it too.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Using iChat Theater for Remote Presentations

  by Joe Kissell <>

Over the past two weeks, I've had the pleasure of giving two presentations at Mac user groups. In both cases, since the meetings were held in locations I couldn't travel to easily, I put Apple's latest and greatest technology to work, appearing by video and running my Keynote presentation remotely using iChat Theater. For those of you unfamiliar with that term, it's a feature in the Leopard version of iChat that lets you share almost any kind of media - graphics, movies, Keynote presentations, and even iPhoto slideshows - with the other party during a video chat. I'd been looking forward to using this capability for a long time, and it has turned out to be fabulously useful.

Although both presentations went pretty well, I did experience several glitches and frustrations. As I've come to expect from Apple, the documentation available for using iChat Theater is sparse at best, so solving my problems required Web searches, trial and error, and luck. I haven't yet mastered everything there is to know about iChat Theater, so rather than presenting a detailed how-to, I want to share my observations, experiences, and a few tips I've discovered for improving the likelihood of success.

The Basics -- iChat Theater starts with an ordinary, run-of-the-mill video chat. The person who wants to share media (the "sender" or "host") must be running Leopard; although the other party can be running Tiger, Leopard's version of iChat produces better audio and video quality, so I recommend using Leopard on both ends. The most natural way to proceed is to get the video chat going first, and then choose the file you want to share. You can either drag that file into the iChat video window, dropping it on the "Share with iChat Theater" region that appears at the bottom, or choose File > Share a File with iChat Theater and manually navigate to the file. (To share iPhoto, you use a separate command on that menu, Share iPhoto with iChat Theater.) Once you do this, the audio portion of your chat remains active, and one of two things will happen with the video: it will enter "side-by-side mode" or "replacement mode." This is where things begin to get interesting.

Taking Sides -- In side-by-side mode, the live video image shrinks down to a small, slightly angled box in the lower left corner of the window, while your newly shared media fills most of the window. (Both images, of course, enjoy the trademark Apple reflection effect at the bottom.) This is what Apple always shows in demonstrations and on Web pages, and is the desired effect for most people - you can see the other party as well as the shared media. In replacement mode, by contrast, the video feed from each camera goes away completely, and the media alone fills up the entire window. You can continue talking and listening, but you lose visual contact with the other side.

[View image]

You might ask what determines whether you get side-by-side or replacement mode, and the surprising answer appears to be: there's no way to know for sure. Side-by-side mode clearly requires more oomph on both ends than replacement mode, and by "oomph" I mean both processing power and bandwidth. Apple lays out all the specifics in a table at the bottom of its Mac OS X 10.5: iChat system requirements Web page. Basically, the claim is that the sender needs, at minimum, a dual 1 GHz G4, a G5, or an Intel processor, plus 384 Kbps of both upstream and downstream bandwidth - but make that 900 Kbps upstream if you want your Keynote slides to appear at iChat's maximum supported resolution of 640x480. The receiver needs a 1 GHz G4, a dual 800 MHz G4, a G5, or an Intel processor, and only 128 Kbps of bandwidth up and down. Anything less than these requirements, on either end, and you get replacement mode.

Except that's not all there is to it. For example, try as I might, I've never been able to get side-by-side mode working on a 1 GHz PowerBook G4 acting as receiver. Apple's Web page states, "Side-by-side view is available on all Leopard-compatible Macs capable of participating in a multi-way video conference," but even though iChat's Connection Doctor window on my PowerBook G4 has a friendly green checkmark next to "Join Multiperson Video," side-by-side mode doesn't work on this machine. (Glenn Fleishman reported similar problems with a dual 1.25 GHz Power Mac G4.) On the other hand, side-by-side mode works just fine when the Intel-based Mac mini on the other side of my room is the receiver, and has also worked when the receiver was a MacBook halfway around the world with a lower-bandwidth Internet connection than I have at home. So clearly the actual system requirements are higher than what Apple says, though the specifics are unknown.

Bandwidth is another area in which Apple's specs don't seem to match up to reality. At various times, I've measured upstream bandwidth from my MacBook Pro here at home to be anywhere from the mid-500 Kbps range to the mid-700s - never even close to the 900 Kbps minimum Apple says you need for 640x480 video and Keynote slides. And yet, receivers appeared to have gotten the full 640x480 video from me. (It would be nice if iChat actually told you what the resolution was on the other end, but I know of no way to get a definitive answer. The video certainly seemed to be much higher-resolution than the next best choice, 320x240.) Meanwhile, there were some audio dropout problems during my most recent presentation that went away when the receiver switched from an 802.11g AirPort connection to wired Ethernet (even though the AirPort connection should have provided plenty of bandwidth - far more than the upstream Internet connection).

In short, I'm saying that it's extremely difficult to guarantee that side-by-side mode will be available, even if both computers and their respective Internet connections appear to meet Apple's specs; and, even if side-by-side mode does work, there's no way to guarantee that your image and media will be delivered at a high resolution. (That's maybe not such a big deal for the image of your face, but it can be a deal breaker if the people on the other end can't read the text on your Keynote slides because it's too low-res and pixelated.) What's irritating is that I'd make much different choices when preparing a presentation if I knew that I'd have less resolution to work with than I was expecting, or that the viewers wouldn't get to see my face - but I have no way to know what the parameters will be. So pre-show testing is mandatory, preferably far enough in advance that changes can be made if necessary.

Incidentally, if for some reason you prefer replacement mode even though your setup supports side-by-side - you really don't want the person on the other end to see your face, just your media files - tough. Short of turning off or disconnecting your camera (on machines where that's possible), you're given no choice; if the technology supports side-by-side mode, that's what you get.

Remote Presentation Mechanics -- Let's go back to the presentation itself. Once you drag your media into the window to start iChat Theater, what actually happens? For simple media files, such as JPEGs and PDFs, not only does the graphic show up in your iChat window (scaled down, of course); it also appears in a second floating window, similar to the Quick Look display but smaller and non-resizable. So you can get a somewhat higher-resolution view of whatever you're sharing and, if it's a multi-page document, you can scroll through it. If you drag in a Keynote presentation, Keynote itself launches (be prepared for a delay or, better yet, have Keynote running beforehand). Then, in a small window provided by Keynote, you see your presentation. When that window is active, you can use the keyboard to control your slides, or click control buttons at the bottom of the window. Needless to say, you'll want to position this window in such a way that it doesn't interfere with the video window, and be sure to have it in the foreground when you want anything to happen in the presentation.

If you choose Share iPhoto with iChat Theater, you see a window in which you can select any iPhoto album or Web Gallery. When you click Share, iPhoto launches and the other party sees an iPhoto slideshow, complete with music, dissolves, the Ken Burns effect, and whatever else you've configured in iPhoto. (To change these settings beforehand for the desired effect, select your album, click the Play Slideshow button at the bottom of the iPhoto window, adjust the items in the Settings and Music panes to your liking, and click Save Settings.) On your side, iPhoto displays a small, floating control window that lets you pause, advance, and rewind the slideshow.

When you're done sharing whatever media you've chosen, you can either click the close button in its separate window or choose File > Stop Sharing with iChat Theater. The video feeds on both ends then zoom back to fill the whole iChat window. I've had uneven results trying to go directly from one piece of media to another without that intermediate step - sometimes it worked, sometimes not. If you need to stop a Keynote presentation (to go back to video-only, or to show something else) and then you share the same presentation again, it helpfully picks up on the same slide where you left off (though at the beginning of the slide - not necessarily the exact spot where you stopped).

You Seem So Distant -- If you're fortunate enough to be using side-by-side mode, you get to continue looking at the person or people on the other end while you give your presentation or discuss whatever file you're showing. But they'll be in a very small window. If you're using a standard-size iChat window rather than full-screen mode, the image is quite small indeed; if you're presenting to a large group of people, each person is smaller still; and if the lights were dimmed in the room so that everyone can see the projector, well, you might not see anything at all. They can still see you, of course (assuming your image is filling a large screen), but you won't get much visual feedback.

Speaking of feedback, audio can be a problem. If it's just one person on each end, and if the participants are both wearing headsets, then you won't have to worry about echoes. But even if you, the presenter, are wearing a headset, you'll hear your own voice, delayed by a second or two, coming from the other end - your voice comes out of their speaker, goes back into their microphone, and returns to you. I find this enormously distracting, so I have to ask that the other side mutes their microphone, or I've got to turn down the speaker volume on my end. Either way, I don't get audio feedback during the presentation - I can't tell if people are laughing at my jokes, snoring, or asking questions.

Thus, bereft of both visual and audible feedback, I find the experience of giving a live presentation with iChat Theater a rather solitary one. I basically talk to my computer screen for an hour and hope that the people on the other end are getting something out of it - but I really don't know. For someone accustomed to giving presentations in person and relying heavily on real-time feedback from the audience and eye contact with individual audience members, this can be highly weird and disorienting.

Share and Share Dislike -- One thing I would have liked to do, but didn't, was to share my screen during these presentations so that I could show some software in action. iChat in Leopard does support screen sharing, no problem - just choose Buddies > Share My Screen With User Name. And that works, as far as it goes - after the other side grants you screen sharing permission, their screen fills up with a duplicate of what's on your screen (with their own screen displayed in a little floating window); two-way audio continues as you'd expect. The problem is what happens next. Let's say I, as the presenter, want to stop sharing my screen and go back to straight video. I can choose End Screen Sharing from the iChat menu, but that cuts off the entire connection. Likewise, if the other party turns off screen sharing, the entire connection goes away. If there's any way to transition smoothly back to regular video or iChat Theater after screen sharing without starting an entirely new connection, I haven't discovered what it is. The hassle of having to deal with all this makes it impractical for me to include live demos during my remote presentations.

iChat Theater Tips -- If you want to use iChat Theater, especially for giving remote presentations to a group, the following tips might help you to have a better experience.

Although I could wish for many improvements to iChat Theater, it's so much better than what I had before (having someone manually run a slide show on the other end) that I can't imagine going back. I'll always prefer personal appearances when possible, but with enough bandwidth and CPU power, iChat Theater is currently the next best thing.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Hot Topics in TidBITS Talk/25-Feb-08

  by Jeff Carlson <>

AV Home Complexity -- Hooking up home entertainment components is a mess, and isn't likely to change any time soon. (2 messages)

Concordance Software for Mac? Readers recommend several programs for creating a concordance using a large PDF as the source. (6 messages)

Print Problem on PDF Form -- PDF was supposed to make it easy to fill in electronic forms, but one reader encounters problems (and receives suggestions to overcome them). (5 messages)

Have Eudora and Leopard reconciled? How well does Eudora work under Leopard, since the program is no longer being developed and its successors are still on the horizon? (12 messages)

Switching on a Dual 1 GHz G4 with 2 Cinema displays -- For one reader, this hardware combination seems not to offer a power switch. How to turn it on? (5 messages)

Sleep issue -- A few readers report that older machines are not able to be put into sleep mode under Leopard. (3 messages)

MacBook Pro -- Strong as an Ox!! A MacBook Pro survives a drop to concrete and works just fine... but will it last? (4 messages)

Mail threading behaviour is peculiar -- How does the Mail application organize threaded messages? The Subject line seems to be the data of last resort. (3 messages)

Alternatives to iCal? What options are available to handle calendar and scheduling tasks? Some readers find iCal to be a surprisingly poor tool. (9 messages)

AirTunes over the air only? Learn how to set up an AirPort Express to connect to another wireless base station on your network. (6 messages)

Changes in Office 2008 -- Is Word's notorious and unreliable Fast Save option finally dead and gone? (2 messages)

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Macintosh and Internet communities. Feel free to forward to friends; better still, please ask them to subscribe!
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Copyright 2008 TidBITS; reuse governed by this Creative Commons License.

Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue