Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue

TidBITS Logo


TidBITS is 18 this week! That's at least 234 in Internet years, but we're not slowing down any time soon. To celebrate, Adam takes a stroll down memory lane to see just how far the Macintosh world has come since 1990, and we offer a special 50-percent-off sale for all Take Control ebooks. Also this week, Glenn uses TheCodingMonkeys' Port Map to punch holes in his network (in a sensitive, New Age way, of course), and also runs down the latest "unlimited" calling plan, this time from voice-over-IP provider Skype. We also cover the releases of Safari 3.1.1 and BusySync 2.0, and, in the TidBITS Watchlist, look briefly at updates to Apple TV, Mactracker, 1Password, Teleport, Camino, Interarchy, ConceptDraw, Google Earth, and Typinator.

This issue of TidBITS sponsored in part by:
Help support TidBITS by supporting our sponsors!

Safari 3.1.1 Addresses Security Issues

  by Jeff Carlson <>

Apple has released Safari 3.1.1 for Mac and Windows, a security update that fixes a vulnerability exploited in the recent Pwn2Own hacking contest at the CanSecWest conference (see "Apple Becomes First Victim in Hacking Contest," 2008-03-28). According to the security release notes for Safari 3.1.1, the update tackles the JavaScript weakness in WebKit exposed at the conference by "performing additional validation of JavaScript regular expressions" to prevent a heap buffer overflow.

A flaw where a colon character in a maliciously crafted URL could lead to a cross-site scripting attack has also been repaired. Two other fixes are specific to the Windows version of Safari: a timing issue that opened up control of the address bar and a memory corruption issue.

Safari 3.1.1 is available via Software Update or as a 39 MB download. It requires Mac OS X 10.4.11 or Mac OS X 10.5.2, or Windows XP or Vista on the PC.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Take Control News: Save 50 Percent on All Our Ebooks

  by Adam C. Engst <>

To celebrate of the 18th anniversary of TidBITS, we're offering a 50% discount on all Take Control and Macworld Superguide ebooks through next Tuesday, April 29th. To take advantage of the sale, use this link to start shopping in our catalog; the necessary coupon code will be applied automatically in the first screen of the shopping cart. Note that you can select multiple books from the different tabs in the catalog's tabbed interface before clicking the Buy Selected Ebooks button to add them to your cart. (Print books are not included in the sale.)

New and recently updated titles you might especially want to check out include:

Also be sure to check out the latest ebooks from Macworld:

Although print versions of our books are not included in the sale, print copies ordered from within an existing ebook are still discounted at the cover price, not the price you pay during the sale. So, if you buy a copy of "Take Control of Switching to the Mac" for $5 during the sale, clicking the Print link at the top of the first page will still save you $10 off the normal print price. (For older ebooks that predate the Print link, just click the Check for Updates button and then click the Order Print Copy tab in the Web page that appears.)

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

BusySync 2.0 Released with Google Calendar Support

  by Glenn Fleishman <>

BusyMac has released BusySync 2.0, an update to its software that synchronizes iCal calendars across systems. The new version's primary change beyond bug fixes and robustness is the capability to synchronize with Google Calendar. This addition overcomes a key weakness in the previous BusySync 1.5, which was the inability for a BusySync calendar subscriber to connect to a BusySync calendar publisher if the publishing system was located on a private network that lacked a publicly reachable IP address or required port mapping beyond a user's ability to configure.

BusySync enables you to publish a calendar on any Mac OS X 10.4 Tiger or 10.5 Leopard system on which BusySync is running. You can choose to let others subscribe with or without a password, and enable read-only access (like the standard iCal publish/subscribe model), or read/write access, in which a subscriber can add, delete, or modify events just as well as the publisher.

With support for the free, still-in-beta Google Calendar - which seems to be the release state for most Google Web applications - BusySync users can create an intermediate calendar hosted at Google that accepts changes bi-directionally. The Google Calendar acts as a conduit that both publisher and subscribers can access, avoiding the block of private networks.

BusySync 2.0 carries out this neat trick by using your Google account to pull down and push information to any Google Calendar you create. Because you can use Google Calendar to share your calendar with others using view or modify permissions, BusySync can pass events back and forth between iCal and Google Calendar. Anyone with whom you've shared your Google Calendar, and who likewise has BusySync 2.0 installed, can then retrieve and sync events with a local iCal calendar. BusySync has more details about Google Calendar setup in its online help.

BusySync 2.0 also works, sometimes, with Leopard's Back to My Mac feature. Back to My Mac creates an encrypted tunnel between any two Macs under your control. I had Back to My Mac turned on during much of my beta testing of BusySync 2.0, and BusySync revealed a lot of weaknesses in how Back to My Mac copes with other services trying to use its connection. (If you see Back to My Mac in BusySync's beta release notes, you can be sure I had something to do with reporting - not fixing - the bug in question.)

BusySync 2.0 costs $25 for each computer on which it is running, although BusyMac is selling it for $19.95 until 01-May-08 (and discounts apply for bulk purchases); a 30-day trial version is available as a 2.5 MB download. Updates are free to owners of a prior version of BusySync. Version 2.0 is also backward compatible with copies of version 1.5 running on your network.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Skype Offers Unmetered Worldwide Calling Plans

  by Glenn Fleishman <>

eBay's Skype service has launched a new set of rates for unmetered regional and worldwide calling through its SkypeOut system that allows you to call "real" telephone numbers. Skype is associated with Internet telephony, but has full support for incoming calls that originate on and outgoing calls that terminate on the traditional public switched telephone network (PSTN).

The new service extends Skype's flat-rate U.S. and Canada calling plan - which costs $2.95 per month - to landlines in 34 countries. These 34 countries are typical of other VoIP calling plans; those countries also currently feature among the lowest per-minute call rates when paying Skype by the minute. For $9.95 per month, you can make unmetered calls to landlines in all those countries.

Calls to landlines in three cities in Mexico - Mexico City, Monterrey, and Guadalajara - is $5.95 per month, with "discounted rates" to landlines and cell phones everywhere else in the country.

Skype oddly doesn't yet include its per-country pricing on its main subscription page; they show these prices only in a press release denominated in euros. Unmetered calling to landlines in a single choice of 20 European nations costs about $3.50 per month, or to landlines in any one of the 14 other countries for about $5.95 per month. Unmetered calling to all 20 European nations is about $5.95 per month. There are special offerings for Asia and Brazil, too.

These plans are comparable to offerings that are part of existing Internet telephone services such as Vonage, but Skype has unbundled them from other voice service requirements. My office "landline," for instance, is a VoIP service that runs about $30 per month from Speakeasy Networks (now part of Best Buy) that includes unmetered calls to a similar set of 30-odd countries' landlines, but it cannot be purchased as a separate plan.

Cellular carriers are excluded from unmetered service outside the United States and Canada, because operators in most countries typically charge ruinous rates even within the same country for calls that start on a landline or VoIP system (which uses landline interchanges) and are placed to a cellular caller.

You may note I use the term "unmetered" instead of Skype's preferred use of "unlimited" with an asterisk. The footnote for this service says that unlimited means a "fair use" of no more than 10,000 minutes per month. That would not be unlimited. Verizon Wireless settled a complaint over the misleading use of the term unlimited with the New York Attorney General's office in 2007 in conjunction with its cellular broadband service. The company rightly no longer uses that term, and has a well-written explanation of limitations, too.

Use of Skype requires the installation of a free client for Mac OS X, Windows, and other platforms, or the use of Skype-enabled VoIP phones or software installed on mobile phones that allow third-party VoIP applications for Wi-Fi-based calls.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Punch Through NAT with Port Map's Port Forwarding

  by Glenn Fleishman <>

TheCodingMonkeys has released the free, open-source Port Map application to make it easy for users and developers alike to control a router's capability to open up access for particular programs from the outside world. Most home network routers use network address translation (NAT) to connect private network addresses - IP addresses that are non-routable or unreachable from outside the local network - with a single routable IP address assigned to the router. Unfortunately, this method means that individual computers can't offer up their own services, like a Web server, or accept incoming connections for games or other Internet-spanning programs, like TheCodingMonkeys' collaborative editing package SubEthaEdit.

But NAT isn't a brick wall, even though it's often called a passive firewall. Most NAT-capable routers also include one of two standard methods of allowing software running on a computer with a private address to ask the router to open up a limited form of incoming access. Automatic port mapping protocols on the router open one or more ports - a kind of numbered slot that can be attached to an IP address - and hand the port number or numbers back to the requesting software. As long as the router itself has a publicly routable IP address that can be reached via the Internet, port-mapped applications can now be reached as well.

Static, manual port mapping, called either "port mapping" or "port forwarding," lets you set a persistent port that you choose to map to a given computer and service on the local network. In contrast, automatic port mapping usually picks an arbitrary internal port that can change whenever the router is restarted or when you disable and re-enable the service you're mapping.

All Apple Wi-Fi gear starting in 2003 includes a version of an Internet standard developed by Apple called NAT-PMP (Network Address Translation-Port Mapping Protocol). Most other Wi-Fi and broadband gateways use a more full-featured but balky technology known as UPnP (Universal Plug and Play). Port Map supports both NAT-PMP and UPnP.

To use Port Map, you need to figure out which ports are used by the program you want to expose to the Internet. This can be simple in some cases. For instance, Web servers almost always use port 80, although they can be configured to use another port. Port Map includes presets for a few programs and services; the list could be more fully populated. You may need to consult the user's manual or online help to find the port or ports needed for your purposes.

You can use Port Map to request a particular public port on the router, although the router doesn't have to honor that request, and only one service can use a given public port at a time. If you're running a Web server that's designed to be widely reachable, you want its public port to be 80, because that's the port used implicitly by every Web browser. (It is possible to include a port number in a URL explicitly by adding a colon and the number, such as

The related problem with automatic port mapping is that if you don't use a well-known public port for a given service, you need to publicize the port. Back to My Mac uses NAT-PMP and UPnP, and it uses .Mac to pass information about what ports were assigned among your various Back to My Mac-enabled computers. With Port Map, you need to distribute that information. After setting up a port mapping, you can select it, and Port Map displays a URL that you've defined or that's drawn from the preset information that you then give to others or use yourself to access the service remotely.

In practical use, Port Map would work as follows: I want to use SubEthaEdit with a friend. I launch SubEthaEdit and Port Map. I select the SubEthaEdit entry that I've already created and set it to On, or I create a new entry if one doesn't exist. Port Map generates a URL, and I convey that to my friend via iChat, email, or phone. My friend then uses the URL to connect to my copy of SubEthaEdit.

Two alternatives to Port Map are available on the market. Codelaide Software's Lighthouse ($12.99, 14-day demo) is similar to Port Map, but with a much greater set of features, including a long list of presets and the capability to import and export profiles. The company also regularly updates presets that can be downloaded into the software.

Bains Software's ShareTool ($20, 15-minute-at-a-time demo mode) is a way to tunnel Bonjour discovery and resource access using automatic port mapping to enable the secure connection of two systems running their software. Since parts of Mac OS X (like file sharing and screen sharing) and many individual applications use Bonjour to advertise their availability, an encrypted tunnel for Bonjour traffic effectively extends your local network. This lets you stream music from a shared iTunes library outside your local network, for instance.

Port Map is clearly just a sketch of what can be done, and TheCodingMonkeys have released their code to encourage developers to incorporate more NAT sense into their Internet-enabled programs.

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Follow Along Through 18 Years of TidBITS

  by Adam C. Engst <>

This week marks the 18th anniversary of TidBITS, which dates all the way back to 1990. We've written something to celebrate the event most years; see the TidBITS History series.

This year, in honor of TidBITS becoming old enough (in the United States) to vote, be drafted, bear arms, own property, marry without parental consent, see an NC-17 rated movie, and serve on a jury, I want to look back at each of the anniversary issues of TidBITS to see just how far we've come and how much things have changed. Follow along then, as we start in...

1990 -- In TidBITS #1, I wrote about Lotus and Novell merging "in a blow to industry leader Microsoft." Change the names and you have Yahoo contemplating a merger with AOL to stave off Microsoft's hostile offer. Also in that issue, I mentioned a powerline networking technology that offered 38.4 Kbps of throughput; powerline networking is now up to 200 Mbps, but still hasn't become mainstream.

1991 -- For TidBITS #54, we reported on the results of our first survey of TidBITS readers. It's amusing to compare to the results of our 2007 reader survey - see "TidBITS 2007 Reader Survey Results: Who Are You?," (2007-03-12) and "TidBITS 2007 Reader Survey Results: News & Info Sources" (2007-08-16).

1992 -- Jon Pugh joined us in TidBITS #120 to review SuperMac's VideoSpigot card and ScreenPlay software for recording video; it's interesting to think about how far video creation capabilities have come since, with HD camcorders and software ranging from iMovie to Final Cut Pro. We also had coverage of the CODE 252 virus, apparently the third one to appear in a short time. Happily, the virus problem on the Mac didn't worsen, and we have yet to see any viruses that target Mac OS X.

1993 -- In TidBITS #173, I bemoaned the demise of ThoughtPattern, a free-form database and snippet keeper that I dearly loved at the time. It's telling that we've seen (and reviewed) numerous similar programs over the years; see the Conquer Your Text series. This issue also marked the first appearance of Glenn Fleishman in TidBITS - he was writing about the loss of the Quadra 700 from Apple's product line. Little did we know then just how essential Glenn would become to our future coverage and infrastructure.

1994 -- In TidBITS #222, I noted that Tonya had started writing more for TidBITS, having left her tech support job at Microsoft following the success of my "Internet Starter Kit for Macintosh" book. She wrote about upcoming PowerBook releases, including the 520/520c, the 540/540c, and the Duo 280/280c, along with the Duo Dock II. We may still have Tonya's old Duo 230 in the attic; we should put it side-by-side with a MacBook Air.

1995 -- By TidBITS #273, Geoff Duncan had joined TidBITS, and he wrote about how Apple was announcing next-day support on their eWorld online service to bolster existing telephone support. Telephone support is still available, but Apple has traded one-on-one online support for the retail store Genius Bars. Of course, having access to Apple's Knowledge Base online, along with the Apple discussion forums, makes up for a lot. Tonya also reviewed a CD-ROM-based ZIP code and telephone number database called ProPhone. Now there's a product category that has been thoroughly eliminated by the Internet.

1996 -- In TidBITS #324, we announced our first translation of TidBITS - into Dutch! The Dutch translation team has continued apace and has been matched in consistency by the Japanese translation team. Other languages have come and gone, and we have plans to make translating individual articles much easier in the future. Amusingly, we also reported on the possibility of IBM licensing the Mac OS in that issue; although licensing is a thing of the past, last week saw both much fuss about a potential Mac clone from Psystar and reports that IBM was making it easier for employees to switch to the Mac.

1997 -- TidBITS #375 saw the release of Eudora 3.1 and Emailer 2.0. As huge as both programs were back in 1997, neither remains in development. Although Eudora 6.2.4 continues to work in Mac OS X for many users, development on the classic Eudora code base has ceased and it remains to be seen if the program will transition successfully to an open-source approach based on Thunderbird. Although Emailer never made the jump to Mac OS X, some of its development team made a different jump to Microsoft, where they worked first on Outlook Express and then on Entourage. Also in that issue, the $13,000 prize in the "Crack A Mac" challenge remained unclaimed, a far cry from the quick takeover of a MacBook Air in the Pwn2Own contest at CanSecWest (see "Apple Becomes First Victim in Hacking Contest," 2008-03-28).

1998 -- In TidBITS #425, Matt Neuburg reviewed Word 98, noting "many of Word 98's new features are really old features with additional, optional interfaces laid on top of them." In some ways, this is exactly what Microsoft has once again done with Word 2008, changing the interface in an attempt to reveal existing features more than changing the feature set itself.

1999 -- In TidBITS #477, we noted Apple's $135 million profit in Q2 1999 (the sixth profitable quarter in a row), giving the company $2.9 billion in cash. That's not chump change, but Apple's Q1 2008 earnings report showed a $1.58 billion profit and $18.4 billion in cash. Wow. Also in that issue, Connectix released a fix for Virtual PC that fixed floppy disk problems on PowerBook G3s. As much as Virtual PC was an amazing technical feat, it pales in comparison with today's VMware Fusion and Parallels Desktop running on Intel-based Macs. Virtualization trumps emulation!

2000 -- TidBITS #527 saw the release of Now Up-to-Date & Contact 3.9, with Palm synchronization. Although Now Up-to-Date & Contact made the leap into Mac OS X and continues to be a viable product, Now Software is working on a complete rewrite. But more telling is the fact that Palm synchronization isn't a big deal any more, partly due to Apple's synchronization technologies and partly due to the slide in popularity of Palm OS-based handhelds. It's all about the iPhone these days.

2001 -- In TidBITS #576, we covered the release of Mac OS X 10.0.1, a mere three weeks after the initial release of Mac OS X. Over the last eight years, Mac OS X has seen five more major releases that have taken the operating system from a curiosity to an industrial-strength operating system used by millions. But you can still bet on a quick bug fix release appearing within a few weeks of each major release of Mac OS X.

2002 -- In TidBITS #626, I announced the first edition of my "iPhoto for Mac OS X: Visual QuickStart Guide." I didn't quite realize then that I'd be updating it for the rest of time; I now have seven editions on my shelf, the latest of which is "iPhoto '08: Visual QuickStart Guide." More interesting, though, was the fact that we released it as an ebook for those who pre-ordered the print book (iPhoto 1.0 had significant problems, and we wanted to wait for the soon-to-be-released 1.1 version before going to press). The huge success of this ebook was one of the key factors in our decision to start the Take Control series - clearly people liked ebooks when they provided information that wasn't available in print form.

2003 -- TidBITS #676 saw the release of the second public beta of Safari, which we were able to describe as "widely adopted" even though it hadn't yet seen its official release. Safari has gone on to become the de facto Web browser for Mac users, and although no one expected as much back in 2003, it has also migrated both to Windows and to the iPhone.

2004 -- In TidBITS #727, we looked at Apple's Q2 2004 financial report, which included revenue from sales of over 750,000 Macs and 800,000 iPods, and resulted in a $46 million profit. Cash on hand had almost doubled since 1999, to $4.6 billion. Although the numbers aren't quite comparable (since Q1 2008 includes the holiday season and Apple isn't set to report Q2 2008 results until 23-Apr-08), the most recent quarter saw nearly 2.4 million Macs sold, along with over 22 million iPods.

2005 -- TidBITS #776 saw both the release of Mac OS X 10.3.9 (the final version of Panther) and the announcement that Mac OS X 10.4 Tiger would appear on 29-Apr-05, marking an 18-month gap between the initial release of Panther and the appearance of Tiger. Previous intervals had been shorter, but the jump from Tiger to Leopard would take 30 months, and it remains to be seen how long we'll be waiting for the next big cat. Q2 2005 financials once again appeared in this issue, with Apple selling 749,000 Macs and 807,000 iPods to post a $290 million profit and reach $7.06 billion in cash.

2006 -- In TidBITS #826, we were talking about Aperture 1.1 and Apple Remote Desktop 3, and Kevin van Haaren contributed an article of Windows tips for Mac users, given the increasing use of Boot Camp and Parallels Workstation (soon to be renamed Parallels Desktop). What I find interesting about this is just how current it seems - Aperture 2.1 shipped only recently, and Apple Remote Desktop is still at version 3.2. Sure, there have been improvements, but two years just isn't that long for a platform as mature as the Mac.

2007 -- TidBITS #875 brought the news that Mac OS X 10.5 Leopard wouldn't arrive until October 2007, attributing the delay to Apple's need to devote more resources to the release of the iPhone in June 2007. The iPhone has been huge for Apple, and we expect a second-generation iPhone and the opening of the iPhone App Store in the relatively near future, two moves that could put the iPhone on the exponential sales curve pioneered for Apple by the iPod.

Looking Forward -- That concludes our spin through history both ancient and recent, and I hope you've enjoyed contemplating how the Macintosh world has evolved since TidBITS first appeared on the scene back in 1990.

We never anticipated that we'd be publishing TidBITS for so long, but now that we're at 18 years, clearly we need to aim for 20, and for 25 after that. Besides, we have to keep going, if only to maintain our position as the oldest continuously updated technology publication on the Internet (and the second oldest in general behind the Irish Emigrant News, which has archives going back to April 1987).

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

TidBITS Watchlist: Notable Software Updates for 21-Apr-08

  by Adam C. Engst <>

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

Hot Topics in TidBITS Talk/21-Apr-08

  by Jeff Carlson <>

Reluctantly Switching from Eudora to Apple Mail -- Readers share their experiences and opinions on switching to Mail following Tonya's article. (14 messages)

Configure Mail to Prevent iCal Spam -- The automatic handling of .ics email attachments in Mail, which allows unsolicited events to appear in iCal, is also an issue under Tiger as well as Leopard. (2 messages)

Synching non-Mac Mail Accounts -- A reader solicits opinions on the best way to keep tabs on important email across multiple machines, triggering a spirited POP vs. IMAP debate. (45 messages)

My iPhone doesn't play in my car -- The iPhone's recessed headphone connector may be the cause of a reader's inability to play music in the car. (2 messages)

Power Mac 8100/80 -- A reader's old workhorse Mac is still kicking, but now is a good time to start thinking about upgrading to a modern machine (including all the software updates). (9 messages)

Leopard's image icon preview -- Is there a way to disable the frame created in the Finder's icon view for images? (3 messages)

iTunes 7 in Leopard Loses a Feature -- A reader discovers that he cannot drag songs from a CD into an iTunes playlist, but others still see this behavior. (4 messages)

Macs@IBM -- A recent article notes that IBM is beginning to embrace the Mac, not only as supported machines for employees to use, but also as a target for software development. (4 messages)

Bookmark at: | digg | reddit | Slashdot | Yahoo! MyWeb

This is TidBITS, a free weekly technology newsletter providing timely news, insightful analysis, and in-depth reviews to the Macintosh and Internet communities. Feel free to forward to friends; better still, please ask them to subscribe!
Non-profit, non-commercial publications and Web sites may reprint or link to articles if full credit is given. Others please contact us. We do not guarantee accuracy of articles. Caveat lector. Publication, product, and company names may be registered trademarks of their companies. TidBITS ISSN 1090-7017.
Copyright 2008 TidBITS; reuse governed by this Creative Commons License.

Previous Issue | Search TidBITS | TidBITS Home Page | Next Issue