Although Apple claims there are 50 new features in Mac OS 9, most people are likely to care about only a few. The question is: do Mac OS 9’s new features make it compelling for you? This article takes quick looks at some major features in Mac OS 9, and next week we’ll look at additional features, more subtle changes, and under-the-hood tweaks.
Sherlock 2 — The most-hyped feature of Mac OS 9 is Sherlock 2, a significant revision to the Internet-enabled Find feature that debuted with Mac OS 8.5. If anyone’s counting, Sherlock 2’s version number is actually 3.0.1. The old Find File applications were version 1.x, and previous versions of Sherlock were version 2.x.
The first thing you’ll notice about Sherlock 2 is its brushed-metal interface resembling the QuickTime 4 Player, which been justly criticized for its non-standard interface; Sherlock 2 has fewer unexplained elements and offers balloon help (and some tool tips) for its somewhat inscrutable controls. Nonetheless, Sherlock 2 features non-standard windows that can’t be rolled up or zoomed, and Sherlock 2 hides, shows, disables, and nudges window elements in confusing ways. Also, Sherlock no longer opens new search results windows for each search, instead combining the query, settings, and search results into a single window.
Sherlock 2 divides its capabilities into "search channels." The Files channel represents the contents of volumes accessible to your computer – and sports additional controls to modify search queries and search the contents of files – while all other channels represent collections of Internet searching plug-ins. Sherlock 2 ships with Internet, People, Apple, Shopping, News, Reference, and My Channel channels that you cannot delete (although you can remove and add specific site plug-ins). My Channel is a custom channel that includes whatever additional Internet site plug-ins you like – and inherits any custom plug-ins you may have previously installed, like the TidBITS plug-in – and you can create and delete additional custom channels for Internet sites. Sherlock 2 can communicate with Lightweight Directory Access Protocol (LDAP) servers; as such, the People channel points to LDAP servers at Yahoo, Bigfoot, and Four11.
Sherlock 2’s Internet-related channels may not be to everyone’s taste, but they do facilitate sensible management of Sherlock plug-in sets. Instead of managing a long list of plug-ins – or simply leaving all plug-ins enabled all the time – you can focus your searches to appropriate sites. You’ll also notice that plug-ins in the News and Shopping channels can add new elements to search results, including prices, dates, and availability. Dates are useful for news items, and Apple is promoting pricing and other information from Shopping channel plug-ins as a way to comparison-shop across many Internet retailers. That might be true when more sites customize their plug-ins for Sherlock 2; my searches revealed the default sites sell the same items at nearly identical prices. Sherlock 2 also offers no way to check for updated plug-ins manually – all plug-in updates happen transparently in the background.
Sherlock support from many Internet sites may now be in question because of Sherlock 2’s handling of banner advertisements. When Apple released Sherlock with Mac OS 8.5, the company introduced a capability late in the development cycle to display banner advertisements in Internet search results windows. This capability was intended to make supporting Sherlock palatable to major ad-supported Internet sites, who were upset about Sherlock users bypassing their advertising. Apple’s decision was controversial not only for its explicit approval of advertising on users’ desktops, but also because banner advertisements aren’t always appropriate to all audiences. Within a day of Mac OS 8.5’s release, TidBITS began receiving outraged letters from parents, educators, and even kids astonished to see banner advertisements with explicit adult content and other objectionable material (we still receive similar letters). Although major search engines like AltaVista aren’t as likely to serve up ads featuring nude models today as they were a year ago, you never know what might appear – major Internet sites still carry ads many teachers and parents would find objectionable.
Sherlock 2 now displays banner ads only from Apple and partners whose plug-ins ship with Mac OS 9. I don’t know whether Apple made this change to address issues of objectionable content or whether it simply regards Sherlock’s banner area as prime advertising space available only to partners. In any case, Sherlock does not display banner graphics from other sites, instead substituting an Apple banner. This move may help Apple in schools and homes, but may dissuade many sites from developing or supporting Sherlock plug-ins. After all, such sites’ banner advertising apparently won’t be displayed – even if it’s perfectly innocuous – unless they can somehow become an "approved" site. This could reduce Sherlock’s Internet searching capability to a mere bundling opportunity for large Internet services and retailers.
Sherlock 2 retains the file-searching capabilities of its predecessors and can search for files by name and by content if you first index your disks. However, Sherlock 2 takes a giant step backwards in searching for multiple file attributes. Additional file search options available via More Choices entries appended to the Sherlock window have been replaced by a mammoth More Search Options dialog that sports a cacophony of 16 checkboxes, 9 text areas, and 18 pop-up menus that enable users to create custom searches based on multiple criteria. To use these options, you must first select Custom from a pop-up menu (or choose More Options from Sherlock’s Find menu), hunt through this enormous dialog to click checkboxes next to each desired criterion (and if you typed a file name or file contents in the main Sherlock window, you may get to type it again here), fiddle with the requisite pop-up menus and text entries, click OK to return to the Sherlock window, and finally click the (unlabeled) Find button.
In short, search options are a mess. You can (unintuitively) drop files from the Finder into the modal More Choices dialog to fill in dates and text areas with the dragged file’s attributes – though the new data overwrites anything you may have already typed – but you must still hunt and peck checkboxes to enable or disable appropriate items. If you find yourself in the More Search Options dialog often, see if you can save common search criteria as reusable files. If that isn’t enough, you can script more flexible Sherlock searches using AppleScript.
Multiple Users — Another high profile feature of Mac OS 9 is Multiple Users, which enables a number of people to use a single Macintosh, each with their own preferences and customized environment. Multiple Users also provides some basic file security. With Multiple Users enabled, the Mac starts up normally, then runs a Login program that displays a screen where users can enter or select their login ID or choose guest access (if permitted). Users then type a password to log in or use a slick Voice Verification option to identify themselves to the computer. It’s less secure than a typed password but distinctly cooler. Multiple Users does not currently load a different set of extensions for each user but can provide different sets of preferences, Apple Menu items, startup items, Favorites, and desktop items. Users can also be set up as Limited users with access only to specific applications, printers, removable media, specific CD/DVD titles, the Chooser, control panels, and other items. Users can also be defined as Panel users who launch programs and manage documents from a shell application called Panel, which behaves much like At Ease or a full-screen Launcher. In Panel, users can expand and collapse panels that provide icon-based access to permitted items, but they can’t reach the full range of Finder features. A Mac can use users and passwords set up locally, or it can pick them up from a Macintosh Manager account on the network – handy for lab or classroom administrators using Mac OS X Server. Users can be timed out after a period of inactivity.
Mac OS 9’s Voice Verification feature integrates with Multiple Users. If Multiple Users is activated with voice verification enabled, users can speak a passphrase into a PlainTalk-capable microphone to identify themselves to the computer, rather than typing a password. The default passphrase is "My voice is my password," but you can supply your own, taking care it has enough phonemes to be distinct. I immediately changed my passphrase to "Soylent Green is people," although Apple recommends phrases with five to seven words. To set up a voice password, you record yourself saying your passphrase four times – if the voice verification system thinks the recordings are sufficiently similar, you’re all set. It’s important that you speak normally when setting up a spoken password: speaking loudly or with unusual emphasis seems to do more harm than good.
Apple is promoting Voice Verification as revolutionary technology – and they worked out an appealing presentation with animated spectrum graphs as you record and verify passphrases. Behind the scenes, the authentication system can supposedly be extended, potentially enabling developers to identify users using digital cameras, card keys, or even fingerprint scanners. Nonetheless, Voice Verification seems like a stunt with limited utility. Folks concerned with the security of their Macs don’t necessarily use them in environments where it’s safe to speak a passphrase – or where it’s quiet enough for the computer to distinguish a voice over background noise.
Although Multiple Users could keep an over-inquisitive child (or parent) out of sensitive parts of a Macintosh, its security is easily bypassed by starting up from another device (such as the internal CD-ROM) and limited access privileges may interfere with automated backups or other scheduled operations. Just remember: Multiple Users provides lightweight security and user configuration tools – definitely useful for many people but not enough to protect sensitive data or manage large groups.
Keychain & Data Security — Mac OS 9 does include security features more robust than Multiple Users. The first is the Keychain, which originally debuted as part of PowerTalk back with System 7 Pro in 1993. The Keychain is a secure place to store passwords to Internet and AppleShare servers, digital signatures, certificates, and other sensitive information – all behind a single password. Applications can access the Keychain directly, so in theory users only have to remember one password to access any Keychain data. Current versions of applications like Eudora, Anarchie, Fetch, and Web Confidential already work with the Keychain, as do the Mac OS 9 Finder, Apple File Security (see below), and AppleShare services. Mac OS 9 can handle multiple Keychain files, and you can unlock Keychain files and move them between computers – they live in the Keychain folder in the Preferences folder. The Keychain file itself is reasonably secure: it never stores the Keychain password on disk (instead using an encryption key derived from the password), and uses export-approved 128-bit RC2 encryption for storage. The Keychain resists repeated attempts to guess a password by exponentially increasing a delay between failed authentication attempts – the more often you guess the wrong password, the longer you have to wait to try again.
The Keychain provides no way for users to maintain or change passwords on remote systems, so users can’t quite forget about passwords and login information – they’ll still need to access systems manually to manage their accounts. The process is a bit tedious; you open the Keychain Access control panel to look at individual items stored in a Keychain file, including stored passwords. So long as you remember your Keychain password, you should be able to view the password for any item stored in your Keychain. The Keychain is a big improvement over time-honored methods of storing passwords like typing them into a SimpleText document or keeping them on slips of paper. If you find yourself relying on the Keychain, let us emphasize the importance of regular backups – if your Keychain file is lost or corrupted, you could lose access to important files and services.
Another security enhancement in Mac OS 9 is Apple File Security, which can encrypt and decrypt specific files using an arbitrary password. You can run Apple File Security as an application – it’s in the Security folder in Mac OS 9’s Applications folder – or encrypt files using the Encrypt menu command that appears in the Finder’s File menu and in contextual menus. When you encrypt an item, you’re asked to type and confirm a password; by default, Apple File Security adds the password to your Keychain. Apple File Security then compresses the file and encrypts it using a 56-bit key – a small yellow key appears on the file’s Finder icon. (Apple File Security does not go back to wipe out the disk sectors where the unencrypted file was stored, so somone with disk recovery tools could potentially pull back data from its pre-encrypted state.) A 56-bit encryption key is considered weak security in the cryptographic community – Distributed.net successfully cracked a 56-bit RC5 key in 1997 – but it’s currently the largest key size the U.S. government permits for export, and it’s strong enough to deter all but the most determined and well-equipped crackers. If someone wants to get into the file, they’ll have better luck guessing your password or coercing you into revealing it. Apple File Security cannot encrypt a folder, which also means it can’t encrypt a package, a special kind of folder introduced with Mac OS 9 for handling Carbon "application bundles" – collections of files which together form a Carbon application. You’ll see more packages as Mac OS X gets closer to reality and developers begin to make programs designed to run under both Mac OS X and Mac OS 9.
To decrypt a file, simply double-click it: Apple File Security launches, prompts you for the password, then proceeds to decrypt and open the file. (You can also decrypt a file without opening it using the Apple File Security application.) Note, however, that once you decrypt a file, it stays decrypted. If you want to secure the file once you’ve viewed or modified it, you must remember to locate the file in the Finder and encrypt it again. Also, if you forget the password used to encrypt the file, there’s no way Apple or anyone else can retrieve the data for you.
More Next Week — Space constraints require us to delay discussion of some of Mac OS 9’s other features and enhancements – tune in next week for additional details.