It was the call we all dread.
“Hi,” she replied tersely.
“Is something wrong?”
“It’s my email. It won’t work. And the Internet is really slow.”
I may be an executive in the world of information technology, one who works with some of the largest technology companies in the business, but to my extended family I just “work in computers.” Which means, of course, that I, like many of you, am expected to keep their email running and figure out where those pesky digital photos are hiding after being deleted accidentally. It didn’t take long to realize my mother’s current woes might be a symptom of only 128 MB of RAM in an aging PC. And some spyware.
I’m a geek, and I’ve been supporting everyone in my family for most of my life, but enough is enough. When I realized the local big box retailer was on her like a used car salesman on a trust-funder, I knew what I had to do. She needed to switch to a Mac, as I had done not that long ago (see my story in “From iPod to MacBook Pro: A Switcher’s Tale,” 2006-03-13). Soon. And I knew she couldn’t afford it.
After some discussion with my wife I realized I could kill two birds with one stone. I’d buy my mother a refurbished Intel-based iMac, and I’d have it cover all holiday and birthday gifts for the next few years. She’s not a very demanding user (at least in terms of processing power) so odds are any new system can last up to 5 years. I bit the bullet, logged onto store.apple.com, and placed the order.
Setting It Up — I knew that just sending my mother a blank iMac wouldn’t be the best idea in the world. It’s taken me many years to get her comfortable on Windows and I’ve learned that her way of navigating around a system is pure memorization. This is a trend I’ve seen in a lot of people who weren’t raised on technology – while most of us understand the contextual information of modern graphical operating systems, many people still don’t understand the little boxes, symbols, and other hints we use to get around. Like my mother they rely on nearly rote memorization of exactly where to click and when. By buying her a Mac I was removing both what little context she relied on, and all of the process paths she used from day to day.
Instead I had the system shipped to me so I could prepare it to minimize the impact on her and to give myself support access. My first step was to run through all the initial configuration steps and apply all patches. I created a user account for her, and a second administrative account for myself. I went into System Preferences and locked down the security (turned on the firewall, made sure any unneeded services were disabled, locked all accounts, verified it would run Software Update automatically, and so on).
Next I went through all the major applications and pre-configured them. I set up her mail accounts (including a special one we’ll get to later), and linked to an iPhoto photocast that publishes from my system (so we can send her pictures of the cats; sorry Mom, no kids yet). By setting her screen saver to iPhoto, I probably increased the value of the Mac to her by making it do double duty as a digital picture frame. Since she’s a fairly recent grandmother (thanks to my sister) I figured she might like constantly updating photos of my nephew.
The next step, a little harder, was to set up an AOL Instant Messenger account and configure iChat. We ran through a bunch of potential screen names, and I now know my mother is really slow to pick up on double entendres. Let’s just say some of her proposed names would have made her more popular online than a good son would be comfortable with. After installing Firefox (for those few sites that don’t work with Safari) and a version of Microsoft Office I had also purchased for her, the iMac was pretty much ready. She mostly uses the computer for email, Web, photos, some work documents, and greeting cards (she was on her own to buy software for that, though iPhoto might work). I polished the basic configuration off by setting up her Dock.
Taking It Over — The next phase was more complicated and involved tinkering under the hood in as unobtrusive a manner as possible. I’ve always struggled to support her remotely (we live on opposite sides of the country), and I wanted to configure secure remote access so I could both teach her how to use the Mac, and help troubleshoot any problems that arose. The next steps are complex and, based on the skills they required, a positive sign that my own journey of switching to the Mac is fairly complete.
I’ve had good success using VNC (Virtual Network Computing) as a remote control tool. VNC enables a remote user to see and control another computer over a local network or the Internet, and it works across most operating systems. Since my mother would never need to control my Mac, I just installed the server software on her iMac. Redstone Software’s Vine Server (OSXvnc) is a great open source VNC server for the Mac. I configured it to launch at startup, always run in the background, require a password, and accept connections only from the local computer.
“What?” you ask, “how can you connect to it remotely if it accepts connections only from the Mac it’s running on?”
As great as VNC is, it’s pretty insecure – basically an unencrypted pipe running over (usually) port 5900. But there’s another tool in our arsenal to lock it down – the SSH network protocol. One of the great features of SSH (Secure SHell) is that it isn’t limited to giving you just a remote terminal session (the shell), it can also map entire ports across an encrypted network connection. Thus I can connect from my Mac to my mother’s iMac over SSH and forward any traffic to port 5900 through that encrypted connection, where it’s unpacked and dropped onto my mother’s iMac as local traffic which Vine Server will then accept. I’m simplifying, but you get the idea. (The necessary command is below.)
An even better feature of SSH is that you can configure it to use only certificate-based authentication. With a little tweaking you can have SSH require digital certificates instead of passwords, and really lock down the certificates that are authorized. I set my mother’s iMac to accept only a digital certificate over SSH (and to reject password-based authentication attempts), and to use only my personal certificate. Take that, you password-guessing crackers!
With all of that set up, I can now connect to my mother’s computer using a simple command in Terminal to establish the encrypted SSH tunnel (listed below, for the curious).
ssh -L 5900:127.0.0.1:5900 <my username>@<Mom's IP>
Then I launch my VNC client (Chicken of the VNC) and configure it to connect to 127.0.0.1. All traffic is routed to my mother’s iMac, giving me full control over her desktop.
“But Robert,” you ask, “does that mean she has a static IP address?”
Excellent question – but nope, life isn’t that easy.
Of Cable Modems and IP Addresses — My mother connects to the Internet via a cable modem, and while her IP address doesn’t change all that often, it’s definitely not permanent. The solution to this problem involved a little AppleScript. Remember that “extra” mail account I set up? It’s on a server I control and is relatively immune from spam. I created a mail trigger to run a small AppleScript script that looks up my mother’s current public IP address, puts it into an email message, and sends it to one of my private accounts. All I have to do is send that special account a message with “GetIP” in the Subject, and her Mac sends me her current IP address. Another option would be to use a “reverse tunnel,” sometimes called a “meet in the middle.” Chris Pepper has a great tutorial for this (it’s an excerpt from a potential “Take Control of SSH” ebook, so if you’d like to encourage Chris to finish it and Adam and Tonya to publish it, be sure to vote for it). I know some people use tools like dynamic DNS for this purpose, but I wanted something a bit more private, and I want to eliminate any need for interaction from my mother, thus my choice not to use the reverse tunnel.
The next step was harder, and required a trip (already scheduled) to set everything up. At this point her Mac was totally secured, configured, and set up for remote access. The problem was that, while I could get her public IP address whenever I needed it, I had no way to route traffic behind the home router connected to her firewall. The only way to solve this was on-site, so I packed up the iMac, checked it as baggage with much trepidation, and flew out there. After setting it up, I connected to her home router and configured it to forward all SSH traffic to the Mac, and while that sounds simple, it wasn’t the easiest task in the world, considering the limits of the router the cable company gave her.
Of course, once Leopard is released it looks like remote control capabilities will be integrated into iChat and none of this cleverness will be necessary, but when I finished this project, Leopard was still at least 9 months away.
Mom, Meet Your Mac — I actually had to leave before my mother had a chance to try out the iMac – so with everything set I hopped back on a plane for home. Her first response was exactly what I expected.
“Great!” I replied.
“How do I turn it on?”
After telling her where the power switch was, our first lesson started. To be honest, she adapted much better than I expected. Perhaps it’s a bit of a testament to Apple’s focus on simple design. That said, it wasn’t perfect. By losing all of her memorized paths to get things done and what contextual clues she managed to pick up, the learning curve was steep and long. That’s where VNC came in handy – over the next few weeks I’d connect to her system and walk her through any task while she watched and took notes.
My mother may not be a technophile, but she’s no technophobe. One of her nicknames is “buttons” because someone once told her to start clicking anything she could see on the screen to see what happens. When I wasn’t looking she ran off and grabbed a basic Mac book to learn on her own. Since I’d locked most of the system down, I figured the odds of any serious damage were limited, and she slowly learned her way around. She still can’t do much, but she can do everything she needs.
The “Wow” Factor, and Bringing a Family Together — Aside from reducing my overall support costs, another reason I bought the Mac was to spend more time with my 2-year-old nephew. My sister lives near my mother and, as it happens, the little one spends a lot of time with Grandma. I thought video iChats would help me get to know my nephew better, and (better yet) let him know who the heck the strange guy who visits once a year is. The response was even better than I expected.
My mother now prefers I make my weekly calls over iChat, and my nephew always wants to talk online and see our pets. Last visit, for the first time, he remembered who I was. Sure, you can do all this with a PC, but the simplicity and reliability can’t be beat and the Mac helps bridge the thousands of miles between us.
Then something even better happened – my sister bought a MacBook.
To make a long story short, I helped my sister configure her new toy and now that entire side of the family is virtually connected. We regularly hold three-way video iChats to play with the nephew. My sister subscribed to .Mac and we now all photocast the latest family pictures (to be honest, photocasting could be a bit more reliable). My nephew struggles to figure out why his uncle can’t talk anytime he wants during the day (the whole work thing) and I get all sorts of Photo Booth pictures.
We really can’t ask for much more – we can video chat with better quality than I imagined, share photos, trade email messages, and even share calendars (not that we’ve needed to yet). Yes, I can do all of this on a PC – I spent years honing my Windows geek skills – but not nearly with such ease and reliability. Apple has helped bring our family closer even though I’m the only geek of the litter.
Not everything is perfect. “Buttons” managed to turn on her iMac’s AirPort Extreme card and connect to the Internet through her neighbor’s access point. That broke my remote access system, and reduced iChat video quality for the few months until my next visit. She also wishes the system fonts were bigger, and I haven’t figured out how to fix that yet. View > Show View Options in the Finder can adjust some font sizes in the Finder, and TinkerTool seems to do this for Safari, but she wants to increase all the system fonts.
But overall the switch went far better than I expected, especially with my sister joining in, and now we’re a family of Macs. No more cleaning spyware off Mom’s PC, no more struggling to walk her through registry hacks over the phone (just kidding), and a level of connectivity I could only imagine a few years ago.
If you decide to take the risk with your own family members, I think it’s worth the jump. Just make sure you prepare them, and the Mac, for the transition. With the remote control features in Leopard you should be able to avoid some of the hoops I had to jump through, but I still highly recommend you pay the extra shipping (or plane ticket) costs to configure the computer with everything they might need before they need it.
And, I hate to say it, but it’s kind of nice to just send cards for all those holidays and birthdays. I’m really bad at picking out gifts.